intermediate changes

ref:6c189367828571b9b181b3719599a37e64217379

227 files changed, 85866 insertions, 6821 deletions

diff --git a/contrib/python/boto3/py3/.dist-info/METADATA b/contrib/python/boto3/py3/.dist-info/METADATA
index 0fae3151d57..16c571ffd7e 100644
--- a/contrib/python/boto3/py3/.dist-info/METADATA
+++ b/contrib/python/boto3/py3/.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: boto3
-Version: 1.19.12
+Version: 1.20.54
 Summary: The AWS SDK for Python
 Home-page: https://github.com/boto/boto3
 Author: Amazon Web Services
@@ -22,7 +22,7 @@ Classifier: Programming Language :: Python :: 3.10
 Requires-Python: >= 3.6
 License-File: LICENSE
 License-File: NOTICE
-Requires-Dist: botocore (<1.23.0,>=1.22.12)
+Requires-Dist: botocore (<1.24.0,>=1.23.54)
 Requires-Dist: jmespath (<1.0.0,>=0.7.1)
 Requires-Dist: s3transfer (<0.6.0,>=0.5.0)
 Provides-Extra: crt
@@ -32,7 +32,7 @@ Requires-Dist: botocore[crt] (<2.0a0,>=1.21.0) ; extra == 'crt'
 Boto3 - The AWS SDK for Python
 ===============================
 
-|Version| |Gitter|
+|Version| |Python| |License|
 
 Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for
 Python, which allows Python developers to write software that makes use
@@ -40,23 +40,27 @@ of services like Amazon S3 and Amazon EC2. You can find the latest, most
 up to date, documentation at our `doc site`_, including a list of
 services that are supported.
 
+Boto3 is maintained and published by `Amazon Web Services`_.
+
+Notices
+-------
+
 On 01/15/2021 deprecation for Python 2.7 was announced and support was dropped
 on 07/15/2021. To avoid disruption, customers using Boto3 on Python 2.7 may
 need to upgrade their version of Python or pin the version of Boto3. For
 more information, see this `blog post <https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-python-2-7-in-aws-sdk-for-python-and-aws-cli-v1/>`__.
 
+Starting in May 2022, we will be dropping support for Python 3.6. This follows the Python Software Foundation `end of support <https://www.python.org/dev/peps/pep-0494/#lifespan>`__ for the runtime which occurred on 2021-12-23.
 
 .. _boto: https://docs.pythonboto.org/
 .. _`doc site`: https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
-.. |Gitter| image:: https://badges.gitter.im/boto/boto3.svg
-   :target: https://gitter.im/boto/boto3
-   :alt: Gitter
-.. |Downloads| image:: http://img.shields.io/pypi/dm/boto3.svg?style=flat
+.. _`Amazon Web Services`: https://aws.amazon.com/what-is-aws/
+.. |Python| image:: https://img.shields.io/pypi/pyversions/boto3.svg?style=flat
     :target: https://pypi.python.org/pypi/boto3/
-    :alt: Downloads
+    :alt: Python Versions
 .. |Version| image:: http://img.shields.io/pypi/v/boto3.svg?style=flat
     :target: https://pypi.python.org/pypi/boto3/
-    :alt: Version
+    :alt: Package Version
 .. |License| image:: http://img.shields.io/pypi/l/boto3.svg?style=flat
     :target: https://github.com/boto/boto3/blob/develop/LICENSE
     :alt: License
@@ -139,7 +143,6 @@ bandwidth to address them. Please use these community resources for getting
 help:
 
 * Ask a question on `Stack Overflow <https://stackoverflow.com/>`__ and tag it with `boto3 <https://stackoverflow.com/questions/tagged/boto3>`__
-* Come join the AWS Python community chat on `gitter <https://gitter.im/boto/boto3>`__
 * Open a support ticket with `AWS Support <https://console.aws.amazon.com/support/home#/>`__
 * If it turns out that you may have found a bug, please `open an issue <https://github.com/boto/boto3/issues/new>`__
 
diff --git a/contrib/python/boto3/py3/README.rst b/contrib/python/boto3/py3/README.rst
index d7649b6a958..b883519aa33 100644
--- a/contrib/python/boto3/py3/README.rst
+++ b/contrib/python/boto3/py3/README.rst
@@ -2,7 +2,7 @@
 Boto3 - The AWS SDK for Python
 ===============================
 
-|Version| |Gitter|
+|Version| |Python| |License|
 
 Boto3 is the Amazon Web Services (AWS) Software Development Kit (SDK) for
 Python, which allows Python developers to write software that makes use
@@ -10,23 +10,27 @@ of services like Amazon S3 and Amazon EC2. You can find the latest, most
 up to date, documentation at our `doc site`_, including a list of
 services that are supported.
 
+Boto3 is maintained and published by `Amazon Web Services`_.
+
+Notices
+-------
+
 On 01/15/2021 deprecation for Python 2.7 was announced and support was dropped
 on 07/15/2021. To avoid disruption, customers using Boto3 on Python 2.7 may
 need to upgrade their version of Python or pin the version of Boto3. For
 more information, see this `blog post <https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-python-2-7-in-aws-sdk-for-python-and-aws-cli-v1/>`__.
 
+Starting in May 2022, we will be dropping support for Python 3.6. This follows the Python Software Foundation `end of support <https://www.python.org/dev/peps/pep-0494/#lifespan>`__ for the runtime which occurred on 2021-12-23.
 
 .. _boto: https://docs.pythonboto.org/
 .. _`doc site`: https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
-.. |Gitter| image:: https://badges.gitter.im/boto/boto3.svg
-   :target: https://gitter.im/boto/boto3
-   :alt: Gitter
-.. |Downloads| image:: http://img.shields.io/pypi/dm/boto3.svg?style=flat
+.. _`Amazon Web Services`: https://aws.amazon.com/what-is-aws/
+.. |Python| image:: https://img.shields.io/pypi/pyversions/boto3.svg?style=flat
     :target: https://pypi.python.org/pypi/boto3/
-    :alt: Downloads
+    :alt: Python Versions
 .. |Version| image:: http://img.shields.io/pypi/v/boto3.svg?style=flat
     :target: https://pypi.python.org/pypi/boto3/
-    :alt: Version
+    :alt: Package Version
 .. |License| image:: http://img.shields.io/pypi/l/boto3.svg?style=flat
     :target: https://github.com/boto/boto3/blob/develop/LICENSE
     :alt: License
@@ -109,7 +113,6 @@ bandwidth to address them. Please use these community resources for getting
 help:
 
 * Ask a question on `Stack Overflow <https://stackoverflow.com/>`__ and tag it with `boto3 <https://stackoverflow.com/questions/tagged/boto3>`__
-* Come join the AWS Python community chat on `gitter <https://gitter.im/boto/boto3>`__
 * Open a support ticket with `AWS Support <https://console.aws.amazon.com/support/home#/>`__
 * If it turns out that you may have found a bug, please `open an issue <https://github.com/boto/boto3/issues/new>`__
 
diff --git a/contrib/python/boto3/py3/boto3/__init__.py b/contrib/python/boto3/py3/boto3/__init__.py
index 48d1c80aa66..b2e607d8193 100644
--- a/contrib/python/boto3/py3/boto3/__init__.py
+++ b/contrib/python/boto3/py3/boto3/__init__.py
@@ -18,7 +18,7 @@ from boto3.compat import _warn_deprecated_python
 
 
 __author__ = 'Amazon Web Services'
-__version__ = '1.19.12'
+__version__ = '1.20.54'
 
 
 # The default Boto3 session; autoloaded when needed.
diff --git a/contrib/python/boto3/py3/boto3/docs/resource.py b/contrib/python/boto3/py3/boto3/docs/resource.py
index fa2dc619fb5..9ce4a7cc9fb 100644
--- a/contrib/python/boto3/py3/boto3/docs/resource.py
+++ b/contrib/python/boto3/py3/boto3/docs/resource.py
@@ -131,7 +131,7 @@ class ResourceDocumenter(BaseDocumenter):
                 resource_type='Identifiers',
                 description=(
                     'Identifiers are properties of a resource that are '
-                    'set upon instantation of the resource.'),
+                    'set upon instantiation of the resource.'),
                 intro_link='identifiers_attributes_intro')
         for identifier in identifiers:
             identifier_section = section.add_new_section(identifier.name)
diff --git a/contrib/python/boto3/py3/boto3/examples/s3.rst b/contrib/python/boto3/py3/boto3/examples/s3.rst
index 147c4a3500d..194f1111f16 100644
--- a/contrib/python/boto3/py3/boto3/examples/s3.rst
+++ b/contrib/python/boto3/py3/boto3/examples/s3.rst
@@ -144,3 +144,20 @@ Boto3 will automatically compute this value for us.
                              SSECustomerAlgorithm='AES256')
     print("Done, response body:")
     print(response['Body'].read())
+
+
+Downloading a specific version of an S3 object
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This example shows how to download a specific version of an
+S3 object.
+
+.. code-block:: python
+
+    import boto3
+    s3 = boto3.client('s3')
+
+    s3.download_file(
+        "bucket-name", "key-name", "tmp.txt",
+        ExtraArgs={"VersionId": "my-version-id"}
+    )
diff --git a/contrib/python/boto3/py3/boto3/s3/inject.py b/contrib/python/boto3/py3/boto3/s3/inject.py
index 4f2a8f6043d..f299e6a81df 100644
--- a/contrib/python/boto3/py3/boto3/s3/inject.py
+++ b/contrib/python/boto3/py3/boto3/s3/inject.py
@@ -116,7 +116,8 @@ def upload_file(self, Filename, Bucket, Key, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -157,7 +158,8 @@ def download_file(self, Bucket, Key, Filename, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -195,7 +197,8 @@ def bucket_upload_file(self, Filename, Key,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -232,7 +235,8 @@ def bucket_download_file(self, Key, Filename,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -266,7 +270,8 @@ def object_upload_file(self, Filename,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -300,7 +305,8 @@ def object_download_file(self, Filename,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -347,7 +353,8 @@ def copy(self, CopySource, Bucket, Key, ExtraArgs=None, Callback=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -410,7 +417,8 @@ def bucket_copy(self, CopySource, Key, ExtraArgs=None, Callback=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -460,7 +468,8 @@ def object_copy(self, CopySource, ExtraArgs=None, Callback=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -512,7 +521,8 @@ def upload_fileobj(self, Fileobj, Bucket, Key, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -567,7 +577,8 @@ def bucket_upload_fileobj(self, Fileobj, Key, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -607,7 +618,8 @@ def object_upload_fileobj(self, Fileobj, ExtraArgs=None, Callback=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed upload arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -651,7 +663,8 @@ def download_fileobj(self, Bucket, Key, Fileobj, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -706,7 +719,8 @@ def bucket_download_fileobj(self, Key, Fileobj, ExtraArgs=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
@@ -746,7 +760,8 @@ def object_download_fileobj(self, Fileobj, ExtraArgs=None, Callback=None,
 
     :type ExtraArgs: dict
     :param ExtraArgs: Extra arguments that may be passed to the
-        client operation.
+        client operation. For allowed download arguments see
+        boto3.s3.transfer.S3Transfer.ALLOWED_DOWNLOAD_ARGS.
 
     :type Callback: function
     :param Callback: A method which takes a number of bytes transferred to
diff --git a/contrib/python/boto3/py3/boto3/session.py b/contrib/python/boto3/py3/boto3/session.py
index 3a3a654ebcf..70c256159a4 100644
--- a/contrib/python/boto3/py3/boto3/session.py
+++ b/contrib/python/boto3/py3/boto3/session.py
@@ -174,7 +174,7 @@ class Session(object):
 
     def get_credentials(self):
         """
-        Return the :class:`botocore.credential.Credential` object
+        Return the :class:`botocore.credentials.Credentials` object
         associated with this session.  If the credentials have not
         yet been loaded, this will attempt to load them.  If they
         have already been loaded, this will return the cached
diff --git a/contrib/python/boto3/py3/ya.make b/contrib/python/boto3/py3/ya.make
index 823ae3a54e1..7416d7d3c13 100644
--- a/contrib/python/boto3/py3/ya.make
+++ b/contrib/python/boto3/py3/ya.make
@@ -2,7 +2,7 @@ PY3_LIBRARY()
 
 OWNER(g:python-contrib)
 
-VERSION(1.19.12)
+VERSION(1.20.54)
 
 LICENSE(Apache-2.0)
 
diff --git a/contrib/python/botocore/py3/.dist-info/METADATA b/contrib/python/botocore/py3/.dist-info/METADATA
index f911d5e246d..652c6685c6c 100644
--- a/contrib/python/botocore/py3/.dist-info/METADATA
+++ b/contrib/python/botocore/py3/.dist-info/METADATA
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: botocore
-Version: 1.22.12
+Version: 1.23.54
 Summary: Low-level, data-driven core of boto 3.
 Home-page: https://github.com/boto/botocore
 Author: Amazon Web Services
@@ -30,25 +30,35 @@ Requires-Dist: awscrt (==0.12.5) ; extra == 'crt'
 botocore
 ========
 
-.. image:: https://codecov.io/github/boto/botocore/coverage.svg?branch=develop
-    :target: https://codecov.io/github/boto/botocore?branch=develop
-
+|Version| |Python| |License|
 
 A low-level interface to a growing number of Amazon Web Services. The
 botocore package is the foundation for the
 `AWS CLI <https://github.com/aws/aws-cli>`__ as well as
 `boto3 <https://github.com/boto/boto3>`__.
 
+Botocore is maintained and published by `Amazon Web Services`_.
+
+Notices
+-------
+
 On 01/15/2021 deprecation for Python 2.7 was announced and support was dropped
 on 07/15/2021. To avoid disruption, customers using Botocore on Python 2.7 may
 need to upgrade their version of Python or pin the version of Botocore. For
 more information, see this `blog post <https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-python-2-7-in-aws-sdk-for-python-and-aws-cli-v1/>`__.
 
-On 10/29/2020 deprecation for Python 3.4 and Python 3.5 was announced and support
-was dropped on 02/01/2021. To avoid disruption, customers using Botocore
-on Python 3.4 or 3.5 may need to upgrade their version of Python or pin the
-version of Botocore. For more information, see
-this `blog post <https://aws.amazon.com/blogs/developer/announcing-the-end-of-support-for-python-3-4-and-3-5-in-the-aws-sdk-for-python-and-aws-cli-v1/>`__.
+Starting in May 2022, we will be dropping support for Python 3.6. This follows the Python Software Foundation `end of support <https://www.python.org/dev/peps/pep-0494/#lifespan>`__ for the runtime which occurred on 2021-12-23.
+
+.. _`Amazon Web Services`: https://aws.amazon.com/what-is-aws/
+.. |Python| image:: https://img.shields.io/pypi/pyversions/botocore.svg?style=flat
+    :target: https://pypi.python.org/pypi/botocore/
+    :alt: Python Versions
+.. |Version| image:: http://img.shields.io/pypi/v/botocore.svg?style=flat
+    :target: https://pypi.python.org/pypi/botocore/
+    :alt: Package Version
+.. |License| image:: http://img.shields.io/pypi/l/botocore.svg?style=flat
+    :target: https://github.com/boto/botocore/blob/develop/LICENSE.txt
+    :alt: License
 
 Getting Started
 ---------------
@@ -108,7 +118,6 @@ help. Please note many of the same resources available for ``boto3`` are
 applicable for ``botocore``:
 
 * Ask a question on `Stack Overflow <https://stackoverflow.com/>`__ and tag it with `boto3 <https://stackoverflow.com/questions/tagged/boto3>`__
-* Come join the AWS Python community chat on `gitter <https://gitter.im/boto/boto3>`__
 * Open a support ticket with `AWS Support <https://console.aws.amazon.com/support/home#/>`__
 * If it turns out that you may have found a bug, please `open an issue <https://github.com/boto/botocore/issues/new>`__
 
diff --git a/contrib/python/botocore/py3/README.rst b/contrib/python/botocore/py3/README.rst
index b152c8908a4..b906d3f5bba 100644
--- a/contrib/python/botocore/py3/README.rst
+++ b/contrib/python/botocore/py3/README.rst
@@ -1,25 +1,35 @@
 botocore
 ========
 
-.. image:: https://codecov.io/github/boto/botocore/coverage.svg?branch=develop
-    :target: https://codecov.io/github/boto/botocore?branch=develop
-
+|Version| |Python| |License|
 
 A low-level interface to a growing number of Amazon Web Services. The
 botocore package is the foundation for the
 `AWS CLI <https://github.com/aws/aws-cli>`__ as well as
 `boto3 <https://github.com/boto/boto3>`__.
 
+Botocore is maintained and published by `Amazon Web Services`_.
+
+Notices
+-------
+
 On 01/15/2021 deprecation for Python 2.7 was announced and support was dropped
 on 07/15/2021. To avoid disruption, customers using Botocore on Python 2.7 may
 need to upgrade their version of Python or pin the version of Botocore. For
 more information, see this `blog post <https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-python-2-7-in-aws-sdk-for-python-and-aws-cli-v1/>`__.
 
-On 10/29/2020 deprecation for Python 3.4 and Python 3.5 was announced and support
-was dropped on 02/01/2021. To avoid disruption, customers using Botocore
-on Python 3.4 or 3.5 may need to upgrade their version of Python or pin the
-version of Botocore. For more information, see
-this `blog post <https://aws.amazon.com/blogs/developer/announcing-the-end-of-support-for-python-3-4-and-3-5-in-the-aws-sdk-for-python-and-aws-cli-v1/>`__.
+Starting in May 2022, we will be dropping support for Python 3.6. This follows the Python Software Foundation `end of support <https://www.python.org/dev/peps/pep-0494/#lifespan>`__ for the runtime which occurred on 2021-12-23.
+
+.. _`Amazon Web Services`: https://aws.amazon.com/what-is-aws/
+.. |Python| image:: https://img.shields.io/pypi/pyversions/botocore.svg?style=flat
+    :target: https://pypi.python.org/pypi/botocore/
+    :alt: Python Versions
+.. |Version| image:: http://img.shields.io/pypi/v/botocore.svg?style=flat
+    :target: https://pypi.python.org/pypi/botocore/
+    :alt: Package Version
+.. |License| image:: http://img.shields.io/pypi/l/botocore.svg?style=flat
+    :target: https://github.com/boto/botocore/blob/develop/LICENSE.txt
+    :alt: License
 
 Getting Started
 ---------------
@@ -79,7 +89,6 @@ help. Please note many of the same resources available for ``boto3`` are
 applicable for ``botocore``:
 
 * Ask a question on `Stack Overflow <https://stackoverflow.com/>`__ and tag it with `boto3 <https://stackoverflow.com/questions/tagged/boto3>`__
-* Come join the AWS Python community chat on `gitter <https://gitter.im/boto/boto3>`__
 * Open a support ticket with `AWS Support <https://console.aws.amazon.com/support/home#/>`__
 * If it turns out that you may have found a bug, please `open an issue <https://github.com/boto/botocore/issues/new>`__
 
diff --git a/contrib/python/botocore/py3/botocore/__init__.py b/contrib/python/botocore/py3/botocore/__init__.py
index 403e4cf632d..70440409a0e 100644
--- a/contrib/python/botocore/py3/botocore/__init__.py
+++ b/contrib/python/botocore/py3/botocore/__init__.py
@@ -16,7 +16,7 @@ import os
 import re
 import logging
 
-__version__ = '1.22.12'
+__version__ = '1.23.54'
 
 
 class NullHandler(logging.Handler):
diff --git a/contrib/python/botocore/py3/botocore/args.py b/contrib/python/botocore/py3/botocore/args.py
index 56e27ddaa6d..d3457ae32ba 100644
--- a/contrib/python/botocore/py3/botocore/args.py
+++ b/contrib/python/botocore/py3/botocore/args.py
@@ -153,6 +153,7 @@ class ClientArgsCreator(object):
             endpoint_bridge=endpoint_bridge,
             s3_config=s3_config,
         )
+        endpoint_variant_tags = endpoint_config['metadata'].get('tags', [])
         # Create a new client config to be passed to the client based
         # on the final values. We do not want the user to be able
         # to try to modify an existing client with a client config.
@@ -160,6 +161,10 @@ class ClientArgsCreator(object):
             region_name=endpoint_config['region_name'],
             signature_version=endpoint_config['signature_version'],
             user_agent=user_agent)
+        if 'dualstack' in endpoint_variant_tags:
+            config_kwargs.update(use_dualstack_endpoint=True)
+        if 'fips' in endpoint_variant_tags:
+            config_kwargs.update(use_fips_endpoint=True)
         if client_config is not None:
             config_kwargs.update(
                 connect_timeout=client_config.connect_timeout,
@@ -172,7 +177,16 @@ class ClientArgsCreator(object):
                 inject_host_prefix=client_config.inject_host_prefix,
             )
         self._compute_retry_config(config_kwargs)
+        self._compute_connect_timeout(config_kwargs)
         s3_config = self.compute_s3_config(client_config)
+
+        is_s3_service = service_name in ['s3', 's3-control']
+
+        if is_s3_service and 'dualstack' in endpoint_variant_tags:
+            if s3_config is None:
+                s3_config = {}
+            s3_config['use_dualstack_endpoint'] = True
+
         return {
             'service_name': service_name,
             'parameter_validation': parameter_validation,
@@ -267,14 +281,18 @@ class ClientArgsCreator(object):
     def _compute_sts_endpoint_config(self, **resolve_endpoint_kwargs):
         endpoint_config = self._resolve_endpoint(**resolve_endpoint_kwargs)
         if self._should_set_global_sts_endpoint(
-                resolve_endpoint_kwargs['region_name'],
-                resolve_endpoint_kwargs['endpoint_url']):
+            resolve_endpoint_kwargs['region_name'],
+            resolve_endpoint_kwargs['endpoint_url'],
+            endpoint_config
+        ):
             self._set_global_sts_endpoint(
                 endpoint_config, resolve_endpoint_kwargs['is_secure'])
         return endpoint_config
 
-    def _should_set_global_sts_endpoint(self, region_name, endpoint_url):
-        if endpoint_url:
+    def _should_set_global_sts_endpoint(self, region_name, endpoint_url,
+                                        endpoint_config):
+        endpoint_variant_tags = endpoint_config['metadata'].get('tags')
+        if endpoint_url or endpoint_variant_tags:
             return False
         return (
             self._get_sts_regional_endpoints_config() == 'legacy' and
@@ -363,6 +381,18 @@ class ClientArgsCreator(object):
             retry_mode = 'legacy'
         retries['mode'] = retry_mode
 
+    def _compute_connect_timeout(self, config_kwargs):
+        # Checking if connect_timeout is set on the client config.
+        # If it is not, we check the config_store in case a
+        # non legacy default mode has been configured.
+        connect_timeout = config_kwargs.get('connect_timeout')
+        if connect_timeout is not None:
+            return
+        connect_timeout = self._config_store.get_config_variable(
+            'connect_timeout')
+        if connect_timeout:
+            config_kwargs['connect_timeout'] = connect_timeout
+
     def _ensure_boolean(self, val):
         if isinstance(val, bool):
             return val
diff --git a/contrib/python/botocore/py3/botocore/auth.py b/contrib/python/botocore/py3/botocore/auth.py
index 1f760fa246a..47d9fdfb82f 100644
--- a/contrib/python/botocore/py3/botocore/auth.py
+++ b/contrib/python/botocore/py3/botocore/auth.py
@@ -27,7 +27,7 @@ from botocore.compat import (
     six, unquote, urlsplit, urlunsplit, HAS_CRT
 )
 from botocore.exceptions import NoCredentialsError
-from botocore.utils import normalize_url_path, percent_encode_sequence
+from botocore.utils import is_valid_ipv6_endpoint_url, normalize_url_path, percent_encode_sequence
 
 # Imports for backwards compatibility
 from botocore.compat import MD5_AVAILABLE # noqa
@@ -59,6 +59,8 @@ def _host_from_url(url):
     # 3) excludes userinfo
     url_parts = urlsplit(url)
     host = url_parts.hostname  # urlsplit's hostname is always lowercase
+    if is_valid_ipv6_endpoint_url(url):
+        host = '[%s]' % (host)
     default_ports = {
         'http': 80,
         'https': 443
diff --git a/contrib/python/botocore/py3/botocore/client.py b/contrib/python/botocore/py3/botocore/client.py
index b154344447b..c96a513a17f 100644
--- a/contrib/python/botocore/py3/botocore/client.py
+++ b/contrib/python/botocore/py3/botocore/client.py
@@ -20,7 +20,7 @@ from botocore.docs.docstring import ClientMethodDocstring
 from botocore.docs.docstring import PaginatorDocstring
 from botocore.exceptions import (
     DataNotFoundError, OperationNotPageableError, UnknownSignatureVersionError,
-    InvalidEndpointDiscoveryConfigurationError, UnknownFIPSEndpointError,
+    InvalidEndpointDiscoveryConfigurationError
 )
 from botocore.hooks import first_non_none_response
 from botocore.model import ServiceModel
@@ -82,9 +82,12 @@ class ClientCreator(object):
         service_name = first_non_none_response(responses, default=service_name)
         service_model = self._load_service_model(service_name, api_version)
         cls = self._create_client_class(service_name, service_model)
+        region_name, client_config = self._normalize_fips_region(
+            region_name, client_config)
         endpoint_bridge = ClientEndpointBridge(
             self._endpoint_resolver, scoped_config, client_config,
-            service_signing_name=service_model.metadata.get('signingName'))
+            service_signing_name=service_model.metadata.get('signingName'),
+            config_store=self._config_store)
         client_args = self._get_client_args(
             service_model, region_name, is_secure, endpoint_url,
             verify, credentials, scoped_config, client_config, endpoint_bridge)
@@ -99,7 +102,6 @@ class ClientCreator(object):
         self._register_endpoint_discovery(
             service_client, endpoint_url, client_config
         )
-        self._register_lazy_block_unknown_fips_pseudo_regions(service_client)
         return service_client
 
     def create_client_class(self, service_name, api_version=None):
@@ -120,6 +122,30 @@ class ClientCreator(object):
         cls = type(str(class_name), tuple(bases), class_attributes)
         return cls
 
+    def _normalize_fips_region(self, region_name,
+                               client_config):
+        if region_name is not None:
+            normalized_region_name = region_name.replace(
+                'fips-', '').replace('-fips', '')
+            # If region has been transformed then set flag
+            if normalized_region_name != region_name:
+                config_use_fips_endpoint = Config(use_fips_endpoint=True)
+                if client_config:
+                    # Keeping endpoint setting client specific
+                    client_config = client_config.merge(
+                        config_use_fips_endpoint)
+                else:
+                    client_config = config_use_fips_endpoint
+                logger.warning(
+                    'transforming region from %s to %s and setting '
+                    'use_fips_endpoint to true. client should not '
+                    'be configured with a fips psuedo region.' % (
+                        region_name, normalized_region_name
+                    )
+                )
+                region_name = normalized_region_name
+        return region_name, client_config
+
     def _load_service_model(self, service_name, api_version=None):
         json_model = self._loader.load_service_model(service_name, 'service-2',
                                                      api_version=api_version)
@@ -235,45 +261,20 @@ class ClientCreator(object):
             return client.meta.service_model.endpoint_discovery_required
         return enabled
 
-    def _register_lazy_block_unknown_fips_pseudo_regions(self, client):
-        # This function blocks usage of FIPS pseudo-regions when the endpoint
-        # is not explicitly known to exist to the client to prevent accidental
-        # usage of incorrect or non-FIPS endpoints. This is done lazily by
-        # registering an exception on the before-sign event to allow for
-        # general client usage such as can_paginate, exceptions, etc.
-        region_name = client.meta.region_name
-        if not region_name or 'fips' not in region_name.lower():
-            return
-
-        partition = client.meta.partition
-        endpoint_prefix = client.meta.service_model.endpoint_prefix
-        known_regions = self._endpoint_resolver.get_available_endpoints(
-            endpoint_prefix,
-            partition,
-            allow_non_regional=True,
-        )
-
-        if region_name not in known_regions:
-            def _lazy_fips_exception(**kwargs):
-                service_name = client.meta.service_model.service_name
-                raise UnknownFIPSEndpointError(
-                    region_name=region_name,
-                    service_name=service_name,
-                )
-            client.meta.events.register('before-sign', _lazy_fips_exception)
-
     def _register_s3_events(self, client, endpoint_bridge, endpoint_url,
                             client_config, scoped_config):
         if client.meta.service_model.service_name != 's3':
             return
         S3RegionRedirector(endpoint_bridge, client).register()
         S3ArnParamHandler().register(client.meta.events)
+        use_fips_endpoint = client.meta.config.use_fips_endpoint
         S3EndpointSetter(
             endpoint_resolver=self._endpoint_resolver,
             region=client.meta.region_name,
             s3_config=client.meta.config.s3,
             endpoint_url=endpoint_url,
-            partition=client.meta.partition
+            partition=client.meta.partition,
+            use_fips_endpoint=use_fips_endpoint
         ).register(client.meta.events)
         self._set_s3_presign_signature_version(
             client.meta, client_config, scoped_config)
@@ -284,13 +285,15 @@ class ClientCreator(object):
     ):
         if client.meta.service_model.service_name != 's3control':
             return
+        use_fips_endpoint = client.meta.config.use_fips_endpoint
         S3ControlArnParamHandler().register(client.meta.events)
         S3ControlEndpointSetter(
             endpoint_resolver=self._endpoint_resolver,
             region=client.meta.region_name,
             s3_config=client.meta.config.s3,
             endpoint_url=endpoint_url,
-            partition=client.meta.partition
+            partition=client.meta.partition,
+            use_fips_endpoint=use_fips_endpoint
         ).register(client.meta.events)
 
     def _set_s3_presign_signature_version(self, client_meta,
@@ -415,22 +418,31 @@ class ClientEndpointBridge(object):
     utilize "us-east-1" by default if no region can be resolved."""
 
     DEFAULT_ENDPOINT = '{service}.{region}.amazonaws.com'
-    _DUALSTACK_ENABLED_SERVICES = ['s3', 's3-control']
+    _DUALSTACK_CUSTOMIZED_SERVICES = ['s3', 's3-control']
 
     def __init__(self, endpoint_resolver, scoped_config=None,
                  client_config=None, default_endpoint=None,
-                 service_signing_name=None):
+                 service_signing_name=None, config_store=None):
         self.service_signing_name = service_signing_name
         self.endpoint_resolver = endpoint_resolver
         self.scoped_config = scoped_config
         self.client_config = client_config
         self.default_endpoint = default_endpoint or self.DEFAULT_ENDPOINT
+        self.config_store = config_store
 
     def resolve(self, service_name, region_name=None, endpoint_url=None,
                 is_secure=True):
         region_name = self._check_default_region(service_name, region_name)
+        use_dualstack_endpoint = self._resolve_use_dualstack_endpoint(
+            service_name)
+        use_fips_endpoint = self._resolve_endpoint_variant_config_var(
+            'use_fips_endpoint'
+        )
         resolved = self.endpoint_resolver.construct_endpoint(
-            service_name, region_name)
+            service_name, region_name,
+            use_dualstack_endpoint=use_dualstack_endpoint,
+            use_fips_endpoint=use_fips_endpoint,
+        )
 
         # If we can't resolve the region, we'll attempt to get a global
         # endpoint for non-regionalized services (iam, route53, etc)
@@ -438,7 +450,10 @@ class ClientEndpointBridge(object):
             # TODO: fallback partition_name should be configurable in the
             # future for users to define as needed.
             resolved = self.endpoint_resolver.construct_endpoint(
-                service_name, region_name, partition_name='aws')
+                service_name, region_name, partition_name='aws',
+                use_dualstack_endpoint=use_dualstack_endpoint,
+                use_fips_endpoint=use_fips_endpoint,
+            )
 
         if resolved:
             return self._create_endpoint(
@@ -456,20 +471,13 @@ class ClientEndpointBridge(object):
 
     def _create_endpoint(self, resolved, service_name, region_name,
                          endpoint_url, is_secure):
-        explicit_region = region_name is not None
         region_name, signing_region = self._pick_region_values(
             resolved, region_name, endpoint_url)
         if endpoint_url is None:
-            if self._is_s3_dualstack_mode(service_name):
-                endpoint_url = self._create_dualstack_endpoint(
-                    service_name, region_name,
-                    resolved['dnsSuffix'], is_secure, explicit_region)
-            else:
-                # Use the sslCommonName over the hostname for Python 2.6 compat.
-                hostname = resolved.get('sslCommonName', resolved.get('hostname'))
-                endpoint_url = self._make_url(
-                    hostname, is_secure, resolved.get('protocols', [])
-                )
+            # Use the sslCommonName over the hostname for Python 2.6 compat.
+            hostname = resolved.get('sslCommonName', resolved.get('hostname'))
+            endpoint_url = self._make_url(hostname, is_secure,
+                                          resolved.get('protocols', []))
         signature_version = self._resolve_signature_version(
             service_name, resolved)
         signing_name = self._resolve_signing_name(service_name, resolved)
@@ -479,9 +487,28 @@ class ClientEndpointBridge(object):
             endpoint_url=endpoint_url, metadata=resolved,
             signature_version=signature_version)
 
+    def _resolve_endpoint_variant_config_var(self, config_var):
+        client_config = self.client_config
+        config_val = False
+
+        # Client configuration arg has precedence
+        if client_config and getattr(client_config, config_var) is not None:
+            return getattr(client_config, config_var)
+        elif self.config_store is not None:
+            # Check config store
+            config_val = self.config_store.get_config_variable(config_var)
+        return config_val
+
+    def _resolve_use_dualstack_endpoint(self, service_name):
+        s3_dualstack_mode = self._is_s3_dualstack_mode(service_name)
+        if s3_dualstack_mode is not None:
+            return s3_dualstack_mode
+        return self._resolve_endpoint_variant_config_var(
+            'use_dualstack_endpoint')
+
     def _is_s3_dualstack_mode(self, service_name):
-        if service_name not in self._DUALSTACK_ENABLED_SERVICES:
-            return False
+        if service_name not in self._DUALSTACK_CUSTOMIZED_SERVICES:
+            return None
         # TODO: This normalization logic is duplicated from the
         # ClientArgsCreator class.  Consolidate everything to
         # ClientArgsCreator.  _resolve_signature_version also has similarly
@@ -491,27 +518,11 @@ class ClientEndpointBridge(object):
                 'use_dualstack_endpoint' in client_config.s3:
             # Client config trumps scoped config.
             return client_config.s3['use_dualstack_endpoint']
-        if self.scoped_config is None:
-            return False
-        enabled = self.scoped_config.get('s3', {}).get(
-            'use_dualstack_endpoint', False)
-        if enabled in [True, 'True', 'true']:
-            return True
-        return False
-
-    def _create_dualstack_endpoint(self, service_name, region_name,
-                                   dns_suffix, is_secure, explicit_region):
-        if not explicit_region and region_name == 'aws-global':
-            # If the region_name passed was not explicitly set, default to
-            # us-east-1 instead of the modeled default aws-global. Dualstack
-            # does not support aws-global
-            region_name = 'us-east-1'
-        hostname = '{service}.dualstack.{region}.{dns_suffix}'.format(
-            service=service_name, region=region_name,
-            dns_suffix=dns_suffix)
-        # Dualstack supports http and https so were hardcoding this value for
-        # now.  This can potentially move into the endpoints.json file.
-        return self._make_url(hostname, is_secure, ['http', 'https'])
+        if self.scoped_config is not None:
+            enabled = self.scoped_config.get('s3', {}).get(
+                'use_dualstack_endpoint')
+            if enabled in [True, 'True', 'true']:
+                return True
 
     def _assume_endpoint(self, service_name, region_name, endpoint_url,
                          is_secure):
diff --git a/contrib/python/botocore/py3/botocore/config.py b/contrib/python/botocore/py3/botocore/config.py
index 13f58f7edba..996464c5820 100644
--- a/contrib/python/botocore/py3/botocore/config.py
+++ b/contrib/python/botocore/py3/botocore/config.py
@@ -169,6 +169,18 @@ class Config(object):
         Setting this to False disables the injection of operation parameters
         into the prefix of the hostname. This is useful for clients providing
         custom endpoints that should not have their host prefix modified.
+
+    :type use_dualstack_endpoint: bool
+    :param use_dualstack_endpoint: Setting to True enables dualstack
+        endpoint resolution.
+
+        Defaults to None.
+
+    :type use_fips_endpoint: bool
+    :param use_fips_endpoint: Setting to True enables fips
+        endpoint resolution.
+
+        Defaults to None.
     """
     OPTION_DEFAULTS = OrderedDict([
         ('region_name', None),
@@ -186,14 +198,25 @@ class Config(object):
         ('client_cert', None),
         ('inject_host_prefix', True),
         ('endpoint_discovery_enabled', None),
+        ('use_dualstack_endpoint', None),
+        ('use_fips_endpoint', None),
+        ('defaults_mode', None)
     ])
 
+    NON_LEGACY_OPTION_DEFAULTS = {
+        'connect_timeout': None,
+    }
+
     def __init__(self, *args, **kwargs):
         self._user_provided_options = self._record_user_provided_options(
             args, kwargs)
 
         # Merge the user_provided options onto the default options
         config_vars = copy.copy(self.OPTION_DEFAULTS)
+        defaults_mode = self._user_provided_options.get(
+            'defaults_mode', 'legacy')
+        if defaults_mode != 'legacy':
+            config_vars.update(self.NON_LEGACY_OPTION_DEFAULTS)
         config_vars.update(self._user_provided_options)
 
         # Set the attributes based on the config_vars
diff --git a/contrib/python/botocore/py3/botocore/configloader.py b/contrib/python/botocore/py3/botocore/configloader.py
index 5e0002ce485..f516ea111ad 100644
--- a/contrib/python/botocore/py3/botocore/configloader.py
+++ b/contrib/python/botocore/py3/botocore/configloader.py
@@ -147,9 +147,9 @@ def raw_config_parse(config_filename, parse_subsections=True):
         cp = six.moves.configparser.RawConfigParser()
         try:
             cp.read([path])
-        except (six.moves.configparser.Error, UnicodeDecodeError):
+        except (six.moves.configparser.Error, UnicodeDecodeError) as e:
             raise botocore.exceptions.ConfigParseError(
-                path=_unicode_path(path))
+                path=_unicode_path(path), error=e) from None
         else:
             for section in cp.sections():
                 config[section] = {}
@@ -161,9 +161,9 @@ def raw_config_parse(config_filename, parse_subsections=True):
                         # of nesting for now.
                         try:
                             config_value = _parse_nested(config_value)
-                        except ValueError:
+                        except ValueError as e:
                             raise botocore.exceptions.ConfigParseError(
-                                path=_unicode_path(path))
+                                path=_unicode_path(path), error=e) from None
                     config[section][option] = config_value
     return config
 
diff --git a/contrib/python/botocore/py3/botocore/configprovider.py b/contrib/python/botocore/py3/botocore/configprovider.py
index 44df2875a6d..41cbd8afaf6 100644
--- a/contrib/python/botocore/py3/botocore/configprovider.py
+++ b/contrib/python/botocore/py3/botocore/configprovider.py
@@ -15,6 +15,7 @@ is loaded.
 """
 import logging
 import os
+import copy
 
 from botocore import utils
 
@@ -83,6 +84,14 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = {
         'imds_use_ipv6',
         'AWS_IMDS_USE_IPV6',
         False, utils.ensure_boolean),
+    'use_dualstack_endpoint': (
+        'use_dualstack_endpoint',
+        'AWS_USE_DUALSTACK_ENDPOINT',
+        None, utils.ensure_boolean),
+    'use_fips_endpoint': (
+        'use_fips_endpoint',
+        'AWS_USE_FIPS_ENDPOINT',
+        None, utils.ensure_boolean),
     'parameter_validation': ('parameter_validation', None, True, None),
     # Client side monitoring configurations.
     # Note: These configurations are considered internal to botocore.
@@ -101,6 +110,7 @@ BOTOCORE_DEFAUT_SESSION_VARIABLES = {
         None
     ),
     'retry_mode': ('retry_mode', 'AWS_RETRY_MODE', 'legacy', None),
+    'defaults_mode': ('defaults_mode', 'AWS_DEFAULTS_MODE', 'legacy', None),
     # We can't have a default here for v1 because we need to defer to
     # whatever the defaults are in _retry.json.
     'max_attempts': ('max_attempts', 'AWS_MAX_ATTEMPTS', None, int),
@@ -174,6 +184,43 @@ def _create_config_chain_mapping(chain_builder, config_variables):
     return mapping
 
 
+class DefaultConfigResolver:
+
+    def __init__(self, default_config_data):
+        self._base_default_config = default_config_data['base']
+        self._modes = default_config_data['modes']
+        self._resolved_default_configurations = {}
+
+    def _resolve_default_values_by_mode(self, mode):
+        default_config = self._base_default_config.copy()
+        modifications = self._modes.get(mode)
+
+        for config_var in modifications:
+            default_value = default_config[config_var]
+            modification_dict = modifications[config_var]
+            modification = list(modification_dict.keys())[0]
+            modification_value = modification_dict[modification]
+            if modification == 'multiply':
+                default_value *= modification_value
+            elif modification == 'add':
+                default_value += modification_value
+            elif modification == 'override':
+                default_value = modification_value
+            default_config[config_var] = default_value
+        return default_config
+
+    def get_default_modes(self):
+        default_modes = ['legacy', 'auto']
+        default_modes.extend(self._modes.keys())
+        return default_modes
+
+    def get_default_config_values(self, mode):
+        if mode not in self._resolved_default_configurations:
+            defaults = self._resolve_default_values_by_mode(mode)
+            self._resolved_default_configurations[mode] = defaults
+        return self._resolved_default_configurations[mode]
+
+
 class ConfigChainFactory(object):
     """Factory class to create our most common configuration chain case.
 
@@ -300,6 +347,11 @@ class ConfigValueStore(object):
             for logical_name, provider in mapping.items():
                 self.set_config_provider(logical_name, provider)
 
+    def __deepcopy__(self, memo):
+        return ConfigValueStore(
+            copy.deepcopy(self._mapping, memo)
+        )
+
     def get_config_variable(self, logical_name):
         """
         Retrieve the value associeated with the specified logical_name
@@ -321,6 +373,24 @@ class ConfigValueStore(object):
         provider = self._mapping[logical_name]
         return provider.provide()
 
+    def get_config_provider(self, logical_name):
+        """
+        Retrieve the provider associated with the specified logical_name.
+        If no provider is found None will be returned.
+
+        :type logical_name: str
+        :param logical_name: The logical name of the session variable
+            you want to retrieve.  This name will be mapped to the
+            appropriate environment variable name for this session as
+            well as the appropriate config file entry.
+
+        :returns: configuration provider or None if not defined.
+        """
+        if logical_name in self._overrides or logical_name not in self._mapping:
+            return None
+        provider = self._mapping[logical_name]
+        return provider
+
     def set_config_variable(self, logical_name, value):
         """Set a configuration variable to a specific value.
 
@@ -374,6 +444,78 @@ class ConfigValueStore(object):
         self._mapping[logical_name] = provider
 
 
+class SmartDefaultsConfigStoreFactory:
+
+    def __init__(self, default_config_resolver, imds_region_provider):
+        self._default_config_resolver = default_config_resolver
+        self._imds_region_provider = imds_region_provider
+        # Initializing _instance_metadata_region as None so we
+        # can fetch region in a lazy fashion only when needed.
+        self._instance_metadata_region = None
+
+    def merge_smart_defaults(self, config_store, mode, region_name):
+        if mode == 'auto':
+            mode = self.resolve_auto_mode(region_name)
+        default_configs = self._default_config_resolver.get_default_config_values(
+            mode)
+        for config_var in default_configs:
+            config_value = default_configs[config_var]
+            method = getattr(self, f'_set_{config_var}', None)
+            if method:
+                method(config_store, config_value)
+
+    def resolve_auto_mode(self, region_name):
+        current_region = None
+        if os.environ.get('AWS_EXECUTION_ENV'):
+            default_region = os.environ.get('AWS_DEFAULT_REGION')
+            current_region = os.environ.get('AWS_REGION', default_region)
+        if not current_region:
+            if self._instance_metadata_region:
+                current_region = self._instance_metadata_region
+            else:
+                try:
+                    current_region = \
+                        self._imds_region_provider.provide()
+                    self._instance_metadata_region = current_region
+                except Exception:
+                    pass
+
+        if current_region:
+            if region_name == current_region:
+                return 'in-region'
+            else:
+                return 'cross-region'
+        return 'standard'
+
+    def _update_provider(self, config_store, variable, value):
+        provider = config_store.get_config_provider(variable)
+        default_provider = ConstantProvider(value)
+        if isinstance(provider, ChainProvider):
+            provider.set_default_provider(default_provider)
+            return
+        elif isinstance(provider, BaseProvider):
+            default_provider = ChainProvider(providers=[provider, default_provider])
+        config_store.set_config_provider(variable, default_provider)
+
+    def _update_section_provider(self, config_store, section_name, variable,
+                                 value):
+        section_provider = config_store.get_config_provider(section_name)
+        section_provider.set_default_provider(variable, ConstantProvider(value))
+
+    def _set_retryMode(self, config_store, value):
+        self._update_provider(config_store, 'retry_mode', value)
+
+    def _set_stsRegionalEndpoints(self, config_store, value):
+        self._update_provider(config_store, 'sts_regional_endpoints', value)
+
+    def _set_s3UsEast1RegionalEndpoints(self, config_store, value):
+        self._update_section_provider(
+            config_store, 's3', 'us_east_1_regional_endpoint', value)
+
+    def _set_connectTimeoutInMillis(self, config_store, value):
+        self._update_provider(config_store, 'connect_timeout', value/1000)
+
+
 class BaseProvider(object):
     """Base class for configuration value providers.
 
@@ -408,6 +550,12 @@ class ChainProvider(BaseProvider):
         self._providers = providers
         self._conversion_func = conversion_func
 
+    def __deepcopy__(self, memo):
+        return ChainProvider(
+            copy.deepcopy(self._providers, memo),
+            self._conversion_func
+        )
+
     def provide(self):
         """Provide the value from the first provider to return non-None.
 
@@ -421,6 +569,21 @@ class ChainProvider(BaseProvider):
                 return self._convert_type(value)
         return None
 
+    def set_default_provider(self, default_provider):
+        if self._providers and isinstance(self._providers[-1], ConstantProvider):
+            self._providers[-1] = default_provider
+        else:
+            self._providers.append(default_provider)
+
+        num_of_constants = sum(isinstance(
+            provider, ConstantProvider
+        ) for provider in self._providers)
+        if num_of_constants > 1:
+            logger.info(
+                'ChainProvider object contains multiple '
+                'instances of ConstantProvider objects'
+            )
+
     def _convert_type(self, value):
         if self._conversion_func is not None:
             return self._conversion_func(value)
@@ -445,6 +608,12 @@ class InstanceVarProvider(BaseProvider):
         self._instance_var = instance_var
         self._session = session
 
+    def __deepcopy__(self, memo):
+        return InstanceVarProvider(
+            copy.deepcopy(self._instance_var, memo),
+            self._session
+        )
+
     def provide(self):
         """Provide a config value from the session instance vars."""
         instance_vars = self._session.instance_variables()
@@ -475,6 +644,12 @@ class ScopedConfigProvider(BaseProvider):
         self._config_var_name = config_var_name
         self._session = session
 
+    def __deepcopy__(self, memo):
+        return ScopedConfigProvider(
+            copy.deepcopy(self._config_var_name, memo),
+            self._session
+        )
+
     def provide(self):
         """Provide a value from a config file property."""
         scoped_config = self._session.get_scoped_config()
@@ -506,6 +681,12 @@ class EnvironmentProvider(BaseProvider):
         self._name = name
         self._env = env
 
+    def __deepcopy__(self, memo):
+        return EnvironmentProvider(
+            copy.deepcopy(self._name, memo),
+            copy.deepcopy(self._env, memo)
+        )
+
     def provide(self):
         """Provide a config value from a source dictionary."""
         if self._name in self._env:
@@ -531,6 +712,13 @@ class SectionConfigProvider(BaseProvider):
         if self._override_providers is None:
             self._override_providers = {}
 
+    def __deepcopy__(self, memo):
+        return SectionConfigProvider(
+            copy.deepcopy(self._section_name, memo),
+            self._session,
+            copy.deepcopy(self._override_providers, memo)
+        )
+
     def provide(self):
         section_config = self._scoped_config_provider.provide()
         if section_config and not isinstance(section_config, dict):
@@ -546,6 +734,15 @@ class SectionConfigProvider(BaseProvider):
                 section_config[section_config_var] = provider_val
         return section_config
 
+    def set_default_provider(self, key, default_provider):
+        provider = self._override_providers.get(key)
+        if isinstance(provider, ChainProvider):
+            provider.set_default_provider(default_provider)
+            return
+        elif isinstance(provider, BaseProvider):
+            default_provider = ChainProvider(providers=[provider, default_provider])
+        self._override_providers[key] = default_provider
+
     def __repr__(self):
         return (
             'SectionConfigProvider(section_name=%s, '
@@ -561,6 +758,9 @@ class ConstantProvider(BaseProvider):
     def __init__(self, value):
         self._value = value
 
+    def __deepcopy__(self, memo):
+        return ConstantProvider(copy.deepcopy(self._value, memo))
+
     def provide(self):
         """Provide the constant value given during initialization."""
         return self._value
diff --git a/contrib/python/botocore/py3/botocore/credentials.py b/contrib/python/botocore/py3/botocore/credentials.py
index 47a7b47161e..a8fc99eb7c3 100644
--- a/contrib/python/botocore/py3/botocore/credentials.py
+++ b/contrib/python/botocore/py3/botocore/credentials.py
@@ -22,6 +22,7 @@ import subprocess
 from collections import namedtuple
 from copy import deepcopy
 from hashlib import sha1
+from pathlib import Path
 
 from dateutil.parser import parse
 from dateutil.tz import tzlocal, tzutc
@@ -307,6 +308,14 @@ class JSONFileCache(object):
         except (OSError, ValueError, IOError):
             raise KeyError(cache_key)
 
+    def __delitem__(self, cache_key):
+        actual_key = self._convert_cache_key(cache_key)
+        try:
+            key_path = Path(actual_key)
+            key_path.unlink()
+        except FileNotFoundError:
+            raise KeyError(cache_key)
+
     def __setitem__(self, cache_key, value):
         full_key = self._convert_cache_key(cache_key)
         try:
diff --git a/contrib/python/botocore/py3/botocore/data/accessanalyzer/2019-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/accessanalyzer/2019-11-01/service-2.json
index 51b88dbf8fe..9524f6126e8 100644
--- a/contrib/python/botocore/py3/botocore/data/accessanalyzer/2019-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/accessanalyzer/2019-11-01/service-2.json
@@ -2595,14 +2595,14 @@
       "members":{
         "kmsKeyId":{
           "shape":"SecretsManagerSecretKmsId",
-          "documentation":"<p>The proposed ARN, key ID, or alias of the KMS customer master key (CMK).</p>"
+          "documentation":"<p>The proposed ARN, key ID, or alias of the KMS key.</p>"
         },
         "secretPolicy":{
           "shape":"SecretsManagerSecretPolicy",
           "documentation":"<p>The proposed resource policy defining who can access or manage the secret.</p>"
         }
       },
-      "documentation":"<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. If you specify an empty string for the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>"
+      "documentation":"<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>"
     },
     "SecretsManagerSecretKmsId":{"type":"string"},
     "SecretsManagerSecretPolicy":{"type":"string"},
@@ -3035,9 +3035,22 @@
         "policyType":{
           "shape":"PolicyType",
           "documentation":"<p>The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account.</p> <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy. </p>"
+        },
+        "validatePolicyResourceType":{
+          "shape":"ValidatePolicyResourceType",
+          "documentation":"<p>The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose <code>AWS::S3::Bucket</code> for the policy validation resource type.</p> <p>For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.</p>"
         }
       }
     },
+    "ValidatePolicyResourceType":{
+      "type":"string",
+      "enum":[
+        "AWS::S3::Bucket",
+        "AWS::S3::AccessPoint",
+        "AWS::S3::MultiRegionAccessPoint",
+        "AWS::S3ObjectLambda::AccessPoint"
+      ]
+    },
     "ValidatePolicyResponse":{
       "type":"structure",
       "required":["findings"],
diff --git a/contrib/python/botocore/py3/botocore/data/amplify/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/amplify/2017-07-25/service-2.json
index a3e33732355..ed3e0c9026a 100644
--- a/contrib/python/botocore/py3/botocore/data/amplify/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/amplify/2017-07-25/service-2.json
@@ -712,7 +712,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for branches for the Amplify app. </p>"
+          "documentation":"<p> The basic authorization credentials for branches for the Amplify app. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "customRules":{
           "shape":"CustomRules",
@@ -827,7 +827,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for the autocreated branch. </p>"
+          "documentation":"<p> The basic authorization credentials for the autocreated branch. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "enableBasicAuth":{
           "shape":"EnableBasicAuth",
@@ -1030,7 +1030,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for a branch of an Amplify app. </p>"
+          "documentation":"<p> The basic authorization credentials for a branch of an Amplify app. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "buildSpec":{
           "shape":"BuildSpec",
@@ -1157,7 +1157,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The credentials for basic authorization for an Amplify app. </p>"
+          "documentation":"<p> The credentials for basic authorization for an Amplify app. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "customRules":{
           "shape":"CustomRules",
@@ -1279,7 +1279,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for the branch. </p>"
+          "documentation":"<p> The basic authorization credentials for the branch. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "enableBasicAuth":{
           "shape":"EnableBasicAuth",
@@ -3090,7 +3090,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for an Amplify app. </p>"
+          "documentation":"<p> The basic authorization credentials for an Amplify app. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "customRules":{
           "shape":"CustomRules",
@@ -3187,7 +3187,7 @@
         },
         "basicAuthCredentials":{
           "shape":"BasicAuthCredentials",
-          "documentation":"<p> The basic authorization credentials for the branch. </p>"
+          "documentation":"<p> The basic authorization credentials for the branch. You must base64-encode the authorization credentials and provide them in the format <code>user:password</code>.</p>"
         },
         "enableBasicAuth":{
           "shape":"EnableBasicAuth",
diff --git a/contrib/python/botocore/py3/botocore/data/amplifybackend/2020-08-11/service-2.json b/contrib/python/botocore/py3/botocore/data/amplifybackend/2020-08-11/service-2.json
index 015a86bdbf9..f5824a85ee3 100644
--- a/contrib/python/botocore/py3/botocore/data/amplifybackend/2020-08-11/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/amplifybackend/2020-08-11/service-2.json
@@ -181,6 +181,40 @@
       ],
       "documentation": "<p>Creates a config object for a backend.</p>"
     },
+    "CreateBackendStorage": {
+      "name": "CreateBackendStorage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/backend/{appId}/storage",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "CreateBackendStorageRequest"
+      },
+      "output": {
+        "shape": "CreateBackendStorageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>Creates a backend storage resource.</p>"
+    },
     "CreateToken": {
       "name": "CreateToken",
       "http": {
@@ -317,6 +351,40 @@
       ],
       "documentation": "<p>Deletes an existing backend authentication resource.</p>"
     },
+    "DeleteBackendStorage": {
+      "name": "DeleteBackendStorage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/backend/{appId}/storage/{backendEnvironmentName}/remove",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "DeleteBackendStorageRequest"
+      },
+      "output": {
+        "shape": "DeleteBackendStorageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>Removes the specified backend storage resource.</p>"
+    },
     "DeleteToken": {
       "name": "DeleteToken",
       "http": {
@@ -555,6 +623,40 @@
       ],
       "documentation": "<p>Returns information about a specific job.</p>"
     },
+    "GetBackendStorage": {
+      "name": "GetBackendStorage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/backend/{appId}/storage/{backendEnvironmentName}/details",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "GetBackendStorageRequest"
+      },
+      "output": {
+        "shape": "GetBackendStorageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>Gets details for a backend storage resource.</p>"
+    },
     "GetToken": {
       "name": "GetToken",
       "http": {
@@ -623,6 +725,40 @@
       ],
       "documentation": "<p>Imports an existing backend authentication resource.</p>"
     },
+    "ImportBackendStorage": {
+      "name": "ImportBackendStorage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/backend/{appId}/storage/{backendEnvironmentName}/import",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "ImportBackendStorageRequest"
+      },
+      "output": {
+        "shape": "ImportBackendStorageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>Imports an existing backend storage resource.</p>"
+    },
     "ListBackendJobs": {
       "name": "ListBackendJobs",
       "http": {
@@ -657,6 +793,40 @@
       ],
       "documentation": "<p>Lists the jobs for the backend of an Amplify app.</p>"
     },
+    "ListS3Buckets": {
+      "name": "ListS3Buckets",
+      "http": {
+        "method": "POST",
+        "requestUri": "/s3Buckets",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "ListS3BucketsRequest"
+      },
+      "output": {
+        "shape": "ListS3BucketsResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>The list of S3 buckets in your account.</p>"
+    },
     "RemoveAllBackends": {
       "name": "RemoveAllBackends",
       "http": {
@@ -860,6 +1030,40 @@
         }
       ],
       "documentation": "<p>Updates a specific job.</p>"
+    },
+    "UpdateBackendStorage": {
+      "name": "UpdateBackendStorage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/backend/{appId}/storage/{backendEnvironmentName}",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "UpdateBackendStorageRequest"
+      },
+      "output": {
+        "shape": "UpdateBackendStorageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "GatewayTimeoutException",
+          "documentation": "<p>504 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        }
+      ],
+      "documentation": "<p>Updates an existing backend storage resource.</p>"
     }
   },
   "shapes": {
@@ -1266,6 +1470,57 @@
         "BackendEnvironmentName"
       ]
     },
+    "BackendStoragePermissions": {
+      "type": "structure",
+      "members": {
+        "Authenticated": {
+          "shape": "ListOfAuthenticatedElement",
+          "locationName": "authenticated",
+          "documentation": "<p>Lists all authenticated user read, write, and delete permissions for your S3 bucket.</p>"
+        },
+        "UnAuthenticated": {
+          "shape": "ListOfUnAuthenticatedElement",
+          "locationName": "unAuthenticated",
+          "documentation": "<p>Lists all unauthenticated user read, write, and delete permissions for your S3 bucket.</p>"
+        }
+      },
+      "documentation": "<p>Describes the read, write, and delete permissions users have against your storage S3 bucket.</p>",
+      "required": [
+        "Authenticated"
+      ]
+    },
+    "BackendStorageRespObj": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "JobId": {
+          "shape": "__string",
+          "locationName": "jobId",
+          "documentation": "<p>The ID for the job.</p>"
+        },
+        "Status": {
+          "shape": "__string",
+          "locationName": "status",
+          "documentation": "<p>The current status of the request.</p>"
+        }
+      },
+      "documentation": "<p>The response object for this operation.</p>",
+      "required": [
+        "Status",
+        "AppId",
+        "BackendEnvironmentName",
+        "JobId"
+      ]
+    },
     "BadRequestException": {
       "type": "structure",
       "members": {
@@ -1892,7 +2147,7 @@
         "ResourceConfig": {
           "shape": "ResourceConfig",
           "locationName": "resourceConfig",
-          "documentation": "<p>The resource configuration for the create backend request.</p>"
+          "documentation": "<p>The resource configuration for creating backend storage.</p>"
         },
         "ResourceName": {
           "shape": "__string",
@@ -1928,7 +2183,7 @@
         "ResourceConfig": {
           "shape": "ResourceConfig",
           "locationName": "resourceConfig",
-          "documentation": "<p>The resource configuration for the create backend request.</p>"
+          "documentation": "<p>The resource configuration for creating backend storage.</p>"
         },
         "ResourceName": {
           "shape": "__string",
@@ -2018,6 +2273,115 @@
         }
       }
     },
+    "CreateBackendStorageReqObj": {
+      "type": "structure",
+      "members": {
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceConfig": {
+          "shape": "CreateBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for creating backend storage.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>",
+      "required": [
+        "ResourceName",
+        "BackendEnvironmentName",
+        "ResourceConfig"
+      ]
+    },
+    "CreateBackendStorageRequest": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceConfig": {
+          "shape": "CreateBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for creating backend storage.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request body for CreateBackendStorage.</p>",
+      "required": [
+        "AppId",
+        "ResourceName",
+        "BackendEnvironmentName",
+        "ResourceConfig"
+      ]
+    },
+    "CreateBackendStorageResourceConfig": {
+      "type": "structure",
+      "members": {
+        "BucketName": {
+          "shape": "__string",
+          "locationName": "bucketName",
+          "documentation": "<p>The name of the S3 bucket.</p>"
+        },
+        "Permissions": {
+          "shape": "BackendStoragePermissions",
+          "locationName": "permissions",
+          "documentation": "<p>The authorization configuration for the storage S3 bucket.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The resource configuration for creating backend storage.</p>",
+      "required": [
+        "ServiceName",
+        "Permissions"
+      ]
+    },
+    "CreateBackendStorageResponse": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "JobId": {
+          "shape": "__string",
+          "locationName": "jobId",
+          "documentation": "<p>The ID for the job.</p>"
+        },
+        "Status": {
+          "shape": "__string",
+          "locationName": "status",
+          "documentation": "<p>The current status of the request.</p>"
+        }
+      }
+    },
     "CreateTokenRequest": {
       "type": "structure",
       "members": {
@@ -2316,6 +2680,65 @@
         }
       }
     },
+    "DeleteBackendStorageRequest": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The request body for DeleteBackendStorage.</p>",
+      "required": [
+        "AppId",
+        "BackendEnvironmentName",
+        "ServiceName",
+        "ResourceName"
+      ]
+    },
+    "DeleteBackendStorageResponse": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "JobId": {
+          "shape": "__string",
+          "locationName": "jobId",
+          "documentation": "<p>The ID for the job.</p>"
+        },
+        "Status": {
+          "shape": "__string",
+          "locationName": "status",
+          "documentation": "<p>The current status of the request.</p>"
+        }
+      }
+    },
     "DeleteTokenRequest": {
       "type": "structure",
       "members": {
@@ -2914,6 +3337,133 @@
         }
       }
     },
+    "GetBackendStorageReqObj": {
+      "type": "structure",
+      "members": {
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>",
+      "required": [
+        "ResourceName"
+      ]
+    },
+    "GetBackendStorageRequest": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request body for GetBackendStorage.</p>",
+      "required": [
+        "AppId",
+        "BackendEnvironmentName",
+        "ResourceName"
+      ]
+    },
+    "GetBackendStorageResourceConfig": {
+      "type": "structure",
+      "members": {
+        "BucketName": {
+          "shape": "__string",
+          "locationName": "bucketName",
+          "documentation": "<p>The name of the S3 bucket.</p>"
+        },
+        "Imported": {
+          "shape": "__boolean",
+          "locationName": "imported",
+          "documentation": "<p>Returns True if the storage resource has been imported.</p>"
+        },
+        "Permissions": {
+          "shape": "BackendStoragePermissions",
+          "locationName": "permissions",
+          "documentation": "<p>The authorization configuration for the storage S3 bucket.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The details for a backend storage resource.</p>",
+      "required": [
+        "ServiceName",
+        "Imported"
+      ]
+    },
+    "GetBackendStorageRespObj": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceConfig": {
+          "shape": "GetBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for the backend storage resource.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The response object for this operation.</p>",
+      "required": [
+        "AppId",
+        "BackendEnvironmentName"
+      ]
+    },
+    "GetBackendStorageResponse": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceConfig": {
+          "shape": "GetBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for the backend storage resource.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      }
+    },
     "GetTokenRequest": {
       "type": "structure",
       "members": {
@@ -3103,6 +3653,83 @@
         }
       }
     },
+    "ImportBackendStorageReqObj": {
+      "type": "structure",
+      "members": {
+        "BucketName": {
+          "shape": "__string",
+          "locationName": "bucketName",
+          "documentation": "<p>The name of the S3 bucket.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>",
+      "required": [
+        "ServiceName"
+      ]
+    },
+    "ImportBackendStorageRequest": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "BucketName": {
+          "shape": "__string",
+          "locationName": "bucketName",
+          "documentation": "<p>The name of the S3 bucket.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The request body for ImportBackendStorage.</p>",
+      "required": [
+        "AppId",
+        "BackendEnvironmentName",
+        "ServiceName"
+      ]
+    },
+    "ImportBackendStorageResponse": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "JobId": {
+          "shape": "__string",
+          "locationName": "jobId",
+          "documentation": "<p>The ID for the job.</p>"
+        },
+        "Status": {
+          "shape": "__string",
+          "locationName": "status",
+          "documentation": "<p>The current status of the request.</p>"
+        }
+      }
+    },
     "InternalServiceException": {
       "type": "structure",
       "members": {
@@ -3239,6 +3866,62 @@
         }
       }
     },
+    "ListS3BucketsReqObj": {
+      "type": "structure",
+      "members": {
+        "NextToken": {
+          "shape": "__string",
+          "locationName": "nextToken",
+          "documentation": "<p>Reserved for future use.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>"
+    },
+    "ListS3BucketsRequest": {
+      "type": "structure",
+      "members": {
+        "NextToken": {
+          "shape": "__string",
+          "locationName": "nextToken",
+          "documentation": "<p>Reserved for future use.</p>"
+        }
+      },
+      "documentation": "<p>The request body for S3Buckets.</p>"
+    },
+    "ListS3BucketsRespObj": {
+      "type": "structure",
+      "members": {
+        "Buckets": {
+          "shape": "ListOfS3BucketInfo",
+          "locationName": "buckets",
+          "documentation": "<p>The list of S3 buckets.</p>"
+        },
+        "NextToken": {
+          "shape": "__string",
+          "locationName": "nextToken",
+          "documentation": "<p>Reserved for future use.</p>"
+        }
+      },
+      "documentation": "<p>The response object for this operation.</p>",
+      "required": [
+        "Buckets"
+      ]
+    },
+    "ListS3BucketsResponse": {
+      "type": "structure",
+      "members": {
+        "Buckets": {
+          "shape": "ListOfS3BucketInfo",
+          "locationName": "buckets",
+          "documentation": "<p>The list of S3 buckets.</p>"
+        },
+        "NextToken": {
+          "shape": "__string",
+          "locationName": "nextToken",
+          "documentation": "<p>Reserved for future use.</p>"
+        }
+      }
+    },
     "LoginAuthConfigReqObj": {
       "type": "structure",
       "members": {
@@ -3453,6 +4136,26 @@
         }
       }
     },
+    "RemoveBackendStorageReqObj": {
+      "type": "structure",
+      "members": {
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>",
+      "required": [
+        "ServiceName",
+        "ResourceName"
+      ]
+    },
     "ResolutionStrategy": {
       "type": "string",
       "enum": [
@@ -3467,12 +4170,34 @@
       "members": {},
       "documentation": "<p>Defines the resource configuration for the data model in your Amplify project.</p>"
     },
+    "S3BucketInfo": {
+      "type": "structure",
+      "members": {
+        "CreationDate": {
+          "shape": "__string",
+          "locationName": "creationDate",
+          "documentation": "<p>The creation date of the S3 bucket.</p>"
+        },
+        "Name": {
+          "shape": "__string",
+          "locationName": "name",
+          "documentation": "<p>The name of the S3 bucket.</p>"
+        }
+      },
+      "documentation": "<p>Describes the metadata of the S3 bucket.</p>"
+    },
     "Service": {
       "type": "string",
       "enum": [
         "COGNITO"
       ]
     },
+    "ServiceName": {
+      "type": "string",
+      "enum": [
+        "S3"
+      ]
+    },
     "Settings": {
       "type": "structure",
       "members": {
@@ -4007,6 +4732,105 @@
         }
       }
     },
+    "UpdateBackendStorageReqObj": {
+      "type": "structure",
+      "members": {
+        "ResourceConfig": {
+          "shape": "UpdateBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for updating backend storage.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request object for this operation.</p>",
+      "required": [
+        "ResourceName",
+        "ResourceConfig"
+      ]
+    },
+    "UpdateBackendStorageRequest": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "ResourceConfig": {
+          "shape": "UpdateBackendStorageResourceConfig",
+          "locationName": "resourceConfig",
+          "documentation": "<p>The resource configuration for updating backend storage.</p>"
+        },
+        "ResourceName": {
+          "shape": "__string",
+          "locationName": "resourceName",
+          "documentation": "<p>The name of the storage resource.</p>"
+        }
+      },
+      "documentation": "<p>The request body for UpdateBackendStorage.</p>",
+      "required": [
+        "AppId",
+        "BackendEnvironmentName",
+        "ResourceName",
+        "ResourceConfig"
+      ]
+    },
+    "UpdateBackendStorageResourceConfig": {
+      "type": "structure",
+      "members": {
+        "Permissions": {
+          "shape": "BackendStoragePermissions",
+          "locationName": "permissions",
+          "documentation": "<p>The authorization configuration for the storage S3 bucket.</p>"
+        },
+        "ServiceName": {
+          "shape": "ServiceName",
+          "locationName": "serviceName",
+          "documentation": "<p>The name of the storage service.</p>"
+        }
+      },
+      "documentation": "<p>The resource configuration for updating backend storage.</p>",
+      "required": [
+        "ServiceName",
+        "Permissions"
+      ]
+    },
+    "UpdateBackendStorageResponse": {
+      "type": "structure",
+      "members": {
+        "AppId": {
+          "shape": "__string",
+          "locationName": "appId",
+          "documentation": "<p>The app ID.</p>"
+        },
+        "BackendEnvironmentName": {
+          "shape": "__string",
+          "locationName": "backendEnvironmentName",
+          "documentation": "<p>The name of the backend environment.</p>"
+        },
+        "JobId": {
+          "shape": "__string",
+          "locationName": "jobId",
+          "documentation": "<p>The ID for the job.</p>"
+        },
+        "Status": {
+          "shape": "__string",
+          "locationName": "status",
+          "documentation": "<p>The current status of the request.</p>"
+        }
+      }
+    },
     "AdditionalConstraintsElement": {
       "type": "string",
       "enum": [
@@ -4016,6 +4840,14 @@
         "REQUIRE_UPPERCASE"
       ]
     },
+    "AuthenticatedElement": {
+      "type": "string",
+      "enum": [
+        "READ",
+        "CREATE_AND_UPDATE",
+        "DELETE"
+      ]
+    },
     "MfaTypesElement": {
       "type": "string",
       "enum": [
@@ -4055,6 +4887,14 @@
         "ZONE_INFO"
       ]
     },
+    "UnAuthenticatedElement": {
+      "type": "string",
+      "enum": [
+        "READ",
+        "CREATE_AND_UPDATE",
+        "DELETE"
+      ]
+    },
     "__boolean": {
       "type": "boolean"
     },
@@ -4081,12 +4921,24 @@
         "shape": "BackendJobRespObj"
       }
     },
+    "ListOfS3BucketInfo": {
+      "type": "list",
+      "member": {
+        "shape": "S3BucketInfo"
+      }
+    },
     "ListOfAdditionalConstraintsElement": {
       "type": "list",
       "member": {
         "shape": "AdditionalConstraintsElement"
       }
     },
+    "ListOfAuthenticatedElement": {
+      "type": "list",
+      "member": {
+        "shape": "AuthenticatedElement"
+      }
+    },
     "ListOfMfaTypesElement": {
       "type": "list",
       "member": {
@@ -4105,6 +4957,12 @@
         "shape": "RequiredSignUpAttributesElement"
       }
     },
+    "ListOfUnAuthenticatedElement": {
+      "type": "list",
+      "member": {
+        "shape": "UnAuthenticatedElement"
+      }
+    },
     "ListOf__string": {
       "type": "list",
       "member": {
diff --git a/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json b/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json
new file mode 100644
index 00000000000..7cb8a4b8a84
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json
@@ -0,0 +1,16 @@
+{
+  "pagination": {
+    "ListComponents": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "entities"
+    },
+    "ListThemes": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "entities"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/service-2.json b/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/service-2.json
new file mode 100644
index 00000000000..341b149796a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/amplifyuibuilder/2021-08-11/service-2.json
@@ -0,0 +1,1693 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-08-11",
+    "endpointPrefix":"amplifyuibuilder",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"AWS Amplify UI Builder",
+    "serviceId":"AmplifyUIBuilder",
+    "signatureVersion":"v4",
+    "signingName":"amplifyuibuilder",
+    "uid":"amplifyuibuilder-2021-08-11"
+  },
+  "operations":{
+    "CreateComponent":{
+      "name":"CreateComponent",
+      "http":{
+        "method":"POST",
+        "requestUri":"/app/{appId}/environment/{environmentName}/components",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateComponentRequest"},
+      "output":{"shape":"CreateComponentResponse"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Creates a new component for an Amplify app.</p>",
+      "idempotent":true
+    },
+    "CreateTheme":{
+      "name":"CreateTheme",
+      "http":{
+        "method":"POST",
+        "requestUri":"/app/{appId}/environment/{environmentName}/themes",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateThemeRequest"},
+      "output":{"shape":"CreateThemeResponse"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Creates a theme to apply to the components in an Amplify app.</p>",
+      "idempotent":true
+    },
+    "DeleteComponent":{
+      "name":"DeleteComponent",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/app/{appId}/environment/{environmentName}/components/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteComponentRequest"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a component from an Amplify app.</p>",
+      "idempotent":true
+    },
+    "DeleteTheme":{
+      "name":"DeleteTheme",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/app/{appId}/environment/{environmentName}/themes/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteThemeRequest"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a theme from an Amplify app.</p>",
+      "idempotent":true
+    },
+    "ExchangeCodeForToken":{
+      "name":"ExchangeCodeForToken",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tokens/{provider}",
+        "responseCode":200
+      },
+      "input":{"shape":"ExchangeCodeForTokenRequest"},
+      "output":{"shape":"ExchangeCodeForTokenResponse"},
+      "errors":[
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Exchanges an access code for a token.</p>"
+    },
+    "ExportComponents":{
+      "name":"ExportComponents",
+      "http":{
+        "method":"GET",
+        "requestUri":"/export/app/{appId}/environment/{environmentName}/components",
+        "responseCode":200
+      },
+      "input":{"shape":"ExportComponentsRequest"},
+      "output":{"shape":"ExportComponentsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Exports component configurations to code that is ready to integrate into an Amplify app.</p>"
+    },
+    "ExportThemes":{
+      "name":"ExportThemes",
+      "http":{
+        "method":"GET",
+        "requestUri":"/export/app/{appId}/environment/{environmentName}/themes",
+        "responseCode":200
+      },
+      "input":{"shape":"ExportThemesRequest"},
+      "output":{"shape":"ExportThemesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Exports theme configurations to code that is ready to integrate into an Amplify app.</p>"
+    },
+    "GetComponent":{
+      "name":"GetComponent",
+      "http":{
+        "method":"GET",
+        "requestUri":"/app/{appId}/environment/{environmentName}/components/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetComponentRequest"},
+      "output":{"shape":"GetComponentResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Returns an existing component for an Amplify app.</p>"
+    },
+    "GetTheme":{
+      "name":"GetTheme",
+      "http":{
+        "method":"GET",
+        "requestUri":"/app/{appId}/environment/{environmentName}/themes/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetThemeRequest"},
+      "output":{"shape":"GetThemeResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Returns an existing theme for an Amplify app.</p>"
+    },
+    "ListComponents":{
+      "name":"ListComponents",
+      "http":{
+        "method":"GET",
+        "requestUri":"/app/{appId}/environment/{environmentName}/components",
+        "responseCode":200
+      },
+      "input":{"shape":"ListComponentsRequest"},
+      "output":{"shape":"ListComponentsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Retrieves a list of components for a specified Amplify app and backend environment.</p>"
+    },
+    "ListThemes":{
+      "name":"ListThemes",
+      "http":{
+        "method":"GET",
+        "requestUri":"/app/{appId}/environment/{environmentName}/themes",
+        "responseCode":200
+      },
+      "input":{"shape":"ListThemesRequest"},
+      "output":{"shape":"ListThemesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Retrieves a list of themes for a specified Amplify app and backend environment.</p>"
+    },
+    "RefreshToken":{
+      "name":"RefreshToken",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tokens/{provider}/refresh",
+        "responseCode":200
+      },
+      "input":{"shape":"RefreshTokenRequest"},
+      "output":{"shape":"RefreshTokenResponse"},
+      "errors":[
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Refreshes a previously issued access token that might have expired.</p>"
+    },
+    "UpdateComponent":{
+      "name":"UpdateComponent",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/app/{appId}/environment/{environmentName}/components/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateComponentRequest"},
+      "output":{"shape":"UpdateComponentResponse"},
+      "errors":[
+        {"shape":"ResourceConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Updates an existing component.</p>",
+      "idempotent":true
+    },
+    "UpdateTheme":{
+      "name":"UpdateTheme",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/app/{appId}/environment/{environmentName}/themes/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateThemeRequest"},
+      "output":{"shape":"UpdateThemeResponse"},
+      "errors":[
+        {"shape":"ResourceConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Updates an existing theme.</p>",
+      "idempotent":true
+    }
+  },
+  "shapes":{
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "Component":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "bindingProperties",
+        "componentType",
+        "createdAt",
+        "environmentName",
+        "id",
+        "name",
+        "overrides",
+        "properties",
+        "variants"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app associated with the component.</p>"
+        },
+        "bindingProperties":{
+          "shape":"ComponentBindingProperties",
+          "documentation":"<p>The information to connect a component's properties to data at runtime.</p>"
+        },
+        "children":{
+          "shape":"ComponentChildList",
+          "documentation":"<p>A list of the component's <code>ComponentChild</code> instances.</p>"
+        },
+        "collectionProperties":{
+          "shape":"ComponentCollectionProperties",
+          "documentation":"<p>The data binding configuration for the component's properties. Use this for a collection component.</p>"
+        },
+        "componentType":{
+          "shape":"ComponentType",
+          "documentation":"<p>The type of the component. This can be an Amplify custom UI component or another custom component.</p>"
+        },
+        "createdAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The time that the component was created.</p>"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the component.</p>"
+        },
+        "modifiedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The time that the component was modified.</p>"
+        },
+        "name":{
+          "shape":"ComponentName",
+          "documentation":"<p>The name of the component.</p>"
+        },
+        "overrides":{
+          "shape":"ComponentOverrides",
+          "documentation":"<p>Describes the component's properties that can be overriden in a customized instance of the component.</p>"
+        },
+        "properties":{
+          "shape":"ComponentProperties",
+          "documentation":"<p>Describes the component's properties.</p>"
+        },
+        "sourceId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the component in its original source system, such as Figma.</p>"
+        },
+        "tags":{
+          "shape":"Tags",
+          "documentation":"<p>One or more key-value pairs to use when tagging the component.</p>"
+        },
+        "variants":{
+          "shape":"ComponentVariants",
+          "documentation":"<p>A list of the component's variants. A variant is a unique style configuration of a main component.</p>"
+        }
+      },
+      "documentation":"<p>Contains the configuration settings for a user interface (UI) element for an Amplify app. A component is configured as a primary, stand-alone UI element. Use <code>ComponentChild</code> to configure an instance of a <code>Component</code>. A <code>ComponentChild</code> instance inherits the configuration of the main <code>Component</code>.</p>"
+    },
+    "ComponentBindingProperties":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"ComponentBindingPropertiesValue"}
+    },
+    "ComponentBindingPropertiesValue":{
+      "type":"structure",
+      "members":{
+        "bindingProperties":{
+          "shape":"ComponentBindingPropertiesValueProperties",
+          "documentation":"<p>Describes the properties to customize with data at runtime.</p>"
+        },
+        "defaultValue":{
+          "shape":"String",
+          "documentation":"<p>The default value of the property.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>The property type.</p>"
+        }
+      },
+      "documentation":"<p>Represents the data binding configuration for a component at runtime. You can use <code>ComponentBindingPropertiesValue</code> to add exposed properties to a component to allow different values to be entered when a component is reused in different places in an app.</p>"
+    },
+    "ComponentBindingPropertiesValueProperties":{
+      "type":"structure",
+      "members":{
+        "bucket":{
+          "shape":"String",
+          "documentation":"<p>An Amazon S3 bucket.</p>"
+        },
+        "defaultValue":{
+          "shape":"String",
+          "documentation":"<p>The default value to assign to the property.</p>"
+        },
+        "field":{
+          "shape":"String",
+          "documentation":"<p>The field to bind the data to.</p>"
+        },
+        "key":{
+          "shape":"String",
+          "documentation":"<p>The storage key for an Amazon S3 bucket.</p>"
+        },
+        "model":{
+          "shape":"String",
+          "documentation":"<p>An Amplify DataStore model.</p>"
+        },
+        "predicates":{
+          "shape":"PredicateList",
+          "documentation":"<p>A list of predicates for binding a component's properties to data.</p>"
+        },
+        "userAttribute":{
+          "shape":"String",
+          "documentation":"<p>An authenticated user attribute.</p>"
+        }
+      },
+      "documentation":"<p>Represents the data binding configuration for a specific property using data stored in Amazon Web Services. For Amazon Web Services connected properties, you can bind a property to data stored in an Amazon S3 bucket, an Amplify DataStore model or an authenticated user attribute.</p>"
+    },
+    "ComponentChild":{
+      "type":"structure",
+      "required":[
+        "componentType",
+        "name",
+        "properties"
+      ],
+      "members":{
+        "children":{
+          "shape":"ComponentChildList",
+          "documentation":"<p>The list of <code>ComponentChild</code> instances for this component.</p>"
+        },
+        "componentType":{
+          "shape":"String",
+          "documentation":"<p>The type of the child component. </p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the child component.</p>"
+        },
+        "properties":{
+          "shape":"ComponentProperties",
+          "documentation":"<p>Describes the properties of the child component.</p>"
+        }
+      },
+      "documentation":"<p>A nested UI configuration within a parent <code>Component</code>.</p>"
+    },
+    "ComponentChildList":{
+      "type":"list",
+      "member":{"shape":"ComponentChild"}
+    },
+    "ComponentCollectionProperties":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"ComponentDataConfiguration"}
+    },
+    "ComponentConditionProperty":{
+      "type":"structure",
+      "members":{
+        "else":{
+          "shape":"ComponentProperty",
+          "documentation":"<p>The value to assign to the property if the condition is not met.</p>"
+        },
+        "field":{
+          "shape":"String",
+          "documentation":"<p>The name of a field. Specify this when the property is a data model.</p>"
+        },
+        "operand":{
+          "shape":"String",
+          "documentation":"<p>The value of the property to evaluate.</p>"
+        },
+        "operator":{
+          "shape":"String",
+          "documentation":"<p>The operator to use to perform the evaluation, such as <code>eq</code> to represent equals.</p>"
+        },
+        "property":{
+          "shape":"String",
+          "documentation":"<p>The name of the conditional property.</p>"
+        },
+        "then":{
+          "shape":"ComponentProperty",
+          "documentation":"<p>The value to assign to the property if the condition is met.</p>"
+        }
+      },
+      "documentation":"<p>Represents a conditional expression to set a component property. Use <code>ComponentConditionProperty</code> to set a property to different values conditionally, based on the value of another property.</p>"
+    },
+    "ComponentDataConfiguration":{
+      "type":"structure",
+      "required":["model"],
+      "members":{
+        "identifiers":{
+          "shape":"IdentifierList",
+          "documentation":"<p>A list of IDs to use to bind data to a component. Use this property to bind specifically chosen data, rather than data retrieved from a query.</p>"
+        },
+        "model":{
+          "shape":"String",
+          "documentation":"<p>The name of the data model to use to bind data to a component.</p>"
+        },
+        "predicate":{
+          "shape":"Predicate",
+          "documentation":"<p>Represents the conditional logic to use when binding data to a component. Use this property to retrieve only a subset of the data in a collection.</p>"
+        },
+        "sort":{
+          "shape":"SortPropertyList",
+          "documentation":"<p>Describes how to sort the component's properties.</p>"
+        }
+      },
+      "documentation":"<p>Describes the configuration for binding a component's properties to data.</p>"
+    },
+    "ComponentList":{
+      "type":"list",
+      "member":{"shape":"Component"}
+    },
+    "ComponentName":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
+    "ComponentOverrides":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"ComponentOverridesValue"}
+    },
+    "ComponentOverridesValue":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"String"}
+    },
+    "ComponentProperties":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"ComponentProperty"}
+    },
+    "ComponentProperty":{
+      "type":"structure",
+      "members":{
+        "bindingProperties":{
+          "shape":"ComponentPropertyBindingProperties",
+          "documentation":"<p>The information to bind the component property to data at runtime.</p>"
+        },
+        "bindings":{
+          "shape":"FormBindings",
+          "documentation":"<p>The information to bind the component property to form data.</p>"
+        },
+        "collectionBindingProperties":{
+          "shape":"ComponentPropertyBindingProperties",
+          "documentation":"<p>The information to bind the component property to data at runtime. Use this for collection components.</p>"
+        },
+        "concat":{
+          "shape":"ComponentPropertyList",
+          "documentation":"<p>A list of component properties to concatenate to create the value to assign to this component property.</p>"
+        },
+        "condition":{
+          "shape":"ComponentConditionProperty",
+          "documentation":"<p>The conditional expression to use to assign a value to the component property..</p>"
+        },
+        "configured":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether the user configured the property in Amplify Studio after importing it.</p>"
+        },
+        "defaultValue":{
+          "shape":"String",
+          "documentation":"<p>The default value to assign to the component property.</p>"
+        },
+        "event":{
+          "shape":"String",
+          "documentation":"<p>An event that occurs in your app. Use this for workflow data binding.</p>"
+        },
+        "importedValue":{
+          "shape":"String",
+          "documentation":"<p>The default value assigned to property when the component is imported into an app.</p>"
+        },
+        "model":{
+          "shape":"String",
+          "documentation":"<p>The data model to use to assign a value to the component property.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>The component type.</p>"
+        },
+        "userAttribute":{
+          "shape":"String",
+          "documentation":"<p>An authenticated user attribute to use to assign a value to the component property.</p>"
+        },
+        "value":{
+          "shape":"String",
+          "documentation":"<p>The value to assign to the component property.</p>"
+        }
+      },
+      "documentation":"<p>Describes the configuration for all of a component's properties. Use <code>ComponentProperty</code> to specify the values to render or bind by default.</p>"
+    },
+    "ComponentPropertyBindingProperties":{
+      "type":"structure",
+      "required":["property"],
+      "members":{
+        "field":{
+          "shape":"String",
+          "documentation":"<p>The data field to bind the property to.</p>"
+        },
+        "property":{
+          "shape":"String",
+          "documentation":"<p>The component property to bind to the data field.</p>"
+        }
+      },
+      "documentation":"<p>Associates a component property to a binding property. This enables exposed properties on the top level component to propagate data to the component's property values.</p>"
+    },
+    "ComponentPropertyList":{
+      "type":"list",
+      "member":{"shape":"ComponentProperty"}
+    },
+    "ComponentSummary":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "componentType",
+        "environmentName",
+        "id",
+        "name"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app associated with the component.</p>"
+        },
+        "componentType":{
+          "shape":"ComponentType",
+          "documentation":"<p>The component type.</p>"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the component.</p>"
+        },
+        "name":{
+          "shape":"ComponentName",
+          "documentation":"<p>The name of the component.</p>"
+        }
+      },
+      "documentation":"<p>Contains a summary of a component. This is a read-only data type that is returned by <code>ListComponents</code>.</p>"
+    },
+    "ComponentSummaryList":{
+      "type":"list",
+      "member":{"shape":"ComponentSummary"}
+    },
+    "ComponentType":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
+    "ComponentVariant":{
+      "type":"structure",
+      "members":{
+        "overrides":{
+          "shape":"ComponentOverrides",
+          "documentation":"<p>The properties of the component variant that can be overriden when customizing an instance of the component.</p>"
+        },
+        "variantValues":{
+          "shape":"ComponentVariantValues",
+          "documentation":"<p>The combination of variants that comprise this variant.</p>"
+        }
+      },
+      "documentation":"<p>Describes the style configuration of a unique variation of a main component.</p>"
+    },
+    "ComponentVariantValues":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"String"}
+    },
+    "ComponentVariants":{
+      "type":"list",
+      "member":{"shape":"ComponentVariant"}
+    },
+    "CreateComponentData":{
+      "type":"structure",
+      "required":[
+        "bindingProperties",
+        "componentType",
+        "name",
+        "overrides",
+        "properties",
+        "variants"
+      ],
+      "members":{
+        "bindingProperties":{
+          "shape":"ComponentBindingProperties",
+          "documentation":"<p>The data binding information for the component's properties.</p>"
+        },
+        "children":{
+          "shape":"ComponentChildList",
+          "documentation":"<p>A list of child components that are instances of the main component.</p>"
+        },
+        "collectionProperties":{
+          "shape":"ComponentCollectionProperties",
+          "documentation":"<p>The data binding configuration for customizing a component's properties. Use this for a collection component.</p>"
+        },
+        "componentType":{
+          "shape":"ComponentType",
+          "documentation":"<p>The component type. This can be an Amplify custom UI component or another custom component.</p>"
+        },
+        "name":{
+          "shape":"ComponentName",
+          "documentation":"<p>The name of the component</p>"
+        },
+        "overrides":{
+          "shape":"ComponentOverrides",
+          "documentation":"<p>Describes the component properties that can be overriden to customize an instance of the component.</p>"
+        },
+        "properties":{
+          "shape":"ComponentProperties",
+          "documentation":"<p>Describes the component's properties.</p>"
+        },
+        "sourceId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the component in its original source system, such as Figma.</p>"
+        },
+        "tags":{
+          "shape":"Tags",
+          "documentation":"<p>One or more key-value pairs to use when tagging the component data.</p>"
+        },
+        "variants":{
+          "shape":"ComponentVariants",
+          "documentation":"<p>A list of the unique variants of this component.</p>"
+        }
+      },
+      "documentation":"<p>Represents all of the information that is required to create a component.</p>"
+    },
+    "CreateComponentRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "componentToCreate",
+        "environmentName"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app to associate with the component.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "clientToken":{
+          "shape":"String",
+          "documentation":"<p>The unique client token.</p>",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"clientToken"
+        },
+        "componentToCreate":{
+          "shape":"CreateComponentData",
+          "documentation":"<p>Represents the configuration of the component to create.</p>"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        }
+      },
+      "payload":"componentToCreate"
+    },
+    "CreateComponentResponse":{
+      "type":"structure",
+      "members":{
+        "entity":{
+          "shape":"Component",
+          "documentation":"<p>Describes the configuration of the new component.</p>"
+        }
+      },
+      "payload":"entity"
+    },
+    "CreateThemeData":{
+      "type":"structure",
+      "required":[
+        "name",
+        "values"
+      ],
+      "members":{
+        "name":{
+          "shape":"ThemeName",
+          "documentation":"<p>The name of the theme.</p>"
+        },
+        "overrides":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>Describes the properties that can be overriden to customize an instance of the theme.</p>"
+        },
+        "tags":{
+          "shape":"Tags",
+          "documentation":"<p>One or more key-value pairs to use when tagging the theme data.</p>"
+        },
+        "values":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>A list of key-value pairs that defines the properties of the theme.</p>"
+        }
+      },
+      "documentation":"<p>Represents all of the information that is required to create a theme.</p>"
+    },
+    "CreateThemeRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "themeToCreate"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app associated with the theme.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "clientToken":{
+          "shape":"String",
+          "documentation":"<p>The unique client token.</p>",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"clientToken"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "themeToCreate":{
+          "shape":"CreateThemeData",
+          "documentation":"<p>Represents the configuration of the theme to create.</p>"
+        }
+      },
+      "payload":"themeToCreate"
+    },
+    "CreateThemeResponse":{
+      "type":"structure",
+      "members":{
+        "entity":{
+          "shape":"Theme",
+          "documentation":"<p>Describes the configuration of the new theme.</p>"
+        }
+      },
+      "payload":"entity"
+    },
+    "DeleteComponentRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app associated with the component to delete.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the component to delete.</p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "DeleteThemeRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app associated with the theme to delete.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the theme to delete.</p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "ExchangeCodeForTokenRequest":{
+      "type":"structure",
+      "required":[
+        "provider",
+        "request"
+      ],
+      "members":{
+        "provider":{
+          "shape":"TokenProviders",
+          "documentation":"<p>The third-party provider for the token. The only valid value is <code>figma</code>.</p>",
+          "location":"uri",
+          "locationName":"provider"
+        },
+        "request":{
+          "shape":"ExchangeCodeForTokenRequestBody",
+          "documentation":"<p>Describes the configuration of the request.</p>"
+        }
+      },
+      "payload":"request"
+    },
+    "ExchangeCodeForTokenRequestBody":{
+      "type":"structure",
+      "required":[
+        "code",
+        "redirectUri"
+      ],
+      "members":{
+        "code":{
+          "shape":"SyntheticExchangeCodeForTokenRequestBodyString",
+          "documentation":"<p>The access code to send in the request.</p>"
+        },
+        "redirectUri":{
+          "shape":"String",
+          "documentation":"<p>The location of the application that will receive the access code.</p>"
+        }
+      },
+      "documentation":"<p>Describes the configuration of a request to exchange an access code for a token.</p>"
+    },
+    "ExchangeCodeForTokenResponse":{
+      "type":"structure",
+      "required":[
+        "accessToken",
+        "expiresIn",
+        "refreshToken"
+      ],
+      "members":{
+        "accessToken":{
+          "shape":"SyntheticExchangeCodeForTokenResponseString",
+          "documentation":"<p>The access token.</p>"
+        },
+        "expiresIn":{
+          "shape":"Integer",
+          "documentation":"<p>The date and time when the new access token expires.</p>"
+        },
+        "refreshToken":{
+          "shape":"SyntheticExchangeCodeForTokenResponseString",
+          "documentation":"<p>The token to use to refresh a previously issued access token that might have expired.</p>"
+        }
+      }
+    },
+    "ExportComponentsRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app to export components to.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        }
+      }
+    },
+    "ExportComponentsResponse":{
+      "type":"structure",
+      "required":["entities"],
+      "members":{
+        "entities":{
+          "shape":"ComponentList",
+          "documentation":"<p>Represents the configuration of the exported components.</p>"
+        }
+      }
+    },
+    "ExportThemesRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app to export the themes to.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        }
+      }
+    },
+    "ExportThemesResponse":{
+      "type":"structure",
+      "required":["entities"],
+      "members":{
+        "entities":{
+          "shape":"ThemeList",
+          "documentation":"<p>Represents the configuration of the exported themes.</p>"
+        }
+      }
+    },
+    "FormBindingElement":{
+      "type":"structure",
+      "required":[
+        "element",
+        "property"
+      ],
+      "members":{
+        "element":{
+          "shape":"String",
+          "documentation":"<p>The name of the component to retrieve a value from.</p>"
+        },
+        "property":{
+          "shape":"String",
+          "documentation":"<p>The property to retrieve a value from.</p>"
+        }
+      },
+      "documentation":"<p>Describes how to bind a component property to form data.</p>"
+    },
+    "FormBindings":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"FormBindingElement"}
+    },
+    "GetComponentRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the component.</p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "GetComponentResponse":{
+      "type":"structure",
+      "members":{
+        "component":{
+          "shape":"Component",
+          "documentation":"<p>Represents the configuration settings for the component.</p>"
+        }
+      },
+      "payload":"component"
+    },
+    "GetThemeRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID for the theme.</p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "GetThemeResponse":{
+      "type":"structure",
+      "members":{
+        "theme":{
+          "shape":"Theme",
+          "documentation":"<p>Represents the configuration settings for the theme.</p>"
+        }
+      },
+      "payload":"theme"
+    },
+    "IdentifierList":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>An internal error has occurred. Please retry your request.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "InvalidParameterException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>An invalid or out-of-range value was supplied for the input parameter.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ListComponentsLimit":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "ListComponentsRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "maxResults":{
+          "shape":"ListComponentsLimit",
+          "documentation":"<p>The maximum number of components to retrieve.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to request the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListComponentsResponse":{
+      "type":"structure",
+      "required":["entities"],
+      "members":{
+        "entities":{
+          "shape":"ComponentSummaryList",
+          "documentation":"<p>The list of components for the Amplify app.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token that's included if more results are available.</p>"
+        }
+      }
+    },
+    "ListThemesLimit":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "ListThemesRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "maxResults":{
+          "shape":"ListThemesLimit",
+          "documentation":"<p>The maximum number of theme results to return in the response.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to request the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListThemesResponse":{
+      "type":"structure",
+      "required":["entities"],
+      "members":{
+        "entities":{
+          "shape":"ThemeSummaryList",
+          "documentation":"<p>The list of themes for the Amplify app.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token that's returned if more results are available.</p>"
+        }
+      }
+    },
+    "Predicate":{
+      "type":"structure",
+      "members":{
+        "and":{
+          "shape":"PredicateList",
+          "documentation":"<p>A list of predicates to combine logically.</p>"
+        },
+        "field":{
+          "shape":"String",
+          "documentation":"<p>The field to query.</p>"
+        },
+        "operand":{
+          "shape":"String",
+          "documentation":"<p>The value to use when performing the evaluation.</p>"
+        },
+        "operator":{
+          "shape":"String",
+          "documentation":"<p>The operator to use to perform the evaluation.</p>"
+        },
+        "or":{
+          "shape":"PredicateList",
+          "documentation":"<p>A list of predicates to combine logically.</p>"
+        }
+      },
+      "documentation":"<p>Stores information for generating Amplify DataStore queries. Use a <code>Predicate</code> to retrieve a subset of the data in a collection.</p>"
+    },
+    "PredicateList":{
+      "type":"list",
+      "member":{"shape":"Predicate"}
+    },
+    "RefreshTokenRequest":{
+      "type":"structure",
+      "required":[
+        "provider",
+        "refreshTokenBody"
+      ],
+      "members":{
+        "provider":{
+          "shape":"TokenProviders",
+          "documentation":"<p>The third-party provider for the token. The only valid value is <code>figma</code>.</p>",
+          "location":"uri",
+          "locationName":"provider"
+        },
+        "refreshTokenBody":{
+          "shape":"RefreshTokenRequestBody",
+          "documentation":"<p>Information about the refresh token request.</p>"
+        }
+      },
+      "payload":"refreshTokenBody"
+    },
+    "RefreshTokenRequestBody":{
+      "type":"structure",
+      "required":["token"],
+      "members":{
+        "token":{
+          "shape":"SyntheticRefreshTokenRequestBodyString",
+          "documentation":"<p>The token to use to refresh a previously issued access token that might have expired.</p>"
+        }
+      },
+      "documentation":"<p>Describes a refresh token.</p>"
+    },
+    "RefreshTokenResponse":{
+      "type":"structure",
+      "required":[
+        "accessToken",
+        "expiresIn"
+      ],
+      "members":{
+        "accessToken":{
+          "shape":"SyntheticRefreshTokenResponseString",
+          "documentation":"<p>The access token.</p>"
+        },
+        "expiresIn":{
+          "shape":"Integer",
+          "documentation":"<p>The date and time when the new access token expires.</p>"
+        }
+      }
+    },
+    "ResourceConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The resource specified in the request conflicts with an existing resource.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The requested resource does not exist, or access was denied.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You exceeded your service quota. Service quotas, also referred to as limits, are the maximum number of service resources or operations for your Amazon Web Services account. </p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "SortDirection":{
+      "type":"string",
+      "enum":[
+        "ASC",
+        "DESC"
+      ]
+    },
+    "SortProperty":{
+      "type":"structure",
+      "required":[
+        "direction",
+        "field"
+      ],
+      "members":{
+        "direction":{
+          "shape":"SortDirection",
+          "documentation":"<p>The direction of the sort, either ascending or descending.</p>"
+        },
+        "field":{
+          "shape":"String",
+          "documentation":"<p>The field to perform the sort on.</p>"
+        }
+      },
+      "documentation":"<p>Describes how to sort the data that you bind to a component.</p>"
+    },
+    "SortPropertyList":{
+      "type":"list",
+      "member":{"shape":"SortProperty"}
+    },
+    "String":{"type":"string"},
+    "SyntheticExchangeCodeForTokenRequestBodyString":{
+      "type":"string",
+      "sensitive":true
+    },
+    "SyntheticExchangeCodeForTokenResponseString":{
+      "type":"string",
+      "sensitive":true
+    },
+    "SyntheticRefreshTokenRequestBodyString":{
+      "type":"string",
+      "sensitive":true
+    },
+    "SyntheticRefreshTokenResponseString":{
+      "type":"string",
+      "sensitive":true
+    },
+    "SyntheticTimestamp_date_time":{
+      "type":"timestamp",
+      "timestampFormat":"iso8601"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
+    "Tags":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"}
+    },
+    "Theme":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "createdAt",
+        "environmentName",
+        "id",
+        "name",
+        "values"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the Amplify app associated with the theme.</p>"
+        },
+        "createdAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The time that the theme was created.</p>"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is a part of the Amplify app.</p>"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The ID for the theme.</p>"
+        },
+        "modifiedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The time that the theme was modified.</p>"
+        },
+        "name":{
+          "shape":"ThemeName",
+          "documentation":"<p>The name of the theme.</p>"
+        },
+        "overrides":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>Describes the properties that can be overriden to customize a theme.</p>"
+        },
+        "tags":{
+          "shape":"Tags",
+          "documentation":"<p>One or more key-value pairs to use when tagging the theme.</p>"
+        },
+        "values":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>A list of key-value pairs that defines the properties of the theme.</p>"
+        }
+      },
+      "documentation":"<p>A theme is a collection of style settings that apply globally to the components associated with an Amplify application.</p>"
+    },
+    "ThemeList":{
+      "type":"list",
+      "member":{"shape":"Theme"}
+    },
+    "ThemeName":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
+    "ThemeSummary":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id",
+        "name"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the app associated with the theme summary.</p>"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The ID of the theme.</p>"
+        },
+        "name":{
+          "shape":"ThemeName",
+          "documentation":"<p>The name of the theme.</p>"
+        }
+      },
+      "documentation":"<p>Describes the basic information about a theme.</p>"
+    },
+    "ThemeSummaryList":{
+      "type":"list",
+      "member":{"shape":"ThemeSummary"}
+    },
+    "ThemeValue":{
+      "type":"structure",
+      "members":{
+        "children":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>A list of key-value pairs that define the theme's properties.</p>"
+        },
+        "value":{
+          "shape":"String",
+          "documentation":"<p>The value of a theme property.</p>"
+        }
+      },
+      "documentation":"<p>Describes the configuration of a theme's properties.</p>"
+    },
+    "ThemeValues":{
+      "type":"structure",
+      "members":{
+        "key":{
+          "shape":"String",
+          "documentation":"<p>The name of the property.</p>"
+        },
+        "value":{
+          "shape":"ThemeValue",
+          "documentation":"<p>The value of the property.</p>"
+        }
+      },
+      "documentation":"<p>A key-value pair that defines a property of a theme.</p>"
+    },
+    "ThemeValuesList":{
+      "type":"list",
+      "member":{"shape":"ThemeValues"}
+    },
+    "TokenProviders":{
+      "type":"string",
+      "enum":["figma"]
+    },
+    "UpdateComponentData":{
+      "type":"structure",
+      "members":{
+        "bindingProperties":{
+          "shape":"ComponentBindingProperties",
+          "documentation":"<p>The data binding information for the component's properties.</p>"
+        },
+        "children":{
+          "shape":"ComponentChildList",
+          "documentation":"<p>The components that are instances of the main component.</p>"
+        },
+        "collectionProperties":{
+          "shape":"ComponentCollectionProperties",
+          "documentation":"<p>The configuration for binding a component's properties to a data model. Use this for a collection component.</p>"
+        },
+        "componentType":{
+          "shape":"ComponentType",
+          "documentation":"<p>The type of the component. This can be an Amplify custom UI component or another custom component.</p>"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the component to update.</p>"
+        },
+        "name":{
+          "shape":"ComponentName",
+          "documentation":"<p>The name of the component to update.</p>"
+        },
+        "overrides":{
+          "shape":"ComponentOverrides",
+          "documentation":"<p>Describes the properties that can be overriden to customize the component.</p>"
+        },
+        "properties":{
+          "shape":"ComponentProperties",
+          "documentation":"<p>Describes the component's properties.</p>"
+        },
+        "sourceId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the component in its original source system, such as Figma.</p>"
+        },
+        "variants":{
+          "shape":"ComponentVariants",
+          "documentation":"<p>A list of the unique variants of the main component being updated.</p>"
+        }
+      },
+      "documentation":"<p>Updates and saves all of the information about a component, based on component ID.</p>"
+    },
+    "UpdateComponentRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id",
+        "updatedComponent"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "clientToken":{
+          "shape":"String",
+          "documentation":"<p>The unique client token.</p>",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"clientToken"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID for the component.</p>",
+          "location":"uri",
+          "locationName":"id"
+        },
+        "updatedComponent":{
+          "shape":"UpdateComponentData",
+          "documentation":"<p>The configuration of the updated component.</p>"
+        }
+      },
+      "payload":"updatedComponent"
+    },
+    "UpdateComponentResponse":{
+      "type":"structure",
+      "members":{
+        "entity":{
+          "shape":"Component",
+          "documentation":"<p>Describes the configuration of the updated component.</p>"
+        }
+      },
+      "payload":"entity"
+    },
+    "UpdateThemeData":{
+      "type":"structure",
+      "required":["values"],
+      "members":{
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID of the theme to update.</p>"
+        },
+        "name":{
+          "shape":"ThemeName",
+          "documentation":"<p>The name of the theme to update.</p>"
+        },
+        "overrides":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>Describes the properties that can be overriden to customize the theme.</p>"
+        },
+        "values":{
+          "shape":"ThemeValuesList",
+          "documentation":"<p>A list of key-value pairs that define the theme's properties.</p>"
+        }
+      },
+      "documentation":"<p>Saves the data binding information for a theme.</p>"
+    },
+    "UpdateThemeRequest":{
+      "type":"structure",
+      "required":[
+        "appId",
+        "environmentName",
+        "id",
+        "updatedTheme"
+      ],
+      "members":{
+        "appId":{
+          "shape":"String",
+          "documentation":"<p>The unique ID for the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"appId"
+        },
+        "clientToken":{
+          "shape":"String",
+          "documentation":"<p>The unique client token.</p>",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"clientToken"
+        },
+        "environmentName":{
+          "shape":"String",
+          "documentation":"<p>The name of the backend environment that is part of the Amplify app.</p>",
+          "location":"uri",
+          "locationName":"environmentName"
+        },
+        "id":{
+          "shape":"Uuid",
+          "documentation":"<p>The unique ID for the theme.</p>",
+          "location":"uri",
+          "locationName":"id"
+        },
+        "updatedTheme":{
+          "shape":"UpdateThemeData",
+          "documentation":"<p>The configuration of the updated theme.</p>"
+        }
+      },
+      "payload":"updatedTheme"
+    },
+    "UpdateThemeResponse":{
+      "type":"structure",
+      "members":{
+        "entity":{
+          "shape":"Theme",
+          "documentation":"<p>Describes the configuration of the updated theme.</p>"
+        }
+      },
+      "payload":"entity"
+    },
+    "Uuid":{"type":"string"}
+  },
+  "documentation":"<p>The Amplify UI Builder API provides a programmatic interface for creating and configuring user interface (UI) component libraries and themes for use in your Amplify applications. You can then connect these UI components to an application's backend Amazon Web Services resources.</p> <p>You can also use the Amplify Studio visual designer to create UI components and model data for an app. For more information, see <a href=\"https://docs.amplify.aws/console/adminui/intro\">Introduction</a> in the <i>Amplify Docs</i>.</p> <p>The Amplify Framework is a comprehensive set of SDKs, libraries, tools, and documentation for client app development. For more information, see the <a href=\"https://docs.amplify.aws/\">Amplify Framework</a>. For more information about deploying an Amplify application to Amazon Web Services, see the <a href=\"https://docs.aws.amazon.com/amplify/latest/userguide/welcome.html\">Amplify Console User Guide</a>.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/apigateway/2015-07-09/service-2.json b/contrib/python/botocore/py3/botocore/data/apigateway/2015-07-09/service-2.json
index cc92ed1ba41..3be1095f0f2 100644
--- a/contrib/python/botocore/py3/botocore/data/apigateway/2015-07-09/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/apigateway/2015-07-09/service-2.json
@@ -5435,7 +5435,7 @@
         },
         "dataTraceEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether data trace logging is enabled for this method, which affects the log entries pushed to Amazon CloudWatch Logs. The PATCH path for this setting is <code>/{method_setting_key}/logging/dataTrace</code>, and the value is a Boolean.</p>"
+          "documentation":"<p>Specifies whether full requests and responses are logged for this method, which affects the log entries pushed to Amazon CloudWatch Logs. This can be useful to troubleshoot APIs, but can result in logging sensitive data. We recommend that you don't enable this option for production APIs. The PATCH path for this setting is <code>/{method_setting_key}/logging/dataTrace</code>, and the value is a Boolean.</p>"
         },
         "throttlingBurstLimit":{
           "shape":"Integer",
@@ -5936,7 +5936,7 @@
       "members":{
         "limit":{
           "shape":"Integer",
-          "documentation":"<p>The maximum number of requests that can be made in a given time period.</p>"
+          "documentation":"<p>The target maximum number of requests that can be made in a given time period.</p>"
         },
         "offset":{
           "shape":"Integer",
@@ -6505,11 +6505,11 @@
       "members":{
         "burstLimit":{
           "shape":"Integer",
-          "documentation":"<p>The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity.</p>"
+          "documentation":"<p>The API target request burst rate limit. This allows more requests through for a period of time than the target rate limit.</p>"
         },
         "rateLimit":{
           "shape":"Double",
-          "documentation":"<p>The API request steady-state rate limit.</p>"
+          "documentation":"<p>The API target request rate limit.</p>"
         }
       },
       "documentation":"<p> The API request rate limits.</p>"
@@ -7166,11 +7166,11 @@
         },
         "throttle":{
           "shape":"ThrottleSettings",
-          "documentation":"<p>The request throttle limits of a usage plan.</p>"
+          "documentation":"<p>Map containing method level throttling information for API stage in a usage plan.</p>"
         },
         "quota":{
           "shape":"QuotaSettings",
-          "documentation":"<p>The maximum number of permitted requests per a given unit time interval.</p>"
+          "documentation":"<p>The target maximum number of permitted requests per a given unit time interval.</p>"
         },
         "productCode":{
           "shape":"String",
@@ -7181,7 +7181,7 @@
           "documentation":"<p>The collection of tags. Each tag element is associated with a given resource.</p>"
         }
       },
-      "documentation":"<p>Represents a usage plan than can specify who can assess associated API stages with specified request limits and quotas.</p> <div class=\"remarks\"> <p>In a usage plan, you associate an API by specifying the API's Id and a stage name of the specified API. You add plan customers by adding API keys to the plan. </p> </div> <div class=\"seeAlso\"> <a href=\"https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html\">Create and Use Usage Plans</a> </div>"
+      "documentation":"<p>Represents a usage plan used to specify who can assess associated API stages. Optionally, target request rate and quota limits can be set. In some cases clients can exceed the targets that you set. Don’t rely on usage plans to control costs. Consider using <a href=\"https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html\">AWS Budgets</a> to monitor costs and <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">AWS WAF</a> to manage API requests.</p> <div class=\"remarks\"> <p>In a usage plan, you associate an API by specifying the API's Id and a stage name of the specified API. You add plan customers by adding API keys to the plan. </p> </div> <div class=\"seeAlso\"> <a href=\"https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html\">Create and Use Usage Plans</a> </div>"
     },
     "UsagePlanKey":{
       "type":"structure",
diff --git a/contrib/python/botocore/py3/botocore/data/appconfig/2019-10-09/service-2.json b/contrib/python/botocore/py3/botocore/data/appconfig/2019-10-09/service-2.json
index a94258d3583..29941af0758 100644
--- a/contrib/python/botocore/py3/botocore/data/appconfig/2019-10-09/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/appconfig/2019-10-09/service-2.json
@@ -26,7 +26,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>An application in AppConfig is a logical unit of code that provides capabilities for your customers. For example, an application can be a microservice that runs on Amazon EC2 instances, a mobile application installed by your users, a serverless application using Amazon API Gateway and AWS Lambda, or any system you run on behalf of others.</p>"
+      "documentation":"<p>Creates an application. An application in AppConfig is a logical unit of code that provides capabilities for your customers. For example, an application can be a microservice that runs on Amazon EC2 instances, a mobile application installed by your users, a serverless application using Amazon API Gateway and Lambda, or any system you run on behalf of others.</p>"
     },
     "CreateConfigurationProfile":{
       "name":"CreateConfigurationProfile",
@@ -42,7 +42,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Information that enables AppConfig to access the configuration source. Valid configuration sources include Systems Manager (SSM) documents, SSM Parameter Store parameters, and Amazon S3 objects. A configuration profile includes the following information.</p> <ul> <li> <p>The Uri location of the configuration data.</p> </li> <li> <p>The AWS Identity and Access Management (IAM) role that provides access to the configuration data.</p> </li> <li> <p>A validator for the configuration data. Available validators include either a JSON Schema or an AWS Lambda function.</p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig-creating-configuration-and-profile.html\">Create a Configuration and a Configuration Profile</a> in the <i>AWS AppConfig User Guide</i>.</p>"
+      "documentation":"<p>Creates a configuration profile, which is information that enables AppConfig to access the configuration source. Valid configuration sources include the AppConfig hosted configuration store, Amazon Web Services Systems Manager (SSM) documents, SSM Parameter Store parameters, Amazon S3 objects, or any <a href=\"http://docs.aws.amazon.com/codepipeline/latest/userguide/integrations-action-type.html#integrations-source\">integration source action</a> supported by CodePipeline. A configuration profile includes the following information:</p> <ul> <li> <p>The URI location of the configuration data.</p> </li> <li> <p>The Identity and Access Management (IAM) role that provides access to the configuration data.</p> </li> <li> <p>A validator for the configuration data. Available validators include either a JSON Schema or an Amazon Web Services Lambda function.</p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-and-profile.html\">Create a Configuration and a Configuration Profile</a> in the <i>AppConfig User Guide</i>.</p>"
     },
     "CreateDeploymentStrategy":{
       "name":"CreateDeploymentStrategy",
@@ -57,7 +57,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes: the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.</p>"
+      "documentation":"<p>Creates a deployment strategy that defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.</p>"
     },
     "CreateEnvironment":{
       "name":"CreateEnvironment",
@@ -73,7 +73,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>For each application, you define one or more environments. An environment is a logical deployment group of AppConfig targets, such as applications in a <code>Beta</code> or <code>Production</code> environment. You can also define environments for application subcomponents such as the <code>Web</code>, <code>Mobile</code> and <code>Back-end</code> components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.</p>"
+      "documentation":"<p>Creates an environment. For each application, you define one or more environments. An environment is a logical deployment group of AppConfig targets, such as applications in a <code>Beta</code> or <code>Production</code> environment. You can also define environments for application subcomponents such as the <code>Web</code>, <code>Mobile</code> and <code>Back-end</code> components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.</p>"
     },
     "CreateHostedConfigurationVersion":{
       "name":"CreateHostedConfigurationVersion",
@@ -92,7 +92,7 @@
         {"shape":"PayloadTooLargeException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create a new configuration in the AppConfig configuration store.</p>"
+      "documentation":"<p>Creates a new configuration in the AppConfig hosted configuration store.</p>"
     },
     "DeleteApplication":{
       "name":"DeleteApplication",
@@ -107,7 +107,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Delete an application. Deleting an application does not delete a configuration from a host.</p>"
+      "documentation":"<p>Deletes an application. Deleting an application does not delete a configuration from a host.</p>"
     },
     "DeleteConfigurationProfile":{
       "name":"DeleteConfigurationProfile",
@@ -123,7 +123,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Delete a configuration profile. Deleting a configuration profile does not delete a configuration from a host.</p>"
+      "documentation":"<p>Deletes a configuration profile. Deleting a configuration profile does not delete a configuration from a host.</p>"
     },
     "DeleteDeploymentStrategy":{
       "name":"DeleteDeploymentStrategy",
@@ -138,7 +138,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Delete a deployment strategy. Deleting a deployment strategy does not delete a configuration from a host.</p>"
+      "documentation":"<p>Deletes a deployment strategy. Deleting a deployment strategy does not delete a configuration from a host.</p>"
     },
     "DeleteEnvironment":{
       "name":"DeleteEnvironment",
@@ -154,7 +154,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Delete an environment. Deleting an environment does not delete a configuration from a host.</p>"
+      "documentation":"<p>Deletes an environment. Deleting an environment does not delete a configuration from a host.</p>"
     },
     "DeleteHostedConfigurationVersion":{
       "name":"DeleteHostedConfigurationVersion",
@@ -169,7 +169,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Delete a version of a configuration from the AppConfig configuration store.</p>"
+      "documentation":"<p>Deletes a version of a configuration from the AppConfig hosted configuration store.</p>"
     },
     "GetApplication":{
       "name":"GetApplication",
@@ -185,7 +185,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Retrieve information about an application.</p>"
+      "documentation":"<p>Retrieves information about an application.</p>"
     },
     "GetConfiguration":{
       "name":"GetConfiguration",
@@ -201,7 +201,9 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Receive information about a configuration.</p> <important> <p>AWS AppConfig uses the value of the <code>ClientConfigurationVersion</code> parameter to identify the configuration version on your clients. If you don’t send <code>ClientConfigurationVersion</code> with each call to <code>GetConfiguration</code>, your clients receive the current configuration. You are charged each time your clients receive a configuration.</p> <p>To avoid excess charges, we recommend that you include the <code>ClientConfigurationVersion</code> value with every call to <code>GetConfiguration</code>. This value must be saved on your client. Subsequent calls to <code>GetConfiguration</code> must pass this value by using the <code>ClientConfigurationVersion</code> parameter. </p> </important>"
+      "documentation":"<p>Retrieves the latest deployed configuration.</p> <important> <p>Note the following important information.</p> <ul> <li> <p>This API action has been deprecated. Calls to receive configuration data should use the <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_appconfigdata_StartConfigurationSession.html\">StartConfigurationSession</a> and <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/API_appconfigdata_GetLatestConfiguration.html\">GetLatestConfiguration</a> APIs instead. </p> </li> <li> <p> <code>GetConfiguration</code> is a priced call. For more information, see <a href=\"https://aws.amazon.com/systems-manager/pricing/\">Pricing</a>.</p> </li> <li> <p>AppConfig uses the value of the <code>ClientConfigurationVersion</code> parameter to identify the configuration version on your clients. If you don’t send <code>ClientConfigurationVersion</code> with each call to <code>GetConfiguration</code>, your clients receive the current configuration. You are charged each time your clients receive a configuration.</p> <p>To avoid excess charges, we recommend you use the <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/StartConfigurationSession.html\">StartConfigurationSession</a> and <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/GetLatestConfiguration.html\">GetLatestConfiguration</a> APIs, which track the client configuration version on your behalf. If you choose to continue using <code>GetConfiguration</code>, we recommend that you include the <code>ClientConfigurationVersion</code> value with every call to <code>GetConfiguration</code>. The value to use for <code>ClientConfigurationVersion</code> comes from the <code>ConfigurationVersion</code> attribute returned by <code>GetConfiguration</code> when there is new or updated data, and should be saved for subsequent calls to <code>GetConfiguration</code>.</p> </li> </ul> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"This API has been deprecated in favor of the GetLatestConfiguration API used in conjunction with StartConfigurationSession."
     },
     "GetConfigurationProfile":{
       "name":"GetConfigurationProfile",
@@ -217,7 +219,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Retrieve information about a configuration profile.</p>"
+      "documentation":"<p>Retrieves information about a configuration profile.</p>"
     },
     "GetDeployment":{
       "name":"GetDeployment",
@@ -233,7 +235,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Retrieve information about a configuration deployment.</p>"
+      "documentation":"<p>Retrieves information about a configuration deployment.</p>"
     },
     "GetDeploymentStrategy":{
       "name":"GetDeploymentStrategy",
@@ -249,7 +251,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Retrieve information about a deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes: the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.</p>"
+      "documentation":"<p>Retrieves information about a deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.</p>"
     },
     "GetEnvironment":{
       "name":"GetEnvironment",
@@ -265,7 +267,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Retrieve information about an environment. An environment is a logical deployment group of AppConfig applications, such as applications in a <code>Production</code> environment or in an <code>EU_Region</code> environment. Each configuration deployment targets an environment. You can enable one or more Amazon CloudWatch alarms for an environment. If an alarm is triggered during a deployment, AppConfig roles back the configuration.</p>"
+      "documentation":"<p>Retrieves information about an environment. An environment is a logical deployment group of AppConfig applications, such as applications in a <code>Production</code> environment or in an <code>EU_Region</code> environment. Each configuration deployment targets an environment. You can enable one or more Amazon CloudWatch alarms for an environment. If an alarm is triggered during a deployment, AppConfig roles back the configuration.</p>"
     },
     "GetHostedConfigurationVersion":{
       "name":"GetHostedConfigurationVersion",
@@ -281,7 +283,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Get information about a specific configuration version.</p>"
+      "documentation":"<p>Retrieves information about a specific configuration version.</p>"
     },
     "ListApplications":{
       "name":"ListApplications",
@@ -296,7 +298,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>List all applications in your AWS account.</p>"
+      "documentation":"<p>Lists all applications in your Amazon Web Services account.</p>"
     },
     "ListConfigurationProfiles":{
       "name":"ListConfigurationProfiles",
@@ -327,7 +329,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>List deployment strategies.</p>"
+      "documentation":"<p>Lists deployment strategies.</p>"
     },
     "ListDeployments":{
       "name":"ListDeployments",
@@ -343,7 +345,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>Lists the deployments for an environment.</p>"
+      "documentation":"<p>Lists the deployments for an environment in descending deployment number order.</p>"
     },
     "ListEnvironments":{
       "name":"ListEnvironments",
@@ -359,7 +361,7 @@
         {"shape":"InternalServerException"},
         {"shape":"BadRequestException"}
       ],
-      "documentation":"<p>List the environments for an application.</p>"
+      "documentation":"<p>Lists the environments for an application.</p>"
     },
     "ListHostedConfigurationVersions":{
       "name":"ListHostedConfigurationVersions",
@@ -375,7 +377,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>View a list of configurations stored in the AppConfig configuration store by version.</p>"
+      "documentation":"<p>Lists configurations stored in the AppConfig hosted configuration store by version.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -439,7 +441,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Metadata to assign to an AppConfig resource. Tags help organize and categorize your AppConfig resources. Each tag consists of a key and an optional value, both of which you define. You can specify a maximum of 50 tags for a resource.</p>"
+      "documentation":"<p>Assigns metadata to an AppConfig resource. Tags help organize and categorize your AppConfig resources. Each tag consists of a key and an optional value, both of which you define. You can specify a maximum of 50 tags for a resource.</p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -577,15 +579,32 @@
       "min":20,
       "pattern":"arn:(aws[a-zA-Z-]*)?:[a-z]+:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:[a-zA-Z0-9-_/:.]+"
     },
+    "BadRequestDetails":{
+      "type":"structure",
+      "members":{
+        "InvalidConfiguration":{
+          "shape":"InvalidConfigurationDetailList",
+          "documentation":"<p>Detailed information about the bad request exception error when creating a hosted configuration version.</p>"
+        }
+      },
+      "documentation":"<p>Detailed information about the input that failed to satisfy the constraints specified by a call.</p>",
+      "union":true
+    },
     "BadRequestException":{
       "type":"structure",
       "members":{
-        "Message":{"shape":"String"}
+        "Message":{"shape":"String"},
+        "Reason":{"shape":"BadRequestReason"},
+        "Details":{"shape":"BadRequestDetails"}
       },
-      "documentation":"<p>The input fails to satisfy the constraints specified by an AWS service.</p>",
+      "documentation":"<p>The input fails to satisfy the constraints specified by an Amazon Web Services service.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "BadRequestReason":{
+      "type":"string",
+      "enum":["InvalidConfiguration"]
+    },
     "Blob":{
       "type":"blob",
       "sensitive":true
@@ -599,7 +618,7 @@
       "members":{
         "Content":{
           "shape":"Blob",
-          "documentation":"<p>The content of the configuration or the configuration data.</p>"
+          "documentation":"<p>The content of the configuration or the configuration data.</p> <important> <p>The <code>Content</code> attribute only contains data if the system finds new or updated configuration data. If there is no new or updated data and <code>ClientConfigurationVersion</code> matches the version of the current configuration, AppConfig returns a <code>204 No Content</code> HTTP response code and the <code>Content</code> value will be empty.</p> </important>"
         },
         "ConfigurationVersion":{
           "shape":"Version",
@@ -641,11 +660,15 @@
         },
         "RetrievalRoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
+          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified <code>LocationUri</code>.</p>"
         },
         "Validators":{
           "shape":"ValidatorList",
           "documentation":"<p>A list of methods for validating the configuration.</p>"
+        },
+        "Type":{
+          "shape":"ConfigurationProfileType",
+          "documentation":"<p>The type of configurations contained in the profile. AppConfig supports <code>feature flags</code> and <code>freeform</code> configurations. We recommend you create feature flag configurations to enable or disable new features and freeform configurations to distribute configurations to an application. When calling this API, enter one of the following values for <code>Type</code>:</p> <p> <code>AWS.AppConfig.FeatureFlags</code> </p> <p> <code>AWS.Freeform</code> </p>"
         }
       }
     },
@@ -671,6 +694,10 @@
         "ValidatorTypes":{
           "shape":"ValidatorTypeList",
           "documentation":"<p>The types of validators in the configuration profile.</p>"
+        },
+        "Type":{
+          "shape":"ConfigurationProfileType",
+          "documentation":"<p>The type of configurations contained in the profile. AppConfig supports <code>feature flags</code> and <code>freeform</code> configurations. We recommend you create feature flag configurations to enable or disable new features and freeform configurations to distribute configurations to an application. When calling this API, enter one of the following values for <code>Type</code>:</p> <p> <code>AWS.AppConfig.FeatureFlags</code> </p> <p> <code>AWS.Freeform</code> </p>"
         }
       },
       "documentation":"<p>A summary of a configuration profile.</p>"
@@ -679,6 +706,10 @@
       "type":"list",
       "member":{"shape":"ConfigurationProfileSummary"}
     },
+    "ConfigurationProfileType":{
+      "type":"string",
+      "pattern":"^[a-zA-Z\\.]+"
+    },
     "ConfigurationProfiles":{
       "type":"structure",
       "members":{
@@ -743,11 +774,11 @@
         },
         "LocationUri":{
           "shape":"Uri",
-          "documentation":"<p>A URI to locate the configuration. You can specify a Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For an SSM document, specify either the document name in the format <code>ssm-document://&lt;Document_name&gt;</code> or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format <code>ssm-parameter://&lt;Parameter_name&gt;</code> or the ARN. For an Amazon S3 object, specify the URI in the following format: <code>s3://&lt;bucket&gt;/&lt;objectKey&gt; </code>. Here is an example: s3://my-bucket/my-app/us-east-1/my-config.json</p>"
+          "documentation":"<p>A URI to locate the configuration. You can specify the AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For the hosted configuration store and for feature flags, specify <code>hosted</code>. For an SSM document, specify either the document name in the format <code>ssm-document://&lt;Document_name&gt;</code> or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format <code>ssm-parameter://&lt;Parameter_name&gt;</code> or the ARN. For an Amazon S3 object, specify the URI in the following format: <code>s3://&lt;bucket&gt;/&lt;objectKey&gt; </code>. Here is an example: <code>s3://my-bucket/my-app/us-east-1/my-config.json</code> </p>"
         },
         "RetrievalRoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
+          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified <code>LocationUri</code>.</p> <important> <p>A retrieval role ARN is not required for configurations stored in the AppConfig hosted configuration store. It is required for all other sources that store your configuration. </p> </important>"
         },
         "Validators":{
           "shape":"ValidatorList",
@@ -756,6 +787,10 @@
         "Tags":{
           "shape":"TagMap",
           "documentation":"<p>Metadata to assign to the configuration profile. Tags help organize and categorize your AppConfig resources. Each tag consists of a key and an optional value, both of which you define.</p>"
+        },
+        "Type":{
+          "shape":"ConfigurationProfileType",
+          "documentation":"<p>The type of configurations contained in the profile. AppConfig supports <code>feature flags</code> and <code>freeform</code> configurations. We recommend you create feature flag configurations to enable or disable new features and freeform configurations to distribute configurations to an application. When calling this API, enter one of the following values for <code>Type</code>:</p> <p> <code>AWS.AppConfig.FeatureFlags</code> </p> <p> <code>AWS.Freeform</code> </p>"
         }
       }
     },
@@ -792,7 +827,7 @@
         },
         "GrowthType":{
           "shape":"GrowthType",
-          "documentation":"<p>The algorithm used to define how percentage grows over time. AWS AppConfig supports the following growth types:</p> <p> <b>Linear</b>: For this type, AppConfig processes the deployment by dividing the total number of targets by the value specified for <code>Step percentage</code>. For example, a linear deployment that uses a <code>Step percentage</code> of 10 deploys the configuration to 10 percent of the hosts. After those deployments are complete, the system deploys the configuration to the next 10 percent. This continues until 100% of the targets have successfully received the configuration.</p> <p> <b>Exponential</b>: For this type, AppConfig processes the deployment exponentially using the following formula: <code>G*(2^N)</code>. In this formula, <code>G</code> is the growth factor specified by the user and <code>N</code> is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows:</p> <p> <code>2*(2^0)</code> </p> <p> <code>2*(2^1)</code> </p> <p> <code>2*(2^2)</code> </p> <p>Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets.</p>"
+          "documentation":"<p>The algorithm used to define how percentage grows over time. AppConfig supports the following growth types:</p> <p> <b>Linear</b>: For this type, AppConfig processes the deployment by dividing the total number of targets by the value specified for <code>Step percentage</code>. For example, a linear deployment that uses a <code>Step percentage</code> of 10 deploys the configuration to 10 percent of the hosts. After those deployments are complete, the system deploys the configuration to the next 10 percent. This continues until 100% of the targets have successfully received the configuration.</p> <p> <b>Exponential</b>: For this type, AppConfig processes the deployment exponentially using the following formula: <code>G*(2^N)</code>. In this formula, <code>G</code> is the growth factor specified by the user and <code>N</code> is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows:</p> <p> <code>2*(2^0)</code> </p> <p> <code>2*(2^1)</code> </p> <p> <code>2*(2^2)</code> </p> <p>Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets.</p>"
         },
         "ReplicateTo":{
           "shape":"ReplicateTo",
@@ -868,13 +903,13 @@
         },
         "ContentType":{
           "shape":"StringWithLengthBetween1And255",
-          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
+          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
           "location":"header",
           "locationName":"Content-Type"
         },
         "LatestVersionNumber":{
           "shape":"Integer",
-          "documentation":"<p>An optional locking token used to prevent race conditions from overwriting configuration updates when creating a new version. To ensure your data is not overwritten when creating multiple hosted configuration versions in rapid succession, specify the version of the latest hosted configuration version.</p>",
+          "documentation":"<p>An optional locking token used to prevent race conditions from overwriting configuration updates when creating a new version. To ensure your data is not overwritten when creating multiple hosted configuration versions in rapid succession, specify the version number of the latest hosted configuration version.</p>",
           "box":true,
           "location":"header",
           "locationName":"Latest-Version-Number"
@@ -936,13 +971,13 @@
       "members":{
         "ApplicationId":{
           "shape":"Id",
-          "documentation":"<p>The application ID that includes the environment you want to delete.</p>",
+          "documentation":"<p>The application ID that includes the environment that you want to delete.</p>",
           "location":"uri",
           "locationName":"ApplicationId"
         },
         "EnvironmentId":{
           "shape":"Id",
-          "documentation":"<p>The ID of the environment you want to delete.</p>",
+          "documentation":"<p>The ID of the environment that you want to delete.</p>",
           "location":"uri",
           "locationName":"EnvironmentId"
         }
@@ -1029,7 +1064,7 @@
         },
         "FinalBakeTimeInMinutes":{
           "shape":"MinutesBetween0And24Hours",
-          "documentation":"<p>The amount of time AppConfig monitored for alarms before considering the deployment to be complete and no longer eligible for automatic roll back.</p>"
+          "documentation":"<p>The amount of time that AppConfig monitored for alarms before considering the deployment to be complete and no longer eligible for automatic rollback.</p>"
         },
         "State":{
           "shape":"DeploymentState",
@@ -1058,15 +1093,15 @@
       "members":{
         "EventType":{
           "shape":"DeploymentEventType",
-          "documentation":"<p>The type of deployment event. Deployment event types include the start, stop, or completion of a deployment; a percentage update; the start or stop of a bake period; the start or completion of a rollback.</p>"
+          "documentation":"<p>The type of deployment event. Deployment event types include the start, stop, or completion of a deployment; a percentage update; the start or stop of a bake period; and the start or completion of a rollback.</p>"
         },
         "TriggeredBy":{
           "shape":"TriggeredBy",
-          "documentation":"<p>The entity that triggered the deployment event. Events can be triggered by a user, AWS AppConfig, an Amazon CloudWatch alarm, or an internal error.</p>"
+          "documentation":"<p>The entity that triggered the deployment event. Events can be triggered by a user, AppConfig, an Amazon CloudWatch alarm, or an internal error.</p>"
         },
         "Description":{
           "shape":"Description",
-          "documentation":"<p>A description of the deployment event. Descriptions include, but are not limited to, the user account or the CloudWatch alarm ARN that initiated a rollback, the percentage of hosts that received the deployment, or in the case of an internal error, a recommendation to attempt a new deployment.</p>"
+          "documentation":"<p>A description of the deployment event. Descriptions include, but are not limited to, the user account or the Amazon CloudWatch alarm ARN that initiated a rollback, the percentage of hosts that received the deployment, or in the case of an internal error, a recommendation to attempt a new deployment.</p>"
         },
         "OccurredAt":{
           "shape":"Iso8601DateTime",
@@ -1147,7 +1182,7 @@
         },
         "FinalBakeTimeInMinutes":{
           "shape":"MinutesBetween0And24Hours",
-          "documentation":"<p>The amount of time AppConfig monitored for alarms before considering the deployment to be complete and no longer eligible for automatic roll back.</p>"
+          "documentation":"<p>The amount of time that AppConfig monitored for alarms before considering the deployment to be complete and no longer eligible for automatic rollback.</p>"
         },
         "ReplicateTo":{
           "shape":"ReplicateTo",
@@ -1192,7 +1227,7 @@
         },
         "FinalBakeTimeInMinutes":{
           "shape":"MinutesBetween0And24Hours",
-          "documentation":"<p>The amount of time AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back.</p>"
+          "documentation":"<p>The amount of time that AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic rollback.</p>"
         },
         "State":{
           "shape":"DeploymentState",
@@ -1314,7 +1349,7 @@
         },
         "ConfigurationProfileId":{
           "shape":"Id",
-          "documentation":"<p>The ID of the configuration profile you want to get.</p>",
+          "documentation":"<p>The ID of the configuration profile that you want to get.</p>",
           "location":"uri",
           "locationName":"ConfigurationProfileId"
         }
@@ -1349,13 +1384,13 @@
         },
         "ClientId":{
           "shape":"StringWithLengthBetween1And64",
-          "documentation":"<p>A unique ID to identify the client for the configuration. This ID enables AppConfig to deploy the configuration in intervals, as defined in the deployment strategy.</p>",
+          "documentation":"<p>The clientId parameter in the following command is a unique, user-specified ID to identify the client for the configuration. This ID enables AppConfig to deploy the configuration in intervals, as defined in the deployment strategy. </p>",
           "location":"querystring",
           "locationName":"client_id"
         },
         "ClientConfigurationVersion":{
           "shape":"Version",
-          "documentation":"<p>The configuration version returned in the most recent <code>GetConfiguration</code> response.</p> <important> <p>AWS AppConfig uses the value of the <code>ClientConfigurationVersion</code> parameter to identify the configuration version on your clients. If you don’t send <code>ClientConfigurationVersion</code> with each call to <code>GetConfiguration</code>, your clients receive the current configuration. You are charged each time your clients receive a configuration.</p> <p>To avoid excess charges, we recommend that you include the <code>ClientConfigurationVersion</code> value with every call to <code>GetConfiguration</code>. This value must be saved on your client. Subsequent calls to <code>GetConfiguration</code> must pass this value by using the <code>ClientConfigurationVersion</code> parameter. </p> </important> <p>For more information about working with configurations, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig-retrieving-the-configuration.html\">Retrieving the Configuration</a> in the <i>AWS AppConfig User Guide</i>.</p>",
+          "documentation":"<p>The configuration version returned in the most recent <code>GetConfiguration</code> response.</p> <important> <p>AppConfig uses the value of the <code>ClientConfigurationVersion</code> parameter to identify the configuration version on your clients. If you don’t send <code>ClientConfigurationVersion</code> with each call to <code>GetConfiguration</code>, your clients receive the current configuration. You are charged each time your clients receive a configuration.</p> <p>To avoid excess charges, we recommend that you include the <code>ClientConfigurationVersion</code> value with every call to <code>GetConfiguration</code>. This value must be saved on your client. Subsequent calls to <code>GetConfiguration</code> must pass this value by using the <code>ClientConfigurationVersion</code> parameter. </p> </important> <p>For more information about working with configurations, see <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-retrieving-the-configuration.html\">Retrieving the Configuration</a> in the <i>AppConfig User Guide</i>.</p>",
           "location":"querystring",
           "locationName":"client_configuration_version"
         }
@@ -1417,7 +1452,7 @@
         },
         "EnvironmentId":{
           "shape":"Id",
-          "documentation":"<p>The ID of the environment you wnat to get.</p>",
+          "documentation":"<p>The ID of the environment that you want to get.</p>",
           "location":"uri",
           "locationName":"EnvironmentId"
         }
@@ -1496,7 +1531,7 @@
         },
         "ContentType":{
           "shape":"StringWithLengthBetween1And255",
-          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
+          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>",
           "location":"header",
           "locationName":"Content-Type"
         }
@@ -1524,7 +1559,7 @@
         },
         "ContentType":{
           "shape":"StringWithLengthBetween1And255",
-          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://docs.aws.amazon.com/https:/www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>"
+          "documentation":"<p>A standard MIME type describing the format of the configuration content. For more information, see <a href=\"https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17\">Content-Type</a>.</p>"
         }
       },
       "documentation":"<p>Information about the configuration.</p>"
@@ -1561,6 +1596,32 @@
       "exception":true,
       "fault":true
     },
+    "InvalidConfigurationDetail":{
+      "type":"structure",
+      "members":{
+        "Constraint":{
+          "shape":"String",
+          "documentation":"<p>The invalid or out-of-range validation constraint in your JSON schema that failed validation.</p>"
+        },
+        "Location":{
+          "shape":"String",
+          "documentation":"<p>Location of the validation constraint in the configuration JSON schema that failed validation.</p>"
+        },
+        "Reason":{
+          "shape":"String",
+          "documentation":"<p>The reason for an invalid configuration error.</p>"
+        },
+        "Type":{
+          "shape":"String",
+          "documentation":"<p>The type of error for an invalid configuration.</p>"
+        }
+      },
+      "documentation":"<p>Detailed information about the bad request exception error when creating a hosted configuration version.</p>"
+    },
+    "InvalidConfigurationDetailList":{
+      "type":"list",
+      "member":{"shape":"InvalidConfigurationDetail"}
+    },
     "Iso8601DateTime":{
       "type":"timestamp",
       "timestampFormat":"iso8601"
@@ -1577,7 +1638,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>A token to start the list. Use this token to get the next set of results.</p>",
+          "documentation":"<p>A token to start the list. Next token is a pagination token generated by AppConfig to describe what page the previous List call ended on. For the first List request, the nextToken should not be set. On subsequent calls, the nextToken parameter should be set to the previous responses nextToken value. Use this token to get the next set of results. </p>",
           "location":"querystring",
           "locationName":"next_token"
         }
@@ -1605,6 +1666,12 @@
           "documentation":"<p>A token to start the list. Use this token to get the next set of results.</p>",
           "location":"querystring",
           "locationName":"next_token"
+        },
+        "Type":{
+          "shape":"ConfigurationProfileType",
+          "documentation":"<p>A filter based on the type of configurations that the configuration profile contains. A configuration can be a feature flag or a freeform configuration.</p>",
+          "location":"querystring",
+          "locationName":"type"
         }
       }
     },
@@ -1647,14 +1714,14 @@
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.</p>",
+          "documentation":"<p>The maximum number of items that may be returned for this call. If there are items that have not yet been returned, the response will include a non-null <code>NextToken</code> that you can provide in a subsequent call to get the next set of results.</p>",
           "box":true,
           "location":"querystring",
           "locationName":"max_results"
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>A token to start the list. Use this token to get the next set of results.</p>",
+          "documentation":"<p>The token returned by a prior call to this operation indicating the next set of results to be returned. If not specified, the operation will return the first set of results.</p>",
           "location":"querystring",
           "locationName":"next_token"
         }
@@ -1743,14 +1810,15 @@
     },
     "Monitor":{
       "type":"structure",
+      "required":["AlarmArn"],
       "members":{
         "AlarmArn":{
-          "shape":"Arn",
-          "documentation":"<p>ARN of the Amazon CloudWatch alarm.</p>"
+          "shape":"StringWithLengthBetween1And2048",
+          "documentation":"<p>Amazon Resource Name (ARN) of the Amazon CloudWatch alarm.</p>"
         },
         "AlarmRoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>ARN of an IAM role for AppConfig to monitor <code>AlarmArn</code>.</p>"
+          "documentation":"<p>ARN of an Identity and Access Management (IAM) role for AppConfig to monitor <code>AlarmArn</code>.</p>"
         }
       },
       "documentation":"<p>Amazon CloudWatch alarms to monitor during the deployment process.</p>"
@@ -1825,7 +1893,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The number of hosted configuration versions exceeds the limit for the AppConfig configuration store. Delete one or more versions and try again.</p>",
+      "documentation":"<p>The number of hosted configuration versions exceeds the limit for the AppConfig hosted configuration store. Delete one or more versions and try again.</p>",
       "error":{"httpStatusCode":402},
       "exception":true
     },
@@ -1909,6 +1977,11 @@
       "min":0,
       "sensitive":true
     },
+    "StringWithLengthBetween1And2048":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
     "StringWithLengthBetween1And255":{
       "type":"string",
       "max":255,
@@ -2039,7 +2112,7 @@
         },
         "RetrievalRoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified LocationUri.</p>"
+          "documentation":"<p>The ARN of an IAM role with permission to access the configuration at the specified <code>LocationUri</code>.</p>"
         },
         "Validators":{
           "shape":"ValidatorList",
@@ -2068,7 +2141,7 @@
         },
         "FinalBakeTimeInMinutes":{
           "shape":"MinutesBetween0And24Hours",
-          "documentation":"<p>The amount of time AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back.</p>",
+          "documentation":"<p>The amount of time that AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic rollback.</p>",
           "box":true
         },
         "GrowthFactor":{
@@ -2078,7 +2151,7 @@
         },
         "GrowthType":{
           "shape":"GrowthType",
-          "documentation":"<p>The algorithm used to define how percentage grows over time. AWS AppConfig supports the following growth types:</p> <p> <b>Linear</b>: For this type, AppConfig processes the deployment by increments of the growth factor evenly distributed over the deployment time. For example, a linear deployment that uses a growth factor of 20 initially makes the configuration available to 20 percent of the targets. After 1/5th of the deployment time has passed, the system updates the percentage to 40 percent. This continues until 100% of the targets are set to receive the deployed configuration.</p> <p> <b>Exponential</b>: For this type, AppConfig processes the deployment exponentially using the following formula: <code>G*(2^N)</code>. In this formula, <code>G</code> is the growth factor specified by the user and <code>N</code> is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows:</p> <p> <code>2*(2^0)</code> </p> <p> <code>2*(2^1)</code> </p> <p> <code>2*(2^2)</code> </p> <p>Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets.</p>"
+          "documentation":"<p>The algorithm used to define how percentage grows over time. AppConfig supports the following growth types:</p> <p> <b>Linear</b>: For this type, AppConfig processes the deployment by increments of the growth factor evenly distributed over the deployment time. For example, a linear deployment that uses a growth factor of 20 initially makes the configuration available to 20 percent of the targets. After 1/5th of the deployment time has passed, the system updates the percentage to 40 percent. This continues until 100% of the targets are set to receive the deployed configuration.</p> <p> <b>Exponential</b>: For this type, AppConfig processes the deployment exponentially using the following formula: <code>G*(2^N)</code>. In this formula, <code>G</code> is the growth factor specified by the user and <code>N</code> is the number of steps until the configuration is deployed to all targets. For example, if you specify a growth factor of 2, then the system rolls out the configuration as follows:</p> <p> <code>2*(2^0)</code> </p> <p> <code>2*(2^1)</code> </p> <p> <code>2*(2^2)</code> </p> <p>Expressed numerically, the deployment rolls out as follows: 2% of the targets, 4% of the targets, 8% of the targets, and continues until the configuration has been deployed to all targets.</p>"
         }
       }
     },
@@ -2161,10 +2234,10 @@
         },
         "Content":{
           "shape":"StringWithLengthBetween0And32768",
-          "documentation":"<p>Either the JSON Schema content or the Amazon Resource Name (ARN) of an AWS Lambda function.</p>"
+          "documentation":"<p>Either the JSON Schema content or the Amazon Resource Name (ARN) of an Lambda function.</p>"
         }
       },
-      "documentation":"<p>A validator provides a syntactic or semantic check to ensure the configuration you want to deploy functions as intended. To validate your application configuration data, you provide a schema or a Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p>"
+      "documentation":"<p>A validator provides a syntactic or semantic check to ensure the configuration that you want to deploy functions as intended. To validate your application configuration data, you provide a schema or an Amazon Web Services Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p>"
     },
     "ValidatorList":{
       "type":"list",
@@ -2191,5 +2264,5 @@
       "min":1
     }
   },
-  "documentation":"<fullname>AWS AppConfig</fullname> <p>Use AWS AppConfig, a capability of AWS Systems Manager, to create, manage, and quickly deploy application configurations. AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AppConfig with applications hosted on Amazon EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices.</p> <p>To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or a Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p> <p>During a configuration deployment, AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AppConfig automatically rolls back to the previous version. </p> <p>AppConfig supports multiple use cases. Here are some examples.</p> <ul> <li> <p> <b>Application tuning</b>: Use AppConfig to carefully introduce changes to your application that can only be tested with production traffic.</p> </li> <li> <p> <b>Feature toggle</b>: Use AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement. </p> </li> <li> <p> <b>Allow list</b>: Use AppConfig to allow premium subscribers to access paid content. </p> </li> <li> <p> <b>Operational issues</b>: Use AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.</p> </li> </ul> <p>This reference is intended to be used with the <a href=\"http://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig.html\">AWS AppConfig User Guide</a>.</p>"
+  "documentation":"<p>Use AppConfig, a capability of Amazon Web Services Systems Manager, to create, manage, and quickly deploy application configurations. AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AppConfig with applications hosted on Amazon EC2 instances, Lambda, containers, mobile applications, or IoT devices.</p> <p>To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or an Amazon Web Services Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.</p> <p>During a configuration deployment, AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AppConfig automatically rolls back to the previous version. </p> <p>AppConfig supports multiple use cases. Here are some examples:</p> <ul> <li> <p> <b>Feature flags</b>: Use AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement. </p> </li> <li> <p> <b>Application tuning</b>: Use AppConfig to carefully introduce changes to your application that can only be tested with production traffic.</p> </li> <li> <p> <b>Allow list</b>: Use AppConfig to allow premium subscribers to access paid content. </p> </li> <li> <p> <b>Operational issues</b>: Use AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.</p> </li> </ul> <p>This reference is intended to be used with the <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html\">AppConfig User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/paginators-1.json b/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/paginators-1.json
new file mode 100644
index 00000000000..ea142457a6a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/paginators-1.json
@@ -0,0 +1,3 @@
+{
+  "pagination": {}
+}
diff --git a/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/service-2.json b/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/service-2.json
new file mode 100644
index 00000000000..8aea92c8a2f
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/appconfigdata/2021-11-11/service-2.json
@@ -0,0 +1,264 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-11-11",
+    "endpointPrefix":"appconfigdata",
+    "jsonVersion":"1.0",
+    "protocol":"rest-json",
+    "serviceFullName":"AWS AppConfig Data",
+    "serviceId":"AppConfigData",
+    "signatureVersion":"v4",
+    "signingName":"appconfig",
+    "uid":"appconfigdata-2021-11-11"
+  },
+  "operations":{
+    "GetLatestConfiguration":{
+      "name":"GetLatestConfiguration",
+      "http":{
+        "method":"GET",
+        "requestUri":"/configuration",
+        "responseCode":200
+      },
+      "input":{"shape":"GetLatestConfigurationRequest"},
+      "output":{"shape":"GetLatestConfigurationResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Retrieves the latest deployed configuration. This API may return empty configuration data if the client already has the latest version. For more information about this API action and to view example CLI commands that show how to use it with the <a>StartConfigurationSession</a> API action, see <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-retrieving-the-configuration\">Receiving the configuration</a> in the <i>AppConfig User Guide</i>. </p> <important> <p>Note the following important information.</p> <ul> <li> <p>Each configuration token is only valid for one call to <code>GetLatestConfiguration</code>. The <code>GetLatestConfiguration</code> response includes a <code>NextPollConfigurationToken</code> that should always replace the token used for the just-completed call in preparation for the next one. </p> </li> <li> <p> <code>GetLatestConfiguration</code> is a priced call. For more information, see <a href=\"https://aws.amazon.com/systems-manager/pricing/\">Pricing</a>.</p> </li> </ul> </important>"
+    },
+    "StartConfigurationSession":{
+      "name":"StartConfigurationSession",
+      "http":{
+        "method":"POST",
+        "requestUri":"/configurationsessions",
+        "responseCode":201
+      },
+      "input":{"shape":"StartConfigurationSessionRequest"},
+      "output":{"shape":"StartConfigurationSessionResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Starts a configuration session used to retrieve a deployed configuration. For more information about this API action and to view example CLI commands that show how to use it with the <a>GetLatestConfiguration</a> API action, see <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-retrieving-the-configuration\">Receiving the configuration</a> in the <i>AppConfig User Guide</i>. </p>"
+    }
+  },
+  "shapes":{
+    "BadRequestDetails":{
+      "type":"structure",
+      "members":{
+        "InvalidParameters":{
+          "shape":"InvalidParameterMap",
+          "documentation":"<p>One or more specified parameters are not valid for the call.</p>"
+        }
+      },
+      "documentation":"<p>Detailed information about the input that failed to satisfy the constraints specified by a call.</p>",
+      "union":true
+    },
+    "BadRequestException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"String"},
+        "Reason":{
+          "shape":"BadRequestReason",
+          "documentation":"<p>Code indicating the reason the request was invalid.</p>"
+        },
+        "Details":{
+          "shape":"BadRequestDetails",
+          "documentation":"<p>Details describing why the request was invalid.</p>"
+        }
+      },
+      "documentation":"<p>The input fails to satisfy the constraints specified by the service.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "BadRequestReason":{
+      "type":"string",
+      "enum":["InvalidParameters"]
+    },
+    "GetLatestConfigurationRequest":{
+      "type":"structure",
+      "required":["ConfigurationToken"],
+      "members":{
+        "ConfigurationToken":{
+          "shape":"Token",
+          "documentation":"<p>Token describing the current state of the configuration session. To obtain a token, first call the <a>StartConfigurationSession</a> API. Note that every call to <code>GetLatestConfiguration</code> will return a new <code>ConfigurationToken</code> (<code>NextPollConfigurationToken</code> in the response) and MUST be provided to subsequent <code>GetLatestConfiguration</code> API calls.</p>",
+          "location":"querystring",
+          "locationName":"configuration_token"
+        }
+      }
+    },
+    "GetLatestConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "NextPollConfigurationToken":{
+          "shape":"Token",
+          "documentation":"<p>The latest token describing the current state of the configuration session. This MUST be provided to the next call to <code>GetLatestConfiguration.</code> </p>",
+          "location":"header",
+          "locationName":"Next-Poll-Configuration-Token"
+        },
+        "NextPollIntervalInSeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The amount of time the client should wait before polling for configuration updates again. Use <code>RequiredMinimumPollIntervalInSeconds</code> to set the desired poll interval.</p>",
+          "location":"header",
+          "locationName":"Next-Poll-Interval-In-Seconds"
+        },
+        "ContentType":{
+          "shape":"String",
+          "documentation":"<p>A standard MIME type describing the format of the configuration content.</p>",
+          "location":"header",
+          "locationName":"Content-Type"
+        },
+        "Configuration":{
+          "shape":"SyntheticGetLatestConfigurationResponseBlob",
+          "documentation":"<p>The data of the configuration. This may be empty if the client already has the latest version of configuration.</p>"
+        }
+      },
+      "payload":"Configuration"
+    },
+    "Identifier":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "Integer":{"type":"integer"},
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>There was an internal failure in the service.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "InvalidParameterDetail":{
+      "type":"structure",
+      "members":{
+        "Problem":{
+          "shape":"InvalidParameterProblem",
+          "documentation":"<p>The reason the parameter is invalid.</p>"
+        }
+      },
+      "documentation":"<p>Information about an invalid parameter.</p>"
+    },
+    "InvalidParameterMap":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"InvalidParameterDetail"}
+    },
+    "InvalidParameterProblem":{
+      "type":"string",
+      "enum":[
+        "Corrupted",
+        "Expired",
+        "PollIntervalNotSatisfied"
+      ]
+    },
+    "OptionalPollSeconds":{
+      "type":"integer",
+      "box":true,
+      "max":86400,
+      "min":15
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"String"},
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The type of resource that was not found.</p>"
+        },
+        "ReferencedBy":{
+          "shape":"StringMap",
+          "documentation":"<p>A map indicating which parameters in the request reference the resource that was not found.</p>"
+        }
+      },
+      "documentation":"<p>The requested resource could not be found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceType":{
+      "type":"string",
+      "enum":[
+        "Application",
+        "ConfigurationProfile",
+        "Deployment",
+        "Environment",
+        "Configuration"
+      ]
+    },
+    "StartConfigurationSessionRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "ConfigurationProfileIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"Identifier",
+          "documentation":"<p>The application ID or the application name.</p>"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"Identifier",
+          "documentation":"<p>The environment ID or the environment name.</p>"
+        },
+        "ConfigurationProfileIdentifier":{
+          "shape":"Identifier",
+          "documentation":"<p>The configuration profile ID or the configuration profile name.</p>"
+        },
+        "RequiredMinimumPollIntervalInSeconds":{
+          "shape":"OptionalPollSeconds",
+          "documentation":"<p>Sets a constraint on a session. If you specify a value of, for example, 60 seconds, then the client that established the session can't call <a>GetLatestConfiguration</a> more frequently then every 60 seconds.</p>"
+        }
+      }
+    },
+    "StartConfigurationSessionResponse":{
+      "type":"structure",
+      "members":{
+        "InitialConfigurationToken":{
+          "shape":"Token",
+          "documentation":"<p>Token encapsulating state about the configuration session. Provide this token to the <code>GetLatestConfiguration</code> API to retrieve configuration data.</p> <important> <p>This token should only be used once in your first call to <code>GetLatestConfiguration</code>. You MUST use the new token in the <code>GetLatestConfiguration</code> response (<code>NextPollConfigurationToken</code>) in each subsequent call to <code>GetLatestConfiguration</code>.</p> </important>"
+        }
+      }
+    },
+    "String":{"type":"string"},
+    "StringMap":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"String"}
+    },
+    "SyntheticGetLatestConfigurationResponseBlob":{
+      "type":"blob",
+      "sensitive":true
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>The request was denied due to request throttling.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Token":{
+      "type":"string",
+      "pattern":"\\S{1,8192}"
+    }
+  },
+  "documentation":"<p>AppConfig Data provides the data plane APIs your application uses to retrieve configuration data. Here's how it works:</p> <p>Your application retrieves configuration data by first establishing a configuration session using the AppConfig Data <a>StartConfigurationSession</a> API action. Your session's client then makes periodic calls to <a>GetLatestConfiguration</a> to check for and retrieve the latest data available.</p> <p>When calling <code>StartConfigurationSession</code>, your code sends the following information:</p> <ul> <li> <p>Identifiers (ID or name) of an AppConfig application, environment, and configuration profile that the session tracks.</p> </li> <li> <p>(Optional) The minimum amount of time the session's client must wait between calls to <code>GetLatestConfiguration</code>.</p> </li> </ul> <p>In response, AppConfig provides an <code>InitialConfigurationToken</code> to be given to the session's client and used the first time it calls <code>GetLatestConfiguration</code> for that session.</p> <p>When calling <code>GetLatestConfiguration</code>, your client code sends the most recent <code>ConfigurationToken</code> value it has and receives in response:</p> <ul> <li> <p> <code>NextPollConfigurationToken</code>: the <code>ConfigurationToken</code> value to use on the next call to <code>GetLatestConfiguration</code>.</p> </li> <li> <p> <code>NextPollIntervalInSeconds</code>: the duration the client should wait before making its next call to <code>GetLatestConfiguration</code>. This duration may vary over the course of the session, so it should be used instead of the value sent on the <code>StartConfigurationSession</code> call.</p> </li> <li> <p>The configuration: the latest data intended for the session. This may be empty if the client already has the latest version of the configuration.</p> </li> </ul> <p>For more information and to view example CLI commands that show how to retrieve a configuration using the AppConfig Data <code>StartConfigurationSession</code> and <code>GetLatestConfiguration</code> API actions, see <a href=\"http://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-retrieving-the-configuration\">Receiving the configuration</a> in the <i>AppConfig User Guide</i>.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/appflow/2020-08-23/service-2.json b/contrib/python/botocore/py3/botocore/data/appflow/2020-08-23/service-2.json
index 6b976ac5a52..5997af0c30b 100644
--- a/contrib/python/botocore/py3/botocore/data/appflow/2020-08-23/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/appflow/2020-08-23/service-2.json
@@ -78,6 +78,21 @@
       ],
       "documentation":"<p> Enables your application to delete an existing flow. Before deleting the flow, Amazon AppFlow validates the request by checking the flow configuration and status. You can delete flows one at a time. </p>"
     },
+    "DescribeConnector":{
+      "name":"DescribeConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-connector"
+      },
+      "input":{"shape":"DescribeConnectorRequest"},
+      "output":{"shape":"DescribeConnectorResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Describes the given custom connector registered in your Amazon Web Services account. This API can be used for custom connectors that are registered in your account and also for Amazon authored connectors.</p>"
+    },
     "DescribeConnectorEntity":{
       "name":"DescribeConnectorEntity",
       "http":{
@@ -169,6 +184,20 @@
       ],
       "documentation":"<p> Returns the list of available connector entities supported by Amazon AppFlow. For example, you can query Salesforce for <i>Account</i> and <i>Opportunity</i> entities, or query ServiceNow for the <i>Incident</i> entity. </p>"
     },
+    "ListConnectors":{
+      "name":"ListConnectors",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-connectors"
+      },
+      "input":{"shape":"ListConnectorsRequest"},
+      "output":{"shape":"ListConnectorsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns the list of all registered custom connectors in your Amazon Web Services account. This API lists only custom connectors registered in this account, not the Amazon Web Services authored connectors. </p>"
+    },
     "ListFlows":{
       "name":"ListFlows",
       "http":{
@@ -198,6 +227,27 @@
       ],
       "documentation":"<p> Retrieves the tags that are associated with a specified flow. </p>"
     },
+    "RegisterConnector":{
+      "name":"RegisterConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/register-connector"
+      },
+      "input":{"shape":"RegisterConnectorRequest"},
+      "output":{"shape":"RegisterConnectorResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConnectorServerException"},
+        {"shape":"ConnectorAuthenticationException"}
+      ],
+      "documentation":"<p>Registers a new connector with your Amazon Web Services account. Before you can register the connector, you must deploy lambda in your account.</p>"
+    },
     "StartFlow":{
       "name":"StartFlow",
       "http":{
@@ -245,6 +295,21 @@
       ],
       "documentation":"<p> Applies a tag to the specified flow. </p>"
     },
+    "UnregisterConnector":{
+      "name":"UnregisterConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/unregister-connector"
+      },
+      "input":{"shape":"UnregisterConnectorRequest"},
+      "output":{"shape":"UnregisterConnectorResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Unregisters the custom connector registered in your account that matches the connectorLabel provided in the request.</p>"
+    },
     "UntagResource":{
       "name":"UntagResource",
       "http":{
@@ -303,6 +368,15 @@
       "max":512,
       "pattern":"arn:aws:.*:.*:[0-9]+:.*"
     },
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>AppFlow/Requester has invalid or missing permissions.</p>",
+      "error":{"httpStatusCode":403},
+      "exception":true
+    },
     "AccessKeyId":{
       "type":"string",
       "max":256,
@@ -311,7 +385,7 @@
     },
     "AccessToken":{
       "type":"string",
-      "max":512,
+      "max":2048,
       "pattern":"\\S+",
       "sensitive":true
     },
@@ -385,7 +459,23 @@
     "ApiKey":{
       "type":"string",
       "max":256,
-      "pattern":"\\S+"
+      "pattern":"\\S+",
+      "sensitive":true
+    },
+    "ApiKeyCredentials":{
+      "type":"structure",
+      "required":["apiKey"],
+      "members":{
+        "apiKey":{
+          "shape":"ApiKey",
+          "documentation":"<p>The API key required for API key authentication.</p>"
+        },
+        "apiSecretKey":{
+          "shape":"ApiSecretKey",
+          "documentation":"<p>The API secret key required for API key authentication.</p>"
+        }
+      },
+      "documentation":"<p>The API key credentials required for API key authentication.</p>"
     },
     "ApiSecretKey":{
       "type":"string",
@@ -398,6 +488,11 @@
       "max":256,
       "pattern":"\\S+"
     },
+    "ApiVersion":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
     "ApplicationHostUrl":{
       "type":"string",
       "max":256,
@@ -413,6 +508,11 @@
       "max":512,
       "pattern":"\\S+"
     },
+    "ApplicationType":{
+      "type":"string",
+      "max":512,
+      "pattern":"\\S+"
+    },
     "AuthCode":{
       "type":"string",
       "max":512,
@@ -423,6 +523,83 @@
       "max":256,
       "pattern":"^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"
     },
+    "AuthCodeUrlList":{
+      "type":"list",
+      "member":{"shape":"AuthCodeUrl"}
+    },
+    "AuthParameter":{
+      "type":"structure",
+      "members":{
+        "key":{
+          "shape":"Key",
+          "documentation":"<p>The authentication key required to authenticate with the connector.</p>"
+        },
+        "isRequired":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this authentication parameter is required.</p>"
+        },
+        "label":{
+          "shape":"Label",
+          "documentation":"<p>Label used for authentication parameter.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description about the authentication parameter.</p>"
+        },
+        "isSensitiveField":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this authentication parameter is a sensitive field.</p>"
+        },
+        "connectorSuppliedValues":{
+          "shape":"ConnectorSuppliedValueList",
+          "documentation":"<p>Contains default values for this authentication parameter that are supplied by the connector.</p>"
+        }
+      },
+      "documentation":"<p>Information about required authentication parameters.</p>"
+    },
+    "AuthParameterList":{
+      "type":"list",
+      "member":{"shape":"AuthParameter"}
+    },
+    "AuthenticationConfig":{
+      "type":"structure",
+      "members":{
+        "isBasicAuthSupported":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether basic authentication is supported by the connector.</p>"
+        },
+        "isApiKeyAuthSupported":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether API key authentication is supported by the connector</p>"
+        },
+        "isOAuth2Supported":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether OAuth 2.0 authentication is supported by the connector.</p>"
+        },
+        "isCustomAuthSupported":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether custom authentication is supported by the connector</p>"
+        },
+        "oAuth2Defaults":{
+          "shape":"OAuth2Defaults",
+          "documentation":"<p>Contains the default values required for OAuth 2.0 authentication.</p>"
+        },
+        "customAuthConfigs":{
+          "shape":"CustomAuthConfigList",
+          "documentation":"<p>Contains information required for custom authentication.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the authentication config that the connector supports.</p>"
+    },
+    "AuthenticationType":{
+      "type":"string",
+      "enum":[
+        "OAUTH2",
+        "APIKEY",
+        "BASIC",
+        "CUSTOM"
+      ]
+    },
     "BasicAuthCredentials":{
       "type":"structure",
       "required":[
@@ -536,6 +713,78 @@
         "connectorMetadata":{
           "shape":"ConnectorMetadata",
           "documentation":"<p> Specifies connector-specific metadata such as <code>oAuthScopes</code>, <code>supportedRegions</code>, <code>privateLinkServiceUrl</code>, and so on. </p>"
+        },
+        "connectorType":{
+          "shape":"ConnectorType",
+          "documentation":"<p>The connector type.</p>"
+        },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label used for registering the connector.</p>"
+        },
+        "connectorDescription":{
+          "shape":"ConnectorDescription",
+          "documentation":"<p>A description about the connector.</p>"
+        },
+        "connectorOwner":{
+          "shape":"ConnectorOwner",
+          "documentation":"<p>The owner who developed the connector.</p>"
+        },
+        "connectorName":{
+          "shape":"ConnectorName",
+          "documentation":"<p>The connector name.</p>"
+        },
+        "connectorVersion":{
+          "shape":"ConnectorVersion",
+          "documentation":"<p>The connector version.</p>"
+        },
+        "connectorArn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the registered connector.</p>"
+        },
+        "connectorModes":{
+          "shape":"ConnectorModeList",
+          "documentation":"<p>The connection modes that the connector supports.</p>"
+        },
+        "authenticationConfig":{
+          "shape":"AuthenticationConfig",
+          "documentation":"<p>The authentication config required for the connector.</p>"
+        },
+        "connectorRuntimeSettings":{
+          "shape":"ConnectorRuntimeSettingList",
+          "documentation":"<p>The required connector runtime settings.</p>"
+        },
+        "supportedApiVersions":{
+          "shape":"SupportedApiVersionList",
+          "documentation":"<p>A list of API versions that are supported by the connector.</p>"
+        },
+        "supportedOperators":{
+          "shape":"SupportedOperatorList",
+          "documentation":"<p>A list of operators supported by the connector.</p>"
+        },
+        "supportedWriteOperations":{
+          "shape":"SupportedWriteOperationList",
+          "documentation":"<p>A list of write operations supported by the connector.</p>"
+        },
+        "connectorProvisioningType":{
+          "shape":"ConnectorProvisioningType",
+          "documentation":"<p>The provisioning type used to register the connector.</p>"
+        },
+        "connectorProvisioningConfig":{
+          "shape":"ConnectorProvisioningConfig",
+          "documentation":"<p>The configuration required for registering the connector.</p>"
+        },
+        "logoURL":{
+          "shape":"LogoURL",
+          "documentation":"<p>Logo URL of the connector.</p>"
+        },
+        "registeredAt":{
+          "shape":"Date",
+          "documentation":"<p>The date on which the connector was registered.</p>"
+        },
+        "registeredBy":{
+          "shape":"RegisteredBy",
+          "documentation":"<p>Information about who registered the connector.</p>"
         }
       },
       "documentation":"<p> The configuration settings related to a given connector. </p>"
@@ -545,6 +794,61 @@
       "key":{"shape":"ConnectorType"},
       "value":{"shape":"ConnectorConfiguration"}
     },
+    "ConnectorDescription":{
+      "type":"string",
+      "max":2048,
+      "pattern":"[\\w!@#\\-.?,\\s]*"
+    },
+    "ConnectorDetail":{
+      "type":"structure",
+      "members":{
+        "connectorDescription":{
+          "shape":"ConnectorDescription",
+          "documentation":"<p>A description about the registered connector.</p>"
+        },
+        "connectorName":{
+          "shape":"ConnectorName",
+          "documentation":"<p>The name of the connector.</p>"
+        },
+        "connectorOwner":{
+          "shape":"ConnectorOwner",
+          "documentation":"<p>The owner of the connector.</p>"
+        },
+        "connectorVersion":{
+          "shape":"ConnectorVersion",
+          "documentation":"<p>The connector version.</p>"
+        },
+        "applicationType":{
+          "shape":"ApplicationType",
+          "documentation":"<p>The application type of the connector.</p>"
+        },
+        "connectorType":{
+          "shape":"ConnectorType",
+          "documentation":"<p>The connector type.</p>"
+        },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>A label used for the connector.</p>"
+        },
+        "registeredAt":{
+          "shape":"Date",
+          "documentation":"<p>The time at which the connector was registered.</p>"
+        },
+        "registeredBy":{
+          "shape":"RegisteredBy",
+          "documentation":"<p>The user who registered the connector.</p>"
+        },
+        "connectorProvisioningType":{
+          "shape":"ConnectorProvisioningType",
+          "documentation":"<p>The provisioning type that the connector uses.</p>"
+        },
+        "connectorModes":{
+          "shape":"ConnectorModeList",
+          "documentation":"<p>The connection mode that the connector supports.</p>"
+        }
+      },
+      "documentation":"<p>Information about the registered connector.</p>"
+    },
     "ConnectorEntity":{
       "type":"structure",
       "required":["name"],
@@ -572,10 +876,26 @@
           "shape":"Identifier",
           "documentation":"<p> The unique identifier of the connector field. </p>"
         },
+        "parentIdentifier":{
+          "shape":"Identifier",
+          "documentation":"<p>The parent identifier of the connector field.</p>"
+        },
         "label":{
           "shape":"Label",
           "documentation":"<p> The label applied to a connector entity field. </p>"
         },
+        "isPrimaryKey":{
+          "shape":"Boolean",
+          "documentation":"<p>Booelan value that indicates whether this field can be used as a primary key.</p>"
+        },
+        "defaultValue":{
+          "shape":"String",
+          "documentation":"<p>Default value that can be assigned to this field.</p>"
+        },
+        "isDeprecated":{
+          "shape":"Boolean",
+          "documentation":"<p>Booelan value that indicates whether this field is deprecated or not.</p>"
+        },
         "supportedFieldTypeDetails":{
           "shape":"SupportedFieldTypeDetails",
           "documentation":"<p> Contains details regarding the supported <code>FieldType</code>, including the corresponding <code>filterOperators</code> and <code>supportedValues</code>. </p>"
@@ -591,6 +911,10 @@
         "destinationProperties":{
           "shape":"DestinationFieldProperties",
           "documentation":"<p> The properties applied to a field when the connector is being used as a destination. </p>"
+        },
+        "customProperties":{
+          "shape":"CustomProperties",
+          "documentation":"<p>A map that has specific properties related to the ConnectorEntityField.</p>"
         }
       },
       "documentation":"<p> Describes the data model of a connector field. For example, for an <i>account</i> entity, the fields would be <i>account name</i>, <i>account ID</i>, and so on. </p>"
@@ -608,6 +932,15 @@
       "key":{"shape":"Group"},
       "value":{"shape":"ConnectorEntityList"}
     },
+    "ConnectorLabel":{
+      "type":"string",
+      "max":256,
+      "pattern":"[a-zA-Z0-9][\\w!@#.-]+"
+    },
+    "ConnectorList":{
+      "type":"list",
+      "member":{"shape":"ConnectorDetail"}
+    },
     "ConnectorMetadata":{
       "type":"structure",
       "members":{
@@ -695,6 +1028,20 @@
       },
       "documentation":"<p> A structure to specify connector-specific metadata such as <code>oAuthScopes</code>, <code>supportedRegions</code>, <code>privateLinkServiceUrl</code>, and so on. </p>"
     },
+    "ConnectorMode":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
+    "ConnectorModeList":{
+      "type":"list",
+      "member":{"shape":"ConnectorMode"}
+    },
+    "ConnectorName":{
+      "type":"string",
+      "max":256,
+      "pattern":".*"
+    },
     "ConnectorOAuthRequest":{
       "type":"structure",
       "members":{
@@ -771,10 +1118,19 @@
         "SAPOData":{
           "shape":"SAPODataConnectorOperator",
           "documentation":"<p> The operation to be performed on the provided SAPOData source fields. </p>"
+        },
+        "CustomConnector":{
+          "shape":"Operator",
+          "documentation":"<p>Operators supported by the custom connector.</p>"
         }
       },
       "documentation":"<p> The operation to be performed on the provided source fields. </p>"
     },
+    "ConnectorOwner":{
+      "type":"string",
+      "max":256,
+      "pattern":".*"
+    },
     "ConnectorProfile":{
       "type":"structure",
       "members":{
@@ -790,6 +1146,10 @@
           "shape":"ConnectorType",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label for the connector profile being created.</p>"
+        },
         "connectionMode":{
           "shape":"ConnectionMode",
           "documentation":"<p> Indicates the connection mode and if it is public or private. </p>"
@@ -820,7 +1180,7 @@
     "ConnectorProfileArn":{
       "type":"string",
       "max":512,
-      "pattern":"arn:aws:kms:.*:[0-9]+:.*"
+      "pattern":"arn:aws:appflow:.*:[0-9]+:.*"
     },
     "ConnectorProfileConfig":{
       "type":"structure",
@@ -907,7 +1267,8 @@
           "shape":"ZendeskConnectorProfileCredentials",
           "documentation":"<p> The connector-specific credentials required when using Zendesk. </p>"
         },
-        "SAPOData":{"shape":"SAPODataConnectorProfileCredentials"}
+        "SAPOData":{"shape":"SAPODataConnectorProfileCredentials"},
+        "CustomConnector":{"shape":"CustomConnectorProfileCredentials"}
       },
       "documentation":"<p> The connector-specific credentials required by a connector. </p>"
     },
@@ -993,10 +1354,77 @@
           "shape":"ZendeskConnectorProfileProperties",
           "documentation":"<p> The connector-specific properties required by Zendesk. </p>"
         },
-        "SAPOData":{"shape":"SAPODataConnectorProfileProperties"}
+        "SAPOData":{"shape":"SAPODataConnectorProfileProperties"},
+        "CustomConnector":{
+          "shape":"CustomConnectorProfileProperties",
+          "documentation":"<p>The properties required by the custom connector.</p>"
+        }
       },
       "documentation":"<p> The connector-specific profile properties required by each connector. </p>"
     },
+    "ConnectorProvisioningConfig":{
+      "type":"structure",
+      "members":{
+        "lambda":{
+          "shape":"LambdaConnectorProvisioningConfig",
+          "documentation":"<p>Contains information about the configuration of the lambda which is being registered as the connector.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the configuration of the connector being registered.</p>"
+    },
+    "ConnectorProvisioningType":{
+      "type":"string",
+      "documentation":"<p>The type of provisioning that the connector supports, such as Lambda.</p>",
+      "enum":["LAMBDA"]
+    },
+    "ConnectorRuntimeSetting":{
+      "type":"structure",
+      "members":{
+        "key":{
+          "shape":"Key",
+          "documentation":"<p>Contains value information about the connector runtime setting.</p>"
+        },
+        "dataType":{
+          "shape":"ConnectorRuntimeSettingDataType",
+          "documentation":"<p>Data type of the connector runtime setting.</p>"
+        },
+        "isRequired":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this connector runtime setting is required.</p>"
+        },
+        "label":{
+          "shape":"Label",
+          "documentation":"<p>A label used for connector runtime setting.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description about the connector runtime setting.</p>"
+        },
+        "scope":{
+          "shape":"ConnectorRuntimeSettingScope",
+          "documentation":"<p>Indicates the scope of the connector runtime setting.</p>"
+        },
+        "connectorSuppliedValueOptions":{
+          "shape":"ConnectorSuppliedValueOptionList",
+          "documentation":"<p>Contains default values for the connector runtime setting that are supplied by the connector.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the connector runtime settings that are required for flow execution.</p>"
+    },
+    "ConnectorRuntimeSettingDataType":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
+    "ConnectorRuntimeSettingList":{
+      "type":"list",
+      "member":{"shape":"ConnectorRuntimeSetting"}
+    },
+    "ConnectorRuntimeSettingScope":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
     "ConnectorServerException":{
       "type":"structure",
       "members":{
@@ -1006,6 +1434,19 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "ConnectorSuppliedValue":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
+    "ConnectorSuppliedValueList":{
+      "type":"list",
+      "member":{"shape":"ConnectorSuppliedValue"}
+    },
+    "ConnectorSuppliedValueOptionList":{
+      "type":"list",
+      "member":{"shape":"ConnectorSuppliedValue"}
+    },
     "ConnectorType":{
       "type":"string",
       "enum":[
@@ -1030,7 +1471,8 @@
         "Upsolver",
         "Honeycode",
         "CustomerProfiles",
-        "SAPOData"
+        "SAPOData",
+        "CustomConnector"
       ]
     },
     "ConnectorTypeList":{
@@ -1039,6 +1481,11 @@
       "max":100,
       "min":0
     },
+    "ConnectorVersion":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
     "CreateConnectorProfileRequest":{
       "type":"structure",
       "required":[
@@ -1060,6 +1507,10 @@
           "shape":"ConnectorType",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label of the connector. The label is unique for each <code>ConnectorRegistration</code> in your Amazon Web Services account. Only needed if calling for CUSTOMCONNECTOR connector type/.</p>"
+        },
         "connectionMode":{
           "shape":"ConnectionMode",
           "documentation":"<p> Indicates the connection mode and specifies whether it is public or private. Private flows use Amazon Web Services PrivateLink to route data over Amazon Web Services infrastructure without exposing it to the public internet. </p>"
@@ -1141,6 +1592,162 @@
       "max":256,
       "pattern":"\\S+"
     },
+    "CredentialsMap":{
+      "type":"map",
+      "key":{"shape":"CredentialsMapKey"},
+      "value":{"shape":"CredentialsMapValue"},
+      "max":50,
+      "min":0
+    },
+    "CredentialsMapKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[\\w]+",
+      "sensitive":true
+    },
+    "CredentialsMapValue":{
+      "type":"string",
+      "max":2048,
+      "pattern":"\\S+",
+      "sensitive":true
+    },
+    "CustomAuthConfig":{
+      "type":"structure",
+      "members":{
+        "customAuthenticationType":{
+          "shape":"CustomAuthenticationType",
+          "documentation":"<p>The authentication type that the custom connector uses.</p>"
+        },
+        "authParameters":{
+          "shape":"AuthParameterList",
+          "documentation":"<p>Information about authentication parameters required for authentication.</p>"
+        }
+      },
+      "documentation":"<p>Configuration information required for custom authentication.</p>"
+    },
+    "CustomAuthConfigList":{
+      "type":"list",
+      "member":{"shape":"CustomAuthConfig"}
+    },
+    "CustomAuthCredentials":{
+      "type":"structure",
+      "required":["customAuthenticationType"],
+      "members":{
+        "customAuthenticationType":{
+          "shape":"CustomAuthenticationType",
+          "documentation":"<p>The custom authentication type that the connector uses.</p>"
+        },
+        "credentialsMap":{
+          "shape":"CredentialsMap",
+          "documentation":"<p>A map that holds custom authentication credentials.</p>"
+        }
+      },
+      "documentation":"<p>The custom credentials required for custom authentication.</p>"
+    },
+    "CustomAuthenticationType":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
+    "CustomConnectorDestinationProperties":{
+      "type":"structure",
+      "required":["entityName"],
+      "members":{
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The entity specified in the custom connector as a destination in the flow.</p>"
+        },
+        "errorHandlingConfig":{
+          "shape":"ErrorHandlingConfig",
+          "documentation":"<p>The settings that determine how Amazon AppFlow handles an error when placing data in the custom connector as destination.</p>"
+        },
+        "writeOperationType":{
+          "shape":"WriteOperationType",
+          "documentation":"<p>Specifies the type of write operation to be performed in the custom connector when it's used as destination.</p>"
+        },
+        "idFieldNames":{
+          "shape":"IdFieldNameList",
+          "documentation":"<p>The name of the field that Amazon AppFlow uses as an ID when performing a write operation such as update, delete, or upsert.</p>"
+        },
+        "customProperties":{
+          "shape":"CustomProperties",
+          "documentation":"<p>The custom properties that are specific to the connector when it's used as a destination in the flow.</p>"
+        }
+      },
+      "documentation":"<p>The properties that are applied when the custom connector is being used as a destination.</p>"
+    },
+    "CustomConnectorProfileCredentials":{
+      "type":"structure",
+      "required":["authenticationType"],
+      "members":{
+        "authenticationType":{
+          "shape":"AuthenticationType",
+          "documentation":"<p>The authentication type that the custom connector uses for authenticating while creating a connector profile.</p>"
+        },
+        "basic":{
+          "shape":"BasicAuthCredentials",
+          "documentation":"<p>The basic credentials that are required for the authentication of the user.</p>"
+        },
+        "oauth2":{
+          "shape":"OAuth2Credentials",
+          "documentation":"<p>The OAuth 2.0 credentials required for the authentication of the user.</p>"
+        },
+        "apiKey":{
+          "shape":"ApiKeyCredentials",
+          "documentation":"<p>The API keys required for the authentication of the user.</p>"
+        },
+        "custom":{
+          "shape":"CustomAuthCredentials",
+          "documentation":"<p>If the connector uses the custom authentication mechanism, this holds the required credentials.</p>"
+        }
+      },
+      "documentation":"<p>The connector-specific profile credentials that are required when using the custom connector.</p>"
+    },
+    "CustomConnectorProfileProperties":{
+      "type":"structure",
+      "members":{
+        "profileProperties":{
+          "shape":"ProfilePropertiesMap",
+          "documentation":"<p>A map of properties that are required to create a profile for the custom connector.</p>"
+        },
+        "oAuth2Properties":{"shape":"OAuth2Properties"}
+      },
+      "documentation":"<p>The profile properties required by the custom connector.</p>"
+    },
+    "CustomConnectorSourceProperties":{
+      "type":"structure",
+      "required":["entityName"],
+      "members":{
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The entity specified in the custom connector as a source in the flow.</p>"
+        },
+        "customProperties":{
+          "shape":"CustomProperties",
+          "documentation":"<p>Custom properties that are required to use the custom connector as a source.</p>"
+        }
+      },
+      "documentation":"<p>The properties that are applied when the custom connector is being used as a source.</p>"
+    },
+    "CustomProperties":{
+      "type":"map",
+      "key":{"shape":"CustomPropertyKey"},
+      "value":{"shape":"CustomPropertyValue"},
+      "max":50,
+      "min":0
+    },
+    "CustomPropertyKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[\\w]+"
+    },
+    "CustomPropertyValue":{
+      "type":"string",
+      "max":2048,
+      "pattern":"\\S+"
+    },
     "CustomerProfilesDestinationProperties":{
       "type":"structure",
       "required":["domainName"],
@@ -1289,7 +1896,7 @@
       "required":["connectorEntityName"],
       "members":{
         "connectorEntityName":{
-          "shape":"Name",
+          "shape":"EntityName",
           "documentation":"<p> The entity name for that connector. </p>"
         },
         "connectorType":{
@@ -1299,6 +1906,10 @@
         "connectorProfileName":{
           "shape":"ConnectorProfileName",
           "documentation":"<p> The name of the connector profile. The name is unique for each <code>ConnectorProfile</code> in the Amazon Web Services account. </p>"
+        },
+        "apiVersion":{
+          "shape":"ApiVersion",
+          "documentation":"<p>The version of the API that's used by the connector.</p>"
         }
       }
     },
@@ -1323,6 +1934,10 @@
           "shape":"ConnectorType",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The name of the connector. The name is unique for each <code>ConnectorRegistration</code> in your Amazon Web Services account. Only needed if calling for CUSTOMCONNECTOR connector type/.</p>"
+        },
         "maxResults":{
           "shape":"MaxResults",
           "documentation":"<p> Specifies the maximum number of items that should be returned in the result set. The default for <code>maxResults</code> is 20 (for all paginated API operations). </p>"
@@ -1346,6 +1961,29 @@
         }
       }
     },
+    "DescribeConnectorRequest":{
+      "type":"structure",
+      "required":["connectorType"],
+      "members":{
+        "connectorType":{
+          "shape":"ConnectorType",
+          "documentation":"<p>The connector type, such as CUSTOMCONNECTOR, Saleforce, Marketo. Please choose CUSTOMCONNECTOR for Lambda based custom connectors.</p>"
+        },
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label of the connector. The label is unique for each <code>ConnectorRegistration</code> in your Amazon Web Services account. Only needed if calling for CUSTOMCONNECTOR connector type/.</p>"
+        }
+      }
+    },
+    "DescribeConnectorResponse":{
+      "type":"structure",
+      "members":{
+        "connectorConfiguration":{
+          "shape":"ConnectorConfiguration",
+          "documentation":"<p>Configuration info of all the connectors that the user requested.</p>"
+        }
+      }
+    },
     "DescribeConnectorsRequest":{
       "type":"structure",
       "members":{
@@ -1353,6 +1991,10 @@
           "shape":"ConnectorTypeList",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of items that should be returned in the result set. The default is 20.</p>"
+        },
         "nextToken":{
           "shape":"NextToken",
           "documentation":"<p> The pagination token for the next page of data. </p>"
@@ -1366,6 +2008,10 @@
           "shape":"ConnectorConfigurationsMap",
           "documentation":"<p> The configuration that is applied to the connectors used in the flow. </p>"
         },
+        "connectors":{
+          "shape":"ConnectorList",
+          "documentation":"<p>Information about the connectors supported in Amazon AppFlow.</p>"
+        },
         "nextToken":{
           "shape":"NextToken",
           "documentation":"<p> The pagination token for the next page of data. </p>"
@@ -1529,6 +2175,10 @@
         "Zendesk":{
           "shape":"ZendeskDestinationProperties",
           "documentation":"<p>The properties required to query Zendesk.</p>"
+        },
+        "CustomConnector":{
+          "shape":"CustomConnectorDestinationProperties",
+          "documentation":"<p>The properties that are required to query the custom Connector.</p>"
         }
       },
       "documentation":"<p> This stores the information that is required to query a particular connector. </p>"
@@ -1557,6 +2207,10 @@
           "shape":"Boolean",
           "documentation":"<p> Specifies whether the field can be updated during an <code>UPDATE</code> or <code>UPSERT</code> write operation. </p>"
         },
+        "isDefaultedOnCreate":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether the field can use the default value during a Create operation.</p>"
+        },
         "supportedWriteOperations":{
           "shape":"SupportedWriteOperationList",
           "documentation":"<p> A list of supported write operations. For each write operation listed, this field can be used in <code>idFieldNames</code> when that write operation is present as a destination option. </p>"
@@ -1575,6 +2229,10 @@
           "shape":"ConnectorType",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "apiVersion":{
+          "shape":"ApiVersion",
+          "documentation":"<p>The API version that the destination connector uses.</p>"
+        },
         "connectorProfileName":{
           "shape":"ConnectorProfileName",
           "documentation":"<p> The name of the connector profile. This name must be unique for each connector profile in the Amazon Web Services account. </p>"
@@ -1600,6 +2258,7 @@
       "max":64,
       "pattern":"\\S+"
     },
+    "Double":{"type":"double"},
     "DynatraceConnectorOperator":{
       "type":"string",
       "enum":[
@@ -1664,6 +2323,11 @@
       "max":256,
       "pattern":"[\\s\\w/!@#+=.-]*"
     },
+    "EntityName":{
+      "type":"string",
+      "max":1024,
+      "pattern":"\\S+"
+    },
     "ErrorHandlingConfig":{
       "type":"structure",
       "members":{
@@ -1830,6 +2494,22 @@
         "supportedValues":{
           "shape":"SupportedValueList",
           "documentation":"<p> The list of values that a field can contain. For example, a Boolean <code>fieldType</code> can have two values: \"true\" and \"false\". </p>"
+        },
+        "valueRegexPattern":{
+          "shape":"String",
+          "documentation":"<p>The regular expression pattern for the field name.</p>"
+        },
+        "supportedDateFormat":{
+          "shape":"String",
+          "documentation":"<p>The date format that the field supports.</p>"
+        },
+        "fieldValueRange":{
+          "shape":"Range",
+          "documentation":"<p>The range of values this field can hold.</p>"
+        },
+        "fieldLengthRange":{
+          "shape":"Range",
+          "documentation":"<p>This is the allowable length range for this field's value.</p>"
         }
       },
       "documentation":"<p> Contains details regarding the supported field type and the operators that can be applied for filtering. </p>"
@@ -1874,10 +2554,18 @@
           "shape":"ConnectorType",
           "documentation":"<p> Specifies the source connector type, such as Salesforce, Amazon S3, Amplitude, and so on. </p>"
         },
+        "sourceConnectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label of the source connector in the flow.</p>"
+        },
         "destinationConnectorType":{
           "shape":"ConnectorType",
           "documentation":"<p> Specifies the destination connector type, such as Salesforce, Amazon S3, Amplitude, and so on. </p>"
         },
+        "destinationConnectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label of the destination connector in the flow.</p>"
+        },
         "triggerType":{
           "shape":"TriggerType",
           "documentation":"<p> Specifies the type of flow trigger. This can be <code>OnDemand</code>, <code>Scheduled</code>, or <code>Event</code>. </p>"
@@ -2059,7 +2747,6 @@
       "type":"list",
       "member":{"shape":"Name"},
       "documentation":"<p> A list of field names that can be used as an ID field when performing a write operation. </p>",
-      "max":1,
       "min":0
     },
     "Identifier":{
@@ -2183,6 +2870,17 @@
       "max":128,
       "pattern":".*"
     },
+    "LambdaConnectorProvisioningConfig":{
+      "type":"structure",
+      "required":["lambdaArn"],
+      "members":{
+        "lambdaArn":{
+          "shape":"ARN",
+          "documentation":"<p>Lambda ARN of the connector being registered.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the configuration of the lambda which is being registered as the connector.</p>"
+    },
     "ListConnectorEntitiesRequest":{
       "type":"structure",
       "members":{
@@ -2197,6 +2895,10 @@
         "entitiesPath":{
           "shape":"EntitiesPath",
           "documentation":"<p> This optional parameter is specific to connector implementation. Some connectors support multiple levels or categories of entities. You can find out the list of roots for such providers by sending a request without the <code>entitiesPath</code> parameter. If the connector supports entities at different roots, this initial request returns the list of roots. Otherwise, this request returns all entities supported by the provider. </p>"
+        },
+        "apiVersion":{
+          "shape":"ApiVersion",
+          "documentation":"<p>The version of the API that's used by the connector.</p>"
         }
       }
     },
@@ -2210,6 +2912,32 @@
         }
       }
     },
+    "ListConnectorsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Specifies the maximum number of items that should be returned in the result set. The default for <code>maxResults</code> is 20 (for all paginated API operations).</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The pagination token for the next page of data.</p>"
+        }
+      }
+    },
+    "ListConnectorsResponse":{
+      "type":"structure",
+      "members":{
+        "connectors":{
+          "shape":"ConnectorList",
+          "documentation":"<p>Contains information about the connectors supported by Amazon AppFlow.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The pagination token for the next page of data. If nextToken=null, this means that all records have been fetched.</p>"
+        }
+      }
+    },
     "ListFlowsRequest":{
       "type":"structure",
       "members":{
@@ -2257,6 +2985,11 @@
         }
       }
     },
+    "LogoURL":{
+      "type":"string",
+      "max":256,
+      "pattern":"^(https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"
+    },
     "LogonLanguage":{
       "type":"string",
       "max":2,
@@ -2364,6 +3097,80 @@
       "max":2048,
       "pattern":"\\S+"
     },
+    "OAuth2Credentials":{
+      "type":"structure",
+      "members":{
+        "clientId":{
+          "shape":"ClientId",
+          "documentation":"<p>The identifier for the desired client.</p>"
+        },
+        "clientSecret":{
+          "shape":"ClientSecret",
+          "documentation":"<p>The client secret used by the OAuth client to authenticate to the authorization server.</p>"
+        },
+        "accessToken":{
+          "shape":"AccessToken",
+          "documentation":"<p>The access token used to access the connector on your behalf.</p>"
+        },
+        "refreshToken":{
+          "shape":"RefreshToken",
+          "documentation":"<p>The refresh token used to refresh an expired access token.</p>"
+        },
+        "oAuthRequest":{"shape":"ConnectorOAuthRequest"}
+      },
+      "documentation":"<p>The OAuth 2.0 credentials required for OAuth 2.0 authentication.</p>"
+    },
+    "OAuth2Defaults":{
+      "type":"structure",
+      "members":{
+        "oauthScopes":{
+          "shape":"OAuthScopeList",
+          "documentation":"<p>OAuth 2.0 scopes that the connector supports.</p>"
+        },
+        "tokenUrls":{
+          "shape":"TokenUrlList",
+          "documentation":"<p>Token URLs that can be used for OAuth 2.0 authentication.</p>"
+        },
+        "authCodeUrls":{
+          "shape":"AuthCodeUrlList",
+          "documentation":"<p>Auth code URLs that can be used for OAuth 2.0 authentication.</p>"
+        },
+        "oauth2GrantTypesSupported":{
+          "shape":"OAuth2GrantTypeSupportedList",
+          "documentation":"<p>OAuth 2.0 grant types supported by the connector.</p>"
+        }
+      },
+      "documentation":"<p>Contains the default values required for OAuth 2.0 authentication.</p>"
+    },
+    "OAuth2GrantType":{
+      "type":"string",
+      "enum":[
+        "CLIENT_CREDENTIALS",
+        "AUTHORIZATION_CODE"
+      ]
+    },
+    "OAuth2GrantTypeSupportedList":{
+      "type":"list",
+      "member":{"shape":"OAuth2GrantType"}
+    },
+    "OAuth2Properties":{
+      "type":"structure",
+      "required":[
+        "tokenUrl",
+        "oAuth2GrantType"
+      ],
+      "members":{
+        "tokenUrl":{
+          "shape":"TokenUrl",
+          "documentation":"<p>The token URL required for OAuth 2.0 authentication.</p>"
+        },
+        "oAuth2GrantType":{
+          "shape":"OAuth2GrantType",
+          "documentation":"<p>The OAuth 2.0 grant type used by connector for OAuth 2.0 authentication.</p>"
+        }
+      },
+      "documentation":"<p>The OAuth 2.0 properties required for OAuth 2.0 authentication.</p>"
+    },
     "OAuthCredentials":{
       "type":"structure",
       "required":[
@@ -2420,7 +3227,7 @@
     "OAuthScope":{
       "type":"string",
       "max":128,
-      "pattern":"[/\\w]*"
+      "pattern":"\\S+"
     },
     "OAuthScopeList":{
       "type":"list",
@@ -2482,6 +3289,32 @@
         "EXCLUDE_SOURCE_FIELDS_LIST"
       ]
     },
+    "Operators":{
+      "type":"string",
+      "enum":[
+        "PROJECTION",
+        "LESS_THAN",
+        "GREATER_THAN",
+        "CONTAINS",
+        "BETWEEN",
+        "LESS_THAN_OR_EQUAL_TO",
+        "GREATER_THAN_OR_EQUAL_TO",
+        "EQUAL_TO",
+        "NOT_EQUAL_TO",
+        "ADDITION",
+        "MULTIPLICATION",
+        "DIVISION",
+        "SUBTRACTION",
+        "MASK_ALL",
+        "MASK_FIRST_N",
+        "MASK_LAST_N",
+        "VALIDATE_NON_NULL",
+        "VALIDATE_NON_ZERO",
+        "VALIDATE_NON_NEGATIVE",
+        "VALIDATE_NUMERIC",
+        "NO_OP"
+      ]
+    },
     "Password":{
       "type":"string",
       "max":512,
@@ -2571,11 +3404,43 @@
       "max":512,
       "pattern":"^$|com.amazonaws.vpce.[\\w/!:@#.\\-]+"
     },
+    "ProfilePropertiesMap":{
+      "type":"map",
+      "key":{"shape":"ProfilePropertyKey"},
+      "value":{"shape":"ProfilePropertyValue"},
+      "max":50,
+      "min":0
+    },
+    "ProfilePropertyKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[\\w]+"
+    },
+    "ProfilePropertyValue":{
+      "type":"string",
+      "max":2048,
+      "pattern":"\\S+"
+    },
     "Property":{
       "type":"string",
       "max":2048,
       "pattern":".+"
     },
+    "Range":{
+      "type":"structure",
+      "members":{
+        "maximum":{
+          "shape":"Double",
+          "documentation":"<p>Maximum value supported by the field.</p>"
+        },
+        "minimum":{
+          "shape":"Double",
+          "documentation":"<p>Minimum value supported by the field.</p>"
+        }
+      },
+      "documentation":"<p>The range of values that the property supports.</p>"
+    },
     "RedirectUri":{
       "type":"string",
       "max":512,
@@ -2660,7 +3525,7 @@
     },
     "RefreshToken":{
       "type":"string",
-      "max":512,
+      "max":1024,
       "pattern":"\\S+"
     },
     "Region":{
@@ -2672,6 +3537,41 @@
       "type":"list",
       "member":{"shape":"Region"}
     },
+    "RegisterConnectorRequest":{
+      "type":"structure",
+      "members":{
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p> The name of the connector. The name is unique for each <code>ConnectorRegistration</code> in your Amazon Web Services account.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description about the connector that's being registered.</p>"
+        },
+        "connectorProvisioningType":{
+          "shape":"ConnectorProvisioningType",
+          "documentation":"<p>The provisioning type of the connector. Currently the only supported value is LAMBDA. </p>"
+        },
+        "connectorProvisioningConfig":{
+          "shape":"ConnectorProvisioningConfig",
+          "documentation":"<p>The provisioning type of the connector. Currently the only supported value is LAMBDA.</p>"
+        }
+      }
+    },
+    "RegisterConnectorResponse":{
+      "type":"structure",
+      "members":{
+        "connectorArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the connector being registered.</p>"
+        }
+      }
+    },
+    "RegisteredBy":{
+      "type":"string",
+      "max":512,
+      "pattern":"\\S+"
+    },
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
@@ -3427,7 +4327,8 @@
           "shape":"ZendeskSourceProperties",
           "documentation":"<p> Specifies the information that is required for querying Zendesk. </p>"
         },
-        "SAPOData":{"shape":"SAPODataSourceProperties"}
+        "SAPOData":{"shape":"SAPODataSourceProperties"},
+        "CustomConnector":{"shape":"CustomConnectorSourceProperties"}
       },
       "documentation":"<p> Specifies the information that is required to query a particular connector. </p>"
     },
@@ -3441,6 +4342,10 @@
         "isQueryable":{
           "shape":"Boolean",
           "documentation":"<p> Indicates if the field can be queried. </p>"
+        },
+        "isTimestampFieldForIncrementalQueries":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates if this timestamp field can be used for incremental queries.</p>"
         }
       },
       "documentation":"<p> The properties that can be applied to a field when the connector is being used as a source. </p>"
@@ -3460,6 +4365,10 @@
           "shape":"ConnectorType",
           "documentation":"<p> The type of connector, such as Salesforce, Amplitude, and so on. </p>"
         },
+        "apiVersion":{
+          "shape":"ApiVersion",
+          "documentation":"<p>The API version of the connector when it's used as a source in the flow.</p>"
+        },
         "connectorProfileName":{
           "shape":"ConnectorProfileName",
           "documentation":"<p> The name of the connector profile. This name must be unique for each connector profile in the Amazon Web Services account. </p>"
@@ -3535,6 +4444,15 @@
       "max":2048,
       "pattern":".*"
     },
+    "SupportedApiVersion":{
+      "type":"string",
+      "max":256,
+      "pattern":"\\S+"
+    },
+    "SupportedApiVersionList":{
+      "type":"list",
+      "member":{"shape":"SupportedApiVersion"}
+    },
     "SupportedFieldTypeDetails":{
       "type":"structure",
       "required":["v1"],
@@ -3546,6 +4464,10 @@
       },
       "documentation":"<p> Contains details regarding all the supported <code>FieldTypes</code> and their corresponding <code>filterOperators</code> and <code>supportedValues</code>. </p>"
     },
+    "SupportedOperatorList":{
+      "type":"list",
+      "member":{"shape":"Operators"}
+    },
     "SupportedValueList":{
       "type":"list",
       "member":{"shape":"Value"}
@@ -3654,6 +4576,15 @@
       "type":"list",
       "member":{"shape":"Task"}
     },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>API calls have exceeded the maximum allowed API request rate per account and per Region. </p>",
+      "error":{"httpStatusCode":429},
+      "exception":true
+    },
     "Timezone":{
       "type":"string",
       "max":256,
@@ -3664,6 +4595,10 @@
       "max":256,
       "pattern":"^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]"
     },
+    "TokenUrlList":{
+      "type":"list",
+      "member":{"shape":"TokenUrl"}
+    },
     "TrendmicroConnectorOperator":{
       "type":"string",
       "enum":[
@@ -3754,6 +4689,25 @@
       "type":"list",
       "member":{"shape":"TriggerType"}
     },
+    "UnregisterConnectorRequest":{
+      "type":"structure",
+      "required":["connectorLabel"],
+      "members":{
+        "connectorLabel":{
+          "shape":"ConnectorLabel",
+          "documentation":"<p>The label of the connector. The label is unique for each <code>ConnectorRegistration</code> in your Amazon Web Services account.</p>"
+        },
+        "forceDelete":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether Amazon AppFlow should unregister the connector, even if it is currently in use in one or more connector profiles. The default value is false.</p>"
+        }
+      }
+    },
+    "UnregisterConnectorResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UnsupportedOperationException":{
       "type":"structure",
       "members":{
@@ -4032,7 +4986,8 @@
       "enum":[
         "INSERT",
         "UPSERT",
-        "UPDATE"
+        "UPDATE",
+        "DELETE"
       ]
     },
     "ZendeskConnectorOperator":{
diff --git a/contrib/python/botocore/py3/botocore/data/application-insights/2018-11-25/service-2.json b/contrib/python/botocore/py3/botocore/data/application-insights/2018-11-25/service-2.json
index 004ca5bbf75..0fbc10b8d17 100644
--- a/contrib/python/botocore/py3/botocore/data/application-insights/2018-11-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/application-insights/2018-11-25/service-2.json
@@ -1786,11 +1786,12 @@
         "POSTGRESQL",
         "JAVA_JMX",
         "ORACLE",
-        "SAP_HANA",
         "SAP_HANA_MULTI_NODE",
         "SAP_HANA_SINGLE_NODE",
         "SAP_HANA_HIGH_AVAILABILITY",
-        "SQL_SERVER_FAILOVER_CLUSTER_INSTANCE"
+        "SQL_SERVER_FAILOVER_CLUSTER_INSTANCE",
+        "SHAREPOINT",
+        "ACTIVE_DIRECTORY"
       ],
       "max":50,
       "min":1
diff --git a/contrib/python/botocore/py3/botocore/data/apprunner/2020-05-15/service-2.json b/contrib/python/botocore/py3/botocore/data/apprunner/2020-05-15/service-2.json
index 7b36b8ac511..b579aa78afc 100644
--- a/contrib/python/botocore/py3/botocore/data/apprunner/2020-05-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/apprunner/2020-05-15/service-2.json
@@ -41,7 +41,7 @@
         {"shape":"InternalServiceErrorException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Create an App Runner automatic scaling configuration resource. App Runner requires this resource when you create App Runner services that require non-default auto scaling settings. You can share an auto scaling configuration across multiple services.</p> <p>Create multiple revisions of a configuration by using the same <code>AutoScalingConfigurationName</code> and different <code>AutoScalingConfigurationRevision</code> values. When you create a service, you can set it to use the latest active revision of an auto scaling configuration or a specific revision.</p> <p>Configure a higher <code>MinSize</code> to increase the spread of your App Runner service over more Availability Zones in the Amazon Web Services Region. The tradeoff is a higher minimal cost.</p> <p>Configure a lower <code>MaxSize</code> to control your cost. The tradeoff is lower responsiveness during peak demand.</p>"
+      "documentation":"<p>Create an App Runner automatic scaling configuration resource. App Runner requires this resource when you create App Runner services that require non-default auto scaling settings. You can share an auto scaling configuration across multiple services.</p> <p>Create multiple revisions of a configuration by calling this action multiple times using the same <code>AutoScalingConfigurationName</code>. The call returns incremental <code>AutoScalingConfigurationRevision</code> values. When you create a service, you can set it to use the latest active revision of an auto scaling configuration or a specific revision.</p> <p>Configure a higher <code>MinSize</code> to increase the spread of your App Runner service over more Availability Zones in the Amazon Web Services Region. The tradeoff is a higher minimal cost.</p> <p>Configure a lower <code>MaxSize</code> to control your cost. The tradeoff is lower responsiveness during peak demand.</p>"
     },
     "CreateConnection":{
       "name":"CreateConnection",
@@ -73,6 +73,21 @@
       ],
       "documentation":"<p>Create an App Runner service. After the service is created, the action also automatically starts a deployment.</p> <p>This is an asynchronous operation. On a successful call, you can use the returned <code>OperationId</code> and the <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_ListOperations.html\">ListOperations</a> call to track the operation's progress.</p>"
     },
+    "CreateVpcConnector":{
+      "name":"CreateVpcConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateVpcConnectorRequest"},
+      "output":{"shape":"CreateVpcConnectorResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceErrorException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Create an App Runner VPC connector resource. App Runner requires this resource when you want to associate your App Runner service to a custom Amazon Virtual Private Cloud (Amazon VPC).</p>"
+    },
     "DeleteAutoScalingConfiguration":{
       "name":"DeleteAutoScalingConfiguration",
       "http":{
@@ -119,6 +134,21 @@
       ],
       "documentation":"<p>Delete an App Runner service.</p> <p>This is an asynchronous operation. On a successful call, you can use the returned <code>OperationId</code> and the <a>ListOperations</a> call to track the operation's progress.</p>"
     },
+    "DeleteVpcConnector":{
+      "name":"DeleteVpcConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteVpcConnectorRequest"},
+      "output":{"shape":"DeleteVpcConnectorResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceErrorException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Delete an App Runner VPC connector resource. You can't delete a connector that's used by one or more App Runner services.</p>"
+    },
     "DescribeAutoScalingConfiguration":{
       "name":"DescribeAutoScalingConfiguration",
       "http":{
@@ -164,6 +194,21 @@
       ],
       "documentation":"<p>Return a full description of an App Runner service.</p>"
     },
+    "DescribeVpcConnector":{
+      "name":"DescribeVpcConnector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeVpcConnectorRequest"},
+      "output":{"shape":"DescribeVpcConnectorResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceErrorException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Return a description of an App Runner VPC connector resource.</p>"
+    },
     "DisassociateCustomDomain":{
       "name":"DisassociateCustomDomain",
       "http":{
@@ -253,6 +298,20 @@
       ],
       "documentation":"<p>List tags that are associated with for an App Runner resource. The response contains a list of tag key-value pairs.</p>"
     },
+    "ListVpcConnectors":{
+      "name":"ListVpcConnectors",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListVpcConnectorsRequest"},
+      "output":{"shape":"ListVpcConnectorsResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceErrorException"}
+      ],
+      "documentation":"<p>Returns a list of App Runner VPC connectors in your Amazon Web Services account.</p>"
+    },
     "PauseService":{
       "name":"PauseService",
       "http":{
@@ -472,7 +531,7 @@
           "documentation":"<p>The time when the auto scaling configuration was deleted. It's in Unix time stamp format.</p>"
         }
       },
-      "documentation":"<p>Describes an App Runner automatic scaling configuration resource. Multiple revisions of a configuration have the same <code>AutoScalingConfigurationName</code> and different <code>AutoScalingConfigurationRevision</code> values.</p> <p>A higher <code>MinSize</code> increases the spread of your App Runner service over more Availability Zones in the Amazon Web Services Region. The tradeoff is a higher minimal cost.</p> <p>A lower <code>MaxSize</code> controls your cost. The tradeoff is lower responsiveness during peak demand.</p>"
+      "documentation":"<p>Describes an App Runner automatic scaling configuration resource.</p> <p>A higher <code>MinSize</code> increases the spread of your App Runner service over more Availability Zones in the Amazon Web Services Region. The tradeoff is a higher minimal cost.</p> <p>A lower <code>MaxSize</code> controls your cost. The tradeoff is lower responsiveness during peak demand.</p> <p>Multiple revisions of a configuration might have the same <code>AutoScalingConfigurationName</code> and different <code>AutoScalingConfigurationRevision</code> values.</p>"
     },
     "AutoScalingConfigurationName":{
       "type":"string",
@@ -512,6 +571,7 @@
     "Boolean":{"type":"boolean"},
     "BuildCommand":{
       "type":"string",
+      "pattern":"[^\\x0a\\x0d]+",
       "sensitive":true
     },
     "CertificateValidationRecord":{
@@ -702,7 +762,7 @@
       "members":{
         "AutoScalingConfigurationName":{
           "shape":"AutoScalingConfigurationName",
-          "documentation":"<p>A name for the auto scaling configuration. When you use it for the first time in an Amazon Web Services Region, App Runner creates revision number <code>1</code> of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration.</p>"
+          "documentation":"<p>A name for the auto scaling configuration. When you use it for the first time in an Amazon Web Services Region, App Runner creates revision number <code>1</code> of this name. When you use the same name in subsequent calls, App Runner creates incremental revisions of the configuration.</p> <note> <p>The name <code>DefaultConfiguration</code> is reserved (it's the configuration that App Runner uses if you don't provide a custome one). You can't use it to create a new auto scaling configuration, and you can't create a revision of it.</p> <p>When you want to use your own auto scaling configuration for your App Runner service, <i>create a configuration with a different name</i>, and then provide it when you create or update your service.</p> </note>"
         },
         "MaxConcurrency":{
           "shape":"ASConfigMaxConcurrency",
@@ -772,7 +832,7 @@
       "members":{
         "ServiceName":{
           "shape":"ServiceName",
-          "documentation":"<p>A name for the new service. It must be unique across all the running App Runner services in your Amazon Web Services account in the Amazon Web Services Region.</p>"
+          "documentation":"<p>A name for the App Runner service. It must be unique across all the running App Runner services in your Amazon Web Services account in the Amazon Web Services Region.</p>"
         },
         "SourceConfiguration":{
           "shape":"SourceConfiguration",
@@ -784,19 +844,23 @@
         },
         "Tags":{
           "shape":"TagList",
-          "documentation":"<p>An optional list of metadata items that you can associate with your service resource. A tag is a key-value pair.</p>"
+          "documentation":"<p>An optional list of metadata items that you can associate with the App Runner service resource. A tag is a key-value pair.</p>"
         },
         "EncryptionConfiguration":{
           "shape":"EncryptionConfiguration",
-          "documentation":"<p>An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an Amazon Web Services managed CMK.</p>"
+          "documentation":"<p>An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an Amazon Web Services managed key.</p>"
         },
         "HealthCheckConfiguration":{
           "shape":"HealthCheckConfiguration",
-          "documentation":"<p>The settings for the health check that App Runner performs to monitor the health of your service.</p>"
+          "documentation":"<p>The settings for the health check that App Runner performs to monitor the health of the App Runner service.</p>"
         },
         "AutoScalingConfigurationArn":{
           "shape":"AppRunnerResourceArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an App Runner automatic scaling configuration resource that you want to associate with the App Runner service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.</p>"
+        },
+        "NetworkConfiguration":{
+          "shape":"NetworkConfiguration",
+          "documentation":"<p>Configuration settings related to network traffic of the web application that the App Runner service runs.</p>"
         }
       }
     },
@@ -817,6 +881,41 @@
         }
       }
     },
+    "CreateVpcConnectorRequest":{
+      "type":"structure",
+      "required":[
+        "VpcConnectorName",
+        "Subnets"
+      ],
+      "members":{
+        "VpcConnectorName":{
+          "shape":"VpcConnectorName",
+          "documentation":"<p>A name for the VPC connector.</p>"
+        },
+        "Subnets":{
+          "shape":"StringList",
+          "documentation":"<p>A list of IDs of subnets that App Runner should use when it associates your service with a custom Amazon VPC. Specify IDs of subnets of a single Amazon VPC. App Runner determines the Amazon VPC from the subnets you specify.</p>"
+        },
+        "SecurityGroups":{
+          "shape":"StringList",
+          "documentation":"<p>A list of IDs of security groups that App Runner should use for access to Amazon Web Services resources under the specified subnets. If not specified, App Runner uses the default security group of the Amazon VPC. The default security group allows all outbound traffic.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>A list of metadata items that you can associate with your VPC connector resource. A tag is a key-value pair.</p>"
+        }
+      }
+    },
+    "CreateVpcConnectorResponse":{
+      "type":"structure",
+      "required":["VpcConnector"],
+      "members":{
+        "VpcConnector":{
+          "shape":"VpcConnector",
+          "documentation":"<p>A description of the App Runner VPC connector that's created by this request.</p>"
+        }
+      }
+    },
     "CustomDomain":{
       "type":"structure",
       "required":[
@@ -926,6 +1025,26 @@
         }
       }
     },
+    "DeleteVpcConnectorRequest":{
+      "type":"structure",
+      "required":["VpcConnectorArn"],
+      "members":{
+        "VpcConnectorArn":{
+          "shape":"AppRunnerResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the App Runner VPC connector that you want to delete.</p> <p>The ARN must be a full VPC connector ARN.</p>"
+        }
+      }
+    },
+    "DeleteVpcConnectorResponse":{
+      "type":"structure",
+      "required":["VpcConnector"],
+      "members":{
+        "VpcConnector":{
+          "shape":"VpcConnector",
+          "documentation":"<p>A description of the App Runner VPC connector that this request just deleted.</p>"
+        }
+      }
+    },
     "DescribeAutoScalingConfigurationRequest":{
       "type":"structure",
       "required":["AutoScalingConfigurationArn"],
@@ -1015,6 +1134,26 @@
         }
       }
     },
+    "DescribeVpcConnectorRequest":{
+      "type":"structure",
+      "required":["VpcConnectorArn"],
+      "members":{
+        "VpcConnectorArn":{
+          "shape":"AppRunnerResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the App Runner VPC connector that you want a description for.</p> <p>The ARN must be a full VPC connector ARN.</p>"
+        }
+      }
+    },
+    "DescribeVpcConnectorResponse":{
+      "type":"structure",
+      "required":["VpcConnector"],
+      "members":{
+        "VpcConnector":{
+          "shape":"VpcConnector",
+          "documentation":"<p>A description of the App Runner VPC connector that you specified in this request.</p>"
+        }
+      }
+    },
     "DisassociateCustomDomainRequest":{
       "type":"structure",
       "required":[
@@ -1057,7 +1196,29 @@
     "DomainName":{
       "type":"string",
       "max":255,
-      "min":1
+      "min":1,
+      "pattern":"[A-Za-z0-9*.-]{1,255}"
+    },
+    "EgressConfiguration":{
+      "type":"structure",
+      "members":{
+        "EgressType":{
+          "shape":"EgressType",
+          "documentation":"<p>The type of egress configuration.</p> <p>Set to <code>DEFAULT</code> for access to resources hosted on public networks.</p> <p>Set to <code>VPC</code> to associate your service to a custom VPC specified by <code>VpcConnectorArn</code>.</p>"
+        },
+        "VpcConnectorArn":{
+          "shape":"AppRunnerResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the App Runner VPC connector that you want to associate with your App Runner service. Only valid when <code>EgressType = VPC</code>.</p>"
+        }
+      },
+      "documentation":"<p>Describes configuration settings related to outbound network traffic of an App Runner service.</p>"
+    },
+    "EgressType":{
+      "type":"string",
+      "enum":[
+        "DEFAULT",
+        "VPC"
+      ]
     },
     "EncryptionConfiguration":{
       "type":"structure",
@@ -1143,7 +1304,7 @@
           "documentation":"<p>Environment variables that are available to your running App Runner service. An array of key-value pairs. Keys with a prefix of <code>AWSAPPRUNNER</code> are reserved for system use and aren't valid.</p>"
         },
         "StartCommand":{
-          "shape":"String",
+          "shape":"StartCommand",
           "documentation":"<p>An optional command that App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command.</p>"
         },
         "Port":{
@@ -1386,6 +1547,33 @@
         }
       }
     },
+    "ListVpcConnectorsRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in each response (result page). It's used for a paginated request.</p> <p>If you don't specify <code>MaxResults</code>, the request retrieves all available results in a single response.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token from a previous result page. It's used for a paginated request. The request retrieves the next result page. All other parameter values must be identical to the ones that are specified in the initial request.</p> <p>If you don't specify <code>NextToken</code>, the request retrieves the first result page.</p>"
+        }
+      }
+    },
+    "ListVpcConnectorsResponse":{
+      "type":"structure",
+      "required":["VpcConnectors"],
+      "members":{
+        "VpcConnectors":{
+          "shape":"VpcConnectors",
+          "documentation":"<p>A list of information records for VPC connectors. In a paginated request, the request returns up to <code>MaxResults</code> records for each call.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token that you can pass in a subsequent request to get the next result page. It's returned in a paginated request.</p>"
+        }
+      }
+    },
     "MaxResults":{
       "type":"integer",
       "max":100,
@@ -1397,6 +1585,16 @@
       "min":4,
       "pattern":"2048|3072|4096|(2|3|4) GB"
     },
+    "NetworkConfiguration":{
+      "type":"structure",
+      "members":{
+        "EgressConfiguration":{
+          "shape":"EgressConfiguration",
+          "documentation":"<p>Network configuration settings for outbound message traffic.</p>"
+        }
+      },
+      "documentation":"<p>Describes configuration settings related to network traffic of an App Runner service. Consists of embedded objects for each configurable network feature.</p>"
+    },
     "NextToken":{
       "type":"string",
       "max":1024,
@@ -1544,10 +1742,16 @@
     },
     "RuntimeEnvironmentVariablesKey":{
       "type":"string",
+      "max":51200,
+      "min":1,
+      "pattern":".*",
       "sensitive":true
     },
     "RuntimeEnvironmentVariablesValue":{
       "type":"string",
+      "max":51200,
+      "min":0,
+      "pattern":".*",
       "sensitive":true
     },
     "Service":{
@@ -1562,7 +1766,8 @@
         "Status",
         "SourceConfiguration",
         "InstanceConfiguration",
-        "AutoScalingConfigurationSummary"
+        "AutoScalingConfigurationSummary",
+        "NetworkConfiguration"
       ],
       "members":{
         "ServiceName":{
@@ -1607,7 +1812,7 @@
         },
         "EncryptionConfiguration":{
           "shape":"EncryptionConfiguration",
-          "documentation":"<p>The encryption key that App Runner uses to encrypt the service logs and the copy of the source repository that App Runner maintains for the service. It can be either a customer-provided encryption key or an Amazon Web Services managed CMK.</p>"
+          "documentation":"<p>The encryption key that App Runner uses to encrypt the service logs and the copy of the source repository that App Runner maintains for the service. It can be either a customer-provided encryption key or an Amazon Web Services managed key.</p>"
         },
         "HealthCheckConfiguration":{
           "shape":"HealthCheckConfiguration",
@@ -1616,6 +1821,10 @@
         "AutoScalingConfigurationSummary":{
           "shape":"AutoScalingConfigurationSummary",
           "documentation":"<p>Summary information for the App Runner automatic scaling configuration resource that's associated with this service.</p>"
+        },
+        "NetworkConfiguration":{
+          "shape":"NetworkConfiguration",
+          "documentation":"<p>Configuration settings related to network traffic of the web application that this service runs.</p>"
         }
       },
       "documentation":"<p>Describes an App Runner service. It can describe a service in any state, including deleted services.</p> <p>This type contains the full information about a service, including configuration details. It's returned by the <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_CreateService.html\">CreateService</a>, <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_DescribeService.html\">DescribeService</a>, and <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_DeleteService.html\">DeleteService</a> actions. A subset of this information is returned by the <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_ListServices.html\">ListServices</a> action using the <a href=\"https://docs.aws.amazon.com/apprunner/latest/api/API_ServiceSummary.html\">ServiceSummary</a> type.</p>"
@@ -1740,6 +1949,7 @@
     },
     "StartCommand":{
       "type":"string",
+      "pattern":"[^\\x0a\\x0d]+",
       "sensitive":true
     },
     "StartDeploymentRequest":{
@@ -1768,6 +1978,10 @@
       "min":0,
       "pattern":".*"
     },
+    "StringList":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
     "Tag":{
       "type":"structure",
       "members":{
@@ -1871,11 +2085,15 @@
         },
         "AutoScalingConfigurationArn":{
           "shape":"AppRunnerResourceArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an App Runner automatic scaling configuration resource that you want to associate with your service.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an App Runner automatic scaling configuration resource that you want to associate with the App Runner service.</p>"
         },
         "HealthCheckConfiguration":{
           "shape":"HealthCheckConfiguration",
-          "documentation":"<p>The settings for the health check that App Runner performs to monitor the health of your service.</p>"
+          "documentation":"<p>The settings for the health check that App Runner performs to monitor the health of the App Runner service.</p>"
+        },
+        "NetworkConfiguration":{
+          "shape":"NetworkConfiguration",
+          "documentation":"<p>Configuration settings related to network traffic of the web application that the App Runner service runs.</p>"
         }
       }
     },
@@ -1895,6 +2113,61 @@
           "documentation":"<p>The unique ID of the asynchronous operation that this request started. You can use it combined with the <a>ListOperations</a> call to track the operation's progress.</p>"
         }
       }
+    },
+    "VpcConnector":{
+      "type":"structure",
+      "members":{
+        "VpcConnectorName":{
+          "shape":"VpcConnectorName",
+          "documentation":"<p>The customer-provided VPC connector name.</p>"
+        },
+        "VpcConnectorArn":{
+          "shape":"AppRunnerResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of this VPC connector.</p>"
+        },
+        "VpcConnectorRevision":{
+          "shape":"Integer",
+          "documentation":"<p>The revision of this VPC connector. It's unique among all the active connectors (<code>\"Status\": \"ACTIVE\"</code>) that share the same <code>Name</code>.</p> <note> <p>At this time, App Runner supports only one revision per name.</p> </note>"
+        },
+        "Subnets":{
+          "shape":"StringList",
+          "documentation":"<p>A list of IDs of subnets that App Runner uses for your service. All IDs are of subnets of a single Amazon VPC.</p>"
+        },
+        "SecurityGroups":{
+          "shape":"StringList",
+          "documentation":"<p>A list of IDs of security groups that App Runner uses for access to Amazon Web Services resources under the specified subnets. If not specified, App Runner uses the default security group of the Amazon VPC. The default security group allows all outbound traffic.</p>"
+        },
+        "Status":{
+          "shape":"VpcConnectorStatus",
+          "documentation":"<p>The current state of the VPC connector. If the status of a connector revision is <code>INACTIVE</code>, it was deleted and can't be used. Inactive connector revisions are permanently removed some time after they are deleted.</p>"
+        },
+        "CreatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the VPC connector was created. It's in Unix time stamp format.</p>"
+        },
+        "DeletedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the VPC connector was deleted. It's in Unix time stamp format.</p>"
+        }
+      },
+      "documentation":"<p>Describes an App Runner VPC connector resource. A VPC connector describes the Amazon Virtual Private Cloud (Amazon VPC) that an App Runner service is associated with, and the subnets and security group that are used.</p> <p>Multiple revisions of a connector might have the same <code>Name</code> and different <code>Revision</code> values.</p> <note> <p>At this time, App Runner supports only one revision per name.</p> </note>"
+    },
+    "VpcConnectorName":{
+      "type":"string",
+      "max":40,
+      "min":4,
+      "pattern":"[A-Za-z0-9][A-Za-z0-9\\-_]{3,39}"
+    },
+    "VpcConnectorStatus":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "INACTIVE"
+      ]
+    },
+    "VpcConnectors":{
+      "type":"list",
+      "member":{"shape":"VpcConnector"}
     }
   },
   "documentation":"<fullname>App Runner</fullname> <p>App Runner is an application service that provides a fast, simple, and cost-effective way to go directly from an existing container image or source code to a running service in the Amazon Web Services Cloud in seconds. You don't need to learn new technologies, decide which compute service to use, or understand how to provision and configure Amazon Web Services resources.</p> <p>App Runner connects directly to your container registry or source code repository. It provides an automatic delivery pipeline with fully managed operations, high performance, scalability, and security.</p> <p>For more information about App Runner, see the <a href=\"https://docs.aws.amazon.com/apprunner/latest/dg/\">App Runner Developer Guide</a>. For release information, see the <a href=\"https://docs.aws.amazon.com/apprunner/latest/relnotes/\">App Runner Release Notes</a>.</p> <p> To install the Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools that you can use to access the API, see <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>.</p> <p> <b>Endpoints</b> </p> <p>For a list of Region-specific endpoints that App Runner supports, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/apprunner.html\">App Runner endpoints and quotas</a> in the <i>Amazon Web Services General Reference</i>.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/appstream/2016-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/appstream/2016-12-01/service-2.json
index 171df1ec63a..84f37c9e62b 100644
--- a/contrib/python/botocore/py3/botocore/data/appstream/2016-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/appstream/2016-12-01/service-2.json
@@ -13,6 +13,40 @@
     "uid":"appstream-2016-12-01"
   },
   "operations":{
+    "AssociateApplicationFleet":{
+      "name":"AssociateApplicationFleet",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AssociateApplicationFleetRequest"},
+      "output":{"shape":"AssociateApplicationFleetResult"},
+      "errors":[
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidParameterCombinationException"},
+        {"shape":"OperationNotPermittedException"}
+      ],
+      "documentation":"<p>Associates the specified application with the specified fleet. This is only supported for Elastic fleets.</p>"
+    },
+    "AssociateApplicationToEntitlement":{
+      "name":"AssociateApplicationToEntitlement",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AssociateApplicationToEntitlementRequest"},
+      "output":{"shape":"AssociateApplicationToEntitlementResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"OperationNotPermittedException"}
+      ],
+      "documentation":"<p>Associates an application to entitle.</p>"
+    },
     "AssociateFleet":{
       "name":"AssociateFleet",
       "http":{
@@ -77,6 +111,39 @@
       ],
       "documentation":"<p>Copies the image within the same region or to a new region within the same AWS account. Note that any tags you added to the image will not be copied.</p>"
     },
+    "CreateAppBlock":{
+      "name":"CreateAppBlock",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateAppBlockRequest"},
+      "output":{"shape":"CreateAppBlockResult"},
+      "errors":[
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceAlreadyExistsException"}
+      ],
+      "documentation":"<p>Creates an app block.</p> <p>App blocks are an Amazon AppStream 2.0 resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.</p> <p>This is only supported for Elastic fleets.</p>"
+    },
+    "CreateApplication":{
+      "name":"CreateApplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateApplicationRequest"},
+      "output":{"shape":"CreateApplicationResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Creates an application.</p> <p>Applications are an Amazon AppStream 2.0 resource that stores the details about how to launch applications on Elastic fleet streaming instances. An application consists of the launch details, icon, and display name. Applications are associated with an app block that contains the application binaries and other files. The applications assigned to an Elastic fleet are the applications users can launch. </p> <p>This is only supported for Elastic fleets.</p>"
+    },
     "CreateDirectoryConfig":{
       "name":"CreateDirectoryConfig",
       "http":{
@@ -95,6 +162,22 @@
       ],
       "documentation":"<p>Creates a Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.</p>"
     },
+    "CreateEntitlement":{
+      "name":"CreateEntitlement",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateEntitlementRequest"},
+      "output":{"shape":"CreateEntitlementResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"EntitlementAlreadyExistsException"}
+      ],
+      "documentation":"<p>Creates a new entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. Amazon AppStream 2.0 user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.</p>"
+    },
     "CreateFleet":{
       "name":"CreateFleet",
       "http":{
@@ -116,7 +199,7 @@
         {"shape":"IncompatibleImageException"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Creates a fleet. A fleet consists of streaming instances that run a specified image.</p>"
+      "documentation":"<p>Creates a fleet. A fleet consists of streaming instances that run a specified image when using Always-On or On-Demand.</p>"
     },
     "CreateImageBuilder":{
       "name":"CreateImageBuilder",
@@ -241,6 +324,37 @@
       ],
       "documentation":"<p>Creates a new user in the user pool.</p>"
     },
+    "DeleteAppBlock":{
+      "name":"DeleteAppBlock",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteAppBlockRequest"},
+      "output":{"shape":"DeleteAppBlockResult"},
+      "errors":[
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes an app block.</p>"
+    },
+    "DeleteApplication":{
+      "name":"DeleteApplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteApplicationRequest"},
+      "output":{"shape":"DeleteApplicationResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Deletes an application.</p>"
+    },
     "DeleteDirectoryConfig":{
       "name":"DeleteDirectoryConfig",
       "http":{
@@ -255,6 +369,23 @@
       ],
       "documentation":"<p>Deletes the specified Directory Config object from AppStream 2.0. This object includes the information required to join streaming instances to an Active Directory domain.</p>"
     },
+    "DeleteEntitlement":{
+      "name":"DeleteEntitlement",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteEntitlementRequest"},
+      "output":{"shape":"DeleteEntitlementResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Deletes the specified entitlement.</p>"
+    },
     "DeleteFleet":{
       "name":"DeleteFleet",
       "http":{
@@ -326,6 +457,7 @@
       "errors":[
         {"shape":"ResourceInUseException"},
         {"shape":"ResourceNotFoundException"},
+        {"shape":"OperationNotPermittedException"},
         {"shape":"ConcurrentModificationException"}
       ],
       "documentation":"<p>Deletes the specified stack. After the stack is deleted, the application streaming environment provided by the stack is no longer available to users. Also, any reservations made for application streaming sessions for the stack are released.</p>"
@@ -357,6 +489,48 @@
       ],
       "documentation":"<p>Deletes a user from the user pool.</p>"
     },
+    "DescribeAppBlocks":{
+      "name":"DescribeAppBlocks",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeAppBlocksRequest"},
+      "output":{"shape":"DescribeAppBlocksResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Retrieves a list that describes one or more app blocks.</p>"
+    },
+    "DescribeApplicationFleetAssociations":{
+      "name":"DescribeApplicationFleetAssociations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeApplicationFleetAssociationsRequest"},
+      "output":{"shape":"DescribeApplicationFleetAssociationsResult"},
+      "errors":[
+        {"shape":"InvalidParameterCombinationException"},
+        {"shape":"OperationNotPermittedException"}
+      ],
+      "documentation":"<p>Retrieves a list that describes one or more application fleet associations. Either ApplicationArn or FleetName must be specified.</p>"
+    },
+    "DescribeApplications":{
+      "name":"DescribeApplications",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeApplicationsRequest"},
+      "output":{"shape":"DescribeApplicationsResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Retrieves a list that describes one or more applications.</p>"
+    },
     "DescribeDirectoryConfigs":{
       "name":"DescribeDirectoryConfigs",
       "http":{
@@ -370,6 +544,21 @@
       ],
       "documentation":"<p>Retrieves a list that describes one or more specified Directory Config objects for AppStream 2.0, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. These objects include the configuration information required to join fleets and image builders to Microsoft Active Directory domains. </p> <p>Although the response syntax in this topic includes the account password, this password is not returned in the actual response.</p>"
     },
+    "DescribeEntitlements":{
+      "name":"DescribeEntitlements",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeEntitlementsRequest"},
+      "output":{"shape":"DescribeEntitlementsResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"}
+      ],
+      "documentation":"<p>Retrieves a list that describes one of more entitlements.</p>"
+    },
     "DescribeFleets":{
       "name":"DescribeFleets",
       "http":{
@@ -487,7 +676,8 @@
       "output":{"shape":"DescribeUsersResult"},
       "errors":[
         {"shape":"ResourceNotFoundException"},
-        {"shape":"InvalidParameterCombinationException"}
+        {"shape":"InvalidParameterCombinationException"},
+        {"shape":"OperationNotPermittedException"}
       ],
       "documentation":"<p>Retrieves a list that describes one or more specified users in the user pool.</p>"
     },
@@ -504,6 +694,37 @@
       ],
       "documentation":"<p>Disables the specified user in the user pool. Users can't sign in to AppStream 2.0 until they are re-enabled. This action does not delete the user. </p>"
     },
+    "DisassociateApplicationFleet":{
+      "name":"DisassociateApplicationFleet",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisassociateApplicationFleetRequest"},
+      "output":{"shape":"DisassociateApplicationFleetResult"},
+      "errors":[
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"InvalidParameterCombinationException"},
+        {"shape":"OperationNotPermittedException"}
+      ],
+      "documentation":"<p>Disassociates the specified application from the fleet.</p>"
+    },
+    "DisassociateApplicationFromEntitlement":{
+      "name":"DisassociateApplicationFromEntitlement",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisassociateApplicationFromEntitlementRequest"},
+      "output":{"shape":"DisassociateApplicationFromEntitlementResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"},
+        {"shape":"OperationNotPermittedException"}
+      ],
+      "documentation":"<p>Deletes the specified application from the specified entitlement.</p>"
+    },
     "DisassociateFleet":{
       "name":"DisassociateFleet",
       "http":{
@@ -564,6 +785,21 @@
       "output":{"shape":"ListAssociatedStacksResult"},
       "documentation":"<p>Retrieves the name of the stack with which the specified fleet is associated.</p>"
     },
+    "ListEntitledApplications":{
+      "name":"ListEntitledApplications",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEntitledApplicationsRequest"},
+      "output":{"shape":"ListEntitledApplicationsResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"}
+      ],
+      "documentation":"<p>Retrieves a list of entitled applications.</p>"
+    },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
       "http":{
@@ -671,6 +907,21 @@
       ],
       "documentation":"<p>Disassociates one or more specified tags from the specified AppStream 2.0 resource.</p> <p>To list the current tags for your resources, use <a>ListTagsForResource</a>.</p> <p>For more information about tags, see <a href=\"https://docs.aws.amazon.com/appstream2/latest/developerguide/tagging-basic.html\">Tagging Your Resources</a> in the <i>Amazon AppStream 2.0 Administration Guide</i>.</p>"
     },
+    "UpdateApplication":{
+      "name":"UpdateApplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateApplicationRequest"},
+      "output":{"shape":"UpdateApplicationResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates the specified application.</p>"
+    },
     "UpdateDirectoryConfig":{
       "name":"UpdateDirectoryConfig",
       "http":{
@@ -688,6 +939,22 @@
       ],
       "documentation":"<p>Updates the specified Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.</p>"
     },
+    "UpdateEntitlement":{
+      "name":"UpdateEntitlement",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateEntitlementRequest"},
+      "output":{"shape":"UpdateEntitlementResult"},
+      "errors":[
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"EntitlementNotFoundException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Updates the specified entitlement.</p>"
+    },
     "UpdateFleet":{
       "name":"UpdateFleet",
       "http":{
@@ -709,7 +976,7 @@
         {"shape":"IncompatibleImageException"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Updates the specified fleet.</p> <p>If the fleet is in the <code>STOPPED</code> state, you can update any attribute except the fleet name. If the fleet is in the <code>RUNNING</code> state, you can update the <code>DisplayName</code>, <code>ComputeCapacity</code>, <code>ImageARN</code>, <code>ImageName</code>, <code>IdleDisconnectTimeoutInSeconds</code>, and <code>DisconnectTimeoutInSeconds</code> attributes. If the fleet is in the <code>STARTING</code> or <code>STOPPING</code> state, you can't update it.</p>"
+      "documentation":"<p>Updates the specified fleet.</p> <p>If the fleet is in the <code>STOPPED</code> state, you can update any attribute except the fleet name.</p> <p>If the fleet is in the <code>RUNNING</code> state, you can update the following based on the fleet type:</p> <ul> <li> <p>Always-On and On-Demand fleet types</p> <p>You can update the <code>DisplayName</code>, <code>ComputeCapacity</code>, <code>ImageARN</code>, <code>ImageName</code>, <code>IdleDisconnectTimeoutInSeconds</code>, and <code>DisconnectTimeoutInSeconds</code> attributes.</p> </li> <li> <p>Elastic fleet type</p> <p>You can update the <code>DisplayName</code>, <code>IdleDisconnectTimeoutInSeconds</code>, <code>DisconnectTimeoutInSeconds</code>, <code>MaxConcurrentSessions</code>, and <code>UsbDeviceFilterStrings</code> attributes.</p> </li> </ul> <p>If the fleet is in the <code>STARTING</code> or <code>STOPPED</code> state, you can't update it.</p>"
     },
     "UpdateImagePermissions":{
       "name":"UpdateImagePermissions",
@@ -797,6 +1064,56 @@
         "DOMAIN_SMART_CARD_SIGNIN"
       ]
     },
+    "AppBlock":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Arn",
+        "SetupScriptDetails"
+      ],
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>The name of the app block.</p>"
+        },
+        "Arn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the app block.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the app block.</p>"
+        },
+        "DisplayName":{
+          "shape":"String",
+          "documentation":"<p>The display name of the app block.</p>"
+        },
+        "SourceS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The source S3 location of the app block.</p>"
+        },
+        "SetupScriptDetails":{
+          "shape":"ScriptDetails",
+          "documentation":"<p>The setup script details of the app block.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The created time of the app block.</p>"
+        }
+      },
+      "documentation":"<p>Describes an app block.</p> <p>App blocks are an Amazon AppStream 2.0 resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.</p> <p>This is only supported for Elastic fleets.</p>"
+    },
+    "AppBlocks":{
+      "type":"list",
+      "member":{"shape":"AppBlock"}
+    },
+    "AppVisibility":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "ASSOCIATED"
+      ]
+    },
     "Application":{
       "type":"structure",
       "members":{
@@ -827,10 +1144,78 @@
         "Metadata":{
           "shape":"Metadata",
           "documentation":"<p>Additional attributes that describe the application.</p>"
+        },
+        "WorkingDirectory":{
+          "shape":"String",
+          "documentation":"<p>The working directory for the application.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the application.</p>"
+        },
+        "Arn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the application.</p>"
+        },
+        "AppBlockArn":{
+          "shape":"Arn",
+          "documentation":"<p>The app block ARN of the application.</p>"
+        },
+        "IconS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The S3 location of the application icon.</p>"
+        },
+        "Platforms":{
+          "shape":"Platforms",
+          "documentation":"<p>The platforms on which the application can run.</p>"
+        },
+        "InstanceFamilies":{
+          "shape":"StringList",
+          "documentation":"<p>The instance families for the application.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time at which the application was created within the app block.</p>"
         }
       },
       "documentation":"<p>Describes an application in the application catalog.</p>"
     },
+    "ApplicationAttribute":{
+      "type":"string",
+      "enum":[
+        "LAUNCH_PARAMETERS",
+        "WORKING_DIRECTORY"
+      ]
+    },
+    "ApplicationAttributes":{
+      "type":"list",
+      "member":{"shape":"ApplicationAttribute"},
+      "max":2
+    },
+    "ApplicationFleetAssociation":{
+      "type":"structure",
+      "required":[
+        "FleetName",
+        "ApplicationArn"
+      ],
+      "members":{
+        "FleetName":{
+          "shape":"String",
+          "documentation":"<p>The name of the fleet associated with the application.</p>"
+        },
+        "ApplicationArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the application associated with the fleet.</p>"
+        }
+      },
+      "documentation":"<p>Describes the application fleet association.</p>"
+    },
+    "ApplicationFleetAssociationList":{
+      "type":"list",
+      "member":{"shape":"ApplicationFleetAssociation"},
+      "max":25,
+      "min":1
+    },
     "ApplicationSettings":{
       "type":"structure",
       "required":["Enabled"],
@@ -881,6 +1266,59 @@
       "type":"list",
       "member":{"shape":"Arn"}
     },
+    "AssociateApplicationFleetRequest":{
+      "type":"structure",
+      "required":[
+        "FleetName",
+        "ApplicationArn"
+      ],
+      "members":{
+        "FleetName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the fleet.</p>"
+        },
+        "ApplicationArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the application.</p>"
+        }
+      }
+    },
+    "AssociateApplicationFleetResult":{
+      "type":"structure",
+      "members":{
+        "ApplicationFleetAssociation":{
+          "shape":"ApplicationFleetAssociation",
+          "documentation":"<p>If fleet name is specified, this returns the list of applications that are associated to it. If application ARN is specified, this returns the list of fleets to which it is associated.</p>"
+        }
+      }
+    },
+    "AssociateApplicationToEntitlementRequest":{
+      "type":"structure",
+      "required":[
+        "StackName",
+        "EntitlementName",
+        "ApplicationIdentifier"
+      ],
+      "members":{
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack.</p>"
+        },
+        "EntitlementName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "ApplicationIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the application.</p>"
+        }
+      }
+    },
+    "AssociateApplicationToEntitlementResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "AssociateFleetRequest":{
       "type":"structure",
       "required":[
@@ -1038,6 +1476,112 @@
         }
       }
     },
+    "CreateAppBlockRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "SourceS3Location",
+        "SetupScriptDetails"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the app block.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the app block.</p>"
+        },
+        "DisplayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The display name of the app block. This is not displayed to the user.</p>"
+        },
+        "SourceS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The source S3 location of the app block.</p>"
+        },
+        "SetupScriptDetails":{
+          "shape":"ScriptDetails",
+          "documentation":"<p>The setup script details of the app block.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>The tags assigned to the app block.</p>"
+        }
+      }
+    },
+    "CreateAppBlockResult":{
+      "type":"structure",
+      "members":{
+        "AppBlock":{
+          "shape":"AppBlock",
+          "documentation":"<p>The app block.</p>"
+        }
+      }
+    },
+    "CreateApplicationRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "IconS3Location",
+        "LaunchPath",
+        "Platforms",
+        "InstanceFamilies",
+        "AppBlockArn"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the application. This name is visible to users when display name is not specified.</p>"
+        },
+        "DisplayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The display name of the application. This name is visible to users in the application catalog.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the application.</p>"
+        },
+        "IconS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The location in S3 of the application icon.</p>"
+        },
+        "LaunchPath":{
+          "shape":"String",
+          "documentation":"<p>The launch path of the application.</p>"
+        },
+        "WorkingDirectory":{
+          "shape":"String",
+          "documentation":"<p>The working directory of the application.</p>"
+        },
+        "LaunchParameters":{
+          "shape":"String",
+          "documentation":"<p>The launch parameters of the application.</p>"
+        },
+        "Platforms":{
+          "shape":"Platforms",
+          "documentation":"<p>The platforms the application supports. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets.</p>"
+        },
+        "InstanceFamilies":{
+          "shape":"StringList",
+          "documentation":"<p>The instance families the application supports. Valid values are GENERAL_PURPOSE and GRAPHICS_G4.</p>"
+        },
+        "AppBlockArn":{
+          "shape":"Arn",
+          "documentation":"<p>The app block ARN to which the application should be associated</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>The tags assigned to the application.</p>"
+        }
+      }
+    },
+    "CreateApplicationResult":{
+      "type":"structure",
+      "members":{
+        "Application":{"shape":"Application"}
+      }
+    },
     "CreateDirectoryConfigRequest":{
       "type":"structure",
       "required":[
@@ -1068,12 +1612,51 @@
         }
       }
     },
+    "CreateEntitlementRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "StackName",
+        "AppVisibility",
+        "Attributes"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entitlement.</p>"
+        },
+        "AppVisibility":{
+          "shape":"AppVisibility",
+          "documentation":"<p>Specifies whether all or selected apps are entitled.</p>"
+        },
+        "Attributes":{
+          "shape":"EntitlementAttributeList",
+          "documentation":"<p>The attributes of the entitlement.</p>"
+        }
+      }
+    },
+    "CreateEntitlementResult":{
+      "type":"structure",
+      "members":{
+        "Entitlement":{
+          "shape":"Entitlement",
+          "documentation":"<p>The entitlement.</p>"
+        }
+      }
+    },
     "CreateFleetRequest":{
       "type":"structure",
       "required":[
         "Name",
-        "InstanceType",
-        "ComputeCapacity"
+        "InstanceType"
       ],
       "members":{
         "Name":{
@@ -1090,7 +1673,7 @@
         },
         "InstanceType":{
           "shape":"String",
-          "documentation":"<p>The instance type to use when launching fleet instances. The following instance types are available:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> <li> <p>stream.standard.large</p> </li> <li> <p>stream.compute.large</p> </li> <li> <p>stream.compute.xlarge</p> </li> <li> <p>stream.compute.2xlarge</p> </li> <li> <p>stream.compute.4xlarge</p> </li> <li> <p>stream.compute.8xlarge</p> </li> <li> <p>stream.memory.large</p> </li> <li> <p>stream.memory.xlarge</p> </li> <li> <p>stream.memory.2xlarge</p> </li> <li> <p>stream.memory.4xlarge</p> </li> <li> <p>stream.memory.8xlarge</p> </li> <li> <p>stream.memory.z1d.large</p> </li> <li> <p>stream.memory.z1d.xlarge</p> </li> <li> <p>stream.memory.z1d.2xlarge</p> </li> <li> <p>stream.memory.z1d.3xlarge</p> </li> <li> <p>stream.memory.z1d.6xlarge</p> </li> <li> <p>stream.memory.z1d.12xlarge</p> </li> <li> <p>stream.graphics-design.large</p> </li> <li> <p>stream.graphics-design.xlarge</p> </li> <li> <p>stream.graphics-design.2xlarge</p> </li> <li> <p>stream.graphics-design.4xlarge</p> </li> <li> <p>stream.graphics-desktop.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.xlarge</p> </li> <li> <p>stream.graphics.g4dn.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.4xlarge</p> </li> <li> <p>stream.graphics.g4dn.8xlarge</p> </li> <li> <p>stream.graphics.g4dn.12xlarge</p> </li> <li> <p>stream.graphics.g4dn.16xlarge</p> </li> <li> <p>stream.graphics-pro.4xlarge</p> </li> <li> <p>stream.graphics-pro.8xlarge</p> </li> <li> <p>stream.graphics-pro.16xlarge</p> </li> </ul>"
+          "documentation":"<p>The instance type to use when launching fleet instances. The following instance types are available:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> <li> <p>stream.standard.large</p> </li> <li> <p>stream.compute.large</p> </li> <li> <p>stream.compute.xlarge</p> </li> <li> <p>stream.compute.2xlarge</p> </li> <li> <p>stream.compute.4xlarge</p> </li> <li> <p>stream.compute.8xlarge</p> </li> <li> <p>stream.memory.large</p> </li> <li> <p>stream.memory.xlarge</p> </li> <li> <p>stream.memory.2xlarge</p> </li> <li> <p>stream.memory.4xlarge</p> </li> <li> <p>stream.memory.8xlarge</p> </li> <li> <p>stream.memory.z1d.large</p> </li> <li> <p>stream.memory.z1d.xlarge</p> </li> <li> <p>stream.memory.z1d.2xlarge</p> </li> <li> <p>stream.memory.z1d.3xlarge</p> </li> <li> <p>stream.memory.z1d.6xlarge</p> </li> <li> <p>stream.memory.z1d.12xlarge</p> </li> <li> <p>stream.graphics-design.large</p> </li> <li> <p>stream.graphics-design.xlarge</p> </li> <li> <p>stream.graphics-design.2xlarge</p> </li> <li> <p>stream.graphics-design.4xlarge</p> </li> <li> <p>stream.graphics-desktop.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.xlarge</p> </li> <li> <p>stream.graphics.g4dn.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.4xlarge</p> </li> <li> <p>stream.graphics.g4dn.8xlarge</p> </li> <li> <p>stream.graphics.g4dn.12xlarge</p> </li> <li> <p>stream.graphics.g4dn.16xlarge</p> </li> <li> <p>stream.graphics-pro.4xlarge</p> </li> <li> <p>stream.graphics-pro.8xlarge</p> </li> <li> <p>stream.graphics-pro.16xlarge</p> </li> </ul> <p>The following instance types are available for Elastic fleets:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> </ul>"
         },
         "FleetType":{
           "shape":"FleetType",
@@ -1098,11 +1681,11 @@
         },
         "ComputeCapacity":{
           "shape":"ComputeCapacity",
-          "documentation":"<p>The desired capacity for the fleet.</p>"
+          "documentation":"<p>The desired capacity for the fleet. This is not allowed for Elastic fleets. For Elastic fleets, specify MaxConcurrentSessions instead.</p>"
         },
         "VpcConfig":{
           "shape":"VpcConfig",
-          "documentation":"<p>The VPC configuration for the fleet.</p>"
+          "documentation":"<p>The VPC configuration for the fleet. This is required for Elastic fleets, but not required for other fleet types. Elastic fleets require that you specify at least two subnets in different availability zones.</p>"
         },
         "MaxUserDurationInSeconds":{
           "shape":"Integer",
@@ -1126,7 +1709,7 @@
         },
         "DomainJoinInfo":{
           "shape":"DomainJoinInfo",
-          "documentation":"<p>The name of the directory and organizational unit (OU) to use to join the fleet to a Microsoft Active Directory domain. </p>"
+          "documentation":"<p>The name of the directory and organizational unit (OU) to use to join the fleet to a Microsoft Active Directory domain. This is not allowed for Elastic fleets. </p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -1143,6 +1726,18 @@
         "StreamView":{
           "shape":"StreamView",
           "documentation":"<p>The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When <code>APP</code> is specified, only the windows of applications opened by users display. When <code>DESKTOP</code> is specified, the standard desktop that is provided by the operating system displays.</p> <p>The default value is <code>APP</code>.</p>"
+        },
+        "Platform":{
+          "shape":"PlatformType",
+          "documentation":"<p>The fleet platform. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets. </p>"
+        },
+        "MaxConcurrentSessions":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum concurrent sessions of the Elastic fleet. This is required for Elastic fleets, and not allowed for other fleet types.</p>"
+        },
+        "UsbDeviceFilterStrings":{
+          "shape":"UsbDeviceFilterStrings",
+          "documentation":"<p>The USB device filter strings that specify which USB devices a user can redirect to the fleet streaming session, when using the Windows native client. This is allowed but not required for Elastic fleets.</p>"
         }
       }
     },
@@ -1453,6 +2048,36 @@
       "members":{
       }
     },
+    "DeleteAppBlockRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the app block.</p>"
+        }
+      }
+    },
+    "DeleteAppBlockResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteApplicationRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the application.</p>"
+        }
+      }
+    },
+    "DeleteApplicationResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteDirectoryConfigRequest":{
       "type":"structure",
       "required":["DirectoryName"],
@@ -1468,6 +2093,28 @@
       "members":{
       }
     },
+    "DeleteEntitlementRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "StackName"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        }
+      }
+    },
+    "DeleteEntitlementResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteFleetRequest":{
       "type":"structure",
       "required":["Name"],
@@ -1590,6 +2237,100 @@
       "members":{
       }
     },
+    "DescribeAppBlocksRequest":{
+      "type":"structure",
+      "members":{
+        "Arns":{
+          "shape":"ArnList",
+          "documentation":"<p>The ARNs of the app blocks.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum size of each page of results.</p>"
+        }
+      }
+    },
+    "DescribeAppBlocksResult":{
+      "type":"structure",
+      "members":{
+        "AppBlocks":{
+          "shape":"AppBlocks",
+          "documentation":"<p>The app blocks in the list.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "DescribeApplicationFleetAssociationsRequest":{
+      "type":"structure",
+      "members":{
+        "FleetName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the fleet.</p>"
+        },
+        "ApplicationArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the application.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum size of each page of results.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "DescribeApplicationFleetAssociationsResult":{
+      "type":"structure",
+      "members":{
+        "ApplicationFleetAssociations":{
+          "shape":"ApplicationFleetAssociationList",
+          "documentation":"<p>The application fleet associations in the list.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "DescribeApplicationsRequest":{
+      "type":"structure",
+      "members":{
+        "Arns":{
+          "shape":"ArnList",
+          "documentation":"<p>The ARNs for the applications.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum size of each page of results.</p>"
+        }
+      }
+    },
+    "DescribeApplicationsResult":{
+      "type":"structure",
+      "members":{
+        "Applications":{
+          "shape":"Applications",
+          "documentation":"<p>The applications in the list.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
     "DescribeDirectoryConfigsRequest":{
       "type":"structure",
       "members":{
@@ -1620,6 +2361,41 @@
         }
       }
     },
+    "DescribeEntitlementsRequest":{
+      "type":"structure",
+      "required":["StackName"],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum size of each page of results.</p>"
+        }
+      }
+    },
+    "DescribeEntitlementsResult":{
+      "type":"structure",
+      "members":{
+        "Entitlements":{
+          "shape":"EntitlementList",
+          "documentation":"<p>The entitlements.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
     "DescribeFleetsRequest":{
       "type":"structure",
       "members":{
@@ -1984,6 +2760,55 @@
       "members":{
       }
     },
+    "DisassociateApplicationFleetRequest":{
+      "type":"structure",
+      "required":[
+        "FleetName",
+        "ApplicationArn"
+      ],
+      "members":{
+        "FleetName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the fleet.</p>"
+        },
+        "ApplicationArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the application.</p>"
+        }
+      }
+    },
+    "DisassociateApplicationFleetResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateApplicationFromEntitlementRequest":{
+      "type":"structure",
+      "required":[
+        "StackName",
+        "EntitlementName",
+        "ApplicationIdentifier"
+      ],
+      "members":{
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "EntitlementName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "ApplicationIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the application to remove from the entitlement.</p>"
+        }
+      }
+    },
+    "DisassociateApplicationFromEntitlementResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DisassociateFleetRequest":{
       "type":"structure",
       "required":[
@@ -2069,6 +2894,104 @@
       "members":{
       }
     },
+    "EntitledApplication":{
+      "type":"structure",
+      "required":["ApplicationIdentifier"],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the application.</p>"
+        }
+      },
+      "documentation":"<p>The application associated to an entitlement. Access is controlled based on user attributes.</p>"
+    },
+    "EntitledApplicationList":{
+      "type":"list",
+      "member":{"shape":"EntitledApplication"}
+    },
+    "Entitlement":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "StackName",
+        "AppVisibility",
+        "Attributes"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entitlement.</p>"
+        },
+        "AppVisibility":{
+          "shape":"AppVisibility",
+          "documentation":"<p>Specifies whether all or selected apps are entitled.</p>"
+        },
+        "Attributes":{
+          "shape":"EntitlementAttributeList",
+          "documentation":"<p>The attributes of the entitlement.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the entitlement was created.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the entitlement was last modified.</p>"
+        }
+      },
+      "documentation":"<p>Specifies an entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. Amazon AppStream 2.0 user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.</p>"
+    },
+    "EntitlementAlreadyExistsException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The entitlement already exists.</p>",
+      "exception":true
+    },
+    "EntitlementAttribute":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Value"
+      ],
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>A supported AWS IAM SAML <code>PrincipalTag</code> attribute that is matched to the associated value when a user identity federates into an Amazon AppStream 2.0 SAML application.</p> <p>The following are valid values:</p> <ul> <li> <p>roles</p> </li> <li> <p>department </p> </li> <li> <p>organization </p> </li> <li> <p>groups </p> </li> <li> <p>title </p> </li> <li> <p>costCenter </p> </li> <li> <p>userType</p> </li> </ul> <p> </p>"
+        },
+        "Value":{
+          "shape":"String",
+          "documentation":"<p>A value that is matched to a supported SAML attribute name when a user identity federates into an Amazon AppStream 2.0 SAML application. </p>"
+        }
+      },
+      "documentation":"<p>An attribute associated with an entitlement. Application entitlements work by matching a supported SAML 2.0 attribute name to a value when a user identity federates to an Amazon AppStream 2.0 SAML application.</p>"
+    },
+    "EntitlementAttributeList":{
+      "type":"list",
+      "member":{"shape":"EntitlementAttribute"},
+      "min":1
+    },
+    "EntitlementList":{
+      "type":"list",
+      "member":{"shape":"Entitlement"}
+    },
+    "EntitlementNotFoundException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The entitlement can't be found.</p>",
+      "exception":true
+    },
     "ErrorMessage":{
       "type":"string",
       "documentation":"<p>The error message in the exception.</p>"
@@ -2181,6 +3104,18 @@
         "StreamView":{
           "shape":"StreamView",
           "documentation":"<p>The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When <code>APP</code> is specified, only the windows of applications opened by users display. When <code>DESKTOP</code> is specified, the standard desktop that is provided by the operating system displays.</p> <p>The default value is <code>APP</code>.</p>"
+        },
+        "Platform":{
+          "shape":"PlatformType",
+          "documentation":"<p>The platform of the fleet.</p>"
+        },
+        "MaxConcurrentSessions":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of concurrent sessions for the fleet.</p>"
+        },
+        "UsbDeviceFilterStrings":{
+          "shape":"UsbDeviceFilterStrings",
+          "documentation":"<p>The USB device filter strings associated with the fleet.</p>"
         }
       },
       "documentation":"<p>Describes a fleet.</p>"
@@ -2192,7 +3127,8 @@
         "VPC_CONFIGURATION",
         "VPC_CONFIGURATION_SECURITY_GROUP_IDS",
         "DOMAIN_JOIN_INFO",
-        "IAM_ROLE_ARN"
+        "IAM_ROLE_ARN",
+        "USB_DEVICE_FILTER_STRINGS"
       ]
     },
     "FleetAttributes":{
@@ -2271,7 +3207,8 @@
       "type":"string",
       "enum":[
         "ALWAYS_ON",
-        "ON_DEMAND"
+        "ON_DEMAND",
+        "ELASTIC"
       ]
     },
     "Image":{
@@ -2631,6 +3568,44 @@
         }
       }
     },
+    "ListEntitledApplicationsRequest":{
+      "type":"structure",
+      "required":[
+        "StackName",
+        "EntitlementName"
+      ],
+      "members":{
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "EntitlementName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum size of each page of results.</p>"
+        }
+      }
+    },
+    "ListEntitledApplicationsResult":{
+      "type":"structure",
+      "members":{
+        "EntitledApplications":{
+          "shape":"EntitledApplicationList",
+          "documentation":"<p>The entitled applications.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
     "ListTagsForResourceRequest":{
       "type":"structure",
       "required":["ResourceArn"],
@@ -2715,9 +3690,15 @@
       "enum":[
         "WINDOWS",
         "WINDOWS_SERVER_2016",
-        "WINDOWS_SERVER_2019"
+        "WINDOWS_SERVER_2019",
+        "AMAZON_LINUX2"
       ]
     },
+    "Platforms":{
+      "type":"list",
+      "member":{"shape":"PlatformType"},
+      "max":4
+    },
     "RedirectURL":{
       "type":"string",
       "max":1000
@@ -2795,6 +3776,62 @@
       "documentation":"<p>The specified resource was not found.</p>",
       "exception":true
     },
+    "S3Bucket":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^[0-9a-z\\.\\-]*(?<!\\.)$"
+    },
+    "S3Key":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "S3Location":{
+      "type":"structure",
+      "required":[
+        "S3Bucket",
+        "S3Key"
+      ],
+      "members":{
+        "S3Bucket":{
+          "shape":"S3Bucket",
+          "documentation":"<p>The S3 bucket of the S3 object.</p>"
+        },
+        "S3Key":{
+          "shape":"S3Key",
+          "documentation":"<p>The S3 key of the S3 object.</p>"
+        }
+      },
+      "documentation":"<p>Describes the S3 location.</p>"
+    },
+    "ScriptDetails":{
+      "type":"structure",
+      "required":[
+        "ScriptS3Location",
+        "ExecutablePath",
+        "TimeoutInSeconds"
+      ],
+      "members":{
+        "ScriptS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The S3 object location for the script.</p>"
+        },
+        "ExecutablePath":{
+          "shape":"String",
+          "documentation":"<p>The run path for the script.</p>"
+        },
+        "ExecutableParameters":{
+          "shape":"String",
+          "documentation":"<p>The runtime parameters passed to the run path for the script.</p>"
+        },
+        "TimeoutInSeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The run timeout, in seconds, for the script.</p>"
+        }
+      },
+      "documentation":"<p>Describes the details of the script.</p>"
+    },
     "SecurityGroupIdList":{
       "type":"list",
       "member":{"shape":"String"},
@@ -3230,6 +4267,54 @@
       "members":{
       }
     },
+    "UpdateApplicationRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the application. This name is visible to users when display name is not specified.</p>"
+        },
+        "DisplayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The display name of the application. This name is visible to users in the application catalog.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the application.</p>"
+        },
+        "IconS3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The icon S3 location of the application.</p>"
+        },
+        "LaunchPath":{
+          "shape":"String",
+          "documentation":"<p>The launch path of the application.</p>"
+        },
+        "WorkingDirectory":{
+          "shape":"String",
+          "documentation":"<p>The working directory of the application.</p>"
+        },
+        "LaunchParameters":{
+          "shape":"String",
+          "documentation":"<p>The launch parameters of the application.</p>"
+        },
+        "AppBlockArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the app block.</p>"
+        },
+        "AttributesToDelete":{
+          "shape":"ApplicationAttributes",
+          "documentation":"<p>The attributes to delete for an application.</p>"
+        }
+      }
+    },
+    "UpdateApplicationResult":{
+      "type":"structure",
+      "members":{
+        "Application":{"shape":"Application"}
+      }
+    },
     "UpdateDirectoryConfigRequest":{
       "type":"structure",
       "required":["DirectoryName"],
@@ -3257,6 +4342,44 @@
         }
       }
     },
+    "UpdateEntitlementRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "StackName"
+      ],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the entitlement.</p>"
+        },
+        "StackName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the stack with which the entitlement is associated.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entitlement.</p>"
+        },
+        "AppVisibility":{
+          "shape":"AppVisibility",
+          "documentation":"<p>Specifies whether all or only selected apps are entitled.</p>"
+        },
+        "Attributes":{
+          "shape":"EntitlementAttributeList",
+          "documentation":"<p>The attributes of the entitlement.</p>"
+        }
+      }
+    },
+    "UpdateEntitlementResult":{
+      "type":"structure",
+      "members":{
+        "Entitlement":{
+          "shape":"Entitlement",
+          "documentation":"<p>The entitlement.</p>"
+        }
+      }
+    },
     "UpdateFleetRequest":{
       "type":"structure",
       "members":{
@@ -3274,15 +4397,15 @@
         },
         "InstanceType":{
           "shape":"String",
-          "documentation":"<p>The instance type to use when launching fleet instances. The following instance types are available:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> <li> <p>stream.standard.large</p> </li> <li> <p>stream.compute.large</p> </li> <li> <p>stream.compute.xlarge</p> </li> <li> <p>stream.compute.2xlarge</p> </li> <li> <p>stream.compute.4xlarge</p> </li> <li> <p>stream.compute.8xlarge</p> </li> <li> <p>stream.memory.large</p> </li> <li> <p>stream.memory.xlarge</p> </li> <li> <p>stream.memory.2xlarge</p> </li> <li> <p>stream.memory.4xlarge</p> </li> <li> <p>stream.memory.8xlarge</p> </li> <li> <p>stream.memory.z1d.large</p> </li> <li> <p>stream.memory.z1d.xlarge</p> </li> <li> <p>stream.memory.z1d.2xlarge</p> </li> <li> <p>stream.memory.z1d.3xlarge</p> </li> <li> <p>stream.memory.z1d.6xlarge</p> </li> <li> <p>stream.memory.z1d.12xlarge</p> </li> <li> <p>stream.graphics-design.large</p> </li> <li> <p>stream.graphics-design.xlarge</p> </li> <li> <p>stream.graphics-design.2xlarge</p> </li> <li> <p>stream.graphics-design.4xlarge</p> </li> <li> <p>stream.graphics-desktop.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.xlarge</p> </li> <li> <p>stream.graphics.g4dn.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.4xlarge</p> </li> <li> <p>stream.graphics.g4dn.8xlarge</p> </li> <li> <p>stream.graphics.g4dn.12xlarge</p> </li> <li> <p>stream.graphics.g4dn.16xlarge</p> </li> <li> <p>stream.graphics-pro.4xlarge</p> </li> <li> <p>stream.graphics-pro.8xlarge</p> </li> <li> <p>stream.graphics-pro.16xlarge</p> </li> </ul>"
+          "documentation":"<p>The instance type to use when launching fleet instances. The following instance types are available:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> <li> <p>stream.standard.large</p> </li> <li> <p>stream.compute.large</p> </li> <li> <p>stream.compute.xlarge</p> </li> <li> <p>stream.compute.2xlarge</p> </li> <li> <p>stream.compute.4xlarge</p> </li> <li> <p>stream.compute.8xlarge</p> </li> <li> <p>stream.memory.large</p> </li> <li> <p>stream.memory.xlarge</p> </li> <li> <p>stream.memory.2xlarge</p> </li> <li> <p>stream.memory.4xlarge</p> </li> <li> <p>stream.memory.8xlarge</p> </li> <li> <p>stream.memory.z1d.large</p> </li> <li> <p>stream.memory.z1d.xlarge</p> </li> <li> <p>stream.memory.z1d.2xlarge</p> </li> <li> <p>stream.memory.z1d.3xlarge</p> </li> <li> <p>stream.memory.z1d.6xlarge</p> </li> <li> <p>stream.memory.z1d.12xlarge</p> </li> <li> <p>stream.graphics-design.large</p> </li> <li> <p>stream.graphics-design.xlarge</p> </li> <li> <p>stream.graphics-design.2xlarge</p> </li> <li> <p>stream.graphics-design.4xlarge</p> </li> <li> <p>stream.graphics-desktop.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.xlarge</p> </li> <li> <p>stream.graphics.g4dn.2xlarge</p> </li> <li> <p>stream.graphics.g4dn.4xlarge</p> </li> <li> <p>stream.graphics.g4dn.8xlarge</p> </li> <li> <p>stream.graphics.g4dn.12xlarge</p> </li> <li> <p>stream.graphics.g4dn.16xlarge</p> </li> <li> <p>stream.graphics-pro.4xlarge</p> </li> <li> <p>stream.graphics-pro.8xlarge</p> </li> <li> <p>stream.graphics-pro.16xlarge</p> </li> </ul> <p>The following instance types are available for Elastic fleets:</p> <ul> <li> <p>stream.standard.small</p> </li> <li> <p>stream.standard.medium</p> </li> </ul>"
         },
         "ComputeCapacity":{
           "shape":"ComputeCapacity",
-          "documentation":"<p>The desired capacity for the fleet.</p>"
+          "documentation":"<p>The desired capacity for the fleet. This is not allowed for Elastic fleets.</p>"
         },
         "VpcConfig":{
           "shape":"VpcConfig",
-          "documentation":"<p>The VPC configuration for the fleet.</p>"
+          "documentation":"<p>The VPC configuration for the fleet. This is required for Elastic fleets, but not required for other fleet types. Elastic fleets require that you specify at least two subnets in different availability zones. </p>"
         },
         "MaxUserDurationInSeconds":{
           "shape":"Integer",
@@ -3328,6 +4451,18 @@
         "StreamView":{
           "shape":"StreamView",
           "documentation":"<p>The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When <code>APP</code> is specified, only the windows of applications opened by users display. When <code>DESKTOP</code> is specified, the standard desktop that is provided by the operating system displays.</p> <p>The default value is <code>APP</code>.</p>"
+        },
+        "Platform":{
+          "shape":"PlatformType",
+          "documentation":"<p>The platform of the fleet. WINDOWS_SERVER_2019 and AMAZON_LINUX2 are supported for Elastic fleets. </p>"
+        },
+        "MaxConcurrentSessions":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of concurrent sessions for a fleet.</p>"
+        },
+        "UsbDeviceFilterStrings":{
+          "shape":"UsbDeviceFilterStrings",
+          "documentation":"<p>The USB device filter strings that specify which USB devices a user can redirect to the fleet streaming session, when using the Windows native client. This is allowed but not required for Elastic fleets.</p>"
         }
       }
     },
@@ -3469,6 +4604,16 @@
       "type":"list",
       "member":{"shape":"UsageReportSubscription"}
     },
+    "UsbDeviceFilterString":{
+      "type":"string",
+      "max":100,
+      "min":0,
+      "pattern":"^((\\w*)\\s*(\\w*)\\s*\\,\\s*(\\w*)\\s*\\,\\s*\\*?(\\w*)\\s*\\,\\s*\\*?(\\w*)\\s*\\,\\s*\\*?\\d*\\s*\\,\\s*\\*?\\d*\\s*\\,\\s*[0-1]\\s*\\,\\s*[0-1]\\s*)$"
+    },
+    "UsbDeviceFilterStrings":{
+      "type":"list",
+      "member":{"shape":"UsbDeviceFilterString"}
+    },
     "User":{
       "type":"structure",
       "required":["AuthenticationType"],
diff --git a/contrib/python/botocore/py3/botocore/data/appsync/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/appsync/2017-07-25/service-2.json
index b7c12217d74..d0bfdf74dfb 100644
--- a/contrib/python/botocore/py3/botocore/data/appsync/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/appsync/2017-07-25/service-2.json
@@ -13,6 +13,22 @@
     "uid":"appsync-2017-07-25"
   },
   "operations":{
+    "AssociateApi":{
+      "name":"AssociateApi",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/domainnames/{domainName}/apiassociation"
+      },
+      "input":{"shape":"AssociateApiRequest"},
+      "output":{"shape":"AssociateApiResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Maps an endpoint to your custom domain.</p>"
+    },
     "CreateApiCache":{
       "name":"CreateApiCache",
       "http":{
@@ -48,7 +64,7 @@
         {"shape":"ApiKeyLimitExceededException"},
         {"shape":"ApiKeyValidityOutOfBoundsException"}
       ],
-      "documentation":"<p>Creates a unique key that you can distribute to clients who are executing your API.</p>"
+      "documentation":"<p>Creates a unique key that you can distribute to clients who invoke your API.</p>"
     },
     "CreateDataSource":{
       "name":"CreateDataSource",
@@ -67,6 +83,21 @@
       ],
       "documentation":"<p>Creates a <code>DataSource</code> object.</p>"
     },
+    "CreateDomainName":{
+      "name":"CreateDomainName",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/domainnames"
+      },
+      "input":{"shape":"CreateDomainNameRequest"},
+      "output":{"shape":"CreateDomainNameResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalFailureException"}
+      ],
+      "documentation":"<p>Creates a custom <code>DomainName</code> object.</p>"
+    },
     "CreateFunction":{
       "name":"CreateFunction",
       "http":{
@@ -81,7 +112,7 @@
         {"shape":"UnauthorizedException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates a <code>Function</code> object.</p> <p>A function is a reusable entity. Multiple functions can be used to compose the resolver logic.</p>"
+      "documentation":"<p>Creates a <code>Function</code> object.</p> <p>A function is a reusable entity. You can use multiple functions to compose the resolver logic.</p>"
     },
     "CreateGraphqlApi":{
       "name":"CreateGraphqlApi",
@@ -115,7 +146,7 @@
         {"shape":"UnauthorizedException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates a <code>Resolver</code> object.</p> <p>A resolver converts incoming requests into a format that a data source can understand and converts the data source's responses into GraphQL.</p>"
+      "documentation":"<p>Creates a <code>Resolver</code> object.</p> <p>A resolver converts incoming requests into a format that a data source can understand, and converts the data source's responses into GraphQL.</p>"
     },
     "CreateType":{
       "name":"CreateType",
@@ -184,6 +215,23 @@
       ],
       "documentation":"<p>Deletes a <code>DataSource</code> object.</p>"
     },
+    "DeleteDomainName":{
+      "name":"DeleteDomainName",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/v1/domainnames/{domainName}"
+      },
+      "input":{"shape":"DeleteDomainNameRequest"},
+      "output":{"shape":"DeleteDomainNameResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Deletes a custom <code>DomainName</code> object.</p>"
+    },
     "DeleteFunction":{
       "name":"DeleteFunction",
       "http":{
@@ -251,6 +299,23 @@
       ],
       "documentation":"<p>Deletes a <code>Type</code> object.</p>"
     },
+    "DisassociateApi":{
+      "name":"DisassociateApi",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/v1/domainnames/{domainName}/apiassociation"
+      },
+      "input":{"shape":"DisassociateApiRequest"},
+      "output":{"shape":"DisassociateApiResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Removes an <code>ApiAssociation</code> object from a custom domain.</p>"
+    },
     "FlushApiCache":{
       "name":"FlushApiCache",
       "http":{
@@ -268,6 +333,22 @@
       ],
       "documentation":"<p>Flushes an <code>ApiCache</code> object.</p>"
     },
+    "GetApiAssociation":{
+      "name":"GetApiAssociation",
+      "http":{
+        "method":"GET",
+        "requestUri":"/v1/domainnames/{domainName}/apiassociation"
+      },
+      "input":{"shape":"GetApiAssociationRequest"},
+      "output":{"shape":"GetApiAssociationResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Retrieves an <code>ApiAssociation</code> object.</p>"
+    },
     "GetApiCache":{
       "name":"GetApiCache",
       "http":{
@@ -302,6 +383,22 @@
       ],
       "documentation":"<p>Retrieves a <code>DataSource</code> object.</p>"
     },
+    "GetDomainName":{
+      "name":"GetDomainName",
+      "http":{
+        "method":"GET",
+        "requestUri":"/v1/domainnames/{domainName}"
+      },
+      "input":{"shape":"GetDomainNameRequest"},
+      "output":{"shape":"GetDomainNameResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Retrieves a custom <code>DomainName</code> object.</p>"
+    },
     "GetFunction":{
       "name":"GetFunction",
       "http":{
@@ -430,6 +527,21 @@
       ],
       "documentation":"<p>Lists the data sources for a given API.</p>"
     },
+    "ListDomainNames":{
+      "name":"ListDomainNames",
+      "http":{
+        "method":"GET",
+        "requestUri":"/v1/domainnames"
+      },
+      "input":{"shape":"ListDomainNamesRequest"},
+      "output":{"shape":"ListDomainNamesResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"InternalFailureException"}
+      ],
+      "documentation":"<p>Lists multiple custom domain names.</p>"
+    },
     "ListFunctions":{
       "name":"ListFunctions",
       "http":{
@@ -614,7 +726,7 @@
         {"shape":"InternalFailureException"},
         {"shape":"ApiKeyValidityOutOfBoundsException"}
       ],
-      "documentation":"<p>Updates an API key. The key can be updated while it is not deleted.</p>"
+      "documentation":"<p>Updates an API key. You can update the key as long as it's not deleted.</p>"
     },
     "UpdateDataSource":{
       "name":"UpdateDataSource",
@@ -633,6 +745,23 @@
       ],
       "documentation":"<p>Updates a <code>DataSource</code> object.</p>"
     },
+    "UpdateDomainName":{
+      "name":"UpdateDomainName",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/domainnames/{domainName}"
+      },
+      "input":{"shape":"UpdateDomainNameRequest"},
+      "output":{"shape":"UpdateDomainNameResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"BadRequestException"},
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"NotFoundException"}
+      ],
+      "documentation":"<p>Updates a custom <code>DomainName</code> object.</p>"
+    },
     "UpdateFunction":{
       "name":"UpdateFunction",
       "http":{
@@ -707,7 +836,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>You do not have access to perform this operation on this resource.</p>",
+      "documentation":"<p>You don't have access to perform this operation on this resource.</p>",
       "error":{"httpStatusCode":403},
       "exception":true
     },
@@ -716,11 +845,11 @@
       "members":{
         "authenticationType":{
           "shape":"AuthenticationType",
-          "documentation":"<p>The authentication type: API key, Identity and Access Management, OIDC, Amazon Cognito user pools, or Amazon Web Services Lambda.</p>"
+          "documentation":"<p>The authentication type: API key, Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, or Lambda.</p>"
         },
         "openIDConnectConfig":{
           "shape":"OpenIDConnectConfig",
-          "documentation":"<p>The OpenID Connect configuration.</p>"
+          "documentation":"<p>The OIDC configuration.</p>"
         },
         "userPoolConfig":{
           "shape":"CognitoUserPoolConfig",
@@ -728,7 +857,7 @@
         },
         "lambdaAuthorizerConfig":{
           "shape":"LambdaAuthorizerConfig",
-          "documentation":"<p>Configuration for Amazon Web Services Lambda function authorization.</p>"
+          "documentation":"<p>Configuration for Lambda function authorization.</p>"
         }
       },
       "documentation":"<p>Describes an additional authentication provider.</p>"
@@ -737,12 +866,34 @@
       "type":"list",
       "member":{"shape":"AdditionalAuthenticationProvider"}
     },
+    "ApiAssociation":{
+      "type":"structure",
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>"
+        },
+        "apiId":{
+          "shape":"String",
+          "documentation":"<p>The API ID.</p>"
+        },
+        "associationStatus":{
+          "shape":"AssociationStatus",
+          "documentation":"<p>Identifies the status of an association.</p> <ul> <li> <p> <b>PROCESSING</b>: The API association is being created. You cannot modify association requests during processing.</p> </li> <li> <p> <b>SUCCESS</b>: The API association was successful. You can modify associations after success.</p> </li> <li> <p> <b>FAILED</b>: The API association has failed. You can modify associations after failure.</p> </li> </ul>"
+        },
+        "deploymentDetail":{
+          "shape":"String",
+          "documentation":"<p>Details about the last deployment status.</p>"
+        }
+      },
+      "documentation":"<p>Describes an <code>ApiAssociation</code> object.</p>"
+    },
     "ApiCache":{
       "type":"structure",
       "members":{
         "ttl":{
           "shape":"Long",
-          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are between 1 and 3600 seconds.</p>"
+          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are 1–3,600 seconds.</p>"
         },
         "apiCachingBehavior":{
           "shape":"ApiCachingBehavior",
@@ -750,11 +901,11 @@
         },
         "transitEncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Transit encryption flag when connecting to cache. This setting cannot be updated after creation.</p>"
+          "documentation":"<p>Transit encryption flag when connecting to cache. You cannot update this setting after creation.</p>"
         },
         "atRestEncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>At rest encryption flag for cache. This setting cannot be updated after creation.</p>"
+          "documentation":"<p>At-rest encryption flag for cache. You cannot update this setting after creation.</p>"
         },
         "type":{
           "shape":"ApiCacheType",
@@ -824,7 +975,7 @@
           "documentation":"<p>The time after which the API key is deleted. The date is represented as seconds since the epoch, rounded down to the nearest hour.</p>"
         }
       },
-      "documentation":"<p>Describes an API key.</p> <p>Customers invoke AppSync GraphQL API operations with API keys as an identity mechanism. There are two key versions:</p> <p> <b>da1</b>: This version was introduced at launch in November 2017. These keys always expire after 7 days. Key expiration is managed by Amazon DynamoDB TTL. The keys ceased to be valid after February 21, 2018 and should not be used after that date.</p> <ul> <li> <p> <code>ListApiKeys</code> returns the expiration time in milliseconds.</p> </li> <li> <p> <code>CreateApiKey</code> returns the expiration time in milliseconds.</p> </li> <li> <p> <code>UpdateApiKey</code> is not available for this key version.</p> </li> <li> <p> <code>DeleteApiKey</code> deletes the item from the table.</p> </li> <li> <p>Expiration is stored in Amazon DynamoDB as milliseconds. This results in a bug where keys are not automatically deleted because DynamoDB expects the TTL to be stored in seconds. As a one-time action, we will delete these keys from the table after February 21, 2018.</p> </li> </ul> <p> <b>da2</b>: This version was introduced in February 2018 when AppSync added support to extend key expiration.</p> <ul> <li> <p> <code>ListApiKeys</code> returns the expiration time and deletion time in seconds.</p> </li> <li> <p> <code>CreateApiKey</code> returns the expiration time and deletion time in seconds and accepts a user-provided expiration time in seconds.</p> </li> <li> <p> <code>UpdateApiKey</code> returns the expiration time and and deletion time in seconds and accepts a user-provided expiration time in seconds. Expired API keys are kept for 60 days after the expiration time. Key expiration time can be updated while the key is not deleted. </p> </li> <li> <p> <code>DeleteApiKey</code> deletes the item from the table.</p> </li> <li> <p>Expiration is stored in Amazon DynamoDB as seconds. After the expiration time, using the key to authenticate will fail. But the key can be reinstated before deletion.</p> </li> <li> <p>Deletion is stored in Amazon DynamoDB as seconds. The key will be deleted after deletion time. </p> </li> </ul>"
+      "documentation":"<p>Describes an API key.</p> <p>Customers invoke AppSync GraphQL API operations with API keys as an identity mechanism. There are two key versions:</p> <p> <b>da1</b>: We introduced this version at launch in November 2017. These keys always expire after 7 days. Amazon DynamoDB TTL manages key expiration. These keys ceased to be valid after February 21, 2018, and they should no longer be used.</p> <ul> <li> <p> <code>ListApiKeys</code> returns the expiration time in milliseconds.</p> </li> <li> <p> <code>CreateApiKey</code> returns the expiration time in milliseconds.</p> </li> <li> <p> <code>UpdateApiKey</code> is not available for this key version.</p> </li> <li> <p> <code>DeleteApiKey</code> deletes the item from the table.</p> </li> <li> <p>Expiration is stored in DynamoDB as milliseconds. This results in a bug where keys are not automatically deleted because DynamoDB expects the TTL to be stored in seconds. As a one-time action, we deleted these keys from the table on February 21, 2018.</p> </li> </ul> <p> <b>da2</b>: We introduced this version in February 2018 when AppSync added support to extend key expiration.</p> <ul> <li> <p> <code>ListApiKeys</code> returns the expiration time and deletion time in seconds.</p> </li> <li> <p> <code>CreateApiKey</code> returns the expiration time and deletion time in seconds and accepts a user-provided expiration time in seconds.</p> </li> <li> <p> <code>UpdateApiKey</code> returns the expiration time and and deletion time in seconds and accepts a user-provided expiration time in seconds. Expired API keys are kept for 60 days after the expiration time. You can update the key expiration time as long as the key isn't deleted.</p> </li> <li> <p> <code>DeleteApiKey</code> deletes the item from the table.</p> </li> <li> <p>Expiration is stored in DynamoDB as seconds. After the expiration time, using the key to authenticate will fail. However, you can reinstate the key before deletion.</p> </li> <li> <p>Deletion is stored in DynamoDB as seconds. The key is deleted after deletion time.</p> </li> </ul>"
     },
     "ApiKeyLimitExceededException":{
       "type":"structure",
@@ -857,6 +1008,42 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "AssociateApiRequest":{
+      "type":"structure",
+      "required":[
+        "domainName",
+        "apiId"
+      ],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        },
+        "apiId":{
+          "shape":"String",
+          "documentation":"<p>The API ID.</p>"
+        }
+      }
+    },
+    "AssociateApiResponse":{
+      "type":"structure",
+      "members":{
+        "apiAssociation":{
+          "shape":"ApiAssociation",
+          "documentation":"<p>The <code>ApiAssociation</code> object.</p>"
+        }
+      }
+    },
+    "AssociationStatus":{
+      "type":"string",
+      "enum":[
+        "PROCESSING",
+        "FAILED",
+        "SUCCESS"
+      ]
+    },
     "AuthenticationType":{
       "type":"string",
       "enum":[
@@ -873,14 +1060,14 @@
       "members":{
         "authorizationType":{
           "shape":"AuthorizationType",
-          "documentation":"<p>The authorization type required by the HTTP endpoint.</p> <ul> <li> <p> <b>AWS_IAM</b>: The authorization type is Sigv4.</p> </li> </ul>"
+          "documentation":"<p>The authorization type that the HTTP endpoint requires.</p> <ul> <li> <p> <b>AWS_IAM</b>: The authorization type is Signature Version 4 (SigV4).</p> </li> </ul>"
         },
         "awsIamConfig":{
           "shape":"AwsIamConfig",
-          "documentation":"<p>The Identity and Access Management settings.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) settings.</p>"
         }
       },
-      "documentation":"<p>The authorization config in case the HTTP endpoint requires authorization.</p>"
+      "documentation":"<p>The authorization configuration in case the HTTP endpoint requires authorization.</p>"
     },
     "AuthorizationType":{
       "type":"string",
@@ -891,21 +1078,21 @@
       "members":{
         "signingRegion":{
           "shape":"String",
-          "documentation":"<p>The signing region for Identity and Access Management authorization.</p>"
+          "documentation":"<p>The signing Amazon Web Services Region for IAM authorization.</p>"
         },
         "signingServiceName":{
           "shape":"String",
-          "documentation":"<p>The signing service name for Identity and Access Management authorization.</p>"
+          "documentation":"<p>The signing service name for IAM authorization.</p>"
         }
       },
-      "documentation":"<p>The Identity and Access Management configuration.</p>"
+      "documentation":"<p>The Identity and Access Management (IAM) configuration.</p>"
     },
     "BadRequestException":{
       "type":"structure",
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The request is not well formed. For example, a value is invalid or a required field is missing. Check the field values, and then try again. </p>",
+      "documentation":"<p>The request is not well formed. For example, a value is invalid or a required field is missing. Check the field values, and then try again.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -917,19 +1104,25 @@
       "members":{
         "ttl":{
           "shape":"Long",
-          "documentation":"<p>The TTL in seconds for a resolver that has caching enabled.</p> <p>Valid values are between 1 and 3600 seconds.</p>"
+          "documentation":"<p>The TTL in seconds for a resolver that has caching activated.</p> <p>Valid values are 1–3,600 seconds.</p>"
         },
         "cachingKeys":{
           "shape":"CachingKeys",
-          "documentation":"<p>The caching keys for a resolver that has caching enabled.</p> <p>Valid values are entries from the <code>$context.arguments</code>, <code>$context.source</code>, and <code>$context.identity</code> maps.</p>"
+          "documentation":"<p>The caching keys for a resolver that has caching activated.</p> <p>Valid values are entries from the <code>$context.arguments</code>, <code>$context.source</code>, and <code>$context.identity</code> maps.</p>"
         }
       },
-      "documentation":"<p>The caching configuration for a resolver that has caching enabled.</p>"
+      "documentation":"<p>The caching configuration for a resolver that has caching activated.</p>"
     },
     "CachingKeys":{
       "type":"list",
       "member":{"shape":"String"}
     },
+    "CertificateArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:[a-z-]*:(acm|iam):[a-z0-9-]*:\\d{12}:(certificate|server-certificate)/[0-9A-Za-z_/-]*$"
+    },
     "CognitoUserPoolConfig":{
       "type":"structure",
       "required":[
@@ -957,7 +1150,7 @@
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>Another modification is in progress at this time and it must complete before you can make your change. </p>",
+      "documentation":"<p>Another modification is in progress at this time and it must complete before you can make your change.</p>",
       "error":{"httpStatusCode":409},
       "exception":true
     },
@@ -988,21 +1181,21 @@
       "members":{
         "apiId":{
           "shape":"String",
-          "documentation":"<p>The GraphQL API Id.</p>",
+          "documentation":"<p>The GraphQL API ID.</p>",
           "location":"uri",
           "locationName":"apiId"
         },
         "ttl":{
           "shape":"Long",
-          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are between 1 and 3600 seconds.</p>"
+          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are 1–3,600 seconds.</p>"
         },
         "transitEncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Transit encryption flag when connecting to cache. This setting cannot be updated after creation.</p>"
+          "documentation":"<p>Transit encryption flag when connecting to cache. You cannot update this setting after creation.</p>"
         },
         "atRestEncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>At rest encryption flag for cache. This setting cannot be updated after creation.</p>"
+          "documentation":"<p>At-rest encryption flag for cache. You cannot update this setting after creation.</p>"
         },
         "apiCachingBehavior":{
           "shape":"ApiCachingBehavior",
@@ -1041,7 +1234,7 @@
         },
         "expires":{
           "shape":"Long",
-          "documentation":"<p>The time from creation time after which the API key expires. The date is represented as seconds since the epoch, rounded down to the nearest hour. The default value for this parameter is 7 days from creation time. For more information, see .</p>"
+          "documentation":"<p>From the creation time, the time after which the API key expires. The date is represented as seconds since the epoch, rounded down to the nearest hour. The default value for this parameter is 7 days from creation time. For more information, see .</p>"
         }
       }
     },
@@ -1082,7 +1275,7 @@
         },
         "serviceRoleArn":{
           "shape":"String",
-          "documentation":"<p>The Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) service role Amazon Resource Name (ARN) for the data source. The system assumes this role when accessing the data source.</p>"
         },
         "dynamodbConfig":{
           "shape":"DynamodbDataSourceConfig",
@@ -1090,7 +1283,7 @@
         },
         "lambdaConfig":{
           "shape":"LambdaDataSourceConfig",
-          "documentation":"<p>Amazon Web Services Lambda settings.</p>"
+          "documentation":"<p>Lambda settings.</p>"
         },
         "elasticsearchConfig":{
           "shape":"ElasticsearchDataSourceConfig",
@@ -1119,6 +1312,36 @@
         }
       }
     },
+    "CreateDomainNameRequest":{
+      "type":"structure",
+      "required":[
+        "domainName",
+        "certificateArn"
+      ],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>"
+        },
+        "certificateArn":{
+          "shape":"CertificateArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the certificate. This can be an Certificate Manager (ACM) certificate or an Identity and Access Management (IAM) server certificate.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the <code>DomainName</code>.</p>"
+        }
+      }
+    },
+    "CreateDomainNameResponse":{
+      "type":"structure",
+      "members":{
+        "domainNameConfig":{
+          "shape":"DomainNameConfig",
+          "documentation":"<p>The configuration for the <code>DomainName</code>.</p>"
+        }
+      }
+    },
     "CreateFunctionRequest":{
       "type":"structure",
       "required":[
@@ -1152,13 +1375,17 @@
         },
         "responseMappingTemplate":{
           "shape":"MappingTemplate",
-          "documentation":"<p>The <code>Function</code> response mapping template. </p>"
+          "documentation":"<p>The <code>Function</code> response mapping template.</p>"
         },
         "functionVersion":{
           "shape":"String",
-          "documentation":"<p>The <code>version</code> of the request mapping template. Currently the supported value is 2018-05-29. </p>"
+          "documentation":"<p>The <code>version</code> of the request mapping template. Currently, the supported value is 2018-05-29.</p>"
         },
-        "syncConfig":{"shape":"SyncConfig"}
+        "syncConfig":{"shape":"SyncConfig"},
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
+        }
       }
     },
     "CreateFunctionResponse":{
@@ -1187,7 +1414,7 @@
         },
         "authenticationType":{
           "shape":"AuthenticationType",
-          "documentation":"<p>The authentication type: API key, Identity and Access Management, OIDC, Amazon Cognito user pools, or Amazon Web Services Lambda.</p>"
+          "documentation":"<p>The authentication type: API key, Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, or Lambda.</p>"
         },
         "userPoolConfig":{
           "shape":"UserPoolConfig",
@@ -1195,7 +1422,7 @@
         },
         "openIDConnectConfig":{
           "shape":"OpenIDConnectConfig",
-          "documentation":"<p>The OpenID Connect configuration.</p>"
+          "documentation":"<p>The OIDC configuration.</p>"
         },
         "tags":{
           "shape":"TagMap",
@@ -1207,11 +1434,11 @@
         },
         "xrayEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>A flag indicating whether to enable X-Ray tracing for the <code>GraphqlApi</code>.</p>"
+          "documentation":"<p>A flag indicating whether to use X-Ray tracing for the <code>GraphqlApi</code>.</p>"
         },
         "lambdaAuthorizerConfig":{
           "shape":"LambdaAuthorizerConfig",
-          "documentation":"<p>Configuration for Amazon Web Services Lambda function authorization.</p>"
+          "documentation":"<p>Configuration for Lambda function authorization.</p>"
         }
       }
     },
@@ -1254,15 +1481,15 @@
         },
         "requestMappingTemplate":{
           "shape":"MappingTemplate",
-          "documentation":"<p>The mapping template to be used for requests.</p> <p>A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).</p> <p>VTL request mapping templates are optional when using a Lambda data source. For all other data sources, VTL request and response mapping templates are required.</p>"
+          "documentation":"<p>The mapping template to use for requests.</p> <p>A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).</p> <p>VTL request mapping templates are optional when using an Lambda data source. For all other data sources, VTL request and response mapping templates are required.</p>"
         },
         "responseMappingTemplate":{
           "shape":"MappingTemplate",
-          "documentation":"<p>The mapping template to be used for responses from the data source.</p>"
+          "documentation":"<p>The mapping template to use for responses from the data source.</p>"
         },
         "kind":{
           "shape":"ResolverKind",
-          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. A UNIT resolver enables you to execute a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. A PIPELINE resolver enables you to execute a series of <code>Function</code> in a serial manner. You can use a pipeline resolver to execute a GraphQL query against multiple data sources.</p> </li> </ul>"
+          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of <code>Function</code> objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources.</p> </li> </ul>"
         },
         "pipelineConfig":{
           "shape":"PipelineConfig",
@@ -1270,11 +1497,15 @@
         },
         "syncConfig":{
           "shape":"SyncConfig",
-          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned datasource.</p>"
+          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned data source.</p>"
         },
         "cachingConfig":{
           "shape":"CachingConfig",
           "documentation":"<p>The caching configuration for the resolver.</p>"
+        },
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
         }
       }
     },
@@ -1325,7 +1556,7 @@
       "members":{
         "dataSourceArn":{
           "shape":"String",
-          "documentation":"<p>The data source ARN.</p>"
+          "documentation":"<p>The data source Amazon Resource Name (ARN).</p>"
         },
         "name":{
           "shape":"ResourceName",
@@ -1337,19 +1568,19 @@
         },
         "type":{
           "shape":"DataSourceType",
-          "documentation":"<p>The type of the data source.</p> <ul> <li> <p> <b>AWS_LAMBDA</b>: The data source is an Amazon Web Services Lambda function.</p> </li> <li> <p> <b>AMAZON_DYNAMODB</b>: The data source is an Amazon DynamoDB table.</p> </li> <li> <p> <b>AMAZON_ELASTICSEARCH</b>: The data source is an Amazon OpenSearch Service domain.</p> </li> <li> <p> <b>AMAZON_OPENSEARCH_SERVICE</b>: The data source is an Amazon OpenSearch Service domain.</p> </li> <li> <p> <b>NONE</b>: There is no data source. This type is used when you wish to invoke a GraphQL operation without connecting to a data source, such as performing data transformation with resolvers or triggering a subscription to be invoked from a mutation.</p> </li> <li> <p> <b>HTTP</b>: The data source is an HTTP endpoint.</p> </li> <li> <p> <b>RELATIONAL_DATABASE</b>: The data source is a relational database.</p> </li> </ul>"
+          "documentation":"<p>The type of the data source.</p> <ul> <li> <p> <b>AWS_LAMBDA</b>: The data source is an Lambda function.</p> </li> <li> <p> <b>AMAZON_DYNAMODB</b>: The data source is an Amazon DynamoDB table.</p> </li> <li> <p> <b>AMAZON_ELASTICSEARCH</b>: The data source is an Amazon OpenSearch Service domain.</p> </li> <li> <p> <b>AMAZON_OPENSEARCH_SERVICE</b>: The data source is an Amazon OpenSearch Service domain.</p> </li> <li> <p> <b>NONE</b>: There is no data source. Use this type when you want to invoke a GraphQL operation without connecting to a data source, such as when you're performing data transformation with resolvers or invoking a subscription from a mutation.</p> </li> <li> <p> <b>HTTP</b>: The data source is an HTTP endpoint.</p> </li> <li> <p> <b>RELATIONAL_DATABASE</b>: The data source is a relational database.</p> </li> </ul>"
         },
         "serviceRoleArn":{
           "shape":"String",
-          "documentation":"<p>The Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) service role Amazon Resource Name (ARN) for the data source. The system assumes this role when accessing the data source.</p>"
         },
         "dynamodbConfig":{
           "shape":"DynamodbDataSourceConfig",
-          "documentation":"<p>Amazon DynamoDB settings.</p>"
+          "documentation":"<p>DynamoDB settings.</p>"
         },
         "lambdaConfig":{
           "shape":"LambdaDataSourceConfig",
-          "documentation":"<p>Amazon Web Services Lambda settings.</p>"
+          "documentation":"<p>Lambda settings.</p>"
         },
         "elasticsearchConfig":{
           "shape":"ElasticsearchDataSourceConfig",
@@ -1464,6 +1695,23 @@
       "members":{
       }
     },
+    "DeleteDomainNameRequest":{
+      "type":"structure",
+      "required":["domainName"],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        }
+      }
+    },
+    "DeleteDomainNameResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteFunctionRequest":{
       "type":"structure",
       "required":[
@@ -1571,7 +1819,7 @@
       "members":{
         "baseTableTTL":{
           "shape":"Long",
-          "documentation":"<p>The number of minutes an Item is stored in the datasource.</p>"
+          "documentation":"<p>The number of minutes that an Item is stored in the data source.</p>"
         },
         "deltaSyncTableName":{
           "shape":"String",
@@ -1579,11 +1827,70 @@
         },
         "deltaSyncTableTTL":{
           "shape":"Long",
-          "documentation":"<p>The number of minutes a Delta Sync log entry is stored in the Delta Sync table.</p>"
+          "documentation":"<p>The number of minutes that a Delta Sync log entry is stored in the Delta Sync table.</p>"
         }
       },
       "documentation":"<p>Describes a Delta Sync configuration.</p>"
     },
+    "Description":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^.*$"
+    },
+    "DisassociateApiRequest":{
+      "type":"structure",
+      "required":["domainName"],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        }
+      }
+    },
+    "DisassociateApiResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DomainName":{
+      "type":"string",
+      "max":253,
+      "min":1,
+      "pattern":"^(\\*[\\w\\d-]*\\.)?([\\w\\d-]+\\.)+[\\w\\d-]+$"
+    },
+    "DomainNameConfig":{
+      "type":"structure",
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the <code>DomainName</code> configuration.</p>"
+        },
+        "certificateArn":{
+          "shape":"CertificateArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the certificate. This can be an Certificate Manager (ACM) certificate or an Identity and Access Management (IAM) server certificate.</p>"
+        },
+        "appsyncDomainName":{
+          "shape":"String",
+          "documentation":"<p>The domain name that AppSync provides.</p>"
+        },
+        "hostedZoneId":{
+          "shape":"String",
+          "documentation":"<p>The ID of your Amazon Route 53 hosted zone.</p>"
+        }
+      },
+      "documentation":"<p>Describes a configuration for a custom domain.</p>"
+    },
+    "DomainNameConfigs":{
+      "type":"list",
+      "member":{"shape":"DomainNameConfig"}
+    },
     "DynamodbDataSourceConfig":{
       "type":"structure",
       "required":[
@@ -1605,7 +1912,7 @@
         },
         "deltaSyncConfig":{
           "shape":"DeltaSyncConfig",
-          "documentation":"<p>The <code>DeltaSyncConfig</code> for a versioned datasource.</p>"
+          "documentation":"<p>The <code>DeltaSyncConfig</code> for a versioned data source.</p>"
         },
         "versioned":{
           "shape":"Boolean",
@@ -1669,7 +1976,7 @@
         },
         "functionArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the <code>Function</code> object.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the <code>Function</code> object.</p>"
         },
         "name":{
           "shape":"ResourceName",
@@ -1693,11 +2000,15 @@
         },
         "functionVersion":{
           "shape":"String",
-          "documentation":"<p>The version of the request mapping template. Currently only the 2018-05-29 version of the template is supported.</p>"
+          "documentation":"<p>The version of the request mapping template. Currently, only the 2018-05-29 version of the template is supported.</p>"
         },
-        "syncConfig":{"shape":"SyncConfig"}
+        "syncConfig":{"shape":"SyncConfig"},
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
+        }
       },
-      "documentation":"<p>A function is a reusable entity. Multiple functions can be used to compose the resolver logic.</p>"
+      "documentation":"<p>A function is a reusable entity. You can use multiple functions to compose the resolver logic.</p>"
     },
     "Functions":{
       "type":"list",
@@ -1707,6 +2018,27 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "GetApiAssociationRequest":{
+      "type":"structure",
+      "required":["domainName"],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        }
+      }
+    },
+    "GetApiAssociationResponse":{
+      "type":"structure",
+      "members":{
+        "apiAssociation":{
+          "shape":"ApiAssociation",
+          "documentation":"<p>The <code>ApiAssociation</code> object.</p>"
+        }
+      }
+    },
     "GetApiCacheRequest":{
       "type":"structure",
       "required":["apiId"],
@@ -1760,6 +2092,27 @@
         }
       }
     },
+    "GetDomainNameRequest":{
+      "type":"structure",
+      "required":["domainName"],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        }
+      }
+    },
+    "GetDomainNameResponse":{
+      "type":"structure",
+      "members":{
+        "domainNameConfig":{
+          "shape":"DomainNameConfig",
+          "documentation":"<p>The configuration for the <code>DomainName</code>.</p>"
+        }
+      }
+    },
     "GetFunctionRequest":{
       "type":"structure",
       "required":[
@@ -1985,7 +2338,7 @@
         },
         "arn":{
           "shape":"String",
-          "documentation":"<p>The ARN.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
         },
         "uris":{
           "shape":"MapOfStringToString",
@@ -2001,15 +2354,15 @@
         },
         "xrayEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>A flag representing whether X-Ray tracing is enabled for this <code>GraphqlApi</code>.</p>"
+          "documentation":"<p>A flag indicating whether to use X-Ray tracing for this <code>GraphqlApi</code>.</p>"
         },
         "wafWebAclArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the WAF ACL associated with this <code>GraphqlApi</code>, if one exists.</p>"
+          "documentation":"<p>The ARN of the WAF access control list (ACL) associated with this <code>GraphqlApi</code>, if one exists.</p>"
         },
         "lambdaAuthorizerConfig":{
           "shape":"LambdaAuthorizerConfig",
-          "documentation":"<p>Configuration for Amazon Web Services Lambda function authorization.</p>"
+          "documentation":"<p>Configuration for Lambda function authorization.</p>"
         }
       },
       "documentation":"<p>Describes a GraphQL API.</p>"
@@ -2023,11 +2376,11 @@
       "members":{
         "endpoint":{
           "shape":"String",
-          "documentation":"<p>The HTTP URL endpoint. You can either specify the domain name or IP, and port combination, and the URL scheme must be HTTP or HTTPS. If the port is not specified, AppSync uses the default port 80 for the HTTP endpoint and port 443 for HTTPS endpoints.</p>"
+          "documentation":"<p>The HTTP URL endpoint. You can specify either the domain name or IP, and port combination, and the URL scheme must be HTTP or HTTPS. If you don't specify the port, AppSync uses the default port 80 for the HTTP endpoint and port 443 for HTTPS endpoints.</p>"
         },
         "authorizationConfig":{
           "shape":"AuthorizationConfig",
-          "documentation":"<p>The authorization config in case the HTTP endpoint requires authorization.</p>"
+          "documentation":"<p>The authorization configuration in case the HTTP endpoint requires authorization.</p>"
         }
       },
       "documentation":"<p>Describes an HTTP data source configuration.</p>"
@@ -2052,24 +2405,24 @@
         },
         "authorizerUri":{
           "shape":"String",
-          "documentation":"<p>The ARN of the Lambda function to be called for authorization. This may be a standard Lambda ARN, a version ARN (<code>.../v3</code>) or alias ARN. </p> <p> <i>Note</i>: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the Console, this is done for you. To do so with the Amazon Web Services CLI, run the following:</p> <p> <code>aws lambda add-permission --function-name \"arn:aws:lambda:us-east-2:111122223333:function:my-function\" --statement-id \"appsync\" --principal appsync.amazonaws.com --action lambda:InvokeFunction</code> </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. This can be a standard Lambda ARN, a version ARN (<code>.../v3</code>), or an alias ARN. </p> <p> <b>Note</b>: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To use the Command Line Interface (CLI), run the following:</p> <p> <code>aws lambda add-permission --function-name \"arn:aws:lambda:us-east-2:111122223333:function:my-function\" --statement-id \"appsync\" --principal appsync.amazonaws.com --action lambda:InvokeFunction</code> </p>"
         },
         "identityValidationExpression":{
           "shape":"String",
           "documentation":"<p>A regular expression for validation of tokens before the Lambda function is called.</p>"
         }
       },
-      "documentation":"<p>A <code>LambdaAuthorizerConfig</code> holds configuration on how to authorize AppSync API access when using the <code>AWS_LAMBDA</code> authorizer mode. Be aware that an AppSync API may have only one Lambda authorizer configured at a time.</p>"
+      "documentation":"<p>A <code>LambdaAuthorizerConfig</code> specifies how to authorize AppSync API access when using the <code>AWS_LAMBDA</code> authorizer mode. Be aware that an AppSync API can have only one Lambda authorizer configured at a time.</p>"
     },
     "LambdaConflictHandlerConfig":{
       "type":"structure",
       "members":{
         "lambdaConflictHandlerArn":{
           "shape":"String",
-          "documentation":"<p>The Arn for the Lambda function to use as the Conflict Handler.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the Lambda function to use as the Conflict Handler.</p>"
         }
       },
-      "documentation":"<p>The <code>LambdaConflictHandlerConfig</code> object when configuring LAMBDA as the Conflict Handler.</p>"
+      "documentation":"<p>The <code>LambdaConflictHandlerConfig</code> object when configuring <code>LAMBDA</code> as the Conflict Handler.</p>"
     },
     "LambdaDataSourceConfig":{
       "type":"structure",
@@ -2077,10 +2430,10 @@
       "members":{
         "lambdaFunctionArn":{
           "shape":"String",
-          "documentation":"<p>The ARN for the Lambda function.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the Lambda function.</p>"
         }
       },
-      "documentation":"<p>Describes an Amazon Web Services Lambda data source configuration.</p>"
+      "documentation":"<p>Describes an Lambda data source configuration.</p>"
     },
     "LimitExceededException":{
       "type":"structure",
@@ -2103,13 +2456,13 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.</p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2124,7 +2477,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier to be passed in the next request to this operation to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier to pass in the next request to this operation to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2140,13 +2493,13 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list. </p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2161,7 +2514,37 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier to be passed in the next request to this operation to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier to pass in the next request to this operation to return the next set of items in the list.</p>"
+        }
+      }
+    },
+    "ListDomainNamesRequest":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The API token.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListDomainNamesResponse":{
+      "type":"structure",
+      "members":{
+        "domainNameConfigs":{
+          "shape":"DomainNameConfigs",
+          "documentation":"<p>Lists configurations for multiple domain names.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The API token.</p>"
         }
       }
     },
@@ -2177,13 +2560,13 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.</p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2198,7 +2581,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2207,13 +2590,13 @@
       "members":{
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list. </p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2228,7 +2611,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier to be passed in the next request to this operation to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier to pass in the next request to this operation to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2247,7 +2630,7 @@
         },
         "functionId":{
           "shape":"String",
-          "documentation":"<p>The Function ID.</p>",
+          "documentation":"<p>The function ID.</p>",
           "location":"uri",
           "locationName":"functionId"
         },
@@ -2259,7 +2642,7 @@
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2274,7 +2657,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that can be used to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier that you can use to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2299,13 +2682,13 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list. </p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2320,7 +2703,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier to be passed in the next request to this operation to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier to pass in the next request to this operation to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2330,7 +2713,7 @@
       "members":{
         "resourceArn":{
           "shape":"ResourceArn",
-          "documentation":"<p>The <code>GraphqlApi</code> ARN.</p>",
+          "documentation":"<p>The <code>GraphqlApi</code> Amazon Resource Name (ARN).</p>",
           "location":"uri",
           "locationName":"resourceArn"
         }
@@ -2366,13 +2749,13 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list. </p>",
+          "documentation":"<p>An identifier that was returned from the previous call to this operation, which you can use to return the next set of items in the list.</p>",
           "location":"querystring",
           "locationName":"nextToken"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results you want the request to return.</p>",
+          "documentation":"<p>The maximum number of results that you want the request to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -2387,7 +2770,7 @@
         },
         "nextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>An identifier to be passed in the next request to this operation to return the next set of items in the list.</p>"
+          "documentation":"<p>An identifier to pass in the next request to this operation to return the next set of items in the list.</p>"
         }
       }
     },
@@ -2400,18 +2783,18 @@
       "members":{
         "fieldLogLevel":{
           "shape":"FieldLogLevel",
-          "documentation":"<p>The field logging level. Values can be NONE, ERROR, or ALL. </p> <ul> <li> <p> <b>NONE</b>: No field-level logs are captured.</p> </li> <li> <p> <b>ERROR</b>: Logs the following information only for the fields that are in error:</p> <ul> <li> <p>The error section in the server response.</p> </li> <li> <p>Field-level errors.</p> </li> <li> <p>The generated request/response functions that got resolved for error fields.</p> </li> </ul> </li> <li> <p> <b>ALL</b>: The following information is logged for all fields in the query:</p> <ul> <li> <p>Field-level tracing information.</p> </li> <li> <p>The generated request/response functions that got resolved for each field.</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The field logging level. Values can be NONE, ERROR, or ALL.</p> <ul> <li> <p> <b>NONE</b>: No field-level logs are captured.</p> </li> <li> <p> <b>ERROR</b>: Logs the following information only for the fields that are in error:</p> <ul> <li> <p>The error section in the server response.</p> </li> <li> <p>Field-level errors.</p> </li> <li> <p>The generated request/response functions that got resolved for error fields.</p> </li> </ul> </li> <li> <p> <b>ALL</b>: The following information is logged for all fields in the query:</p> <ul> <li> <p>Field-level tracing information.</p> </li> <li> <p>The generated request/response functions that got resolved for each field.</p> </li> </ul> </li> </ul>"
         },
         "cloudWatchLogsRoleArn":{
           "shape":"String",
-          "documentation":"<p>The service role that AppSync will assume to publish to Amazon CloudWatch logs in your account. </p>"
+          "documentation":"<p>The service role that AppSync assumes to publish to CloudWatch logs in your account.</p>"
         },
         "excludeVerboseContent":{
           "shape":"Boolean",
           "documentation":"<p>Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.</p>"
         }
       },
-      "documentation":"<p>The CloudWatch Logs configuration.</p>"
+      "documentation":"<p>The Amazon CloudWatch Logs configuration.</p>"
     },
     "Long":{"type":"long"},
     "MapOfStringToString":{
@@ -2422,7 +2805,13 @@
     "MappingTemplate":{
       "type":"string",
       "max":65536,
-      "min":1
+      "min":1,
+      "pattern":"^.*$"
+    },
+    "MaxBatchSize":{
+      "type":"integer",
+      "max":2000,
+      "min":0
     },
     "MaxResults":{
       "type":"integer",
@@ -2444,22 +2833,22 @@
       "members":{
         "issuer":{
           "shape":"String",
-          "documentation":"<p>The issuer for the OpenID Connect configuration. The issuer returned by discovery must exactly match the value of <code>iss</code> in the ID token.</p>"
+          "documentation":"<p>The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of <code>iss</code> in the ID token.</p>"
         },
         "clientId":{
           "shape":"String",
-          "documentation":"<p>The client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AppSync can validate against multiple client identifiers at a time.</p>"
+          "documentation":"<p>The client identifier of the relying party at the OpenID identity provider. This identifier is typically obtained when the relying party is registered with the OpenID identity provider. You can specify a regular expression so that AppSync can validate against multiple client identifiers at a time.</p>"
         },
         "iatTTL":{
           "shape":"Long",
-          "documentation":"<p>The number of milliseconds a token is valid after being issued to a user.</p>"
+          "documentation":"<p>The number of milliseconds that a token is valid after it's issued to a user.</p>"
         },
         "authTTL":{
           "shape":"Long",
-          "documentation":"<p>The number of milliseconds a token is valid after being authenticated.</p>"
+          "documentation":"<p>The number of milliseconds that a token is valid after being authenticated.</p>"
         }
       },
-      "documentation":"<p>Describes an OpenID Connect configuration.</p>"
+      "documentation":"<p>Describes an OpenID Connect (OIDC) configuration.</p>"
     },
     "OpenSearchServiceDataSourceConfig":{
       "type":"structure",
@@ -2507,11 +2896,11 @@
       "members":{
         "awsRegion":{
           "shape":"String",
-          "documentation":"<p>Amazon Web Services Region for RDS HTTP endpoint.</p>"
+          "documentation":"<p>Amazon Web Services Region for Amazon RDS HTTP endpoint.</p>"
         },
         "dbClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>Amazon RDS cluster ARN.</p>"
+          "documentation":"<p>Amazon RDS cluster Amazon Resource Name (ARN).</p>"
         },
         "databaseName":{
           "shape":"String",
@@ -2523,17 +2912,17 @@
         },
         "awsSecretStoreArn":{
           "shape":"String",
-          "documentation":"<p>Amazon Web Services secret store ARN for database credentials.</p>"
+          "documentation":"<p>Amazon Web Services secret store Amazon Resource Name (ARN) for database credentials.</p>"
         }
       },
-      "documentation":"<p>The Amazon RDS HTTP endpoint configuration.</p>"
+      "documentation":"<p>The Amazon Relational Database Service (Amazon RDS) HTTP endpoint configuration.</p>"
     },
     "RelationalDatabaseDataSourceConfig":{
       "type":"structure",
       "members":{
         "relationalDatabaseSourceType":{
           "shape":"RelationalDatabaseSourceType",
-          "documentation":"<p>Source type for the relational database.</p> <ul> <li> <p> <b>RDS_HTTP_ENDPOINT</b>: The relational database source type is an Amazon RDS HTTP endpoint.</p> </li> </ul>"
+          "documentation":"<p>Source type for the relational database.</p> <ul> <li> <p> <b>RDS_HTTP_ENDPOINT</b>: The relational database source type is an Amazon Relational Database Service (Amazon RDS) HTTP endpoint.</p> </li> </ul>"
         },
         "rdsHttpEndpointConfig":{
           "shape":"RdsHttpEndpointConfig",
@@ -2563,7 +2952,7 @@
         },
         "resolverArn":{
           "shape":"String",
-          "documentation":"<p>The resolver ARN.</p>"
+          "documentation":"<p>The resolver Amazon Resource Name (ARN).</p>"
         },
         "requestMappingTemplate":{
           "shape":"MappingTemplate",
@@ -2575,7 +2964,7 @@
         },
         "kind":{
           "shape":"ResolverKind",
-          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. A UNIT resolver enables you to execute a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. A PIPELINE resolver enables you to execute a series of <code>Function</code> in a serial manner. You can use a pipeline resolver to execute a GraphQL query against multiple data sources.</p> </li> </ul>"
+          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of <code>Function</code> objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources.</p> </li> </ul>"
         },
         "pipelineConfig":{
           "shape":"PipelineConfig",
@@ -2583,11 +2972,15 @@
         },
         "syncConfig":{
           "shape":"SyncConfig",
-          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned datasource.</p>"
+          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned data source.</p>"
         },
         "cachingConfig":{
           "shape":"CachingConfig",
           "documentation":"<p>The caching configuration for the resolver.</p>"
+        },
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
         }
       },
       "documentation":"<p>Describes a resolver.</p>"
@@ -2660,18 +3053,18 @@
       "members":{
         "conflictHandler":{
           "shape":"ConflictHandlerType",
-          "documentation":"<p>The Conflict Resolution strategy to perform in the event of a conflict.</p> <ul> <li> <p> <b>OPTIMISTIC_CONCURRENCY</b>: Resolve conflicts by rejecting mutations when versions do not match the latest version at the server.</p> </li> <li> <p> <b>AUTOMERGE</b>: Resolve conflicts with the Automerge conflict resolution strategy.</p> </li> <li> <p> <b>LAMBDA</b>: Resolve conflicts with a Lambda function supplied in the LambdaConflictHandlerConfig.</p> </li> </ul>"
+          "documentation":"<p>The Conflict Resolution strategy to perform in the event of a conflict.</p> <ul> <li> <p> <b>OPTIMISTIC_CONCURRENCY</b>: Resolve conflicts by rejecting mutations when versions don't match the latest version at the server.</p> </li> <li> <p> <b>AUTOMERGE</b>: Resolve conflicts with the Automerge conflict resolution strategy.</p> </li> <li> <p> <b>LAMBDA</b>: Resolve conflicts with an Lambda function supplied in the <code>LambdaConflictHandlerConfig</code>.</p> </li> </ul>"
         },
         "conflictDetection":{
           "shape":"ConflictDetectionType",
-          "documentation":"<p>The Conflict Detection strategy to use.</p> <ul> <li> <p> <b>VERSION</b>: Detect conflicts based on object versions for this resolver.</p> </li> <li> <p> <b>NONE</b>: Do not detect conflicts when executing this resolver.</p> </li> </ul>"
+          "documentation":"<p>The Conflict Detection strategy to use.</p> <ul> <li> <p> <b>VERSION</b>: Detect conflicts based on object versions for this resolver.</p> </li> <li> <p> <b>NONE</b>: Do not detect conflicts when invoking this resolver.</p> </li> </ul>"
         },
         "lambdaConflictHandlerConfig":{
           "shape":"LambdaConflictHandlerConfig",
-          "documentation":"<p>The <code>LambdaConflictHandlerConfig</code> when configuring LAMBDA as the Conflict Handler.</p>"
+          "documentation":"<p>The <code>LambdaConflictHandlerConfig</code> when configuring <code>LAMBDA</code> as the Conflict Handler.</p>"
         }
       },
-      "documentation":"<p>Describes a Sync configuration for a resolver.</p> <p>Contains information on which Conflict Detection as well as Resolution strategy should be performed when the resolver is invoked.</p>"
+      "documentation":"<p>Describes a Sync configuration for a resolver.</p> <p>Specifies which Conflict Detection strategy and Resolution strategy to use when the resolver is invoked.</p>"
     },
     "TTL":{
       "type":"integer",
@@ -2708,7 +3101,7 @@
       "members":{
         "resourceArn":{
           "shape":"ResourceArn",
-          "documentation":"<p>The <code>GraphqlApi</code> ARN.</p>",
+          "documentation":"<p>The <code>GraphqlApi</code> Amazon Resource Name (ARN).</p>",
           "location":"uri",
           "locationName":"resourceArn"
         },
@@ -2726,7 +3119,8 @@
     "TagValue":{
       "type":"string",
       "documentation":"<p>The value for the tag.</p>",
-      "max":256
+      "max":256,
+      "pattern":"^[\\s\\w+-=\\.:/@]*$"
     },
     "Type":{
       "type":"structure",
@@ -2741,7 +3135,7 @@
         },
         "arn":{
           "shape":"String",
-          "documentation":"<p>The type ARN.</p>"
+          "documentation":"<p>The type Amazon Resource Name (ARN).</p>"
         },
         "definition":{
           "shape":"String",
@@ -2770,7 +3164,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>You are not authorized to perform this operation.</p>",
+      "documentation":"<p>You aren't authorized to perform this operation.</p>",
       "error":{"httpStatusCode":401},
       "exception":true
     },
@@ -2783,7 +3177,7 @@
       "members":{
         "resourceArn":{
           "shape":"ResourceArn",
-          "documentation":"<p>The <code>GraphqlApi</code> ARN.</p>",
+          "documentation":"<p>The <code>GraphqlApi</code> Amazon Resource Name (ARN).</p>",
           "location":"uri",
           "locationName":"resourceArn"
         },
@@ -2811,13 +3205,13 @@
       "members":{
         "apiId":{
           "shape":"String",
-          "documentation":"<p>The GraphQL API Id.</p>",
+          "documentation":"<p>The GraphQL API ID.</p>",
           "location":"uri",
           "locationName":"apiId"
         },
         "ttl":{
           "shape":"Long",
-          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are between 1 and 3600 seconds.</p>"
+          "documentation":"<p>TTL in seconds for cache entries.</p> <p>Valid values are 1–3,600 seconds.</p>"
         },
         "apiCachingBehavior":{
           "shape":"ApiCachingBehavior",
@@ -2865,7 +3259,7 @@
         },
         "expires":{
           "shape":"Long",
-          "documentation":"<p>The time from update time after which the API key expires. The date is represented as seconds since the epoch. For more information, see .</p>"
+          "documentation":"<p>From the update time, the time after which the API key expires. The date is represented as seconds since the epoch. For more information, see .</p>"
         }
       }
     },
@@ -2908,7 +3302,7 @@
         },
         "serviceRoleArn":{
           "shape":"String",
-          "documentation":"<p>The new service role ARN for the data source.</p>"
+          "documentation":"<p>The new service role Amazon Resource Name (ARN) for the data source.</p>"
         },
         "dynamodbConfig":{
           "shape":"DynamodbDataSourceConfig",
@@ -2916,7 +3310,7 @@
         },
         "lambdaConfig":{
           "shape":"LambdaDataSourceConfig",
-          "documentation":"<p>The new Amazon Web Services Lambda configuration.</p>"
+          "documentation":"<p>The new Lambda configuration.</p>"
         },
         "elasticsearchConfig":{
           "shape":"ElasticsearchDataSourceConfig",
@@ -2945,6 +3339,31 @@
         }
       }
     },
+    "UpdateDomainNameRequest":{
+      "type":"structure",
+      "required":["domainName"],
+      "members":{
+        "domainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain name.</p>",
+          "location":"uri",
+          "locationName":"domainName"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the <code>DomainName</code>.</p>"
+        }
+      }
+    },
+    "UpdateDomainNameResponse":{
+      "type":"structure",
+      "members":{
+        "domainNameConfig":{
+          "shape":"DomainNameConfig",
+          "documentation":"<p>The configuration for the <code>DomainName</code>.</p>"
+        }
+      }
+    },
     "UpdateFunctionRequest":{
       "type":"structure",
       "required":[
@@ -2985,13 +3404,17 @@
         },
         "responseMappingTemplate":{
           "shape":"MappingTemplate",
-          "documentation":"<p>The <code>Function</code> request mapping template. </p>"
+          "documentation":"<p>The <code>Function</code> request mapping template.</p>"
         },
         "functionVersion":{
           "shape":"String",
-          "documentation":"<p>The <code>version</code> of the request mapping template. Currently the supported value is 2018-05-29. </p>"
+          "documentation":"<p>The <code>version</code> of the request mapping template. Currently, the supported value is 2018-05-29.</p>"
         },
-        "syncConfig":{"shape":"SyncConfig"}
+        "syncConfig":{"shape":"SyncConfig"},
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
+        }
       }
     },
     "UpdateFunctionResponse":{
@@ -3030,7 +3453,7 @@
         },
         "userPoolConfig":{
           "shape":"UserPoolConfig",
-          "documentation":"<p>The new Amazon Cognito user pool configuration for the <code>GraphqlApi</code> object.</p>"
+          "documentation":"<p>The new Amazon Cognito user pool configuration for the <code>~GraphqlApi</code> object.</p>"
         },
         "openIDConnectConfig":{
           "shape":"OpenIDConnectConfig",
@@ -3042,11 +3465,11 @@
         },
         "xrayEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>A flag indicating whether to enable X-Ray tracing for the <code>GraphqlApi</code>.</p>"
+          "documentation":"<p>A flag indicating whether to use X-Ray tracing for the <code>GraphqlApi</code>.</p>"
         },
         "lambdaAuthorizerConfig":{
           "shape":"LambdaAuthorizerConfig",
-          "documentation":"<p>Configuration for Amazon Web Services Lambda function authorization.</p>"
+          "documentation":"<p>Configuration for Lambda function authorization.</p>"
         }
       }
     },
@@ -3091,7 +3514,7 @@
         },
         "requestMappingTemplate":{
           "shape":"MappingTemplate",
-          "documentation":"<p>The new request mapping template.</p> <p>A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).</p> <p>VTL request mapping templates are optional when using a Lambda data source. For all other data sources, VTL request and response mapping templates are required.</p>"
+          "documentation":"<p>The new request mapping template.</p> <p>A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).</p> <p>VTL request mapping templates are optional when using an Lambda data source. For all other data sources, VTL request and response mapping templates are required.</p>"
         },
         "responseMappingTemplate":{
           "shape":"MappingTemplate",
@@ -3099,7 +3522,7 @@
         },
         "kind":{
           "shape":"ResolverKind",
-          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. A UNIT resolver enables you to execute a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. A PIPELINE resolver enables you to execute a series of <code>Function</code> in a serial manner. You can use a pipeline resolver to execute a GraphQL query against multiple data sources.</p> </li> </ul>"
+          "documentation":"<p>The resolver type.</p> <ul> <li> <p> <b>UNIT</b>: A UNIT resolver type. A UNIT resolver is the default resolver type. You can use a UNIT resolver to run a GraphQL query against a single data source.</p> </li> <li> <p> <b>PIPELINE</b>: A PIPELINE resolver type. You can use a PIPELINE resolver to invoke a series of <code>Function</code> objects in a serial manner. You can use a pipeline resolver to run a GraphQL query against multiple data sources.</p> </li> </ul>"
         },
         "pipelineConfig":{
           "shape":"PipelineConfig",
@@ -3107,11 +3530,15 @@
         },
         "syncConfig":{
           "shape":"SyncConfig",
-          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned datasource.</p>"
+          "documentation":"<p>The <code>SyncConfig</code> for a resolver attached to a versioned data source.</p>"
         },
         "cachingConfig":{
           "shape":"CachingConfig",
           "documentation":"<p>The caching configuration for the resolver.</p>"
+        },
+        "maxBatchSize":{
+          "shape":"MaxBatchSize",
+          "documentation":"<p>The maximum batching size for a resolver.</p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/athena/2017-05-18/service-2.json b/contrib/python/botocore/py3/botocore/data/athena/2017-05-18/service-2.json
index 39d03c9dc00..8e5b3fc347e 100644
--- a/contrib/python/botocore/py3/botocore/data/athena/2017-05-18/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/athena/2017-05-18/service-2.json
@@ -240,7 +240,7 @@
         {"shape":"InternalServerException"},
         {"shape":"InvalidRequestException"}
       ],
-      "documentation":"<p>Streams the results of a single query execution specified by <code>QueryExecutionId</code> from the Athena query results location in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/querying.html\">Query Results</a> in the <i>Amazon Athena User Guide</i>. This request does not execute the query but returns results. Use <a>StartQueryExecution</a> to run a query.</p> <p>To stream query results successfully, the IAM principal with permission to call <code>GetQueryResults</code> also must have permissions to the Amazon S3 <code>GetObject</code> action for the Athena query results location.</p> <important> <p>IAM principals with permission to the Amazon S3 <code>GetObject</code> action for the query results location are able to retrieve query results from Amazon S3 even if permission to the <code>GetQueryResults</code> action is denied. To restrict user or role access, ensure that Amazon S3 permissions to the Athena query location are denied.</p> </important>"
+      "documentation":"<p>Streams the results of a single query execution specified by <code>QueryExecutionId</code> from the Athena query results location in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/querying.html\">Query Results</a> in the <i>Amazon Athena User Guide</i>. This request does not execute the query but returns results. Use <a>StartQueryExecution</a> to run a query.</p> <p>If the original query execution ran using an <a>ResultConfiguration$ExpectedBucketOwner</a> setting, the setting also applies to Amazon S3 read operations when <code>GetQueryResults</code> is called. If an expected bucket owner has been specified and the query results are in an Amazon S3 bucket whose owner account ID is different from the expected bucket owner, the <code>GetQueryResults</code> call fails with an Amazon S3 permissions error.</p> <p>To stream query results successfully, the IAM principal with permission to call <code>GetQueryResults</code> also must have permissions to the Amazon S3 <code>GetObject</code> action for the Athena query results location.</p> <important> <p>IAM principals with permission to the Amazon S3 <code>GetObject</code> action for the query results location are able to retrieve query results from Amazon S3 even if permission to the <code>GetQueryResults</code> action is denied. To restrict user or role access, ensure that Amazon S3 permissions to the Athena query location are denied.</p> </important>"
     },
     "GetTableMetadata":{
       "name":"GetTableMetadata",
@@ -511,6 +511,16 @@
       "max":1011,
       "min":1
     },
+    "AthenaError":{
+      "type":"structure",
+      "members":{
+        "ErrorCategory":{
+          "shape":"ErrorCategory",
+          "documentation":"<p>An integer value that specifies the category of a query failure error. The following list shows the category for each integer value.</p> <p> <b>1</b> - System</p> <p> <b>2</b> - User</p> <p> <b>3</b> - Unknown</p>"
+        }
+      },
+      "documentation":"<p>Provides information about an Athena query error. The <code>AthenaError</code> feature provides standardized error information to help you understand failed queries and take steps after a query failure occurs. <code>AthenaError</code> includes an <code>ErrorCategory</code> field that specifies whether the cause of the failed query is due to system error, user error, or unknown error.</p>"
+    },
     "BatchGetNamedQueryInput":{
       "type":"structure",
       "required":["NamedQueryIds"],
@@ -669,7 +679,7 @@
       "members":{
         "Name":{
           "shape":"CatalogNameString",
-          "documentation":"<p>The name of the data catalog to create. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
+          "documentation":"<p>The name of the data catalog to create. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.</p>"
         },
         "Type":{
           "shape":"DataCatalogType",
@@ -805,7 +815,7 @@
       "members":{
         "Name":{
           "shape":"CatalogNameString",
-          "documentation":"<p>The name of the data catalog. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
+          "documentation":"<p>The name of the data catalog. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.</p>"
         },
         "Description":{
           "shape":"DescriptionString",
@@ -827,7 +837,7 @@
       "members":{
         "CatalogName":{
           "shape":"CatalogNameString",
-          "documentation":"<p>The name of the data catalog.</p>"
+          "documentation":"<p>The name of the data catalog. The catalog name is unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.</p>"
         },
         "Type":{
           "shape":"DataCatalogType",
@@ -1007,6 +1017,12 @@
       "max":10,
       "min":0
     },
+    "ErrorCategory":{
+      "type":"integer",
+      "box":true,
+      "max":3,
+      "min":1
+    },
     "ErrorCode":{
       "type":"string",
       "documentation":"<p>The error code returned when the query execution failed to process, or when the processing request for the named query failed.</p>",
@@ -1819,6 +1835,10 @@
         "CompletionDateTime":{
           "shape":"Date",
           "documentation":"<p>The date and time that the query completed.</p>"
+        },
+        "AthenaError":{
+          "shape":"AthenaError",
+          "documentation":"<p>Provides information about an Athena query error.</p>"
         }
       },
       "documentation":"<p>The completion date, current state, submission time, and state change reason (if applicable) for the query execution.</p>"
@@ -1847,6 +1867,10 @@
         "EncryptionConfiguration":{
           "shape":"EncryptionConfiguration",
           "documentation":"<p>If query results are encrypted in Amazon S3, indicates the encryption option used (for example, <code>SSE-KMS</code> or <code>CSE-KMS</code>) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "ExpectedBucketOwner":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by <a>ResultConfiguration$OutputLocation</a>. If set, Athena uses the value for <code>ExpectedBucketOwner</code> when it makes Amazon S3 calls to your specified output location. If the <code>ExpectedBucketOwner</code> Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.</p> <p>This is a client-side setting. If workgroup settings override client-side settings, then the query uses the <code>ExpectedBucketOwner</code> setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         }
       },
       "documentation":"<p>The location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. These are known as \"client-side settings\". If workgroup settings override client-side settings, then the query uses the workgroup settings.</p>"
@@ -1860,7 +1884,7 @@
         },
         "RemoveOutputLocation":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>OutputLocation</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>OutputLocation</code> in the workgroup's <code>ResultConfiguration</code> will be updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+          "documentation":"<p>If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>OutputLocation</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>OutputLocation</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         },
         "EncryptionConfiguration":{
           "shape":"EncryptionConfiguration",
@@ -1868,7 +1892,15 @@
         },
         "RemoveEncryptionConfiguration":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>EncryptionConfiguration</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>EncryptionConfiguration</code> in the workgroup's <code>ResultConfiguration</code> will be updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+          "documentation":"<p>If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the <code>EncryptionConfiguration</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>EncryptionConfiguration</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "ExpectedBucketOwner":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID that you expect to be the owner of the Amazon S3 bucket specified by <a>ResultConfiguration$OutputLocation</a>. If set, Athena uses the value for <code>ExpectedBucketOwner</code> when it makes Amazon S3 calls to your specified output location. If the <code>ExpectedBucketOwner</code> Amazon Web Services account ID does not match the actual owner of the Amazon S3 bucket, the call fails with a permissions error.</p> <p>If workgroup settings override client-side settings, then the query uses the <code>ExpectedBucketOwner</code> setting that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See <a>WorkGroupConfiguration$EnforceWorkGroupConfiguration</a> and <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
+        },
+        "RemoveExpectedBucketOwner":{
+          "shape":"BoxedBoolean",
+          "documentation":"<p>If set to \"true\", removes the Amazon Web Services account ID previously specified for <a>ResultConfiguration$ExpectedBucketOwner</a>. If set to \"false\" or not set, and a value is present in the <code>ExpectedBucketOwner</code> in <code>ResultConfigurationUpdates</code> (the client-side setting), the <code>ExpectedBucketOwner</code> in the workgroup's <code>ResultConfiguration</code> is updated with the new value. For more information, see <a href=\"https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html\">Workgroup Settings Override Client-Side Settings</a>.</p>"
         }
       },
       "documentation":"<p>The information about the updates in the query results, such as output location and encryption configuration for the query results.</p>"
@@ -2176,7 +2208,7 @@
       "members":{
         "Name":{
           "shape":"CatalogNameString",
-          "documentation":"<p>The name of the data catalog to update. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 128 alphanumeric, underscore, at sign, or hyphen characters.</p>"
+          "documentation":"<p>The name of the data catalog to update. The catalog name must be unique for the Amazon Web Services account and can use a maximum of 127 alphanumeric, underscore, at sign, or hyphen characters. The remainder of the length constraint of 256 is reserved for use by Athena.</p>"
         },
         "Type":{
           "shape":"DataCatalogType",
diff --git a/contrib/python/botocore/py3/botocore/data/auditmanager/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/auditmanager/2017-07-25/service-2.json
index b7d83c1be8b..a867ca6eee1 100644
--- a/contrib/python/botocore/py3/botocore/data/auditmanager/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/auditmanager/2017-07-25/service-2.json
@@ -327,7 +327,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p> Returns an assessment from Audit Manager. </p>"
+      "documentation":"<p>Returns an assessment from Audit Manager. </p>"
     },
     "GetAssessmentFramework":{
       "name":"GetAssessmentFramework",
@@ -343,7 +343,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p> Returns a framework from Audit Manager. </p>"
+      "documentation":"<p>Returns a framework from Audit Manager. </p>"
     },
     "GetAssessmentReportUrl":{
       "name":"GetAssessmentReportUrl",
@@ -488,6 +488,36 @@
       ],
       "documentation":"<p> Returns a list of evidence folders that are associated with a specified control of an assessment in Audit Manager. </p>"
     },
+    "GetInsights":{
+      "name":"GetInsights",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights"
+      },
+      "input":{"shape":"GetInsightsRequest"},
+      "output":{"shape":"GetInsightsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets the latest analytics data for all your current active assessments. </p>"
+    },
+    "GetInsightsByAssessment":{
+      "name":"GetInsightsByAssessment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights/assessments/{assessmentId}"
+      },
+      "input":{"shape":"GetInsightsByAssessmentRequest"},
+      "output":{"shape":"GetInsightsByAssessmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets the latest analytics data for a specific active assessment. </p>"
+    },
     "GetOrganizationAdminAccount":{
       "name":"GetOrganizationAdminAccount",
       "http":{
@@ -533,6 +563,22 @@
       ],
       "documentation":"<p> Returns the settings for the specified Amazon Web Services account. </p>"
     },
+    "ListAssessmentControlInsightsByControlDomain":{
+      "name":"ListAssessmentControlInsightsByControlDomain",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights/controls-by-assessment"
+      },
+      "input":{"shape":"ListAssessmentControlInsightsByControlDomainRequest"},
+      "output":{"shape":"ListAssessmentControlInsightsByControlDomainResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists the latest analytics data for controls within a specific control domain and a specific active assessment.</p> <note> <p>Control insights are listed only if the control belongs to the control domain and assessment that was specified. Moreover, the control must have collected evidence on the <code>lastUpdated</code> date of <code>controlInsightsByAssessment</code>. If neither of these conditions are met, no data is listed for that control. </p> </note>"
+    },
     "ListAssessmentFrameworkShareRequests":{
       "name":"ListAssessmentFrameworkShareRequests",
       "http":{
@@ -593,6 +639,54 @@
       ],
       "documentation":"<p> Returns a list of current and past assessments from Audit Manager. </p>"
     },
+    "ListControlDomainInsights":{
+      "name":"ListControlDomainInsights",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights/control-domains"
+      },
+      "input":{"shape":"ListControlDomainInsightsRequest"},
+      "output":{"shape":"ListControlDomainInsightsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists the latest analytics data for control domains across all of your active assessments. </p> <note> <p>A control domain is listed only if at least one of the controls within that domain collected evidence on the <code>lastUpdated</code> date of <code>controlDomainInsights</code>. If this condition isn’t met, no data is listed for that control domain.</p> </note>"
+    },
+    "ListControlDomainInsightsByAssessment":{
+      "name":"ListControlDomainInsightsByAssessment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights/control-domains-by-assessment"
+      },
+      "input":{"shape":"ListControlDomainInsightsByAssessmentRequest"},
+      "output":{"shape":"ListControlDomainInsightsByAssessmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists analytics data for control domains within a specified active assessment.</p> <note> <p>A control domain is listed only if at least one of the controls within that domain collected evidence on the <code>lastUpdated</code> date of <code>controlDomainInsights</code>. If this condition isn’t met, no data is listed for that domain.</p> </note>"
+    },
+    "ListControlInsightsByControlDomain":{
+      "name":"ListControlInsightsByControlDomain",
+      "http":{
+        "method":"GET",
+        "requestUri":"/insights/controls"
+      },
+      "input":{"shape":"ListControlInsightsByControlDomainRequest"},
+      "output":{"shape":"ListControlInsightsByControlDomainResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists the latest analytics data for controls within a specific control domain across all active assessments.</p> <note> <p>Control insights are listed only if the control belongs to the control domain that was specified and the control collected evidence on the <code>lastUpdated</code> date of <code>controlInsightsMetadata</code>. If neither of these conditions are met, no data is listed for that control. </p> </note>"
+    },
     "ListControls":{
       "name":"ListControls",
       "http":{
@@ -1973,6 +2067,96 @@
       "max":1000,
       "pattern":"^[\\w\\W\\s\\S]*$"
     },
+    "ControlDomainInsights":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the control domain. </p>"
+        },
+        "id":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the control domain. </p>"
+        },
+        "controlsCountByNoncompliantEvidence":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of controls in the control domain that collected non-compliant evidence on the <code>lastUpdated</code> date. </p>"
+        },
+        "totalControlsCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The total number of controls in the control domain. </p>"
+        },
+        "evidenceInsights":{
+          "shape":"EvidenceInsights",
+          "documentation":"<p>A breakdown of the compliance check status for the evidence that’s associated with the control domain. </p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the control domain insights were last updated. </p>"
+        }
+      },
+      "documentation":"<p>A summary of the latest analytics data for a specific control domain.</p> <p>Control domain insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.</p>"
+    },
+    "ControlDomainInsightsList":{
+      "type":"list",
+      "member":{"shape":"ControlDomainInsights"}
+    },
+    "ControlInsightsMetadata":{
+      "type":"list",
+      "member":{"shape":"ControlInsightsMetadataItem"}
+    },
+    "ControlInsightsMetadataByAssessment":{
+      "type":"list",
+      "member":{"shape":"ControlInsightsMetadataByAssessmentItem"}
+    },
+    "ControlInsightsMetadataByAssessmentItem":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the assessment control. </p>"
+        },
+        "id":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the assessment control. </p>"
+        },
+        "evidenceInsights":{
+          "shape":"EvidenceInsights",
+          "documentation":"<p>A breakdown of the compliance check status for the evidence that’s associated with the assessment control. </p>"
+        },
+        "controlSetName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the control set that the assessment control belongs to. </p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the assessment control insights were last updated. </p>"
+        }
+      },
+      "documentation":"<p>A summary of the latest analytics data for a specific control in a specific active assessment.</p> <p>Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence. </p>"
+    },
+    "ControlInsightsMetadataItem":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the control. </p>"
+        },
+        "id":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the control. </p>"
+        },
+        "evidenceInsights":{
+          "shape":"EvidenceInsights",
+          "documentation":"<p>A breakdown of the compliance check status for the evidence that’s associated with the control. </p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the control insights were last updated. </p>"
+        }
+      },
+      "documentation":"<p>A summary of the latest analytics data for a specific control. </p> <p>This data reflects the total counts for the specified control across all active assessments. Control insights are grouped by control domain, and ranked by the highest total count of non-compliant evidence.</p>"
+    },
     "ControlMappingSource":{
       "type":"structure",
       "members":{
@@ -2135,6 +2319,7 @@
     "ControlsCount":{"type":"integer"},
     "CreateAssessmentFrameworkControl":{
       "type":"structure",
+      "required":["id"],
       "members":{
         "id":{
           "shape":"UUID",
@@ -2514,7 +2699,7 @@
       "members":{
         "frameworkId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the framework. </p>",
+          "documentation":"<p> The identifier for the custom framework. </p>",
           "location":"uri",
           "locationName":"frameworkId"
         }
@@ -2560,7 +2745,7 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
@@ -2600,7 +2785,7 @@
       "members":{
         "controlId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the control. </p>",
+          "documentation":"<p> The unique identifier for the control. </p>",
           "location":"uri",
           "locationName":"controlId"
         }
@@ -2648,13 +2833,13 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "evidenceFolderId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the folder in which evidence is stored. </p>"
+          "documentation":"<p> The unique identifier for the folder that the evidence is stored in. </p>"
         }
       }
     },
@@ -2772,6 +2957,24 @@
       "max":50,
       "min":0
     },
+    "EvidenceInsights":{
+      "type":"structure",
+      "members":{
+        "noncompliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a <i>Fail</i> ruling, or collected from Config with a <i>Non-compliant</i> ruling. </p>"
+        },
+        "compliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a <i>Pass</i> ruling, or collected from Config with a <i>Compliant</i> ruling. </p>"
+        },
+        "inconclusiveEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of evidence that a compliance check ruling isn't available for. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail). </p> <note> <p>If evidence has a compliance check status of <i>not applicable</i> in the console, it's classified as <i>inconclusive</i> in <code>EvidenceInsights</code> data.</p> </note>"
+        }
+      },
+      "documentation":"<p>A breakdown of the latest compliance check status for the evidence in your Audit Manager assessments. </p>"
+    },
     "EvidenceList":{
       "type":"list",
       "member":{"shape":"Evidence"}
@@ -2943,13 +3146,13 @@
       "members":{
         "assessmentReportId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment report. </p>",
+          "documentation":"<p> The unique identifier for the assessment report. </p>",
           "location":"uri",
           "locationName":"assessmentReportId"
         },
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         }
@@ -2967,7 +3170,7 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p>The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         }
@@ -2986,19 +3189,19 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p>The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "controlSetId":{
           "shape":"ControlSetId",
-          "documentation":"<p> The identifier for the control set. </p>",
+          "documentation":"<p> The unique identifier for the control set. </p>",
           "location":"querystring",
           "locationName":"controlSetId"
         },
         "controlId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the control. </p>",
+          "documentation":"<p> The unique identifier for the control. </p>",
           "location":"querystring",
           "locationName":"controlId"
         },
@@ -3010,7 +3213,7 @@
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p> Represents the maximum number of results on a page or for an API request call. </p>",
+          "documentation":"<p>Represents the maximum number of results on a page or for an API request call. </p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -3021,11 +3224,11 @@
       "members":{
         "changeLogs":{
           "shape":"ChangeLogs",
-          "documentation":"<p> The list of user activity for the control. </p>"
+          "documentation":"<p>The list of user activity for the control. </p>"
         },
         "nextToken":{
           "shape":"Token",
-          "documentation":"<p> The pagination token that's used to fetch the next set of results. </p>"
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>"
         }
       }
     },
@@ -3143,19 +3346,19 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "controlSetId":{
           "shape":"ControlSetId",
-          "documentation":"<p> The identifier for the control set. </p>",
+          "documentation":"<p> The unique identifier for the control set. </p>",
           "location":"uri",
           "locationName":"controlSetId"
         },
         "evidenceFolderId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the folder that the evidence is stored in. </p>",
+          "documentation":"<p> The unique identifier for the folder that the evidence is stored in. </p>",
           "location":"uri",
           "locationName":"evidenceFolderId"
         }
@@ -3229,7 +3432,7 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
@@ -3271,25 +3474,25 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "controlSetId":{
           "shape":"ControlSetId",
-          "documentation":"<p> The identifier for the control set. </p>",
+          "documentation":"<p> The unique identifier for the control set. </p>",
           "location":"uri",
           "locationName":"controlSetId"
         },
         "evidenceFolderId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the folder that the evidence is stored in. </p>",
+          "documentation":"<p> The unique identifier for the folder that the evidence is stored in. </p>",
           "location":"uri",
           "locationName":"evidenceFolderId"
         },
         "evidenceId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the evidence. </p>",
+          "documentation":"<p> The unique identifier for the evidence. </p>",
           "location":"uri",
           "locationName":"evidenceId"
         }
@@ -3304,6 +3507,41 @@
         }
       }
     },
+    "GetInsightsByAssessmentRequest":{
+      "type":"structure",
+      "required":["assessmentId"],
+      "members":{
+        "assessmentId":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the assessment. </p>",
+          "location":"uri",
+          "locationName":"assessmentId"
+        }
+      }
+    },
+    "GetInsightsByAssessmentResponse":{
+      "type":"structure",
+      "members":{
+        "insights":{
+          "shape":"InsightsByAssessment",
+          "documentation":"<p> The assessment analytics data that the <code>GetInsightsByAssessment</code> API returned. </p>"
+        }
+      }
+    },
+    "GetInsightsRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetInsightsResponse":{
+      "type":"structure",
+      "members":{
+        "insights":{
+          "shape":"Insights",
+          "documentation":"<p>The analytics data that the <code>GetInsights</code> API returned. </p>"
+        }
+      }
+    },
     "GetOrganizationAdminAccountRequest":{
       "type":"structure",
       "members":{
@@ -3369,6 +3607,70 @@
       "min":20,
       "pattern":"^arn:.*:iam:.*"
     },
+    "Insights":{
+      "type":"structure",
+      "members":{
+        "activeAssessmentsCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of active assessments in Audit Manager. </p>"
+        },
+        "noncompliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as non-compliant on the <code>lastUpdated</code> date. This includes evidence that was collected from Security Hub with a <i>Fail</i> ruling, or collected from Config with a <i>Non-compliant</i> ruling. </p>"
+        },
+        "compliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as compliant on the <code>lastUpdated</code> date. This includes evidence that was collected from Security Hub with a <i>Pass</i> ruling, or collected from Config with a <i>Compliant</i> ruling. </p>"
+        },
+        "inconclusiveEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of evidence without a compliance check ruling. Evidence is inconclusive when the associated control uses Security Hub or Config as a data source but you didn't enable those services. This is also the case when a control uses a data source that doesn’t support compliance checks (for example: manual evidence, API calls, or CloudTrail). </p> <note> <p>If evidence has a compliance check status of <i>not applicable</i>, it's classed as <i>inconclusive</i> in <code>Insights</code> data.</p> </note>"
+        },
+        "assessmentControlsCountByNoncompliantEvidence":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of assessment controls that collected non-compliant evidence on the <code>lastUpdated</code> date. </p>"
+        },
+        "totalAssessmentControlsCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The total number of controls across all active assessments. </p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the cross-assessment insights were last updated. </p>"
+        }
+      },
+      "documentation":"<p>A summary of the latest analytics data for all your active assessments. </p> <p>This summary is a snapshot of the data that your active assessments collected on the <code>lastUpdated</code> date. It’s important to understand that the following totals are daily counts based on this date — they aren’t a total sum to date. </p> <p>The <code>Insights</code> data is eventually consistent. This means that, when you read data from <code>Insights</code>, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response should return the latest data.</p> <note> <p>If you delete an assessment or change its status to inactive, <code>InsightsByAssessment</code> includes data for that assessment as follows.</p> <ul> <li> <p> <b>Inactive assessments</b> - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the <code>InsightsByAssessment</code> counts for that day.</p> </li> <li> <p> <b>Deleted assessments</b> - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the <code>InsightsByAssessment</code> counts for that day.</p> </li> </ul> </note>"
+    },
+    "InsightsByAssessment":{
+      "type":"structure",
+      "members":{
+        "noncompliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as non-compliant. This includes evidence that was collected from Security Hub with a <i>Fail</i> ruling, or collected from Config with a <i>Non-compliant</i> ruling. </p>"
+        },
+        "compliantEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of compliance check evidence that Audit Manager classified as compliant. This includes evidence that was collected from Security Hub with a <i>Pass</i> ruling, or collected from Config with a <i>Compliant</i> ruling. </p>"
+        },
+        "inconclusiveEvidenceCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The amount of evidence without a compliance check ruling. Evidence is inconclusive if the associated control uses Security Hub or Config as a data source and you didn't enable those services. This is also the case if a control uses a data source that doesn’t support compliance checks (for example, manual evidence, API calls, or CloudTrail). </p> <note> <p>If evidence has a compliance check status of <i>not applicable</i>, it's classified as <i>inconclusive</i> in <code>InsightsByAssessment</code> data.</p> </note>"
+        },
+        "assessmentControlsCountByNoncompliantEvidence":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The number of assessment controls that collected non-compliant evidence on the <code>lastUpdated</code> date. </p>"
+        },
+        "totalAssessmentControlsCount":{
+          "shape":"NullableInteger",
+          "documentation":"<p>The total number of controls in the assessment. </p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the assessment insights were last updated.</p>"
+        }
+      },
+      "documentation":"<p>A summary of the latest analytics data for a specific active assessment.</p> <p>This summary is a snapshot of the data that was collected on the <code>lastUpdated</code> date. It’s important to understand that the totals in <code>InsightsByAssessment</code> are daily counts based on this date — they aren’t a total sum to date. </p> <p>The <code>InsightsByAssessment</code> data is eventually consistent. This means that when you read data from <code>InsightsByAssessment</code>, the response might not instantly reflect the results of a recently completed write or update operation. If you repeat your read request after a few hours, the response returns the latest data.</p> <note> <p>If you delete an assessment or change its status to inactive, <code>InsightsByAssessment</code> includes data for that assessment as follows.</p> <ul> <li> <p> <b>Inactive assessments</b> - If Audit Manager collected evidence for your assessment before you changed it inactive, that evidence is included in the <code>InsightsByAssessment</code> counts for that day.</p> </li> <li> <p> <b>Deleted assessments</b> - If Audit Manager collected evidence for your assessment before you deleted it, that evidence isn't included in the <code>InsightsByAssessment</code> counts for that day.</p> </li> </ul> </note>"
+    },
     "Integer":{"type":"integer"},
     "InternalServerException":{
       "type":"structure",
@@ -3407,6 +3709,52 @@
       "min":1,
       "pattern":"^[a-zA-Z0-9\\s-_()\\[\\]]+$"
     },
+    "ListAssessmentControlInsightsByControlDomainRequest":{
+      "type":"structure",
+      "required":[
+        "controlDomainId",
+        "assessmentId"
+      ],
+      "members":{
+        "controlDomainId":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the control domain. </p>",
+          "location":"querystring",
+          "locationName":"controlDomainId"
+        },
+        "assessmentId":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the active assessment. </p>",
+          "location":"querystring",
+          "locationName":"assessmentId"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Represents the maximum number of results on a page or for an API request call. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListAssessmentControlInsightsByControlDomainResponse":{
+      "type":"structure",
+      "members":{
+        "controlInsightsByAssessment":{
+          "shape":"ControlInsightsMetadataByAssessment",
+          "documentation":"<p>The assessment control analytics data that the <code>ListAssessmentControlInsightsByControlDomain</code> API returned. </p>"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>"
+        }
+      }
+    },
     "ListAssessmentFrameworkShareRequestsRequest":{
       "type":"structure",
       "required":["requestType"],
@@ -3518,6 +3866,12 @@
     "ListAssessmentsRequest":{
       "type":"structure",
       "members":{
+        "status":{
+          "shape":"AssessmentStatus",
+          "documentation":"<p> The current status of the assessment.</p>",
+          "location":"querystring",
+          "locationName":"status"
+        },
         "nextToken":{
           "shape":"Token",
           "documentation":"<p> The pagination token that's used to fetch the next set of results. </p>",
@@ -3545,6 +3899,110 @@
         }
       }
     },
+    "ListControlDomainInsightsByAssessmentRequest":{
+      "type":"structure",
+      "required":["assessmentId"],
+      "members":{
+        "assessmentId":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the active assessment. </p>",
+          "location":"querystring",
+          "locationName":"assessmentId"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Represents the maximum number of results on a page or for an API request call. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListControlDomainInsightsByAssessmentResponse":{
+      "type":"structure",
+      "members":{
+        "controlDomainInsights":{
+          "shape":"ControlDomainInsightsList",
+          "documentation":"<p>The control domain analytics data that the <code>ListControlDomainInsightsByAssessment</code> API returned. </p>"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>"
+        }
+      }
+    },
+    "ListControlDomainInsightsRequest":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Represents the maximum number of results on a page or for an API request call. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListControlDomainInsightsResponse":{
+      "type":"structure",
+      "members":{
+        "controlDomainInsights":{
+          "shape":"ControlDomainInsightsList",
+          "documentation":"<p>The control domain analytics data that the <code>ListControlDomainInsights</code> API returned. </p>"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>"
+        }
+      }
+    },
+    "ListControlInsightsByControlDomainRequest":{
+      "type":"structure",
+      "required":["controlDomainId"],
+      "members":{
+        "controlDomainId":{
+          "shape":"UUID",
+          "documentation":"<p>The unique identifier for the control domain. </p>",
+          "location":"querystring",
+          "locationName":"controlDomainId"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Represents the maximum number of results on a page or for an API request call. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListControlInsightsByControlDomainResponse":{
+      "type":"structure",
+      "members":{
+        "controlInsightsMetadata":{
+          "shape":"ControlInsightsMetadata",
+          "documentation":"<p>The control analytics data that the <code>ListControlInsightsByControlDomain</code> API returned. </p>"
+        },
+        "nextToken":{
+          "shape":"Token",
+          "documentation":"<p>The pagination token that's used to fetch the next set of results. </p>"
+        }
+      }
+    },
     "ListControlsRequest":{
       "type":"structure",
       "required":["controlType"],
@@ -4212,19 +4670,19 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "controlSetId":{
           "shape":"ControlSetId",
-          "documentation":"<p> The identifier for the control set. </p>",
+          "documentation":"<p> The unique identifier for the control set. </p>",
           "location":"uri",
           "locationName":"controlSetId"
         },
         "controlId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the control. </p>",
+          "documentation":"<p> The unique identifier for the control. </p>",
           "location":"uri",
           "locationName":"controlId"
         },
@@ -4258,13 +4716,13 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
         "controlSetId":{
           "shape":"String",
-          "documentation":"<p> The identifier for the control set. </p>",
+          "documentation":"<p> The unique identifier for the control set. </p>",
           "location":"uri",
           "locationName":"controlSetId"
         },
@@ -4289,7 +4747,10 @@
     },
     "UpdateAssessmentFrameworkControlSet":{
       "type":"structure",
-      "required":["name"],
+      "required":[
+        "name",
+        "controls"
+      ],
       "members":{
         "id":{
           "shape":"ControlSetName",
@@ -4308,7 +4769,8 @@
     },
     "UpdateAssessmentFrameworkControlSets":{
       "type":"list",
-      "member":{"shape":"UpdateAssessmentFrameworkControlSet"}
+      "member":{"shape":"UpdateAssessmentFrameworkControlSet"},
+      "min":1
     },
     "UpdateAssessmentFrameworkRequest":{
       "type":"structure",
@@ -4320,7 +4782,7 @@
       "members":{
         "frameworkId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the framework. </p>",
+          "documentation":"<p> The unique identifier for the framework. </p>",
           "location":"uri",
           "locationName":"frameworkId"
         },
@@ -4393,7 +4855,7 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
@@ -4437,7 +4899,7 @@
       "members":{
         "assessmentId":{
           "shape":"UUID",
-          "documentation":"<p> The identifier for the assessment. </p>",
+          "documentation":"<p> The unique identifier for the assessment. </p>",
           "location":"uri",
           "locationName":"assessmentId"
         },
diff --git a/contrib/python/botocore/py3/botocore/data/autoscaling/2011-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/autoscaling/2011-01-01/service-2.json
index 72a5bdb0155..df94cd899bc 100644
--- a/contrib/python/botocore/py3/botocore/data/autoscaling/2011-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/autoscaling/2011-01-01/service-2.json
@@ -39,7 +39,7 @@
         {"shape":"ResourceContentionFault"},
         {"shape":"ServiceLinkedRoleFailure"}
       ],
-      "documentation":"<p>Attaches one or more target groups to the specified Auto Scaling group.</p> <p>This operation is used with the following load balancer types: </p> <ul> <li> <p> Application Load Balancer - Operates at the application layer (layer 7) and supports HTTP and HTTPS. </p> </li> <li> <p> Network Load Balancer - Operates at the transport layer (layer 4) and supports TCP, TLS, and UDP. </p> </li> <li> <p> Gateway Load Balancer - Operates at the network layer (layer 3).</p> </li> </ul> <p>To describe the target groups for an Auto Scaling group, call the <a>DescribeLoadBalancerTargetGroups</a> API. To detach the target group from the Auto Scaling group, call the <a>DetachLoadBalancerTargetGroups</a> API.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html\">Elastic Load Balancing and Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
+      "documentation":"<p>Attaches one or more target groups to the specified Auto Scaling group.</p> <p>This operation is used with the following load balancer types: </p> <ul> <li> <p> Application Load Balancer - Operates at the application layer (layer 7) and supports HTTP and HTTPS. </p> </li> <li> <p> Network Load Balancer - Operates at the transport layer (layer 4) and supports TCP, TLS, and UDP. </p> </li> <li> <p> Gateway Load Balancer - Operates at the network layer (layer 3).</p> </li> </ul> <p>To describe the target groups for an Auto Scaling group, call the <a>DescribeLoadBalancerTargetGroups</a> API. To detach the target group from the Auto Scaling group, call the <a>DetachLoadBalancerTargetGroups</a> API.</p> <p>This operation is additive and does not detach existing target groups or Classic Load Balancers from the Auto Scaling group.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html\">Elastic Load Balancing and Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
     },
     "AttachLoadBalancers":{
       "name":"AttachLoadBalancers",
@@ -56,7 +56,7 @@
         {"shape":"ResourceContentionFault"},
         {"shape":"ServiceLinkedRoleFailure"}
       ],
-      "documentation":"<note> <p>To attach an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer, use the <a>AttachLoadBalancerTargetGroups</a> API operation instead.</p> </note> <p>Attaches one or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2 Auto Scaling registers the running instances with these Classic Load Balancers.</p> <p>To describe the load balancers for an Auto Scaling group, call the <a>DescribeLoadBalancers</a> API. To detach the load balancer from the Auto Scaling group, call the <a>DetachLoadBalancers</a> API.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html\">Elastic Load Balancing and Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
+      "documentation":"<note> <p>To attach an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer, use the <a>AttachLoadBalancerTargetGroups</a> API operation instead.</p> </note> <p>Attaches one or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2 Auto Scaling registers the running instances with these Classic Load Balancers.</p> <p>To describe the load balancers for an Auto Scaling group, call the <a>DescribeLoadBalancers</a> API. To detach the load balancer from the Auto Scaling group, call the <a>DetachLoadBalancers</a> API.</p> <p>This operation is additive and does not detach existing Classic Load Balancers or target groups from the Auto Scaling group.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html\">Elastic Load Balancing and Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
     },
     "BatchDeleteScheduledAction":{
       "name":"BatchDeleteScheduledAction",
@@ -124,7 +124,7 @@
       "errors":[
         {"shape":"ResourceContentionFault"}
       ],
-      "documentation":"<p>Completes the lifecycle action for the specified token or instance with the specified result.</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows CloudWatch Events to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</p> </li> <li> <p>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.</p> </li> <li> <p> <b>If you finish before the timeout period ends, complete the lifecycle action.</b> </p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+      "documentation":"<p>Completes the lifecycle action for the specified token or instance with the specified result.</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows Amazon EventBridge to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</p> </li> <li> <p>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.</p> </li> <li> <p> <b>If you finish before the timeout period ends, send a callback by using the <a>CompleteLifecycleAction</a> API call.</b> </p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
     "CreateAutoScalingGroup":{
       "name":"CreateAutoScalingGroup",
@@ -757,7 +757,7 @@
         {"shape":"LimitExceededFault"},
         {"shape":"ResourceContentionFault"}
       ],
-      "documentation":"<p>Creates or updates a lifecycle hook for the specified Auto Scaling group.</p> <p>A lifecycle hook tells Amazon EC2 Auto Scaling to perform an action on an instance when the instance launches (before it is put into service) or as the instance terminates (before it is fully terminated).</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows CloudWatch Events to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p> <b>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</b> </p> </li> <li> <p>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state using the <a>RecordLifecycleActionHeartbeat</a> API call.</p> </li> <li> <p>If you finish before the timeout period ends, complete the lifecycle action using the <a>CompleteLifecycleAction</a> API call.</p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>If you exceed your maximum limit of lifecycle hooks, which by default is 50 per Auto Scaling group, the call fails.</p> <p>You can view the lifecycle hooks for an Auto Scaling group using the <a>DescribeLifecycleHooks</a> API call. If you are no longer using a lifecycle hook, you can delete it by calling the <a>DeleteLifecycleHook</a> API.</p>"
+      "documentation":"<p>Creates or updates a lifecycle hook for the specified Auto Scaling group.</p> <p>A lifecycle hook enables an Auto Scaling group to be aware of events in the Auto Scaling instance lifecycle, and then perform a custom action when the corresponding lifecycle event occurs.</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows Amazon EventBridge to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p> <b>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</b> </p> </li> <li> <p>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state using the <a>RecordLifecycleActionHeartbeat</a> API call.</p> </li> <li> <p>If you finish before the timeout period ends, send a callback by using the <a>CompleteLifecycleAction</a> API call.</p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>If you exceed your maximum limit of lifecycle hooks, which by default is 50 per Auto Scaling group, the call fails.</p> <p>You can view the lifecycle hooks for an Auto Scaling group using the <a>DescribeLifecycleHooks</a> API call. If you are no longer using a lifecycle hook, you can delete it by calling the <a>DeleteLifecycleHook</a> API.</p>"
     },
     "PutNotificationConfiguration":{
       "name":"PutNotificationConfiguration",
@@ -836,7 +836,7 @@
       "errors":[
         {"shape":"ResourceContentionFault"}
       ],
-      "documentation":"<p>Records a heartbeat for the lifecycle action associated with the specified token or instance. This extends the timeout by the length of time defined using the <a>PutLifecycleHook</a> API call.</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows CloudWatch Events to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</p> </li> <li> <p> <b>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.</b> </p> </li> <li> <p>If you finish before the timeout period ends, complete the lifecycle action.</p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+      "documentation":"<p>Records a heartbeat for the lifecycle action associated with the specified token or instance. This extends the timeout by the length of time defined using the <a>PutLifecycleHook</a> API call.</p> <p>This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows Amazon EventBridge to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</p> </li> <li> <p> <b>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.</b> </p> </li> <li> <p>If you finish before the timeout period ends, send a callback by using the <a>CompleteLifecycleAction</a> API call.</p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
     "ResumeProcesses":{
       "name":"ResumeProcesses",
@@ -891,7 +891,7 @@
         {"shape":"LimitExceededFault"},
         {"shape":"ResourceContentionFault"}
       ],
-      "documentation":"<p>Updates the instance protection settings of the specified instances. This operation cannot be called on instances in a warm pool.</p> <p>For more information about preventing instances that are part of an Auto Scaling group from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling group, the call fails.</p>"
+      "documentation":"<p>Updates the instance protection settings of the specified instances. This operation cannot be called on instances in a warm pool.</p> <p>For more information about preventing instances that are part of an Auto Scaling group from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html\">Using instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling group, the call fails.</p>"
     },
     "StartInstanceRefresh":{
       "name":"StartInstanceRefresh",
@@ -1315,7 +1315,7 @@
         },
         "HealthCheckGracePeriod":{
           "shape":"HealthCheckGracePeriod",
-          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service.</p>"
+          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check.</p>"
         },
         "Instances":{
           "shape":"Instances",
@@ -1678,7 +1678,7 @@
       "members":{
         "Timestamps":{
           "shape":"PredictiveScalingForecastTimestamps",
-          "documentation":"<p>The time stamps for the data points, in UTC format.</p>"
+          "documentation":"<p>The timestamps for the data points, in UTC format.</p>"
         },
         "Values":{
           "shape":"PredictiveScalingForecastValues",
@@ -1772,7 +1772,7 @@
         },
         "MixedInstancesPolicy":{
           "shape":"MixedInstancesPolicy",
-          "documentation":"<p>An embedded object that specifies a mixed instances policy.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-purchase-options.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>An embedded object that specifies a mixed instances policy.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "InstanceId":{
           "shape":"XmlStringMaxLen19",
@@ -1812,7 +1812,7 @@
         },
         "HealthCheckGracePeriod":{
           "shape":"HealthCheckGracePeriod",
-          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service. During this time, any health check failures for the instance are ignored. The default value is <code>0</code>. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html#health-check-grace-period\">Health check grace period</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>Conditional: Required if you are adding an <code>ELB</code> health check.</p>"
+          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. The default value is <code>0</code>. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html#health-check-grace-period\">Health check grace period</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>Conditional: Required if you are adding an <code>ELB</code> health check.</p>"
         },
         "PlacementGroup":{
           "shape":"XmlStringMaxLen255",
@@ -1828,11 +1828,11 @@
         },
         "NewInstancesProtectedFromScaleIn":{
           "shape":"InstanceProtected",
-          "documentation":"<p>Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html\">Using instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "CapacityRebalance":{
           "shape":"CapacityRebalanceEnabled",
-          "documentation":"<p>Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/capacity-rebalance.html\">Amazon EC2 Auto Scaling Capacity Rebalancing</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>Indicates whether Capacity Rebalancing is enabled. Otherwise, Capacity Rebalancing is disabled. When you turn on Capacity Rebalancing, Amazon EC2 Auto Scaling attempts to launch a Spot Instance whenever Amazon EC2 notifies that a Spot Instance is at an elevated risk of interruption. After launching a new instance, it then terminates an old instance. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html\">Amazon EC2 Auto Scaling Capacity Rebalancing</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "LifecycleHookSpecificationList":{
           "shape":"LifecycleHookSpecifications",
@@ -1962,7 +1962,7 @@
       "members":{
         "MetricName":{
           "shape":"MetricName",
-          "documentation":"<p>The name of the metric.</p>"
+          "documentation":"<p>The name of the metric. To get the exact metric name, namespace, and dimensions, inspect the <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html\">Metric</a> object that is returned by a call to <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html\">ListMetrics</a>.</p>"
         },
         "Namespace":{
           "shape":"MetricNamespace",
@@ -1978,10 +1978,10 @@
         },
         "Unit":{
           "shape":"MetricUnit",
-          "documentation":"<p>The unit of the metric.</p>"
+          "documentation":"<p>The unit of the metric. For a complete list of the units that CloudWatch supports, see the <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html\">MetricDatum</a> data type in the <i>Amazon CloudWatch API Reference</i>.</p>"
         }
       },
-      "documentation":"<p>Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Amazon EC2 Auto Scaling.</p> <p>To create your customized metric specification:</p> <ul> <li> <p>Add values for each required parameter from CloudWatch. You can use an existing metric, or a new metric that you create. To use your own metric, you must first publish the metric to CloudWatch. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html\">Publish Custom Metrics</a> in the <i>Amazon CloudWatch User Guide</i>.</p> </li> <li> <p>Choose a metric that changes proportionally with capacity. The value of the metric should increase or decrease in inverse proportion to the number of capacity units. That is, the value of the metric should decrease when capacity increases.</p> </li> </ul> <p>For more information about CloudWatch, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html\">Amazon CloudWatch Concepts</a>.</p>"
+      "documentation":"<p>Represents a CloudWatch metric of your choosing for a target tracking scaling policy to use with Amazon EC2 Auto Scaling.</p> <p>To create your customized metric specification:</p> <ul> <li> <p>Add values for each required parameter from CloudWatch. You can use an existing metric, or a new metric that you create. To use your own metric, you must first publish the metric to CloudWatch. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html\">Publish custom metrics</a> in the <i>Amazon CloudWatch User Guide</i>.</p> </li> <li> <p>Choose a metric that changes proportionally with capacity. The value of the metric should increase or decrease in inverse proportion to the number of capacity units. That is, the value of the metric should decrease when capacity increases.</p> </li> </ul> <p>For more information about the CloudWatch terminology below, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html\">Amazon CloudWatch concepts</a>.</p> <note> <p>Each individual service provides information about the metrics, namespace, and dimensions they use. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html\">Amazon Web Services services that publish CloudWatch metrics</a> in the <i>Amazon CloudWatch User Guide</i>.</p> </note>"
     },
     "DeleteAutoScalingGroupType":{
       "type":"structure",
@@ -2032,7 +2032,7 @@
         },
         "TopicARN":{
           "shape":"XmlStringMaxLen255",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (Amazon SNS) topic.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon SNS topic.</p>"
         }
       }
     },
@@ -3379,18 +3379,18 @@
         },
         "WeightedCapacity":{
           "shape":"XmlStringMaxLen32",
-          "documentation":"<p>The number of capacity units provided by the instance type specified in <code>InstanceType</code> in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic. When a Spot or On-Demand Instance is launched, the capacity units count toward the desired capacity. Amazon EC2 Auto Scaling launches instances until the desired capacity is totally fulfilled, even if this results in an overage. For example, if there are two units remaining to fulfill capacity, and Amazon EC2 Auto Scaling can only launch an instance with a <code>WeightedCapacity</code> of five units, the instance is launched, and the desired capacity is exceeded by three units. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-weighting.html\">Instance weighting for Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. Value must be in the range of 1–999.</p>"
+          "documentation":"<p>The number of capacity units provided by the instance type specified in <code>InstanceType</code> in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic. When a Spot or On-Demand Instance is launched, the capacity units count toward the desired capacity. Amazon EC2 Auto Scaling launches instances until the desired capacity is totally fulfilled, even if this results in an overage. For example, if there are two units remaining to fulfill capacity, and Amazon EC2 Auto Scaling can only launch an instance with a <code>WeightedCapacity</code> of five units, the instance is launched, and the desired capacity is exceeded by three units. For more information, see <a href=\"https://docs.aws.amazon.com/ec2-auto-scaling-mixed-instances-groups-instance-weighting.html\">Instance weighting for Amazon EC2 Auto Scaling</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. Value must be in the range of 1–999.</p>"
         },
         "LaunchTemplateSpecification":{
           "shape":"LaunchTemplateSpecification",
-          "documentation":"<p>Provides the launch template to be used when launching the instance type specified in <code>InstanceType</code>. For example, some instance types might require a launch template with a different AMI. If not provided, Amazon EC2 Auto Scaling uses the launch template that's defined for your mixed instances policy. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-launch-template-overrides.html\">Specifying a different launch template for an instance type</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
+          "documentation":"<p>Provides the launch template to be used when launching the instance type specified in <code>InstanceType</code>. For example, some instance types might require a launch template with a different AMI. If not provided, Amazon EC2 Auto Scaling uses the launch template that's defined for your mixed instances policy. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups-launch-template-overrides.html\">Specifying a different launch template for an instance type</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
         },
         "InstanceRequirements":{
           "shape":"InstanceRequirements",
           "documentation":"<p>The instance requirements. When you specify instance requirements, Amazon EC2 Auto Scaling finds instance types that satisfy your requirements, and then uses your On-Demand and Spot allocation strategies to launch instances from these instance types, in the same way as when you specify a list of specific instance types. </p>"
         }
       },
-      "documentation":"<p>Describes an override for a launch template. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-override-options.html\">Configuring overrides</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
+      "documentation":"<p>Describes an override for a launch template. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-configuring-overrides.html\">Configuring overrides</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>. </p>"
     },
     "LaunchTemplateSpecification":{
       "type":"structure",
@@ -3456,7 +3456,7 @@
           "documentation":"<p>Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. The possible values are <code>CONTINUE</code> and <code>ABANDON</code>.</p>"
         }
       },
-      "documentation":"<p>Describes a lifecycle hook, which tells Amazon EC2 Auto Scaling that you want to perform an action whenever it launches instances or terminates instances.</p>"
+      "documentation":"<p>Describes a lifecycle hook, which enables an Auto Scaling group to be aware of events in the Auto Scaling instance lifecycle, and then perform a custom action when the corresponding lifecycle event occurs.</p>"
     },
     "LifecycleHookNames":{
       "type":"list",
@@ -3499,7 +3499,7 @@
           "documentation":"<p>The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target, for example, an Amazon SNS topic or an Amazon SQS queue.</p>"
         }
       },
-      "documentation":"<p>Describes information used to specify a lifecycle hook for an Auto Scaling group.</p> <p>A lifecycle hook tells Amazon EC2 Auto Scaling to perform an action on an instance when the instance launches (before it is put into service) or as the instance terminates (before it is fully terminated).</p> <p>This step is a part of the procedure for creating a lifecycle hook for an Auto Scaling group:</p> <ol> <li> <p>(Optional) Create a Lambda function and a rule that allows CloudWatch Events to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.</p> </li> <li> <p>(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.</p> </li> <li> <p> <b>Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.</b> </p> </li> <li> <p>If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.</p> </li> <li> <p>If you finish before the timeout period ends, complete the lifecycle action.</p> </li> </ol> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+      "documentation":"<p>Describes information used to specify a lifecycle hook for an Auto Scaling group.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html\">Amazon EC2 Auto Scaling lifecycle hooks</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
     "LifecycleHookSpecifications":{
       "type":"list",
@@ -3603,7 +3603,7 @@
       "members":{
         "Timestamps":{
           "shape":"PredictiveScalingForecastTimestamps",
-          "documentation":"<p>The time stamps for the data points, in UTC format.</p>"
+          "documentation":"<p>The timestamps for the data points, in UTC format.</p>"
         },
         "Values":{
           "shape":"PredictiveScalingForecastValues",
@@ -3676,6 +3676,28 @@
       },
       "documentation":"<p>Specifies the minimum and maximum for the <code>MemoryMiB</code> object when you specify <a>InstanceRequirements</a> for an Auto Scaling group.</p>"
     },
+    "Metric":{
+      "type":"structure",
+      "required":[
+        "Namespace",
+        "MetricName"
+      ],
+      "members":{
+        "Namespace":{
+          "shape":"MetricNamespace",
+          "documentation":"<p>The namespace of the metric. For more information, see the table in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html\">Amazon Web Services services that publish CloudWatch metrics </a> in the <i>Amazon CloudWatch User Guide</i>.</p>"
+        },
+        "MetricName":{
+          "shape":"MetricName",
+          "documentation":"<p>The name of the metric.</p>"
+        },
+        "Dimensions":{
+          "shape":"MetricDimensions",
+          "documentation":"<p>The dimensions for the metric. For the list of available dimensions, see the Amazon Web Services documentation available from the table in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-services-cloudwatch-metrics.html\">Amazon Web Services services that publish CloudWatch metrics </a> in the <i>Amazon CloudWatch User Guide</i>. </p> <p>Conditional: If you published your metric with dimensions, you must specify the same dimensions in your scaling policy.</p>"
+        }
+      },
+      "documentation":"<p>Represents a specific metric. </p>"
+    },
     "MetricCollectionType":{
       "type":"structure",
       "members":{
@@ -3690,6 +3712,37 @@
       "type":"list",
       "member":{"shape":"MetricCollectionType"}
     },
+    "MetricDataQueries":{
+      "type":"list",
+      "member":{"shape":"MetricDataQuery"}
+    },
+    "MetricDataQuery":{
+      "type":"structure",
+      "required":["Id"],
+      "members":{
+        "Id":{
+          "shape":"XmlStringMaxLen255",
+          "documentation":"<p>A short name that identifies the object's results in the response. This name must be unique among all <code>MetricDataQuery</code> objects specified for a single scaling policy. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscores. The first character must be a lowercase letter. </p>"
+        },
+        "Expression":{
+          "shape":"XmlStringMaxLen1023",
+          "documentation":"<p>The math expression to perform on the returned data, if this object is performing a math expression. This expression can use the <code>Id</code> of the other metrics to refer to those metrics, and can also use the <code>Id</code> of other expressions to use the result of those expressions. </p> <p>Conditional: Within each <code>MetricDataQuery</code> object, you must specify either <code>Expression</code> or <code>MetricStat</code>, but not both.</p>"
+        },
+        "MetricStat":{
+          "shape":"MetricStat",
+          "documentation":"<p>Information about the metric data to return.</p> <p>Conditional: Within each <code>MetricDataQuery</code> object, you must specify either <code>Expression</code> or <code>MetricStat</code>, but not both.</p>"
+        },
+        "Label":{
+          "shape":"XmlStringMetricLabel",
+          "documentation":"<p>A human-readable label for this metric or expression. This is especially useful if this is a math expression, so that you know what the value represents.</p>"
+        },
+        "ReturnData":{
+          "shape":"ReturnData",
+          "documentation":"<p>Indicates whether to return the timestamps and raw data values of this metric. </p> <p>If you use any math expressions, specify <code>true</code> for this value for only the final math expression that the metric specification is based on. You must specify <code>false</code> for <code>ReturnData</code> for all the other metrics and expressions used in the metric specification.</p> <p>If you are only retrieving metrics and not performing any math expressions, do not specify anything for <code>ReturnData</code>. This sets it to its default (<code>true</code>).</p>"
+        }
+      },
+      "documentation":"<p>The metric data to return. Also defines whether this call is returning data for one metric only, or whether it is performing a math expression on the values of returned metric statistics to create a new time series. A time series is a series of data points, each of which is associated with a timestamp.</p> <p>For more information and examples, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/predictive-scaling-customized-metric-specification.html\">Advanced predictive scaling policy configurations using custom metrics</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+    },
     "MetricDimension":{
       "type":"structure",
       "required":[
@@ -3731,6 +3784,28 @@
     "MetricName":{"type":"string"},
     "MetricNamespace":{"type":"string"},
     "MetricScale":{"type":"double"},
+    "MetricStat":{
+      "type":"structure",
+      "required":[
+        "Metric",
+        "Stat"
+      ],
+      "members":{
+        "Metric":{
+          "shape":"Metric",
+          "documentation":"<p>The CloudWatch metric to return, including the metric name, namespace, and dimensions. To get the exact metric name, namespace, and dimensions, inspect the <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_Metric.html\">Metric</a> object that is returned by a call to <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_ListMetrics.html\">ListMetrics</a>.</p>"
+        },
+        "Stat":{
+          "shape":"XmlStringMetricStat",
+          "documentation":"<p>The statistic to return. It can include any CloudWatch statistic or extended statistic. For a list of valid values, see the table in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic\">Statistics</a> in the <i>Amazon CloudWatch User Guide</i>.</p> <p>The most commonly used metrics for predictive scaling are <code>Average</code> and <code>Sum</code>.</p>"
+        },
+        "Unit":{
+          "shape":"MetricUnit",
+          "documentation":"<p>The unit to use for the returned data points. For a complete list of the units that CloudWatch supports, see the <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html\">MetricDatum</a> data type in the <i>Amazon CloudWatch API Reference</i>.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines the CloudWatch metric to return, along with the statistic, period, and unit.</p> <p>For more information about the CloudWatch terminology below, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html\">Amazon CloudWatch concepts</a> in the <i>Amazon CloudWatch User Guide</i>.</p>"
+    },
     "MetricStatistic":{
       "type":"string",
       "enum":[
@@ -3777,7 +3852,7 @@
           "documentation":"<p>Specifies the instances distribution.</p>"
         }
       },
-      "documentation":"<p>Describes a mixed instances policy. A mixed instances policy contains the instance types that Amazon EC2 Auto Scaling can launch and other information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-purchase-options.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+      "documentation":"<p>Describes a mixed instances policy. A mixed instances policy contains the instance types that Amazon EC2 Auto Scaling can launch and other information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
     "MonitoringEnabled":{"type":"boolean"},
     "NetworkInterfaceCountRequest":{
@@ -3809,7 +3884,7 @@
         },
         "TopicARN":{
           "shape":"XmlStringMaxLen255",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (Amazon SNS) topic.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon SNS topic.</p>"
         },
         "NotificationType":{
           "shape":"XmlStringMaxLen255",
@@ -3950,6 +4025,39 @@
       },
       "documentation":"<p>Represents a predictive scaling policy configuration to use with Amazon EC2 Auto Scaling.</p>"
     },
+    "PredictiveScalingCustomizedCapacityMetric":{
+      "type":"structure",
+      "required":["MetricDataQueries"],
+      "members":{
+        "MetricDataQueries":{
+          "shape":"MetricDataQueries",
+          "documentation":"<p>One or more metric data queries to provide the data points for a capacity metric. Use multiple metric data queries only if you are performing a math expression on returned data. </p>"
+        }
+      },
+      "documentation":"<p>Describes a customized capacity metric for a predictive scaling policy.</p>"
+    },
+    "PredictiveScalingCustomizedLoadMetric":{
+      "type":"structure",
+      "required":["MetricDataQueries"],
+      "members":{
+        "MetricDataQueries":{
+          "shape":"MetricDataQueries",
+          "documentation":"<p>One or more metric data queries to provide the data points for a load metric. Use multiple metric data queries only if you are performing a math expression on returned data. </p>"
+        }
+      },
+      "documentation":"<p>Describes a custom load metric for a predictive scaling policy.</p>"
+    },
+    "PredictiveScalingCustomizedScalingMetric":{
+      "type":"structure",
+      "required":["MetricDataQueries"],
+      "members":{
+        "MetricDataQueries":{
+          "shape":"MetricDataQueries",
+          "documentation":"<p>One or more metric data queries to provide the data points for a scaling metric. Use multiple metric data queries only if you are performing a math expression on returned data. </p>"
+        }
+      },
+      "documentation":"<p>Describes a custom scaling metric for a predictive scaling policy.</p>"
+    },
     "PredictiveScalingForecastTimestamps":{
       "type":"list",
       "member":{"shape":"TimestampType"}
@@ -3976,22 +4084,34 @@
       "members":{
         "TargetValue":{
           "shape":"MetricScale",
-          "documentation":"<p>Specifies the target utilization.</p>"
+          "documentation":"<p>Specifies the target utilization.</p> <note> <p>Some metrics are based on a count instead of a percentage, such as the request count for an Application Load Balancer or the number of messages in an SQS queue. If the scaling policy specifies one of these metrics, specify the target utilization as the optimal average request or message count per instance during any one-minute interval. </p> </note>"
         },
         "PredefinedMetricPairSpecification":{
           "shape":"PredictiveScalingPredefinedMetricPair",
-          "documentation":"<p>The metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use.</p>"
+          "documentation":"<p>The predefined metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use.</p>"
         },
         "PredefinedScalingMetricSpecification":{
           "shape":"PredictiveScalingPredefinedScalingMetric",
-          "documentation":"<p>The scaling metric specification.</p>"
+          "documentation":"<p>The predefined scaling metric specification.</p>"
         },
         "PredefinedLoadMetricSpecification":{
           "shape":"PredictiveScalingPredefinedLoadMetric",
-          "documentation":"<p>The load metric specification.</p>"
+          "documentation":"<p>The predefined load metric specification.</p>"
+        },
+        "CustomizedScalingMetricSpecification":{
+          "shape":"PredictiveScalingCustomizedScalingMetric",
+          "documentation":"<p>The customized scaling metric specification.</p>"
+        },
+        "CustomizedLoadMetricSpecification":{
+          "shape":"PredictiveScalingCustomizedLoadMetric",
+          "documentation":"<p>The customized load metric specification.</p>"
+        },
+        "CustomizedCapacityMetricSpecification":{
+          "shape":"PredictiveScalingCustomizedCapacityMetric",
+          "documentation":"<p>The customized capacity metric specification.</p>"
         }
       },
-      "documentation":"<p>This structure specifies the metrics and target utilization settings for a predictive scaling policy. </p> <p>You must specify either a metric pair, or a load metric and a scaling metric individually. Specifying a metric pair instead of individual metrics provides a simpler way to configure metrics for a scaling policy. You choose the metric pair, and the policy automatically knows the correct sum and average statistics to use for the load metric and the scaling metric.</p> <p>Example</p> <ul> <li> <p>You create a predictive scaling policy and specify <code>ALBRequestCount</code> as the value for the metric pair and <code>1000.0</code> as the target value. For this type of metric, you must provide the metric dimension for the corresponding target group, so you also provide a resource label for the Application Load Balancer target group that is attached to your Auto Scaling group.</p> </li> <li> <p>The number of requests the target group receives per minute provides the load metric, and the request count averaged between the members of the target group provides the scaling metric. In CloudWatch, this refers to the <code>RequestCount</code> and <code>RequestCountPerTarget</code> metrics, respectively.</p> </li> <li> <p>For optimal use of predictive scaling, you adhere to the best practice of using a dynamic scaling policy to automatically scale between the minimum capacity and maximum capacity in response to real-time changes in resource utilization.</p> </li> <li> <p>Amazon EC2 Auto Scaling consumes data points for the load metric over the last 14 days and creates an hourly load forecast for predictive scaling. (A minimum of 24 hours of data is required.)</p> </li> <li> <p>After creating the load forecast, Amazon EC2 Auto Scaling determines when to reduce or increase the capacity of your Auto Scaling group in each hour of the forecast period so that the average number of requests received by each instance is as close to 1000 requests per minute as possible at all times.</p> </li> </ul>"
+      "documentation":"<p>This structure specifies the metrics and target utilization settings for a predictive scaling policy. </p> <p>You must specify either a metric pair, or a load metric and a scaling metric individually. Specifying a metric pair instead of individual metrics provides a simpler way to configure metrics for a scaling policy. You choose the metric pair, and the policy automatically knows the correct sum and average statistics to use for the load metric and the scaling metric.</p> <p>Example</p> <ul> <li> <p>You create a predictive scaling policy and specify <code>ALBRequestCount</code> as the value for the metric pair and <code>1000.0</code> as the target value. For this type of metric, you must provide the metric dimension for the corresponding target group, so you also provide a resource label for the Application Load Balancer target group that is attached to your Auto Scaling group.</p> </li> <li> <p>The number of requests the target group receives per minute provides the load metric, and the request count averaged between the members of the target group provides the scaling metric. In CloudWatch, this refers to the <code>RequestCount</code> and <code>RequestCountPerTarget</code> metrics, respectively.</p> </li> <li> <p>For optimal use of predictive scaling, you adhere to the best practice of using a dynamic scaling policy to automatically scale between the minimum capacity and maximum capacity in response to real-time changes in resource utilization.</p> </li> <li> <p>Amazon EC2 Auto Scaling consumes data points for the load metric over the last 14 days and creates an hourly load forecast for predictive scaling. (A minimum of 24 hours of data is required.)</p> </li> <li> <p>After creating the load forecast, Amazon EC2 Auto Scaling determines when to reduce or increase the capacity of your Auto Scaling group in each hour of the forecast period so that the average number of requests received by each instance is as close to 1000 requests per minute as possible at all times.</p> </li> </ul> <p>For information about using custom metrics with predictive scaling, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/predictive-scaling-customized-metric-specification.html\">Advanced predictive scaling policy configurations using custom metrics</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
     "PredictiveScalingMetricSpecifications":{
       "type":"list",
@@ -4144,7 +4264,7 @@
         },
         "TopicARN":{
           "shape":"XmlStringMaxLen255",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (Amazon SNS) topic.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon SNS topic.</p>"
         },
         "NotificationTypes":{
           "shape":"AutoScalingNotificationTypes",
@@ -4205,7 +4325,7 @@
         },
         "TargetTrackingConfiguration":{
           "shape":"TargetTrackingConfiguration",
-          "documentation":"<p>A target tracking scaling policy. Provides support for predefined or customized metrics.</p> <p>The following predefined metrics are available:</p> <ul> <li> <p> <code>ASGAverageCPUUtilization</code> </p> </li> <li> <p> <code>ASGAverageNetworkIn</code> </p> </li> <li> <p> <code>ASGAverageNetworkOut</code> </p> </li> <li> <p> <code>ALBRequestCountPerTarget</code> </p> </li> </ul> <p>If you specify <code>ALBRequestCountPerTarget</code> for the metric, you must specify the <code>ResourceLabel</code> parameter with the <code>PredefinedMetricSpecification</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingConfiguration.html\">TargetTrackingConfiguration</a> in the <i>Amazon EC2 Auto Scaling API Reference</i>.</p> <p>Required if the policy type is <code>TargetTrackingScaling</code>.</p>"
+          "documentation":"<p>A target tracking scaling policy. Provides support for predefined or custom metrics.</p> <p>The following predefined metrics are available:</p> <ul> <li> <p> <code>ASGAverageCPUUtilization</code> </p> </li> <li> <p> <code>ASGAverageNetworkIn</code> </p> </li> <li> <p> <code>ASGAverageNetworkOut</code> </p> </li> <li> <p> <code>ALBRequestCountPerTarget</code> </p> </li> </ul> <p>If you specify <code>ALBRequestCountPerTarget</code> for the metric, you must specify the <code>ResourceLabel</code> parameter with the <code>PredefinedMetricSpecification</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_TargetTrackingConfiguration.html\">TargetTrackingConfiguration</a> in the <i>Amazon EC2 Auto Scaling API Reference</i>.</p> <p>Required if the policy type is <code>TargetTrackingScaling</code>.</p>"
         },
         "Enabled":{
           "shape":"ScalingPolicyEnabled",
@@ -4213,7 +4333,7 @@
         },
         "PredictiveScalingConfiguration":{
           "shape":"PredictiveScalingConfiguration",
-          "documentation":"<p>A predictive scaling policy. Provides support for only predefined metrics.</p> <p>Predictive scaling works with CPU utilization, network in/out, and the Application Load Balancer request count.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredictiveScalingConfiguration.html\">PredictiveScalingConfiguration</a> in the <i>Amazon EC2 Auto Scaling API Reference</i>.</p> <p>Required if the policy type is <code>PredictiveScaling</code>.</p>"
+          "documentation":"<p>A predictive scaling policy. Provides support for predefined and custom metrics.</p> <p>Predefined metrics include CPU utilization, network in/out, and the Application Load Balancer request count.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_PredictiveScalingConfiguration.html\">PredictiveScalingConfiguration</a> in the <i>Amazon EC2 Auto Scaling API Reference</i>.</p> <p>Required if the policy type is <code>PredictiveScaling</code>.</p>"
         }
       }
     },
@@ -4395,6 +4515,7 @@
       "min":1,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
     },
+    "ReturnData":{"type":"boolean"},
     "ScalingActivityInProgressFault":{
       "type":"structure",
       "members":{
@@ -4965,7 +5086,7 @@
         },
         "MixedInstancesPolicy":{
           "shape":"MixedInstancesPolicy",
-          "documentation":"<p>An embedded object that specifies a mixed instances policy. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-purchase-options.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>An embedded object that specifies a mixed instances policy. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html\">Auto Scaling groups with multiple instance types and purchase options</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "MinSize":{
           "shape":"AutoScalingGroupMinSize",
@@ -4993,7 +5114,7 @@
         },
         "HealthCheckGracePeriod":{
           "shape":"HealthCheckGracePeriod",
-          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service. The default value is <code>0</code>. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html#health-check-grace-period\">Health check grace period</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>Conditional: Required if you are adding an <code>ELB</code> health check.</p>"
+          "documentation":"<p>The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. The default value is <code>0</code>. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/healthcheck.html#health-check-grace-period\">Health check grace period</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p> <p>Conditional: Required if you are adding an <code>ELB</code> health check.</p>"
         },
         "PlacementGroup":{
           "shape":"XmlStringMaxLen255",
@@ -5009,7 +5130,7 @@
         },
         "NewInstancesProtectedFromScaleIn":{
           "shape":"InstanceProtected",
-          "documentation":"<p>Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>Indicates whether newly launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. For more information about preventing instances from terminating on scale in, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-protection.html\">Using instance scale-in protection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "ServiceLinkedRoleARN":{
           "shape":"ResourceName",
@@ -5021,7 +5142,7 @@
         },
         "CapacityRebalance":{
           "shape":"CapacityRebalanceEnabled",
-          "documentation":"<p>Enables or disables Capacity Rebalancing. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/capacity-rebalance.html\">Amazon EC2 Auto Scaling Capacity Rebalancing</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
+          "documentation":"<p>Enables or disables Capacity Rebalancing. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-capacity-rebalancing.html\">Amazon EC2 Auto Scaling Capacity Rebalancing</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
         },
         "Context":{
           "shape":"Context",
@@ -5142,6 +5263,17 @@
       "min":1,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
     },
+    "XmlStringMetricLabel":{
+      "type":"string",
+      "max":2047,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
+    },
+    "XmlStringMetricStat":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
+    },
     "XmlStringUserData":{
       "type":"string",
       "max":21847,
diff --git a/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/paginators-1.json
new file mode 100644
index 00000000000..462aacd014a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/paginators-1.json
@@ -0,0 +1,22 @@
+{
+  "pagination": {
+    "ListGateways": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "Gateways"
+    },
+    "ListHypervisors": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "Hypervisors"
+    },
+    "ListVirtualMachines": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "VirtualMachines"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/service-2.json
new file mode 100644
index 00000000000..f67c9233af3
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/backup-gateway/2021-01-01/service-2.json
@@ -0,0 +1,1012 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-01-01",
+    "endpointPrefix":"backup-gateway",
+    "jsonVersion":"1.0",
+    "protocol":"json",
+    "serviceFullName":"AWS Backup Gateway",
+    "serviceId":"Backup Gateway",
+    "signatureVersion":"v4",
+    "signingName":"backup-gateway",
+    "targetPrefix":"BackupOnPremises_v20210101",
+    "uid":"backup-gateway-2021-01-01"
+  },
+  "operations":{
+    "AssociateGatewayToServer":{
+      "name":"AssociateGatewayToServer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AssociateGatewayToServerInput"},
+      "output":{"shape":"AssociateGatewayToServerOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Associates a backup gateway with your server. After you complete the association process, you can back up and restore your VMs through the gateway.</p>"
+    },
+    "CreateGateway":{
+      "name":"CreateGateway",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateGatewayInput"},
+      "output":{"shape":"CreateGatewayOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a backup gateway. After you create a gateway, you can associate it with a server using the <code>AssociateGatewayToServer</code> operation.</p>"
+    },
+    "DeleteGateway":{
+      "name":"DeleteGateway",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteGatewayInput"},
+      "output":{"shape":"DeleteGatewayOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a backup gateway.</p>",
+      "idempotent":true
+    },
+    "DeleteHypervisor":{
+      "name":"DeleteHypervisor",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteHypervisorInput"},
+      "output":{"shape":"DeleteHypervisorOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a hypervisor.</p>",
+      "idempotent":true
+    },
+    "DisassociateGatewayFromServer":{
+      "name":"DisassociateGatewayFromServer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisassociateGatewayFromServerInput"},
+      "output":{"shape":"DisassociateGatewayFromServerOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Disassociates a backup gateway from the specified server. After the disassociation process finishes, the gateway can no longer access the virtual machines on the server.</p>"
+    },
+    "ImportHypervisorConfiguration":{
+      "name":"ImportHypervisorConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ImportHypervisorConfigurationInput"},
+      "output":{"shape":"ImportHypervisorConfigurationOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Connect to a hypervisor by importing its configuration.</p>"
+    },
+    "ListGateways":{
+      "name":"ListGateways",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListGatewaysInput"},
+      "output":{"shape":"ListGatewaysOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists backup gateways owned by an Amazon Web Services account in an Amazon Web Services Region. The returned list is ordered by gateway Amazon Resource Name (ARN).</p>"
+    },
+    "ListHypervisors":{
+      "name":"ListHypervisors",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListHypervisorsInput"},
+      "output":{"shape":"ListHypervisorsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists your hypervisors.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListTagsForResourceInput"},
+      "output":{"shape":"ListTagsForResourceOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Lists the tags applied to the resource identified by its Amazon Resource Name (ARN).</p>"
+    },
+    "ListVirtualMachines":{
+      "name":"ListVirtualMachines",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListVirtualMachinesInput"},
+      "output":{"shape":"ListVirtualMachinesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists your virtual machines.</p>"
+    },
+    "PutMaintenanceStartTime":{
+      "name":"PutMaintenanceStartTime",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PutMaintenanceStartTimeInput"},
+      "output":{"shape":"PutMaintenanceStartTimeOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Set the maintenance start time for a gateway.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"TagResourceInput"},
+      "output":{"shape":"TagResourceOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Tag the resource.</p>"
+    },
+    "TestHypervisorConfiguration":{
+      "name":"TestHypervisorConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"TestHypervisorConfigurationInput"},
+      "output":{"shape":"TestHypervisorConfigurationOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Tests your hypervisor configuration to validate that backup gateway can connect with the hypervisor and its resources.</p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UntagResourceInput"},
+      "output":{"shape":"UntagResourceOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Removes tags from the resource.</p>"
+    },
+    "UpdateGatewayInformation":{
+      "name":"UpdateGatewayInformation",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateGatewayInformationInput"},
+      "output":{"shape":"UpdateGatewayInformationOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates a gateway's name. Specify which gateway to update using the Amazon Resource Name (ARN) of the gateway in your request.</p>"
+    },
+    "UpdateHypervisor":{
+      "name":"UpdateHypervisor",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateHypervisorInput"},
+      "output":{"shape":"UpdateHypervisorOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates a hypervisor metadata, including its host, username, and password. Specify which hypervisor to update using the Amazon Resource Name (ARN) of the hypervisor in your request.</p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "required":["ErrorCode"],
+      "members":{
+        "ErrorCode":{
+          "shape":"string",
+          "documentation":"<p>A description of why you have insufficient permissions.</p>"
+        },
+        "Message":{"shape":"string"}
+      },
+      "documentation":"<p>The operation cannot proceed because you have insufficient permissions.</p>",
+      "exception":true
+    },
+    "ActivationKey":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"^[0-9a-zA-Z\\-]+$"
+    },
+    "AssociateGatewayToServerInput":{
+      "type":"structure",
+      "required":[
+        "GatewayArn",
+        "ServerArn"
+      ],
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway. Use the <code>ListGateways</code> operation to return a list of gateways for your account and Amazon Web Services Region.</p>"
+        },
+        "ServerArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the server that hosts your virtual machines.</p>"
+        }
+      }
+    },
+    "AssociateGatewayToServerOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a gateway.</p>"
+        }
+      }
+    },
+    "ConflictException":{
+      "type":"structure",
+      "required":["ErrorCode"],
+      "members":{
+        "ErrorCode":{
+          "shape":"string",
+          "documentation":"<p>A description of why the operation is not supported.</p>"
+        },
+        "Message":{"shape":"string"}
+      },
+      "documentation":"<p>The operation cannot proceed because it is not supported.</p>",
+      "exception":true
+    },
+    "CreateGatewayInput":{
+      "type":"structure",
+      "required":[
+        "ActivationKey",
+        "GatewayDisplayName",
+        "GatewayType"
+      ],
+      "members":{
+        "ActivationKey":{
+          "shape":"ActivationKey",
+          "documentation":"<p>The activation key of the created gateway.</p>"
+        },
+        "GatewayDisplayName":{
+          "shape":"Name",
+          "documentation":"<p>The display name of the created gateway.</p>"
+        },
+        "GatewayType":{
+          "shape":"GatewayType",
+          "documentation":"<p>The type of created gateway.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>A list of up to 50 tags to assign to the gateway. Each tag is a key-value pair.</p>"
+        }
+      }
+    },
+    "CreateGatewayOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway you create.</p>"
+        }
+      }
+    },
+    "DayOfMonth":{
+      "type":"integer",
+      "box":true,
+      "max":31,
+      "min":1
+    },
+    "DayOfWeek":{
+      "type":"integer",
+      "box":true,
+      "max":6,
+      "min":0
+    },
+    "DeleteGatewayInput":{
+      "type":"structure",
+      "required":["GatewayArn"],
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway to delete.</p>"
+        }
+      }
+    },
+    "DeleteGatewayOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway you deleted.</p>"
+        }
+      }
+    },
+    "DeleteHypervisorInput":{
+      "type":"structure",
+      "required":["HypervisorArn"],
+      "members":{
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor to delete.</p>"
+        }
+      }
+    },
+    "DeleteHypervisorOutput":{
+      "type":"structure",
+      "members":{
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor you deleted.</p>"
+        }
+      }
+    },
+    "DisassociateGatewayFromServerInput":{
+      "type":"structure",
+      "required":["GatewayArn"],
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway to disassociate.</p>"
+        }
+      }
+    },
+    "DisassociateGatewayFromServerOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway you disassociated.</p>"
+        }
+      }
+    },
+    "Gateway":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway. Use the <code>ListGateways</code> operation to return a list of gateways for your account and Amazon Web Services Region.</p>"
+        },
+        "GatewayDisplayName":{
+          "shape":"Name",
+          "documentation":"<p>The display name of the gateway.</p>"
+        },
+        "GatewayType":{
+          "shape":"GatewayType",
+          "documentation":"<p>The type of the gateway.</p>"
+        },
+        "HypervisorId":{
+          "shape":"HypervisorId",
+          "documentation":"<p>The hypervisor ID of the gateway.</p>"
+        },
+        "LastSeenTime":{
+          "shape":"Time",
+          "documentation":"<p>The last time Backup gateway communicated with the gateway, in Unix format and UTC time.</p>"
+        }
+      },
+      "documentation":"<p>A gateway is an Backup Gateway appliance that runs on the customer's network to provide seamless connectivity to backup storage in the Amazon Web Services Cloud.</p>"
+    },
+    "GatewayArn":{
+      "type":"string",
+      "max":500,
+      "min":50,
+      "pattern":"^arn:(aws|aws-cn|aws-us-gov):backup-gateway(:[a-zA-Z-0-9]+){3}\\/[a-zA-Z-0-9]+$"
+    },
+    "GatewayType":{
+      "type":"string",
+      "enum":["BACKUP_VM"]
+    },
+    "Gateways":{
+      "type":"list",
+      "member":{"shape":"Gateway"}
+    },
+    "Host":{
+      "type":"string",
+      "max":128,
+      "min":3,
+      "pattern":"^.+$"
+    },
+    "HourOfDay":{
+      "type":"integer",
+      "box":true,
+      "max":23,
+      "min":0
+    },
+    "Hypervisor":{
+      "type":"structure",
+      "members":{
+        "Host":{
+          "shape":"Host",
+          "documentation":"<p>The server host of the hypervisor. This can be either an IP address or a fully-qualified domain name (FQDN).</p>"
+        },
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor.</p>"
+        },
+        "KmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Key Management Service used to encrypt the hypervisor.</p>"
+        },
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the hypervisor.</p>"
+        },
+        "State":{
+          "shape":"HypervisorState",
+          "documentation":"<p>The state of the hypervisor.</p>"
+        }
+      },
+      "documentation":"<p>Represents the hypervisor's permissions to which the gateway will connect.</p> <p>A hypervisor is hardware, software, or firmware that creates and manages virtual machines, and allocates resources to them.</p>"
+    },
+    "HypervisorId":{
+      "type":"string",
+      "max":100,
+      "min":1
+    },
+    "HypervisorState":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "ONLINE",
+        "OFFLINE",
+        "ERROR"
+      ]
+    },
+    "Hypervisors":{
+      "type":"list",
+      "member":{"shape":"Hypervisor"}
+    },
+    "ImportHypervisorConfigurationInput":{
+      "type":"structure",
+      "required":[
+        "Host",
+        "Name"
+      ],
+      "members":{
+        "Host":{
+          "shape":"Host",
+          "documentation":"<p>The server host of the hypervisor. This can be either an IP address or a fully-qualified domain name (FQDN).</p>"
+        },
+        "KmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Key Management Service for the hypervisor.</p>"
+        },
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the hypervisor.</p>"
+        },
+        "Password":{
+          "shape":"Password",
+          "documentation":"<p>The password for the hypervisor.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>The tags of the hypervisor configuration to import.</p>"
+        },
+        "Username":{
+          "shape":"Username",
+          "documentation":"<p>The username for the hypervisor.</p>"
+        }
+      }
+    },
+    "ImportHypervisorConfigurationOutput":{
+      "type":"structure",
+      "members":{
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor you disassociated.</p>"
+        }
+      }
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "ErrorCode":{
+          "shape":"string",
+          "documentation":"<p>A description of which internal error occured.</p>"
+        },
+        "Message":{"shape":"string"}
+      },
+      "documentation":"<p>The operation did not succeed because an internal error occurred. Try again later.</p>",
+      "exception":true,
+      "fault":true
+    },
+    "KmsKeyArn":{
+      "type":"string",
+      "max":500,
+      "min":50,
+      "pattern":"^(^arn:(aws|aws-cn|aws-us-gov):kms:([a-zA-Z0-9-]+):([0-9]+):(key|alias)/(\\S+)$)|(^alias/(\\S+)$)$"
+    },
+    "ListGatewaysInput":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of gateways to list.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>MaxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        }
+      }
+    },
+    "ListGatewaysOutput":{
+      "type":"structure",
+      "members":{
+        "Gateways":{
+          "shape":"Gateways",
+          "documentation":"<p>A list of your gateways.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>maxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        }
+      }
+    },
+    "ListHypervisorsInput":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of hypervisors to list.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>maxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        }
+      }
+    },
+    "ListHypervisorsOutput":{
+      "type":"structure",
+      "members":{
+        "Hypervisors":{
+          "shape":"Hypervisors",
+          "documentation":"<p>A list of your <code>Hypervisor</code> objects, ordered by their Amazon Resource Names (ARNs).</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>maxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceInput":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource's tags to list.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceOutput":{
+      "type":"structure",
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource's tags that you listed.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>A list of the resource's tags.</p>"
+        }
+      }
+    },
+    "ListVirtualMachinesInput":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of virtual machines to list.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>maxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        }
+      }
+    },
+    "ListVirtualMachinesOutput":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The next item following a partial list of returned resources. For example, if a request is made to return <code>maxResults</code> number of resources, <code>NextToken</code> allows you to return more items in your list starting at the location pointed to by the next token.</p>"
+        },
+        "VirtualMachines":{
+          "shape":"VirtualMachines",
+          "documentation":"<p>A list of your <code>VirtualMachine</code> objects, ordered by their Amazon Resource Names (ARNs).</p>"
+        }
+      }
+    },
+    "MaxResults":{
+      "type":"integer",
+      "box":true,
+      "min":1
+    },
+    "MinuteOfHour":{
+      "type":"integer",
+      "box":true,
+      "max":59,
+      "min":0
+    },
+    "Name":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9-]*$"
+    },
+    "NextToken":{
+      "type":"string",
+      "max":1000,
+      "min":1,
+      "pattern":"^.+$"
+    },
+    "Password":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[ -~]+$",
+      "sensitive":true
+    },
+    "Path":{
+      "type":"string",
+      "max":4096,
+      "min":1,
+      "pattern":"^[^\\x00]+$"
+    },
+    "PutMaintenanceStartTimeInput":{
+      "type":"structure",
+      "required":[
+        "GatewayArn",
+        "HourOfDay",
+        "MinuteOfHour"
+      ],
+      "members":{
+        "DayOfMonth":{
+          "shape":"DayOfMonth",
+          "documentation":"<p>The day of the month start maintenance on a gateway.</p> <p>Valid values range from <code>Sunday</code> to <code>Saturday</code>.</p>"
+        },
+        "DayOfWeek":{
+          "shape":"DayOfWeek",
+          "documentation":"<p>The day of the week to start maintenance on a gateway.</p>"
+        },
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the gateway, used to specify its maintenance start time.</p>"
+        },
+        "HourOfDay":{
+          "shape":"HourOfDay",
+          "documentation":"<p>The hour of the day to start maintenance on a gateway.</p>"
+        },
+        "MinuteOfHour":{
+          "shape":"MinuteOfHour",
+          "documentation":"<p>The minute of the hour to start maintenance on a gateway.</p>"
+        }
+      }
+    },
+    "PutMaintenanceStartTimeOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a gateway for which you set the maintenance start time.</p>"
+        }
+      }
+    },
+    "ResourceArn":{
+      "type":"string",
+      "max":500,
+      "min":50,
+      "pattern":"^arn:(aws|aws-cn|aws-us-gov):backup-gateway(:[a-zA-Z-0-9]+){3}\\/[a-zA-Z-0-9]+$"
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "ErrorCode":{
+          "shape":"string",
+          "documentation":"<p>A description of which resource wasn't found.</p>"
+        },
+        "Message":{"shape":"string"}
+      },
+      "documentation":"<p>A resource that is required for the action wasn't found.</p>",
+      "exception":true
+    },
+    "ServerArn":{
+      "type":"string",
+      "max":500,
+      "min":50,
+      "pattern":"^arn:(aws|aws-cn|aws-us-gov):backup-gateway(:[a-zA-Z-0-9]+){3}\\/[a-zA-Z-0-9]+$"
+    },
+    "Tag":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"TagKey",
+          "documentation":"<p>The key part of a tag's key-value pair. The key can't start with <code>aws:</code>.</p>"
+        },
+        "Value":{
+          "shape":"TagValue",
+          "documentation":"<p>The key part of a value's key-value pair.</p>"
+        }
+      },
+      "documentation":"<p>A key-value pair you can use to manage, filter, and search for your resources. Allowed characters include UTF-8 letters, numbers, spaces, and the following characters: + - = . _ : /.</p>"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "TagKeys":{
+      "type":"list",
+      "member":{"shape":"TagKey"}
+    },
+    "TagResourceInput":{
+      "type":"structure",
+      "required":[
+        "ResourceARN",
+        "Tags"
+      ],
+      "members":{
+        "ResourceARN":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to tag.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>A list of tags to assign to the resource.</p>"
+        }
+      }
+    },
+    "TagResourceOutput":{
+      "type":"structure",
+      "members":{
+        "ResourceARN":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource you tagged.</p>"
+        }
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":"^[^\\x00]*$"
+    },
+    "Tags":{
+      "type":"list",
+      "member":{"shape":"Tag"}
+    },
+    "TestHypervisorConfigurationInput":{
+      "type":"structure",
+      "required":[
+        "GatewayArn",
+        "Host"
+      ],
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway to the hypervisor to test.</p>"
+        },
+        "Host":{
+          "shape":"Host",
+          "documentation":"<p>The server host of the hypervisor. This can be either an IP address or a fully-qualified domain name (FQDN).</p>"
+        },
+        "Password":{
+          "shape":"Password",
+          "documentation":"<p>The password for the hypervisor.</p>"
+        },
+        "Username":{
+          "shape":"Username",
+          "documentation":"<p>The username for the hypervisor.</p>"
+        }
+      }
+    },
+    "TestHypervisorConfigurationOutput":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Time":{"type":"timestamp"},
+    "UntagResourceInput":{
+      "type":"structure",
+      "required":[
+        "ResourceARN",
+        "TagKeys"
+      ],
+      "members":{
+        "ResourceARN":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource from which to remove tags.</p>"
+        },
+        "TagKeys":{
+          "shape":"TagKeys",
+          "documentation":"<p>The list of tag keys specifying which tags to remove.</p>"
+        }
+      }
+    },
+    "UntagResourceOutput":{
+      "type":"structure",
+      "members":{
+        "ResourceARN":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource from which you removed tags.</p>"
+        }
+      }
+    },
+    "UpdateGatewayInformationInput":{
+      "type":"structure",
+      "required":["GatewayArn"],
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway to update.</p>"
+        },
+        "GatewayDisplayName":{
+          "shape":"Name",
+          "documentation":"<p>The updated display name of the gateway.</p>"
+        }
+      }
+    },
+    "UpdateGatewayInformationOutput":{
+      "type":"structure",
+      "members":{
+        "GatewayArn":{
+          "shape":"GatewayArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the gateway you updated.</p>"
+        }
+      }
+    },
+    "UpdateHypervisorInput":{
+      "type":"structure",
+      "required":["HypervisorArn"],
+      "members":{
+        "Host":{
+          "shape":"Host",
+          "documentation":"<p>The updated host of the hypervisor. This can be either an IP address or a fully-qualified domain name (FQDN).</p>"
+        },
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor to update.</p>"
+        },
+        "Password":{
+          "shape":"Password",
+          "documentation":"<p>The updated password for the hypervisor.</p>"
+        },
+        "Username":{
+          "shape":"Username",
+          "documentation":"<p>The updated username for the hypervisor.</p>"
+        }
+      }
+    },
+    "UpdateHypervisorOutput":{
+      "type":"structure",
+      "members":{
+        "HypervisorArn":{
+          "shape":"ServerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the hypervisor you updated.</p>"
+        }
+      }
+    },
+    "Username":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[ -\\.0-\\[\\]-~]*[!-\\.0-\\[\\]-~][ -\\.0-\\[\\]-~]*$",
+      "sensitive":true
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "ErrorCode":{
+          "shape":"string",
+          "documentation":"<p>A description of what caused the validation error.</p>"
+        },
+        "Message":{"shape":"string"}
+      },
+      "documentation":"<p>The operation did not succeed because a validation error occurred.</p>",
+      "exception":true
+    },
+    "VirtualMachine":{
+      "type":"structure",
+      "members":{
+        "HostName":{
+          "shape":"Name",
+          "documentation":"<p>The host name of the virtual machine.</p>"
+        },
+        "HypervisorId":{
+          "shape":"string",
+          "documentation":"<p>The ID of the virtual machine's hypervisor.</p>"
+        },
+        "LastBackupDate":{
+          "shape":"Time",
+          "documentation":"<p>The most recent date a virtual machine was backed up, in Unix format and UTC time.</p>"
+        },
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the virtual machine.</p>"
+        },
+        "Path":{
+          "shape":"Path",
+          "documentation":"<p>The path of the virtual machine.</p>"
+        },
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the virtual machine.</p>"
+        }
+      },
+      "documentation":"<p>A virtual machine that is on a hypervisor.</p>"
+    },
+    "VirtualMachines":{
+      "type":"list",
+      "member":{"shape":"VirtualMachine"}
+    },
+    "string":{"type":"string"}
+  },
+  "documentation":"<p><fullname>Backup gateway</fullname> <p>Backup gateway connects Backup to your hypervisor, so you can create, store, and restore backups of your virtual machines (VMs) anywhere, whether on-premises or in the VMware Cloud (VMC) on Amazon Web Services.</p> <p>Add on-premises resources by connecting to a hypervisor through a gateway. Backup will automatically discover the resources in your hypervisor.</p> <p>Use Backup to assign virtual or on-premises resources to a backup plan, or run on-demand backups. Once you have backed up your resources, you can view them and restore them like any resource supported by Backup.</p> <p>To download the Amazon Web Services software to get started, navigate to the Backup console, choose <b>Gateways</b>, then choose <b>Create gateway</b>.</p></p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/backup/2018-11-15/service-2.json b/contrib/python/botocore/py3/botocore/data/backup/2018-11-15/service-2.json
index c7e7404e577..1cf39da43ae 100644
--- a/contrib/python/botocore/py3/botocore/data/backup/2018-11-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/backup/2018-11-15/service-2.json
@@ -44,7 +44,7 @@
         {"shape":"MissingParameterValueException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Creates a JSON document that specifies a set of resources to assign to a backup plan. Resources can be included by specifying patterns for a <code>ListOfTags</code> and selected <code>Resources</code>. </p> <p>For example, consider the following patterns:</p> <ul> <li> <p> <code>Resources: \"arn:aws:ec2:region:account-id:volume/volume-id\"</code> </p> </li> <li> <p> <code>ConditionKey:\"department\"</code> </p> <p> <code>ConditionValue:\"finance\"</code> </p> <p> <code>ConditionType:\"StringEquals\"</code> </p> </li> <li> <p> <code>ConditionKey:\"importance\"</code> </p> <p> <code>ConditionValue:\"critical\"</code> </p> <p> <code>ConditionType:\"StringEquals\"</code> </p> </li> </ul> <p>Using these patterns would back up all Amazon Elastic Block Store (Amazon EBS) volumes that are tagged as <code>\"department=finance\"</code>, <code>\"importance=critical\"</code>, in addition to an EBS volume with the specified volume ID.</p> <p>Resources and conditions are additive in that all resources that match the pattern are selected. This shouldn't be confused with a logical AND, where all conditions must match. The matching patterns are logically put together using the OR operator. In other words, all patterns that match are selected for backup.</p>",
+      "documentation":"<p>Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see <a href=\"https://docs.aws.amazon.com/assigning-resources.html#assigning-resources-json\">Assigning resources programmatically</a>. </p>",
       "idempotent":true
     },
     "CreateBackupVault":{
@@ -858,7 +858,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.</p>",
+      "documentation":"<p>Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.</p> <note> <p>Backup Vault Lock has yet to receive a third-party assessment for SEC 17a-4(f) and CFTC.</p> </note>",
       "idempotent":true
     },
     "PutBackupVaultNotifications":{
@@ -1061,6 +1061,7 @@
       "errors":[
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidParameterValueException"},
+        {"shape":"InvalidRequestException"},
         {"shape":"MissingParameterValueException"},
         {"shape":"ServiceUnavailableException"}
       ],
@@ -1274,7 +1275,7 @@
       "members":{
         "BackupPlanName":{
           "shape":"BackupPlanName",
-          "documentation":"<p>The display name of a backup plan.</p>"
+          "documentation":"<p>The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "Rules":{
           "shape":"BackupRules",
@@ -1296,7 +1297,7 @@
       "members":{
         "BackupPlanName":{
           "shape":"BackupPlanName",
-          "documentation":"<p>The optional display name of a backup plan.</p>"
+          "documentation":"<p>The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "Rules":{
           "shape":"BackupRulesInput",
@@ -1365,7 +1366,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.</p>"
+          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "LastExecutionDate":{
           "shape":"timestamp",
@@ -1387,7 +1388,7 @@
       "members":{
         "RuleName":{
           "shape":"BackupRuleName",
-          "documentation":"<p>An optional display name for a backup rule.</p>"
+          "documentation":"<p>A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "TargetBackupVaultName":{
           "shape":"BackupVaultName",
@@ -1395,7 +1396,7 @@
         },
         "ScheduleExpression":{
           "shape":"CronExpression",
-          "documentation":"<p>A cron expression in UTC specifying when Backup initiates a backup job. For more information about cron expressions, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html\">Schedule Expressions for Rules</a> in the <i>Amazon CloudWatch Events User Guide.</i>. Prior to specifying a value for this parameter, we recommend testing your cron expression using one of the many available cron generator and testing tools.</p>"
+          "documentation":"<p>A cron expression in UTC specifying when Backup initiates a backup job. For more information about Amazon Web Services cron expressions, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html\">Schedule Expressions for Rules</a> in the <i>Amazon CloudWatch Events User Guide.</i>. Two examples of Amazon Web Services cron expressions are <code> 15 * ? * * *</code> (take a backup every hour at 15 minutes past the hour) and <code>0 12 * * ? *</code> (take a backup every day at 12 noon UTC). For a table of examples, click the preceding link and scroll down the page.</p>"
         },
         "StartWindowMinutes":{
           "shape":"WindowMinutes",
@@ -1437,7 +1438,7 @@
       "members":{
         "RuleName":{
           "shape":"BackupRuleName",
-          "documentation":"<p>An optional display name for a backup rule.</p>"
+          "documentation":"<p>A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "TargetBackupVaultName":{
           "shape":"BackupVaultName",
@@ -1495,7 +1496,7 @@
       "members":{
         "SelectionName":{
           "shape":"BackupSelectionName",
-          "documentation":"<p>The display name of a resource selection document.</p>"
+          "documentation":"<p>The display name of a resource selection document. Must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "IamRoleArn":{
           "shape":"IAMRoleArn",
@@ -1503,11 +1504,19 @@
         },
         "Resources":{
           "shape":"ResourceArns",
-          "documentation":"<p>An array of strings that contain Amazon Resource Names (ARNs) of resources to assign to a backup plan.</p>"
+          "documentation":"<p>A list of Amazon Resource Names (ARNs) to assign to a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.</p> <p>If you need to assign many resources to a backup plan, consider a different resource selection strategy, such as assigning all resources of a resource type or refining your resource selection using tags.</p>"
         },
         "ListOfTags":{
           "shape":"ListOfTags",
-          "documentation":"<p>An array of conditions used to specify a set of resources to assign to a backup plan; for example, <code>\"StringEquals\": {\"ec2:ResourceTag/Department\": \"accounting\"</code>. Assigns the backup plan to every resource with at least one matching tag.</p>"
+          "documentation":"<p>A list of conditions that you define to assign resources to your backup plans using tags. For example, <code>\"StringEquals\": {\"Department\": \"accounting\"</code>. Condition operators are case sensitive.</p> <p> <code>ListOfTags</code> differs from <code>Conditions</code> as follows:</p> <ul> <li> <p>When you specify more than one condition, you assign all resources that match AT LEAST ONE condition (using OR logic).</p> </li> <li> <p> <code>ListOfTags</code> only supports <code>StringEquals</code>. <code>Conditions</code> supports <code>StringEquals</code>, <code>StringLike</code>, <code>StringNotEquals</code>, and <code>StringNotLike</code>. </p> </li> </ul>"
+        },
+        "NotResources":{
+          "shape":"ResourceArns",
+          "documentation":"<p>A list of Amazon Resource Names (ARNs) to exclude from a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.</p> <p>If you need to exclude many resources from a backup plan, consider a different resource selection strategy, such as assigning only one or a few resource types or refining your resource selection using tags.</p>"
+        },
+        "Conditions":{
+          "shape":"Conditions",
+          "documentation":"<p>A list of conditions that you define to assign resources to your backup plans using tags. For example, <code>\"StringEquals\": {\"Department\": \"accounting\"</code>. Condition operators are case sensitive.</p> <p> <code>Conditions</code> differs from <code>ListOfTags</code> as follows:</p> <ul> <li> <p>When you specify more than one condition, you only assign the resources that match ALL conditions (using AND logic).</p> </li> <li> <p> <code>Conditions</code> supports <code>StringEquals</code>, <code>StringLike</code>, <code>StringNotEquals</code>, and <code>StringNotLike</code>. <code>ListOfTags</code> only supports <code>StringEquals</code>.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Used to specify a set of resources to a backup plan.</p>"
@@ -1541,7 +1550,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.</p>"
+          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "IamRoleArn":{
           "shape":"IAMRoleArn",
@@ -1599,7 +1608,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.</p>"
+          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         },
         "NumberOfRecoveryPoints":{
           "shape":"long",
@@ -1659,25 +1668,65 @@
       "members":{
         "ConditionType":{
           "shape":"ConditionType",
-          "documentation":"<p>An operation, such as <code>StringEquals</code>, that is applied to a key-value pair used to filter resources in a selection.</p>"
+          "documentation":"<p>An operation applied to a key-value pair used to assign resources to your backup plan. Condition only supports <code>StringEquals</code>. For more flexible assignment options, incluidng <code>StringLike</code> and the ability to exclude resources from your backup plan, use <code>Conditions</code> (with an \"s\" on the end) for your <a href=\"https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html\"> <code>BackupSelection</code> </a>.</p>"
         },
         "ConditionKey":{
           "shape":"ConditionKey",
-          "documentation":"<p>The key in a key-value pair. For example, in <code>\"ec2:ResourceTag/Department\": \"accounting\"</code>, <code>\"ec2:ResourceTag/Department\"</code> is the key.</p>"
+          "documentation":"<p>The key in a key-value pair. For example, in the tag <code>Department: Accounting</code>, <code>Department</code> is the key.</p>"
         },
         "ConditionValue":{
           "shape":"ConditionValue",
-          "documentation":"<p>The value in a key-value pair. For example, in <code>\"ec2:ResourceTag/Department\": \"accounting\"</code>, <code>\"accounting\"</code> is the value.</p>"
+          "documentation":"<p>The value in a key-value pair. For example, in the tag <code>Department: Accounting</code>, <code>Accounting</code> is the value.</p>"
         }
       },
-      "documentation":"<p>Contains an array of triplets made up of a condition type (such as <code>StringEquals</code>), a key, and a value. Conditions are used to filter resources in a selection that is assigned to a backup plan.</p>"
+      "documentation":"<p>Contains an array of triplets made up of a condition type (such as <code>StringEquals</code>), a key, and a value. Used to filter resources using their tags and assign them to a backup plan. Case sensitive.</p>"
     },
     "ConditionKey":{"type":"string"},
+    "ConditionParameter":{
+      "type":"structure",
+      "members":{
+        "ConditionKey":{
+          "shape":"ConditionKey",
+          "documentation":"<p>The key in a key-value pair. For example, in the tag <code>Department: Accounting</code>, <code>Department</code> is the key.</p>"
+        },
+        "ConditionValue":{
+          "shape":"ConditionValue",
+          "documentation":"<p>The value in a key-value pair. For example, in the tag <code>Department: Accounting</code>, <code>Accounting</code> is the value.</p>"
+        }
+      },
+      "documentation":"<p>Includes information about tags you define to assign tagged resources to a backup plan.</p>"
+    },
+    "ConditionParameters":{
+      "type":"list",
+      "member":{"shape":"ConditionParameter"}
+    },
     "ConditionType":{
       "type":"string",
       "enum":["STRINGEQUALS"]
     },
     "ConditionValue":{"type":"string"},
+    "Conditions":{
+      "type":"structure",
+      "members":{
+        "StringEquals":{
+          "shape":"ConditionParameters",
+          "documentation":"<p>Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called \"exact matching.\"</p>"
+        },
+        "StringNotEquals":{
+          "shape":"ConditionParameters",
+          "documentation":"<p>Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called \"negated matching.\"</p>"
+        },
+        "StringLike":{
+          "shape":"ConditionParameters",
+          "documentation":"<p>Filters the values of your tagged resources for matching tag values with the use of a wildcard character (*) anywhere in the string. For example, \"prod*\" or \"*rod*\" matches the tag value \"production\".</p>"
+        },
+        "StringNotLike":{
+          "shape":"ConditionParameters",
+          "documentation":"<p>Filters the values of your tagged resources for non-matching tag values with the use of a wildcard character (*) anywhere in the string.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about which resources to include or exclude from a backup plan using their tags. Conditions are case sensitive.</p>"
+    },
     "ConflictException":{
       "type":"structure",
       "members":{
@@ -1727,10 +1776,10 @@
         },
         "Tags":{
           "shape":"stringMap",
-          "documentation":"<p>Describes whether the control scope includes resources with one or more tags. Each tag is a key-value pair.</p>"
+          "documentation":"<p>The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string. The structure to assign a tag is: <code>[{\"Key\":\"string\",\"Value\":\"string\"}]</code>.</p>"
         }
       },
-      "documentation":"<p>A framework consists of one or more controls. Each control has its own control scope. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans.</p> <note> <p>To set a control scope that includes all of a particular resource, leave the <code>ControlScope</code> empty or do not pass it when calling <code>CreateFramework</code>.</p> </note>"
+      "documentation":"<p>A framework consists of one or more controls. Each control has its own control scope. The control scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. If no scope is specified, evaluations for the rule are triggered when any resource in your recording group changes in configuration.</p> <note> <p>To set a control scope that includes all of a particular resource, leave the <code>ControlScope</code> empty or do not pass it when calling <code>CreateFramework</code>.</p> </note>"
     },
     "CopyAction":{
       "type":"structure",
@@ -1838,7 +1887,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>Identifies the request and allows failed requests to be retried without the risk of running the operation twice. If the request includes a <code>CreatorRequestId</code> that matches an existing backup plan, that plan is returned. This parameter is optional.</p>"
+          "documentation":"<p>Identifies the request and allows failed requests to be retried without the risk of running the operation twice. If the request includes a <code>CreatorRequestId</code> that matches an existing backup plan, that plan is returned. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         }
       }
     },
@@ -1886,7 +1935,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.</p>"
+          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         }
       }
     },
@@ -1927,7 +1976,7 @@
         },
         "CreatorRequestId":{
           "shape":"string",
-          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.</p>"
+          "documentation":"<p>A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.</p> <p>If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.</p>"
         }
       }
     },
@@ -2593,6 +2642,10 @@
         "ResourceTypeOptInPreference":{
           "shape":"ResourceTypeOptInPreference",
           "documentation":"<p>Returns a list of all services along with the opt-in preferences in the Region.</p>"
+        },
+        "ResourceTypeManagementPreference":{
+          "shape":"ResourceTypeManagementPreference",
+          "documentation":"<p>Returns whether a DynamoDB recovery point was taken using <a href=\"https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html\"> Backup's advanced DynamoDB backup features</a>. </p>"
         }
       }
     },
@@ -3945,7 +3998,7 @@
         },
         "BackupVaultEvents":{
           "shape":"BackupVaultEvents",
-          "documentation":"<p>An array of events that indicate the status of jobs to back up resources to the backup vault.</p> <note> <p>The following events are supported:</p> <p> <code>BACKUP_JOB_STARTED</code>, <code>BACKUP_JOB_COMPLETED</code>,</p> <p> <code>COPY_JOB_STARTED</code>, <code>COPY_JOB_SUCCESSFUL</code>, <code>COPY_JOB_FAILED</code>,</p> <p> <code>RESTORE_JOB_STARTED</code>, <code>RESTORE_JOB_COMPLETED</code>, and <code>RECOVERY_POINT_MODIFIED</code>.</p> <p>To find failed backup jobs, use <code>BACKUP_JOB_COMPLETED</code> and filter using event metadata.</p> <p>Other events in the following list are deprecated.</p> </note>"
+          "documentation":"<p>An array of events that indicate the status of jobs to back up resources to the backup vault.</p> <p>For common use cases and code samples, see <a href=\"https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html\">Using Amazon SNS to track Backup events</a>.</p> <p>The following events are supported:</p> <ul> <li> <p> <code>BACKUP_JOB_STARTED</code> | <code>BACKUP_JOB_COMPLETED</code> </p> </li> <li> <p> <code>COPY_JOB_STARTED</code> | <code>COPY_JOB_SUCCESSFUL</code> | <code>COPY_JOB_FAILED</code> </p> </li> <li> <p> <code>RESTORE_JOB_STARTED</code> | <code>RESTORE_JOB_COMPLETED</code> | <code>RECOVERY_POINT_MODIFIED</code> </p> </li> </ul> <note> <p>Ignore the list below because it includes deprecated events. Refer to the list above.</p> </note>"
         }
       }
     },
@@ -4282,6 +4335,11 @@
       "type":"list",
       "member":{"shape":"ARN"}
     },
+    "ResourceTypeManagementPreference":{
+      "type":"map",
+      "key":{"shape":"ResourceType"},
+      "value":{"shape":"IsEnabled"}
+    },
     "ResourceTypeOptInPreference":{
       "type":"map",
       "key":{"shape":"ResourceType"},
@@ -4596,7 +4654,7 @@
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>Key-value pairs that are used to help organize your resources. You can assign your own metadata to the resources you create.</p>"
+          "documentation":"<p>Key-value pairs that are used to help organize your resources. You can assign your own metadata to the resources you create. For clarity, this is the structure to assign tags: <code>[{\"Key\":\"string\",\"Value\":\"string\"}]</code>.</p>"
         }
       }
     },
@@ -4773,6 +4831,10 @@
         "ResourceTypeOptInPreference":{
           "shape":"ResourceTypeOptInPreference",
           "documentation":"<p>Updates the list of services along with the opt-in preferences for the Region.</p>"
+        },
+        "ResourceTypeManagementPreference":{
+          "shape":"ResourceTypeManagementPreference",
+          "documentation":"<p>Enables or disables <a href=\"https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html\"> Backup's advanced DynamoDB backup features</a> for the Region.</p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/paginators-1.json b/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/paginators-1.json
index ca39096b1ae..166f3efa7cf 100644
--- a/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/paginators-1.json
@@ -23,6 +23,12 @@
       "limit_key": "maxResults",
       "output_token": "nextToken",
       "result_key": "jobSummaryList"
+    },
+    "ListSchedulingPolicies": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "schedulingPolicies"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/service-2.json b/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/service-2.json
index 5a7d2fba98e..bc1067a69c6 100644
--- a/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/batch/2016-08-10/service-2.json
@@ -54,6 +54,20 @@
       ],
       "documentation":"<p>Creates an Batch job queue. When you create a job queue, you associate one or more compute environments to the queue and assign an order of preference for the compute environments.</p> <p>You also set a priority to the job queue that determines the order that the Batch scheduler places jobs onto its associated compute environments. For example, if a compute environment is associated with more than one job queue, the job queue with a higher priority is given preference for scheduling jobs to that compute environment.</p>"
     },
+    "CreateSchedulingPolicy":{
+      "name":"CreateSchedulingPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/createschedulingpolicy"
+      },
+      "input":{"shape":"CreateSchedulingPolicyRequest"},
+      "output":{"shape":"CreateSchedulingPolicyResponse"},
+      "errors":[
+        {"shape":"ClientException"},
+        {"shape":"ServerException"}
+      ],
+      "documentation":"<p>Creates an Batch scheduling policy.</p>"
+    },
     "DeleteComputeEnvironment":{
       "name":"DeleteComputeEnvironment",
       "http":{
@@ -82,6 +96,20 @@
       ],
       "documentation":"<p>Deletes the specified job queue. You must first disable submissions for a queue with the <a>UpdateJobQueue</a> operation. All jobs in the queue are eventually terminated when you delete a job queue. The jobs are terminated at a rate of about 16 jobs each second.</p> <p>It's not necessary to disassociate compute environments from a queue before submitting a <code>DeleteJobQueue</code> request.</p>"
     },
+    "DeleteSchedulingPolicy":{
+      "name":"DeleteSchedulingPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/deleteschedulingpolicy"
+      },
+      "input":{"shape":"DeleteSchedulingPolicyRequest"},
+      "output":{"shape":"DeleteSchedulingPolicyResponse"},
+      "errors":[
+        {"shape":"ClientException"},
+        {"shape":"ServerException"}
+      ],
+      "documentation":"<p>Deletes the specified scheduling policy.</p> <p>You can't delete a scheduling policy that's used in any job queues.</p>"
+    },
     "DeregisterJobDefinition":{
       "name":"DeregisterJobDefinition",
       "http":{
@@ -152,6 +180,20 @@
       ],
       "documentation":"<p>Describes a list of Batch jobs.</p>"
     },
+    "DescribeSchedulingPolicies":{
+      "name":"DescribeSchedulingPolicies",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/describeschedulingpolicies"
+      },
+      "input":{"shape":"DescribeSchedulingPoliciesRequest"},
+      "output":{"shape":"DescribeSchedulingPoliciesResponse"},
+      "errors":[
+        {"shape":"ClientException"},
+        {"shape":"ServerException"}
+      ],
+      "documentation":"<p>Describes one or more of your scheduling policies.</p>"
+    },
     "ListJobs":{
       "name":"ListJobs",
       "http":{
@@ -166,6 +208,20 @@
       ],
       "documentation":"<p>Returns a list of Batch jobs.</p> <p>You must specify only one of the following items:</p> <ul> <li> <p>A job queue ID to return a list of jobs in that job queue</p> </li> <li> <p>A multi-node parallel job ID to return a list of nodes for that job</p> </li> <li> <p>An array job ID to return a list of the children for that job</p> </li> </ul> <p>You can filter the results by job status with the <code>jobStatus</code> parameter. If you don't specify a status, only <code>RUNNING</code> jobs are returned.</p>"
     },
+    "ListSchedulingPolicies":{
+      "name":"ListSchedulingPolicies",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/listschedulingpolicies"
+      },
+      "input":{"shape":"ListSchedulingPoliciesRequest"},
+      "output":{"shape":"ListSchedulingPoliciesResponse"},
+      "errors":[
+        {"shape":"ClientException"},
+        {"shape":"ServerException"}
+      ],
+      "documentation":"<p>Returns a list of Batch scheduling policies.</p>"
+    },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
       "http":{
@@ -178,7 +234,7 @@
         {"shape":"ClientException"},
         {"shape":"ServerException"}
       ],
-      "documentation":"<p>Lists the tags for an Batch resource. Batch resources that support tags are compute environments, jobs, job definitions, and job queues. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>"
+      "documentation":"<p>Lists the tags for an Batch resource. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>"
     },
     "RegisterJobDefinition":{
       "name":"RegisterJobDefinition",
@@ -206,7 +262,7 @@
         {"shape":"ClientException"},
         {"shape":"ServerException"}
       ],
-      "documentation":"<p>Submits an Batch job from a job definition. Parameters that are specified during <a>SubmitJob</a> override parameters defined in the job definition. vCPU and memory requirements that are specified in the <code>ResourceRequirements</code> objects in the job definition are the exception. They can't be overridden this way using the <code>memory</code> and <code>vcpus</code> parameters. Rather, you must specify updates to job definition parameters in a <code>ResourceRequirements</code> object that's included in the <code>containerOverrides</code> parameter.</p> <important> <p>Jobs that run on Fargate resources can't be guaranteed to run for more than 14 days. This is because, after 14 days, Fargate resources might become unavailable and job might be terminated.</p> </important>"
+      "documentation":"<p>Submits an Batch job from a job definition. Parameters that are specified during <a>SubmitJob</a> override parameters defined in the job definition. vCPU and memory requirements that are specified in the <code>resourceRequirements</code> objects in the job definition are the exception. They can't be overridden this way using the <code>memory</code> and <code>vcpus</code> parameters. Rather, you must specify updates to job definition parameters in a <code>ResourceRequirements</code> object that's included in the <code>containerOverrides</code> parameter.</p> <note> <p>Job queues with a scheduling policy are limited to 500 active fair share identifiers at a time. </p> </note> <important> <p>Jobs that run on Fargate resources can't be guaranteed to run for more than 14 days. This is because, after 14 days, Fargate resources might become unavailable and job might be terminated.</p> </important>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -220,7 +276,7 @@
         {"shape":"ClientException"},
         {"shape":"ServerException"}
       ],
-      "documentation":"<p>Associates the specified tags to a resource with the specified <code>resourceArn</code>. If existing tags on a resource aren't specified in the request parameters, they aren't changed. When a resource is deleted, the tags that are associated with that resource are deleted as well. Batch resources that support tags are compute environments, jobs, job definitions, and job queues. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>"
+      "documentation":"<p>Associates the specified tags to a resource with the specified <code>resourceArn</code>. If existing tags on a resource aren't specified in the request parameters, they aren't changed. When a resource is deleted, the tags that are associated with that resource are deleted as well. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>"
     },
     "TerminateJob":{
       "name":"TerminateJob",
@@ -277,6 +333,20 @@
         {"shape":"ServerException"}
       ],
       "documentation":"<p>Updates a job queue.</p>"
+    },
+    "UpdateSchedulingPolicy":{
+      "name":"UpdateSchedulingPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/v1/updateschedulingpolicy"
+      },
+      "input":{"shape":"UpdateSchedulingPolicyRequest"},
+      "output":{"shape":"UpdateSchedulingPolicyResponse"},
+      "errors":[
+        {"shape":"ClientException"},
+        {"shape":"ServerException"}
+      ],
+      "documentation":"<p>Updates a scheduling policy.</p>"
     }
   },
   "shapes":{
@@ -482,12 +552,16 @@
       "members":{
         "computeEnvironmentName":{
           "shape":"String",
-          "documentation":"<p>The name of the compute environment. Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the compute environment. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "computeEnvironmentArn":{
           "shape":"String",
           "documentation":"<p>The Amazon Resource Name (ARN) of the compute environment.</p>"
         },
+        "unmanagedvCpus":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of VCPUs expected to be used for an unmanaged compute environment.</p>"
+        },
         "ecsClusterArn":{
           "shape":"String",
           "documentation":"<p>The Amazon Resource Name (ARN) of the underlying Amazon ECS cluster used by the compute environment.</p>"
@@ -605,7 +679,7 @@
         },
         "tags":{
           "shape":"TagsMap",
-          "documentation":"<p>Key-value pair tags to be applied to EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value−for example, <code>{ \"Name\": \"Batch Instance - C4OnDemand\" }</code>. This is helpful for recognizing your Batch instances in the Amazon EC2 console. These tags can't be updated or removed after the compute environment is created.Aany changes to these tags require that you create a new compute environment and remove the old compute environment. These tags aren't seen when using the Batch <code>ListTagsForResource</code> API operation.</p> <note> <p>This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified.</p> </note>"
+          "documentation":"<p>Key-value pair tags to be applied to EC2 resources that are launched in the compute environment. For Batch, these take the form of \"String1\": \"String2\", where String1 is the tag key and String2 is the tag value−for example, <code>{ \"Name\": \"Batch Instance - C4OnDemand\" }</code>. This is helpful for recognizing your Batch instances in the Amazon EC2 console. These tags can't be updated or removed after the compute environment is created. Any changes to these tags require that you create a new compute environment and remove the old compute environment. These tags aren't seen when using the Batch <code>ListTagsForResource</code> API operation.</p> <note> <p>This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified.</p> </note>"
         },
         "placementGroup":{
           "shape":"String",
@@ -625,7 +699,7 @@
         },
         "ec2Configuration":{
           "shape":"Ec2ConfigurationList",
-          "documentation":"<p>Provides information used to select Amazon Machine Images (AMIs) for EC2 instances in the compute environment. If <code>Ec2Configuration</code> isn't specified, the default is <code>ECS_AL1</code>.</p> <note> <p>This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified.</p> </note>"
+          "documentation":"<p>Provides information used to select Amazon Machine Images (AMIs) for EC2 instances in the compute environment. If <code>Ec2Configuration</code> isn't specified, the default is <code>ECS_AL2</code>.</p> <p>One or two values can be provided.</p> <note> <p>This parameter isn't applicable to jobs that are running on Fargate resources, and shouldn't be specified.</p> </note>"
         }
       },
       "documentation":"<p>An object representing an Batch compute resource. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html\">Compute Environments</a> in the <i>Batch User Guide</i>.</p>"
@@ -665,11 +739,11 @@
         },
         "vcpus":{
           "shape":"Integer",
-          "documentation":"<p>The number of vCPUs reserved for the container. For jobs that run on EC2 resources, you can specify the vCPU requirement for the job using <code>resourceRequirements</code>, but you can't specify the vCPU requirements in both the <code>vcpus</code> and <code>resourceRequirement</code> object. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Each vCPU is equivalent to 1,024 CPU shares. You must specify at least one vCPU. This is required but can be specified in several places. It must be specified for each node at least once.</p> <note> <p>This parameter isn't applicable to jobs that run on Fargate resources. For jobs that run on Fargate resources, you must specify the vCPU requirement for the job using <code>resourceRequirements</code>.</p> </note>"
+          "documentation":"<p>The number of vCPUs reserved for the container. For jobs that run on EC2 resources, you can specify the vCPU requirement for the job using <code>resourceRequirements</code>, but you can't specify the vCPU requirements in both the <code>vcpus</code> and <code>resourceRequirements</code> object. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Each vCPU is equivalent to 1,024 CPU shares. You must specify at least one vCPU. This is required but can be specified in several places. It must be specified for each node at least once.</p> <note> <p>This parameter isn't applicable to jobs that run on Fargate resources. For jobs that run on Fargate resources, you must specify the vCPU requirement for the job using <code>resourceRequirements</code>.</p> </note>"
         },
         "memory":{
           "shape":"Integer",
-          "documentation":"<p>For jobs run on EC2 resources that didn't specify memory requirements using <code>ResourceRequirement</code>, the number of MiB of memory reserved for the job. For other jobs, including all run on Fargate resources, see <code>resourceRequirements</code>.</p>"
+          "documentation":"<p>For jobs run on EC2 resources that didn't specify memory requirements using <code>resourceRequirements</code>, the number of MiB of memory reserved for the job. For other jobs, including all run on Fargate resources, see <code>resourceRequirements</code>.</p>"
         },
         "command":{
           "shape":"StringList",
@@ -771,13 +845,13 @@
       "members":{
         "vcpus":{
           "shape":"Integer",
-          "documentation":"<p>This parameter indicates the number of vCPUs reserved for the container.It overrides the <code>vcpus</code> parameter that's set in the job definition, but doesn't override any vCPU requirement specified in the <code>resourceRequirement</code> structure in the job definition. To override vCPU requirements that are specified in the <code>ResourceRequirement</code> structure in the job definition, <code>ResourceRequirement</code> must be specified in the <code>SubmitJob</code> request, with <code>type</code> set to <code>VCPU</code> and <code>value</code> set to the new value.</p> <p>This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Each vCPU is equivalent to 1,024 CPU shares. You must specify at least one vCPU.</p> <note> <p>This parameter is supported for jobs that run on EC2 resources, but isn't supported for jobs that run on Fargate resources. For Fargate resources, you can only use <code>resourceRequirement</code>. For EC2 resources, you can use either this parameter or <code>resourceRequirement</code> but not both.</p> </note>",
+          "documentation":"<p>This parameter is deprecated, use <code>resourceRequirements</code> to override the <code>vcpus</code> parameter that's set in the job definition. It's not supported for jobs that run on Fargate resources. For jobs run on EC2 resources, it overrides the <code>vcpus</code> parameter set in the job definition, but doesn't override any vCPU requirement specified in the <code>resourceRequirements</code> structure in the job definition. To override vCPU requirements that are specified in the <code>resourceRequirements</code> structure in the job definition, <code>resourceRequirements</code> must be specified in the <code>SubmitJob</code> request, with <code>type</code> set to <code>VCPU</code> and <code>value</code> set to the new value. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#override-resource-requirements\">Can't override job definition resource requirements</a> in the <i>Batch User Guide</i>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This field is deprecated, use resourceRequirements instead."
         },
         "memory":{
           "shape":"Integer",
-          "documentation":"<p>This parameter indicates the amount of memory (in MiB) that's reserved for the job. It overrides the <code>memory</code> parameter set in the job definition, but doesn't override any memory requirement specified in the <code>ResourceRequirement</code> structure in the job definition. To override memory requirements that are specified in the <code>ResourceRequirement</code> structure in the job definition, <code>ResourceRequirement</code> must be specified in the <code>SubmitJob</code> request, with <code>type</code> set to <code>MEMORY</code> and <code>value</code> set to the new value.</p> <p>This parameter is supported for jobs that run on EC2 resources, but isn't supported for jobs that run on Fargate resources. For these resources, use <code>resourceRequirement</code> instead.</p>",
+          "documentation":"<p>This parameter is deprecated, use <code>resourceRequirements</code> to override the memory requirements specified in the job definition. It's not supported for jobs that run on Fargate resources. For jobs run on EC2 resources, it overrides the <code>memory</code> parameter set in the job definition, but doesn't override any memory requirement specified in the <code>resourceRequirements</code> structure in the job definition. To override memory requirements that are specified in the <code>resourceRequirements</code> structure in the job definition, <code>resourceRequirements</code> must be specified in the <code>SubmitJob</code> request, with <code>type</code> set to <code>MEMORY</code> and <code>value</code> set to the new value. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#override-resource-requirements\">Can't override job definition resource requirements</a> in the <i>Batch User Guide</i>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This field is deprecated, use resourceRequirements instead."
         },
@@ -809,13 +883,13 @@
         },
         "vcpus":{
           "shape":"Integer",
-          "documentation":"<p>The number of vCPUs reserved for the job. Each vCPU is equivalent to 1,024 CPU shares. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. The number of vCPUs must be specified but can be specified in several places. You must specify it at least once for each node.</p> <p>This parameter is supported on EC2 resources but isn't supported for jobs that run on Fargate resources. For these resources, use <code>resourceRequirement</code> instead. You can use this parameter or <code>resourceRequirements</code> structure but not both.</p> <note> <p>This parameter isn't applicable to jobs that are running on Fargate resources and shouldn't be provided. For jobs that run on Fargate resources, you must specify the vCPU requirement for the job using <code>resourceRequirements</code>.</p> </note>",
+          "documentation":"<p>This parameter is deprecated, use <code>resourceRequirements</code> to specify the vCPU requirements for the job definition. It's not supported for jobs that run on Fargate resources. For jobs run on EC2 resources, it specifies the number of vCPUs reserved for the job.</p> <p>Each vCPU is equivalent to 1,024 CPU shares. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. The number of vCPUs must be specified but can be specified in several places. You must specify it at least once for each node.</p>",
           "deprecated":true,
           "deprecatedMessage":"This field is deprecated, use resourceRequirements instead."
         },
         "memory":{
           "shape":"Integer",
-          "documentation":"<p>This parameter indicates the memory hard limit (in MiB) for a container. If your container attempts to exceed the specified number, it's terminated. You must specify at least 4 MiB of memory for a job using this parameter. The memory hard limit can be specified in several places. It must be specified for each node at least once.</p> <p>This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>.</p> <p>This parameter is supported on EC2 resources but isn't supported on Fargate resources. For Fargate resources, you should specify the memory requirement using <code>resourceRequirement</code>. You can also do this for EC2 resources.</p> <note> <p>If you're trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/memory-management.html\">Memory Management</a> in the <i>Batch User Guide</i>.</p> </note>",
+          "documentation":"<p>This parameter is deprecated, use <code>resourceRequirements</code> to specify the memory requirements for the job definition. It's not supported for jobs that run on Fargate resources. For jobs run on EC2 resources, it specifies the memory hard limit (in MiB) for a container. If your container attempts to exceed the specified number, it's terminated. You must specify at least 4 MiB of memory for a job using this parameter. The memory hard limit can be specified in several places. It must be specified for each node at least once.</p>",
           "deprecated":true,
           "deprecatedMessage":"This field is deprecated, use resourceRequirements instead."
         },
@@ -913,7 +987,7 @@
       "members":{
         "computeEnvironmentName":{
           "shape":"String",
-          "documentation":"<p>The name for your compute environment. Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name for your compute environment. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "type":{
           "shape":"CEType",
@@ -923,6 +997,10 @@
           "shape":"CEState",
           "documentation":"<p>The state of the compute environment. If the state is <code>ENABLED</code>, then the compute environment accepts jobs from a queue and can scale out automatically based on queues.</p> <p>If the state is <code>ENABLED</code>, then the Batch scheduler can attempt to place jobs from an associated job queue on the compute resources within the environment. If the compute environment is managed, then it can scale its instances out or in automatically, based on the job queue demand.</p> <p>If the state is <code>DISABLED</code>, then the Batch scheduler doesn't attempt to place jobs within the environment. Jobs in a <code>STARTING</code> or <code>RUNNING</code> state continue to progress normally. Managed compute environments in the <code>DISABLED</code> state don't scale out. However, they scale in to <code>minvCpus</code> value after instances become idle.</p>"
         },
+        "unmanagedvCpus":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of vCPUs for an unmanaged compute environment. This parameter is only used for fair share scheduling to reserve vCPU capacity for new share identifiers. If this parameter isn't provided for a fair share job queue, no vCPU capacity is reserved.</p> <note> <p>This parameter is only supported when the <code>type</code> parameter is set to <code>UNMANAGED</code>/</p> </note>"
+        },
         "computeResources":{
           "shape":"ComputeResource",
           "documentation":"<p>Details about the compute resources managed by the compute environment. This parameter is required for managed compute environments. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html\">Compute Environments</a> in the <i>Batch User Guide</i>.</p>"
@@ -943,7 +1021,7 @@
       "members":{
         "computeEnvironmentName":{
           "shape":"String",
-          "documentation":"<p>The name of the compute environment. Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the compute environment. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "computeEnvironmentArn":{
           "shape":"String",
@@ -961,12 +1039,16 @@
       "members":{
         "jobQueueName":{
           "shape":"String",
-          "documentation":"<p>The name of the job queue. Up to 128 letters (uppercase and lowercase), numbers, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the job queue. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "state":{
           "shape":"JQState",
           "documentation":"<p>The state of the job queue. If the job queue state is <code>ENABLED</code>, it is able to accept jobs. If the job queue state is <code>DISABLED</code>, new jobs can't be added to the queue, but jobs already in the queue can finish.</p>"
         },
+        "schedulingPolicyArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the fair share scheduling policy. If this parameter is specified, the job queue uses a fair share scheduling policy. If this parameter isn't specified, the job queue uses a first in, first out (FIFO) scheduling policy. After a job queue is created, you can replace but can't remove the fair share scheduling policy. The format is <code>aws:<i>Partition</i>:batch:<i>Region</i>:<i>Account</i>:scheduling-policy/<i>Name</i> </code>. An example is <code>aws:aws:batch:us-west-2:012345678910:scheduling-policy/MySchedulingPolicy</code>.</p>"
+        },
         "priority":{
           "shape":"Integer",
           "documentation":"<p>The priority of the job queue. Job queues with a higher priority (or a higher integer value for the <code>priority</code> parameter) are evaluated first when associated with the same compute environment. Priority is determined in descending order. For example, a job queue with a priority value of <code>10</code> is given scheduling preference over a job queue with a priority value of <code>1</code>. All of the compute environments must be either EC2 (<code>EC2</code> or <code>SPOT</code>) or Fargate (<code>FARGATE</code> or <code>FARGATE_SPOT</code>); EC2 and Fargate compute environments can't be mixed.</p>"
@@ -999,6 +1081,41 @@
         }
       }
     },
+    "CreateSchedulingPolicyRequest":{
+      "type":"structure",
+      "required":["name"],
+      "members":{
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the scheduling policy. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
+        },
+        "fairsharePolicy":{
+          "shape":"FairsharePolicy",
+          "documentation":"<p>The fair share policy of the scheduling policy.</p>"
+        },
+        "tags":{
+          "shape":"TagrisTagsMap",
+          "documentation":"<p>The tags that you apply to the scheduling policy to help you categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services Resources</a> in <i>Amazon Web Services General Reference</i>.</p> <p>These tags can be updated or removed using the <a href=\"https://docs.aws.amazon.com/batch/latest/APIReference/API_TagResource.html\">TagResource</a> and <a href=\"https://docs.aws.amazon.com/batch/latest/APIReference/API_UntagResource.html\">UntagResource</a> API operations.</p>"
+        }
+      }
+    },
+    "CreateSchedulingPolicyResponse":{
+      "type":"structure",
+      "required":[
+        "name",
+        "arn"
+      ],
+      "members":{
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the scheduling policy.</p>"
+        },
+        "arn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the scheduling policy. The format is <code>aws:<i>Partition</i>:batch:<i>Region</i>:<i>Account</i>:scheduling-policy/<i>Name</i> </code>. For example, <code>aws:aws:batch:us-west-2:012345678910:scheduling-policy/MySchedulingPolicy</code>.</p>"
+        }
+      }
+    },
     "DeleteComputeEnvironmentRequest":{
       "type":"structure",
       "required":["computeEnvironment"],
@@ -1031,6 +1148,21 @@
       "members":{
       }
     },
+    "DeleteSchedulingPolicyRequest":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the scheduling policy to delete.</p>"
+        }
+      }
+    },
+    "DeleteSchedulingPolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeregisterJobDefinitionRequest":{
       "type":"structure",
       "required":["jobDefinition"],
@@ -1073,7 +1205,7 @@
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribeComputeEnvironments</code> request. When the results of a <code>DescribeJobDefinitions</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribeComputeEnvironments</code> request. When the results of a <code>DescribeComputeEnvironments</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
         }
       }
     },
@@ -1082,7 +1214,7 @@
       "members":{
         "jobDefinitions":{
           "shape":"StringList",
-          "documentation":"<p>A list of up to 100 job definitions. Each entry in the list can either be an ARN of the form <code>arn:aws:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}</code> or a short version using the form <code>${JobDefinitionName}:${Revision}</code>.</p>"
+          "documentation":"<p>A list of up to 100 job definitions. Each entry in the list can either be an ARN in the format <code>arn:aws:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}</code> or a short version using the form <code>${JobDefinitionName}:${Revision}</code>.</p>"
         },
         "maxResults":{
           "shape":"Integer",
@@ -1167,6 +1299,25 @@
         }
       }
     },
+    "DescribeSchedulingPoliciesRequest":{
+      "type":"structure",
+      "required":["arns"],
+      "members":{
+        "arns":{
+          "shape":"StringList",
+          "documentation":"<p>A list of up to 100 scheduling policy Amazon Resource Name (ARN) entries.</p>"
+        }
+      }
+    },
+    "DescribeSchedulingPoliciesResponse":{
+      "type":"structure",
+      "members":{
+        "schedulingPolicies":{
+          "shape":"SchedulingPolicyDetailList",
+          "documentation":"<p>The list of scheduling policies.</p>"
+        }
+      }
+    },
     "Device":{
       "type":"structure",
       "required":["hostPath"],
@@ -1263,14 +1414,14 @@
       "members":{
         "imageType":{
           "shape":"ImageType",
-          "documentation":"<p>The image type to match with the instance type to select an AMI. If the <code>imageIdOverride</code> parameter isn't specified, then a recent <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized AMI</a> (<code>ECS_AL1</code>) is used. Starting on March 31, 2021, this default will be changing to <code>ECS_AL2</code> (<a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon Linux 2</a>).</p> <dl> <dt>ECS_AL2</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon Linux 2</a>− Default for all Amazon Web Services Graviton-based instance families (for example, <code>C6g</code>, <code>M6g</code>, <code>R6g</code>, and <code>T4g</code>) and can be used for all non-GPU instance types.</p> </dd> <dt>ECS_AL2_NVIDIA</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami\">Amazon Linux 2 (GPU)</a>−Default for all GPU instance families (for example <code>P4</code> and <code>G4</code>) and can be used for all non Amazon Web Services Graviton-based instance types.</p> </dd> <dt>ECS_AL1</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami\">Amazon Linux</a>−Default for all non-GPU, non Amazon Web Services Graviton instance families. Amazon Linux is reaching the end-of-life of standard support. For more information, see <a href=\"http://aws.amazon.com/amazon-linux-ami/\">Amazon Linux AMI</a>.</p> </dd> </dl>"
+          "documentation":"<p>The image type to match with the instance type to select an AMI. If the <code>imageIdOverride</code> parameter isn't specified, then a recent <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon ECS-optimized Amazon Linux 2 AMI</a> (<code>ECS_AL2</code>) is used.</p> <dl> <dt>ECS_AL2</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon Linux 2</a>− Default for all non-GPU instance families.</p> </dd> <dt>ECS_AL2_NVIDIA</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami\">Amazon Linux 2 (GPU)</a>−Default for all GPU instance families (for example <code>P4</code> and <code>G4</code>) and can be used for all non Amazon Web Services Graviton-based instance types.</p> </dd> <dt>ECS_AL1</dt> <dd> <p> <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami\">Amazon Linux</a>. Amazon Linux is reaching the end-of-life of standard support. For more information, see <a href=\"http://aws.amazon.com/amazon-linux-ami/\">Amazon Linux AMI</a>.</p> </dd> </dl>"
         },
         "imageIdOverride":{
           "shape":"ImageIdOverride",
           "documentation":"<p>The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the <code>imageId</code> set in the <code>computeResource</code> object.</p>"
         }
       },
-      "documentation":"<p>Provides information used to select Amazon Machine Images (AMIs) for instances in the compute environment. If <code>Ec2Configuration</code> isn't specified, the default is currently <code>ECS_AL1</code> (<a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami\">Amazon Linux</a>) for non-GPU, non AWSGraviton instances. Starting on March 31, 2021, this default will be changing to <code>ECS_AL2</code> (<a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon Linux 2</a>).</p> <note> <p>This object isn't applicable to jobs that are running on Fargate resources.</p> </note>"
+      "documentation":"<p>Provides information used to select Amazon Machine Images (AMIs) for instances in the compute environment. If <code>Ec2Configuration</code> isn't specified, the default is <code>ECS_AL2</code> (<a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami\">Amazon Linux 2</a>).</p> <note> <p>This object isn't applicable to jobs that are running on Fargate resources.</p> </note>"
     },
     "Ec2ConfigurationList":{
       "type":"list",
@@ -1286,15 +1437,15 @@
       "members":{
         "onStatusReason":{
           "shape":"String",
-          "documentation":"<p>Contains a glob pattern to match against the <code>StatusReason</code> returned for a job. The pattern can be up to 512 characters in length. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces or tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p>"
+          "documentation":"<p>Contains a glob pattern to match against the <code>StatusReason</code> returned for a job. The pattern can be up to 512 characters in length. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces or tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p> <p>The string can be between 1 and 512 characters in length.</p>"
         },
         "onReason":{
           "shape":"String",
-          "documentation":"<p>Contains a glob pattern to match against the <code>Reason</code> returned for a job. The pattern can be up to 512 characters in length. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces and tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p>"
+          "documentation":"<p>Contains a glob pattern to match against the <code>Reason</code> returned for a job. The pattern can be up to 512 characters in length. It can contain letters, numbers, periods (.), colons (:), and white space (including spaces and tabs). It can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p> <p>The string can be between 1 and 512 characters in length.</p>"
         },
         "onExitCode":{
           "shape":"String",
-          "documentation":"<p>Contains a glob pattern to match against the decimal representation of the <code>ExitCode</code> returned for a job. The pattern can be up to 512 characters in length. It can contain only numbers, and can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p>"
+          "documentation":"<p>Contains a glob pattern to match against the decimal representation of the <code>ExitCode</code> returned for a job. The pattern can be up to 512 characters in length. It can contain only numbers, and can optionally end with an asterisk (*) so that only the start of the string needs to be an exact match.</p> <p>The string can be between 1 and 512 characters in length.</p>"
         },
         "action":{
           "shape":"RetryAction",
@@ -1307,6 +1458,24 @@
       "type":"list",
       "member":{"shape":"EvaluateOnExit"}
     },
+    "FairsharePolicy":{
+      "type":"structure",
+      "members":{
+        "shareDecaySeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The time period to use to calculate a fair share percentage for each fair share identifier in use, in seconds. A value of zero (0) indicates that only current usage should be measured. The decay allows for more recently run jobs to have more weight than jobs that ran earlier. The maximum supported value is 604800 (1 week).</p>"
+        },
+        "computeReservation":{
+          "shape":"Integer",
+          "documentation":"<p>A value used to reserve some of the available maximum vCPU for fair share identifiers that have not yet been used.</p> <p>The reserved ratio is <code>(<i>computeReservation</i>/100)^<i>ActiveFairShares</i> </code> where <code> <i>ActiveFairShares</i> </code> is the number of active fair share identifiers.</p> <p>For example, a <code>computeReservation</code> value of 50 indicates that Batch should reserve 50% of the maximum available vCPU if there is only one fair share identifier, 25% if there are two fair share identifiers, and 12.5% if there are three fair share identifiers. A <code>computeReservation</code> value of 25 indicates that Batch should reserve 25% of the maximum available vCPU if there is only one fair share identifier, 6.25% if there are two fair share identifiers, and 1.56% if there are three fair share identifiers.</p> <p>The minimum value is 0 and the maximum value is 99.</p>"
+        },
+        "shareDistribution":{
+          "shape":"ShareAttributesList",
+          "documentation":"<p>An array of <code>SharedIdentifier</code> objects that contain the weights for the fair share identifiers for the fair share policy. Fair share identifiers that aren't included have a default weight of <code>1.0</code>.</p>"
+        }
+      },
+      "documentation":"<p>The fair share policy for a scheduling policy.</p>"
+    },
     "FargatePlatformConfiguration":{
       "type":"structure",
       "members":{
@@ -1317,6 +1486,7 @@
       },
       "documentation":"<p>The platform configuration for jobs that are running on Fargate resources. Jobs that run on EC2 resources must not specify this parameter.</p>"
     },
+    "Float":{"type":"float"},
     "Host":{
       "type":"structure",
       "members":{
@@ -1383,7 +1553,11 @@
         },
         "type":{
           "shape":"String",
-          "documentation":"<p>The type of job definition. If the job is run on Fargate resources, then <code>multinode</code> isn't supported. For more information about multi-node parallel jobs, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/multi-node-job-def.html\">Creating a multi-node parallel job definition</a> in the <i>Batch User Guide</i>.</p>"
+          "documentation":"<p>The type of job definition, either <code>container</code> or <code>multinode</code>. If the job is run on Fargate resources, then <code>multinode</code> isn't supported. For more information about multi-node parallel jobs, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/multi-node-job-def.html\">Creating a multi-node parallel job definition</a> in the <i>Batch User Guide</i>.</p>"
+        },
+        "schedulingPriority":{
+          "shape":"Integer",
+          "documentation":"<p>The scheduling priority of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.</p>"
         },
         "parameters":{
           "shape":"ParametersMap",
@@ -1480,6 +1654,14 @@
           "shape":"JobStatus",
           "documentation":"<p>The current status for the job.</p> <note> <p>If your jobs don't progress to <code>STARTING</code>, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html#job_stuck_in_runnable\">Jobs Stuck in RUNNABLE Status</a> in the troubleshooting section of the <i>Batch User Guide</i>.</p> </note>"
         },
+        "shareIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The share identifier for the job.</p>"
+        },
+        "schedulingPriority":{
+          "shape":"Integer",
+          "documentation":"<p>The scheduling policy of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.</p>"
+        },
         "attempts":{
           "shape":"AttemptDetails",
           "documentation":"<p>A list of job attempts associated with this job.</p>"
@@ -1577,6 +1759,10 @@
           "shape":"JQState",
           "documentation":"<p>Describes the ability of the queue to accept new jobs. If the job queue state is <code>ENABLED</code>, it's able to accept jobs. If the job queue state is <code>DISABLED</code>, new jobs can't be added to the queue, but jobs already in the queue can finish.</p>"
         },
+        "schedulingPolicyArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the scheduling policy. The format is <code>aws:<i>Partition</i>:batch:<i>Region</i>:<i>Account</i>:scheduling-policy/<i>Name</i> </code>. For example, <code>aws:aws:batch:us-west-2:012345678910:scheduling-policy/MySchedulingPolicy</code>.</p>"
+        },
         "status":{
           "shape":"JQStatus",
           "documentation":"<p>The status of the job queue (for example, <code>CREATING</code> or <code>VALID</code>).</p>"
@@ -1637,7 +1823,7 @@
         },
         "createdAt":{
           "shape":"Long",
-          "documentation":"<p>The Unix timestamp for when the job was created. For non-array jobs and parent array jobs, this is when the job entered the <code>SUBMITTED</code> state (at the time <a>SubmitJob</a> was called). For array child jobs, this is when the child job was spawned by its parent and entered the <code>PENDING</code> state.</p>"
+          "documentation":"<p>The Unix timestamp (in milliseconds) for when the job was created. For non-array jobs and parent array jobs, this is when the job entered the <code>SUBMITTED</code> state (at the time <a>SubmitJob</a> was called). For array child jobs, this is when the child job was spawned by its parent and entered the <code>PENDING</code> state.</p>"
         },
         "status":{
           "shape":"JobStatus",
@@ -1797,7 +1983,7 @@
         },
         "filters":{
           "shape":"ListJobsFilterList",
-          "documentation":"<p>The filter to apply to the query. Only one filter can be used at a time. When the filter is used, <code>jobStatus</code> is ignored. The filter doesn't apply to child jobs in an array or multi-node parallel (MNP) jobs. The results are sorted by the <code>createdAt</code> field, with the most recent jobs being first.</p> <dl> <dt>JOB_NAME</dt> <dd> <p>The value of the filter is a case-insensitive match for the job name. If the value ends with an asterisk (*), the filter will match any job name that begins with the string before the '*'. This corresponds to the <code>jobName</code> value. For example, <code>test1</code> matches both <code>Test1</code> and <code>test1</code>, and <code>test1*</code> matches both <code>test1</code> and <code>Test10</code>. When the <code>JOB_NAME</code> filter is used, the results are grouped by the job name and version.</p> </dd> <dt>JOB_DEFINITION</dt> <dd> <p>The value for the filter is the name or Amazon Resource Name (ARN) of the job definition. This corresponds to the <code>jobDefinition</code> value. The value is case sensitive. When the value for the filter is the job definition name, the results include all the jobs that used any revision of that job definition name. If the value ends with an asterisk (*), the filter will match any job definition name that begins with the string before the '*'. For example, <code>jd1</code> matches only <code>jd1</code>, and <code>jd1*</code> matches both <code>jd1</code> and <code>jd1A</code>. The version of the job definition that's used doesn't affect the sort order. When the <code>JOB_DEFINITION</code> filter is used and the ARN is used (which is in the form <code>arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}</code>), the results include jobs that used the specified revision of the job definition. Asterisk (*) is not supported when the ARN is used.</p> </dd> <dt>BEFORE_CREATED_AT</dt> <dd> <p>The value for the filter is the time that's before the job was created. This corresponds to the <code>createdAt</code> value. The value is a string representation of the number of seconds since 00:00:00 UTC (midnight) on January 1, 1970.</p> </dd> <dt>AFTER_CREATED_AT</dt> <dd> <p>The value for the filter is the time that's after the job was created. This corresponds to the <code>createdAt</code> value. The value is a string representation of the number of seconds since 00:00:00 UTC (midnight) on January 1, 1970.</p> </dd> </dl>"
+          "documentation":"<p>The filter to apply to the query. Only one filter can be used at a time. When the filter is used, <code>jobStatus</code> is ignored. The filter doesn't apply to child jobs in an array or multi-node parallel (MNP) jobs. The results are sorted by the <code>createdAt</code> field, with the most recent jobs being first.</p> <dl> <dt>JOB_NAME</dt> <dd> <p>The value of the filter is a case-insensitive match for the job name. If the value ends with an asterisk (*), the filter will match any job name that begins with the string before the '*'. This corresponds to the <code>jobName</code> value. For example, <code>test1</code> matches both <code>Test1</code> and <code>test1</code>, and <code>test1*</code> matches both <code>test1</code> and <code>Test10</code>. When the <code>JOB_NAME</code> filter is used, the results are grouped by the job name and version.</p> </dd> <dt>JOB_DEFINITION</dt> <dd> <p>The value for the filter is the name or Amazon Resource Name (ARN) of the job definition. This corresponds to the <code>jobDefinition</code> value. The value is case sensitive. When the value for the filter is the job definition name, the results include all the jobs that used any revision of that job definition name. If the value ends with an asterisk (*), the filter will match any job definition name that begins with the string before the '*'. For example, <code>jd1</code> matches only <code>jd1</code>, and <code>jd1*</code> matches both <code>jd1</code> and <code>jd1A</code>. The version of the job definition that's used doesn't affect the sort order. When the <code>JOB_DEFINITION</code> filter is used and the ARN is used (which is in the form <code>arn:${Partition}:batch:${Region}:${Account}:job-definition/${JobDefinitionName}:${Revision}</code>), the results include jobs that used the specified revision of the job definition. Asterisk (*) is not supported when the ARN is used.</p> </dd> <dt>BEFORE_CREATED_AT</dt> <dd> <p>The value for the filter is the time that's before the job was created. This corresponds to the <code>createdAt</code> value. The value is a string representation of the number of milliseconds since 00:00:00 UTC (midnight) on January 1, 1970.</p> </dd> <dt>AFTER_CREATED_AT</dt> <dd> <p>The value for the filter is the time that's after the job was created. This corresponds to the <code>createdAt</code> value. The value is a string representation of the number of milliseconds since 00:00:00 UTC (midnight) on January 1, 1970.</p> </dd> </dl>"
         }
       },
       "documentation":"<p>Contains the parameters for <code>ListJobs</code>.</p>"
@@ -1816,13 +2002,39 @@
         }
       }
     },
+    "ListSchedulingPoliciesRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of results that's returned by <code>ListSchedulingPolicies</code> in paginated output. When this parameter is used, <code>ListSchedulingPolicies</code> only returns <code>maxResults</code> results in a single page and a <code>nextToken</code> response element. You can see the remaining results of the initial request by sending another <code>ListSchedulingPolicies</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, <code>ListSchedulingPolicies</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The <code>nextToken</code> value that's returned from a previous paginated <code>ListSchedulingPolicies</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is <code>null</code> when there are no more results to return.</p> <note> <p>This token should be treated as an opaque identifier that's only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+        }
+      }
+    },
+    "ListSchedulingPoliciesResponse":{
+      "type":"structure",
+      "members":{
+        "schedulingPolicies":{
+          "shape":"SchedulingPolicyListingDetailList",
+          "documentation":"<p>A list of scheduling policies that match the request.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>The <code>nextToken</code> value to include in a future <code>ListSchedulingPolicies</code> request. When the results of a <code>ListSchedulingPolicies</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+        }
+      }
+    },
     "ListTagsForResourceRequest":{
       "type":"structure",
       "required":["resourceArn"],
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource that tags are listed for. Batch resources that support tags are compute environments, jobs, job definitions, and job queues. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource that tags are listed for. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
           "location":"uri",
           "locationName":"resourceArn"
         }
@@ -2060,7 +2272,7 @@
       "members":{
         "jobDefinitionName":{
           "shape":"String",
-          "documentation":"<p>The name of the job definition to register. Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the job definition to register. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "type":{
           "shape":"JobDefinitionType",
@@ -2070,6 +2282,10 @@
           "shape":"ParametersMap",
           "documentation":"<p>Default parameter substitution placeholders to set in the job definition. Parameters are specified as a key-value pair mapping. Parameters in a <code>SubmitJob</code> request override any corresponding parameter defaults from the job definition.</p>"
         },
+        "schedulingPriority":{
+          "shape":"Integer",
+          "documentation":"<p>The scheduling priority for jobs that are submitted with this job definition. This will only affect jobs in job queues with a fair share policy. Jobs with a higher scheduling priority will be scheduled before jobs with a lower scheduling priority.</p> <p>The minimum supported value is 0 and the maximum supported value is 9999.</p>"
+        },
         "containerProperties":{
           "shape":"ContainerProperties",
           "documentation":"<p>An object with various properties specific to single-node container-based jobs. If the job definition's <code>type</code> parameter is <code>container</code>, then you must specify either <code>containerProperties</code> or <code>nodeProperties</code>.</p> <note> <p>If the job runs on Fargate resources, then you must not specify <code>nodeProperties</code>; use only <code>containerProperties</code>.</p> </note>"
@@ -2132,7 +2348,7 @@
       "members":{
         "value":{
           "shape":"String",
-          "documentation":"<p>The quantity of the specified resource to reserve for the container. The values vary based on the <code>type</code> specified.</p> <dl> <dt>type=\"GPU\"</dt> <dd> <p>The number of physical GPUs to reserve for the container. The number of GPUs reserved for all containers in a job shouldn't exceed the number of available GPUs on the compute resource that the job is launched on.</p> <note> <p>GPUs are not available for jobs that are running on Fargate resources.</p> </note> </dd> <dt>type=\"MEMORY\"</dt> <dd> <p>The memory hard limit (in MiB) present to the container. This parameter is supported for jobs that are running on EC2 resources. If your container attempts to exceed the memory specified, the container is terminated. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. You must specify at least 4 MiB of memory for a job. This is required but can be specified in several places for multi-node parallel (MNP) jobs. It must be specified for each node at least once. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>.</p> <note> <p>If you're trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/memory-management.html\">Memory Management</a> in the <i>Batch User Guide</i>.</p> </note> <p>For jobs that are running on Fargate resources, then <code>value</code> is the hard limit (in MiB), and must match one of the supported values and the <code>VCPU</code> values must be one of the values supported for that memory value.</p> <dl> <dt>value = 512</dt> <dd> <p> <code>VCPU</code> = 0.25</p> </dd> <dt>value = 1024</dt> <dd> <p> <code>VCPU</code> = 0.25 or 0.5</p> </dd> <dt>value = 2048</dt> <dd> <p> <code>VCPU</code> = 0.25, 0.5, or 1</p> </dd> <dt>value = 3072</dt> <dd> <p> <code>VCPU</code> = 0.5, or 1</p> </dd> <dt>value = 4096</dt> <dd> <p> <code>VCPU</code> = 0.5, 1, or 2</p> </dd> <dt>value = 5120, 6144, or 7168</dt> <dd> <p> <code>VCPU</code> = 1 or 2</p> </dd> <dt>value = 8192</dt> <dd> <p> <code>VCPU</code> = 1, 2, or 4</p> </dd> <dt>value = 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384</dt> <dd> <p> <code>VCPU</code> = 2 or 4</p> </dd> <dt>value = 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720</dt> <dd> <p> <code>VCPU</code> = 4</p> </dd> </dl> </dd> <dt>type=\"VCPU\"</dt> <dd> <p>The number of vCPUs reserved for the container. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Each vCPU is equivalent to 1,024 CPU shares. For EC2 resources, you must specify at least one vCPU. This is required but can be specified in several places; it must be specified for each node at least once.</p> <p>For jobs that are running on Fargate resources, then <code>value</code> must match one of the supported values and the <code>MEMORY</code> values must be one of the values supported for that VCPU value. The supported values are 0.25, 0.5, 1, 2, and 4</p> <dl> <dt>value = 0.25</dt> <dd> <p> <code>MEMORY</code> = 512, 1024, or 2048</p> </dd> <dt>value = 0.5</dt> <dd> <p> <code>MEMORY</code> = 1024, 2048, 3072, or 4096</p> </dd> <dt>value = 1</dt> <dd> <p> <code>MEMORY</code> = 2048, 3072, 4096, 5120, 6144, 7168, or 8192</p> </dd> <dt>value = 2</dt> <dd> <p> <code>MEMORY</code> = 4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384</p> </dd> <dt>value = 4</dt> <dd> <p> <code>MEMORY</code> = 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720</p> </dd> </dl> </dd> </dl>"
+          "documentation":"<p>The quantity of the specified resource to reserve for the container. The values vary based on the <code>type</code> specified.</p> <dl> <dt>type=\"GPU\"</dt> <dd> <p>The number of physical GPUs to reserve for the container. The number of GPUs reserved for all containers in a job shouldn't exceed the number of available GPUs on the compute resource that the job is launched on.</p> <note> <p>GPUs are not available for jobs that are running on Fargate resources.</p> </note> </dd> <dt>type=\"MEMORY\"</dt> <dd> <p>The memory hard limit (in MiB) present to the container. This parameter is supported for jobs that are running on EC2 resources. If your container attempts to exceed the memory specified, the container is terminated. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. You must specify at least 4 MiB of memory for a job. This is required but can be specified in several places for multi-node parallel (MNP) jobs. It must be specified for each node at least once. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>.</p> <note> <p>If you're trying to maximize your resource utilization by providing your jobs as much memory as possible for a particular instance type, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/memory-management.html\">Memory Management</a> in the <i>Batch User Guide</i>.</p> </note> <p>For jobs that are running on Fargate resources, then <code>value</code> is the hard limit (in MiB), and must match one of the supported values and the <code>VCPU</code> values must be one of the values supported for that memory value.</p> <dl> <dt>value = 512</dt> <dd> <p> <code>VCPU</code> = 0.25</p> </dd> <dt>value = 1024</dt> <dd> <p> <code>VCPU</code> = 0.25 or 0.5</p> </dd> <dt>value = 2048</dt> <dd> <p> <code>VCPU</code> = 0.25, 0.5, or 1</p> </dd> <dt>value = 3072</dt> <dd> <p> <code>VCPU</code> = 0.5, or 1</p> </dd> <dt>value = 4096</dt> <dd> <p> <code>VCPU</code> = 0.5, 1, or 2</p> </dd> <dt>value = 5120, 6144, or 7168</dt> <dd> <p> <code>VCPU</code> = 1 or 2</p> </dd> <dt>value = 8192</dt> <dd> <p> <code>VCPU</code> = 1, 2, or 4</p> </dd> <dt>value = 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384</dt> <dd> <p> <code>VCPU</code> = 2 or 4</p> </dd> <dt>value = 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720</dt> <dd> <p> <code>VCPU</code> = 4</p> </dd> </dl> </dd> <dt>type=\"VCPU\"</dt> <dd> <p>The number of vCPUs reserved for the container. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.23/#create-a-container\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.23/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/\">docker run</a>. Each vCPU is equivalent to 1,024 CPU shares. For EC2 resources, you must specify at least one vCPU. This is required but can be specified in several places; it must be specified for each node at least once.</p> <p>For jobs that are running on Fargate resources, then <code>value</code> must match one of the supported values and the <code>MEMORY</code> values must be one of the values supported for that <code>VCPU</code> value. The supported values are 0.25, 0.5, 1, 2, and 4</p> <dl> <dt>value = 0.25</dt> <dd> <p> <code>MEMORY</code> = 512, 1024, or 2048</p> </dd> <dt>value = 0.5</dt> <dd> <p> <code>MEMORY</code> = 1024, 2048, 3072, or 4096</p> </dd> <dt>value = 1</dt> <dd> <p> <code>MEMORY</code> = 2048, 3072, 4096, 5120, 6144, 7168, or 8192</p> </dd> <dt>value = 2</dt> <dd> <p> <code>MEMORY</code> = 4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, or 16384</p> </dd> <dt>value = 4</dt> <dd> <p> <code>MEMORY</code> = 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, or 30720</p> </dd> </dl> </dd> </dl>"
         },
         "type":{
           "shape":"ResourceType",
@@ -2174,6 +2390,51 @@
       },
       "documentation":"<p>The retry strategy associated with a job. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/job_retries.html\">Automated job retries</a> in the <i>Batch User Guide</i>.</p>"
     },
+    "SchedulingPolicyDetail":{
+      "type":"structure",
+      "required":[
+        "name",
+        "arn"
+      ],
+      "members":{
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the scheduling policy.</p>"
+        },
+        "arn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the scheduling policy. An example is <code>arn:<i>aws</i>:batch:<i>us-east-1</i>:<i>123456789012</i>:scheduling-policy/<i>HighPriority</i> </code>.</p>"
+        },
+        "fairsharePolicy":{
+          "shape":"FairsharePolicy",
+          "documentation":"<p>The fair share policy for the scheduling policy.</p>"
+        },
+        "tags":{
+          "shape":"TagrisTagsMap",
+          "documentation":"<p>The tags that you apply to the scheduling policy to categorize and organize your resources. Each tag consists of a key and an optional value. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services Resources</a> in <i>Amazon Web Services General Reference</i>.</p>"
+        }
+      },
+      "documentation":"<p>An object that represents a scheduling policy.</p>"
+    },
+    "SchedulingPolicyDetailList":{
+      "type":"list",
+      "member":{"shape":"SchedulingPolicyDetail"}
+    },
+    "SchedulingPolicyListingDetail":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"String",
+          "documentation":"<p>Amazon Resource Name (ARN) of the scheduling policy.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains the details of a scheduling policy that's returned in a <code>ListSchedulingPolicy</code> action.</p>"
+    },
+    "SchedulingPolicyListingDetailList":{
+      "type":"list",
+      "member":{"shape":"SchedulingPolicyListingDetail"}
+    },
     "Secret":{
       "type":"structure",
       "required":[
@@ -2206,6 +2467,25 @@
       "exception":true,
       "fault":true
     },
+    "ShareAttributes":{
+      "type":"structure",
+      "required":["shareIdentifier"],
+      "members":{
+        "shareIdentifier":{
+          "shape":"String",
+          "documentation":"<p>A fair share identifier or fair share identifier prefix. If the string ends with an asterisk (*), this entry specifies the weight factor to use for fair share identifiers that start with that prefix. The list of fair share identifiers in a fair share policy cannot overlap. For example, you can't have one that specifies a <code>shareIdentifier</code> of <code>UserA*</code> and another that specifies a <code>shareIdentifier</code> of <code>UserA-1</code>.</p> <p>There can be no more than 500 fair share identifiers active in a job queue.</p> <p>The string is limited to 255 alphanumeric characters, optionally followed by an asterisk (*).</p>"
+        },
+        "weightFactor":{
+          "shape":"Float",
+          "documentation":"<p>The weight factor for the fair share identifier. The default value is 1.0. A lower value has a higher priority for compute resources. For example, jobs that use a share identifier with a weight factor of 0.125 (1/8) get 8 times the compute resources of jobs that use a share identifier with a weight factor of 1.</p> <p>The smallest supported value is 0.0001, and the largest supported value is 999.9999.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the weights for the fair share identifiers for the fair share policy. Fair share identifiers that aren't included have a default weight of <code>1.0</code>.</p>"
+    },
+    "ShareAttributesList":{
+      "type":"list",
+      "member":{"shape":"ShareAttributes"}
+    },
     "String":{"type":"string"},
     "StringList":{
       "type":"list",
@@ -2221,12 +2501,20 @@
       "members":{
         "jobName":{
           "shape":"String",
-          "documentation":"<p>The name of the job. The first character must be alphanumeric, and up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the job. It can be up to 128 letters long. The first character must be alphanumeric, can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "jobQueue":{
           "shape":"String",
           "documentation":"<p>The job queue where the job is submitted. You can specify either the name or the Amazon Resource Name (ARN) of the queue.</p>"
         },
+        "shareIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The share identifier for the job.</p>"
+        },
+        "schedulingPriorityOverride":{
+          "shape":"Integer",
+          "documentation":"<p>The scheduling priority for the job. This will only affect jobs in job queues with a fair share policy. Jobs with a higher scheduling priority will be scheduled before jobs with a lower scheduling priority. This will override any scheduling priority in the job definition.</p> <p>The minimum supported value is 0 and the maximum supported value is 9999.</p>"
+        },
         "arrayProperties":{
           "shape":"ArrayProperties",
           "documentation":"<p>The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/array_jobs.html\">Array Jobs</a> in the <i>Batch User Guide</i>.</p>"
@@ -2311,7 +2599,7 @@
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource that tags are added to. Batch resources that support tags are compute environments, jobs, job definitions, and job queues. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource that tags are added to. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
           "location":"uri",
           "locationName":"resourceArn"
         },
@@ -2427,7 +2715,7 @@
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource from which to delete tags. Batch resources that support tags are compute environments, jobs, job definitions, and job queues. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource from which to delete tags. Batch resources that support tags are compute environments, jobs, job definitions, job queues, and scheduling policies. ARNs for child jobs of array and multi-node parallel (MNP) jobs are not supported.</p>",
           "location":"uri",
           "locationName":"resourceArn"
         },
@@ -2456,6 +2744,10 @@
           "shape":"CEState",
           "documentation":"<p>The state of the compute environment. Compute environments in the <code>ENABLED</code> state can accept jobs from a queue and scale in or out automatically based on the workload demand of its associated queues.</p> <p>If the state is <code>ENABLED</code>, then the Batch scheduler can attempt to place jobs from an associated job queue on the compute resources within the environment. If the compute environment is managed, then it can scale its instances out or in automatically, based on the job queue demand.</p> <p>If the state is <code>DISABLED</code>, then the Batch scheduler doesn't attempt to place jobs within the environment. Jobs in a <code>STARTING</code> or <code>RUNNING</code> state continue to progress normally. Managed compute environments in the <code>DISABLED</code> state don't scale out. However, they scale in to <code>minvCpus</code> value after instances become idle.</p>"
         },
+        "unmanagedvCpus":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of vCPUs expected to be used for an unmanaged compute environment. This parameter should not be specified for a managed compute environment. This parameter is only used for fair share scheduling to reserve vCPU capacity for new share identifiers. If this parameter is not provided for a fair share job queue, no vCPU capacity will be reserved.</p>"
+        },
         "computeResources":{
           "shape":"ComputeResourceUpdate",
           "documentation":"<p>Details of the compute resources managed by the compute environment. Required for a managed compute environment. For more information, see <a href=\"https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html\">Compute Environments</a> in the <i>Batch User Guide</i>.</p>"
@@ -2472,7 +2764,7 @@
       "members":{
         "computeEnvironmentName":{
           "shape":"String",
-          "documentation":"<p>The name of the compute environment. Up to 128 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p>"
+          "documentation":"<p>The name of the compute environment. It can be up to 128 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_).</p>"
         },
         "computeEnvironmentArn":{
           "shape":"String",
@@ -2492,6 +2784,10 @@
           "shape":"JQState",
           "documentation":"<p>Describes the queue's ability to accept new jobs. If the job queue state is <code>ENABLED</code>, it can accept jobs. If the job queue state is <code>DISABLED</code>, new jobs can't be added to the queue, but jobs already in the queue can finish.</p>"
         },
+        "schedulingPolicyArn":{
+          "shape":"String",
+          "documentation":"<p>Amazon Resource Name (ARN) of the fair share scheduling policy. Once a job queue is created, the fair share scheduling policy can be replaced but not removed. The format is <code>aws:<i>Partition</i>:batch:<i>Region</i>:<i>Account</i>:scheduling-policy/<i>Name</i> </code>. For example, <code>aws:aws:batch:us-west-2:012345678910:scheduling-policy/MySchedulingPolicy</code>.</p>"
+        },
         "priority":{
           "shape":"Integer",
           "documentation":"<p>The priority of the job queue. Job queues with a higher priority (or a higher integer value for the <code>priority</code> parameter) are evaluated first when associated with the same compute environment. Priority is determined in descending order, for example, a job queue with a priority value of <code>10</code> is given scheduling preference over a job queue with a priority value of <code>1</code>. All of the compute environments must be either EC2 (<code>EC2</code> or <code>SPOT</code>) or Fargate (<code>FARGATE</code> or <code>FARGATE_SPOT</code>). EC2 and Fargate compute environments can't be mixed.</p>"
@@ -2516,6 +2812,25 @@
         }
       }
     },
+    "UpdateSchedulingPolicyRequest":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the scheduling policy to update.</p>"
+        },
+        "fairsharePolicy":{
+          "shape":"FairsharePolicy",
+          "documentation":"<p>The fair share policy.</p>"
+        }
+      }
+    },
+    "UpdateSchedulingPolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "Volume":{
       "type":"structure",
       "members":{
@@ -2525,7 +2840,7 @@
         },
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. This name is referenced in the <code>sourceVolume</code> parameter of container definition <code>mountPoints</code>.</p>"
+          "documentation":"<p>The name of the volume. It can be up to 255 letters long. It can contain uppercase and lowercase letters, numbers, hyphens (-), and underscores (_). This name is referenced in the <code>sourceVolume</code> parameter of container definition <code>mountPoints</code>.</p>"
         },
         "efsVolumeConfiguration":{
           "shape":"EFSVolumeConfiguration",
@@ -2539,5 +2854,5 @@
       "member":{"shape":"Volume"}
     }
   },
-  "documentation":"<fullname>Batch</fullname> <p>Using Batch, you can run batch computing workloads on the Cloud. Batch computing is a common means for developers, scientists, and engineers to access large amounts of compute resources. Batch uses the advantages of this computing workload to remove the undifferentiated heavy lifting of configuring and managing required infrastructure. At the same time, it also adopts a familiar batch computing software approach. Given these advantages, Batch can help you to efficiently provision resources in response to jobs submitted, thus effectively helping you to eliminate capacity constraints, reduce compute costs, and deliver your results more quickly.</p> <p>As a fully managed service, Batch can run batch computing workloads of any scale. Batch automatically provisions compute resources and optimizes workload distribution based on the quantity and scale of your specific workloads. With Batch, there's no need to install or manage batch computing software. This means that you can focus your time and energy on analyzing results and solving your specific problems. </p>"
+  "documentation":"<fullname>Batch</fullname> <p>Using Batch, you can run batch computing workloads on the Amazon Web Services Cloud. Batch computing is a common means for developers, scientists, and engineers to access large amounts of compute resources. Batch uses the advantages of this computing workload to remove the undifferentiated heavy lifting of configuring and managing required infrastructure. At the same time, it also adopts a familiar batch computing software approach. Given these advantages, Batch can help you to efficiently provision resources in response to jobs submitted, thus effectively helping you to eliminate capacity constraints, reduce compute costs, and deliver your results more quickly.</p> <p>As a fully managed service, Batch can run batch computing workloads of any scale. Batch automatically provisions compute resources and optimizes workload distribution based on the quantity and scale of your specific workloads. With Batch, there's no need to install or manage batch computing software. This means that you can focus your time and energy on analyzing results and solving your specific problems.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/paginators-1.json
index f4dd4a1ee67..a5be3333fa8 100644
--- a/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/paginators-1.json
@@ -11,6 +11,12 @@
       "output_token": "nextToken",
       "limit_key": "maxResults",
       "result_key": "quantumTasks"
+    },
+    "SearchJobs": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "jobs"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/service-2.json b/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/service-2.json
index d5b29337170..5573da0f3ba 100644
--- a/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/braket/2019-09-01/service-2.json
@@ -12,6 +12,26 @@
     "uid":"braket-2019-09-01"
   },
   "operations":{
+    "CancelJob":{
+      "name":"CancelJob",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/job/{jobArn}/cancel",
+        "responseCode":200
+      },
+      "input":{"shape":"CancelJobRequest"},
+      "output":{"shape":"CancelJobResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Cancels an Amazon Braket job.</p>",
+      "idempotent":true
+    },
     "CancelQuantumTask":{
       "name":"CancelQuantumTask",
       "http":{
@@ -32,6 +52,26 @@
       "documentation":"<p>Cancels the specified task.</p>",
       "idempotent":true
     },
+    "CreateJob":{
+      "name":"CreateJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/job",
+        "responseCode":201
+      },
+      "input":{"shape":"CreateJobRequest"},
+      "output":{"shape":"CreateJobResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"DeviceRetiredException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Creates an Amazon Braket job.</p>"
+    },
     "CreateQuantumTask":{
       "name":"CreateQuantumTask",
       "http":{
@@ -45,6 +85,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"},
         {"shape":"DeviceOfflineException"},
+        {"shape":"DeviceRetiredException"},
         {"shape":"InternalServiceException"},
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"ValidationException"}
@@ -64,13 +105,29 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"},
-        {"shape":"DeviceOfflineException"},
-        {"shape":"DeviceRetiredException"},
         {"shape":"InternalServiceException"},
         {"shape":"ValidationException"}
       ],
       "documentation":"<p>Retrieves the devices available in Amazon Braket.</p>"
     },
+    "GetJob":{
+      "name":"GetJob",
+      "http":{
+        "method":"GET",
+        "requestUri":"/job/{jobArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetJobRequest"},
+      "output":{"shape":"GetJobResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves the specified Amazon Braket job.</p>"
+    },
     "GetQuantumTask":{
       "name":"GetQuantumTask",
       "http":{
@@ -122,6 +179,23 @@
       ],
       "documentation":"<p>Searches for devices using the specified filters.</p>"
     },
+    "SearchJobs":{
+      "name":"SearchJobs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/jobs",
+        "responseCode":200
+      },
+      "input":{"shape":"SearchJobsRequest"},
+      "output":{"shape":"SearchJobsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Searches for Amazon Braket jobs that match the specified filter values.</p>"
+    },
     "SearchQuantumTasks":{
       "name":"SearchQuantumTasks",
       "http":{
@@ -186,6 +260,49 @@
       },
       "exception":true
     },
+    "AlgorithmSpecification":{
+      "type":"structure",
+      "members":{
+        "containerImage":{
+          "shape":"ContainerImage",
+          "documentation":"<p>The container image used to create an Amazon Braket job.</p>"
+        },
+        "scriptModeConfig":{
+          "shape":"ScriptModeConfig",
+          "documentation":"<p>Configures the paths to the Python scripts used for entry and training.</p>"
+        }
+      },
+      "documentation":"<p>Defines the Amazon Braket job to be created. Specifies the container image the job uses and the paths to the Python scripts used for entry and training.</p>"
+    },
+    "CancelJobRequest":{
+      "type":"structure",
+      "required":["jobArn"],
+      "members":{
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job to cancel.</p>",
+          "location":"uri",
+          "locationName":"jobArn"
+        }
+      }
+    },
+    "CancelJobResponse":{
+      "type":"structure",
+      "required":[
+        "cancellationStatus",
+        "jobArn"
+      ],
+      "members":{
+        "cancellationStatus":{
+          "shape":"CancellationStatus",
+          "documentation":"<p>The status of the job cancellation request.</p>"
+        },
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job.</p>"
+        }
+      }
+    },
     "CancelQuantumTaskRequest":{
       "type":"structure",
       "required":[
@@ -230,6 +347,13 @@
         "CANCELLED"
       ]
     },
+    "CompressionType":{
+      "type":"string",
+      "enum":[
+        "NONE",
+        "GZIP"
+      ]
+    },
     "ConflictException":{
       "type":"structure",
       "members":{
@@ -242,6 +366,102 @@
       },
       "exception":true
     },
+    "ContainerImage":{
+      "type":"structure",
+      "required":["uri"],
+      "members":{
+        "uri":{
+          "shape":"Uri",
+          "documentation":"<p>The URI locating the container image.</p>"
+        }
+      },
+      "documentation":"<p>The container image used to create an Amazon Braket job.</p>"
+    },
+    "CreateJobRequest":{
+      "type":"structure",
+      "required":[
+        "algorithmSpecification",
+        "clientToken",
+        "deviceConfig",
+        "instanceConfig",
+        "jobName",
+        "outputDataConfig",
+        "roleArn"
+      ],
+      "members":{
+        "algorithmSpecification":{
+          "shape":"AlgorithmSpecification",
+          "documentation":"<p>Definition of the Amazon Braket job to be created. Specifies the container image the job uses and information about the Python scripts used for entry and training.</p>"
+        },
+        "checkpointConfig":{
+          "shape":"JobCheckpointConfig",
+          "documentation":"<p>Information about the output locations for job checkpoint data.</p>"
+        },
+        "clientToken":{
+          "shape":"String64",
+          "documentation":"<p>A unique token that guarantees that the call to this API is idempotent.</p>",
+          "idempotencyToken":true
+        },
+        "deviceConfig":{
+          "shape":"DeviceConfig",
+          "documentation":"<p>The quantum processing unit (QPU) or simulator used to create an Amazon Braket job.</p>"
+        },
+        "hyperParameters":{
+          "shape":"HyperParameters",
+          "documentation":"<p>Algorithm-specific parameters used by an Amazon Braket job that influence the quality of the training job. The values are set with a string of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of th hyperparameter.</p>"
+        },
+        "inputDataConfig":{
+          "shape":"CreateJobRequestInputDataConfigList",
+          "documentation":"<p>A list of parameters that specify the name and type of input data and where it is located.</p>"
+        },
+        "instanceConfig":{
+          "shape":"InstanceConfig",
+          "documentation":"<p>Configuration of the resource instances to use while running the hybrid job on Amazon Braket.</p>"
+        },
+        "jobName":{
+          "shape":"CreateJobRequestJobNameString",
+          "documentation":"<p>The name of the Amazon Braket job.</p>"
+        },
+        "outputDataConfig":{
+          "shape":"JobOutputDataConfig",
+          "documentation":"<p>The path to the S3 location where you want to store job artifacts and the encryption key used to store them.</p>"
+        },
+        "roleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output resources to the users' s3 buckets.</p>"
+        },
+        "stoppingCondition":{
+          "shape":"JobStoppingCondition",
+          "documentation":"<p> The user-defined criteria that specifies when a job stops running.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.</p>"
+        }
+      }
+    },
+    "CreateJobRequestInputDataConfigList":{
+      "type":"list",
+      "member":{"shape":"InputFileConfig"},
+      "max":20,
+      "min":0
+    },
+    "CreateJobRequestJobNameString":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}$"
+    },
+    "CreateJobResponse":{
+      "type":"structure",
+      "required":["jobArn"],
+      "members":{
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job created.</p>"
+        }
+      }
+    },
     "CreateQuantumTaskRequest":{
       "type":"structure",
       "required":[
@@ -272,6 +492,10 @@
           "documentation":"<p>The parameters for the device to run the task on.</p>",
           "jsonvalue":true
         },
+        "jobToken":{
+          "shape":"JobToken",
+          "documentation":"<p>The token for an Amazon Braket job that associates it with the quantum task.</p>"
+        },
         "outputS3Bucket":{
           "shape":"CreateQuantumTaskRequestOutputS3BucketString",
           "documentation":"<p>The S3 bucket to store task result files in.</p>"
@@ -320,11 +544,33 @@
         }
       }
     },
+    "DataSource":{
+      "type":"structure",
+      "required":["s3DataSource"],
+      "members":{
+        "s3DataSource":{
+          "shape":"S3DataSource",
+          "documentation":"<p>Information about the data stored in Amazon S3 used by the Amazon Braket job.</p>"
+        }
+      },
+      "documentation":"<p>Information about the source of the data used by the Amazon Braket job.</p>"
+    },
     "DeviceArn":{
       "type":"string",
       "max":256,
       "min":1
     },
+    "DeviceConfig":{
+      "type":"structure",
+      "required":["device"],
+      "members":{
+        "device":{
+          "shape":"String256",
+          "documentation":"<p>The primary quantum processing unit (QPU) or simulator used to create and run an Amazon Braket job.</p>"
+        }
+      },
+      "documentation":"<p>Configures the quantum processing units (QPUs) or simulator used to create and run an Amazon Braket job.</p>"
+    },
     "DeviceOfflineException":{
       "type":"structure",
       "members":{
@@ -451,6 +697,115 @@
         }
       }
     },
+    "GetJobRequest":{
+      "type":"structure",
+      "required":["jobArn"],
+      "members":{
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the job to retrieve.</p>",
+          "location":"uri",
+          "locationName":"jobArn"
+        }
+      }
+    },
+    "GetJobResponse":{
+      "type":"structure",
+      "required":[
+        "algorithmSpecification",
+        "createdAt",
+        "instanceConfig",
+        "jobArn",
+        "jobName",
+        "outputDataConfig",
+        "roleArn",
+        "status"
+      ],
+      "members":{
+        "algorithmSpecification":{
+          "shape":"AlgorithmSpecification",
+          "documentation":"<p>Definition of the Amazon Braket job created. Specifies the container image the job uses, information about the Python scripts used for entry and training, and the user-defined metrics used to evaluation the job.</p>"
+        },
+        "billableDuration":{
+          "shape":"Integer",
+          "documentation":"<p>The billable time the Amazon Braket job used to complete.</p>"
+        },
+        "checkpointConfig":{
+          "shape":"JobCheckpointConfig",
+          "documentation":"<p>Information about the output locations for job checkpoint data.</p>"
+        },
+        "createdAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job was created.</p>"
+        },
+        "deviceConfig":{
+          "shape":"DeviceConfig",
+          "documentation":"<p>The quantum processing unit (QPU) or simulator used to run the Amazon Braket job.</p>"
+        },
+        "endedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job ended.</p>"
+        },
+        "events":{
+          "shape":"JobEvents",
+          "documentation":"<p>Details about the type and time events occurred related to the Amazon Braket job.</p>"
+        },
+        "failureReason":{
+          "shape":"String1024",
+          "documentation":"<p>A description of the reason why an Amazon Braket job failed, if it failed.</p>"
+        },
+        "hyperParameters":{
+          "shape":"HyperParameters",
+          "documentation":"<p>Algorithm-specific parameters used by an Amazon Braket job that influence the quality of the traiing job. The values are set with a string of JSON key:value pairs, where the key is the name of the hyperparameter and the value is the value of th hyperparameter.</p>"
+        },
+        "inputDataConfig":{
+          "shape":"InputConfigList",
+          "documentation":"<p>A list of parameters that specify the name and type of input data and where it is located.</p>"
+        },
+        "instanceConfig":{
+          "shape":"InstanceConfig",
+          "documentation":"<p>The resource instances to use while running the hybrid job on Amazon Braket.</p>"
+        },
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job.</p>"
+        },
+        "jobName":{
+          "shape":"GetJobResponseJobNameString",
+          "documentation":"<p>The name of the Amazon Braket job.</p>"
+        },
+        "outputDataConfig":{
+          "shape":"JobOutputDataConfig",
+          "documentation":"<p>The path to the S3 location where job artifacts are stored and the encryption key used to store them there.</p>"
+        },
+        "roleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that Amazon Braket can assume to perform tasks on behalf of a user. It can access user resources, run an Amazon Braket job container on behalf of user, and output resources to the s3 buckets of a user.</p>"
+        },
+        "startedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job was started.</p>"
+        },
+        "status":{
+          "shape":"JobPrimaryStatus",
+          "documentation":"<p>The status of the Amazon Braket job.</p>"
+        },
+        "stoppingCondition":{
+          "shape":"JobStoppingCondition",
+          "documentation":"<p>The user-defined criteria that specifies when to stop a job running.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.</p>"
+        }
+      }
+    },
+    "GetJobResponseJobNameString":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,50}$"
+    },
     "GetQuantumTaskRequest":{
       "type":"structure",
       "required":["quantumTaskArn"],
@@ -497,6 +852,10 @@
           "shape":"String",
           "documentation":"<p>The reason that a task failed.</p>"
         },
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job associated with the quantum task.</p>"
+        },
         "outputS3Bucket":{
           "shape":"String",
           "documentation":"<p>The S3 bucket where task results are stored.</p>"
@@ -523,6 +882,121 @@
         }
       }
     },
+    "HyperParameters":{
+      "type":"map",
+      "key":{"shape":"String256"},
+      "value":{"shape":"HyperParametersValueString"},
+      "max":100,
+      "min":0
+    },
+    "HyperParametersValueString":{
+      "type":"string",
+      "max":2500,
+      "min":1
+    },
+    "InputConfigList":{
+      "type":"list",
+      "member":{"shape":"InputFileConfig"}
+    },
+    "InputFileConfig":{
+      "type":"structure",
+      "required":[
+        "channelName",
+        "dataSource"
+      ],
+      "members":{
+        "channelName":{
+          "shape":"InputFileConfigChannelNameString",
+          "documentation":"<p>A named input source that an Amazon Braket job can consume.</p>"
+        },
+        "contentType":{
+          "shape":"String256",
+          "documentation":"<p>The MIME type of the data.</p>"
+        },
+        "dataSource":{
+          "shape":"DataSource",
+          "documentation":"<p>The location of the channel data.</p>"
+        }
+      },
+      "documentation":"<p>A list of parameters that specify the input channels, type of input data, and where it is located.</p>"
+    },
+    "InputFileConfigChannelNameString":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^[A-Za-z0-9\\.\\-_]+$"
+    },
+    "InstanceConfig":{
+      "type":"structure",
+      "required":[
+        "instanceType",
+        "volumeSizeInGb"
+      ],
+      "members":{
+        "instanceType":{
+          "shape":"InstanceType",
+          "documentation":"<p>Configures the type resource instances to use while running an Amazon Braket hybrid job.</p>"
+        },
+        "volumeSizeInGb":{
+          "shape":"InstanceConfigVolumeSizeInGbInteger",
+          "documentation":"<p>The size of the storage volume, in GB, that user wants to provision.</p>"
+        }
+      },
+      "documentation":"<p>Configures the resource instances to use while running the Amazon Braket hybrid job on Amazon Braket.</p>"
+    },
+    "InstanceConfigVolumeSizeInGbInteger":{
+      "type":"integer",
+      "box":true,
+      "min":1
+    },
+    "InstanceType":{
+      "type":"string",
+      "enum":[
+        "ml.m4.xlarge",
+        "ml.m4.2xlarge",
+        "ml.m4.4xlarge",
+        "ml.m4.10xlarge",
+        "ml.m4.16xlarge",
+        "ml.g4dn.xlarge",
+        "ml.g4dn.2xlarge",
+        "ml.g4dn.4xlarge",
+        "ml.g4dn.8xlarge",
+        "ml.g4dn.12xlarge",
+        "ml.g4dn.16xlarge",
+        "ml.m5.large",
+        "ml.m5.xlarge",
+        "ml.m5.2xlarge",
+        "ml.m5.4xlarge",
+        "ml.m5.12xlarge",
+        "ml.m5.24xlarge",
+        "ml.c4.xlarge",
+        "ml.c4.2xlarge",
+        "ml.c4.4xlarge",
+        "ml.c4.8xlarge",
+        "ml.p2.xlarge",
+        "ml.p2.8xlarge",
+        "ml.p2.16xlarge",
+        "ml.p3.2xlarge",
+        "ml.p3.8xlarge",
+        "ml.p3.16xlarge",
+        "ml.p3dn.24xlarge",
+        "ml.p4d.24xlarge",
+        "ml.c5.xlarge",
+        "ml.c5.2xlarge",
+        "ml.c5.4xlarge",
+        "ml.c5.9xlarge",
+        "ml.c5.18xlarge",
+        "ml.c5n.xlarge",
+        "ml.c5n.2xlarge",
+        "ml.c5n.4xlarge",
+        "ml.c5n.9xlarge",
+        "ml.c5n.18xlarge"
+      ]
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
     "InternalServiceException":{
       "type":"structure",
       "members":{
@@ -533,6 +1007,166 @@
       "exception":true,
       "fault":true
     },
+    "JobArn":{
+      "type":"string",
+      "pattern":"^arn:aws[a-z\\-]*:braket:[a-z0-9\\-]*:[0-9]{12}:job/.*$"
+    },
+    "JobCheckpointConfig":{
+      "type":"structure",
+      "required":["s3Uri"],
+      "members":{
+        "localPath":{
+          "shape":"String4096",
+          "documentation":"<p>(Optional) The local directory where checkpoints are written. The default directory is <code>/opt/braket/checkpoints/</code>.</p>"
+        },
+        "s3Uri":{
+          "shape":"S3Path",
+          "documentation":"<p>Identifies the S3 path where you want Amazon Braket to store checkpoints. For example, <code>s3://bucket-name/key-name-prefix</code>.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the output locations for job checkpoint data.</p>"
+    },
+    "JobEventDetails":{
+      "type":"structure",
+      "members":{
+        "eventType":{
+          "shape":"JobEventType",
+          "documentation":"<p>The type of event that occurred related to the Amazon Braket job.</p>"
+        },
+        "message":{
+          "shape":"JobEventDetailsMessageString",
+          "documentation":"<p>A message describing the event that occurred related to the Amazon Braket job.</p>"
+        },
+        "timeOfEvent":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>TThe type of event that occurred related to the Amazon Braket job.</p>"
+        }
+      },
+      "documentation":"<p>Details about the type and time events occurred related to the Amazon Braket job.</p>"
+    },
+    "JobEventDetailsMessageString":{
+      "type":"string",
+      "max":2500,
+      "min":0
+    },
+    "JobEventType":{
+      "type":"string",
+      "enum":[
+        "WAITING_FOR_PRIORITY",
+        "QUEUED_FOR_EXECUTION",
+        "STARTING_INSTANCE",
+        "DOWNLOADING_DATA",
+        "RUNNING",
+        "DEPRIORITIZED_DUE_TO_INACTIVITY",
+        "UPLOADING_RESULTS",
+        "COMPLETED",
+        "FAILED",
+        "MAX_RUNTIME_EXCEEDED",
+        "CANCELLED"
+      ]
+    },
+    "JobEvents":{
+      "type":"list",
+      "member":{"shape":"JobEventDetails"},
+      "max":20,
+      "min":0
+    },
+    "JobOutputDataConfig":{
+      "type":"structure",
+      "required":["s3Path"],
+      "members":{
+        "kmsKeyId":{
+          "shape":"String2048",
+          "documentation":"<p>The AWS Key Management Service (AWS KMS) key that Amazon Braket uses to encrypt the job training artifacts at rest using Amazon S3 server-side encryption.</p>"
+        },
+        "s3Path":{
+          "shape":"S3Path",
+          "documentation":"<p>Identifies the S3 path where you want Amazon Braket to store the job training artifacts. For example, <code>s3://bucket-name/key-name-prefix</code>.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the path to the S3 location where you want to store job artifacts and the encryption key used to store them.</p>"
+    },
+    "JobPrimaryStatus":{
+      "type":"string",
+      "enum":[
+        "QUEUED",
+        "RUNNING",
+        "COMPLETED",
+        "FAILED",
+        "CANCELLING",
+        "CANCELLED"
+      ]
+    },
+    "JobStoppingCondition":{
+      "type":"structure",
+      "members":{
+        "maxRuntimeInSeconds":{
+          "shape":"JobStoppingConditionMaxRuntimeInSecondsInteger",
+          "documentation":"<p>The maximum length of time, in seconds, that an Amazon Braket job can run.</p>"
+        }
+      },
+      "documentation":"<p>Specifies limits for how long an Amazon Braket job can run. </p>"
+    },
+    "JobStoppingConditionMaxRuntimeInSecondsInteger":{
+      "type":"integer",
+      "box":true,
+      "max":432000,
+      "min":1
+    },
+    "JobSummary":{
+      "type":"structure",
+      "required":[
+        "createdAt",
+        "device",
+        "jobArn",
+        "jobName",
+        "status"
+      ],
+      "members":{
+        "createdAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job was created.</p>"
+        },
+        "device":{
+          "shape":"String256",
+          "documentation":"<p>Provides summary information about the primary device used by an Amazon Braket job.</p>"
+        },
+        "endedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job ended.</p>"
+        },
+        "jobArn":{
+          "shape":"JobArn",
+          "documentation":"<p>The ARN of the Amazon Braket job.</p>"
+        },
+        "jobName":{
+          "shape":"String",
+          "documentation":"<p>The name of the Amazon Braket job.</p>"
+        },
+        "startedAt":{
+          "shape":"SyntheticTimestamp_date_time",
+          "documentation":"<p>The date and time that the Amazon Braket job was started.</p>"
+        },
+        "status":{
+          "shape":"JobPrimaryStatus",
+          "documentation":"<p>The status of the Amazon Braket job.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A tag object that consists of a key and an optional value, used to manage metadata for Amazon Braket resources.</p>"
+        }
+      },
+      "documentation":"<p>Provides summary information about an Amazon Braket job.</p>"
+    },
+    "JobSummaryList":{
+      "type":"list",
+      "member":{"shape":"JobSummary"}
+    },
+    "JobToken":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
     "JsonValue":{"type":"string"},
     "ListTagsForResourceRequest":{
       "type":"structure",
@@ -643,6 +1277,49 @@
       },
       "exception":true
     },
+    "RoleArn":{
+      "type":"string",
+      "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+$"
+    },
+    "S3DataSource":{
+      "type":"structure",
+      "required":["s3Uri"],
+      "members":{
+        "s3Uri":{
+          "shape":"S3Path",
+          "documentation":"<p>Depending on the value specified for the <code>S3DataType</code>, identifies either a key name prefix or a manifest that locates the S3 data source.</p>"
+        }
+      },
+      "documentation":"<p>Information about the data stored in Amazon S3 used by the Amazon Braket job.</p>"
+    },
+    "S3Path":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":"^(https|s3)://([^/]+)/?(.*)$"
+    },
+    "ScriptModeConfig":{
+      "type":"structure",
+      "required":[
+        "entryPoint",
+        "s3Uri"
+      ],
+      "members":{
+        "compressionType":{
+          "shape":"CompressionType",
+          "documentation":"<p>The type of compression used by the Python scripts for an Amazon Braket job.</p>"
+        },
+        "entryPoint":{
+          "shape":"String",
+          "documentation":"<p>The path to the Python script that serves as the entry point for an Amazon Braket job.</p>"
+        },
+        "s3Uri":{
+          "shape":"S3Path",
+          "documentation":"<p>The URI that specifies the S3 path to the Python script module that contains the training script used by an Amazon Braket job.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the Python scripts used for entry and by an Amazon Braket job.</p>"
+    },
     "SearchDevicesFilter":{
       "type":"structure",
       "required":[
@@ -716,6 +1393,91 @@
         }
       }
     },
+    "SearchJobsFilter":{
+      "type":"structure",
+      "required":[
+        "name",
+        "operator",
+        "values"
+      ],
+      "members":{
+        "name":{
+          "shape":"String64",
+          "documentation":"<p>The name to use for the jobs filter.</p>"
+        },
+        "operator":{
+          "shape":"SearchJobsFilterOperator",
+          "documentation":"<p>An operator to use for the jobs filter.</p>"
+        },
+        "values":{
+          "shape":"SearchJobsFilterValuesList",
+          "documentation":"<p>The values to use for the jobs filter.</p>"
+        }
+      },
+      "documentation":"<p>A filter used to search for Amazon Braket jobs.</p>"
+    },
+    "SearchJobsFilterOperator":{
+      "type":"string",
+      "enum":[
+        "LT",
+        "LTE",
+        "EQUAL",
+        "GT",
+        "GTE",
+        "BETWEEN",
+        "CONTAINS"
+      ]
+    },
+    "SearchJobsFilterValuesList":{
+      "type":"list",
+      "member":{"shape":"String256"},
+      "max":10,
+      "min":1
+    },
+    "SearchJobsRequest":{
+      "type":"structure",
+      "required":["filters"],
+      "members":{
+        "filters":{
+          "shape":"SearchJobsRequestFiltersList",
+          "documentation":"<p>The filter values to use when searching for a job.</p>"
+        },
+        "maxResults":{
+          "shape":"SearchJobsRequestMaxResultsInteger",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>A token used for pagination of results returned in the response. Use the token returned from the previous request to continue results where the previous request ended.</p>"
+        }
+      }
+    },
+    "SearchJobsRequestFiltersList":{
+      "type":"list",
+      "member":{"shape":"SearchJobsFilter"},
+      "max":10,
+      "min":0
+    },
+    "SearchJobsRequestMaxResultsInteger":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "SearchJobsResponse":{
+      "type":"structure",
+      "required":["jobs"],
+      "members":{
+        "jobs":{
+          "shape":"JobSummaryList",
+          "documentation":"<p>An array of <code>JobSummary</code> objects for devices that match the specified filter values.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>A token used for pagination of results, or <code>null</code> if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.</p>"
+        }
+      }
+    },
     "SearchQuantumTasksFilter":{
       "type":"structure",
       "required":[
@@ -813,11 +1575,26 @@
       "exception":true
     },
     "String":{"type":"string"},
+    "String1024":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "String2048":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
     "String256":{
       "type":"string",
       "max":256,
       "min":1
     },
+    "String4096":{
+      "type":"string",
+      "max":4096,
+      "min":1
+    },
     "String64":{
       "type":"string",
       "max":64,
@@ -898,6 +1675,12 @@
       "members":{
       }
     },
+    "Uri":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"\\d{10,14}\\.dkr\\.ecr.[a-z0-9-]+\\.amazonaws\\.com\\/.+(@sha256)?:.+"
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/ce/2017-10-25/service-2.json b/contrib/python/botocore/py3/botocore/data/ce/2017-10-25/service-2.json
index edfc5d506d2..e4732688042 100644
--- a/contrib/python/botocore/py3/botocore/data/ce/2017-10-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ce/2017-10-25/service-2.json
@@ -1315,6 +1315,7 @@
         "PLATFORM",
         "SUBSCRIPTION_ID",
         "LEGAL_ENTITY_NAME",
+        "INVOICING_ENTITY",
         "DEPLOYMENT_OPTION",
         "DATABASE_ENGINE",
         "CACHE_ENGINE",
@@ -1554,7 +1555,7 @@
           "documentation":"<p>Determines whether the recommended reservation is size flexible.</p>"
         }
       },
-      "documentation":"<p>Details about the Amazon ES instances that Amazon Web Services recommends that you purchase.</p>"
+      "documentation":"<p>Details about the Amazon OpenSearch Service instances that Amazon Web Services recommends that you purchase.</p>"
     },
     "ElastiCacheInstanceDetails":{
       "type":"structure",
@@ -1810,7 +1811,7 @@
         },
         "Filter":{
           "shape":"Expression",
-          "documentation":"<p>Filters Amazon Web Services costs by different dimensions. For example, you can specify <code>SERVICE</code> and <code>LINKED_ACCOUNT</code> and get the costs that are associated with that account's usage of that service. You can nest <code>Expression</code> objects to define any combination of dimension filters. For more information, see <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a>. </p>"
+          "documentation":"<p>Filters Amazon Web Services costs by different dimensions. For example, you can specify <code>SERVICE</code> and <code>LINKED_ACCOUNT</code> and get the costs that are associated with that account's usage of that service. You can nest <code>Expression</code> objects to define any combination of dimension filters. For more information, see <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a>. </p> <p>Valid values for <code>MatchOptions</code> for <code>CostCategories</code> and <code>Tags</code> are <code>EQUALS</code>, <code>ABSENT</code>, and <code>CASE_SENSITIVE</code>.</p> <p>The default values are <code>EQUALS</code> and <code>CASE_SENSITIVE</code>. Valid values for <code>MatchOptions</code> for <code>Dimensions</code> are <code>EQUALS</code> and <code>CASE_SENSITIVE</code>.</p>"
         },
         "Metrics":{
           "shape":"MetricNames",
@@ -1818,7 +1819,7 @@
         },
         "GroupBy":{
           "shape":"GroupDefinitions",
-          "documentation":"<p>You can group Amazon Web Services costs using up to two different groups, either dimensions, tag keys, cost categories, or any two group by types.</p> <p>Valid values for the <code>DIMENSION</code> type are <code>AZ</code>, <code>INSTANCE_TYPE</code>, <code>LEGAL_ENTITY_NAME</code>, <code>LINKED_ACCOUNT</code>, <code>OPERATION</code>, <code>PLATFORM</code>, <code>PURCHASE_TYPE</code>, <code>SERVICE</code>, <code>TENANCY</code>, <code>RECORD_TYPE</code>, and <code>USAGE_TYPE</code>.</p> <p>When you group by the <code>TAG</code> type and include a valid tag key, you get all tag values, including empty strings.</p>"
+          "documentation":"<p>You can group Amazon Web Services costs using up to two different groups, either dimensions, tag keys, cost categories, or any two group by types.</p> <p>Valid values for the <code>DIMENSION</code> type are <code>AZ</code>, <code>INSTANCE_TYPE</code>, <code>LEGAL_ENTITY_NAME</code>, <code>INVOICING_ENTITY</code>, <code>LINKED_ACCOUNT</code>, <code>OPERATION</code>, <code>PLATFORM</code>, <code>PURCHASE_TYPE</code>, <code>SERVICE</code>, <code>TENANCY</code>, <code>RECORD_TYPE</code>, and <code>USAGE_TYPE</code>.</p> <p>When you group by the <code>TAG</code> type and include a valid tag key, you get all tag values, including empty strings.</p>"
         },
         "NextPageToken":{
           "shape":"NextPageToken",
@@ -1865,7 +1866,7 @@
         },
         "Filter":{
           "shape":"Expression",
-          "documentation":"<p>Filters Amazon Web Services costs by different dimensions. For example, you can specify <code>SERVICE</code> and <code>LINKED_ACCOUNT</code> and get the costs that are associated with that account's usage of that service. You can nest <code>Expression</code> objects to define any combination of dimension filters. For more information, see <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a>. </p> <p>The <code>GetCostAndUsageWithResources</code> operation requires that you either group by or filter by a <code>ResourceId</code>. It requires the <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a> <code>\"SERVICE = Amazon Elastic Compute Cloud - Compute\"</code> in the filter.</p>"
+          "documentation":"<p>Filters Amazon Web Services costs by different dimensions. For example, you can specify <code>SERVICE</code> and <code>LINKED_ACCOUNT</code> and get the costs that are associated with that account's usage of that service. You can nest <code>Expression</code> objects to define any combination of dimension filters. For more information, see <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a>. </p> <p>The <code>GetCostAndUsageWithResources</code> operation requires that you either group by or filter by a <code>ResourceId</code>. It requires the <a href=\"https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_Expression.html\">Expression</a> <code>\"SERVICE = Amazon Elastic Compute Cloud - Compute\"</code> in the filter.</p> <p>Valid values for <code>MatchOptions</code> for <code>CostCategories</code> and <code>Tags</code> are <code>EQUALS</code>, <code>ABSENT</code>, and <code>CASE_SENSITIVE</code>.</p> <p>The default values are <code>EQUALS</code> and <code>CASE_SENSITIVE</code>. Valid values for <code>MatchOptions</code> for <code>Dimensions</code> are <code>EQUALS</code> and <code>CASE_SENSITIVE</code>.</p>"
         },
         "Metrics":{
           "shape":"MetricNames",
@@ -2020,7 +2021,7 @@
         },
         "Context":{
           "shape":"Context",
-          "documentation":"<p>The context for the call to <code>GetDimensionValues</code>. This can be <code>RESERVATIONS</code> or <code>COST_AND_USAGE</code>. The default value is <code>COST_AND_USAGE</code>. If the context is set to <code>RESERVATIONS</code>, the resulting dimension values can be used in the <code>GetReservationUtilization</code> operation. If the context is set to <code>COST_AND_USAGE</code>, the resulting dimension values can be used in the <code>GetCostAndUsage</code> operation.</p> <p>If you set the context to <code>COST_AND_USAGE</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>AZ - The Availability Zone. An example is <code>us-east-1a</code>.</p> </li> <li> <p>DATABASE_ENGINE - The Amazon Relational Database Service database. Examples are Aurora or MySQL.</p> </li> <li> <p>INSTANCE_TYPE - The type of Amazon EC2 instance. An example is <code>m4.xlarge</code>.</p> </li> <li> <p>LEGAL_ENTITY_NAME - The name of the organization that sells you Amazon Web Services services, such as Amazon Web Services.</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>OPERATING_SYSTEM - The operating system. Examples are Windows or Linux.</p> </li> <li> <p>OPERATION - The action performed. Examples include <code>RunInstance</code> and <code>CreateBucket</code>.</p> </li> <li> <p>PLATFORM - The Amazon EC2 operating system. Examples are Windows or Linux.</p> </li> <li> <p>PURCHASE_TYPE - The reservation type of the purchase to which this usage is related. Examples include On-Demand Instances and Standard Reserved Instances.</p> </li> <li> <p>SERVICE - The Amazon Web Services service such as Amazon DynamoDB.</p> </li> <li> <p>USAGE_TYPE - The type of usage. An example is DataTransfer-In-Bytes. The response for the <code>GetDimensionValues</code> operation includes a unit attribute. Examples include GB and Hrs.</p> </li> <li> <p>USAGE_TYPE_GROUP - The grouping of common usage types. An example is Amazon EC2: CloudWatch – Alarms. The response for this operation includes a unit attribute.</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>RECORD_TYPE - The different types of charges such as RI fees, usage costs, tax refunds, and credits.</p> </li> <li> <p>RESOURCE_ID - The unique identifier of the resource. ResourceId is an opt-in feature only available for last 14 days for EC2-Compute Service.</p> </li> </ul> <p>If you set the context to <code>RESERVATIONS</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>AZ - The Availability Zone. An example is <code>us-east-1a</code>.</p> </li> <li> <p>CACHE_ENGINE - The Amazon ElastiCache operating system. Examples are Windows or Linux.</p> </li> <li> <p>DEPLOYMENT_OPTION - The scope of Amazon Relational Database Service deployments. Valid values are <code>SingleAZ</code> and <code>MultiAZ</code>.</p> </li> <li> <p>INSTANCE_TYPE - The type of Amazon EC2 instance. An example is <code>m4.xlarge</code>.</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>PLATFORM - The Amazon EC2 operating system. Examples are Windows or Linux.</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>SCOPE (Utilization only) - The scope of a Reserved Instance (RI). Values are regional or a single Availability Zone.</p> </li> <li> <p>TAG (Coverage only) - The tags that are associated with a Reserved Instance (RI).</p> </li> <li> <p>TENANCY - The tenancy of a resource. Examples are shared or dedicated.</p> </li> </ul> <p>If you set the context to <code>SAVINGS_PLANS</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>SAVINGS_PLANS_TYPE - Type of Savings Plans (EC2 Instance or Compute)</p> </li> <li> <p>PAYMENT_OPTION - Payment option for the given Savings Plans (for example, All Upfront)</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>INSTANCE_TYPE_FAMILY - The family of instances (For example, <code>m5</code>)</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>SAVINGS_PLAN_ARN - The unique identifier for your Savings Plan</p> </li> </ul>"
+          "documentation":"<p>The context for the call to <code>GetDimensionValues</code>. This can be <code>RESERVATIONS</code> or <code>COST_AND_USAGE</code>. The default value is <code>COST_AND_USAGE</code>. If the context is set to <code>RESERVATIONS</code>, the resulting dimension values can be used in the <code>GetReservationUtilization</code> operation. If the context is set to <code>COST_AND_USAGE</code>, the resulting dimension values can be used in the <code>GetCostAndUsage</code> operation.</p> <p>If you set the context to <code>COST_AND_USAGE</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>AZ - The Availability Zone. An example is <code>us-east-1a</code>.</p> </li> <li> <p>BILLING_ENTITY - The Amazon Web Services seller that your account is with. Possible values are the following:</p> <p>- Amazon Web Services(Amazon Web Services): The entity that sells Amazon Web Services services.</p> <p>- AISPL (Amazon Internet Services Pvt. Ltd.): The local Indian entity that is an acting reseller for Amazon Web Services services in India.</p> <p>- Amazon Web Services Marketplace: The entity that supports the sale of solutions built on Amazon Web Services by third-party software providers.</p> </li> <li> <p>CACHE_ENGINE - The Amazon ElastiCache operating system. Examples are Windows or Linux.</p> </li> <li> <p>DEPLOYMENT_OPTION - The scope of Amazon Relational Database Service deployments. Valid values are <code>SingleAZ</code> and <code>MultiAZ</code>.</p> </li> <li> <p>DATABASE_ENGINE - The Amazon Relational Database Service database. Examples are Aurora or MySQL.</p> </li> <li> <p>INSTANCE_TYPE - The type of Amazon EC2 instance. An example is <code>m4.xlarge</code>.</p> </li> <li> <p>INSTANCE_TYPE_FAMILY - A family of instance types optimized to fit different use cases. Examples are <code>Compute Optimized</code> (<code>C4</code>, <code>C5</code>, <code>C6g</code>, <code>C7g</code> etc.), <code>Memory Optimization</code> (<code>R4</code>, <code>R5n</code>, <code>R5b</code>, <code>R6g</code> etc).</p> </li> <li> <p>INVOICING_ENTITY - The name of the entity issuing the Amazon Web Services invoice.</p> </li> <li> <p>LEGAL_ENTITY_NAME - The name of the organization that sells you Amazon Web Services services, such as Amazon Web Services.</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>OPERATING_SYSTEM - The operating system. Examples are Windows or Linux.</p> </li> <li> <p>OPERATION - The action performed. Examples include <code>RunInstance</code> and <code>CreateBucket</code>.</p> </li> <li> <p>PLATFORM - The Amazon EC2 operating system. Examples are Windows or Linux.</p> </li> <li> <p>PURCHASE_TYPE - The reservation type of the purchase to which this usage is related. Examples include On-Demand Instances and Standard Reserved Instances.</p> </li> <li> <p>RESERVATION_ID - The unique identifier for an Amazon Web Services Reservation Instance.</p> </li> <li> <p>SAVINGS_PLAN_ARN - The unique identifier for your Savings Plans.</p> </li> <li> <p>SAVINGS_PLANS_TYPE - Type of Savings Plans (EC2 Instance or Compute).</p> </li> <li> <p>SERVICE - The Amazon Web Services service such as Amazon DynamoDB.</p> </li> <li> <p>TENANCY - The tenancy of a resource. Examples are shared or dedicated.</p> </li> <li> <p>USAGE_TYPE - The type of usage. An example is DataTransfer-In-Bytes. The response for the <code>GetDimensionValues</code> operation includes a unit attribute. Examples include GB and Hrs.</p> </li> <li> <p>USAGE_TYPE_GROUP - The grouping of common usage types. An example is Amazon EC2: CloudWatch – Alarms. The response for this operation includes a unit attribute.</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>RECORD_TYPE - The different types of charges such as RI fees, usage costs, tax refunds, and credits.</p> </li> <li> <p>RESOURCE_ID - The unique identifier of the resource. ResourceId is an opt-in feature only available for last 14 days for EC2-Compute Service.</p> </li> </ul> <p>If you set the context to <code>RESERVATIONS</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>AZ - The Availability Zone. An example is <code>us-east-1a</code>.</p> </li> <li> <p>CACHE_ENGINE - The Amazon ElastiCache operating system. Examples are Windows or Linux.</p> </li> <li> <p>DEPLOYMENT_OPTION - The scope of Amazon Relational Database Service deployments. Valid values are <code>SingleAZ</code> and <code>MultiAZ</code>.</p> </li> <li> <p>INSTANCE_TYPE - The type of Amazon EC2 instance. An example is <code>m4.xlarge</code>.</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>PLATFORM - The Amazon EC2 operating system. Examples are Windows or Linux.</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>SCOPE (Utilization only) - The scope of a Reserved Instance (RI). Values are regional or a single Availability Zone.</p> </li> <li> <p>TAG (Coverage only) - The tags that are associated with a Reserved Instance (RI).</p> </li> <li> <p>TENANCY - The tenancy of a resource. Examples are shared or dedicated.</p> </li> </ul> <p>If you set the context to <code>SAVINGS_PLANS</code>, you can use the following dimensions for searching:</p> <ul> <li> <p>SAVINGS_PLANS_TYPE - Type of Savings Plans (EC2 Instance or Compute)</p> </li> <li> <p>PAYMENT_OPTION - Payment option for the given Savings Plans (for example, All Upfront)</p> </li> <li> <p>REGION - The Amazon Web Services Region.</p> </li> <li> <p>INSTANCE_TYPE_FAMILY - The family of instances (For example, <code>m5</code>)</p> </li> <li> <p>LINKED_ACCOUNT - The description in the attribute map that includes the full name of the member account. The value field contains the Amazon Web Services ID of the member account.</p> </li> <li> <p>SAVINGS_PLAN_ARN - The unique identifier for your Savings Plans.</p> </li> </ul>"
         },
         "Filter":{"shape":"Expression"},
         "SortBy":{
@@ -2073,7 +2074,7 @@
         },
         "GroupBy":{
           "shape":"GroupDefinitions",
-          "documentation":"<p>You can group the data by the following attributes:</p> <ul> <li> <p>AZ</p> </li> <li> <p>CACHE_ENGINE</p> </li> <li> <p>DATABASE_ENGINE</p> </li> <li> <p>DEPLOYMENT_OPTION</p> </li> <li> <p>INSTANCE_TYPE</p> </li> <li> <p>LINKED_ACCOUNT</p> </li> <li> <p>OPERATING_SYSTEM</p> </li> <li> <p>PLATFORM</p> </li> <li> <p>REGION</p> </li> <li> <p>TENANCY</p> </li> </ul>"
+          "documentation":"<p>You can group the data by the following attributes:</p> <ul> <li> <p>AZ</p> </li> <li> <p>CACHE_ENGINE</p> </li> <li> <p>DATABASE_ENGINE</p> </li> <li> <p>DEPLOYMENT_OPTION</p> </li> <li> <p>INSTANCE_TYPE</p> </li> <li> <p>INVOICING_ENTITY</p> </li> <li> <p>LINKED_ACCOUNT</p> </li> <li> <p>OPERATING_SYSTEM</p> </li> <li> <p>PLATFORM</p> </li> <li> <p>REGION</p> </li> <li> <p>TENANCY</p> </li> </ul>"
         },
         "Granularity":{
           "shape":"Granularity",
@@ -2678,7 +2679,7 @@
         },
         "ESInstanceDetails":{
           "shape":"ESInstanceDetails",
-          "documentation":"<p>The Amazon ES instances that Amazon Web Services recommends that you purchase.</p>"
+          "documentation":"<p>The Amazon OpenSearch Service instances that Amazon Web Services recommends that you purchase.</p>"
         }
       },
       "documentation":"<p>Details about the instances that Amazon Web Services recommends that you purchase.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json b/contrib/python/botocore/py3/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json
index 9091bcbcb12..b39e8ceb4cc 100644
--- a/contrib/python/botocore/py3/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/chime-sdk-meetings/2021-07-15/service-2.json
@@ -27,7 +27,7 @@
         {"shape":"ForbiddenException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates a group of meeting attendees.</p>"
+      "documentation":"<p>Creates up to 100 attendees for an active Amazon Chime SDK meeting. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\">Using the Amazon Chime SDK</a> in the <i>Amazon Chime Developer Guide</i>.</p>"
     },
     "CreateAttendee":{
       "name":"CreateAttendee",
@@ -208,7 +208,7 @@
           "documentation":"<p>The Amazon Chime SDK external user ID. An idempotency token. Links the attendee to an identity managed by a builder application.</p>"
         },
         "AttendeeId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK attendee ID.</p>"
         },
         "JoinToken":{
@@ -222,6 +222,16 @@
       "type":"list",
       "member":{"shape":"Attendee"}
     },
+    "AudioFeatures":{
+      "type":"structure",
+      "members":{
+        "EchoReduction":{
+          "shape":"MeetingFeatureStatus",
+          "documentation":"<p>Makes echo reduction available to clients who connect to the meeting.</p>"
+        }
+      },
+      "documentation":"<p>An optional category of meeting features that contains audio-specific configurations, such as operating parameters for Amazon Voice Focus.</p>"
+    },
     "BadRequestException":{
       "type":"structure",
       "members":{
@@ -248,7 +258,7 @@
       ],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK ID of the meeting to which you're adding attendees.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -272,6 +282,7 @@
         }
       }
     },
+    "Boolean":{"type":"boolean"},
     "ClientRequestToken":{
       "type":"string",
       "max":64,
@@ -305,7 +316,7 @@
       ],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The unique ID of the meeting.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -356,8 +367,8 @@
           "idempotencyToken":true
         },
         "MediaRegion":{
-          "shape":"String",
-          "documentation":"<p>The Region in which to create the meeting. Default: <code>us-east-1</code>.</p> <p> Available values: <code>af-south-1</code> , <code>ap-northeast-1</code> , <code>ap-northeast-2</code> , <code>ap-south-1</code> , <code>ap-southeast-1</code> , <code>ap-southeast-2</code> , <code>ca-central-1</code> , <code>eu-central-1</code> , <code>eu-north-1</code> , <code>eu-south-1</code> , <code>eu-west-1</code> , <code>eu-west-2</code> , <code>eu-west-3</code> , <code>sa-east-1</code> , <code>us-east-1</code> , <code>us-east-2</code> , <code>us-west-1</code> , <code>us-west-2</code> . </p>"
+          "shape":"MediaRegion",
+          "documentation":"<p>The Region in which to create the meeting.</p> <p> Available values: <code>af-south-1</code> , <code>ap-northeast-1</code> , <code>ap-northeast-2</code> , <code>ap-south-1</code> , <code>ap-southeast-1</code> , <code>ap-southeast-2</code> , <code>ca-central-1</code> , <code>eu-central-1</code> , <code>eu-north-1</code> , <code>eu-south-1</code> , <code>eu-west-1</code> , <code>eu-west-2</code> , <code>eu-west-3</code> , <code>sa-east-1</code> , <code>us-east-1</code> , <code>us-east-2</code> , <code>us-west-1</code> , <code>us-west-2</code> . </p>"
         },
         "MeetingHostId":{
           "shape":"ExternalUserId",
@@ -370,6 +381,10 @@
         "NotificationsConfiguration":{
           "shape":"NotificationsConfiguration",
           "documentation":"<p>The configuration for resource targets to receive notifications when meeting and attendee events occur.</p>"
+        },
+        "MeetingFeatures":{
+          "shape":"MeetingFeaturesConfiguration",
+          "documentation":"<p>Lists the audio and video features enabled for a meeting, such as echo reduction.</p>"
         }
       }
     },
@@ -397,8 +412,8 @@
           "idempotencyToken":true
         },
         "MediaRegion":{
-          "shape":"String",
-          "documentation":"<p>The Region in which to create the meeting. Default: <code>us-east-1</code>.</p>"
+          "shape":"MediaRegion",
+          "documentation":"<p>The Region in which to create the meeting.</p>"
         },
         "MeetingHostId":{
           "shape":"ExternalUserId",
@@ -408,6 +423,10 @@
           "shape":"ExternalMeetingId",
           "documentation":"<p>The external meeting ID.</p>"
         },
+        "MeetingFeatures":{
+          "shape":"MeetingFeaturesConfiguration",
+          "documentation":"<p>Lists the audio and video features enabled for a meeting, such as echo reduction.</p>"
+        },
         "NotificationsConfiguration":{
           "shape":"NotificationsConfiguration",
           "documentation":"<p>The configuration for resource targets to receive notifications when meeting and attendee events occur.</p>"
@@ -449,13 +468,13 @@
       ],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK meeting ID.</p>",
           "location":"uri",
           "locationName":"MeetingId"
         },
         "AttendeeId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK attendee ID.</p>",
           "location":"uri",
           "locationName":"AttendeeId"
@@ -467,7 +486,7 @@
       "required":["MeetingId"],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK meeting ID.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -501,6 +520,10 @@
         "Region":{
           "shape":"TranscribeMedicalRegion",
           "documentation":"<p>The AWS Region passed to Amazon Transcribe Medical. If you don't specify a Region, Amazon Chime uses the meeting's Region.</p>"
+        },
+        "ContentIdentificationType":{
+          "shape":"TranscribeMedicalContentIdentificationType",
+          "documentation":"<p>Set this field to <code>PHI</code> to identify personal health information in the transcription output.</p>"
         }
       },
       "documentation":"<p>Settings specific to the Amazon Transcribe Medical engine.</p>"
@@ -528,6 +551,30 @@
         "Region":{
           "shape":"TranscribeRegion",
           "documentation":"<p>The AWS Region passed to Amazon Transcribe. If you don't specify a Region, Amazon Chime uses the meeting's Region.</p>"
+        },
+        "EnablePartialResultsStabilization":{
+          "shape":"Boolean",
+          "documentation":"<p>Generates partial transcription results that are less likely to change as meeting attendees speak. It does so by only allowing the last few words from the partial results to change.</p>"
+        },
+        "PartialResultsStability":{
+          "shape":"TranscribePartialResultsStability",
+          "documentation":"<p>The stabity level of a partial results transcription. Determines how stable you want the transcription results to be. A higher level means the transcription results are less likely to change.</p>"
+        },
+        "ContentIdentificationType":{
+          "shape":"TranscribeContentIdentificationType",
+          "documentation":"<p>Set this field to <code>PII</code> to identify personally identifiable information in the transcription output.</p>"
+        },
+        "ContentRedactionType":{
+          "shape":"TranscribeContentRedactionType",
+          "documentation":"<p>Set this field to <code>PII</code> to redact personally identifiable information in the transcription output. Content redaction is performed only upon complete transcription of the audio segments.</p> <p>You can’t set <code>ContentRedactionType</code> and <code>ContentIdentificationType</code> in the same request. If you set both, your request returns a <code>BadRequestException</code>.</p>"
+        },
+        "PiiEntityTypes":{
+          "shape":"TranscribePiiEntityTypes",
+          "documentation":"<p>Lists the PII entity types you want to identify or redact. To specify entity types, you must enable <code>ContentIdentificationType</code> or <code>ContentRedactionType</code>.</p> <p>PIIEntityTypes must be comma-separated. The available values are: <code>BANK_ACCOUNT_NUMBER</code>, <code>BANK_ROUTING, CREDIT_DEBIT_NUMBER</code>, <code>CREDIT_DEBIT_CVV</code>, <code>CREDIT_DEBIT_EXPIRY</code>, <code>PIN</code>, <code>EMAIL</code>, <code>ADDRESS</code>, <code>NAME</code>, <code>PHONE</code>, <code>SSN</code>, and <code>ALL</code>.</p> <p> <code>PiiEntityTypes</code> is an optional parameter with a default value of <code>ALL</code>.</p>"
+        },
+        "LanguageModelName":{
+          "shape":"TranscribeLanguageModelName",
+          "documentation":"<p>The name of the language model used during transcription.</p>"
         }
       },
       "documentation":"<p>Settings specific to the Amazon Transcribe engine.</p>"
@@ -566,13 +613,13 @@
       ],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK meeting ID.</p>",
           "location":"uri",
           "locationName":"MeetingId"
         },
         "AttendeeId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK attendee ID.</p>",
           "location":"uri",
           "locationName":"AttendeeId"
@@ -593,7 +640,7 @@
       "required":["MeetingId"],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK meeting ID.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -615,7 +662,7 @@
     },
     "JoinTokenString":{
       "type":"string",
-      "max":4096,
+      "max":2048,
       "min":2,
       "sensitive":true
     },
@@ -638,7 +685,7 @@
       "required":["MeetingId"],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The Amazon Chime SDK meeting ID.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -708,6 +755,11 @@
       },
       "documentation":"<p>A set of endpoints used by clients to connect to the media service group for an Amazon Chime SDK meeting.</p>"
     },
+    "MediaRegion":{
+      "type":"string",
+      "max":64,
+      "min":2
+    },
     "Meeting":{
       "type":"structure",
       "members":{
@@ -724,16 +776,37 @@
           "documentation":"<p>The external meeting ID.</p>"
         },
         "MediaRegion":{
-          "shape":"String",
+          "shape":"MediaRegion",
           "documentation":"<p>The Region in which you create the meeting. Available values: <code>af-south-1</code>, <code>ap-northeast-1</code>, <code>ap-northeast-2</code>, <code>ap-south-1</code>, <code>ap-southeast-1</code>, <code>ap-southeast-2</code>, <code>ca-central-1</code>, <code>eu-central-1</code>, <code>eu-north-1</code>, <code>eu-south-1</code>, <code>eu-west-1</code>, <code>eu-west-2</code>, <code>eu-west-3</code>, <code>sa-east-1</code>, <code>us-east-1</code>, <code>us-east-2</code>, <code>us-west-1</code>, <code>us-west-2</code>.</p>"
         },
         "MediaPlacement":{
           "shape":"MediaPlacement",
           "documentation":"<p>The media placement for the meeting.</p>"
+        },
+        "MeetingFeatures":{
+          "shape":"MeetingFeaturesConfiguration",
+          "documentation":"<p>The features available to a meeting, such as Amazon Voice Focus.</p>"
         }
       },
       "documentation":"<p>A meeting created using the Amazon Chime SDK.</p>"
     },
+    "MeetingFeatureStatus":{
+      "type":"string",
+      "enum":[
+        "AVAILABLE",
+        "UNAVAILABLE"
+      ]
+    },
+    "MeetingFeaturesConfiguration":{
+      "type":"structure",
+      "members":{
+        "Audio":{
+          "shape":"AudioFeatures",
+          "documentation":"<p>The configuration settings for the audio features available to a meeting. </p>"
+        }
+      },
+      "documentation":"<p>The configuration settings of the features available to a meeting.</p>"
+    },
     "NotFoundException":{
       "type":"structure",
       "members":{
@@ -801,7 +874,7 @@
       ],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The unique ID of the meeting being transcribed.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -817,7 +890,7 @@
       "required":["MeetingId"],
       "members":{
         "MeetingId":{
-          "shape":"String",
+          "shape":"GuidString",
           "documentation":"<p>The unique ID of the meeting for which you stop transcription.</p>",
           "location":"uri",
           "locationName":"MeetingId"
@@ -828,6 +901,14 @@
       "type":"string",
       "max":4096
     },
+    "TranscribeContentIdentificationType":{
+      "type":"string",
+      "enum":["PII"]
+    },
+    "TranscribeContentRedactionType":{
+      "type":"string",
+      "enum":["PII"]
+    },
     "TranscribeLanguageCode":{
       "type":"string",
       "enum":[
@@ -845,6 +926,16 @@
         "zh-CN"
       ]
     },
+    "TranscribeLanguageModelName":{
+      "type":"string",
+      "max":200,
+      "min":1,
+      "pattern":"^[0-9a-zA-Z._-]+"
+    },
+    "TranscribeMedicalContentIdentificationType":{
+      "type":"string",
+      "enum":["PHI"]
+    },
     "TranscribeMedicalLanguageCode":{
       "type":"string",
       "enum":["en-US"]
@@ -879,6 +970,20 @@
         "DICTATION"
       ]
     },
+    "TranscribePartialResultsStability":{
+      "type":"string",
+      "enum":[
+        "low",
+        "medium",
+        "high"
+      ]
+    },
+    "TranscribePiiEntityTypes":{
+      "type":"string",
+      "max":300,
+      "min":1,
+      "pattern":"^[A-Z_, ]+"
+    },
     "TranscribeRegion":{
       "type":"string",
       "enum":[
diff --git a/contrib/python/botocore/py3/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json b/contrib/python/botocore/py3/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json
index 2e5dd830374..a38dabe5151 100644
--- a/contrib/python/botocore/py3/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/chime-sdk-messaging/2021-05-15/service-2.json
@@ -1394,6 +1394,14 @@
         "Metadata":{
           "shape":"Metadata",
           "documentation":"<p>The message metadata.</p>"
+        },
+        "PushNotification":{
+          "shape":"PushNotificationConfiguration",
+          "documentation":"<p>The push notification configuration of the message.</p>"
+        },
+        "MessageAttributes":{
+          "shape":"MessageAttributeMap",
+          "documentation":"<p>The attributes for the message, used for message filtering along with a <code>FilterRule</code> defined in the <code>PushNotificationPreferences</code>. </p>"
         }
       },
       "documentation":"<p>Stores information about a callback.</p>"
@@ -2603,7 +2611,7 @@
         },
         "Type":{
           "shape":"ChannelMembershipType",
-          "documentation":"<p>The membership type of a user, <code>DEFAULT</code> or <code>HIDDEN</code>. Default members are always returned as part of <code>ListChannelMemberships</code>. Hidden members are only returned if the type filter in <code>ListChannelMemberships</code> equals <code>HIDDEN</code>. Otherwise hidden members are not returned.</p>",
+          "documentation":"<p>The membership type of a user, <code>DEFAULT</code> or <code>HIDDEN</code>. Default members are returned as part of <code>ListChannelMemberships</code> if no type is specified. Hidden members are only returned if the type filter in <code>ListChannelMemberships</code> equals <code>HIDDEN</code>.</p>",
           "location":"querystring",
           "locationName":"type"
         },
@@ -3071,11 +3079,6 @@
     },
     "PushNotificationConfiguration":{
       "type":"structure",
-      "required":[
-        "Title",
-        "Body",
-        "Type"
-      ],
       "members":{
         "Title":{
           "shape":"PushNotificationTitle",
diff --git a/contrib/python/botocore/py3/botocore/data/chime/2018-05-01/service-2.json b/contrib/python/botocore/py3/botocore/data/chime/2018-05-01/service-2.json
index 1a720d95366..1f173dde914 100644
--- a/contrib/python/botocore/py3/botocore/data/chime/2018-05-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/chime/2018-05-01/service-2.json
@@ -7047,6 +7047,10 @@
         "Region":{
           "shape":"TranscribeMedicalRegion",
           "documentation":"<p>The AWS Region passed to Amazon Transcribe Medical. If you don't specify a Region, Amazon Chime uses the meeting's Region.</p>"
+        },
+        "ContentIdentificationType":{
+          "shape":"TranscribeMedicalContentIdentificationType",
+          "documentation":"<p>Set this field to <code>PHI</code> to identify personal health information in the transcription output.</p>"
         }
       },
       "documentation":"<p>Settings specific to the Amazon Transcribe Medical engine.</p>"
@@ -7074,6 +7078,30 @@
         "Region":{
           "shape":"TranscribeRegion",
           "documentation":"<p>The AWS Region passed to Amazon Transcribe. If you don't specify a Region, Amazon Chime uses the meeting's Region.</p>"
+        },
+        "EnablePartialResultsStabilization":{
+          "shape":"Boolean",
+          "documentation":"<p>Generates partial transcription results that are less likely to change as meeting attendees speak. It does so by only allowing the last few words from the partial results to change.</p>"
+        },
+        "PartialResultsStability":{
+          "shape":"TranscribePartialResultsStability",
+          "documentation":"<p>The stabity level of a partial results transcription. Determines how stable you want the transcription results to be. A higher level means the transcription results are less likely to change.</p>"
+        },
+        "ContentIdentificationType":{
+          "shape":"TranscribeContentIdentificationType",
+          "documentation":"<p>Set this field to <code>PII</code> to identify personal health information in the transcription output.</p>"
+        },
+        "ContentRedactionType":{
+          "shape":"TranscribeContentRedactionType",
+          "documentation":"<p>Set this field to <code>PII</code> to redact personally identifiable information in the transcription output. Content redaction is performed only upon complete transcription of the audio segments.</p>"
+        },
+        "PiiEntityTypes":{
+          "shape":"TranscribePiiEntityTypes",
+          "documentation":"<p>Lists the PII entity types you want to identify or redact. To specify entity types, you must enable <code>ContentIdentificationType</code> or <code>ContentRedactionType</code>.</p> <p> <code>PIIEntityTypes</code> must be comma-separated. The available values are: <code>BANK_ACCOUNT_NUMBER</code>, <code>BANK_ROUTING, CREDIT_DEBIT_NUMBER</code>, <code>CREDIT_DEBIT_CVV</code>, <code>CREDIT_DEBIT_EXPIRY</code>, <code>PIN</code>, <code>EMAIL</code>, <code>ADDRESS</code>, <code>NAME</code>, <code>PHONE</code>, <code>SSN</code>, and <code>ALL</code>.</p> <p> <code>PiiEntityTypes</code> is an optional parameter with a default value of <code>ALL</code>.</p>"
+        },
+        "LanguageModelName":{
+          "shape":"TranscribeLanguageModelName",
+          "documentation":"<p>The name of the language model used during transcription.</p>"
         }
       },
       "documentation":"<p>Settings specific to the Amazon Transcribe engine.</p>"
@@ -11288,6 +11316,14 @@
       "min":3,
       "pattern":"^8(00|33|44|55|66|77|88)$"
     },
+    "TranscribeContentIdentificationType":{
+      "type":"string",
+      "enum":["PII"]
+    },
+    "TranscribeContentRedactionType":{
+      "type":"string",
+      "enum":["PII"]
+    },
     "TranscribeLanguageCode":{
       "type":"string",
       "enum":[
@@ -11305,6 +11341,16 @@
         "zh-CN"
       ]
     },
+    "TranscribeLanguageModelName":{
+      "type":"string",
+      "max":200,
+      "min":1,
+      "pattern":"^[0-9a-zA-Z._-]+"
+    },
+    "TranscribeMedicalContentIdentificationType":{
+      "type":"string",
+      "enum":["PHI"]
+    },
     "TranscribeMedicalLanguageCode":{
       "type":"string",
       "enum":["en-US"]
@@ -11339,6 +11385,20 @@
         "DICTATION"
       ]
     },
+    "TranscribePartialResultsStability":{
+      "type":"string",
+      "enum":[
+        "low",
+        "medium",
+        "high"
+      ]
+    },
+    "TranscribePiiEntityTypes":{
+      "type":"string",
+      "max":300,
+      "min":1,
+      "pattern":"^[A-Z_, ]+"
+    },
     "TranscribeRegion":{
       "type":"string",
       "enum":[
@@ -12463,5 +12523,5 @@
       "documentation":"<p>The Amazon Chime Voice Connector settings. Includes any Amazon S3 buckets designated for storing call detail records.</p>"
     }
   },
-  "documentation":"<p>The Amazon Chime API (application programming interface) is designed for developers to perform key tasks, such as creating and managing Amazon Chime accounts, users, and Voice Connectors. This guide provides detailed information about the Amazon Chime API, including operations, types, inputs and outputs, and error codes. It also includes some server-side API actions to use with the Amazon Chime SDK. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\"> Using the Amazon Chime SDK </a> in the <i>Amazon Chime Developer Guide</i>.</p> <p>You can use an AWS SDK, the AWS Command Line Interface (AWS CLI), or the REST API to make API calls. We recommend using an AWS SDK or the AWS CLI. Each API operation includes links to information about using it with a language-specific AWS SDK or the AWS CLI.</p> <dl> <dt>Using an AWS SDK</dt> <dd> <p> You don't need to write code to calculate a signature for request authentication. The SDK clients authenticate your requests by using access keys that you provide. For more information about AWS SDKs, see the <a href=\"http://aws.amazon.com/developer/\">AWS Developer Center</a>. </p> </dd> <dt>Using the AWS CLI</dt> <dd> <p>Use your access keys with the AWS CLI to make API calls. For information about setting up the AWS CLI, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/installing.html\">Installing the AWS Command Line Interface</a> in the <i>AWS Command Line Interface User Guide</i>. For a list of available Amazon Chime commands, see the <a href=\"https://docs.aws.amazon.com/cli/latest/reference/chime/index.html\">Amazon Chime commands</a> in the <i>AWS CLI Command Reference</i>. </p> </dd> <dt>Using REST APIs</dt> <dd> <p>If you use REST to make API calls, you must authenticate your request by providing a signature. Amazon Chime supports signature version 4. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a> in the <i>Amazon Web Services General Reference</i>.</p> <p>When making REST API calls, use the service name <code>chime</code> and REST endpoint <code>https://service.chime.aws.amazon.com</code>.</p> </dd> </dl> <p>Administrative permissions are controlled using AWS Identity and Access Management (IAM). For more information, see <a href=\"https://docs.aws.amazon.com/chime/latest/ag/security-iam.html\">Identity and Access Management for Amazon Chime</a> in the <i>Amazon Chime Administration Guide</i>.</p>"
+  "documentation":"<p>The Amazon Chime API (application programming interface) is designed for developers to perform key tasks, such as creating and managing Amazon Chime accounts, users, and Voice Connectors. This guide provides detailed information about the Amazon Chime API, including operations, types, inputs and outputs, and error codes. It also includes API actions for use with the Amazon Chime SDK, which developers use to build their own communication applications. For more information about the Amazon Chime SDK, see <a href=\"https://docs.aws.amazon.com/chime/latest/dg/meetings-sdk.html\"> Using the Amazon Chime SDK </a> in the <i>Amazon Chime Developer Guide</i>.</p> <p>You can use an AWS SDK, the AWS Command Line Interface (AWS CLI), or the REST API to make API calls. We recommend using an AWS SDK or the AWS CLI. Each API operation includes links to information about using it with a language-specific AWS SDK or the AWS CLI.</p> <dl> <dt>Using an AWS SDK</dt> <dd> <p> You don't need to write code to calculate a signature for request authentication. The SDK clients authenticate your requests by using access keys that you provide. For more information about AWS SDKs, see the <a href=\"http://aws.amazon.com/developer/\">AWS Developer Center</a>. </p> </dd> <dt>Using the AWS CLI</dt> <dd> <p>Use your access keys with the AWS CLI to make API calls. For information about setting up the AWS CLI, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/installing.html\">Installing the AWS Command Line Interface</a> in the <i>AWS Command Line Interface User Guide</i>. For a list of available Amazon Chime commands, see the <a href=\"https://docs.aws.amazon.com/cli/latest/reference/chime/index.html\">Amazon Chime commands</a> in the <i>AWS CLI Command Reference</i>. </p> </dd> <dt>Using REST APIs</dt> <dd> <p>If you use REST to make API calls, you must authenticate your request by providing a signature. Amazon Chime supports signature version 4. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a> in the <i>Amazon Web Services General Reference</i>.</p> <p>When making REST API calls, use the service name <code>chime</code> and REST endpoint <code>https://service.chime.aws.amazon.com</code>.</p> </dd> </dl> <p>Administrative permissions are controlled using AWS Identity and Access Management (IAM). For more information, see <a href=\"https://docs.aws.amazon.com/chime/latest/ag/security-iam.html\">Identity and Access Management for Amazon Chime</a> in the <i>Amazon Chime Administration Guide</i>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/cloudformation/2010-05-15/service-2.json b/contrib/python/botocore/py3/botocore/data/cloudformation/2010-05-15/service-2.json
index ee8070224af..15b3ecfb4ca 100644
--- a/contrib/python/botocore/py3/botocore/data/cloudformation/2010-05-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/cloudformation/2010-05-15/service-2.json
@@ -56,7 +56,7 @@
       "errors":[
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>Cancels an update on the specified stack. If the call completes successfully, the stack rolls back the update and reverts to the previous stack configuration.</p> <note> <p>You can cancel only stacks that are in the UPDATE_IN_PROGRESS state.</p> </note>"
+      "documentation":"<p>Cancels an update on the specified stack. If the call completes successfully, the stack rolls back the update and reverts to the previous stack configuration.</p> <note> <p>You can cancel only stacks that are in the <code>UPDATE_IN_PROGRESS</code> state.</p> </note>"
     },
     "ContinueUpdateRollback":{
       "name":"ContinueUpdateRollback",
@@ -72,7 +72,7 @@
       "errors":[
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>For a specified stack that is in the <code>UPDATE_ROLLBACK_FAILED</code> state, continues rolling it back to the <code>UPDATE_ROLLBACK_COMPLETE</code> state. Depending on the cause of the failure, you can manually <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed\"> fix the error</a> and continue the rollback. By continuing the rollback, you can return your stack to a working state (the <code>UPDATE_ROLLBACK_COMPLETE</code> state), and then try to update the stack again.</p> <p>A stack goes into the <code>UPDATE_ROLLBACK_FAILED</code> state when CloudFormation cannot roll back all changes after a failed stack update. For example, you might have a stack that is rolling back to an old database instance that was deleted outside of CloudFormation. Because CloudFormation doesn't know the database was deleted, it assumes that the database instance still exists and attempts to roll back to it, causing the update rollback to fail.</p>"
+      "documentation":"<p>For a specified stack that's in the <code>UPDATE_ROLLBACK_FAILED</code> state, continues rolling it back to the <code>UPDATE_ROLLBACK_COMPLETE</code> state. Depending on the cause of the failure, you can manually <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed\"> fix the error</a> and continue the rollback. By continuing the rollback, you can return your stack to a working state (the <code>UPDATE_ROLLBACK_COMPLETE</code> state), and then try to update the stack again.</p> <p>A stack goes into the <code>UPDATE_ROLLBACK_FAILED</code> state when CloudFormation can't roll back all changes after a failed stack update. For example, you might have a stack that's rolling back to an old database instance that was deleted outside of CloudFormation. Because CloudFormation doesn't know the database was deleted, it assumes that the database instance still exists and attempts to roll back to it, causing the update rollback to fail.</p>"
     },
     "CreateChangeSet":{
       "name":"CreateChangeSet",
@@ -90,7 +90,7 @@
         {"shape":"InsufficientCapabilitiesException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates a list of changes that will be applied to a stack so that you can review the changes before executing them. You can create a change set for a stack that doesn't exist or an existing stack. If you create a change set for a stack that doesn't exist, the change set shows all of the resources that CloudFormation will create. If you create a change set for an existing stack, CloudFormation compares the stack's information with the information that you submit in the change set and lists the differences. Use change sets to understand which resources CloudFormation will create or change, and how it will change resources in an existing stack, before you create or update a stack.</p> <p>To create a change set for a stack that doesn't exist, for the <code>ChangeSetType</code> parameter, specify <code>CREATE</code>. To create a change set for an existing stack, specify <code>UPDATE</code> for the <code>ChangeSetType</code> parameter. To create a change set for an import operation, specify <code>IMPORT</code> for the <code>ChangeSetType</code> parameter. After the <code>CreateChangeSet</code> call successfully completes, CloudFormation starts creating the change set. To check the status of the change set or to review it, use the <a>DescribeChangeSet</a> action.</p> <p>When you are satisfied with the changes the change set will make, execute the change set by using the <a>ExecuteChangeSet</a> action. CloudFormation doesn't make changes until you execute the change set.</p> <p>To create a change set for the entire stack hierachy, set <code>IncludeNestedStacks</code> to <code>True</code>.</p>"
+      "documentation":"<p>Creates a list of changes that will be applied to a stack so that you can review the changes before executing them. You can create a change set for a stack that doesn't exist or an existing stack. If you create a change set for a stack that doesn't exist, the change set shows all of the resources that CloudFormation will create. If you create a change set for an existing stack, CloudFormation compares the stack's information with the information that you submit in the change set and lists the differences. Use change sets to understand which resources CloudFormation will create or change, and how it will change resources in an existing stack, before you create or update a stack.</p> <p>To create a change set for a stack that doesn't exist, for the <code>ChangeSetType</code> parameter, specify <code>CREATE</code>. To create a change set for an existing stack, specify <code>UPDATE</code> for the <code>ChangeSetType</code> parameter. To create a change set for an import operation, specify <code>IMPORT</code> for the <code>ChangeSetType</code> parameter. After the <code>CreateChangeSet</code> call successfully completes, CloudFormation starts creating the change set. To check the status of the change set or to review it, use the <a>DescribeChangeSet</a> action.</p> <p>When you are satisfied with the changes the change set will make, execute the change set by using the <a>ExecuteChangeSet</a> action. CloudFormation doesn't make changes until you execute the change set.</p> <p>To create a change set for the entire stack hierarchy, set <code>IncludeNestedStacks</code> to <code>True</code>.</p>"
     },
     "CreateStack":{
       "name":"CreateStack",
@@ -109,7 +109,7 @@
         {"shape":"TokenAlreadyExistsException"},
         {"shape":"InsufficientCapabilitiesException"}
       ],
-      "documentation":"<p>Creates a stack as specified in the template. After the call completes successfully, the stack creation starts. You can check the status of the stack via the <a>DescribeStacks</a> API.</p>"
+      "documentation":"<p>Creates a stack as specified in the template. After the call completes successfully, the stack creation starts. You can check the status of the stack through the <a>DescribeStacks</a>operation.</p>"
     },
     "CreateStackInstances":{
       "name":"CreateStackInstances",
@@ -130,7 +130,7 @@
         {"shape":"InvalidOperationException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates stack instances for the specified accounts, within the specified Regions. A stack instance refers to a stack in a specific account and Region. You must specify at least one value for either <code>Accounts</code> or <code>DeploymentTargets</code>, and you must specify at least one value for <code>Regions</code>.</p>"
+      "documentation":"<p>Creates stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region. You must specify at least one value for either <code>Accounts</code> or <code>DeploymentTargets</code>, and you must specify at least one value for <code>Regions</code>.</p>"
     },
     "CreateStackSet":{
       "name":"CreateStackSet",
@@ -165,7 +165,7 @@
         {"shape":"CFNRegistryException"},
         {"shape":"TypeNotFoundException"}
       ],
-      "documentation":"<p>Deactivates a public extension that was previously activated in this account and region.</p> <p>Once deactivated, an extension cannot be used in any CloudFormation operation. This includes stack update operations where the stack template includes the extension, even if no updates are being made to the extension. In addition, deactivated extensions are not automatically updated if a new version of the extension is released.</p>",
+      "documentation":"<p>Deactivates a public extension that was previously activated in this account and region.</p> <p>Once deactivated, an extension can't be used in any CloudFormation operation. This includes stack update operations where the stack template includes the extension, even if no updates are being made to the extension. In addition, deactivated extensions aren't automatically updated if a new version of the extension is released.</p>",
       "idempotent":true
     },
     "DeleteChangeSet":{
@@ -194,7 +194,7 @@
       "errors":[
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>Deletes a specified stack. Once the call completes successfully, stack deletion starts. Deleted stacks do not show up in the <a>DescribeStacks</a> API if the deletion has been completed successfully.</p>"
+      "documentation":"<p>Deletes a specified stack. Once the call completes successfully, stack deletion starts. Deleted stacks don't show up in the <a>DescribeStacks</a> operation if the deletion has been completed successfully.</p>"
     },
     "DeleteStackInstances":{
       "name":"DeleteStackInstances",
@@ -214,7 +214,7 @@
         {"shape":"StaleRequestException"},
         {"shape":"InvalidOperationException"}
       ],
-      "documentation":"<p>Deletes stack instances for the specified accounts, in the specified Regions.</p>"
+      "documentation":"<p>Deletes stack instances for the specified accounts, in the specified Amazon Web Services Regions.</p>"
     },
     "DeleteStackSet":{
       "name":"DeleteStackSet",
@@ -248,7 +248,7 @@
         {"shape":"CFNRegistryException"},
         {"shape":"TypeNotFoundException"}
       ],
-      "documentation":"<p>Marks an extension or extension version as <code>DEPRECATED</code> in the CloudFormation registry, removing it from active use. Deprecated extensions or extension versions cannot be used in CloudFormation operations.</p> <p>To deregister an entire extension, you must individually deregister all active versions of that extension. If an extension has only a single active version, deregistering that version results in the extension itself being deregistered and marked as deprecated in the registry. </p> <p>You cannot deregister the default version of an extension if there are other active version of that extension. If you do deregister the default version of an extension, the textensionype itself is deregistered as well and marked as deprecated. </p> <p>To view the deprecation status of an extension or extension version, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a>.</p>",
+      "documentation":"<p>Marks an extension or extension version as <code>DEPRECATED</code> in the CloudFormation registry, removing it from active use. Deprecated extensions or extension versions cannot be used in CloudFormation operations.</p> <p>To deregister an entire extension, you must individually deregister all active versions of that extension. If an extension has only a single active version, deregistering that version results in the extension itself being deregistered and marked as deprecated in the registry.</p> <p>You can't deregister the default version of an extension if there are other active version of that extension. If you do deregister the default version of an extension, the extension type itself is deregistered as well and marked as deprecated.</p> <p>To view the deprecation status of an extension or extension version, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a>.</p>",
       "idempotent":true
     },
     "DescribeAccountLimits":{
@@ -262,7 +262,7 @@
         "shape":"DescribeAccountLimitsOutput",
         "resultWrapper":"DescribeAccountLimitsResult"
       },
-      "documentation":"<p>Retrieves your account's CloudFormation limits, such as the maximum number of stacks that you can create in your account. For more information about account limits, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">CloudFormation Limits</a> in the <i>CloudFormation User Guide</i>.</p>"
+      "documentation":"<p>Retrieves your account's CloudFormation limits, such as the maximum number of stacks that you can create in your account. For more information about account limits, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">CloudFormation Quotas</a> in the <i>CloudFormation User Guide</i>.</p>"
     },
     "DescribeChangeSet":{
       "name":"DescribeChangeSet",
@@ -280,6 +280,22 @@
       ],
       "documentation":"<p>Returns the inputs for the change set and a list of changes that CloudFormation will make if you execute the change set. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-changesets.html\">Updating Stacks Using Change Sets</a> in the CloudFormation User Guide.</p>"
     },
+    "DescribeChangeSetHooks":{
+      "name":"DescribeChangeSetHooks",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeChangeSetHooksInput"},
+      "output":{
+        "shape":"DescribeChangeSetHooksOutput",
+        "resultWrapper":"DescribeChangeSetHooksResult"
+      },
+      "errors":[
+        {"shape":"ChangeSetNotFoundException"}
+      ],
+      "documentation":"<p>Returns hook-related information for the change set and a list of changes that CloudFormation makes when you run the change set.</p>"
+    },
     "DescribePublisher":{
       "name":"DescribePublisher",
       "http":{
@@ -294,7 +310,7 @@
       "errors":[
         {"shape":"CFNRegistryException"}
       ],
-      "documentation":"<p>Returns information about a CloudFormation extension publisher.</p> <p>If you do not supply a <code>PublisherId</code>, and you have registered as an extension publisher, <code>DescribePublisher</code> returns information about your own publisher account. </p> <p>For more information on registering as a publisher, see:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html\">RegisterPublisher</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation CLI User Guide</i> </p> </li> </ul>",
+      "documentation":"<p>Returns information about a CloudFormation extension publisher.</p> <p>If you don't supply a <code>PublisherId</code>, and you have registered as an extension publisher, <code>DescribePublisher</code> returns information about your own publisher account.</p> <p>For more information on registering as a publisher, see:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterPublisher.html\">RegisterPublisher</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation CLI User Guide</i> </p> </li> </ul>",
       "idempotent":true
     },
     "DescribeStackDriftDetectionStatus":{
@@ -364,7 +380,7 @@
         "shape":"DescribeStackResourceDriftsOutput",
         "resultWrapper":"DescribeStackResourceDriftsResult"
       },
-      "documentation":"<p>Returns drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where CloudFormation detects configuration drift.</p> <p>For a given stack, there will be one <code>StackResourceDrift</code> for each stack resource that has been checked for drift. Resources that haven't yet been checked for drift are not included. Resources that do not currently support drift detection are not checked, and so not included. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p>Use <a>DetectStackResourceDrift</a> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all supported resources for a given stack.</p>"
+      "documentation":"<p>Returns drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where CloudFormation detects configuration drift.</p> <p>For a given stack, there will be one <code>StackResourceDrift</code> for each stack resource that has been checked for drift. Resources that haven't yet been checked for drift aren't included. Resources that don't currently support drift detection aren't checked, and so not included. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p>Use <a>DetectStackResourceDrift</a> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all supported resources for a given stack.</p>"
     },
     "DescribeStackResources":{
       "name":"DescribeStackResources",
@@ -393,7 +409,7 @@
       "errors":[
         {"shape":"StackSetNotFoundException"}
       ],
-      "documentation":"<p>Returns the description of the specified stack set. </p>"
+      "documentation":"<p>Returns the description of the specified stack set.</p>"
     },
     "DescribeStackSetOperation":{
       "name":"DescribeStackSetOperation",
@@ -410,7 +426,7 @@
         {"shape":"StackSetNotFoundException"},
         {"shape":"OperationNotFoundException"}
       ],
-      "documentation":"<p>Returns the description of the specified stack set operation. </p>"
+      "documentation":"<p>Returns the description of the specified stack set operation.</p>"
     },
     "DescribeStacks":{
       "name":"DescribeStacks",
@@ -423,7 +439,7 @@
         "shape":"DescribeStacksOutput",
         "resultWrapper":"DescribeStacksResult"
       },
-      "documentation":"<p>Returns the description for the specified stack; if no stack name was specified, then it returns the description for all the stacks created.</p> <note> <p>If the stack does not exist, an <code>ValidationError</code> is returned.</p> </note>"
+      "documentation":"<p>Returns the description for the specified stack; if no stack name was specified, then it returns the description for all the stacks created.</p> <note> <p>If the stack doesn't exist, an <code>ValidationError</code> is returned.</p> </note>"
     },
     "DescribeType":{
       "name":"DescribeType",
@@ -471,7 +487,7 @@
         "shape":"DetectStackDriftOutput",
         "resultWrapper":"DetectStackDriftResult"
       },
-      "documentation":"<p>Detects whether a stack's actual configuration differs, or has <i>drifted</i>, from it's expected configuration, as defined in the stack template and any values specified as template parameters. For each resource in the stack that supports drift detection, CloudFormation compares the actual configuration of the resource with its expected template configuration. Only resource properties explicitly defined in the stack template are checked for drift. A stack is considered to have drifted if one or more of its resources differ from their expected template configurations. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Use <code>DetectStackDrift</code> to detect drift on all supported resources for a given stack, or <a>DetectStackResourceDrift</a> to detect drift on individual resources.</p> <p>For a list of stack resources that currently support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p> <code>DetectStackDrift</code> can take up to several minutes, depending on the number of resources contained within the stack. Use <a>DescribeStackDriftDetectionStatus</a> to monitor the progress of a detect stack drift operation. Once the drift detection operation has completed, use <a>DescribeStackResourceDrifts</a> to return drift information about the stack and its resources.</p> <p>When detecting drift on a stack, CloudFormation does not detect drift on any nested stacks belonging to that stack. Perform <code>DetectStackDrift</code> directly on the nested stack itself.</p>"
+      "documentation":"<p>Detects whether a stack's actual configuration differs, or has <i>drifted</i>, from it's expected configuration, as defined in the stack template and any values specified as template parameters. For each resource in the stack that supports drift detection, CloudFormation compares the actual configuration of the resource with its expected template configuration. Only resource properties explicitly defined in the stack template are checked for drift. A stack is considered to have drifted if one or more of its resources differ from their expected template configurations. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Use <code>DetectStackDrift</code> to detect drift on all supported resources for a given stack, or <a>DetectStackResourceDrift</a> to detect drift on individual resources.</p> <p>For a list of stack resources that currently support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p> <code>DetectStackDrift</code> can take up to several minutes, depending on the number of resources contained within the stack. Use <a>DescribeStackDriftDetectionStatus</a> to monitor the progress of a detect stack drift operation. Once the drift detection operation has completed, use <a>DescribeStackResourceDrifts</a> to return drift information about the stack and its resources.</p> <p>When detecting drift on a stack, CloudFormation doesn't detect drift on any nested stacks belonging to that stack. Perform <code>DetectStackDrift</code> directly on the nested stack itself.</p>"
     },
     "DetectStackResourceDrift":{
       "name":"DetectStackResourceDrift",
@@ -484,7 +500,7 @@
         "shape":"DetectStackResourceDriftOutput",
         "resultWrapper":"DetectStackResourceDriftResult"
       },
-      "documentation":"<p>Returns information about whether a resource's actual configuration differs, or has <i>drifted</i>, from it's expected configuration, as defined in the stack template and any values specified as template parameters. This information includes actual and expected property values for resources in which CloudFormation detects drift. Only resource properties explicitly defined in the stack template are checked for drift. For more information about stack and resource drift, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Use <code>DetectStackResourceDrift</code> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all resources in a given stack that support drift detection.</p> <p>Resources that do not currently support drift detection cannot be checked. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p>"
+      "documentation":"<p>Returns information about whether a resource's actual configuration differs, or has <i>drifted</i>, from it's expected configuration, as defined in the stack template and any values specified as template parameters. This information includes actual and expected property values for resources in which CloudFormation detects drift. Only resource properties explicitly defined in the stack template are checked for drift. For more information about stack and resource drift, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Use <code>DetectStackResourceDrift</code> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all resources in a given stack that support drift detection.</p> <p>Resources that don't currently support drift detection can't be checked. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p>"
     },
     "DetectStackSetDrift":{
       "name":"DetectStackSetDrift",
@@ -502,7 +518,7 @@
         {"shape":"OperationInProgressException"},
         {"shape":"StackSetNotFoundException"}
       ],
-      "documentation":"<p>Detect drift on a stack set. When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">How CloudFormation Performs Drift Detection on a Stack Set</a>.</p> <p> <code>DetectStackSetDrift</code> returns the <code>OperationId</code> of the stack set drift detection operation. Use this operation id with <code> <a>DescribeStackSetOperation</a> </code> to monitor the progress of the drift detection operation. The drift detection operation may take some time, depending on the number of stack instances included in the stack set, as well as the number of resources included in each stack.</p> <p>Once the operation has completed, use the following actions to return drift information:</p> <ul> <li> <p>Use <code> <a>DescribeStackSet</a> </code> to return detailed information about the stack set, including detailed information about the last <i>completed</i> drift operation performed on the stack set. (Information about drift operations that are in progress is not included.)</p> </li> <li> <p>Use <code> <a>ListStackInstances</a> </code> to return a list of stack instances belonging to the stack set, including the drift status and last drift time checked of each instance.</p> </li> <li> <p>Use <code> <a>DescribeStackInstance</a> </code> to return detailed information about a specific stack instance, including its drift status and last drift time checked.</p> </li> </ul> <p>For more information on performing a drift detection operation on a stack set, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting Unmanaged Changes in Stack Sets</a>. </p> <p>You can only run a single drift detection operation on a given stack set at one time. </p> <p>To stop a drift detection stack set operation, use <code> <a>StopStackSetOperation</a> </code>.</p>"
+      "documentation":"<p>Detect drift on a stack set. When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">How CloudFormation performs drift detection on a stack set</a>.</p> <p> <code>DetectStackSetDrift</code> returns the <code>OperationId</code> of the stack set drift detection operation. Use this operation id with <code> <a>DescribeStackSetOperation</a> </code> to monitor the progress of the drift detection operation. The drift detection operation may take some time, depending on the number of stack instances included in the stack set, in addition to the number of resources included in each stack.</p> <p>Once the operation has completed, use the following actions to return drift information:</p> <ul> <li> <p>Use <code> <a>DescribeStackSet</a> </code> to return detailed information about the stack set, including detailed information about the last <i>completed</i> drift operation performed on the stack set. (Information about drift operations that are in progress isn't included.)</p> </li> <li> <p>Use <code> <a>ListStackInstances</a> </code> to return a list of stack instances belonging to the stack set, including the drift status and last drift time checked of each instance.</p> </li> <li> <p>Use <code> <a>DescribeStackInstance</a> </code> to return detailed information about a specific stack instance, including its drift status and last drift time checked.</p> </li> </ul> <p>For more information on performing a drift detection operation on a stack set, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting unmanaged changes in stack sets</a>.</p> <p>You can only run a single drift detection operation on a given stack set at one time.</p> <p>To stop a drift detection stack set operation, use <code> <a>StopStackSetOperation</a> </code>.</p>"
     },
     "EstimateTemplateCost":{
       "name":"EstimateTemplateCost",
@@ -534,7 +550,7 @@
         {"shape":"InsufficientCapabilitiesException"},
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>Updates a stack using the input information that was provided when the specified change set was created. After the call successfully completes, CloudFormation starts updating the stack. Use the <a>DescribeStacks</a> action to view the status of the update.</p> <p>When you execute a change set, CloudFormation deletes all other change sets associated with the stack because they aren't valid for the updated stack.</p> <p>If a stack policy is associated with the stack, CloudFormation enforces the policy during the update. You can't specify a temporary stack policy that overrides the current policy.</p> <p>To create a change set for the entire stack hierachy, <code>IncludeNestedStacks</code> must have been set to <code>True</code>.</p>"
+      "documentation":"<p>Updates a stack using the input information that was provided when the specified change set was created. After the call successfully completes, CloudFormation starts updating the stack. Use the <a>DescribeStacks</a> action to view the status of the update.</p> <p>When you execute a change set, CloudFormation deletes all other change sets associated with the stack because they aren't valid for the updated stack.</p> <p>If a stack policy is associated with the stack, CloudFormation enforces the policy during the update. You can't specify a temporary stack policy that overrides the current policy.</p> <p>To create a change set for the entire stack hierarchy, <code>IncludeNestedStacks</code> must have been set to <code>True</code>.</p>"
     },
     "GetStackPolicy":{
       "name":"GetStackPolicy",
@@ -563,7 +579,7 @@
       "errors":[
         {"shape":"ChangeSetNotFoundException"}
       ],
-      "documentation":"<p>Returns the template body for a specified stack. You can get the template for running or deleted stacks.</p> <p>For deleted stacks, GetTemplate returns the template for up to 90 days after the stack has been deleted.</p> <note> <p>If the template does not exist, a <code>ValidationError</code> is returned.</p> </note>"
+      "documentation":"<p>Returns the template body for a specified stack. You can get the template for running or deleted stacks.</p> <p>For deleted stacks, <code>GetTemplate</code> returns the template for up to 90 days after the stack has been deleted.</p> <note> <p>If the template doesn't exist, a <code>ValidationError</code> is returned.</p> </note>"
     },
     "GetTemplateSummary":{
       "name":"GetTemplateSummary",
@@ -579,7 +595,7 @@
       "errors":[
         {"shape":"StackSetNotFoundException"}
       ],
-      "documentation":"<p>Returns information about a new or existing template. The <code>GetTemplateSummary</code> action is useful for viewing parameter information, such as default parameter values and parameter types, before you create or update a stack or stack set.</p> <p>You can use the <code>GetTemplateSummary</code> action when you submit a template, or you can get template information for a stack set, or a running or deleted stack.</p> <p>For deleted stacks, <code>GetTemplateSummary</code> returns the template information for up to 90 days after the stack has been deleted. If the template does not exist, a <code>ValidationError</code> is returned.</p>"
+      "documentation":"<p>Returns information about a new or existing template. The <code>GetTemplateSummary</code> action is useful for viewing parameter information, such as default parameter values and parameter types, before you create or update a stack or stack set.</p> <p>You can use the <code>GetTemplateSummary</code> action when you submit a template, or you can get template information for a stack set, or a running or deleted stack.</p> <p>For deleted stacks, <code>GetTemplateSummary</code> returns the template information for up to 90 days after the stack has been deleted. If the template doesn't exist, a <code>ValidationError</code> is returned.</p>"
     },
     "ImportStacksToStackSet":{
       "name":"ImportStacksToStackSet",
@@ -627,7 +643,7 @@
         "shape":"ListExportsOutput",
         "resultWrapper":"ListExportsResult"
       },
-      "documentation":"<p>Lists all exported output values in the account and Region in which you call this action. Use this action to see the exported output values that you can import into other stacks. To import values, use the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html\"> <code>Fn::ImportValue</code> </a> function.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html\"> CloudFormation Export Stack Output Values</a>.</p>"
+      "documentation":"<p>Lists all exported output values in the account and Region in which you call this action. Use this action to see the exported output values that you can import into other stacks. To import values, use the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html\"> <code>Fn::ImportValue</code> </a> function.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-exports.html\"> CloudFormation export stack output values</a>.</p>"
     },
     "ListImports":{
       "name":"ListImports",
@@ -686,7 +702,7 @@
         {"shape":"StackSetNotFoundException"},
         {"shape":"OperationNotFoundException"}
       ],
-      "documentation":"<p>Returns summary information about the results of a stack set operation. </p>"
+      "documentation":"<p>Returns summary information about the results of a stack set operation.</p>"
     },
     "ListStackSetOperations":{
       "name":"ListStackSetOperations",
@@ -702,7 +718,7 @@
       "errors":[
         {"shape":"StackSetNotFoundException"}
       ],
-      "documentation":"<p>Returns summary information about operations performed on a stack set. </p>"
+      "documentation":"<p>Returns summary information about operations performed on a stack set.</p>"
     },
     "ListStackSets":{
       "name":"ListStackSets",
@@ -814,7 +830,7 @@
         {"shape":"InvalidStateTransitionException"},
         {"shape":"OperationStatusCheckFailedException"}
       ],
-      "documentation":"<p>Reports progress of a resource handler to CloudFormation.</p> <p>Reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. Do not use this API in your code.</p>",
+      "documentation":"<p>Reports progress of a resource handler to CloudFormation.</p> <p>Reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. Don't use this API in your code.</p>",
       "idempotent":true
     },
     "RegisterPublisher":{
@@ -848,7 +864,7 @@
       "errors":[
         {"shape":"CFNRegistryException"}
       ],
-      "documentation":"<p>Registers an extension with the CloudFormation service. Registering an extension makes it available for use in CloudFormation templates in your Amazon Web Services account, and includes:</p> <ul> <li> <p>Validating the extension schema</p> </li> <li> <p>Determining which handlers, if any, have been specified for the extension</p> </li> <li> <p>Making the extension available for use in your account</p> </li> </ul> <p>For more information on how to develop extensions and ready them for registeration, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html\">Creating Resource Providers</a> in the <i>CloudFormation CLI User Guide</i>.</p> <p>You can have a maximum of 50 resource extension versions registered at a time. This maximum is per account and per region. Use <a href=\"AWSCloudFormation/latest/APIReference/API_DeregisterType.html\">DeregisterType</a> to deregister specific extension versions if necessary.</p> <p>Once you have initiated a registration request using <code> <a>RegisterType</a> </code>, you can use <code> <a>DescribeTypeRegistration</a> </code> to monitor the progress of the registration request.</p> <p>Once you have registered a private extension in your account and region, use <a href=\"AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html\">SetTypeConfiguration</a> to specify configuration properties for the extension. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration\">Configuring extensions at the account level</a> in the <i>CloudFormation User Guide</i>.</p>",
+      "documentation":"<p>Registers an extension with the CloudFormation service. Registering an extension makes it available for use in CloudFormation templates in your Amazon Web Services account, and includes:</p> <ul> <li> <p>Validating the extension schema.</p> </li> <li> <p>Determining which handlers, if any, have been specified for the extension.</p> </li> <li> <p>Making the extension available for use in your account.</p> </li> </ul> <p>For more information on how to develop extensions and ready them for registration, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-types.html\">Creating Resource Providers</a> in the <i>CloudFormation CLI User Guide</i>.</p> <p>You can have a maximum of 50 resource extension versions registered at a time. This maximum is per account and per region. Use <a href=\"AWSCloudFormation/latest/APIReference/API_DeregisterType.html\">DeregisterType</a> to deregister specific extension versions if necessary.</p> <p>Once you have initiated a registration request using <code> <a>RegisterType</a> </code>, you can use <code> <a>DescribeTypeRegistration</a> </code> to monitor the progress of the registration request.</p> <p>Once you have registered a private extension in your account and region, use <a href=\"AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html\">SetTypeConfiguration</a> to specify configuration properties for the extension. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration\">Configuring extensions at the account level</a> in the <i>CloudFormation User Guide</i>.</p>",
       "idempotent":true
     },
     "RollbackStack":{
@@ -865,7 +881,7 @@
       "errors":[
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>When specifying <code>RollbackStack</code>, you preserve the state of previously provisioned resources when an operation fails. You can check the status of the stack through the <a>DescribeStacks</a> API.</p> <p>Rolls back the specified stack to the last known stable state from <code>CREATE_FAILED</code> or <code>UPDATE_FAILED</code> stack statuses.</p> <p>This operation will delete a stack if it doesn't contain a last known stable state. A last known stable state includes any status in a <code>*_COMPLETE</code>. This includes the following stack statuses.</p> <ul> <li> <p> <code>CREATE_COMPLETE</code> </p> </li> <li> <p> <code>UPDATE_COMPLETE</code> </p> </li> <li> <p> <code>UPDATE_ROLLBACK_COMPLETE</code> </p> </li> <li> <p> <code>IMPORT_COMPLETE</code> </p> </li> <li> <p> <code>IMPORT_ROLLBACK_COMPLETE</code> </p> </li> </ul>"
+      "documentation":"<p>When specifying <code>RollbackStack</code>, you preserve the state of previously provisioned resources when an operation fails. You can check the status of the stack through the <a>DescribeStacks</a> operation.</p> <p>Rolls back the specified stack to the last known stable state from <code>CREATE_FAILED</code> or <code>UPDATE_FAILED</code> stack statuses.</p> <p>This operation will delete a stack if it doesn't contain a last known stable state. A last known stable state includes any status in a <code>*_COMPLETE</code>. This includes the following stack statuses.</p> <ul> <li> <p> <code>CREATE_COMPLETE</code> </p> </li> <li> <p> <code>UPDATE_COMPLETE</code> </p> </li> <li> <p> <code>UPDATE_ROLLBACK_COMPLETE</code> </p> </li> <li> <p> <code>IMPORT_COMPLETE</code> </p> </li> <li> <p> <code>IMPORT_ROLLBACK_COMPLETE</code> </p> </li> </ul>"
     },
     "SetStackPolicy":{
       "name":"SetStackPolicy",
@@ -891,7 +907,7 @@
         {"shape":"CFNRegistryException"},
         {"shape":"TypeNotFoundException"}
       ],
-      "documentation":"<p>Specifies the configuration data for a registered CloudFormation extension, in the given account and region.</p> <p>To view the current configuration data for an extension, refer to the <code>ConfigurationSchema</code> element of <a href=\"AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration\">Configuring extensions at the account level</a> in the <i>CloudFormation User Guide</i>.</p> <important> <p>It is strongly recommended that you use dynamic references to restrict sensitive configuration definitions, such as third-party credentials. For more details on dynamic references, see <a href=\"https://docs.aws.amazon.com/\">Using dynamic references to specify template values</a> in the <i>CloudFormation User Guide</i>.</p> </important>"
+      "documentation":"<p>Specifies the configuration data for a registered CloudFormation extension, in the given account and region.</p> <p>To view the current configuration data for an extension, refer to the <code>ConfigurationSchema</code> element of <a href=\"AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration\">Configuring extensions at the account level</a> in the <i>CloudFormation User Guide</i>.</p> <important> <p>It's strongly recommended that you use dynamic references to restrict sensitive configuration definitions, such as third-party credentials. For more details on dynamic references, see <a href=\"https://docs.aws.amazon.com/\">Using dynamic references to specify template values</a> in the <i>CloudFormation User Guide</i>.</p> </important>"
     },
     "SetTypeDefaultVersion":{
       "name":"SetTypeDefaultVersion",
@@ -918,7 +934,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"SignalResourceInput"},
-      "documentation":"<p>Sends a signal to the specified resource with a success or failure status. You can use the SignalResource API in conjunction with a creation policy or update policy. CloudFormation doesn't proceed with a stack creation or update until resources receive the required number of signals or the timeout period is exceeded. The SignalResource API is useful in cases where you want to send signals from anywhere other than an Amazon EC2 instance.</p>"
+      "documentation":"<p>Sends a signal to the specified resource with a success or failure status. You can use the <code>SignalResource</code> operation in conjunction with a creation policy or update policy. CloudFormation doesn't proceed with a stack creation or update until resources receive the required number of signals or the timeout period is exceeded. The <code>SignalResource</code> operation is useful in cases where you want to send signals from anywhere other than an Amazon EC2 instance.</p>"
     },
     "StopStackSetOperation":{
       "name":"StopStackSetOperation",
@@ -936,7 +952,7 @@
         {"shape":"OperationNotFoundException"},
         {"shape":"InvalidOperationException"}
       ],
-      "documentation":"<p>Stops an in-progress operation on a stack set and its associated stack instances. </p>"
+      "documentation":"<p>Stops an in-progress operation on a stack set and its associated stack instances. StackSets will cancel all the unstarted stack instance deployments and wait for those are in-progress to complete.</p>"
     },
     "TestType":{
       "name":"TestType",
@@ -953,7 +969,7 @@
         {"shape":"CFNRegistryException"},
         {"shape":"TypeNotFoundException"}
       ],
-      "documentation":"<p>Tests a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry.</p> <ul> <li> <p>For resource types, this includes passing all contracts tests defined for the type.</p> </li> <li> <p>For modules, this includes determining if the module's model meets all necessary requirements.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing\">Testing your public extension prior to publishing</a> in the <i>CloudFormation CLI User Guide</i>.</p> <p>If you do not specify a version, CloudFormation uses the default version of the extension in your account and region for testing.</p> <p>To perform testing, CloudFormation assumes the execution role specified when the type was registered. For more information, see <a href=\"AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>Once you've initiated testing on an extension using <code>TestType</code>, you can use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a> to monitor the current test status and test status description for the extension.</p> <p>An extension must have a test status of <code>PASSED</code> before it can be published. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation CLI User Guide</i>.</p>",
+      "documentation":"<p>Tests a registered extension to make sure it meets all necessary requirements for being published in the CloudFormation registry.</p> <ul> <li> <p>For resource types, this includes passing all contracts tests defined for the type.</p> </li> <li> <p>For modules, this includes determining if the module's model meets all necessary requirements.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/publish-extension.html#publish-extension-testing\">Testing your public extension prior to publishing</a> in the <i>CloudFormation CLI User Guide</i>.</p> <p>If you don't specify a version, CloudFormation uses the default version of the extension in your account and region for testing.</p> <p>To perform testing, CloudFormation assumes the execution role specified when the type was registered. For more information, see <a href=\"AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>Once you've initiated testing on an extension using <code>TestType</code>, you can use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeType.html\">DescribeType</a> to monitor the current test status and test status description for the extension.</p> <p>An extension must have a test status of <code>PASSED</code> before it can be published. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation CLI User Guide</i>.</p>",
       "idempotent":true
     },
     "UpdateStack":{
@@ -971,7 +987,7 @@
         {"shape":"InsufficientCapabilitiesException"},
         {"shape":"TokenAlreadyExistsException"}
       ],
-      "documentation":"<p>Updates a stack as specified in the template. After the call completes successfully, the stack update starts. You can check the status of the stack via the <a>DescribeStacks</a> action.</p> <p>To get a copy of the template for an existing stack, you can use the <a>GetTemplate</a> action.</p> <p>For more information about creating an update template, updating a stack, and monitoring the progress of the update, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html\">Updating a Stack</a>.</p>"
+      "documentation":"<p>Updates a stack as specified in the template. After the call completes successfully, the stack update starts. You can check the status of the stack through the <a>DescribeStacks</a> action.</p> <p>To get a copy of the template for an existing stack, you can use the <a>GetTemplate</a> action.</p> <p>For more information about creating an update template, updating a stack, and monitoring the progress of the update, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html\">Updating a Stack</a>.</p>"
     },
     "UpdateStackInstances":{
       "name":"UpdateStackInstances",
@@ -992,7 +1008,7 @@
         {"shape":"StaleRequestException"},
         {"shape":"InvalidOperationException"}
       ],
-      "documentation":"<p>Updates the parameter values for stack instances for the specified accounts, within the specified Regions. A stack instance refers to a stack in a specific account and Region. </p> <p>You can only update stack instances in Regions and accounts where they already exist; to create additional stack instances, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html\">CreateStackInstances</a>. </p> <p>During stack set updates, any parameters overridden for a stack instance are not updated, but retain their overridden value.</p> <p>You can only update the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using <code>UpdateStackInstances</code>.</p>"
+      "documentation":"<p>Updates the parameter values for stack instances for the specified accounts, within the specified Amazon Web Services Regions. A stack instance refers to a stack in a specific account and Region.</p> <p>You can only update stack instances in Amazon Web Services Regions and accounts where they already exist; to create additional stack instances, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStackInstances.html\">CreateStackInstances</a>.</p> <p>During stack set updates, any parameters overridden for a stack instance aren't updated, but retain their overridden value.</p> <p>You can only update the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using <code>UpdateStackInstances</code>.</p>"
     },
     "UpdateStackSet":{
       "name":"UpdateStackSet",
@@ -1013,7 +1029,7 @@
         {"shape":"InvalidOperationException"},
         {"shape":"StackInstanceNotFoundException"}
       ],
-      "documentation":"<p>Updates the stack set, and associated stack instances in the specified accounts and Regions.</p> <p>Even if the stack set operation created by updating the stack set fails (completely or partially, below or above a specified failure tolerance), the stack set is updated with your changes. Subsequent <a>CreateStackInstances</a> calls on the specified stack set use the updated stack set.</p>"
+      "documentation":"<p>Updates the stack set, and associated stack instances in the specified accounts and Amazon Web Services Regions.</p> <p>Even if the stack set operation created by updating the stack set fails (completely or partially, below or above a specified failure tolerance), the stack set is updated with your changes. Subsequent <a>CreateStackInstances</a> calls on the specified stack set use the updated stack set.</p>"
     },
     "UpdateTerminationProtection":{
       "name":"UpdateTerminationProtection",
@@ -1026,7 +1042,7 @@
         "shape":"UpdateTerminationProtectionOutput",
         "resultWrapper":"UpdateTerminationProtectionResult"
       },
-      "documentation":"<p>Updates termination protection for the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>.</p> <p>For <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and cannot be changed directly on the nested stack.</p>"
+      "documentation":"<p>Updates termination protection for the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>.</p> <p>For <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and can't be changed directly on the nested stack.</p>"
     },
     "ValidateTemplate":{
       "name":"ValidateTemplate",
@@ -1053,7 +1069,7 @@
       "members":{
         "Status":{
           "shape":"AccountGateStatus",
-          "documentation":"<p>The status of the account gate function.</p> <ul> <li> <p> <code>SUCCEEDED</code>: The account gate function has determined that the account and Region passes any requirements for a stack set operation to occur. CloudFormation proceeds with the stack operation in that account and Region. </p> </li> <li> <p> <code>FAILED</code>: The account gate function has determined that the account and Region does not meet the requirements for a stack set operation to occur. AWS CloudFormation cancels the stack set operation in that account and Region, and sets the stack set operation result status for that account and Region to <code>FAILED</code>. </p> </li> <li> <p> <code>SKIPPED</code>: CloudFormation has skipped calling the account gate function for this account and Region, for one of the following reasons:</p> <ul> <li> <p>An account gate function has not been specified for the account and Region. CloudFormation proceeds with the stack set operation in this account and Region.</p> </li> <li> <p>The <code>AWSCloudFormationStackSetExecutionRole</code> of the stack set adminstration account lacks permissions to invoke the function. CloudFormation proceeds with the stack set operation in this account and Region.</p> </li> <li> <p>Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the stack set operation in this account and Region.</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The status of the account gate function.</p> <ul> <li> <p> <code>SUCCEEDED</code>: The account gate function has determined that the account and Region passes any requirements for a stack set operation to occur. CloudFormation proceeds with the stack operation in that account and Region.</p> </li> <li> <p> <code>FAILED</code>: The account gate function has determined that the account and Region doesn't meet the requirements for a stack set operation to occur. CloudFormation cancels the stack set operation in that account and Region, and sets the stack set operation result status for that account and Region to <code>FAILED</code>.</p> </li> <li> <p> <code>SKIPPED</code>: CloudFormation has skipped calling the account gate function for this account and Region, for one of the following reasons:</p> <ul> <li> <p>An account gate function hasn't been specified for the account and Region. CloudFormation proceeds with the stack set operation in this account and Region.</p> </li> <li> <p>The <code>AWSCloudFormationStackSetExecutionRole</code> of the stack set administration account lacks permissions to invoke the function. CloudFormation proceeds with the stack set operation in this account and Region.</p> </li> <li> <p>Either no action is necessary, or no action is possible, on the stack. CloudFormation skips the stack set operation in this account and Region.</p> </li> </ul> </li> </ul>"
         },
         "StatusReason":{
           "shape":"AccountGateStatusReason",
@@ -1080,10 +1096,10 @@
         },
         "Value":{
           "shape":"LimitValue",
-          "documentation":"<p>The value that is associated with the account limit name.</p>"
+          "documentation":"<p>The value that's associated with the account limit name.</p>"
         }
       },
-      "documentation":"<p>The AccountLimit data type. </p> <p>CloudFormation has the following limits per account:</p> <ul> <li> <p>Number of concurrent resources</p> </li> <li> <p>Number of stacks</p> </li> <li> <p>Number of stack outputs</p> </li> </ul> <p>For more information about these account limits, and other CloudFormation limits, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">CloudFormation Limits</a> in the <i>CloudFormation User Guide</i>.</p>"
+      "documentation":"<p>The AccountLimit data type.</p> <p>CloudFormation has the following limits per account:</p> <ul> <li> <p>Number of concurrent resources</p> </li> <li> <p>Number of stacks</p> </li> <li> <p>Number of stack outputs</p> </li> </ul> <p>For more information about these account limits, and other CloudFormation limits, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">CloudFormation quotas</a> in the <i>CloudFormation User Guide</i>.</p>"
     },
     "AccountLimitList":{
       "type":"list",
@@ -1266,7 +1282,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
@@ -1305,6 +1321,10 @@
           "shape":"ChangeType",
           "documentation":"<p>The type of entity that CloudFormation changes. Currently, the only entity type is <code>Resource</code>.</p>"
         },
+        "HookInvocationCount":{
+          "shape":"HookInvocationCount",
+          "documentation":"<p>Is either <code>null</code>, if no hooks invoke for the resource, or contains the number of hooks that will invoke for the resource.</p>"
+        },
         "ResourceChange":{
           "shape":"ResourceChange",
           "documentation":"<p>A <code>ResourceChange</code> structure that describes the resource and action that CloudFormation will perform.</p>"
@@ -1322,6 +1342,80 @@
         "Dynamic"
       ]
     },
+    "ChangeSetHook":{
+      "type":"structure",
+      "members":{
+        "InvocationPoint":{
+          "shape":"HookInvocationPoint",
+          "documentation":"<p>Specifies the points in provisioning logic where a hook is invoked.</p>"
+        },
+        "FailureMode":{
+          "shape":"HookFailureMode",
+          "documentation":"<p>Specify the hook failure mode for non-compliant resources in the followings ways.</p> <ul> <li> <p> <code>FAIL</code> Stops provisioning resources.</p> </li> <li> <p> <code>WARN</code> Allows provisioning to continue with a warning message.</p> </li> </ul>"
+        },
+        "TypeName":{
+          "shape":"HookTypeName",
+          "documentation":"<p>The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of <code>Organization::Service::Hook</code>.</p> <note> <p>The following organization namespaces are reserved and can't be used in your hook type names:</p> <ul> <li> <p> <code>Alexa</code> </p> </li> <li> <p> <code>AMZN</code> </p> </li> <li> <p> <code>Amazon</code> </p> </li> <li> <p> <code>ASK</code> </p> </li> <li> <p> <code>AWS</code> </p> </li> <li> <p> <code>Custom</code> </p> </li> <li> <p> <code>Dev</code> </p> </li> </ul> </note>"
+        },
+        "TypeVersionId":{
+          "shape":"HookTypeVersionId",
+          "documentation":"<p>The version ID of the type specified.</p>"
+        },
+        "TypeConfigurationVersionId":{
+          "shape":"HookTypeConfigurationVersionId",
+          "documentation":"<p>The version ID of the type configuration.</p>"
+        },
+        "TargetDetails":{
+          "shape":"ChangeSetHookTargetDetails",
+          "documentation":"<p>Specifies details about the target that the hook will run against.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the resource, the hook, and the hook version to be invoked.</p>"
+    },
+    "ChangeSetHookResourceTargetDetails":{
+      "type":"structure",
+      "members":{
+        "LogicalResourceId":{
+          "shape":"LogicalResourceId",
+          "documentation":"<p>The resource's logical ID, which is defined in the stack's template.</p>"
+        },
+        "ResourceType":{
+          "shape":"HookTargetTypeName",
+          "documentation":"<p>The type of CloudFormation resource, such as <code>AWS::S3::Bucket</code>.</p>"
+        },
+        "ResourceAction":{
+          "shape":"ChangeAction",
+          "documentation":"<p>Specifies the action of the resource.</p>"
+        }
+      },
+      "documentation":"<p>Specifies <code>RESOURCE</code> type target details for activated hooks.</p>"
+    },
+    "ChangeSetHookTargetDetails":{
+      "type":"structure",
+      "members":{
+        "TargetType":{
+          "shape":"HookTargetType",
+          "documentation":"<p>The name of the type.</p>"
+        },
+        "ResourceTargetDetails":{
+          "shape":"ChangeSetHookResourceTargetDetails",
+          "documentation":"<p>Required if <code>TargetType</code> is <code>RESOURCE</code>.</p>"
+        }
+      },
+      "documentation":"<p>Specifies target details for an activated hook.</p>"
+    },
+    "ChangeSetHooks":{
+      "type":"list",
+      "member":{"shape":"ChangeSetHook"}
+    },
+    "ChangeSetHooksStatus":{
+      "type":"string",
+      "enum":[
+        "PLANNING",
+        "PLANNED",
+        "UNAVAILABLE"
+      ]
+    },
     "ChangeSetId":{
       "type":"string",
       "min":1,
@@ -1343,7 +1437,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified change set name or ID doesn't exit. To view valid change sets for a stack, use the <code>ListChangeSets</code> action.</p>",
+      "documentation":"<p>The specified change set name or ID doesn't exit. To view valid change sets for a stack, use the <code>ListChangeSets</code> operation.</p>",
       "error":{
         "code":"ChangeSetNotFound",
         "httpStatusCode":404,
@@ -1390,7 +1484,7 @@
         },
         "ExecutionStatus":{
           "shape":"ExecutionStatus",
-          "documentation":"<p>If the change set execution status is <code>AVAILABLE</code>, you can execute the change set. If you can’t execute the change set, the status indicates why. For example, a change set might be in an <code>UNAVAILABLE</code> state because CloudFormation is still creating it or in an <code>OBSOLETE</code> state because the stack was already updated.</p>"
+          "documentation":"<p>If the change set execution status is <code>AVAILABLE</code>, you can execute the change set. If you can't execute the change set, the status indicates why. For example, a change set might be in an <code>UNAVAILABLE</code> state because CloudFormation is still creating it or in an <code>OBSOLETE</code> state because the stack was already updated.</p>"
         },
         "Status":{
           "shape":"ChangeSetStatus",
@@ -1482,11 +1576,11 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to roll back the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to roll back the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least permission.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that's generated from your user credentials.</p>"
         },
         "ResourcesToSkip":{
           "shape":"ResourcesToSkip",
-          "documentation":"<p>A list of the logical IDs of the resources that CloudFormation skips during the continue update rollback operation. You can specify only resources that are in the <code>UPDATE_FAILED</code> state because a rollback failed. You can't specify resources that are in the <code>UPDATE_FAILED</code> state for other reasons, for example, because an update was cancelled. To check why a resource update failed, use the <a>DescribeStackResources</a> action, and view the resource status reason. </p> <important> <p>Specify this property to skip rolling back resources that CloudFormation can't successfully roll back. We recommend that you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed\"> troubleshoot</a> resources before skipping them. CloudFormation sets the status of the specified resources to <code>UPDATE_COMPLETE</code> and continues to roll back the stack. After the rollback is complete, the state of the skipped resources will be inconsistent with the state of the resources in the stack template. Before performing another stack update, you must update the stack or resources to be consistent with each other. If you don't, subsequent stack updates might fail, and the stack will become unrecoverable.</p> </important> <p>Specify the minimum number of resources required to successfully roll back your stack. For example, a failed resource update might cause dependent resources to fail. In this case, it might not be necessary to skip the dependent resources.</p> <p>To skip resources that are part of nested stacks, use the following format: <code>NestedStackName.ResourceLogicalID</code>. If you want to specify the logical ID of a stack resource (<code>Type: AWS::CloudFormation::Stack</code>) in the <code>ResourcesToSkip</code> list, then its corresponding embedded stack must be in one of the following states: <code>DELETE_IN_PROGRESS</code>, <code>DELETE_COMPLETE</code>, or <code>DELETE_FAILED</code>.</p> <note> <p>Don't confuse a child stack's name with its corresponding logical ID defined in the parent stack. For an example of a continue update rollback operation with nested stacks, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html#nested-stacks\">Using ResourcesToSkip to recover a nested stacks hierarchy</a>.</p> </note>"
+          "documentation":"<p>A list of the logical IDs of the resources that CloudFormation skips during the continue update rollback operation. You can specify only resources that are in the <code>UPDATE_FAILED</code> state because a rollback failed. You can't specify resources that are in the <code>UPDATE_FAILED</code> state for other reasons, for example, because an update was canceled. To check why a resource update failed, use the <a>DescribeStackResources</a> action, and view the resource status reason.</p> <important> <p>Specify this property to skip rolling back resources that CloudFormation can't successfully roll back. We recommend that you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-update-rollback-failed\"> troubleshoot</a> resources before skipping them. CloudFormation sets the status of the specified resources to <code>UPDATE_COMPLETE</code> and continues to roll back the stack. After the rollback is complete, the state of the skipped resources will be inconsistent with the state of the resources in the stack template. Before performing another stack update, you must update the stack or resources to be consistent with each other. If you don't, subsequent stack updates might fail, and the stack will become unrecoverable.</p> </important> <p>Specify the minimum number of resources required to successfully roll back your stack. For example, a failed resource update might cause dependent resources to fail. In this case, it might not be necessary to skip the dependent resources.</p> <p>To skip resources that are part of nested stacks, use the following format: <code>NestedStackName.ResourceLogicalID</code>. If you want to specify the logical ID of a stack resource (<code>Type: AWS::CloudFormation::Stack</code>) in the <code>ResourcesToSkip</code> list, then its corresponding embedded stack must be in one of the following states: <code>DELETE_IN_PROGRESS</code>, <code>DELETE_COMPLETE</code>, or <code>DELETE_FAILED</code>.</p> <note> <p>Don't confuse a child stack's name with its corresponding logical ID defined in the parent stack. For an example of a continue update rollback operation with nested stacks, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html#nested-stacks\">Using ResourcesToSkip to recover a nested stacks hierarchy</a>.</p> </note>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
@@ -1499,7 +1593,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The output for a <a>ContinueUpdateRollback</a> action.</p>"
+      "documentation":"<p>The output for a <a>ContinueUpdateRollback</a> operation.</p>"
     },
     "CreateChangeSetInput":{
       "type":"structure",
@@ -1518,11 +1612,11 @@
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that is located in an S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified.</p> <p>Conditional: You must specify only <code>TemplateBody</code> or <code>TemplateURL</code>.</p>"
+          "documentation":"<p>The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified.</p> <p>Conditional: You must specify only <code>TemplateBody</code> or <code>TemplateURL</code>.</p>"
         },
         "UsePreviousTemplate":{
           "shape":"UsePreviousTemplate",
-          "documentation":"<p>Whether to reuse the template that is associated with the stack to create the change set.</p>"
+          "documentation":"<p>Whether to reuse the template that's associated with the stack to create the change set.</p>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -1530,15 +1624,15 @@
         },
         "Capabilities":{
           "shape":"Capabilities",
-          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <note> <p>This capacity does not apply to creating change sets, and specifying it when creating change sets has no effect.</p> <p>If you want to create a stack from a stack template that contains macros <i>and</i> nested stacks, you must create or update the stack directly from the template using the <a>CreateStack</a> or <a>UpdateStack</a> action, and specifying this capability.</p> </note> <p>For more information on macros, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> </li> </ul>"
+          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\">AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\">AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM resources in CloudFormation templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <note> <p>This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.</p> <p>If you want to create a stack from a stack template that contains macros <i>and</i> nested stacks, you must create or update the stack directly from the template using the <a>CreateStack</a> or <a>UpdateStack</a> action, and specifying this capability.</p> </note> <p>For more information on macros, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation macros to perform custom processing on templates</a>.</p> </li> </ul>"
         },
         "ResourceTypes":{
           "shape":"ResourceTypes",
-          "documentation":"<p>The template resource types that you have permissions to work with if you execute this change set, such as <code>AWS::EC2::Instance</code>, <code>AWS::EC2::*</code>, or <code>Custom::MyCustomInstance</code>.</p> <p>If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html\">Controlling Access with Identity and Access Management</a> in the CloudFormation User Guide.</p>"
+          "documentation":"<p>The template resource types that you have permissions to work with if you execute this change set, such as <code>AWS::EC2::Instance</code>, <code>AWS::EC2::*</code>, or <code>Custom::MyCustomInstance</code>.</p> <p>If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html\">Controlling access with Identity and Access Management</a> in the CloudFormation User Guide.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes when executing the change set. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes when executing the change set. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least permission.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
         },
         "RollbackConfiguration":{
           "shape":"RollbackConfiguration",
@@ -1554,7 +1648,7 @@
         },
         "ChangeSetName":{
           "shape":"ChangeSetName",
-          "documentation":"<p>The name of the change set. The name must be unique among all change sets that are associated with the specified stack.</p> <p>A change set name can contain only alphanumeric, case sensitive characters and hyphens. It must start with an alphabetic character and cannot exceed 128 characters.</p>"
+          "documentation":"<p>The name of the change set. The name must be unique among all change sets that are associated with the specified stack.</p> <p>A change set name can contain only alphanumeric, case sensitive characters, and hyphens. It must start with an alphabetical character and can't exceed 128 characters.</p>"
         },
         "ClientToken":{
           "shape":"ClientToken",
@@ -1599,15 +1693,15 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name that is associated with the stack. The name must be unique in the Region in which you are creating the stack.</p> <note> <p>A stack name can contain only alphanumeric characters (case sensitive) and hyphens. It must start with an alphabetical character and cannot be longer than 128 characters.</p> </note>"
+          "documentation":"<p>The name that's associated with the stack. The name must be unique in the Region in which you are creating the stack.</p> <note> <p>A stack name can contain only alphanumeric characters (case sensitive) and hyphens. It must start with an alphabetical character and can't be longer than 128 characters.</p> </note>"
         },
         "TemplateBody":{
           "shape":"TemplateBody",
-          "documentation":"<p>Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify either the <code>TemplateBody</code> or the <code>TemplateURL</code> parameter, but not both.</p>"
+          "documentation":"<p>Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify either the <code>TemplateBody</code> or the <code>TemplateURL</code> parameter, but not both.</p>"
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. For more information, go to the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify either the <code>TemplateBody</code> or the <code>TemplateURL</code> parameter, but not both.</p>"
+          "documentation":"<p>Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify either the <code>TemplateBody</code> or the <code>TemplateURL</code> parameter, but not both.</p>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -1627,11 +1721,11 @@
         },
         "NotificationARNs":{
           "shape":"NotificationARNs",
-          "documentation":"<p>The Simple Notification Service (SNS) topic ARNs to publish stack related events. You can find your SNS topic ARNs using the SNS console or your Command Line Interface (CLI).</p>"
+          "documentation":"<p>The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).</p>"
         },
         "Capabilities":{
           "shape":"Capabilities",
-          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <p>If you want to create a stack from a stack template that contains macros <i>and</i> nested stacks, you must create the stack directly from the template using this capability.</p> <important> <p>You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.</p> <p>Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.</p> </important> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> </li> </ul>"
+          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\">AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\">AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <p>If you want to create a stack from a stack template that contains macros <i>and</i> nested stacks, you must create the stack directly from the template using this capability.</p> <important> <p>You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.</p> <p>Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.</p> </important> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation macros to perform custom processing on templates</a>.</p> </li> </ul>"
         },
         "ResourceTypes":{
           "shape":"ResourceTypes",
@@ -1639,11 +1733,11 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to create the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to create the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that's generated from your user credentials.</p>"
         },
         "OnFailure":{
           "shape":"OnFailure",
-          "documentation":"<p>Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either <code>OnFailure</code> or <code>DisableRollback</code>, but not both.</p> <p>Default: <code>ROLLBACK</code> </p>"
+          "documentation":"<p>Determines what action will be taken if stack creation fails. This must be one of: <code>DO_NOTHING</code>, <code>ROLLBACK</code>, or <code>DELETE</code>. You can specify either <code>OnFailure</code> or <code>DisableRollback</code>, but not both.</p> <p>Default: <code>ROLLBACK</code> </p>"
         },
         "StackPolicyBody":{
           "shape":"StackPolicyBody",
@@ -1659,11 +1753,11 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>A unique identifier for this <code>CreateStack</code> request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create a stack with the same name. You might retry <code>CreateStack</code> requests to ensure that CloudFormation successfully received them.</p> <p>All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>. </p>"
+          "documentation":"<p>A unique identifier for this <code>CreateStack</code> request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create a stack with the same name. You might retry <code>CreateStack</code> requests to ensure that CloudFormation successfully received them.</p> <p>All events initiated by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>.</p>"
         },
         "EnableTerminationProtection":{
           "shape":"EnableTerminationProtection",
-          "documentation":"<p>Whether to enable termination protection on the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>. Termination protection is disabled on stacks by default.</p> <p>For <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and cannot be changed directly on the nested stack.</p>"
+          "documentation":"<p>Whether to enable termination protection on the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>. Termination protection is deactivated on stacks by default.</p> <p>For <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and can't be changed directly on the nested stack.</p>"
         }
       },
       "documentation":"<p>The input for <a>CreateStack</a> action.</p>"
@@ -1685,15 +1779,15 @@
         },
         "DeploymentTargets":{
           "shape":"DeploymentTargets",
-          "documentation":"<p>[Service-managed permissions] The Organizations accounts for which to create stack instances in the specified Regions.</p> <p>You can specify <code>Accounts</code> or <code>DeploymentTargets</code>, but not both.</p>"
+          "documentation":"<p>[Service-managed permissions] The Organizations accounts for which to create stack instances in the specified Amazon Web Services Regions.</p> <p>You can specify <code>Accounts</code> or <code>DeploymentTargets</code>, but not both.</p>"
         },
         "Regions":{
           "shape":"RegionList",
-          "documentation":"<p>The names of one or more Regions where you want to create stack instances using the specified Amazon Web Services accounts.</p>"
+          "documentation":"<p>The names of one or more Amazon Web Services Regions where you want to create stack instances using the specified Amazon Web Services accounts.</p>"
         },
         "ParameterOverrides":{
           "shape":"Parameters",
-          "documentation":"<p>A list of stack set parameters whose values you want to override in the selected stack instances.</p> <p>Any overridden parameter values will be applied to all stack instances in the specified accounts and Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance operations:</p> <ul> <li> <p>To override the current value for a parameter, include the parameter and specify its value.</p> </li> <li> <p>To leave an overridden parameter set to its present value, include the parameter and specify <code>UsePreviousValue</code> as <code>true</code>. (You cannot specify both a value and set <code>UsePreviousValue</code> to <code>true</code>.)</p> </li> <li> <p>To set an overridden parameter back to the value specified in the stack set, specify a parameter list but do not include the parameter in the list.</p> </li> <li> <p>To leave all parameters set to their present values, do not specify this property at all.</p> </li> </ul> <p>During stack set updates, any parameter values overridden for a stack instance are not updated, but retain their overridden value.</p> <p>You can only override the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update the stack set template.</p>"
+          "documentation":"<p>A list of stack set parameters whose values you want to override in the selected stack instances.</p> <p>Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance operations:</p> <ul> <li> <p>To override the current value for a parameter, include the parameter and specify its value.</p> </li> <li> <p>To leave an overridden parameter set to its present value, include the parameter and specify <code>UsePreviousValue</code> as <code>true</code>. (You can't specify both a value and set <code>UsePreviousValue</code> to <code>true</code>.)</p> </li> <li> <p>To set an overridden parameter back to the value specified in the stack set, specify a parameter list but don't include the parameter in the list.</p> </li> <li> <p>To leave all parameters set to their present values, don't specify this property at all.</p> </li> </ul> <p>During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.</p> <p>You can only override the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update the stack set template.</p>"
         },
         "OperationPreferences":{
           "shape":"StackSetOperationPreferences",
@@ -1759,7 +1853,7 @@
         },
         "Capabilities":{
           "shape":"Capabilities",
-          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for CloudFormation to create the stack set and related stack instances.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stack sets, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some templates reference macros. If your stack set template references one or more macros, you must create the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To create the stack set directly, you must acknowledge this capability. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> <important> <p>Stack sets with service-managed permissions do not currently support the use of macros in templates. (This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.</p> </important> </li> </ul>"
+          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for CloudFormation to create the stack set and related stack instances.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stack sets, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\">AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\">AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some templates reference macros. If your stack set template references one or more macros, you must create the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To create the stack set directly, you must acknowledge this capability. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> <important> <p>Stack sets with service-managed permissions don't currently support the use of macros in templates. (This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.</p> </important> </li> </ul>"
         },
         "Tags":{
           "shape":"Tags",
@@ -1767,11 +1861,11 @@
         },
         "AdministrationRoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Number (ARN) of the IAM role to use to create this stack set. </p> <p>Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\">Prerequisites: Granting Permissions for Stack Set Operations</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>The Amazon Resource Number (ARN) of the IAM role to use to create this stack set.</p> <p>Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\">Prerequisites: Granting Permissions for Stack Set Operations</a> in the <i>CloudFormation User Guide</i>.</p>"
         },
         "ExecutionRoleName":{
           "shape":"ExecutionRoleName",
-          "documentation":"<p>The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, CloudFormation uses the <code>AWSCloudFormationStackSetExecutionRole</code> role for the stack set operation.</p> <p>Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets. </p>"
+          "documentation":"<p>The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, CloudFormation uses the <code>AWSCloudFormationStackSetExecutionRole</code> role for the stack set operation.</p> <p>Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.</p>"
         },
         "PermissionModel":{
           "shape":"PermissionModels",
@@ -1789,6 +1883,10 @@
           "shape":"ClientRequestToken",
           "documentation":"<p>A unique identifier for this <code>CreateStackSet</code> request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create another stack set with the same name. You might retry <code>CreateStackSet</code> requests to ensure that CloudFormation successfully received them.</p> <p>If you don't specify an operation ID, the SDK generates one automatically.</p>",
           "idempotencyToken":true
+        },
+        "ManagedExecution":{
+          "shape":"ManagedExecution",
+          "documentation":"<p>Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.</p>"
         }
       }
     },
@@ -1846,7 +1944,7 @@
         },
         "StackName":{
           "shape":"StackNameOrId",
-          "documentation":"<p>If you specified the name of a change set to delete, specify the stack name or ID (ARN) that is associated with it.</p>"
+          "documentation":"<p>If you specified the name of a change set to delete, specify the stack name or Amazon Resource Name (ARN) that's associated with it.</p>"
         }
       },
       "documentation":"<p>The input for the <a>DeleteChangeSet</a> action.</p>"
@@ -1863,19 +1961,19 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack.</p>"
         },
         "RetainResources":{
           "shape":"RetainResources",
-          "documentation":"<p>For stacks in the <code>DELETE_FAILED</code> state, a list of resource logical IDs that are associated with the resources you want to retain. During deletion, CloudFormation deletes the stack but does not delete the retained resources.</p> <p>Retaining resources is useful when you cannot delete a resource, such as a non-empty S3 bucket, but you want to delete the stack.</p>"
+          "documentation":"<p>For stacks in the <code>DELETE_FAILED</code> state, a list of resource logical IDs that are associated with the resources you want to retain. During deletion, CloudFormation deletes the stack but doesn't delete the retained resources.</p> <p>Retaining resources is useful when you can't delete a resource, such as a non-empty S3 bucket, but you want to delete the stack.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to delete the stack. CloudFormation uses the role's credentials to make calls on your behalf.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to delete the stack. CloudFormation uses the role's credentials to make calls on your behalf.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that's generated from your user credentials.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>A unique identifier for this <code>DeleteStack</code> request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to delete a stack with the same name. You might retry <code>DeleteStack</code> requests to ensure that CloudFormation successfully received them.</p> <p>All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>.</p>"
+          "documentation":"<p>A unique identifier for this <code>DeleteStack</code> request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to delete a stack with the same name. You might retry <code>DeleteStack</code> requests to ensure that CloudFormation successfully received them.</p> <p>All events initiated by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>.</p>"
         }
       },
       "documentation":"<p>The input for <a>DeleteStack</a> action.</p>"
@@ -1902,7 +2000,7 @@
         },
         "Regions":{
           "shape":"RegionList",
-          "documentation":"<p>The Regions where you want to delete stack set instances.</p>"
+          "documentation":"<p>The Amazon Web Services Regions where you want to delete stack set instances.</p>"
         },
         "OperationPreferences":{
           "shape":"StackSetOperationPreferences",
@@ -1968,7 +2066,7 @@
           "documentation":"<p>The organization root ID or organizational unit (OU) IDs to which StackSets deploys.</p>"
         }
       },
-      "documentation":"<p>[Service-managed permissions] The Organizations accounts to which StackSets deploys. StackSets does not deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization.</p> <p>For update operations, you can specify either <code>Accounts</code> or <code>OrganizationalUnitIds</code>. For create and delete operations, specify <code>OrganizationalUnitIds</code>.</p>"
+      "documentation":"<p>[Service-managed permissions] The Organizations accounts to which StackSets deploys. StackSets doesn't deploy stack instances to the organization management account, even if the organization management account is in your organization or in an OU in your organization.</p> <p>For update operations, you can specify either <code>Accounts</code> or <code>OrganizationalUnitIds</code>. For create and delete operations, specify <code>OrganizationalUnitIds</code>.</p>"
     },
     "DeprecatedStatus":{
       "type":"string",
@@ -2027,6 +2125,61 @@
       },
       "documentation":"<p>The output for the <a>DescribeAccountLimits</a> action.</p>"
     },
+    "DescribeChangeSetHooksInput":{
+      "type":"structure",
+      "required":["ChangeSetName"],
+      "members":{
+        "ChangeSetName":{
+          "shape":"ChangeSetNameOrId",
+          "documentation":"<p>The name or Amazon Resource Name (ARN) of the change set that you want to describe.</p>"
+        },
+        "StackName":{
+          "shape":"StackNameOrId",
+          "documentation":"<p>If you specified the name of a change set, specify the stack name or stack ID (ARN) of the change set you want to describe.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A string, provided by the <code>DescribeChangeSetHooks</code> response output, that identifies the next page of information that you want to retrieve.</p>"
+        },
+        "LogicalResourceId":{
+          "shape":"LogicalResourceId",
+          "documentation":"<p>If specified, lists only the hooks related to the specified <code>LogicalResourceId</code>.</p>"
+        }
+      }
+    },
+    "DescribeChangeSetHooksOutput":{
+      "type":"structure",
+      "members":{
+        "ChangeSetId":{
+          "shape":"ChangeSetId",
+          "documentation":"<p>The change set identifier (stack ID).</p>"
+        },
+        "ChangeSetName":{
+          "shape":"ChangeSetName",
+          "documentation":"<p>The change set name.</p>"
+        },
+        "Hooks":{
+          "shape":"ChangeSetHooks",
+          "documentation":"<p>List of hook objects.</p>"
+        },
+        "Status":{
+          "shape":"ChangeSetHooksStatus",
+          "documentation":"<p>Provides the status of the change set hook.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Pagination token, <code>null</code> or empty if no more results.</p>"
+        },
+        "StackId":{
+          "shape":"StackId",
+          "documentation":"<p>The stack identifier (stack ID).</p>"
+        },
+        "StackName":{
+          "shape":"StackName",
+          "documentation":"<p>The stack name.</p>"
+        }
+      }
+    },
     "DescribeChangeSetInput":{
       "type":"structure",
       "required":["ChangeSetName"],
@@ -2055,15 +2208,15 @@
         },
         "ChangeSetId":{
           "shape":"ChangeSetId",
-          "documentation":"<p>The ARN of the change set.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the change set.</p>"
         },
         "StackId":{
           "shape":"StackId",
-          "documentation":"<p>The ARN of the stack that is associated with the change set.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the stack that's associated with the change set.</p>"
         },
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name of the stack that is associated with the change set.</p>"
+          "documentation":"<p>The name of the stack that's associated with the change set.</p>"
         },
         "Description":{
           "shape":"Description",
@@ -2079,7 +2232,7 @@
         },
         "ExecutionStatus":{
           "shape":"ExecutionStatus",
-          "documentation":"<p>If the change set execution status is <code>AVAILABLE</code>, you can execute the change set. If you can’t execute the change set, the status indicates why. For example, a change set might be in an <code>UNAVAILABLE</code> state because CloudFormation is still creating it or in an <code>OBSOLETE</code> state because the stack was already updated.</p>"
+          "documentation":"<p>If the change set execution status is <code>AVAILABLE</code>, you can execute the change set. If you can't execute the change set, the status indicates why. For example, a change set might be in an <code>UNAVAILABLE</code> state because CloudFormation is still creating it or in an <code>OBSOLETE</code> state because the stack was already updated.</p>"
         },
         "Status":{
           "shape":"ChangeSetStatus",
@@ -2133,7 +2286,7 @@
       "members":{
         "PublisherId":{
           "shape":"PublisherId",
-          "documentation":"<p>The ID of the extension publisher.</p> <p>If you do not supply a <code>PublisherId</code>, and you have registered as an extension publisher, <code>DescribePublisher</code> returns information about your own publisher account.</p>"
+          "documentation":"<p>The ID of the extension publisher.</p> <p>If you don't supply a <code>PublisherId</code>, and you have registered as an extension publisher, <code>DescribePublisher</code> returns information about your own publisher account.</p>"
         }
       }
     },
@@ -2187,11 +2340,11 @@
         },
         "StackDriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack's actual configuration compared to its expected configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack's actual configuration compared to its expected configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "DetectionStatus":{
           "shape":"StackDriftDetectionStatus",
-          "documentation":"<p>The status of the stack drift detection operation.</p> <ul> <li> <p> <code>DETECTION_COMPLETE</code>: The stack drift detection operation has successfully completed for all resources in the stack that support drift detection. (Resources that do not currently support stack detection remain unchecked.)</p> <p>If you specified logical resource IDs for CloudFormation to use as a filter for the stack drift detection operation, only the resources with those logical IDs are checked for drift.</p> </li> <li> <p> <code>DETECTION_FAILED</code>: The stack drift detection operation has failed for at least one resource in the stack. Results will be available for resources on which CloudFormation successfully completed drift detection.</p> </li> <li> <p> <code>DETECTION_IN_PROGRESS</code>: The stack drift detection operation is currently in progress.</p> </li> </ul>"
+          "documentation":"<p>The status of the stack drift detection operation.</p> <ul> <li> <p> <code>DETECTION_COMPLETE</code>: The stack drift detection operation has successfully completed for all resources in the stack that support drift detection. (Resources that don't currently support stack detection remain unchecked.)</p> <p>If you specified logical resource IDs for CloudFormation to use as a filter for the stack drift detection operation, only the resources with those logical IDs are checked for drift.</p> </li> <li> <p> <code>DETECTION_FAILED</code>: The stack drift detection operation has failed for at least one resource in the stack. Results will be available for resources on which CloudFormation successfully completed drift detection.</p> </li> <li> <p> <code>DETECTION_IN_PROGRESS</code>: The stack drift detection operation is currently in progress.</p> </li> </ul>"
         },
         "DetectionStatusReason":{
           "shape":"StackDriftDetectionStatusReason",
@@ -2212,7 +2365,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -2280,7 +2433,7 @@
         },
         "StackResourceDriftStatusFilters":{
           "shape":"StackResourceDriftStatusFilters",
-          "documentation":"<p>The resource drift status values to use as filters for the resource drift results returned.</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected template configuration in that the resource has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: One or more resource properties differ from their expected template values.</p> </li> <li> <p> <code>IN_SYNC</code>: The resources's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation does not currently return this value.</p> </li> </ul>"
+          "documentation":"<p>The resource drift status values to use as filters for the resource drift results returned.</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected template configuration in that the resource has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: One or more resource properties differ from their expected template values.</p> </li> <li> <p> <code>IN_SYNC</code>: The resource's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation doesn't currently return this value.</p> </li> </ul>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -2298,7 +2451,7 @@
       "members":{
         "StackResourceDrifts":{
           "shape":"StackResourceDrifts",
-          "documentation":"<p>Drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where CloudFormation detects drift.</p> <p>For a given stack, there will be one <code>StackResourceDrift</code> for each stack resource that has been checked for drift. Resources that have not yet been checked for drift are not included. Resources that do not currently support drift detection are not checked, and so not included. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p>"
+          "documentation":"<p>Drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where CloudFormation detects drift.</p> <p>For a given stack, there will be one <code>StackResourceDrift</code> for each stack resource that has been checked for drift. Resources that haven't yet been checked for drift aren't included. Resources that do not currently support drift detection aren't checked, and so not included. For a list of resources that support drift detection, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -2315,7 +2468,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
         },
         "LogicalResourceId":{
           "shape":"LogicalResourceId",
@@ -2339,7 +2492,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p> <p>Required: Conditional. If you do not specify <code>StackName</code>, you must specify <code>PhysicalResourceId</code>.</p>"
+          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p> <p>Required: Conditional. If you don't specify <code>StackName</code>, you must specify <code>PhysicalResourceId</code>.</p>"
         },
         "LogicalResourceId":{
           "shape":"LogicalResourceId",
@@ -2347,7 +2500,7 @@
         },
         "PhysicalResourceId":{
           "shape":"PhysicalResourceId",
-          "documentation":"<p>The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.</p> <p>For example, for an Amazon Elastic Compute Cloud (EC2) instance, <code>PhysicalResourceId</code> corresponds to the <code>InstanceId</code>. You can pass the EC2 <code>InstanceId</code> to <code>DescribeStackResources</code> to find which stack the instance belongs to and what other resources are part of the stack.</p> <p>Required: Conditional. If you do not specify <code>PhysicalResourceId</code>, you must specify <code>StackName</code>.</p> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.</p> <p>For example, for an Amazon Elastic Compute Cloud (EC2) instance, <code>PhysicalResourceId</code> corresponds to the <code>InstanceId</code>. You can pass the EC2 <code>InstanceId</code> to <code>DescribeStackResources</code> to find which stack the instance belongs to and what other resources are part of the stack.</p> <p>Required: Conditional. If you don't specify <code>PhysicalResourceId</code>, you must specify <code>StackName</code>.</p> <p>Default: There is no default value.</p>"
         }
       },
       "documentation":"<p>The input for <a>DescribeStackResources</a> action.</p>"
@@ -2389,7 +2542,7 @@
         },
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The unique ID of the stack set operation. </p>"
+          "documentation":"<p>The unique ID of the stack set operation.</p>"
         },
         "CallAs":{
           "shape":"CallAs",
@@ -2420,7 +2573,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -2448,7 +2601,7 @@
       "members":{
         "Type":{
           "shape":"RegistryType",
-          "documentation":"<p>The kind of extension. </p> <p>Conditional: You must specify either <code>TypeName</code> and <code>Type</code>, or <code>Arn</code>.</p>"
+          "documentation":"<p>The kind of extension.</p> <p>Conditional: You must specify either <code>TypeName</code> and <code>Type</code>, or <code>Arn</code>.</p>"
         },
         "TypeName":{
           "shape":"TypeName",
@@ -2481,7 +2634,7 @@
         },
         "Type":{
           "shape":"RegistryType",
-          "documentation":"<p>The kind of extension. </p>"
+          "documentation":"<p>The kind of extension.</p>"
         },
         "TypeName":{
           "shape":"TypeName",
@@ -2489,7 +2642,7 @@
         },
         "DefaultVersionId":{
           "shape":"TypeVersionId",
-          "documentation":"<p>The ID of the default version of the extension. The default version is used when the extension version is not specified.</p> <p>This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns <code>null</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>To set the default version of an extension, use <code> <a>SetTypeDefaultVersion</a> </code>. </p>"
+          "documentation":"<p>The ID of the default version of the extension. The default version is used when the extension version isn't specified.</p> <p>This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns <code>null</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>To set the default version of an extension, use <code> <a>SetTypeDefaultVersion</a> </code>.</p>"
         },
         "IsDefaultVersion":{
           "shape":"IsDefaultVersion",
@@ -2497,11 +2650,11 @@
         },
         "TypeTestsStatus":{
           "shape":"TypeTestsStatus",
-          "documentation":"<p>The contract test status of the registered extension version. To return the extension test status of a specifc extension version, you must specify <code>VersionId</code>. </p> <p>This applies only to registered private extension versions. CloudFormation does not return this information for public extensions, whether or not they are activated in your account.</p> <ul> <li> <p> <code>PASSED</code>: The extension has passed all its contract tests.</p> <p>An extension must have a test status of <code>PASSED</code> before it can be published. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation Command Line Interface User Guide</i>.</p> </li> <li> <p> <code>FAILED</code>: The extension has failed one or more contract tests.</p> </li> <li> <p> <code>IN_PROGRESS</code>: Contract tests are currently being performed on the extension.</p> </li> <li> <p> <code>NOT_TESTED</code>: Contract tests have not been performed on the extension.</p> </li> </ul>"
+          "documentation":"<p>The contract test status of the registered extension version. To return the extension test status of a specific extension version, you must specify <code>VersionId</code>.</p> <p>This applies only to registered private extension versions. CloudFormation doesn't return this information for public extensions, whether or not they are activated in your account.</p> <ul> <li> <p> <code>PASSED</code>: The extension has passed all its contract tests.</p> <p>An extension must have a test status of <code>PASSED</code> before it can be published. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-publish.html\">Publishing extensions to make them available for public use</a> in the <i>CloudFormation Command Line Interface User Guide</i>.</p> </li> <li> <p> <code>FAILED</code>: The extension has failed one or more contract tests.</p> </li> <li> <p> <code>IN_PROGRESS</code>: Contract tests are currently being performed on the extension.</p> </li> <li> <p> <code>NOT_TESTED</code>: Contract tests haven't been performed on the extension.</p> </li> </ul>"
         },
         "TypeTestsStatusDescription":{
           "shape":"TypeTestsStatusDescription",
-          "documentation":"<p>The description of the test status. To return the extension test status of a specifc extension version, you must specify <code>VersionId</code>. </p> <p>This applies only to registered private extension versions. CloudFormation does not return this information for public extensions, whether or not they are activated in your account.</p>"
+          "documentation":"<p>The description of the test status. To return the extension test status of a specific extension version, you must specify <code>VersionId</code>.</p> <p>This applies only to registered private extension versions. CloudFormation doesn't return this information for public extensions, whether or not they are activated in your account.</p>"
         },
         "Description":{
           "shape":"Description",
@@ -2513,11 +2666,11 @@
         },
         "ProvisioningType":{
           "shape":"ProvisioningType",
-          "documentation":"<p>For resource type extensions, the provisioning behavior of the resource type. CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.</p> <p>Valid values include:</p> <ul> <li> <p> <code>FULLY_MUTABLE</code>: The resource type includes an update handler to process updates to the type during stack update operations.</p> </li> <li> <p> <code>IMMUTABLE</code>: The resource type does not include an update handler, so the type cannot be updated and must instead be replaced during stack update operations.</p> </li> <li> <p> <code>NON_PROVISIONABLE</code>: The resource type does not include all of the following handlers, and therefore cannot actually be provisioned.</p> <ul> <li> <p>create</p> </li> <li> <p>read</p> </li> <li> <p>delete</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>For resource type extensions, the provisioning behavior of the resource type. CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.</p> <p>Valid values include:</p> <ul> <li> <p> <code>FULLY_MUTABLE</code>: The resource type includes an update handler to process updates to the type during stack update operations.</p> </li> <li> <p> <code>IMMUTABLE</code>: The resource type doesn't include an update handler, so the type can't be updated and must instead be replaced during stack update operations.</p> </li> <li> <p> <code>NON_PROVISIONABLE</code>: The resource type doesn't include all the following handlers, and therefore can't actually be provisioned.</p> <ul> <li> <p>create</p> </li> <li> <p>read</p> </li> <li> <p>delete</p> </li> </ul> </li> </ul>"
         },
         "DeprecatedStatus":{
           "shape":"DeprecatedStatus",
-          "documentation":"<p>The deprecation status of the extension version.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension is activated or registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension has been deactivated or deregistered and can no longer be used in CloudFormation operations. </p> </li> </ul> <p>For public third-party extensions, CloudFormation returns <code>null</code>.</p>"
+          "documentation":"<p>The deprecation status of the extension version.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension is activated or registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension has been deactivated or deregistered and can no longer be used in CloudFormation operations.</p> </li> </ul> <p>For public third-party extensions, CloudFormation returns <code>null</code>.</p>"
         },
         "LoggingConfig":{
           "shape":"LoggingConfig",
@@ -2533,7 +2686,7 @@
         },
         "Visibility":{
           "shape":"Visibility",
-          "documentation":"<p>The scope at which the extension is visible and usable in CloudFormation operations.</p> <p>Valid values include:</p> <ul> <li> <p> <code>PRIVATE</code>: The extension is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as <code>PRIVATE</code>.</p> </li> <li> <p> <code>PUBLIC</code>: The extension is publically visible and usable within any Amazon account.</p> </li> </ul>"
+          "documentation":"<p>The scope at which the extension is visible and usable in CloudFormation operations.</p> <p>Valid values include:</p> <ul> <li> <p> <code>PRIVATE</code>: The extension is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as <code>PRIVATE</code>.</p> </li> <li> <p> <code>PUBLIC</code>: The extension is publicly visible and usable within any Amazon account.</p> </li> </ul>"
         },
         "SourceUrl":{
           "shape":"OptionalSecureUrl",
@@ -2549,7 +2702,7 @@
         },
         "TimeCreated":{
           "shape":"Timestamp",
-          "documentation":"<p>When the specified private extension version was registered or activated in your account. </p>"
+          "documentation":"<p>When the specified private extension version was registered or activated in your account.</p>"
         },
         "ConfigurationSchema":{
           "shape":"ConfigurationSchema",
@@ -2557,7 +2710,7 @@
         },
         "PublisherId":{
           "shape":"PublisherId",
-          "documentation":"<p>The publisher ID of the extension publisher.</p> <p>This applies only to public third-party extensions. For private registered extensions, and extensions provided by Amazon, CloudFormation returns <code>null</code>.</p>"
+          "documentation":"<p>The publisher ID of the extension publisher.</p> <p>This applies only to public third-party extensions. For private registered extensions, and extensions provided by Amazon Web Services, CloudFormation returns <code>null</code>.</p>"
         },
         "OriginalTypeName":{
           "shape":"TypeName",
@@ -2573,7 +2726,7 @@
         },
         "LatestPublicVersion":{
           "shape":"PublicVersionNumber",
-          "documentation":"<p>The latest version of a public extension <i>that is available</i> for use.</p> <p>This only applies if you specify a public extension, and you do not specify a version. For all other requests, CloudFormation returns <code>null</code>.</p>"
+          "documentation":"<p>The latest version of a public extension <i>that is available</i> for use.</p> <p>This only applies if you specify a public extension, and you don't specify a version. For all other requests, CloudFormation returns <code>null</code>.</p>"
         },
         "IsActivated":{
           "shape":"IsActivated",
@@ -2697,7 +2850,7 @@
       "members":{
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The ID of the drift detection stack set operation. </p> <p>you can use this operation id with <code> <a>DescribeStackSetOperation</a> </code> to monitor the progress of the drift detection operation. </p>"
+          "documentation":"<p>The ID of the drift detection stack set operation.</p> <p>You can use this operation ID with <code> <a>DescribeStackSetOperation</a> </code> to monitor the progress of the drift detection operation.</p>"
         }
       }
     },
@@ -2734,7 +2887,7 @@
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>Location of file containing the template body. The URL must point to a template that is located in an Amazon S3 bucket or a Systems Manager document. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must pass <code>TemplateURL</code> or <code>TemplateBody</code>. If both are passed, only <code>TemplateBody</code> is used.</p>"
+          "documentation":"<p>Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must pass <code>TemplateURL</code> or <code>TemplateBody</code>. If both are passed, only <code>TemplateBody</code> is used.</p>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -2767,11 +2920,11 @@
       "members":{
         "ChangeSetName":{
           "shape":"ChangeSetNameOrId",
-          "documentation":"<p>The name or ARN of the change set that you want use to update the specified stack.</p>"
+          "documentation":"<p>The name or Amazon Resource Name (ARN) of the change set that you want use to update the specified stack.</p>"
         },
         "StackName":{
           "shape":"StackNameOrId",
-          "documentation":"<p>If you specified the name of a change set, specify the stack name or ID (ARN) that is associated with the change set you want to execute.</p>"
+          "documentation":"<p>If you specified the name of a change set, specify the stack name or Amazon Resource Name (ARN) that's associated with the change set you want to execute.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
@@ -2850,7 +3003,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or unique stack ID that is associated with the stack whose policy you want to get.</p>"
+          "documentation":"<p>The name or unique stack ID that's associated with the stack whose policy you want to get.</p>"
         }
       },
       "documentation":"<p>The input for the <a>GetStackPolicy</a> action.</p>"
@@ -2870,7 +3023,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or the unique stack ID that's associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
         },
         "ChangeSetName":{
           "shape":"ChangeSetNameOrId",
@@ -2902,15 +3055,15 @@
       "members":{
         "TemplateBody":{
           "shape":"TemplateBody",
-          "documentation":"<p>Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information about templates, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
+          "documentation":"<p>Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information about templates, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. For more information about templates, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
+          "documentation":"<p>Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. For more information about templates, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
         },
         "StackName":{
           "shape":"StackNameOrId",
-          "documentation":"<p>The name or the stack ID that is associated with the stack, which are not always interchangeable. For running stacks, you can specify either the stack's name or its unique stack ID. For deleted stack, you must specify the unique stack ID.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
+          "documentation":"<p>The name or the stack ID that's associated with the stack, which aren't always interchangeable. For running stacks, you can specify either the stack's name or its unique stack ID. For deleted stack, you must specify the unique stack ID.</p> <p>Conditional: You must specify only one of the following parameters: <code>StackName</code>, <code>StackSetName</code>, <code>TemplateBody</code>, or <code>TemplateURL</code>.</p>"
         },
         "StackSetName":{
           "shape":"StackSetNameOrId",
@@ -2932,7 +3085,7 @@
         },
         "Description":{
           "shape":"Description",
-          "documentation":"<p>The value that is defined in the <code>Description</code> property of the template.</p>"
+          "documentation":"<p>The value that's defined in the <code>Description</code> property of the template.</p>"
         },
         "Capabilities":{
           "shape":"Capabilities",
@@ -2952,7 +3105,7 @@
         },
         "Metadata":{
           "shape":"Metadata",
-          "documentation":"<p>The value that is defined for the <code>Metadata</code> property of the template.</p>"
+          "documentation":"<p>The value that's defined for the <code>Metadata</code> property of the template.</p>"
         },
         "DeclaredTransforms":{
           "shape":"TransformsList",
@@ -2982,9 +3135,74 @@
         "ServiceInternalError",
         "NetworkFailure",
         "InternalFailure",
-        "InvalidTypeConfiguration"
+        "InvalidTypeConfiguration",
+        "HandlerInternalFailure",
+        "NonCompliant",
+        "Unknown"
+      ]
+    },
+    "HookFailureMode":{
+      "type":"string",
+      "enum":[
+        "FAIL",
+        "WARN"
+      ]
+    },
+    "HookInvocationCount":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "HookInvocationPoint":{
+      "type":"string",
+      "enum":["PRE_PROVISION"]
+    },
+    "HookStatus":{
+      "type":"string",
+      "enum":[
+        "HOOK_IN_PROGRESS",
+        "HOOK_COMPLETE_SUCCEEDED",
+        "HOOK_COMPLETE_FAILED",
+        "HOOK_FAILED"
       ]
     },
+    "HookStatusReason":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "HookTargetType":{
+      "type":"string",
+      "enum":["RESOURCE"]
+    },
+    "HookTargetTypeName":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}$"
+    },
+    "HookType":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
+    "HookTypeConfigurationVersionId":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[A-Za-z0-9-]+"
+    },
+    "HookTypeName":{
+      "type":"string",
+      "max":196,
+      "min":10
+    },
+    "HookTypeVersionId":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[A-Za-z0-9-]+"
+    },
     "IdentityProvider":{
       "type":"string",
       "enum":[
@@ -2995,10 +3213,7 @@
     },
     "ImportStacksToStackSetInput":{
       "type":"structure",
-      "required":[
-        "StackSetName",
-        "StackIds"
-      ],
+      "required":["StackSetName"],
       "members":{
         "StackSetName":{
           "shape":"StackSetNameOrId",
@@ -3006,7 +3221,15 @@
         },
         "StackIds":{
           "shape":"StackIdList",
-          "documentation":"<p>The IDs of the stacks you are importing into a stack set. You import up to 10 stacks per stack set at a time.</p>"
+          "documentation":"<p>The IDs of the stacks you are importing into a stack set. You import up to 10 stacks per stack set at a time.</p> <p>Specify either <code>StackIds</code> or <code>StackIdsUrl</code>.</p>"
+        },
+        "StackIdsUrl":{
+          "shape":"StackIdsUrl",
+          "documentation":"<p>The Amazon S3 URL which contains list of stack ids to be inputted.</p> <p>Specify either <code>StackIds</code> or <code>StackIdsUrl</code>.</p>"
+        },
+        "OrganizationalUnitIds":{
+          "shape":"OrganizationalUnitIdList",
+          "documentation":"<p>The list of OU ID's to which the stacks being imported has to be mapped as deployment target.</p>"
         },
         "OperationPreferences":{"shape":"StackSetOperationPreferences"},
         "OperationId":{
@@ -3082,7 +3305,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Error reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. CloudFormation does not return this error to users.</p>",
+      "documentation":"<p>Error reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. CloudFormation doesn't return this error to users.</p>",
       "error":{
         "code":"InvalidStateTransition",
         "httpStatusCode":400,
@@ -3099,7 +3322,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The quota for the resource has already been reached.</p> <p>For information on resource and stack limitations, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">Limits</a> in the <i>CloudFormation User Guide</i>.</p>",
+      "documentation":"<p>The quota for the resource has already been reached.</p> <p>For information on resource and stack limitations, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html\">CloudFormation quotas</a> in the <i>CloudFormation User Guide</i>.</p>",
       "error":{
         "code":"LimitExceededException",
         "httpStatusCode":400,
@@ -3133,7 +3356,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the output exceeds 1 MB, a string that identifies the next page of change sets. If there is no additional page, this value is null.</p>"
+          "documentation":"<p>If the output exceeds 1 MB, a string that identifies the next page of change sets. If there is no additional page, this value is <code>null</code>.</p>"
         }
       },
       "documentation":"<p>The output for the <a>ListChangeSets</a> action.</p>"
@@ -3213,7 +3436,7 @@
         },
         "StackInstanceRegion":{
           "shape":"Region",
-          "documentation":"<p>The name of the Region where you want to list stack instances. </p>"
+          "documentation":"<p>The name of the Region where you want to list stack instances.</p>"
         },
         "CallAs":{
           "shape":"CallAs",
@@ -3230,7 +3453,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the request doesn't return all of the remaining results, <code>NextToken</code> is set to a token. To retrieve the next set of results, call <code>ListStackInstances</code> again and assign that token to the request object's <code>NextToken</code> parameter. If the request returns all results, <code>NextToken</code> is set to <code>null</code>.</p>"
+          "documentation":"<p>If the request doesn't return all the remaining results, <code>NextToken</code> is set to a token. To retrieve the next set of results, call <code>ListStackInstances</code> again and assign that token to the request object's <code>NextToken</code> parameter. If the request returns all results, <code>NextToken</code> is set to <code>null</code>.</p>"
         }
       }
     },
@@ -3240,7 +3463,7 @@
       "members":{
         "StackName":{
           "shape":"StackName",
-          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which are not always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
+          "documentation":"<p>The name or the unique stack ID that is associated with the stack, which aren't always interchangeable:</p> <ul> <li> <p>Running stacks: You can specify either the stack's name or its unique stack ID.</p> </li> <li> <p>Deleted stacks: You must specify the unique stack ID.</p> </li> </ul> <p>Default: There is no default value.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -3297,7 +3520,7 @@
       "members":{
         "Summaries":{
           "shape":"StackSetOperationResultSummaries",
-          "documentation":"<p>A list of <code>StackSetOperationResultSummary</code> structures that contain information about the specified operation results, for accounts and Regions that are included in the operation.</p>"
+          "documentation":"<p>A list of <code>StackSetOperationResultSummary</code> structures that contain information about the specified operation results, for accounts and Amazon Web Services Regions that are included in the operation.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -3345,7 +3568,7 @@
       "members":{
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the previous paginated request didn't return all of the remaining results, the response object's <code>NextToken</code> parameter value is set to a token. To retrieve the next set of results, call <code>ListStackSets</code> again and assign that token to the request object's <code>NextToken</code> parameter. If there are no remaining results, the previous response object's <code>NextToken</code> parameter is set to <code>null</code>.</p>"
+          "documentation":"<p>If the previous paginated request didn't return all the remaining results, the response object's <code>NextToken</code> parameter value is set to a token. To retrieve the next set of results, call <code>ListStackSets</code> again and assign that token to the request object's <code>NextToken</code> parameter. If there are no remaining results, the previous response object's <code>NextToken</code> parameter is set to <code>null</code>.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
@@ -3427,7 +3650,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the previous paginated request didn't return all of the remaining results, the response object's <code>NextToken</code> parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's <code>NextToken</code> parameter. If there are no remaining results, the previous response object's <code>NextToken</code> parameter is set to <code>null</code>.</p>"
+          "documentation":"<p>If the previous paginated request didn't return all the remaining results, the response object's <code>NextToken</code> parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's <code>NextToken</code> parameter. If there are no remaining results, the previous response object's <code>NextToken</code> parameter is set to <code>null</code>.</p>"
         }
       }
     },
@@ -3436,7 +3659,7 @@
       "members":{
         "RegistrationTokenList":{
           "shape":"RegistrationTokenList",
-          "documentation":"<p> A list of extension registration tokens.</p> <p>Use <code> <a>DescribeTypeRegistration</a> </code> to return detailed information about a type registration request.</p>"
+          "documentation":"<p>A list of extension registration tokens.</p> <p>Use <code> <a>DescribeTypeRegistration</a> </code> to return detailed information about a type registration request.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -3469,11 +3692,11 @@
         },
         "DeprecatedStatus":{
           "shape":"DeprecatedStatus",
-          "documentation":"<p>The deprecation status of the extension versions that you want to get summary information about.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension version is registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension version has been deregistered and can no longer be used in CloudFormation operations. </p> </li> </ul> <p>The default is <code>LIVE</code>.</p>"
+          "documentation":"<p>The deprecation status of the extension versions that you want to get summary information about.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension version is registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension version has been deregistered and can no longer be used in CloudFormation operations.</p> </li> </ul> <p>The default is <code>LIVE</code>.</p>"
         },
         "PublisherId":{
           "shape":"PublisherId",
-          "documentation":"<p>The publisher ID of the extension publisher.</p> <p>Extensions published by Amazon are not assigned a publisher ID.</p>"
+          "documentation":"<p>The publisher ID of the extension publisher.</p> <p>Extensions published by Amazon aren't assigned a publisher ID.</p>"
         }
       }
     },
@@ -3499,11 +3722,11 @@
         },
         "ProvisioningType":{
           "shape":"ProvisioningType",
-          "documentation":"<p>For resource types, the provisioning behavior of the resource type. CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.</p> <p>Valid values include:</p> <ul> <li> <p> <code>FULLY_MUTABLE</code>: The resource type includes an update handler to process updates to the type during stack update operations.</p> </li> <li> <p> <code>IMMUTABLE</code>: The resource type does not include an update handler, so the type cannot be updated and must instead be replaced during stack update operations.</p> </li> <li> <p> <code>NON_PROVISIONABLE</code>: The resource type does not include create, read, and delete handlers, and therefore cannot actually be provisioned.</p> </li> </ul> <p>The default is <code>FULLY_MUTABLE</code>.</p>"
+          "documentation":"<p>For resource types, the provisioning behavior of the resource type. CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.</p> <p>Valid values include:</p> <ul> <li> <p> <code>FULLY_MUTABLE</code>: The resource type includes an update handler to process updates to the type during stack update operations.</p> </li> <li> <p> <code>IMMUTABLE</code>: The resource type doesn't include an update handler, so the type can't be updated and must instead be replaced during stack update operations.</p> </li> <li> <p> <code>NON_PROVISIONABLE</code>: The resource type doesn't include create, read, and delete handlers, and therefore can't actually be provisioned.</p> </li> </ul> <p>The default is <code>FULLY_MUTABLE</code>.</p>"
         },
         "DeprecatedStatus":{
           "shape":"DeprecatedStatus",
-          "documentation":"<p>The deprecation status of the extension that you want to get summary information about.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension is registered for use in CloudFormation operations.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension has been deregistered and can no longer be used in CloudFormation operations. </p> </li> </ul>"
+          "documentation":"<p>The deprecation status of the extension that you want to get summary information about.</p> <p>Valid values include:</p> <ul> <li> <p> <code>LIVE</code>: The extension is registered for use in CloudFormation operations.</p> </li> <li> <p> <code>DEPRECATED</code>: The extension has been deregistered and can no longer be used in CloudFormation operations.</p> </li> </ul>"
         },
         "Type":{
           "shape":"RegistryType",
@@ -3511,7 +3734,7 @@
         },
         "Filters":{
           "shape":"TypeFilters",
-          "documentation":"<p>Filter criteria to use in determining which extensions to return.</p> <p>If you specify a filter, CloudFormation ignores any specified <code>Visibility</code> value when returning the list of types.</p>"
+          "documentation":"<p>Filter criteria to use in determining which extensions to return.</p> <p>Filters must be compatible with <code>Visibility</code> to return valid results. For example, specifying <code>AWS_TYPES</code> for <code>Category</code> and <code>PRIVATE</code> for <code>Visibility</code> returns an empty list of types, but specifying <code>PUBLIC</code> for <code>Visibility</code> returns the desired list.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
@@ -3532,7 +3755,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the request doesn't return all of the remaining results, <code>NextToken</code> is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's <code>NextToken</code> parameter. If the request returns all results, <code>NextToken</code> is set to <code>null</code>.</p>"
+          "documentation":"<p>If the request doesn't return all the remaining results, <code>NextToken</code> is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's <code>NextToken</code> parameter. If the request returns all results, <code>NextToken</code> is set to <code>null</code>.</p>"
         }
       }
     },
@@ -3551,11 +3774,11 @@
       "members":{
         "LogRoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The ARN of the role that CloudFormation should assume when sending log entries to CloudWatch logs.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the role that CloudFormation should assume when sending log entries to CloudWatch Logs.</p>"
         },
         "LogGroupName":{
           "shape":"LogGroupName",
-          "documentation":"<p>The Amazon CloudWatch log group to which CloudFormation sends error logging information when invoking the extension's handlers.</p>"
+          "documentation":"<p>The Amazon CloudWatch Logs group to which CloudFormation sends error logging information when invoking the extension's handlers.</p>"
         }
       },
       "documentation":"<p>Contains logging configuration information for an extension.</p>"
@@ -3573,6 +3796,17 @@
       "max":100000,
       "min":1
     },
+    "ManagedExecution":{
+      "type":"structure",
+      "members":{
+        "Active":{
+          "shape":"ManagedExecutionNullable",
+          "documentation":"<p>When <code>true</code>, StackSets performs non-conflicting operations concurrently and queues conflicting operations. After conflicting operations finish, StackSets starts queued operations in request order.</p> <note> <p>If there are already running or queued operations, StackSets queues all incoming operations even if they are non-conflicting.</p> <p>You can't modify your stack set's execution configuration while there are running or queued operations for that stack set.</p> </note> <p>When <code>false</code> (default), StackSets performs one operation at a time in request order.</p>"
+        }
+      },
+      "documentation":"<p>Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.</p>"
+    },
+    "ManagedExecutionNullable":{"type":"boolean"},
     "MaxConcurrentCount":{
       "type":"integer",
       "min":1
@@ -3593,11 +3827,11 @@
       "members":{
         "TypeHierarchy":{
           "shape":"TypeHierarchy",
-          "documentation":"<p>A concantenated list of the the module type or types containing the resource. Module types are listed starting with the inner-most nested module, and separated by <code>/</code>.</p> <p>In the following example, the resource was created from a module of type <code>AWS::First::Example::MODULE</code>, that is nested inside a parent module of type <code>AWS::Second::Example::MODULE</code>.</p> <p> <code>AWS::First::Example::MODULE/AWS::Second::Example::MODULE</code> </p>"
+          "documentation":"<p>A concatenated list of the module type or types containing the resource. Module types are listed starting with the inner-most nested module, and separated by <code>/</code>.</p> <p>In the following example, the resource was created from a module of type <code>AWS::First::Example::MODULE</code>, that's nested inside a parent module of type <code>AWS::Second::Example::MODULE</code>.</p> <p> <code>AWS::First::Example::MODULE/AWS::Second::Example::MODULE</code> </p>"
         },
         "LogicalIdHierarchy":{
           "shape":"LogicalIdHierarchy",
-          "documentation":"<p>A concantenated list of the logical IDs of the module or modules containing the resource. Modules are listed starting with the inner-most nested module, and separated by <code>/</code>.</p> <p>In the following example, the resource was created from a module, <code>moduleA</code>, that is nested inside a parent module, <code>moduleB</code>.</p> <p> <code>moduleA/moduleB</code> </p> <p>For more information, see <a href=\"AWSCloudFormation/latest/UserGuide/modules.html#module-ref-resources\">Referencing resources in a module</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>A concatenated list of the logical IDs of the module or modules containing the resource. Modules are listed starting with the inner-most nested module, and separated by <code>/</code>.</p> <p>In the following example, the resource was created from a module, <code>moduleA</code>, that's nested inside a parent module, <code>moduleB</code>.</p> <p> <code>moduleA/moduleB</code> </p> <p>For more information, see <a href=\"AWSCloudFormation/latest/UserGuide/modules.html#module-ref-resources\">Referencing resources in a module</a> in the <i>CloudFormation User Guide</i>.</p>"
         }
       },
       "documentation":"<p>Contains information about the module from which the resource was created, if the resource was created from a module included in the stack template.</p> <p>For more information on modules, see <a href=\"AWSCloudFormation/latest/UserGuide/modules.html\">Using modules to encapsulate and reuse resource configurations</a> in the <i>CloudFormation User Guide</i>.</p>"
@@ -3688,7 +3922,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Error reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. CloudFormation does not return this error to users.</p>",
+      "documentation":"<p>Error reserved for use by the <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/what-is-cloudformation-cli.html\">CloudFormation CLI</a>. CloudFormation doesn't return this error to users.</p>",
       "error":{
         "code":"ConditionalCheckFailed",
         "httpStatusCode":400,
@@ -3741,7 +3975,7 @@
       "members":{
         "ParameterKey":{
           "shape":"ParameterKey",
-          "documentation":"<p>The key associated with the parameter. If you don't specify a key and value for a particular parameter, CloudFormation uses the default value that is specified in your template.</p>"
+          "documentation":"<p>The key associated with the parameter. If you don't specify a key and value for a particular parameter, CloudFormation uses the default value that's specified in your template.</p>"
         },
         "ParameterValue":{
           "shape":"ParameterValue",
@@ -3753,7 +3987,7 @@
         },
         "ResolvedValue":{
           "shape":"ParameterValue",
-          "documentation":"<p>Read-only. The value that corresponds to a Systems Manager parameter key. This field is returned only for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types\"> <code>SSM</code> parameter types</a> in the template.</p>"
+          "documentation":"<p>Read-only. The value that corresponds to a SSM parameter key. This field is returned only for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types\"> <code>SSM</code> </a> parameter types in the template.</p>"
         }
       },
       "documentation":"<p>The Parameter data type.</p>"
@@ -3773,7 +4007,7 @@
       "members":{
         "ParameterKey":{
           "shape":"ParameterKey",
-          "documentation":"<p>The name that is associated with the parameter.</p>"
+          "documentation":"<p>The name that's associated with the parameter.</p>"
         },
         "DefaultValue":{
           "shape":"ParameterValue",
@@ -3789,7 +4023,7 @@
         },
         "Description":{
           "shape":"Description",
-          "documentation":"<p>The description that is associate with the parameter.</p>"
+          "documentation":"<p>The description that's associate with the parameter.</p>"
         },
         "ParameterConstraints":{
           "shape":"ParameterConstraints",
@@ -3838,7 +4072,7 @@
           "documentation":"<p>The resource context value.</p>"
         }
       },
-      "documentation":"<p>Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs are not enough to uniquely identify that resource. Each context key-value pair specifies a resource that contains the targeted resource.</p>"
+      "documentation":"<p>Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a resource that contains the targeted resource.</p>"
     },
     "PrivateTypeArn":{
       "type":"string",
@@ -3869,7 +4103,7 @@
         },
         "DifferenceType":{
           "shape":"DifferenceType",
-          "documentation":"<p>The type of property difference.</p> <ul> <li> <p> <code>ADD</code>: A value has been added to a resource property that is an array or list data type.</p> </li> <li> <p> <code>REMOVE</code>: The property has been removed from the current resource configuration.</p> </li> <li> <p> <code>NOT_EQUAL</code>: The current property value differs from its expected value (as defined in the stack template and any values specified as template parameters).</p> </li> </ul>"
+          "documentation":"<p>The type of property difference.</p> <ul> <li> <p> <code>ADD</code>: A value has been added to a resource property that's an array or list data type.</p> </li> <li> <p> <code>REMOVE</code>: The property has been removed from the current resource configuration.</p> </li> <li> <p> <code>NOT_EQUAL</code>: The current property value differs from its expected value (as defined in the stack template and any values specified as template parameters).</p> </li> </ul>"
         }
       },
       "documentation":"<p>Information about a resource property whose actual value differs from its expected value, as defined in the stack template and any values specified as template parameters. These will be present only for resources whose <code>StackResourceDriftStatus</code> is <code>MODIFIED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p>"
@@ -3911,7 +4145,7 @@
         },
         "PublicVersionNumber":{
           "shape":"PublicVersionNumber",
-          "documentation":"<p>The version number to assign to this version of the extension.</p> <p>Use the following format, and adhere to semantic versioning when assigning a version number to your extension: </p> <p> <code>MAJOR.MINOR.PATCH</code> </p> <p>For more information, see <a href=\"https://semver.org/\">Semantic Versioning 2.0.0</a>.</p> <p>If you do not specify a version number, CloudFormation increments the version number by one minor version release.</p> <p>The first time you publish a type, CloudFormation sets the version number to <code>1.0.0</code>, regardless of the value you specify.</p>"
+          "documentation":"<p>The version number to assign to this version of the extension.</p> <p>Use the following format, and adhere to semantic versioning when assigning a version number to your extension:</p> <p> <code>MAJOR.MINOR.PATCH</code> </p> <p>For more information, see <a href=\"https://semver.org/\">Semantic Versioning 2.0.0</a>.</p> <p>If you don't specify a version number, CloudFormation increments the version number by one minor version release.</p> <p>You cannot specify a version number the first time you publish a type. CloudFormation automatically sets the first version number to be <code>1.0.0</code>.</p>"
         }
       }
     },
@@ -4041,11 +4275,11 @@
         },
         "TypeName":{
           "shape":"TypeName",
-          "documentation":"<p>The name of the extension being registered.</p> <p>We recommend that extension names adhere to the following patterns: </p> <ul> <li> <p>For resource types, <i>company_or_organization</i>::<i>service</i>::<i>type</i>.</p> </li> <li> <p>For modules, <i>company_or_organization</i>::<i>service</i>::<i>type</i>::MODULE.</p> </li> </ul> <note> <p>The following organization namespaces are reserved and cannot be used in your extension names:</p> <ul> <li> <p> <code>Alexa</code> </p> </li> <li> <p> <code>AMZN</code> </p> </li> <li> <p> <code>Amazon</code> </p> </li> <li> <p> <code>AWS</code> </p> </li> <li> <p> <code>Custom</code> </p> </li> <li> <p> <code>Dev</code> </p> </li> </ul> </note>"
+          "documentation":"<p>The name of the extension being registered.</p> <p>We recommend that extension names adhere to the following patterns:</p> <ul> <li> <p>For resource types, <i>company_or_organization</i>::<i>service</i>::<i>type</i>.</p> </li> <li> <p>For modules, <i>company_or_organization</i>::<i>service</i>::<i>type</i>::MODULE.</p> </li> </ul> <note> <p>The following organization namespaces are reserved and can't be used in your extension names:</p> <ul> <li> <p> <code>Alexa</code> </p> </li> <li> <p> <code>AMZN</code> </p> </li> <li> <p> <code>Amazon</code> </p> </li> <li> <p> <code>AWS</code> </p> </li> <li> <p> <code>Custom</code> </p> </li> <li> <p> <code>Dev</code> </p> </li> </ul> </note>"
         },
         "SchemaHandlerPackage":{
           "shape":"S3Url",
-          "documentation":"<p>A url to the S3 bucket containing the extension project package that contains the neccessary files for the extension you want to register.</p> <p>For information on generating a schema handler package for the extension you want to register, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html\">submit</a> in the <i>CloudFormation CLI User Guide</i>.</p> <note> <p>The user registering the extension must be able to access the package in the S3 bucket. That is, the user needs to have <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> permissions for the schema handler package. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a> in the <i>Identity and Access Management User Guide</i>.</p> </note>"
+          "documentation":"<p>A URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register.</p> <p>For information on generating a schema handler package for the extension you want to register, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html\">submit</a> in the <i>CloudFormation CLI User Guide</i>.</p> <note> <p>The user registering the extension must be able to access the package in the S3 bucket. That's, the user needs to have <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> permissions for the schema handler package. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a> in the <i>Identity and Access Management User Guide</i>.</p> </note>"
         },
         "LoggingConfig":{
           "shape":"LoggingConfig",
@@ -4057,7 +4291,7 @@
         },
         "ClientRequestToken":{
           "shape":"RequestToken",
-          "documentation":"<p>A unique identifier that acts as an idempotency key for this registration request. Specifying a client request token prevents CloudFormation from generating more than one version of an extension from the same registeration request, even if the request is submitted multiple times. </p>"
+          "documentation":"<p>A unique identifier that acts as an idempotency key for this registration request. Specifying a client request token prevents CloudFormation from generating more than one version of an extension from the same registration request, even if the request is submitted multiple times.</p>"
         }
       }
     },
@@ -4066,7 +4300,7 @@
       "members":{
         "RegistrationToken":{
           "shape":"RegistrationToken",
-          "documentation":"<p>The identifier for this registration request.</p> <p>Use this registration token when calling <code> <a>DescribeTypeRegistration</a> </code>, which returns information about the status and IDs of the extension registration. </p>"
+          "documentation":"<p>The identifier for this registration request.</p> <p>Use this registration token when calling <code> <a>DescribeTypeRegistration</a> </code>, which returns information about the status and IDs of the extension registration.</p>"
         }
       }
     },
@@ -4092,7 +4326,8 @@
       "type":"string",
       "enum":[
         "RESOURCE",
-        "MODULE"
+        "MODULE",
+        "HOOK"
       ]
     },
     "Replacement":{
@@ -4159,7 +4394,7 @@
       "members":{
         "Action":{
           "shape":"ChangeAction",
-          "documentation":"<p>The action that CloudFormation takes on the resource, such as <code>Add</code> (adds a new resource), <code>Modify</code> (changes a resource), <code>Remove</code> (deletes a resource), <code>Import</code> (imports a resource), or <code>Dynamic</code> (exact action for the resource cannot be determined).</p>"
+          "documentation":"<p>The action that CloudFormation takes on the resource, such as <code>Add</code> (adds a new resource), <code>Modify</code> (changes a resource), <code>Remove</code> (deletes a resource), <code>Import</code> (imports a resource), or <code>Dynamic</code> (exact action for the resource can't be determined).</p>"
         },
         "LogicalResourceId":{
           "shape":"LogicalResourceId",
@@ -4183,7 +4418,7 @@
         },
         "Details":{
           "shape":"ResourceChangeDetails",
-          "documentation":"<p>For the <code>Modify</code> action, a list of <code>ResourceChangeDetail</code> structures that describes the changes that CloudFormation will make to the resource. </p>"
+          "documentation":"<p>For the <code>Modify</code> action, a list of <code>ResourceChangeDetail</code> structures that describes the changes that CloudFormation will make to the resource.</p>"
         },
         "ChangeSetId":{
           "shape":"ChangeSetId",
@@ -4205,7 +4440,7 @@
         },
         "Evaluation":{
           "shape":"EvaluationType",
-          "documentation":"<p>Indicates whether CloudFormation can determine the target value, and whether the target value will change before you execute a change set.</p> <p>For <code>Static</code> evaluations, CloudFormation can determine that the target value will change, and its value. For example, if you directly modify the <code>InstanceType</code> property of an EC2 instance, CloudFormation knows that this property value will change, and its value, so this is a <code>Static</code> evaluation.</p> <p>For <code>Dynamic</code> evaluations, cannot determine the target value because it depends on the result of an intrinsic function, such as a <code>Ref</code> or <code>Fn::GetAtt</code> intrinsic function, when the stack is updated. For example, if your template includes a reference to a resource that is conditionally recreated, the value of the reference (the physical ID of the resource) might change, depending on if the resource is recreated. If the resource is recreated, it will have a new physical ID, so all references to that resource will also be updated.</p>"
+          "documentation":"<p>Indicates whether CloudFormation can determine the target value, and whether the target value will change before you execute a change set.</p> <p>For <code>Static</code> evaluations, CloudFormation can determine that the target value will change, and its value. For example, if you directly modify the <code>InstanceType</code> property of an EC2 instance, CloudFormation knows that this property value will change, and its value, so this is a <code>Static</code> evaluation.</p> <p>For <code>Dynamic</code> evaluations, can't determine the target value because it depends on the result of an intrinsic function, such as a <code>Ref</code> or <code>Fn::GetAtt</code> intrinsic function, when the stack is updated. For example, if your template includes a reference to a resource that's conditionally recreated, the value of the reference (the physical ID of the resource) might change, depending on if the resource is recreated. If the resource is recreated, it will have a new physical ID, so all references to that resource will also be updated.</p>"
         },
         "ChangeSource":{
           "shape":"ChangeSource",
@@ -4213,7 +4448,7 @@
         },
         "CausingEntity":{
           "shape":"CausingEntity",
-          "documentation":"<p>The identity of the entity that triggered this change. This entity is a member of the group that is specified by the <code>ChangeSource</code> field. For example, if you modified the value of the <code>KeyPairName</code> parameter, the <code>CausingEntity</code> is the name of the parameter (<code>KeyPairName</code>).</p> <p>If the <code>ChangeSource</code> value is <code>DirectModification</code>, no value is given for <code>CausingEntity</code>.</p>"
+          "documentation":"<p>The identity of the entity that triggered this change. This entity is a member of the group that's specified by the <code>ChangeSource</code> field. For example, if you modified the value of the <code>KeyPairName</code> parameter, the <code>CausingEntity</code> is the name of the parameter (<code>KeyPairName</code>).</p> <p>If the <code>ChangeSource</code> value is <code>DirectModification</code>, no value is given for <code>CausingEntity</code>.</p>"
         }
       },
       "documentation":"<p>For a resource with <code>Modify</code> as the action, the <code>ResourceChange</code> structure describes the changes CloudFormation will make to that resource.</p>"
@@ -4397,11 +4632,11 @@
       "members":{
         "RollbackTriggers":{
           "shape":"RollbackTriggers",
-          "documentation":"<p>The triggers to monitor during stack creation or update actions. </p> <p>By default, CloudFormation saves the rollback triggers specified for a stack and applies them to any subsequent update operations for the stack, unless you specify otherwise. If you do specify rollback triggers for this parameter, those triggers replace any list of triggers previously specified for the stack. This means:</p> <ul> <li> <p>To use the rollback triggers previously specified for this stack, if any, don't specify this parameter.</p> </li> <li> <p>To specify new or updated rollback triggers, you must specify <i>all</i> the triggers that you want used for this stack, even triggers you've specifed before (for example, when creating the stack or during a previous stack update). Any triggers that you don't include in the updated list of triggers are no longer applied to the stack.</p> </li> <li> <p>To remove all currently specified triggers, specify an empty list for this parameter.</p> </li> </ul> <p>If a specified trigger is missing, the entire stack operation fails and is rolled back. </p>"
+          "documentation":"<p>The triggers to monitor during stack creation or update actions.</p> <p>By default, CloudFormation saves the rollback triggers specified for a stack and applies them to any subsequent update operations for the stack, unless you specify otherwise. If you do specify rollback triggers for this parameter, those triggers replace any list of triggers previously specified for the stack. This means:</p> <ul> <li> <p>To use the rollback triggers previously specified for this stack, if any, don't specify this parameter.</p> </li> <li> <p>To specify new or updated rollback triggers, you must specify <i>all</i> the triggers that you want used for this stack, even triggers you've specified before (for example, when creating the stack or during a previous stack update). Any triggers that you don't include in the updated list of triggers are no longer applied to the stack.</p> </li> <li> <p>To remove all currently specified triggers, specify an empty list for this parameter.</p> </li> </ul> <p>If a specified trigger is missing, the entire stack operation fails and is rolled back.</p>"
         },
         "MonitoringTimeInMinutes":{
           "shape":"MonitoringTimeInMinutes",
-          "documentation":"<p>The amount of time, in minutes, during which CloudFormation should monitor all the rollback triggers after the stack creation or update operation deploys all necessary resources.</p> <p>The default is 0 minutes.</p> <p>If you specify a monitoring period but do not specify any rollback triggers, CloudFormation still waits the specified period of time before cleaning up old resources after update operations. You can use this monitoring period to perform any manual stack validation desired, and manually cancel the stack creation or update (using <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CancelUpdateStack.html\">CancelUpdateStack</a>, for example) as necessary.</p> <p>If you specify 0 for this parameter, CloudFormation still monitors the specified rollback triggers during stack creation and update operations. Then, for update operations, it begins disposing of old resources immediately once the operation completes.</p>"
+          "documentation":"<p>The amount of time, in minutes, during which CloudFormation should monitor all the rollback triggers after the stack creation or update operation deploys all necessary resources.</p> <p>The default is 0 minutes.</p> <p>If you specify a monitoring period but don't specify any rollback triggers, CloudFormation still waits the specified period of time before cleaning up old resources after update operations. You can use this monitoring period to perform any manual stack validation desired, and manually cancel the stack creation or update (using <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CancelUpdateStack.html\">CancelUpdateStack</a>, for example) as necessary.</p> <p>If you specify 0 for this parameter, CloudFormation still monitors the specified rollback triggers during stack creation and update operations. Then, for update operations, it begins disposing of old resources immediately once the operation completes.</p>"
         }
       },
       "documentation":"<p>Structure containing the rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.</p> <p>Rollback triggers enable you to have CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-rollback-triggers.html\">Monitor and Roll Back Stack Operations</a>.</p>"
@@ -4412,7 +4647,7 @@
       "members":{
         "StackName":{
           "shape":"StackNameOrId",
-          "documentation":"<p>The name that is associated with the stack.</p>"
+          "documentation":"<p>The name that's associated with the stack.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
@@ -4442,14 +4677,14 @@
       "members":{
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the rollback trigger.</p> <p>If a specified trigger is missing, the entire stack operation fails and is rolled back. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the rollback trigger.</p> <p>If a specified trigger is missing, the entire stack operation fails and is rolled back.</p>"
         },
         "Type":{
           "shape":"Type",
-          "documentation":"<p>The resource type of the rollback trigger. Currently, <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html\">AWS::CloudWatch::Alarm</a> is the only supported resource type.</p>"
+          "documentation":"<p>The resource type of the rollback trigger. Specify either <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html\">AWS::CloudWatch::Alarm</a> or <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-compositealarm.html\">AWS::CloudWatch::CompositeAlarm</a> resource types.</p>"
         }
       },
-      "documentation":"<p>A rollback trigger CloudFormation monitors during creation and updating of stacks. If any of the alarms you specify goes to ALARM state during the stack operation or within the specified monitoring period afterwards, CloudFormation rolls back the entire stack operation. </p>"
+      "documentation":"<p>A rollback trigger CloudFormation monitors during creation and updating of stacks. If any of the alarms you specify goes to ALARM state during the stack operation or within the specified monitoring period afterwards, CloudFormation rolls back the entire stack operation.</p>"
     },
     "RollbackTriggers":{
       "type":"list",
@@ -4481,11 +4716,11 @@
         },
         "StackPolicyBody":{
           "shape":"StackPolicyBody",
-          "documentation":"<p>Structure containing the stack policy body. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html\"> Prevent Updates to Stack Resources</a> in the CloudFormation User Guide. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p>"
+          "documentation":"<p>Structure containing the stack policy body. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html\"> Prevent updates to stack resources</a> in the CloudFormation User Guide. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p>"
         },
         "StackPolicyURL":{
           "shape":"StackPolicyURL",
-          "documentation":"<p>Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same Region as the stack. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p>"
+          "documentation":"<p>Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an Amazon S3 bucket in the same Amazon Web Services Region as the stack. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p>"
         }
       },
       "documentation":"<p>The input for the <a>SetStackPolicy</a> action.</p>"
@@ -4496,11 +4731,11 @@
       "members":{
         "TypeArn":{
           "shape":"TypeArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region. </p> <p>Do not include the extension versions suffix at the end of the ARN. You can set the configuration for an extension, but not for a specific extension version.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region.</p> <p>Do not include the extension versions suffix at the end of the ARN. You can set the configuration for an extension, but not for a specific extension version.</p>"
         },
         "Configuration":{
           "shape":"TypeConfiguration",
-          "documentation":"<p>The configuration data for the extension, in this account and region. </p> <p>The configuration data must be formatted as JSON, and validate against the schema returned in the <code>ConfigurationSchema</code> response element of <a href=\"AWSCloudFormation/latest/APIReference/API_DescribeType.html\">API_DescribeType</a>. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration\">Defining account-level configuration data for an extension</a> in the <i>CloudFormation CLI User Guide</i>.</p>"
+          "documentation":"<p>The configuration data for the extension, in this account and region.</p> <p>The configuration data must be formatted as JSON, and validate against the schema returned in the <code>ConfigurationSchema</code> response element of <a href=\"AWSCloudFormation/latest/APIReference/API_DescribeType.html\">API_DescribeType</a>. For more information, see <a href=\"https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration\">Defining account-level configuration data for an extension</a> in the <i>CloudFormation CLI User Guide</i>.</p>"
         },
         "ConfigurationAlias":{
           "shape":"TypeConfigurationAlias",
@@ -4633,11 +4868,11 @@
         },
         "DisableRollback":{
           "shape":"DisableRollback",
-          "documentation":"<p>Boolean to enable or disable rollback on stack creation failures:</p> <ul> <li> <p> <code>true</code>: disable rollback</p> </li> <li> <p> <code>false</code>: enable rollback</p> </li> </ul>"
+          "documentation":"<p>Boolean to enable or disable rollback on stack creation failures:</p> <ul> <li> <p> <code>true</code>: disable rollback.</p> </li> <li> <p> <code>false</code>: enable rollback.</p> </li> </ul>"
         },
         "NotificationARNs":{
           "shape":"NotificationARNs",
-          "documentation":"<p>SNS topic ARNs to which stack related events are published.</p>"
+          "documentation":"<p>Amazon SNS topic Amazon Resource Names (ARNs) to which stack related events are published.</p>"
         },
         "TimeoutInMinutes":{
           "shape":"TimeoutMinutes",
@@ -4653,7 +4888,7 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that is associated with the stack. During a stack operation, CloudFormation uses this role's credentials to make calls on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that's associated with the stack. During a stack operation, CloudFormation uses this role's credentials to make calls on your behalf.</p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -4661,7 +4896,7 @@
         },
         "EnableTerminationProtection":{
           "shape":"EnableTerminationProtection",
-          "documentation":"<p>Whether termination protection is enabled for the stack.</p> <p> For <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and cannot be changed directly on the nested stack. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>Whether termination protection is enabled for the stack.</p> <p>For <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html\">nested stacks</a>, termination protection is set on the root stack and cannot be changed directly on the nested stack. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html\">Protecting a Stack From Being Deleted</a> in the <i>CloudFormation User Guide</i>.</p>"
         },
         "ParentId":{
           "shape":"StackId",
@@ -4698,7 +4933,7 @@
       "members":{
         "StackDriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack's actual configuration compared to its expected template configuration. </p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack's actual configuration compared to its expected template configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "LastCheckTimestamp":{
           "shape":"Timestamp",
@@ -4713,7 +4948,7 @@
       "members":{
         "StackDriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack's actual configuration compared to its expected template configuration. </p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack's actual configuration compared to its expected template configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the stack differs from its expected template configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "LastCheckTimestamp":{
           "shape":"Timestamp",
@@ -4782,7 +5017,27 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The token passed to the operation that generated this event.</p> <p>All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>. </p>"
+          "documentation":"<p>The token passed to the operation that generated this event.</p> <p>All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a <code>CreateStack</code> operation with the token <code>token1</code>, then all the <code>StackEvents</code> generated by that operation will have <code>ClientRequestToken</code> set as <code>token1</code>.</p> <p>In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format <i>Console-StackOperation-ID</i>, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: <code>Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002</code>.</p>"
+        },
+        "HookType":{
+          "shape":"HookType",
+          "documentation":"<p>The name of the hook.</p>"
+        },
+        "HookStatus":{
+          "shape":"HookStatus",
+          "documentation":"<p>Provides the status of the change set hook.</p>"
+        },
+        "HookStatusReason":{
+          "shape":"HookStatusReason",
+          "documentation":"<p>Provides the reason for the hook status.</p>"
+        },
+        "HookInvocationPoint":{
+          "shape":"HookInvocationPoint",
+          "documentation":"<p>Invocation points are points in provisioning logic where hooks are initiated.</p>"
+        },
+        "HookFailureMode":{
+          "shape":"HookFailureMode",
+          "documentation":"<p>Specify the hook failure mode for non-compliant resources in the followings ways.</p> <ul> <li> <p> <code>FAIL</code> Stops provisioning resources.</p> </li> <li> <p> <code>WARN</code> Allows provisioning to continue with a warning message.</p> </li> </ul>"
         }
       },
       "documentation":"<p>The StackEvent data type.</p>"
@@ -4796,6 +5051,12 @@
       "type":"list",
       "member":{"shape":"StackId"}
     },
+    "StackIdsUrl":{
+      "type":"string",
+      "max":5120,
+      "min":1,
+      "pattern":"(s3://|http(s?)://).+"
+    },
     "StackInstance":{
       "type":"structure",
       "members":{
@@ -4821,7 +5082,7 @@
         },
         "Status":{
           "shape":"StackInstanceStatus",
-          "documentation":"<p>The status of the stack instance, in terms of its synchronization with its associated stack set.</p> <ul> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>OUTDATED</code>: The stack isn't currently up to date with the stack set because:</p> <ul> <li> <p>The associated stack failed during a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation. </p> </li> <li> <p>The stack was part of a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation that failed or was stopped before the stack was created or updated. </p> </li> </ul> </li> <li> <p> <code>CURRENT</code>: The stack is currently up to date with the stack set.</p> </li> </ul>"
+          "documentation":"<p>The status of the stack instance, in terms of its synchronization with its associated stack set.</p> <ul> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>OUTDATED</code>: The stack isn't currently up to date with the stack set because:</p> <ul> <li> <p>The associated stack failed during a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation.</p> </li> <li> <p>The stack was part of a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation that failed or was stopped before the stack was created or updated.</p> </li> </ul> </li> <li> <p> <code>CURRENT</code>: The stack is currently up to date with the stack set.</p> </li> </ul>"
         },
         "StackInstanceStatus":{
           "shape":"StackInstanceComprehensiveStatus",
@@ -4829,7 +5090,7 @@
         },
         "StatusReason":{
           "shape":"Reason",
-          "documentation":"<p>The explanation for the specific status code that is assigned to this stack instance.</p>"
+          "documentation":"<p>The explanation for the specific status code that's assigned to this stack instance.</p>"
         },
         "OrganizationalUnitId":{
           "shape":"OrganizationalUnitId",
@@ -4837,21 +5098,21 @@
         },
         "DriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs. </p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the stack instance differs from its expected stack set configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack instance's actual configuration matches its expected stack set configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack instance's actual configuration matches its expected stack set configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "LastDriftCheckTimestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be <code>NULL</code> for any stack instance on which drift detection has not yet been performed.</p>"
+          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be <code>NULL</code> for any stack instance on which drift detection hasn't yet been performed.</p>"
         }
       },
-      "documentation":"<p>An CloudFormation stack, in a specific account and Region, that's part of a stack set operation. A stack instance is a reference to an attempted or actual stack in a given account within a given Region. A stack instance can exist without a stack—for example, if the stack couldn't be created for some reason. A stack instance is associated with only one stack set. Each stack instance contains the ID of its associated stack set, as well as the ID of the actual stack and the stack status.</p>"
+      "documentation":"<p>An CloudFormation stack, in a specific account and Region, that's part of a stack set operation. A stack instance is a reference to an attempted or actual stack in a given account within a given Region. A stack instance can exist without a stack—for example, if the stack couldn't be created for some reason. A stack instance is associated with only one stack set. Each stack instance contains the ID of its associated stack set, in addition to the ID of the actual stack and the stack status.</p>"
     },
     "StackInstanceComprehensiveStatus":{
       "type":"structure",
       "members":{
         "DetailedStatus":{
           "shape":"StackInstanceDetailedStatus",
-          "documentation":"<ul> <li> <p> <code>CANCELLED</code>: The operation in the specified account and Region has been cancelled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.</p> </li> <li> <p> <code>FAILED</code>: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.</p> </li> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>PENDING</code>: The operation in the specified account and Region has yet to start.</p> </li> <li> <p> <code>RUNNING</code>: The operation in the specified account and Region is currently in progress.</p> </li> <li> <p> <code>SUCCEEDED</code>: The operation in the specified account and Region completed successfully.</p> </li> </ul>"
+          "documentation":"<ul> <li> <p> <code>CANCELLED</code>: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.</p> </li> <li> <p> <code>FAILED</code>: The operation in the specified account and Region failed. If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.</p> </li> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>PENDING</code>: The operation in the specified account and Region has yet to start.</p> </li> <li> <p> <code>RUNNING</code>: The operation in the specified account and Region is currently in progress.</p> </li> <li> <p> <code>SUCCEEDED</code>: The operation in the specified account and Region completed successfully.</p> </li> </ul>"
         }
       },
       "documentation":"<p>The detailed status of the stack instance.</p>"
@@ -4940,7 +5201,7 @@
         },
         "Status":{
           "shape":"StackInstanceStatus",
-          "documentation":"<p>The status of the stack instance, in terms of its synchronization with its associated stack set.</p> <ul> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>OUTDATED</code>: The stack isn't currently up to date with the stack set because:</p> <ul> <li> <p>The associated stack failed during a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation. </p> </li> <li> <p>The stack was part of a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation that failed or was stopped before the stack was created or updated. </p> </li> </ul> </li> <li> <p> <code>CURRENT</code>: The stack is currently up to date with the stack set.</p> </li> </ul>"
+          "documentation":"<p>The status of the stack instance, in terms of its synchronization with its associated stack set.</p> <ul> <li> <p> <code>INOPERABLE</code>: A <code>DeleteStackInstances</code> operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further <code>UpdateStackSet</code> operations. You might need to perform a <code>DeleteStackInstances</code> operation, with <code>RetainStacks</code> set to <code>true</code>, to delete the stack instance, and then delete the stack manually.</p> </li> <li> <p> <code>OUTDATED</code>: The stack isn't currently up to date with the stack set because:</p> <ul> <li> <p>The associated stack failed during a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation.</p> </li> <li> <p>The stack was part of a <code>CreateStackSet</code> or <code>UpdateStackSet</code> operation that failed or was stopped before the stack was created or updated.</p> </li> </ul> </li> <li> <p> <code>CURRENT</code>: The stack is currently up to date with the stack set.</p> </li> </ul>"
         },
         "StatusReason":{
           "shape":"Reason",
@@ -4956,11 +5217,11 @@
         },
         "DriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs. </p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the stack instance differs from its expected stack set configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack instance's actual configuration matches its expected stack set configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack instance's actual configuration compared to the expected template and parameter configuration of the stack set to which it belongs.</p> <ul> <li> <p> <code>DRIFTED</code>: The stack differs from the expected template and parameter configuration of the stack set to which it belongs. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the stack instance differs from its expected stack set configuration.</p> </li> <li> <p> <code>IN_SYNC</code>: The stack instance's actual configuration matches its expected stack set configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "LastDriftCheckTimestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be <code>NULL</code> for any stack instance on which drift detection has not yet been performed.</p>"
+          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack instance. This value will be <code>NULL</code> for any stack instance on which drift detection hasn't yet been performed.</p>"
         }
       },
       "documentation":"<p>The structure that contains summary information about a stack instance.</p>"
@@ -4975,7 +5236,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified stack ARN doesn’t exist or stack doesn’t exist corresponding to the ARN in input.</p>",
+      "documentation":"<p>The specified stack ARN doesn't exist or stack doesn't exist corresponding to the ARN in input.</p>",
       "error":{
         "code":"StackNotFoundException",
         "httpStatusCode":404,
@@ -5030,7 +5291,7 @@
         },
         "ResourceType":{
           "shape":"ResourceType",
-          "documentation":"<p>Type of resource. (For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a> in the CloudFormation User Guide.)</p>"
+          "documentation":"<p>Type of resource. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a> in the CloudFormation User Guide.</p>"
         },
         "Timestamp":{
           "shape":"Timestamp",
@@ -5086,7 +5347,7 @@
         },
         "ResourceType":{
           "shape":"ResourceType",
-          "documentation":"<p>Type of resource. ((For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a> in the CloudFormation User Guide.)</p>"
+          "documentation":"<p>Type of resource. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a> in the CloudFormation User Guide.</p>"
         },
         "LastUpdatedTimestamp":{
           "shape":"Timestamp",
@@ -5139,11 +5400,11 @@
         },
         "PhysicalResourceId":{
           "shape":"PhysicalResourceId",
-          "documentation":"<p>The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation. </p>"
+          "documentation":"<p>The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.</p>"
         },
         "PhysicalResourceIdContext":{
           "shape":"PhysicalResourceIdContext",
-          "documentation":"<p>Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs are not enough to uniquely identify that resource. Each context key-value pair specifies a unique resource that contains the targeted resource.</p>"
+          "documentation":"<p>Context information that enables CloudFormation to uniquely identify a resource. CloudFormation uses context key-value pairs in cases where a resource's logical and physical IDs aren't enough to uniquely identify that resource. Each context key-value pair specifies a unique resource that contains the targeted resource.</p>"
         },
         "ResourceType":{
           "shape":"ResourceType",
@@ -5151,19 +5412,19 @@
         },
         "ExpectedProperties":{
           "shape":"Properties",
-          "documentation":"<p>A JSON structure containing the expected property values of the stack resource, as defined in the stack template and any values specified as template parameters. </p> <p>For resources whose <code>StackResourceDriftStatus</code> is <code>DELETED</code>, this structure will not be present. </p>"
+          "documentation":"<p>A JSON structure containing the expected property values of the stack resource, as defined in the stack template and any values specified as template parameters.</p> <p>For resources whose <code>StackResourceDriftStatus</code> is <code>DELETED</code>, this structure will not be present.</p>"
         },
         "ActualProperties":{
           "shape":"Properties",
-          "documentation":"<p>A JSON structure containing the actual property values of the stack resource.</p> <p>For resources whose <code>StackResourceDriftStatus</code> is <code>DELETED</code>, this structure will not be present. </p>"
+          "documentation":"<p>A JSON structure containing the actual property values of the stack resource.</p> <p>For resources whose <code>StackResourceDriftStatus</code> is <code>DELETED</code>, this structure will not be present.</p>"
         },
         "PropertyDifferences":{
           "shape":"PropertyDifferences",
-          "documentation":"<p>A collection of the resource properties whose actual values differ from their expected values. These will be present only for resources whose <code>StackResourceDriftStatus</code> is <code>MODIFIED</code>. </p>"
+          "documentation":"<p>A collection of the resource properties whose actual values differ from their expected values. These will be present only for resources whose <code>StackResourceDriftStatus</code> is <code>MODIFIED</code>.</p>"
         },
         "StackResourceDriftStatus":{
           "shape":"StackResourceDriftStatus",
-          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected template configuration because the resource has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: One or more resource properties differ from their expected values (as defined in the stack template and any values specified as template parameters).</p> </li> <li> <p> <code>IN_SYNC</code>: The resources's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation does not currently return this value.</p> </li> </ul>"
+          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration.</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected template configuration because the resource has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: One or more resource properties differ from their expected values (as defined in the stack template and any values specified as template parameters).</p> </li> <li> <p> <code>IN_SYNC</code>: The resource's actual configuration matches its expected template configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation does not currently return this value.</p> </li> </ul>"
         },
         "Timestamp":{
           "shape":"Timestamp",
@@ -5174,7 +5435,7 @@
           "documentation":"<p>Contains information about the module from which the resource was created, if the resource was created from a module included in the stack template.</p>"
         }
       },
-      "documentation":"<p>Contains the drift information for a resource that has been checked for drift. This includes actual and expected property values for resources in which CloudFormation has detected drift. Only resource properties explicitly defined in the stack template are checked for drift. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Resources that do not currently support drift detection cannot be checked. For a list of resources that support drift detection, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p>Use <a>DetectStackResourceDrift</a> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all resources in a given stack that support drift detection.</p>"
+      "documentation":"<p>Contains the drift information for a resource that has been checked for drift. This includes actual and expected property values for resources in which CloudFormation has detected drift. Only resource properties explicitly defined in the stack template are checked for drift. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift.html\">Detecting Unregulated Configuration Changes to Stacks and Resources</a>.</p> <p>Resources that don't currently support drift detection can't be checked. For a list of resources that support drift detection, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> <p>Use <a>DetectStackResourceDrift</a> to detect drift on individual resources, or <a>DetectStackDrift</a> to detect drift on all resources in a given stack that support drift detection.</p>"
     },
     "StackResourceDriftInformation":{
       "type":"structure",
@@ -5182,7 +5443,7 @@
       "members":{
         "StackResourceDriftStatus":{
           "shape":"StackResourceDriftStatus",
-          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected configuration in that it has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: The resource differs from its expected configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the resource differs from its expected configuration.</p> <p>Any resources that do not currently support drift detection have a status of <code>NOT_CHECKED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>. </p> </li> <li> <p> <code>IN_SYNC</code>: The resources's actual configuration matches its expected configuration.</p> </li> </ul>"
+          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected configuration in that it has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: The resource differs from its expected configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the resource differs from its expected configuration.</p> <p>Any resources that do not currently support drift detection have a status of <code>NOT_CHECKED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>.</p> </li> <li> <p> <code>IN_SYNC</code>: The resource's actual configuration matches its expected configuration.</p> </li> </ul>"
         },
         "LastCheckTimestamp":{
           "shape":"Timestamp",
@@ -5197,7 +5458,7 @@
       "members":{
         "StackResourceDriftStatus":{
           "shape":"StackResourceDriftStatus",
-          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected configuration in that it has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: The resource differs from its expected configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked if the resource differs from its expected configuration.</p> <p>Any resources that do not currently support drift detection have a status of <code>NOT_CHECKED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>. If you performed an <a>ContinueUpdateRollback</a> operation on a stack, any resources included in <code>ResourcesToSkip</code> will also have a status of <code>NOT_CHECKED</code>. For more information on skipping resources during rollback operations, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html\">Continue Rolling Back an Update</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>IN_SYNC</code>: The resources's actual configuration matches its expected configuration.</p> </li> </ul>"
+          "documentation":"<p>Status of the resource's actual configuration compared to its expected configuration.</p> <ul> <li> <p> <code>DELETED</code>: The resource differs from its expected configuration in that it has been deleted.</p> </li> <li> <p> <code>MODIFIED</code>: The resource differs from its expected configuration.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked if the resource differs from its expected configuration.</p> <p>Any resources that don't currently support drift detection have a status of <code>NOT_CHECKED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-stack-drift-resource-list.html\">Resources that Support Drift Detection</a>. If you performed an <a>ContinueUpdateRollback</a> operation on a stack, any resources included in <code>ResourcesToSkip</code> will also have a status of <code>NOT_CHECKED</code>. For more information on skipping resources during rollback operations, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html\">Continue Rolling Back an Update</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>IN_SYNC</code>: The resource's actual configuration matches its expected configuration.</p> </li> </ul>"
         },
         "LastCheckTimestamp":{
           "shape":"Timestamp",
@@ -5322,11 +5583,11 @@
         },
         "ExecutionRoleName":{
           "shape":"ExecutionRoleName",
-          "documentation":"<p>The name of the IAM execution role used to create or update the stack set. </p> <p>Use customized execution roles to control which stack resources users and groups can include in their stack sets. </p>"
+          "documentation":"<p>The name of the IAM execution role used to create or update the stack set.</p> <p>Use customized execution roles to control which stack resources users and groups can include in their stack sets.</p>"
         },
         "StackSetDriftDetectionDetails":{
           "shape":"StackSetDriftDetectionDetails",
-          "documentation":"<p>Detailed information about the drift status of the stack set.</p> <p>For stack sets, contains information about the last <i>completed</i> drift operation performed on the stack set. Information about drift operations currently in progress is not included.</p>"
+          "documentation":"<p>Detailed information about the drift status of the stack set.</p> <p>For stack sets, contains information about the last <i>completed</i> drift operation performed on the stack set. Information about drift operations currently in progress isn't included.</p>"
         },
         "AutoDeployment":{
           "shape":"AutoDeployment",
@@ -5339,9 +5600,13 @@
         "OrganizationalUnitIds":{
           "shape":"OrganizationalUnitIdList",
           "documentation":"<p>[Service-managed permissions] The organization root ID or organizational unit (OU) IDs that you specified for <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DeploymentTargets.html\">DeploymentTargets</a>.</p>"
+        },
+        "ManagedExecution":{
+          "shape":"ManagedExecution",
+          "documentation":"<p>Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.</p>"
         }
       },
-      "documentation":"<p>A structure that contains information about a stack set. A stack set enables you to provision stacks into Amazon Web Services accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, as well as any parameters and capabilities that the template requires. </p>"
+      "documentation":"<p>A structure that contains information about a stack set. A stack set enables you to provision stacks into Amazon Web Services accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, in addition to any parameters and capabilities that the template requires.</p>"
     },
     "StackSetARN":{"type":"string"},
     "StackSetDriftDetectionDetails":{
@@ -5349,23 +5614,23 @@
       "members":{
         "DriftStatus":{
           "shape":"StackSetDriftStatus",
-          "documentation":"<p>Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked the stack set for drift.</p> </li> <li> <p> <code>IN_SYNC</code>: All of the stack instances belonging to the stack set stack match from the expected template and parameter configuration.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked the stack set for drift.</p> </li> <li> <p> <code>IN_SYNC</code>: All of the stack instances belonging to the stack set stack match from the expected template and parameter configuration.</p> </li> </ul>"
         },
         "DriftDetectionStatus":{
           "shape":"StackSetDriftDetectionStatus",
-          "documentation":"<p>The status of the stack set drift detection operation.</p> <ul> <li> <p> <code>COMPLETED</code>: The drift detection operation completed without failing on any stack instances.</p> </li> <li> <p> <code>FAILED</code>: The drift detection operation exceeded the specified failure tolerance. </p> </li> <li> <p> <code>PARTIAL_SUCCESS</code>: The drift detection operation completed without exceeding the failure tolerance for the operation.</p> </li> <li> <p> <code>IN_PROGRESS</code>: The drift detection operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has cancelled the drift detection operation.</p> </li> </ul>"
+          "documentation":"<p>The status of the stack set drift detection operation.</p> <ul> <li> <p> <code>COMPLETED</code>: The drift detection operation completed without failing on any stack instances.</p> </li> <li> <p> <code>FAILED</code>: The drift detection operation exceeded the specified failure tolerance.</p> </li> <li> <p> <code>PARTIAL_SUCCESS</code>: The drift detection operation completed without exceeding the failure tolerance for the operation.</p> </li> <li> <p> <code>IN_PROGRESS</code>: The drift detection operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has canceled the drift detection operation.</p> </li> </ul>"
         },
         "LastDriftCheckTimestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be <code>NULL</code> for any stack set on which drift detection has not yet been performed.</p>"
+          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be <code>NULL</code> for any stack set on which drift detection hasn't yet been performed.</p>"
         },
         "TotalStackInstancesCount":{
           "shape":"TotalStackInstancesCount",
-          "documentation":"<p>The total number of stack instances belonging to this stack set. </p> <p>The total number of stack instances is equal to the total of:</p> <ul> <li> <p>Stack instances that match the stack set configuration. </p> </li> <li> <p>Stack instances that have drifted from the stack set configuration. </p> </li> <li> <p>Stack instances where the drift detection operation has failed.</p> </li> <li> <p>Stack instances currently being checked for drift.</p> </li> </ul>"
+          "documentation":"<p>The total number of stack instances belonging to this stack set.</p> <p>The total number of stack instances is equal to the total of:</p> <ul> <li> <p>Stack instances that match the stack set configuration.</p> </li> <li> <p>Stack instances that have drifted from the stack set configuration.</p> </li> <li> <p>Stack instances where the drift detection operation has failed.</p> </li> <li> <p>Stack instances currently being checked for drift.</p> </li> </ul>"
         },
         "DriftedStackInstancesCount":{
           "shape":"DriftedStackInstancesCount",
-          "documentation":"<p>The number of stack instances that have drifted from the expected template and parameter configuration of the stack set. A stack instance is considered to have drifted if one or more of the resources in the associated stack do not match their expected configuration.</p>"
+          "documentation":"<p>The number of stack instances that have drifted from the expected template and parameter configuration of the stack set. A stack instance is considered to have drifted if one or more of the resources in the associated stack don't match their expected configuration.</p>"
         },
         "InSyncStackInstancesCount":{
           "shape":"InSyncStackInstancesCount",
@@ -5380,7 +5645,7 @@
           "documentation":"<p>The number of stack instances for which the drift detection operation failed.</p>"
         }
       },
-      "documentation":"<p>Detailed information about the drift status of the stack set.</p> <p>For stack sets, contains information about the last <i>completed</i> drift operation performed on the stack set. Information about drift operations in-progress is not included. </p> <p>For stack set operations, includes information about drift operations currently being performed on the stack set.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting Unmanaged Changes in Stack Sets</a> in the <i>CloudFormation User Guide</i>.</p>"
+      "documentation":"<p>Detailed information about the drift status of the stack set.</p> <p>For stack sets, contains information about the last <i>completed</i> drift operation performed on the stack set. Information about drift operations in-progress isn't included.</p> <p>For stack set operations, includes information about drift operations currently being performed on the stack set.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting unmanaged changes in stack sets</a> in the <i>CloudFormation User Guide</i>.</p>"
     },
     "StackSetDriftDetectionStatus":{
       "type":"string",
@@ -5443,11 +5708,11 @@
         },
         "Action":{
           "shape":"StackSetOperationAction",
-          "documentation":"<p>The type of stack set operation: <code>CREATE</code>, <code>UPDATE</code>, or <code>DELETE</code>. Create and delete operations affect only the specified stack set instances that are associated with the specified stack set. Update operations affect both the stack set itself, as well as <i>all</i> associated stack set instances.</p>"
+          "documentation":"<p>The type of stack set operation: <code>CREATE</code>, <code>UPDATE</code>, or <code>DELETE</code>. Create and delete operations affect only the specified stack set instances that are associated with the specified stack set. Update operations affect both the stack set itself, in addition to <i>all</i> associated stack set instances.</p>"
         },
         "Status":{
           "shape":"StackSetOperationStatus",
-          "documentation":"<p>The status of the operation. </p> <ul> <li> <p> <code>FAILED</code>: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to <code>FAILED</code>. This in turn sets the status of the operation as a whole to <code>FAILED</code>, and CloudFormation cancels the operation in any remaining Regions.</p> </li> <li> <p> <code>QUEUED</code>: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes\">stack set operation status codes</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>RUNNING</code>: The operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has cancelled the operation.</p> </li> <li> <p> <code>STOPPING</code>: The operation is in the process of stopping, at user request. </p> </li> <li> <p> <code>SUCCEEDED</code>: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.</p> </li> </ul>"
+          "documentation":"<p>The status of the operation.</p> <ul> <li> <p> <code>FAILED</code>: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to <code>FAILED</code>. This in turn sets the status of the operation as a whole to <code>FAILED</code>, and CloudFormation cancels the operation in any remaining Regions.</p> </li> <li> <p> <code>QUEUED</code>: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes\">stack set operation status codes</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>RUNNING</code>: The operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has canceled the operation.</p> </li> <li> <p> <code>STOPPING</code>: The operation is in the process of stopping, at user request.</p> </li> <li> <p> <code>SUCCEEDED</code>: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.</p> </li> </ul>"
         },
         "OperationPreferences":{
           "shape":"StackSetOperationPreferences",
@@ -5455,15 +5720,15 @@
         },
         "RetainStacks":{
           "shape":"RetainStacksNullable",
-          "documentation":"<p>For stack set operations of action type <code>DELETE</code>, specifies whether to remove the stack instances from the specified stack set, but doesn't delete the stacks. You can't reassociate a retained stack, or add an existing, saved stack to a new stack set.</p>"
+          "documentation":"<p>For stack set operations of action type <code>DELETE</code>, specifies whether to remove the stack instances from the specified stack set, but doesn't delete the stacks. You can't re-associate a retained stack, or add an existing, saved stack to a new stack set.</p>"
         },
         "AdministrationRoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Number (ARN) of the IAM role used to perform this stack set operation. </p> <p>Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\">Define Permissions for Multiple Administrators</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>The Amazon Resource Number (ARN) of the IAM role used to perform this stack set operation.</p> <p>Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html\">Define Permissions for Multiple Administrators</a> in the <i>CloudFormation User Guide</i>.</p>"
         },
         "ExecutionRoleName":{
           "shape":"ExecutionRoleName",
-          "documentation":"<p>The name of the IAM execution role used to create or update the stack set.</p> <p>Use customized execution roles to control which stack resources users and groups can include in their stack sets. </p>"
+          "documentation":"<p>The name of the IAM execution role used to create or update the stack set.</p> <p>Use customized execution roles to control which stack resources users and groups can include in their stack sets.</p>"
         },
         "CreationTimestamp":{
           "shape":"Timestamp",
@@ -5479,10 +5744,10 @@
         },
         "StackSetDriftDetectionDetails":{
           "shape":"StackSetDriftDetectionDetails",
-          "documentation":"<p>Detailed information about the drift status of the stack set. This includes information about drift operations currently being performed on the stack set.</p> <p>this information will only be present for stack set operations whose <code>Action</code> type is <code>DETECT_DRIFT</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting Unmanaged Changes in Stack Sets</a> in the CloudFormation User Guide.</p>"
+          "documentation":"<p>Detailed information about the drift status of the stack set. This includes information about drift operations currently being performed on the stack set.</p> <p>This information will only be present for stack set operations whose <code>Action</code> type is <code>DETECT_DRIFT</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-drift.html\">Detecting Unmanaged Changes in Stack Sets</a> in the CloudFormation User Guide.</p>"
         }
       },
-      "documentation":"<p>The structure that contains information about a stack set operation. </p>"
+      "documentation":"<p>The structure that contains information about a stack set operation.</p>"
     },
     "StackSetOperationAction":{
       "type":"string",
@@ -5514,14 +5779,14 @@
         },
         "MaxConcurrentCount":{
           "shape":"MaxConcurrentCount",
-          "documentation":"<p>The maximum number of accounts in which to perform this operation at one time. This is dependent on the value of <code>FailureToleranceCount</code>. <code>MaxConcurrentCount</code> is at most one more than the <code>FailureToleranceCount</code>.</p> <p>Note that this setting lets you specify the <i>maximum</i> for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.</p> <p>Conditional: You must specify either <code>MaxConcurrentCount</code> or <code>MaxConcurrentPercentage</code>, but not both.</p> <p>By default, <code>1</code> is specified.</p>"
+          "documentation":"<p>The maximum number of accounts in which to perform this operation at one time. This is dependent on the value of <code>FailureToleranceCount</code>.<code>MaxConcurrentCount</code> is at most one more than the <code>FailureToleranceCount</code>.</p> <p>Note that this setting lets you specify the <i>maximum</i> for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.</p> <p>Conditional: You must specify either <code>MaxConcurrentCount</code> or <code>MaxConcurrentPercentage</code>, but not both.</p> <p>By default, <code>1</code> is specified.</p>"
         },
         "MaxConcurrentPercentage":{
           "shape":"MaxConcurrentPercentage",
           "documentation":"<p>The maximum percentage of accounts in which to perform this operation at one time.</p> <p>When calculating the number of accounts based on the specified percentage, CloudFormation rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, CloudFormation sets the number as one instead.</p> <p>Note that this setting lets you specify the <i>maximum</i> for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.</p> <p>Conditional: You must specify either <code>MaxConcurrentCount</code> or <code>MaxConcurrentPercentage</code>, but not both.</p> <p>By default, <code>1</code> is specified.</p>"
         }
       },
-      "documentation":"<p>The user-specified preferences for how CloudFormation performs a stack set operation. </p> <p>For more information on maximum concurrent accounts and failure tolerance, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options\">Stack set operation options</a>.</p>"
+      "documentation":"<p>The user-specified preferences for how CloudFormation performs a stack set operation.</p> <p>For more information on maximum concurrent accounts and failure tolerance, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-ops-options\">Stack set operation options</a>.</p>"
     },
     "StackSetOperationResultStatus":{
       "type":"string",
@@ -5550,7 +5815,7 @@
         },
         "Status":{
           "shape":"StackSetOperationResultStatus",
-          "documentation":"<p>The result status of the stack set operation for the given account in the given Region.</p> <ul> <li> <p> <code>CANCELLED</code>: The operation in the specified account and Region has been cancelled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.</p> </li> <li> <p> <code>FAILED</code>: The operation in the specified account and Region failed. </p> <p>If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded. </p> </li> <li> <p> <code>RUNNING</code>: The operation in the specified account and Region is currently in progress.</p> </li> <li> <p> <code>PENDING</code>: The operation in the specified account and Region has yet to start. </p> </li> <li> <p> <code>SUCCEEDED</code>: The operation in the specified account and Region completed successfully.</p> </li> </ul>"
+          "documentation":"<p>The result status of the stack set operation for the given account in the given Region.</p> <ul> <li> <p> <code>CANCELLED</code>: The operation in the specified account and Region has been canceled. This is either because a user has stopped the stack set operation, or because the failure tolerance of the stack set operation has been exceeded.</p> </li> <li> <p> <code>FAILED</code>: The operation in the specified account and Region failed.</p> <p>If the stack set operation fails in enough accounts within a Region, the failure tolerance for the stack set operation as a whole might be exceeded.</p> </li> <li> <p> <code>RUNNING</code>: The operation in the specified account and Region is currently in progress.</p> </li> <li> <p> <code>PENDING</code>: The operation in the specified account and Region has yet to start.</p> </li> <li> <p> <code>SUCCEEDED</code>: The operation in the specified account and Region completed successfully.</p> </li> </ul>"
         },
         "StatusReason":{
           "shape":"Reason",
@@ -5558,7 +5823,7 @@
         },
         "AccountGateResult":{
           "shape":"AccountGateResult",
-          "documentation":"<p>The results of the account gate function CloudFormation invokes, if present, before proceeding with stack set operations in an account</p>"
+          "documentation":"<p>The results of the account gate function CloudFormation invokes, if present, before proceeding with stack set operations in an account.</p>"
         },
         "OrganizationalUnitId":{
           "shape":"OrganizationalUnitId",
@@ -5591,11 +5856,11 @@
         },
         "Action":{
           "shape":"StackSetOperationAction",
-          "documentation":"<p>The type of operation: <code>CREATE</code>, <code>UPDATE</code>, or <code>DELETE</code>. Create and delete operations affect only the specified stack instances that are associated with the specified stack set. Update operations affect both the stack set itself as well as <i>all</i> associated stack set instances.</p>"
+          "documentation":"<p>The type of operation: <code>CREATE</code>, <code>UPDATE</code>, or <code>DELETE</code>. Create and delete operations affect only the specified stack instances that are associated with the specified stack set. Update operations affect both the stack set itself and <i>all</i> associated stack set instances.</p>"
         },
         "Status":{
           "shape":"StackSetOperationStatus",
-          "documentation":"<p>The overall status of the operation.</p> <ul> <li> <p> <code>FAILED</code>: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to <code>FAILED</code>. This in turn sets the status of the operation as a whole to <code>FAILED</code>, and CloudFormation cancels the operation in any remaining Regions.</p> </li> <li> <p> <code>QUEUED</code>: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes\">stack set operation status codes</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>RUNNING</code>: The operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has cancelled the operation.</p> </li> <li> <p> <code>STOPPING</code>: The operation is in the process of stopping, at user request. </p> </li> <li> <p> <code>SUCCEEDED</code>: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.</p> </li> </ul>"
+          "documentation":"<p>The overall status of the operation.</p> <ul> <li> <p> <code>FAILED</code>: The operation exceeded the specified failure tolerance. The failure tolerance value that you've set for an operation is applied for each Region during stack create and update operations. If the number of failed stacks within a Region exceeds the failure tolerance, the status of the operation in the Region is set to <code>FAILED</code>. This in turn sets the status of the operation as a whole to <code>FAILED</code>, and CloudFormation cancels the operation in any remaining Regions.</p> </li> <li> <p> <code>QUEUED</code>: [Service-managed permissions] For automatic deployments that require a sequence of operations, the operation is queued to be performed. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html#stackset-status-codes\">stack set operation status codes</a> in the CloudFormation User Guide.</p> </li> <li> <p> <code>RUNNING</code>: The operation is currently being performed.</p> </li> <li> <p> <code>STOPPED</code>: The user has canceled the operation.</p> </li> <li> <p> <code>STOPPING</code>: The operation is in the process of stopping, at user request.</p> </li> <li> <p> <code>SUCCEEDED</code>: The operation completed creating or updating all the specified stacks without exceeding the failure tolerance for the operation.</p> </li> </ul>"
         },
         "CreationTimestamp":{
           "shape":"Timestamp",
@@ -5648,11 +5913,15 @@
         },
         "DriftStatus":{
           "shape":"StackDriftStatus",
-          "documentation":"<p>Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation has not checked the stack set for drift.</p> </li> <li> <p> <code>IN_SYNC</code>: All of the stack instances belonging to the stack set stack match from the expected template and parameter configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
+          "documentation":"<p>Status of the stack set's actual configuration compared to its expected template and parameter configuration. A stack set is considered to have drifted if one or more of its stack instances have drifted from their expected template and parameter configuration.</p> <ul> <li> <p> <code>DRIFTED</code>: One or more of the stack instances belonging to the stack set stack differs from the expected template and parameter configuration. A stack instance is considered to have drifted if one or more of the resources in the associated stack have drifted.</p> </li> <li> <p> <code>NOT_CHECKED</code>: CloudFormation hasn't checked the stack set for drift.</p> </li> <li> <p> <code>IN_SYNC</code>: All the stack instances belonging to the stack set stack match from the expected template and parameter configuration.</p> </li> <li> <p> <code>UNKNOWN</code>: This value is reserved for future use.</p> </li> </ul>"
         },
         "LastDriftCheckTimestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be <code>NULL</code> for any stack set on which drift detection has not yet been performed.</p>"
+          "documentation":"<p>Most recent time when CloudFormation performed a drift detection operation on the stack set. This value will be <code>NULL</code> for any stack set on which drift detection hasn't yet been performed.</p>"
+        },
+        "ManagedExecution":{
+          "shape":"ManagedExecution",
+          "documentation":"<p>Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.</p>"
         }
       },
       "documentation":"<p>The structures that contain summary information about the specified stack set.</p>"
@@ -5761,7 +6030,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Another operation has been performed on this stack set since the specified operation was performed. </p>",
+      "documentation":"<p>Another operation has been performed on this stack set since the specified operation was performed.</p>",
       "error":{
         "code":"StaleRequestException",
         "httpStatusCode":409,
@@ -5786,7 +6055,7 @@
         },
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The ID of the stack operation. </p>"
+          "documentation":"<p>The ID of the stack operation.</p>"
         },
         "CallAs":{
           "shape":"CallAs",
@@ -5889,7 +6158,7 @@
       "members":{
         "Arn":{
           "shape":"TypeArn",
-          "documentation":"<p>The Amazon Resource Number (ARN) of the extension.</p> <p>Conditional: You must specify <code>Arn</code>, or <code>TypeName</code> and <code>Type</code>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the extension.</p> <p>Conditional: You must specify <code>Arn</code>, or <code>TypeName</code> and <code>Type</code>.</p>"
         },
         "Type":{
           "shape":"ThirdPartyType",
@@ -5901,11 +6170,11 @@
         },
         "VersionId":{
           "shape":"TypeVersionId",
-          "documentation":"<p>The version of the extension to test.</p> <p>You can specify the version id with either <code>Arn</code>, or with <code>TypeName</code> and <code>Type</code>.</p> <p>If you do not specify a version, CloudFormation uses the default version of the extension in this account and region for testing.</p>"
+          "documentation":"<p>The version of the extension to test.</p> <p>You can specify the version id with either <code>Arn</code>, or with <code>TypeName</code> and <code>Type</code>.</p> <p>If you don't specify a version, CloudFormation uses the default version of the extension in this account and region for testing.</p>"
         },
         "LogDeliveryBucket":{
           "shape":"S3Bucket",
-          "documentation":"<p>The S3 bucket to which CloudFormation delivers the contract test execution logs.</p> <p>CloudFormation delivers the logs by the time contract testing has completed and the extension has been assigned a test type status of <code>PASSED</code> or <code>FAILED</code>.</p> <p>The user calling <code>TestType</code> must be able to access items in the specified S3 bucket. Specifically, the user needs the following permissions:</p> <ul> <li> <p>GetObject</p> </li> <li> <p>PutObject</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a> in the <i>Amazon Web Services Identity and Access Management User Guide</i>.</p>"
+          "documentation":"<p>The S3 bucket to which CloudFormation delivers the contract test execution logs.</p> <p>CloudFormation delivers the logs by the time contract testing has completed and the extension has been assigned a test type status of <code>PASSED</code> or <code>FAILED</code>.</p> <p>The user calling <code>TestType</code> must be able to access items in the specified S3 bucket. Specifically, the user needs the following permissions:</p> <ul> <li> <p> <code>GetObject</code> </p> </li> <li> <p> <code>PutObject</code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a> in the <i>Amazon Web Services Identity and Access Management User Guide</i>.</p>"
         }
       }
     },
@@ -5914,7 +6183,7 @@
       "members":{
         "TypeVersionArn":{
           "shape":"TypeArn",
-          "documentation":"<p>The Amazon Resource Number (ARN) of the extension.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the extension.</p>"
         }
       }
     },
@@ -5922,7 +6191,8 @@
       "type":"string",
       "enum":[
         "RESOURCE",
-        "MODULE"
+        "MODULE",
+        "HOOK"
       ]
     },
     "ThirdPartyTypeArn":{
@@ -5992,15 +6262,15 @@
         },
         "Configuration":{
           "shape":"TypeConfiguration",
-          "documentation":"<p>A JSON string specifying the configuration data for the extension, in this account and region. </p> <p>If a configuration has not been set for a specified extension, CloudFormation returns <code>{}</code>.</p>"
+          "documentation":"<p>A JSON string specifying the configuration data for the extension, in this account and region.</p> <p>If a configuration hasn't been set for a specified extension, CloudFormation returns <code>{}</code>.</p>"
         },
         "LastUpdated":{
           "shape":"Timestamp",
-          "documentation":"<p>When the configuration data was last updated for this extension.</p> <p>If a configuration has not been set for a specified extension, CloudFormation returns <code>null</code>.</p>"
+          "documentation":"<p>When the configuration data was last updated for this extension.</p> <p>If a configuration hasn't been set for a specified extension, CloudFormation returns <code>null</code>.</p>"
         },
         "TypeArn":{
           "shape":"TypeArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region.</p>"
         },
         "TypeName":{
           "shape":"TypeName",
@@ -6022,7 +6292,7 @@
       "members":{
         "TypeArn":{
           "shape":"TypeArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the extension, in this account and region.</p> <p>For public extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_ActivateType.html\">activate the type</a> in this account and region. For private extensions, this will be the ARN assigned when you <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">register the type</a> in this account and region.</p>"
         },
         "TypeConfigurationAlias":{
           "shape":"TypeConfigurationAlias",
@@ -6052,7 +6322,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified extension configuration cannot be found.</p>",
+      "documentation":"<p>The specified extension configuration can't be found.</p>",
       "error":{
         "code":"TypeConfigurationNotFoundException",
         "httpStatusCode":404,
@@ -6065,11 +6335,11 @@
       "members":{
         "Category":{
           "shape":"Category",
-          "documentation":"<p>The category of extensions to return.</p> <ul> <li> <p> <code>REGISTERED</code>: Private extensions that have been registered for this account and region.</p> </li> <li> <p> <code>ACTIVATED</code>: Public extensions that have been activated for this account and region.</p> </li> <li> <p> <code>THIRD-PARTY</code>: Extensions available for use from publishers other than Amazon. This includes:</p> <ul> <li> <p>Private extensions registered in the account.</p> </li> <li> <p>Public extensions from publishers other than Amazon, whether activated or not.</p> </li> </ul> </li> <li> <p> <code>AWS-TYPES</code>: Extensions available for use from Amazon.</p> </li> </ul>"
+          "documentation":"<p>The category of extensions to return.</p> <ul> <li> <p> <code>REGISTERED</code>: Private extensions that have been registered for this account and region.</p> </li> <li> <p> <code>ACTIVATED</code>: Public extensions that have been activated for this account and region.</p> </li> <li> <p> <code>THIRD_PARTY</code>: Extensions available for use from publishers other than Amazon. This includes:</p> <ul> <li> <p>Private extensions registered in the account.</p> </li> <li> <p>Public extensions from publishers other than Amazon, whether activated or not.</p> </li> </ul> </li> <li> <p> <code>AWS_TYPES</code>: Extensions available for use from Amazon.</p> </li> </ul>"
         },
         "PublisherId":{
           "shape":"PublisherId",
-          "documentation":"<p>The id of the publisher of the extension. </p> <p>Extensions published by Amazon are not assigned a publisher ID. Use the <code>AWS-TYPES</code> category to specify a list of types published by Amazon.</p>"
+          "documentation":"<p>The id of the publisher of the extension.</p> <p>Extensions published by Amazon aren't assigned a publisher ID. Use the <code>AWS_TYPES</code> category to specify a list of types published by Amazon.</p>"
         },
         "TypeNamePrefix":{
           "shape":"TypeNamePrefix",
@@ -6095,7 +6365,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified extension does not exist in the CloudFormation registry.</p>",
+      "documentation":"<p>The specified extension doesn't exist in the CloudFormation registry.</p>",
       "error":{
         "code":"TypeNotFoundException",
         "httpStatusCode":404,
@@ -6125,7 +6395,7 @@
         },
         "DefaultVersionId":{
           "shape":"TypeVersionId",
-          "documentation":"<p>The ID of the default version of the extension. The default version is used when the extension version is not specified.</p> <p>This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns <code>null</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>To set the default version of an extension, use <code> <a>SetTypeDefaultVersion</a> </code>. </p>"
+          "documentation":"<p>The ID of the default version of the extension. The default version is used when the extension version isn't specified.</p> <p>This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns <code>null</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_RegisterType.html\">RegisterType</a>.</p> <p>To set the default version of an extension, use <code> <a>SetTypeDefaultVersion</a> </code>.</p>"
         },
         "TypeArn":{
           "shape":"TypeArn",
@@ -6141,7 +6411,7 @@
         },
         "PublisherId":{
           "shape":"PublisherId",
-          "documentation":"<p>The ID of the extension publisher, if the extension is published by a third party. Extensions published by Amazon do not return a publisher ID.</p>"
+          "documentation":"<p>The ID of the extension publisher, if the extension is published by a third party. Extensions published by Amazon don't return a publisher ID.</p>"
         },
         "OriginalTypeName":{
           "shape":"TypeName",
@@ -6149,11 +6419,11 @@
         },
         "PublicVersionNumber":{
           "shape":"PublicVersionNumber",
-          "documentation":"<p>For public extensions that have been activated for this account and region, the version of the public extension to be used for CloudFormation operations in this account and region.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extention in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>For public extensions that have been activated for this account and region, the version of the public extension to be used for CloudFormation operations in this account and Region.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extension in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
         },
         "LatestPublicVersion":{
           "shape":"PublicVersionNumber",
-          "documentation":"<p>For public extensions that have been activated for this account and region, the latest version of the public extension <i>that is available</i>. For any extensions other than activated third-arty extensions, CloudFormation returns <code>null</code>.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extention in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>For public extensions that have been activated for this account and region, the latest version of the public extension <i>that is available</i>. For any extensions other than activated third-arty extensions, CloudFormation returns <code>null</code>.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extension in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
         },
         "PublisherIdentity":{
           "shape":"IdentityProvider",
@@ -6165,7 +6435,7 @@
         },
         "IsActivated":{
           "shape":"IsActivated",
-          "documentation":"<p>Whether or not the extension is activated for this account and region. </p> <p>This applies only to third-party public extensions. Extensions published by Amazon are activated by default.</p>"
+          "documentation":"<p>Whether or not the extension is activated for this account and region.</p> <p>This applies only to third-party public extensions. Extensions published by Amazon are activated by default.</p>"
         }
       },
       "documentation":"<p>Contains summary information about the specified CloudFormation extension.</p>"
@@ -6208,11 +6478,11 @@
         },
         "VersionId":{
           "shape":"TypeVersionId",
-          "documentation":"<p>The ID of a specific version of the extension. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the extension version when it is registered.</p>"
+          "documentation":"<p>The ID of a specific version of the extension. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the extension version when it's registered.</p>"
         },
         "IsDefaultVersion":{
           "shape":"IsDefaultVersion",
-          "documentation":"<p>Whether the specified extension version is set as the default version.</p> <p>This applies only to private extensions you have registered in your account, and extensions published by Amazon. For public third-party extensions, whether or not they are activated in your account, CloudFormation returns <code>null</code>.</p>"
+          "documentation":"<p>Whether the specified extension version is set as the default version.</p> <p>This applies only to private extensions you have registered in your account, and extensions published by Amazon. For public third-party extensions, CloudFormation returns <code>null</code>.</p>"
         },
         "Arn":{
           "shape":"TypeArn",
@@ -6228,7 +6498,7 @@
         },
         "PublicVersionNumber":{
           "shape":"PublicVersionNumber",
-          "documentation":"<p>For public extensions that have been activated for this account and region, the version of the public extension to be used for CloudFormation operations in this account and region. For any extensions other than activated third-arty extensions, CloudFormation returns <code>null</code>.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extention in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
+          "documentation":"<p>For public extensions that have been activated for this account and region, the version of the public extension to be used for CloudFormation operations in this account and region. For any extensions other than activated third-arty extensions, CloudFormation returns <code>null</code>.</p> <p>How you specified <code>AutoUpdate</code> when enabling the extension affects whether CloudFormation automatically updates the extension in this account and region when a new version is released. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html#registry-public-enable-auto\">Setting CloudFormation to automatically use new versions of extensions</a> in the <i>CloudFormation User Guide</i>.</p>"
         }
       },
       "documentation":"<p>Contains summary information about a specific version of a CloudFormation extension.</p>"
@@ -6251,7 +6521,7 @@
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>Location of file containing the template body. The URL must point to a template that is located in an Amazon S3 bucket or a Systems Manager document. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code>, <code>TemplateURL</code>, or set the <code>UsePreviousTemplate</code> to <code>true</code>.</p>"
+          "documentation":"<p>Location of file containing the template body. The URL must point to a template that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code>, <code>TemplateURL</code>, or set the <code>UsePreviousTemplate</code> to <code>true</code>.</p>"
         },
         "UsePreviousTemplate":{
           "shape":"UsePreviousTemplate",
@@ -6271,7 +6541,7 @@
         },
         "Capabilities":{
           "shape":"Capabilities",
-          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually updating the stack. If your stack template contains one or more macros, and you choose to update a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <p>If you want to update a stack from a stack template that contains macros <i>and</i> nested stacks, you must update the stack directly from the template using this capability.</p> <important> <p>You should only update stacks directly from a stack template that contains macros if you know what processing the macro performs.</p> <p>Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.</p> </important> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> </li> </ul>"
+          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\">AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\">AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually updating the stack. If your stack template contains one or more macros, and you choose to update a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.</p> <p>If you want to update a stack from a stack template that contains macros <i>and</i> nested stacks, you must update the stack directly from the template using this capability.</p> <important> <p>You should only update stacks directly from a stack template that contains macros if you know what processing the macro performs.</p> <p>Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.</p> </important> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> </li> </ul>"
         },
         "ResourceTypes":{
           "shape":"ResourceTypes",
@@ -6279,7 +6549,7 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to update the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to update the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.</p> <p>If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.</p>"
         },
         "RollbackConfiguration":{
           "shape":"RollbackConfiguration",
@@ -6287,11 +6557,11 @@
         },
         "StackPolicyBody":{
           "shape":"StackPolicyBody",
-          "documentation":"<p>Structure containing a new stack policy body. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p> <p>You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you do not specify a stack policy, the current policy that is associated with the stack is unchanged.</p>"
+          "documentation":"<p>Structure containing a new stack policy body. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p> <p>You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.</p>"
         },
         "StackPolicyURL":{
           "shape":"StackPolicyURL",
-          "documentation":"<p>Location of a file containing the updated stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p> <p>You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you do not specify a stack policy, the current policy that is associated with the stack is unchanged.</p>"
+          "documentation":"<p>Location of a file containing the updated stack policy. The URL must point to a policy (max size: 16KB) located in an S3 bucket in the same Region as the stack. You can specify either the <code>StackPolicyBody</code> or the <code>StackPolicyURL</code> parameter, but not both.</p> <p>You might update the stack policy, for example, in order to protect a new resource that you created during a stack update. If you don't specify a stack policy, the current policy that is associated with the stack is unchanged.</p>"
         },
         "NotificationARNs":{
           "shape":"NotificationARNs",
@@ -6325,7 +6595,7 @@
         },
         "Accounts":{
           "shape":"AccountList",
-          "documentation":"<p>[Self-managed permissions] The names of one or more Amazon Web Services accounts for which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Regions.</p> <p>You can specify <code>Accounts</code> or <code>DeploymentTargets</code>, but not both.</p>"
+          "documentation":"<p>[Self-managed permissions] The names of one or more Amazon Web Services accounts for which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions.</p> <p>You can specify <code>Accounts</code> or <code>DeploymentTargets</code>, but not both.</p>"
         },
         "DeploymentTargets":{
           "shape":"DeploymentTargets",
@@ -6333,11 +6603,11 @@
         },
         "Regions":{
           "shape":"RegionList",
-          "documentation":"<p>The names of one or more Regions in which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Regions.</p>"
+          "documentation":"<p>The names of one or more Amazon Web Services Regions in which you want to update parameter values for stack instances. The overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions.</p>"
         },
         "ParameterOverrides":{
           "shape":"Parameters",
-          "documentation":"<p> A list of input parameters whose values you want to update for the specified stack instances. </p> <p>Any overridden parameter values will be applied to all stack instances in the specified accounts and Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance update operations:</p> <ul> <li> <p>To override the current value for a parameter, include the parameter and specify its value.</p> </li> <li> <p>To leave an overridden parameter set to its present value, include the parameter and specify <code>UsePreviousValue</code> as <code>true</code>. (You cannot specify both a value and set <code>UsePreviousValue</code> to <code>true</code>.)</p> </li> <li> <p>To set an overridden parameter back to the value specified in the stack set, specify a parameter list but do not include the parameter in the list.</p> </li> <li> <p>To leave all parameters set to their present values, do not specify this property at all.</p> </li> </ul> <p>During stack set updates, any parameter values overridden for a stack instance are not updated, but retain their overridden value.</p> <p>You can only override the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <code>UpdateStackSet</code> to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using <code>UpdateStackInstances</code>.</p>"
+          "documentation":"<p>A list of input parameters whose values you want to update for the specified stack instances.</p> <p>Any overridden parameter values will be applied to all stack instances in the specified accounts and Amazon Web Services Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance update operations:</p> <ul> <li> <p>To override the current value for a parameter, include the parameter and specify its value.</p> </li> <li> <p>To leave an overridden parameter set to its present value, include the parameter and specify <code>UsePreviousValue</code> as <code>true</code>. (You can't specify both a value and set <code>UsePreviousValue</code> to <code>true</code>.)</p> </li> <li> <p>To set an overridden parameter back to the value specified in the stack set, specify a parameter list but don't include the parameter in the list.</p> </li> <li> <p>To leave all parameters set to their present values, don't specify this property at all.</p> </li> </ul> <p>During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.</p> <p>You can only override the parameter <i>values</i> that are specified in the stack set; to add or delete a parameter itself, use <code>UpdateStackSet</code> to update the stack set template. If you add a parameter to a template, before you can override the parameter value specified in the stack set you must first use <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_UpdateStackSet.html\">UpdateStackSet</a> to update all stack instances with the updated template and parameter value specified in the stack set. Once a stack instance has been updated with the new parameter, you can then override the parameter value using <code>UpdateStackInstances</code>.</p>"
         },
         "OperationPreferences":{
           "shape":"StackSetOperationPreferences",
@@ -6345,7 +6615,7 @@
         },
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The unique identifier for this stack set operation. </p> <p>The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.</p> <p>If you don't specify an operation ID, the SDK generates one automatically. </p>",
+          "documentation":"<p>The unique identifier for this stack set operation.</p> <p>The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.</p> <p>If you don't specify an operation ID, the SDK generates one automatically.</p>",
           "idempotencyToken":true
         },
         "CallAs":{
@@ -6359,7 +6629,7 @@
       "members":{
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The unique identifier for this stack set operation. </p>"
+          "documentation":"<p>The unique identifier for this stack set operation.</p>"
         }
       }
     },
@@ -6391,23 +6661,23 @@
         },
         "TemplateURL":{
           "shape":"TemplateURL",
-          "documentation":"<p>The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code> or <code>TemplateURL</code>—or set <code>UsePreviousTemplate</code> to true. </p>"
+          "documentation":"<p>The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html\">Template Anatomy</a> in the CloudFormation User Guide.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code> or <code>TemplateURL</code>—or set <code>UsePreviousTemplate</code> to true.</p>"
         },
         "UsePreviousTemplate":{
           "shape":"UsePreviousTemplate",
-          "documentation":"<p>Use the existing template that's associated with the stack set that you're updating.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code> or <code>TemplateURL</code>—or set <code>UsePreviousTemplate</code> to true. </p>"
+          "documentation":"<p>Use the existing template that's associated with the stack set that you're updating.</p> <p>Conditional: You must specify only one of the following parameters: <code>TemplateBody</code> or <code>TemplateURL</code>—or set <code>UsePreviousTemplate</code> to true.</p>"
         },
         "Parameters":{
           "shape":"Parameters",
-          "documentation":"<p>A list of input parameters for the stack set template. </p>"
+          "documentation":"<p>A list of input parameters for the stack set template.</p>"
         },
         "Capabilities":{
           "shape":"Capabilities",
-          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack set and its associated stack instances.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks sets, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability. </p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>. </p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some templates reference macros. If your stack set template references one or more macros, you must update the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To update the stack set directly, you must acknowledge this capability. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> <important> <p>Stack sets with service-managed permissions do not currently support the use of macros in templates. (This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.</p> </important> </li> </ul>"
+          "documentation":"<p>In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to update the stack set and its associated stack instances.</p> <ul> <li> <p> <code>CAPABILITY_IAM</code> and <code>CAPABILITY_NAMED_IAM</code> </p> <p>Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks sets, you must explicitly acknowledge this by specifying one of these capabilities.</p> <p>The following IAM resources require you to specify either the <code>CAPABILITY_IAM</code> or <code>CAPABILITY_NAMED_IAM</code> capability.</p> <ul> <li> <p>If you have IAM resources, you can specify either capability.</p> </li> <li> <p>If you have IAM resources with custom names, you <i>must</i> specify <code>CAPABILITY_NAMED_IAM</code>.</p> </li> <li> <p>If you don't specify either of these capabilities, CloudFormation returns an <code>InsufficientCapabilities</code> error.</p> </li> </ul> <p>If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html\"> AWS::IAM::AccessKey</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html\"> AWS::IAM::Group</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-instanceprofile.html\"> AWS::IAM::InstanceProfile</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-policy.html\"> AWS::IAM::Policy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html\"> AWS::IAM::Role</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html\"> AWS::IAM::User</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-addusertogroup.html\"> AWS::IAM::UserToGroupAddition</a> </p> </li> </ul> <p>For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#capabilities\">Acknowledging IAM Resources in CloudFormation Templates</a>.</p> </li> <li> <p> <code>CAPABILITY_AUTO_EXPAND</code> </p> <p>Some templates reference macros. If your stack set template references one or more macros, you must update the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To update the stack set directly, you must acknowledge this capability. For more information, see <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html\">Using CloudFormation Macros to Perform Custom Processing on Templates</a>.</p> <important> <p>Stack sets with service-managed permissions do not currently support the use of macros in templates. (This includes the <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html\">AWS::Include</a> and <a href=\"http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-aws-serverless.html\">AWS::Serverless</a> transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.</p> </important> </li> </ul>"
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>The key-value pairs to associate with this stack set and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. You can specify a maximum number of 50 tags.</p> <p>If you specify tags for this parameter, those tags replace any list of tags that are currently associated with this stack set. This means:</p> <ul> <li> <p>If you don't specify this parameter, CloudFormation doesn't modify the stack's tags. </p> </li> <li> <p>If you specify <i>any</i> tags using this parameter, you must specify <i>all</i> the tags that you want associated with this stack set, even tags you've specifed before (for example, when creating the stack set or during a previous update of the stack set.). Any tags that you don't include in the updated list of tags are removed from the stack set, and therefore from the stacks and resources as well. </p> </li> <li> <p>If you specify an empty value, CloudFormation removes all currently associated tags.</p> </li> </ul> <p>If you specify new tags as part of an <code>UpdateStackSet</code> action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you omit tags that are currently associated with the stack set from the list of tags you specify, CloudFormation assumes that you want to remove those tags from the stack set, and checks to see if you have permission to untag resources. If you don't have the necessary permission(s), the entire <code>UpdateStackSet</code> action fails with an <code>access denied</code> error, and the stack set is not updated.</p>"
+          "documentation":"<p>The key-value pairs to associate with this stack set and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. You can specify a maximum number of 50 tags.</p> <p>If you specify tags for this parameter, those tags replace any list of tags that are currently associated with this stack set. This means:</p> <ul> <li> <p>If you don't specify this parameter, CloudFormation doesn't modify the stack's tags.</p> </li> <li> <p>If you specify <i>any</i> tags using this parameter, you must specify <i>all</i> the tags that you want associated with this stack set, even tags you've specified before (for example, when creating the stack set or during a previous update of the stack set.). Any tags that you don't include in the updated list of tags are removed from the stack set, and therefore from the stacks and resources as well.</p> </li> <li> <p>If you specify an empty value, CloudFormation removes all currently associated tags.</p> </li> </ul> <p>If you specify new tags as part of an <code>UpdateStackSet</code> action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you omit tags that are currently associated with the stack set from the list of tags you specify, CloudFormation assumes that you want to remove those tags from the stack set, and checks to see if you have permission to untag resources. If you don't have the necessary permission(s), the entire <code>UpdateStackSet</code> action fails with an <code>access denied</code> error, and the stack set is not updated.</p>"
         },
         "OperationPreferences":{
           "shape":"StackSetOperationPreferences",
@@ -6419,11 +6689,11 @@
         },
         "ExecutionRoleName":{
           "shape":"ExecutionRoleName",
-          "documentation":"<p>The name of the IAM execution role to use to update the stack set. If you do not specify an execution role, CloudFormation uses the <code>AWSCloudFormationStackSetExecutionRole</code> role for the stack set operation.</p> <p>Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets. </p> <p> If you specify a customized execution role, CloudFormation uses that role to update the stack. If you do not specify a customized execution role, CloudFormation performs the update using the role previously associated with the stack set, so long as you have permissions to perform operations on the stack set.</p>"
+          "documentation":"<p>The name of the IAM execution role to use to update the stack set. If you do not specify an execution role, CloudFormation uses the <code>AWSCloudFormationStackSetExecutionRole</code> role for the stack set operation.</p> <p>Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.</p> <p>If you specify a customized execution role, CloudFormation uses that role to update the stack. If you do not specify a customized execution role, CloudFormation performs the update using the role previously associated with the stack set, so long as you have permissions to perform operations on the stack set.</p>"
         },
         "DeploymentTargets":{
           "shape":"DeploymentTargets",
-          "documentation":"<p>[Service-managed permissions] The Organizations accounts in which to update associated stack instances.</p> <p>To update all the stack instances associated with this stack set, do not specify <code>DeploymentTargets</code> or <code>Regions</code>.</p> <p>If the stack set update includes changes to the template (that is, if <code>TemplateBody</code> or <code>TemplateURL</code> is specified), or the <code>Parameters</code>, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.</p>"
+          "documentation":"<p>[Service-managed permissions] The Organizations accounts in which to update associated stack instances.</p> <p>To update all the stack instances associated with this stack set, do not specify <code>DeploymentTargets</code> or <code>Regions</code>.</p> <p>If the stack set update includes changes to the template (that is, if <code>TemplateBody</code> or <code>TemplateURL</code> is specified), or the <code>Parameters</code>, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the stack set update doesn't include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.</p>"
         },
         "PermissionModel":{
           "shape":"PermissionModels",
@@ -6431,24 +6701,28 @@
         },
         "AutoDeployment":{
           "shape":"AutoDeployment",
-          "documentation":"<p>[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).</p> <p>If you specify <code>AutoDeployment</code>, do not specify <code>DeploymentTargets</code> or <code>Regions</code>.</p>"
+          "documentation":"<p>[Service-managed permissions] Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU).</p> <p>If you specify <code>AutoDeployment</code>, don't specify <code>DeploymentTargets</code> or <code>Regions</code>.</p>"
         },
         "OperationId":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>The unique ID for this stack set operation. </p> <p>The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.</p> <p>If you don't specify an operation ID, CloudFormation generates one automatically.</p> <p>Repeating this stack set operation with a new operation ID retries all stack instances whose status is <code>OUTDATED</code>. </p>",
+          "documentation":"<p>The unique ID for this stack set operation.</p> <p>The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.</p> <p>If you don't specify an operation ID, CloudFormation generates one automatically.</p> <p>Repeating this stack set operation with a new operation ID retries all stack instances whose status is <code>OUTDATED</code>.</p>",
           "idempotencyToken":true
         },
         "Accounts":{
           "shape":"AccountList",
-          "documentation":"<p>[Self-managed permissions] The accounts in which to update associated stack instances. If you specify accounts, you must also specify the Regions in which to update stack set instances.</p> <p>To update <i>all</i> the stack instances associated with this stack set, do not specify the <code>Accounts</code> or <code>Regions</code> properties.</p> <p>If the stack set update includes changes to the template (that is, if the <code>TemplateBody</code> or <code>TemplateURL</code> properties are specified), or the <code>Parameters</code> property, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status. </p>"
+          "documentation":"<p>[Self-managed permissions] The accounts in which to update associated stack instances. If you specify accounts, you must also specify the Amazon Web Services Regions in which to update stack set instances.</p> <p>To update <i>all</i> the stack instances associated with this stack set, don't specify the <code>Accounts</code> or <code>Regions</code> properties.</p> <p>If the stack set update includes changes to the template (that is, if the <code>TemplateBody</code> or <code>TemplateURL</code> properties are specified), or the <code>Parameters</code> property, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Amazon Web Services Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Amazon Web Services Regions, while leaving all other stack instances with their existing stack instance status.</p>"
         },
         "Regions":{
           "shape":"RegionList",
-          "documentation":"<p>The Regions in which to update associated stack instances. If you specify Regions, you must also specify accounts in which to update stack set instances.</p> <p>To update <i>all</i> the stack instances associated with this stack set, do not specify the <code>Accounts</code> or <code>Regions</code> properties.</p> <p>If the stack set update includes changes to the template (that is, if the <code>TemplateBody</code> or <code>TemplateURL</code> properties are specified), or the <code>Parameters</code> property, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status. </p>"
+          "documentation":"<p>The Amazon Web Services Regions in which to update associated stack instances. If you specify Regions, you must also specify accounts in which to update stack set instances.</p> <p>To update <i>all</i> the stack instances associated with this stack set, do not specify the <code>Accounts</code> or <code>Regions</code> properties.</p> <p>If the stack set update includes changes to the template (that is, if the <code>TemplateBody</code> or <code>TemplateURL</code> properties are specified), or the <code>Parameters</code> property, CloudFormation marks all stack instances with a status of <code>OUTDATED</code> prior to updating the stack instances in the specified accounts and Regions. If the stack set update does not include changes to the template or parameters, CloudFormation updates the stack instances in the specified accounts and Regions, while leaving all other stack instances with their existing stack instance status.</p>"
         },
         "CallAs":{
           "shape":"CallAs",
           "documentation":"<p>[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.</p> <p>By default, <code>SELF</code> is specified. Use <code>SELF</code> for stack sets with self-managed permissions.</p> <ul> <li> <p>If you are signed in to the management account, specify <code>SELF</code>.</p> </li> <li> <p>If you are signed in to a delegated administrator account, specify <code>DELEGATED_ADMIN</code>.</p> <p>Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-delegated-admin.html\">Register a delegated administrator</a> in the <i>CloudFormation User Guide</i>.</p> </li> </ul>"
+        },
+        "ManagedExecution":{
+          "shape":"ManagedExecution",
+          "documentation":"<p>Describes whether StackSets performs non-conflicting operations concurrently and queues conflicting operations.</p>"
         }
       }
     },
@@ -6547,5 +6821,5 @@
       ]
     }
   },
-  "documentation":"<fullname>AWS CloudFormation</fullname> <p>CloudFormation allows you to create and manage Amazon Web Services infrastructure deployments predictably and repeatedly. You can use CloudFormation to leverage Amazon Web Services products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing, and Auto Scaling to build highly-reliable, highly scalable, cost-effective applications without creating or configuring the underlying Amazon Web Services infrastructure.</p> <p>With CloudFormation, you declare all of your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.</p> <p>For more information about CloudFormation, see the <a href=\"http://aws.amazon.com/cloudformation/\">CloudFormation Product Page</a>.</p> <p>CloudFormation makes use of other Amazon Web Services products. If you need additional technical information about a specific Amazon Web Services product, you can find the product's technical documentation at <a href=\"https://docs.aws.amazon.com/\"> <code>docs.aws.amazon.com</code> </a>.</p>"
+  "documentation":"<fullname>CloudFormation</fullname> <p>CloudFormation allows you to create and manage Amazon Web Services infrastructure deployments predictably and repeatedly. You can use CloudFormation to leverage Amazon Web Services products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing, and Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying Amazon Web Services infrastructure.</p> <p>With CloudFormation, you declare all your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.</p> <p>For more information about CloudFormation, see the <a href=\"http://aws.amazon.com/cloudformation/\">CloudFormation product page</a>.</p> <p>CloudFormation makes use of other Amazon Web Services products. If you need additional technical information about a specific Amazon Web Services product, you can find the product's technical documentation at <a href=\"https://docs.aws.amazon.com/\"> <code>docs.aws.amazon.com</code> </a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/cloudtrail/2013-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/cloudtrail/2013-11-01/service-2.json
index 96bd038becc..a5182414144 100644
--- a/contrib/python/botocore/py3/botocore/data/cloudtrail/2013-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/cloudtrail/2013-11-01/service-2.json
@@ -28,13 +28,62 @@
         {"shape":"TagsLimitExceededException"},
         {"shape":"InvalidTrailNameException"},
         {"shape":"InvalidTagParameterException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"EventDataStoreNotFoundException"},
         {"shape":"UnsupportedOperationException"},
         {"shape":"OperationNotPermittedException"},
-        {"shape":"NotOrganizationMasterAccountException"}
+        {"shape":"NotOrganizationMasterAccountException"},
+        {"shape":"ConflictException"}
       ],
       "documentation":"<p>Adds one or more tags to a trail, up to a limit of 50. Overwrites an existing tag's value when a new value is specified for an existing tag key. Tag key names must be unique for a trail; you cannot have two keys with the same name but different values. If you specify a key without a value, the tag will be created with the specified key and a value of null. You can tag a trail that applies to all Amazon Web Services Regions only from the Region in which the trail was created (also known as its home region).</p>",
       "idempotent":true
     },
+    "CancelQuery":{
+      "name":"CancelQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CancelQueryRequest"},
+      "output":{"shape":"CancelQueryResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InactiveQueryException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"QueryIdNotFoundException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Cancels a query if the query is not in a terminated state, such as <code>CANCELLED</code>, <code>FAILED</code> or <code>FINISHED</code>. You must specify an ARN value for <code>EventDataStore</code>. The ID of the query that you want to cancel is also required. When you run <code>CancelQuery</code>, the query status might show as <code>CANCELLED</code> even if the operation is not yet finished.</p>",
+      "idempotent":true
+    },
+    "CreateEventDataStore":{
+      "name":"CreateEventDataStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateEventDataStoreRequest"},
+      "output":{"shape":"CreateEventDataStoreResponse"},
+      "errors":[
+        {"shape":"EventDataStoreAlreadyExistsException"},
+        {"shape":"EventDataStoreMaxLimitExceededException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"InvalidTagParameterException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"ConflictException"},
+        {"shape":"CloudTrailAccessNotEnabledException"},
+        {"shape":"InsufficientDependencyServiceAccessPermissionException"},
+        {"shape":"NotOrganizationMasterAccountException"},
+        {"shape":"OrganizationsNotInUseException"},
+        {"shape":"OrganizationNotInAllFeaturesModeException"}
+      ],
+      "documentation":"<p>Creates a new event data store.</p>"
+    },
     "CreateTrail":{
       "name":"CreateTrail",
       "http":{
@@ -71,11 +120,32 @@
         {"shape":"NotOrganizationMasterAccountException"},
         {"shape":"OrganizationsNotInUseException"},
         {"shape":"OrganizationNotInAllFeaturesModeException"},
-        {"shape":"CloudTrailInvalidClientTokenIdException"}
+        {"shape":"CloudTrailInvalidClientTokenIdException"},
+        {"shape":"ConflictException"}
       ],
       "documentation":"<p>Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. </p>",
       "idempotent":true
     },
+    "DeleteEventDataStore":{
+      "name":"DeleteEventDataStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteEventDataStoreRequest"},
+      "output":{"shape":"DeleteEventDataStoreResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"EventDataStoreTerminationProtectedException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"NotOrganizationMasterAccountException"},
+        {"shape":"InsufficientDependencyServiceAccessPermissionException"}
+      ],
+      "documentation":"<p>Disables the event data store specified by <code>EventDataStore</code>, which accepts an event data store ARN. After you run <code>DeleteEventDataStore</code>, the event data store enters a <code>PENDING_DELETION</code> state, and is automatically deleted after a wait period of seven days. <code>TerminationProtectionEnabled</code> must be set to <code>False</code> on the event data store; this operation cannot work if <code>TerminationProtectionEnabled</code> is <code>True</code>.</p> <p>After you run <code>DeleteEventDataStore</code> on an event data store, you cannot run <code>ListQueries</code>, <code>DescribeQuery</code>, or <code>GetQueryResults</code> on queries that are using an event data store in a <code>PENDING_DELETION</code> state. An event data store in the <code>PENDING_DELETION</code> state does not incur costs.</p>"
+    },
     "DeleteTrail":{
       "name":"DeleteTrail",
       "http":{
@@ -97,6 +167,26 @@
       "documentation":"<p>Deletes a trail. This operation must be called from the region in which the trail was created. <code>DeleteTrail</code> cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.</p>",
       "idempotent":true
     },
+    "DescribeQuery":{
+      "name":"DescribeQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeQueryRequest"},
+      "output":{"shape":"DescribeQueryResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"QueryIdNotFoundException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Returns metadata about a query, including query run time in milliseconds, number of events scanned and matched, and query status. You must specify an ARN for <code>EventDataStore</code>, and a value for <code>QueryID</code>.</p>",
+      "idempotent":true
+    },
     "DescribeTrails":{
       "name":"DescribeTrails",
       "http":{
@@ -113,6 +203,24 @@
       "documentation":"<p>Retrieves settings for one or more trails associated with the current region for your account.</p>",
       "idempotent":true
     },
+    "GetEventDataStore":{
+      "name":"GetEventDataStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetEventDataStoreRequest"},
+      "output":{"shape":"GetEventDataStoreResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Returns information about an event data store specified as either an ARN or the ID portion of the ARN.</p>",
+      "idempotent":true
+    },
     "GetEventSelectors":{
       "name":"GetEventSelectors",
       "http":{
@@ -148,6 +256,27 @@
       "documentation":"<p>Describes the settings for the Insights event selectors that you configured for your trail. <code>GetInsightSelectors</code> shows if CloudTrail Insights event logging is enabled on the trail, and if it is, which insight types are enabled. If you run <code>GetInsightSelectors</code> on a trail that does not have Insights events enabled, the operation throws the exception <code>InsightNotEnabledException</code> </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html\">Logging CloudTrail Insights Events for Trails </a> in the <i>CloudTrail User Guide</i>.</p>",
       "idempotent":true
     },
+    "GetQueryResults":{
+      "name":"GetQueryResults",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetQueryResultsRequest"},
+      "output":{"shape":"GetQueryResultsResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InvalidMaxResultsException"},
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"QueryIdNotFoundException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Gets event data results of a query. You must specify the <code>QueryID</code> value returned by the <code>StartQuery</code> operation, and an ARN for <code>EventDataStore</code>.</p>"
+    },
     "GetTrail":{
       "name":"GetTrail",
       "http":{
@@ -182,6 +311,23 @@
       "documentation":"<p>Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail. This operation returns trail status from a single region. To return trail status from all regions, you must call the operation on each region.</p>",
       "idempotent":true
     },
+    "ListEventDataStores":{
+      "name":"ListEventDataStores",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEventDataStoresRequest"},
+      "output":{"shape":"ListEventDataStoresResponse"},
+      "errors":[
+        {"shape":"InvalidMaxResultsException"},
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Returns information about all event data stores in the account, in the current region.</p>",
+      "idempotent":true
+    },
     "ListPublicKeys":{
       "name":"ListPublicKeys",
       "http":{
@@ -199,6 +345,29 @@
       "documentation":"<p>Returns all public keys whose private keys were used to sign the digest files within the specified time range. The public key is needed to validate digest files that were signed with its corresponding private key.</p> <note> <p>CloudTrail uses different private and public key pairs per region. Each digest file is signed with a private key unique to its region. When you validate a digest file from a specific region, you must look in the same region for its corresponding public key.</p> </note>",
       "idempotent":true
     },
+    "ListQueries":{
+      "name":"ListQueries",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListQueriesRequest"},
+      "output":{"shape":"ListQueriesResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InvalidDateRangeException"},
+        {"shape":"InvalidMaxResultsException"},
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"InvalidQueryStatusException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Returns a list of queries and query statuses for the past seven days. You must specify an ARN value for <code>EventDataStore</code>. Optionally, to shorten the list of results, you can specify a time range, formatted as timestamps, by adding <code>StartTime</code> and <code>EndTime</code> parameters, and a <code>QueryStatus</code> value. Valid values for <code>QueryStatus</code> include <code>QUEUED</code>, <code>RUNNING</code>, <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code>.</p>",
+      "idempotent":true
+    },
     "ListTags":{
       "name":"ListTags",
       "http":{
@@ -212,6 +381,8 @@
         {"shape":"CloudTrailARNInvalidException"},
         {"shape":"ResourceTypeNotSupportedException"},
         {"shape":"InvalidTrailNameException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"EventDataStoreNotFoundException"},
         {"shape":"UnsupportedOperationException"},
         {"shape":"OperationNotPermittedException"},
         {"shape":"InvalidTokenException"}
@@ -296,7 +467,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"NotOrganizationMasterAccountException"}
       ],
-      "documentation":"<p>Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. You also use <code>PutInsightSelectors</code> to turn off Insights event logging, by passing an empty list of insight types. The valid Insights event type in this release is <code>ApiCallRateInsight</code>.</p>",
+      "documentation":"<p>Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail. You also use <code>PutInsightSelectors</code> to turn off Insights event logging, by passing an empty list of insight types. The valid Insights event types in this release are <code>ApiErrorRateInsight</code> and <code>ApiCallRateInsight</code>.</p>",
       "idempotent":true
     },
     "RemoveTags":{
@@ -313,6 +484,8 @@
         {"shape":"ResourceTypeNotSupportedException"},
         {"shape":"InvalidTrailNameException"},
         {"shape":"InvalidTagParameterException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"EventDataStoreNotFoundException"},
         {"shape":"UnsupportedOperationException"},
         {"shape":"OperationNotPermittedException"},
         {"shape":"NotOrganizationMasterAccountException"}
@@ -320,6 +493,30 @@
       "documentation":"<p>Removes the specified tags from a trail.</p>",
       "idempotent":true
     },
+    "RestoreEventDataStore":{
+      "name":"RestoreEventDataStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RestoreEventDataStoreRequest"},
+      "output":{"shape":"RestoreEventDataStoreResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"EventDataStoreMaxLimitExceededException"},
+        {"shape":"InvalidEventDataStoreStatusException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"CloudTrailAccessNotEnabledException"},
+        {"shape":"InsufficientDependencyServiceAccessPermissionException"},
+        {"shape":"OrganizationsNotInUseException"},
+        {"shape":"NotOrganizationMasterAccountException"},
+        {"shape":"OrganizationNotInAllFeaturesModeException"}
+      ],
+      "documentation":"<p>Restores a deleted event data store specified by <code>EventDataStore</code>, which accepts an event data store ARN. You can only restore a deleted event data store within the seven-day wait period after deletion. Restoring an event data store can take several minutes, depending on the size of the event data store.</p>"
+    },
     "StartLogging":{
       "name":"StartLogging",
       "http":{
@@ -340,6 +537,27 @@
       "documentation":"<p>Starts the recording of Amazon Web Services API calls and log file delivery for a trail. For a trail that is enabled in all regions, this operation must be called from the region in which the trail was created. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.</p>",
       "idempotent":true
     },
+    "StartQuery":{
+      "name":"StartQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"StartQueryRequest"},
+      "output":{"shape":"StartQueryResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"InvalidQueryStatementException"},
+        {"shape":"MaxConcurrentQueriesException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"}
+      ],
+      "documentation":"<p>Starts a CloudTrail Lake query. The required <code>QueryStatement</code> parameter provides your SQL query, enclosed in single quotation marks.</p>",
+      "idempotent":true
+    },
     "StopLogging":{
       "name":"StopLogging",
       "http":{
@@ -360,6 +578,30 @@
       "documentation":"<p>Suspends the recording of Amazon Web Services API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording. For a trail enabled in all regions, this operation must be called from the region in which the trail was created, or an <code>InvalidHomeRegionException</code> will occur. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail enabled in all regions.</p>",
       "idempotent":true
     },
+    "UpdateEventDataStore":{
+      "name":"UpdateEventDataStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateEventDataStoreRequest"},
+      "output":{"shape":"UpdateEventDataStoreResponse"},
+      "errors":[
+        {"shape":"EventDataStoreARNInvalidException"},
+        {"shape":"EventDataStoreNotFoundException"},
+        {"shape":"InactiveEventDataStoreException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"UnsupportedOperationException"},
+        {"shape":"CloudTrailAccessNotEnabledException"},
+        {"shape":"InsufficientDependencyServiceAccessPermissionException"},
+        {"shape":"OrganizationsNotInUseException"},
+        {"shape":"NotOrganizationMasterAccountException"},
+        {"shape":"OrganizationNotInAllFeaturesModeException"}
+      ],
+      "documentation":"<p>Updates an event data store. The required <code>EventDataStore</code> value is an ARN or the ID portion of the ARN. Other parameters are optional, but at least one optional parameter must be specified, or CloudTrail throws an error. <code>RetentionPeriod</code> is in days, and valid values are integers between 90 and 2555. By default, <code>TerminationProtection</code> is enabled. <code>AdvancedEventSelectors</code> includes or excludes management and data events in your event data store; for more information about <code>AdvancedEventSelectors</code>, see <a>PutEventSelectorsRequest$AdvancedEventSelectors</a>.</p>",
+      "idempotent":true
+    },
     "UpdateTrail":{
       "name":"UpdateTrail",
       "http":{
@@ -405,7 +647,10 @@
   "shapes":{
     "AddTagsRequest":{
       "type":"structure",
-      "required":["ResourceId"],
+      "required":[
+        "ResourceId",
+        "TagsList"
+      ],
       "members":{
         "ResourceId":{
           "shape":"String",
@@ -449,7 +694,7 @@
       "members":{
         "Field":{
           "shape":"SelectorField",
-          "documentation":"<p> A field in an event record on which to filter events to be logged. Supported fields include <code>readOnly</code>, <code>eventCategory</code>, <code>eventSource</code> (for management events), <code>eventName</code>, <code>resources.type</code>, and <code>resources.ARN</code>. </p> <ul> <li> <p> <b> <code>readOnly</code> </b> - Optional. Can be set to <code>Equals</code> a value of <code>true</code> or <code>false</code>. A value of <code>false</code> logs both <code>read</code> and <code>write</code> events.</p> </li> <li> <p> <b> <code>eventSource</code> </b> - For filtering management events only. This can be set only to <code>NotEquals</code> <code>kms.amazonaws.com</code>.</p> </li> <li> <p> <b> <code>eventName</code> </b> - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as <code>PutBucket</code> or <code>GetSnapshotBlock</code>. You can have multiple values for this field, separated by commas.</p> </li> <li> <p> <b> <code>eventCategory</code> </b> - This is required. It must be set to <code>Equals</code>, and the value must be <code>Management</code> or <code>Data</code>.</p> </li> <li> <p> <b> <code>resources.type</code> </b> - This field is required. <code>resources.type</code> can only use the <code>Equals</code> operator, and the value can be one of the following: <code>AWS::S3::Object</code>, <code>AWS::S3::AccessPoint</code>, <code>AWS::Lambda::Function</code>, <code>AWS::DynamoDB::Table</code>, <code>AWS::S3Outposts::Object</code>, <code>AWS::ManagedBlockchain::Node</code>, <code>AWS::S3ObjectLambda::AccessPoint</code>, or <code>AWS::EC2::Snapshot</code>. You can have only one <code>resources.type</code> field per selector. To log data events on more than one resource type, add another selector.</p> </li> <li> <p> <b> <code>resources.ARN</code> </b> - You can use any operator with resources.ARN, but if you use <code>Equals</code> or <code>NotEquals</code>, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals <code>AWS::S3::Object</code>, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the <code>StartsWith</code> operator, and include only the bucket ARN as the matching value.</p> <p>The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (&lt;&gt;) with resource-specific information. </p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3:::&lt;bucket_name&gt;/</code> </p> </li> <li> <p> <code>arn:&lt;partition&gt;:s3:::&lt;bucket_name&gt;/&lt;object_path&gt;/</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3::AccessPoint</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the <code>StartsWith</code> or <code>NotStartsWith</code> operators.</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;</code> </p> </li> <li> <p> <code>arn:&lt;partition&gt;:s3:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;/object/&lt;object_path&gt;</code> </p> </li> </ul> <p>When resources.type equals <code>AWS::Lambda::Function</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:lambda:&lt;region&gt;:&lt;account_ID&gt;:function:&lt;function_name&gt;</code> </p> </li> </ul> <p>When resources.type equals <code>AWS::DynamoDB::Table</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:dynamodb:&lt;region&gt;:&lt;account_ID&gt;:table:&lt;table_name&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3Outposts::Object</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3-outposts:&lt;region&gt;:&lt;account_ID&gt;:&lt;object_path&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::ManagedBlockchain::Node</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:managedblockchain:&lt;region&gt;:&lt;account_ID&gt;:nodes/&lt;node_ID&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3ObjectLambda::AccessPoint</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3-object-lambda:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::EC2::Snapshot</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:ec2:&lt;region&gt;::snapshot/&lt;snapshot_ID&gt;</code> </p> </li> </ul> </li> </ul>"
+          "documentation":"<p> A field in an event record on which to filter events to be logged. Supported fields include <code>readOnly</code>, <code>eventCategory</code>, <code>eventSource</code> (for management events), <code>eventName</code>, <code>resources.type</code>, and <code>resources.ARN</code>. </p> <ul> <li> <p> <b> <code>readOnly</code> </b> - Optional. Can be set to <code>Equals</code> a value of <code>true</code> or <code>false</code>. If you do not add this field, CloudTrail logs both both <code>read</code> and <code>write</code> events. A value of <code>true</code> logs only <code>read</code> events. A value of <code>false</code> logs only <code>write</code> events.</p> </li> <li> <p> <b> <code>eventSource</code> </b> - For filtering management events only. This can be set only to <code>NotEquals</code> <code>kms.amazonaws.com</code>.</p> </li> <li> <p> <b> <code>eventName</code> </b> - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as <code>PutBucket</code> or <code>GetSnapshotBlock</code>. You can have multiple values for this field, separated by commas.</p> </li> <li> <p> <b> <code>eventCategory</code> </b> - This is required. It must be set to <code>Equals</code>, and the value must be <code>Management</code> or <code>Data</code>.</p> </li> <li> <p> <b> <code>resources.type</code> </b> - This field is required. <code>resources.type</code> can only use the <code>Equals</code> operator, and the value can be one of the following:</p> <ul> <li> <p> <code>AWS::S3::Object</code> </p> </li> <li> <p> <code>AWS::Lambda::Function</code> </p> </li> <li> <p> <code>AWS::DynamoDB::Table</code> </p> </li> <li> <p> <code>AWS::S3Outposts::Object</code> </p> </li> <li> <p> <code>AWS::ManagedBlockchain::Node</code> </p> </li> <li> <p> <code>AWS::S3ObjectLambda::AccessPoint</code> </p> </li> <li> <p> <code>AWS::EC2::Snapshot</code> </p> </li> <li> <p> <code>AWS::S3::AccessPoint</code> </p> </li> <li> <p> <code>AWS::DynamoDB::Stream</code> </p> </li> <li> <p> <code>AWS::Glue::Table</code> </p> </li> </ul> <p> You can have only one <code>resources.type</code> field per selector. To log data events on more than one resource type, add another selector.</p> </li> <li> <p> <b> <code>resources.ARN</code> </b> - You can use any operator with <code>resources.ARN</code>, but if you use <code>Equals</code> or <code>NotEquals</code>, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals <code>AWS::S3::Object</code>, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the <code>StartsWith</code> operator, and include only the bucket ARN as the matching value.</p> <p>The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (&lt;&gt;) with resource-specific information. </p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3:::&lt;bucket_name&gt;/</code> </p> </li> <li> <p> <code>arn:&lt;partition&gt;:s3:::&lt;bucket_name&gt;/&lt;object_path&gt;/</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3::AccessPoint</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the <code>StartsWith</code> or <code>NotStartsWith</code> operators.</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;</code> </p> </li> <li> <p> <code>arn:&lt;partition&gt;:s3:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;/object/&lt;object_path&gt;</code> </p> </li> </ul> <p>When resources.type equals <code>AWS::Lambda::Function</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:lambda:&lt;region&gt;:&lt;account_ID&gt;:function:&lt;function_name&gt;</code> </p> </li> </ul> <p>When resources.type equals <code>AWS::DynamoDB::Table</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:dynamodb:&lt;region&gt;:&lt;account_ID&gt;:table/&lt;table_name&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3Outposts::Object</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3-outposts:&lt;region&gt;:&lt;account_ID&gt;:&lt;object_path&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::ManagedBlockchain::Node</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:managedblockchain:&lt;region&gt;:&lt;account_ID&gt;:nodes/&lt;node_ID&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::S3ObjectLambda::AccessPoint</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:s3-object-lambda:&lt;region&gt;:&lt;account_ID&gt;:accesspoint/&lt;access_point_name&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::EC2::Snapshot</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:ec2:&lt;region&gt;::snapshot/&lt;snapshot_ID&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::DynamoDB::Stream</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:dynamodb:&lt;region&gt;:&lt;account_ID&gt;:table/&lt;table_name&gt;/stream/&lt;date_time&gt;</code> </p> </li> </ul> <p>When <code>resources.type</code> equals <code>AWS::Glue::Table</code>, and the operator is set to <code>Equals</code> or <code>NotEquals</code>, the ARN must be in the following format:</p> <ul> <li> <p> <code>arn:&lt;partition&gt;:glue:&lt;region&gt;:&lt;account_ID&gt;:table/&lt;database_name&gt;/&lt;table_name&gt;</code> </p> </li> </ul> </li> </ul>"
         },
         "Equals":{
           "shape":"Operator",
@@ -485,6 +730,40 @@
     },
     "Boolean":{"type":"boolean"},
     "ByteBuffer":{"type":"blob"},
+    "CancelQueryRequest":{
+      "type":"structure",
+      "required":[
+        "EventDataStore",
+        "QueryId"
+      ],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of an event data store on which the specified query is running.</p>"
+        },
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the query that you want to cancel. The <code>QueryId</code> comes from the response of a <code>StartQuery</code> operation.</p>"
+        }
+      }
+    },
+    "CancelQueryResponse":{
+      "type":"structure",
+      "required":[
+        "QueryId",
+        "QueryStatus"
+      ],
+      "members":{
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the canceled query.</p>"
+        },
+        "QueryStatus":{
+          "shape":"QueryStatus",
+          "documentation":"<p>Shows the status of a query after a <code>CancelQuery</code> request. Typically, the values shown are either <code>RUNNING</code> or <code>CANCELLED</code>.</p>"
+        }
+      }
+    },
     "CloudTrailARNInvalidException":{
       "type":"structure",
       "members":{
@@ -520,6 +799,83 @@
       "documentation":"<p>This exception is thrown when the specified resource is not ready for an operation. This can occur when you try to run an operation on a trail before CloudTrail has time to fully load the trail. If this exception occurs, wait a few minutes, and then try the operation again.</p>",
       "exception":true
     },
+    "CreateEventDataStoreRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors to use to select the events for the data store. For more information about how to use advanced event selectors, see <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced\">Log events by using advanced event selectors</a> in the CloudTrail User Guide.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether the event data store includes events from all regions, or only from the region in which the event data store is created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether an event data store collects events logged for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period of the event data store, in days. You can set a retention period of up to 2555 days, the equivalent of seven years.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Specifies whether termination protection is enabled for the event data store. If termination protection is enabled, you cannot delete the event data store until termination protection is disabled.</p>"
+        },
+        "TagsList":{"shape":"TagsList"}
+      }
+    },
+    "CreateEventDataStoreResponse":{
+      "type":"structure",
+      "members":{
+        "EventDataStoreArn":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN of the event data store.</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "Status":{
+          "shape":"EventDataStoreStatus",
+          "documentation":"<p>The status of event data store creation.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors that were used to select the events for the data store.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the event data store collects events from all regions, or only from the region in which it was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether an event data store is collecting logged events for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period of an event data store, in days.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates whether termination protection is enabled for the event data store.</p>"
+        },
+        "TagsList":{"shape":"TagsList"},
+        "CreatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp that shows when the event data store was created.</p>"
+        },
+        "UpdatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp that shows when an event data store was updated, if applicable. <code>UpdatedTimestamp</code> is always either the same or newer than the time shown in <code>CreatedTimestamp</code>.</p>"
+        }
+      }
+    },
     "CreateTrailRequest":{
       "type":"structure",
       "required":[
@@ -639,7 +995,7 @@
       "members":{
         "Type":{
           "shape":"String",
-          "documentation":"<p>The resource type in which you want to log data events. You can specify <code>AWS::S3::Object</code>, <code>AWS::Lambda::Function</code>, or <code>AWS::DynamoDB::Table</code> resources.</p> <p>The <code>AWS::S3Outposts::Object</code>, <code>AWS::ManagedBlockchain::Node</code>, <code>AWS::S3ObjectLambda::AccessPoint</code>, and <code>AWS::EC2::Snapshot</code> resource types are not valid in basic event selectors. To log data events on these resource types, use advanced event selectors.</p>"
+          "documentation":"<p>The resource type in which you want to log data events. You can specify the following <i>basic</i> event selector resource types:</p> <ul> <li> <p> <code>AWS::S3::Object</code> </p> </li> <li> <p> <code>AWS::Lambda::Function</code> </p> </li> <li> <p> <code>AWS::DynamoDB::Table</code> </p> </li> </ul> <p>The following resource types are also availble through <i>advanced</i> event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see <a>AdvancedFieldSelector$Field</a>.</p> <ul> <li> <p> <code>AWS::S3Outposts::Object</code> </p> </li> <li> <p> <code>AWS::ManagedBlockchain::Node</code> </p> </li> <li> <p> <code>AWS::S3ObjectLambda::AccessPoint</code> </p> </li> <li> <p> <code>AWS::EC2::Snapshot</code> </p> </li> <li> <p> <code>AWS::S3::AccessPoint</code> </p> </li> <li> <p> <code>AWS::DynamoDB::Stream</code> </p> </li> <li> <p> <code>AWS::Glue::Table</code> </p> </li> </ul>"
         },
         "Values":{
           "shape":"DataResourceValues",
@@ -657,6 +1013,21 @@
       "member":{"shape":"DataResource"}
     },
     "Date":{"type":"timestamp"},
+    "DeleteEventDataStoreRequest":{
+      "type":"structure",
+      "required":["EventDataStore"],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of the event data store to delete.</p>"
+        }
+      }
+    },
+    "DeleteEventDataStoreResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteTrailRequest":{
       "type":"structure",
       "required":["Name"],
@@ -674,6 +1045,48 @@
       },
       "documentation":"<p>Returns the objects or data listed below if successful. Otherwise, returns an error.</p>"
     },
+    "DescribeQueryRequest":{
+      "type":"structure",
+      "required":[
+        "EventDataStore",
+        "QueryId"
+      ],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of an event data store on which the specified query was run.</p>"
+        },
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The query ID.</p>"
+        }
+      }
+    },
+    "DescribeQueryResponse":{
+      "type":"structure",
+      "members":{
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the query.</p>"
+        },
+        "QueryString":{
+          "shape":"QueryStatement",
+          "documentation":"<p>The SQL code of a query.</p>"
+        },
+        "QueryStatus":{
+          "shape":"QueryStatus",
+          "documentation":"<p>The status of a query. Values for <code>QueryStatus</code> include <code>QUEUED</code>, <code>RUNNING</code>, <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code> </p>"
+        },
+        "QueryStatistics":{
+          "shape":"QueryStatisticsForDescribeQuery",
+          "documentation":"<p>Metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.</p>"
+        },
+        "ErrorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The error message returned if a query failed.</p>"
+        }
+      }
+    },
     "DescribeTrailsRequest":{
       "type":"structure",
       "members":{
@@ -698,6 +1111,12 @@
       },
       "documentation":"<p>Returns the objects or data listed below if successful. Otherwise, returns an error.</p>"
     },
+    "ErrorMessage":{
+      "type":"string",
+      "max":1000,
+      "min":4,
+      "pattern":".*"
+    },
     "Event":{
       "type":"structure",
       "members":{
@@ -744,6 +1163,111 @@
       "type":"string",
       "enum":["insight"]
     },
+    "EventDataStore":{
+      "type":"structure",
+      "members":{
+        "EventDataStoreArn":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN of the event data store.</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates whether the event data store is protected from termination.</p>"
+        },
+        "Status":{
+          "shape":"EventDataStoreStatus",
+          "documentation":"<p>The status of an event data store. Values are <code>ENABLED</code> and <code>PENDING_DELETION</code>.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors that were used to select events for the data store.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the event data store includes events from all regions, or only from the region in which it was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates that an event data store is collecting logged events for an organization.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period, in days.</p>"
+        },
+        "CreatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp of the event data store's creation.</p>"
+        },
+        "UpdatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp showing when an event data store was updated, if applicable. <code>UpdatedTimestamp</code> is always either the same or newer than the time shown in <code>CreatedTimestamp</code>.</p>"
+        }
+      },
+      "documentation":"<p>A storage lake of event data against which you can run complex SQL-based queries. An event data store can include events that you have logged on your account from the last 90 to 2555 days (about three months to up to seven years). To select events for an event data store, use <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-advanced\">advanced event selectors</a>.</p>"
+    },
+    "EventDataStoreARNInvalidException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The specified event data store ARN is not valid or does not map to an event data store in your account.</p>",
+      "exception":true
+    },
+    "EventDataStoreAlreadyExistsException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>An event data store with that name already exists.</p>",
+      "exception":true
+    },
+    "EventDataStoreArn":{
+      "type":"string",
+      "max":256,
+      "min":3,
+      "pattern":"^[a-zA-Z0-9._/\\-:]+$"
+    },
+    "EventDataStoreMaxLimitExceededException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>Your account has used the maximum number of event data stores.</p>",
+      "exception":true
+    },
+    "EventDataStoreName":{
+      "type":"string",
+      "max":128,
+      "min":3,
+      "pattern":"^[a-zA-Z0-9._\\-]+$"
+    },
+    "EventDataStoreNotFoundException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The specified event data store was not found.</p>",
+      "exception":true
+    },
+    "EventDataStoreStatus":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "ENABLED",
+        "PENDING_DELETION"
+      ]
+    },
+    "EventDataStoreTerminationProtectedException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The event data store cannot be deleted because termination protection is enabled for it.</p>",
+      "exception":true
+    },
+    "EventDataStores":{
+      "type":"list",
+      "member":{"shape":"EventDataStore"}
+    },
     "EventSelector":{
       "type":"structure",
       "members":{
@@ -761,7 +1285,7 @@
         },
         "ExcludeManagementEventSources":{
           "shape":"ExcludeManagementEventSources",
-          "documentation":"<p>An optional list of service event sources from which you do not want management events to be logged on your trail. In this release, the list can be empty (disables the filter), or it can filter out Key Management Service or Amazon RDS Data API events by containing <code>kms.amazonaws.com</code> or <code>rdsdata.amazonaws.com</code>. By default, <code>ExcludeManagementEventSources</code> is empty, and KMS and Amazon RDS Data API events are logged to your trail.</p>"
+          "documentation":"<p>An optional list of service event sources from which you do not want management events to be logged on your trail. In this release, the list can be empty (disables the filter), or it can filter out Key Management Service or Amazon RDS Data API events by containing <code>kms.amazonaws.com</code> or <code>rdsdata.amazonaws.com</code>. By default, <code>ExcludeManagementEventSources</code> is empty, and KMS and Amazon RDS Data API events are logged to your trail. You can exclude management event sources only in regions that support the event source.</p>"
         }
       },
       "documentation":"<p>Use event selectors to further specify the management and data event settings for your trail. By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.</p> <p>You can configure up to five event selectors for a trail.</p> <p>You cannot apply both event selectors and advanced event selectors to a trail.</p>"
@@ -778,6 +1302,61 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "GetEventDataStoreRequest":{
+      "type":"structure",
+      "required":["EventDataStore"],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or ID suffix of the ARN) of the event data store about which you want information.</p>"
+        }
+      }
+    },
+    "GetEventDataStoreResponse":{
+      "type":"structure",
+      "members":{
+        "EventDataStoreArn":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The event data store Amazon Resource Number (ARN).</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "Status":{
+          "shape":"EventDataStoreStatus",
+          "documentation":"<p>The status of an event data store. Values can be <code>ENABLED</code> and <code>PENDING_DELETION</code>.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors used to select events for the data store.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the event data store includes events from all regions, or only from the region in which it was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether an event data store is collecting logged events for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period of the event data store, in days.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates that termination protection is enabled.</p>"
+        },
+        "CreatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp of the event data store's creation.</p>"
+        },
+        "UpdatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>Shows the time that an event data store was updated, if applicable. <code>UpdatedTimestamp</code> is always either the same or newer than the time shown in <code>CreatedTimestamp</code>.</p>"
+        }
+      }
+    },
     "GetEventSelectorsRequest":{
       "type":"structure",
       "required":["TrailName"],
@@ -824,7 +1403,57 @@
         },
         "InsightSelectors":{
           "shape":"InsightSelectors",
-          "documentation":"<p>A JSON string that contains the insight types you want to log on a trail. In this release, only <code>ApiCallRateInsight</code> is supported as an insight type.</p>"
+          "documentation":"<p>A JSON string that contains the insight types you want to log on a trail. In this release, <code>ApiErrorRateInsight</code> and <code>ApiCallRateInsight</code> are supported as insight types.</p>"
+        }
+      }
+    },
+    "GetQueryResultsRequest":{
+      "type":"structure",
+      "required":[
+        "EventDataStore",
+        "QueryId"
+      ],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or ID suffix of the ARN) of the event data store against which the query was run.</p>"
+        },
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the query for which you want to get results.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of query results.</p>"
+        },
+        "MaxQueryResults":{
+          "shape":"MaxQueryResults",
+          "documentation":"<p>The maximum number of query results to display on a single page.</p>"
+        }
+      }
+    },
+    "GetQueryResultsResponse":{
+      "type":"structure",
+      "members":{
+        "QueryStatus":{
+          "shape":"QueryStatus",
+          "documentation":"<p>The status of the query. Values include <code>QUEUED</code>, <code>RUNNING</code>, <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code>.</p>"
+        },
+        "QueryStatistics":{
+          "shape":"QueryStatistics",
+          "documentation":"<p>Shows the count of query results.</p>"
+        },
+        "QueryResultRows":{
+          "shape":"QueryResultRows",
+          "documentation":"<p>Contains the individual event results of the query.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of query results.</p>"
+        },
+        "ErrorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The error message returned if a query failed.</p>"
         }
       }
     },
@@ -929,6 +1558,20 @@
       },
       "documentation":"<p>Returns the objects or data listed below if successful. Otherwise, returns an error.</p>"
     },
+    "InactiveEventDataStoreException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The event data store against which you ran your query is inactive.</p>",
+      "exception":true
+    },
+    "InactiveQueryException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The specified query cannot be canceled because it is in the <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code> state.</p>",
+      "exception":true
+    },
     "InsightNotEnabledException":{
       "type":"structure",
       "members":{
@@ -941,7 +1584,7 @@
       "members":{
         "InsightType":{
           "shape":"InsightType",
-          "documentation":"<p>The type of Insights events to log on a trail. The valid Insights type in this release is <code>ApiCallRateInsight</code>.</p>"
+          "documentation":"<p>The type of insights to log on a trail. <code>ApiCallRateInsight</code> and <code>ApiErrorRateInsight</code> are valid insight types.</p>"
         }
       },
       "documentation":"<p>A JSON string that contains a list of insight types that are logged on a trail.</p>"
@@ -952,7 +1595,10 @@
     },
     "InsightType":{
       "type":"string",
-      "enum":["ApiCallRateInsight"]
+      "enum":[
+        "ApiCallRateInsight",
+        "ApiErrorRateInsight"
+      ]
     },
     "InsufficientDependencyServiceAccessPermissionException":{
       "type":"structure",
@@ -982,6 +1628,7 @@
       "documentation":"<p>This exception is thrown when the policy on the Amazon SNS topic is not sufficient.</p>",
       "exception":true
     },
+    "Integer":{"type":"integer"},
     "InvalidCloudWatchLogsLogGroupArnException":{
       "type":"structure",
       "members":{
@@ -996,6 +1643,13 @@
       "documentation":"<p>This exception is thrown when the provided role is not valid.</p>",
       "exception":true
     },
+    "InvalidDateRangeException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>A date range for the query was specified that is not valid. For more information about writing a query, see <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-create-edit-query.html\">Create or edit a query</a> in the <i>CloudTrail User Guide</i>.</p>",
+      "exception":true
+    },
     "InvalidEventCategoryException":{
       "type":"structure",
       "members":{
@@ -1003,6 +1657,13 @@
       "documentation":"<p>Occurs if an event category that is not valid is specified as a value of <code>EventCategory</code>.</p>",
       "exception":true
     },
+    "InvalidEventDataStoreStatusException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The event data store is not in a status that supports the operation.</p>",
+      "exception":true
+    },
     "InvalidEventSelectorsException":{
       "type":"structure",
       "members":{
@@ -1059,6 +1720,27 @@
       "documentation":"<p>This exception is thrown when the combination of parameters provided is not valid.</p>",
       "exception":true
     },
+    "InvalidParameterException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The request includes a parameter that is not valid.</p>",
+      "exception":true
+    },
+    "InvalidQueryStatementException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The query that was submitted has validation errors, or uses incorrect syntax or unsupported keywords. For more information about writing a query, see <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-create-edit-query.html\">Create or edit a query</a> in the <i>CloudTrail User Guide</i>.</p>",
+      "exception":true
+    },
+    "InvalidQueryStatusException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The query status is not valid for the operation.</p>",
+      "exception":true
+    },
     "InvalidS3BucketNameException":{
       "type":"structure",
       "members":{
@@ -1130,6 +1812,37 @@
       "documentation":"<p>This exception is thrown when the KMS key does not exist, when the S3 bucket and the KMS key are not in the same region, or when the KMS key associated with the Amazon SNS topic either does not exist or is not in the same region.</p>",
       "exception":true
     },
+    "ListEventDataStoresMaxResultsCount":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
+    "ListEventDataStoresRequest":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of event data store results.</p>"
+        },
+        "MaxResults":{
+          "shape":"ListEventDataStoresMaxResultsCount",
+          "documentation":"<p>The maximum number of event data stores to display on a single page.</p>"
+        }
+      }
+    },
+    "ListEventDataStoresResponse":{
+      "type":"structure",
+      "members":{
+        "EventDataStores":{
+          "shape":"EventDataStores",
+          "documentation":"<p>Contains information about event data stores in the account, in the current region.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of results.</p>"
+        }
+      }
+    },
     "ListPublicKeysRequest":{
       "type":"structure",
       "members":{
@@ -1162,6 +1875,54 @@
       },
       "documentation":"<p>Returns the objects or data listed below if successful. Otherwise, returns an error.</p>"
     },
+    "ListQueriesMaxResultsCount":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
+    "ListQueriesRequest":{
+      "type":"structure",
+      "required":["EventDataStore"],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of an event data store on which queries were run.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of results.</p>"
+        },
+        "MaxResults":{
+          "shape":"ListQueriesMaxResultsCount",
+          "documentation":"<p>The maximum number of queries to show on a page.</p>"
+        },
+        "StartTime":{
+          "shape":"Date",
+          "documentation":"<p>Use with <code>EndTime</code> to bound a <code>ListQueries</code> request, and limit its results to only those queries run within a specified time period.</p>"
+        },
+        "EndTime":{
+          "shape":"Date",
+          "documentation":"<p>Use with <code>StartTime</code> to bound a <code>ListQueries</code> request, and limit its results to only those queries run within a specified time period.</p>"
+        },
+        "QueryStatus":{
+          "shape":"QueryStatus",
+          "documentation":"<p>The status of queries that you want to return in results. Valid values for <code>QueryStatus</code> include <code>QUEUED</code>, <code>RUNNING</code>, <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code>.</p>"
+        }
+      }
+    },
+    "ListQueriesResponse":{
+      "type":"structure",
+      "members":{
+        "Queries":{
+          "shape":"Queries",
+          "documentation":"<p>Lists matching query results, and shows query ID, status, and creation time of each query.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token you can use to get the next page of results.</p>"
+        }
+      }
+    },
     "ListTagsRequest":{
       "type":"structure",
       "required":["ResourceIdList"],
@@ -1213,6 +1974,7 @@
         }
       }
     },
+    "Long":{"type":"long"},
     "LookupAttribute":{
       "type":"structure",
       "required":[
@@ -1292,6 +2054,18 @@
       },
       "documentation":"<p>Contains a response to a LookupEvents action.</p>"
     },
+    "MaxConcurrentQueriesException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>You are already running the maximum number of concurrent queries. Wait a minute for some queries to finish, and then run the query again.</p>",
+      "exception":true
+    },
+    "MaxQueryResults":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
     "MaxResults":{
       "type":"integer",
       "max":50,
@@ -1344,6 +2118,12 @@
       "documentation":"<p>This exception is thrown when the request is made from an Amazon Web Services account that is not a member of an organization. To make this request, sign in using the credentials of an account that belongs to an organization.</p>",
       "exception":true
     },
+    "PaginationToken":{
+      "type":"string",
+      "max":1000,
+      "min":4,
+      "pattern":".*"
+    },
     "PublicKey":{
       "type":"structure",
       "members":{
@@ -1418,7 +2198,7 @@
         },
         "InsightSelectors":{
           "shape":"InsightSelectors",
-          "documentation":"<p>A JSON string that contains the Insights types that you want to log on a trail. The valid Insights type in this release is <code>ApiCallRateInsight</code>.</p>"
+          "documentation":"<p>A JSON string that contains the insight types you want to log on a trail. <code>ApiCallRateInsight</code> and <code>ApiErrorRateInsight</code> are valid insight types.</p>"
         }
       }
     },
@@ -1431,10 +2211,106 @@
         },
         "InsightSelectors":{
           "shape":"InsightSelectors",
-          "documentation":"<p>A JSON string that contains the Insights event types that you want to log on a trail. The valid Insights type in this release is <code>ApiCallRateInsight</code>.</p>"
+          "documentation":"<p>A JSON string that contains the Insights event types that you want to log on a trail. The valid Insights types in this release are <code>ApiErrorRateInsight</code> and <code>ApiCallRateInsight</code>.</p>"
         }
       }
     },
+    "Queries":{
+      "type":"list",
+      "member":{"shape":"Query"}
+    },
+    "Query":{
+      "type":"structure",
+      "members":{
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of a query.</p>"
+        },
+        "QueryStatus":{
+          "shape":"QueryStatus",
+          "documentation":"<p>The status of the query. This can be <code>QUEUED</code>, <code>RUNNING</code>, <code>FINISHED</code>, <code>FAILED</code>, or <code>CANCELLED</code>.</p>"
+        },
+        "CreationTime":{
+          "shape":"Date",
+          "documentation":"<p>The creation time of a query.</p>"
+        }
+      },
+      "documentation":"<p>A SQL string of criteria about events that you want to collect in an event data store.</p>"
+    },
+    "QueryIdNotFoundException":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The query ID does not exist or does not map to a query.</p>",
+      "exception":true
+    },
+    "QueryResultColumn":{
+      "type":"map",
+      "key":{"shape":"QueryResultKey"},
+      "value":{"shape":"QueryResultValue"}
+    },
+    "QueryResultKey":{"type":"string"},
+    "QueryResultRow":{
+      "type":"list",
+      "member":{"shape":"QueryResultColumn"}
+    },
+    "QueryResultRows":{
+      "type":"list",
+      "member":{"shape":"QueryResultRow"}
+    },
+    "QueryResultValue":{"type":"string"},
+    "QueryStatement":{
+      "type":"string",
+      "max":10000,
+      "min":1,
+      "pattern":"(?s).*"
+    },
+    "QueryStatistics":{
+      "type":"structure",
+      "members":{
+        "ResultsCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of results returned.</p>"
+        },
+        "TotalResultsCount":{
+          "shape":"Integer",
+          "documentation":"<p>The total number of results returned by a query.</p>"
+        }
+      },
+      "documentation":"<p>Metadata about a query, such as the number of results.</p>"
+    },
+    "QueryStatisticsForDescribeQuery":{
+      "type":"structure",
+      "members":{
+        "EventsMatched":{
+          "shape":"Long",
+          "documentation":"<p>The number of events that matched a query.</p>"
+        },
+        "EventsScanned":{
+          "shape":"Long",
+          "documentation":"<p>The number of events that the query scanned in the event data store.</p>"
+        },
+        "ExecutionTimeInMillis":{
+          "shape":"Integer",
+          "documentation":"<p>The query's run time, in milliseconds.</p>"
+        },
+        "CreationTime":{
+          "shape":"Date",
+          "documentation":"<p>The creation time of the query.</p>"
+        }
+      },
+      "documentation":"<p>Gets metadata about a query, including the number of events that were matched, the total number of events scanned, the query run time in milliseconds, and the query's creation time.</p>"
+    },
+    "QueryStatus":{
+      "type":"string",
+      "enum":[
+        "QUEUED",
+        "RUNNING",
+        "FINISHED",
+        "FAILED",
+        "CANCELLED"
+      ]
+    },
     "ReadWriteType":{
       "type":"string",
       "enum":[
@@ -1445,7 +2321,10 @@
     },
     "RemoveTagsRequest":{
       "type":"structure",
-      "required":["ResourceId"],
+      "required":[
+        "ResourceId",
+        "TagsList"
+      ],
       "members":{
         "ResourceId":{
           "shape":"String",
@@ -1519,6 +2398,66 @@
       "documentation":"<p>This exception is thrown when the specified resource type is not supported by CloudTrail.</p>",
       "exception":true
     },
+    "RestoreEventDataStoreRequest":{
+      "type":"structure",
+      "required":["EventDataStore"],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of the event data store that you want to restore.</p>"
+        }
+      }
+    },
+    "RestoreEventDataStoreResponse":{
+      "type":"structure",
+      "members":{
+        "EventDataStoreArn":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The event data store ARN.</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "Status":{
+          "shape":"EventDataStoreStatus",
+          "documentation":"<p>The status of the event data store.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors that were used to select events.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the event data store is collecting events from all regions, or only from the region in which the event data store was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether an event data store is collecting logged events for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period, in days.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates that termination protection is enabled and the event data store cannot be automatically deleted.</p>"
+        },
+        "CreatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp of an event data store's creation.</p>"
+        },
+        "UpdatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp that shows when an event data store was updated, if applicable. <code>UpdatedTimestamp</code> is always either the same or newer than the time shown in <code>CreatedTimestamp</code>.</p>"
+        }
+      }
+    },
+    "RetentionPeriod":{
+      "type":"integer",
+      "max":2555,
+      "min":7
+    },
     "S3BucketDoesNotExistException":{
       "type":"structure",
       "members":{
@@ -1555,6 +2494,25 @@
       },
       "documentation":"<p>Returns the objects or data listed below if successful. Otherwise, returns an error.</p>"
     },
+    "StartQueryRequest":{
+      "type":"structure",
+      "required":["QueryStatement"],
+      "members":{
+        "QueryStatement":{
+          "shape":"QueryStatement",
+          "documentation":"<p>The SQL code of your query.</p>"
+        }
+      }
+    },
+    "StartQueryResponse":{
+      "type":"structure",
+      "members":{
+        "QueryId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the started query.</p>"
+        }
+      }
+    },
     "StopLoggingRequest":{
       "type":"structure",
       "required":["Name"],
@@ -1578,16 +2536,26 @@
       "required":["Key"],
       "members":{
         "Key":{
-          "shape":"String",
+          "shape":"TagKey",
           "documentation":"<p>The key in a key-value pair. The key must be must be no longer than 128 Unicode characters. The key must be unique for the resource to which it applies.</p>"
         },
         "Value":{
-          "shape":"String",
+          "shape":"TagValue",
           "documentation":"<p>The value in a key-value pair of a tag. The value must be no longer than 256 Unicode characters.</p>"
         }
       },
       "documentation":"<p>A custom key-value pair associated with a resource such as a CloudTrail trail.</p>"
     },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
     "TagsLimitExceededException":{
       "type":"structure",
       "members":{
@@ -1598,8 +2566,10 @@
     "TagsList":{
       "type":"list",
       "member":{"shape":"Tag"},
-      "documentation":"<p>A list of tags.</p>"
+      "documentation":"<p>A list of tags.</p>",
+      "max":200
     },
+    "TerminationProtectionEnabled":{"type":"boolean"},
     "Trail":{
       "type":"structure",
       "members":{
@@ -1722,6 +2692,12 @@
       "type":"list",
       "member":{"shape":"TrailInfo"}
     },
+    "UUID":{
+      "type":"string",
+      "max":36,
+      "min":36,
+      "pattern":"^[a-f0-9\\-]+$"
+    },
     "UnsupportedOperationException":{
       "type":"structure",
       "members":{
@@ -1729,6 +2705,85 @@
       "documentation":"<p>This exception is thrown when the requested operation is not supported.</p>",
       "exception":true
     },
+    "UpdateEventDataStoreRequest":{
+      "type":"structure",
+      "required":["EventDataStore"],
+      "members":{
+        "EventDataStore":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN (or the ID suffix of the ARN) of the event data store that you want to update.</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The event data store name.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors used to select events for the event data store.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether an event data store collects events from all regions, or only from the region in which it was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether an event data store collects events logged for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period, in days.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates that termination protection is enabled and the event data store cannot be automatically deleted.</p>"
+        }
+      }
+    },
+    "UpdateEventDataStoreResponse":{
+      "type":"structure",
+      "members":{
+        "EventDataStoreArn":{
+          "shape":"EventDataStoreArn",
+          "documentation":"<p>The ARN of the event data store.</p>"
+        },
+        "Name":{
+          "shape":"EventDataStoreName",
+          "documentation":"<p>The name of the event data store.</p>"
+        },
+        "Status":{
+          "shape":"EventDataStoreStatus",
+          "documentation":"<p>The status of an event data store. Values can be <code>ENABLED</code> and <code>PENDING_DELETION</code>.</p>"
+        },
+        "AdvancedEventSelectors":{
+          "shape":"AdvancedEventSelectors",
+          "documentation":"<p>The advanced event selectors that are applied to the event data store.</p>"
+        },
+        "MultiRegionEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the event data store includes events from all regions, or only from the region in which it was created.</p>"
+        },
+        "OrganizationEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether an event data store is collecting logged events for an organization in Organizations.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>The retention period, in days.</p>"
+        },
+        "TerminationProtectionEnabled":{
+          "shape":"TerminationProtectionEnabled",
+          "documentation":"<p>Indicates whether termination protection is enabled for the event data store.</p>"
+        },
+        "CreatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp that shows when an event data store was first created.</p>"
+        },
+        "UpdatedTimestamp":{
+          "shape":"Date",
+          "documentation":"<p>The timestamp that shows when the event data store was last updated. <code>UpdatedTimestamp</code> is always either the same or newer than the time shown in <code>CreatedTimestamp</code>.</p>"
+        }
+      }
+    },
     "UpdateTrailRequest":{
       "type":"structure",
       "required":["Name"],
diff --git a/contrib/python/botocore/py3/botocore/data/cloudwatch/2010-08-01/service-2.json b/contrib/python/botocore/py3/botocore/data/cloudwatch/2010-08-01/service-2.json
index 5fa8a4f5988..72313b8c142 100644
--- a/contrib/python/botocore/py3/botocore/data/cloudwatch/2010-08-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/cloudwatch/2010-08-01/service-2.json
@@ -39,7 +39,8 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServiceFault"},
         {"shape":"InvalidParameterValueException"},
-        {"shape":"MissingRequiredParameterException"}
+        {"shape":"MissingRequiredParameterException"},
+        {"shape":"InvalidParameterCombinationException"}
       ],
       "documentation":"<p>Deletes the specified anomaly detection model from your account.</p>"
     },
@@ -110,7 +111,7 @@
       "errors":[
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Retrieves the history for the specified alarm. You can filter the results by date range or item type. If an alarm name is not specified, the histories for either all metric alarms or all composite alarms are returned.</p> <p>CloudWatch retains the history of an alarm even if you delete the alarm.</p>"
+      "documentation":"<p>Retrieves the history for the specified alarm. You can filter the results by date range or item type. If an alarm name is not specified, the histories for either all metric alarms or all composite alarms are returned.</p> <p>CloudWatch retains the history of an alarm even if you delete the alarm.</p> <p>To use this operation and return information about a composite alarm, you must be signed on with the <code>cloudwatch:DescribeAlarmHistory</code> permission that is scoped to <code>*</code>. You can't return information about composite alarms if your <code>cloudwatch:DescribeAlarmHistory</code> permission has a narrower scope.</p>"
     },
     "DescribeAlarms":{
       "name":"DescribeAlarms",
@@ -126,7 +127,7 @@
       "errors":[
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Retrieves the specified alarms. You can filter the results by specifying a prefix for the alarm name, the alarm state, or a prefix for any action.</p>"
+      "documentation":"<p>Retrieves the specified alarms. You can filter the results by specifying a prefix for the alarm name, the alarm state, or a prefix for any action.</p> <p>To use this operation and return information about composite alarms, you must be signed on with the <code>cloudwatch:DescribeAlarms</code> permission that is scoped to <code>*</code>. You can't return information about composite alarms if your <code>cloudwatch:DescribeAlarms</code> permission has a narrower scope.</p>"
     },
     "DescribeAlarmsForMetric":{
       "name":"DescribeAlarmsForMetric",
@@ -155,9 +156,10 @@
       "errors":[
         {"shape":"InvalidNextToken"},
         {"shape":"InternalServiceFault"},
-        {"shape":"InvalidParameterValueException"}
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"InvalidParameterCombinationException"}
       ],
-      "documentation":"<p>Lists the anomaly detection models that you have created in your account. You can list all models in your account or filter the results to only the models that are related to a certain namespace, metric name, or metric dimension.</p>"
+      "documentation":"<p>Lists the anomaly detection models that you have created in your account. For single metric anomaly detectors, you can list all of the models in your account or filter the results to only the models that are related to a certain namespace, metric name, or metric dimension. For metric math anomaly detectors, you can list them by adding <code>METRIC_MATH</code> to the <code>AnomalyDetectorTypes</code> array. This will return all metric math anomaly detectors in your account.</p>"
     },
     "DescribeInsightRules":{
       "name":"DescribeInsightRules",
@@ -418,7 +420,8 @@
         {"shape":"LimitExceededException"},
         {"shape":"InternalServiceFault"},
         {"shape":"InvalidParameterValueException"},
-        {"shape":"MissingRequiredParameterException"}
+        {"shape":"MissingRequiredParameterException"},
+        {"shape":"InvalidParameterCombinationException"}
       ],
       "documentation":"<p>Creates an anomaly detection model for a CloudWatch metric. You can use the model to display a band of expected normal values when the metric is graphed.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Anomaly_Detection.html\">CloudWatch Anomaly Detection</a>.</p>"
     },
@@ -432,7 +435,7 @@
       "errors":[
         {"shape":"LimitExceededFault"}
       ],
-      "documentation":"<p>Creates or updates a <i>composite alarm</i>. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.</p> <p>The alarms specified in a composite alarm's rule expression can include metric alarms and other composite alarms.</p> <p>Using composite alarms can reduce alarm noise. You can create multiple metric alarms, and also create a composite alarm and set up alerts only for the composite alarm. For example, you could create a composite alarm that goes into ALARM state only when more than one of the underlying metric alarms are in ALARM state.</p> <p>Currently, the only alarm actions that can be taken by composite alarms are notifying SNS topics.</p> <note> <p>It is possible to create a loop or cycle of composite alarms, where composite alarm A depends on composite alarm B, and composite alarm B also depends on composite alarm A. In this scenario, you can't delete any composite alarm that is part of the cycle because there is always still a composite alarm that depends on that alarm that you want to delete.</p> <p>To get out of such a situation, you must break the cycle by changing the rule of one of the composite alarms in the cycle to remove a dependency that creates the cycle. The simplest change to make to break a cycle is to change the <code>AlarmRule</code> of one of the alarms to <code>False</code>. </p> <p>Additionally, the evaluation of composite alarms stops if CloudWatch detects a cycle in the evaluation path. </p> </note> <p>When this operation creates an alarm, the alarm state is immediately set to <code>INSUFFICIENT_DATA</code>. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. For a composite alarm, this initial time after creation is the only time that the alarm can be in <code>INSUFFICIENT_DATA</code> state.</p> <p>When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.</p> <p>If you are an IAM user, you must have <code>iam:CreateServiceLinkedRole</code> to create a composite alarm that has Systems Manager OpsItem actions.</p>"
+      "documentation":"<p>Creates or updates a <i>composite alarm</i>. When you create a composite alarm, you specify a rule expression for the alarm that takes into account the alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.</p> <p>The alarms specified in a composite alarm's rule expression can include metric alarms and other composite alarms.</p> <p>Using composite alarms can reduce alarm noise. You can create multiple metric alarms, and also create a composite alarm and set up alerts only for the composite alarm. For example, you could create a composite alarm that goes into ALARM state only when more than one of the underlying metric alarms are in ALARM state.</p> <p>Currently, the only alarm actions that can be taken by composite alarms are notifying SNS topics.</p> <note> <p>It is possible to create a loop or cycle of composite alarms, where composite alarm A depends on composite alarm B, and composite alarm B also depends on composite alarm A. In this scenario, you can't delete any composite alarm that is part of the cycle because there is always still a composite alarm that depends on that alarm that you want to delete.</p> <p>To get out of such a situation, you must break the cycle by changing the rule of one of the composite alarms in the cycle to remove a dependency that creates the cycle. The simplest change to make to break a cycle is to change the <code>AlarmRule</code> of one of the alarms to <code>False</code>. </p> <p>Additionally, the evaluation of composite alarms stops if CloudWatch detects a cycle in the evaluation path. </p> </note> <p>When this operation creates an alarm, the alarm state is immediately set to <code>INSUFFICIENT_DATA</code>. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed. For a composite alarm, this initial time after creation is the only time that the alarm can be in <code>INSUFFICIENT_DATA</code> state.</p> <p>When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.</p> <p>To use this operation, you must be signed on with the <code>cloudwatch:PutCompositeAlarm</code> permission that is scoped to <code>*</code>. You can't create a composite alarms if your <code>cloudwatch:PutCompositeAlarm</code> permission has a narrower scope.</p> <p>If you are an IAM user, you must have <code>iam:CreateServiceLinkedRole</code> to create a composite alarm that has Systems Manager OpsItem actions.</p>"
     },
     "PutDashboard":{
       "name":"PutDashboard",
@@ -479,7 +482,7 @@
       "errors":[
         {"shape":"LimitExceededFault"}
       ],
-      "documentation":"<p>Creates or updates an alarm and associates it with the specified metric, metric math expression, or anomaly detection model.</p> <p>Alarms based on anomaly detection models cannot have Auto Scaling actions.</p> <p>When this operation creates an alarm, the alarm state is immediately set to <code>INSUFFICIENT_DATA</code>. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed.</p> <p>When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.</p> <p>If you are an IAM user, you must have Amazon EC2 permissions for some alarm operations:</p> <ul> <li> <p>The <code>iam:CreateServiceLinkedRole</code> for all alarms with EC2 actions</p> </li> <li> <p>The <code>iam:CreateServiceLinkedRole</code> to create an alarm with Systems Manager OpsItem actions.</p> </li> </ul> <p>The first time you create an alarm in the Management Console, the CLI, or by using the PutMetricAlarm API, CloudWatch creates the necessary service-linked role for you. The service-linked roles are called <code>AWSServiceRoleForCloudWatchEvents</code> and <code>AWSServiceRoleForCloudWatchAlarms_ActionSSM</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role\">Amazon Web Services service-linked role</a>.</p> <p> <b>Cross-account alarms</b> </p> <p>You can set an alarm on metrics in the current account, or in another account. To create a cross-account alarm that watches a metric in a different account, you must have completed the following pre-requisites:</p> <ul> <li> <p>The account where the metrics are located (the <i>sharing account</i>) must already have a sharing role named <b>CloudWatch-CrossAccountSharingRole</b>. If it does not already have this role, you must create it using the instructions in <b>Set up a sharing account</b> in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region\"> Cross-account cross-Region CloudWatch console</a>. The policy for that role must grant access to the ID of the account where you are creating the alarm. </p> </li> <li> <p>The account where you are creating the alarm (the <i>monitoring account</i>) must already have a service-linked role named <b>AWSServiceRoleForCloudWatchCrossAccount</b> to allow CloudWatch to assume the sharing role in the sharing account. If it does not, you must create it following the directions in <b>Set up a monitoring account</b> in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region\"> Cross-account cross-Region CloudWatch console</a>.</p> </li> </ul>"
+      "documentation":"<p>Creates or updates an alarm and associates it with the specified metric, metric math expression, or anomaly detection model.</p> <p>Alarms based on anomaly detection models cannot have Auto Scaling actions.</p> <p>When this operation creates an alarm, the alarm state is immediately set to <code>INSUFFICIENT_DATA</code>. The alarm is then evaluated and its state is set appropriately. Any actions associated with the new state are then executed.</p> <p>When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.</p> <p>If you are an IAM user, you must have Amazon EC2 permissions for some alarm operations:</p> <ul> <li> <p>The <code>iam:CreateServiceLinkedRole</code> for all alarms with EC2 actions</p> </li> <li> <p>The <code>iam:CreateServiceLinkedRole</code> to create an alarm with Systems Manager OpsItem actions.</p> </li> </ul> <p>The first time you create an alarm in the Amazon Web Services Management Console, the CLI, or by using the PutMetricAlarm API, CloudWatch creates the necessary service-linked role for you. The service-linked roles are called <code>AWSServiceRoleForCloudWatchEvents</code> and <code>AWSServiceRoleForCloudWatchAlarms_ActionSSM</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role\">Amazon Web Services service-linked role</a>.</p> <p> <b>Cross-account alarms</b> </p> <p>You can set an alarm on metrics in the current account, or in another account. To create a cross-account alarm that watches a metric in a different account, you must have completed the following pre-requisites:</p> <ul> <li> <p>The account where the metrics are located (the <i>sharing account</i>) must already have a sharing role named <b>CloudWatch-CrossAccountSharingRole</b>. If it does not already have this role, you must create it using the instructions in <b>Set up a sharing account</b> in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region\"> Cross-account cross-Region CloudWatch console</a>. The policy for that role must grant access to the ID of the account where you are creating the alarm. </p> </li> <li> <p>The account where you are creating the alarm (the <i>monitoring account</i>) must already have a service-linked role named <b>AWSServiceRoleForCloudWatchCrossAccount</b> to allow CloudWatch to assume the sharing role in the sharing account. If it does not, you must create it following the directions in <b>Set up a monitoring account</b> in <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html#enable-cross-account-cross-Region\"> Cross-account cross-Region CloudWatch console</a>.</p> </li> </ul>"
     },
     "PutMetricData":{
       "name":"PutMetricData",
@@ -514,7 +517,7 @@
         {"shape":"MissingRequiredParameterException"},
         {"shape":"InvalidParameterCombinationException"}
       ],
-      "documentation":"<p>Creates or updates a metric stream. Metric streams can automatically stream CloudWatch metrics to Amazon Web Services destinations including Amazon S3 and to many third-party solutions.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Metric-Streams.html\"> Using Metric Streams</a>.</p> <p>To create a metric stream, you must be logged on to an account that has the <code>iam:PassRole</code> permission and either the <code>CloudWatchFullAccess</code> policy or the <code>cloudwatch:PutMetricStream</code> permission.</p> <p>When you create or update a metric stream, you choose one of the following:</p> <ul> <li> <p>Stream metrics from all metric namespaces in the account.</p> </li> <li> <p>Stream metrics from all metric namespaces in the account, except for the namespaces that you list in <code>ExcludeFilters</code>.</p> </li> <li> <p>Stream metrics from only the metric namespaces that you list in <code>IncludeFilters</code>.</p> </li> </ul> <p>When you use <code>PutMetricStream</code> to create a new metric stream, the stream is created in the <code>running</code> state. If you use it to update an existing stream, the state of the stream is not changed.</p>"
+      "documentation":"<p>Creates or updates a metric stream. Metric streams can automatically stream CloudWatch metrics to Amazon Web Services destinations including Amazon S3 and to many third-party solutions.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Metric-Streams.html\"> Using Metric Streams</a>.</p> <p>To create a metric stream, you must be logged on to an account that has the <code>iam:PassRole</code> permission and either the <code>CloudWatchFullAccess</code> policy or the <code>cloudwatch:PutMetricStream</code> permission.</p> <p>When you create or update a metric stream, you choose one of the following:</p> <ul> <li> <p>Stream metrics from all metric namespaces in the account.</p> </li> <li> <p>Stream metrics from all metric namespaces in the account, except for the namespaces that you list in <code>ExcludeFilters</code>.</p> </li> <li> <p>Stream metrics from only the metric namespaces that you list in <code>IncludeFilters</code>.</p> </li> </ul> <p>When you use <code>PutMetricStream</code> to create a new metric stream, the stream is created in the <code>running</code> state. If you use it to update an existing stream, the state of the stream is not changed.</p>"
     },
     "SetAlarmState":{
       "name":"SetAlarmState",
@@ -701,19 +704,27 @@
       "members":{
         "Namespace":{
           "shape":"Namespace",
-          "documentation":"<p>The namespace of the metric associated with the anomaly detection model.</p>"
+          "documentation":"<p>The namespace of the metric associated with the anomaly detection model.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector.Namespace property."
         },
         "MetricName":{
           "shape":"MetricName",
-          "documentation":"<p>The name of the metric associated with the anomaly detection model.</p>"
+          "documentation":"<p>The name of the metric associated with the anomaly detection model.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector.MetricName property."
         },
         "Dimensions":{
           "shape":"Dimensions",
-          "documentation":"<p>The metric dimensions associated with the anomaly detection model.</p>"
+          "documentation":"<p>The metric dimensions associated with the anomaly detection model.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector.Dimensions property."
         },
         "Stat":{
           "shape":"AnomalyDetectorMetricStat",
-          "documentation":"<p>The statistic associated with the anomaly detection model.</p>"
+          "documentation":"<p>The statistic associated with the anomaly detection model.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector.Stat property."
         },
         "Configuration":{
           "shape":"AnomalyDetectorConfiguration",
@@ -722,9 +733,17 @@
         "StateValue":{
           "shape":"AnomalyDetectorStateValue",
           "documentation":"<p>The current status of the anomaly detector's training. The possible values are <code>TRAINED | PENDING_TRAINING | TRAINED_INSUFFICIENT_DATA</code> </p>"
+        },
+        "SingleMetricAnomalyDetector":{
+          "shape":"SingleMetricAnomalyDetector",
+          "documentation":"<p>The CloudWatch metric and statistic for this anomaly detector.</p>"
+        },
+        "MetricMathAnomalyDetector":{
+          "shape":"MetricMathAnomalyDetector",
+          "documentation":"<p>The CloudWatch metric math expression for this anomaly detector.</p>"
         }
       },
-      "documentation":"<p>An anomaly detection model associated with a particular CloudWatch metric and statistic. You can use the model to display a band of expected normal values when the metric is graphed.</p>"
+      "documentation":"<p>An anomaly detection model associated with a particular CloudWatch metric, statistic, or metric math expression. You can use the model to display a band of expected, normal values when the metric is graphed.</p>"
     },
     "AnomalyDetectorConfiguration":{
       "type":"structure",
@@ -746,7 +765,8 @@
     },
     "AnomalyDetectorMetricStat":{
       "type":"string",
-      "pattern":"(SampleCount|Average|Sum|Minimum|Maximum|p(\\d{1,2}|100)(\\.\\d{0,2})?|[ou]\\d+(\\.\\d*)?)(_E|_L|_H)?"
+      "max":50,
+      "pattern":"(SampleCount|Average|Sum|Minimum|Maximum|IQM|(p|tc|tm|ts|wm)(\\d{1,2}(\\.\\d{0,10})?|100)|[ou]\\d+(\\.\\d*)?)(_E|_L|_H)?|(TM|TC|TS|WM)\\(((((\\d{1,2})(\\.\\d{0,10})?|100(\\.0{0,10})?)%)?:((\\d{1,2})(\\.\\d{0,10})?|100(\\.0{0,10})?)%|((\\d{1,2})(\\.\\d{0,10})?|100(\\.0{0,10})?)%:(((\\d{1,2})(\\.\\d{0,10})?|100(\\.0{0,10})?)%)?)\\)|(TM|TC|TS|WM|PR)\\(((\\d+(\\.\\d{0,10})?|(\\d+(\\.\\d{0,10})?[Ee][+-]?\\d+)):((\\d+(\\.\\d{0,10})?|(\\d+(\\.\\d{0,10})?[Ee][+-]?\\d+)))?|((\\d+(\\.\\d{0,10})?|(\\d+(\\.\\d{0,10})?[Ee][+-]?\\d+)))?:(\\d+(\\.\\d{0,10})?|(\\d+(\\.\\d{0,10})?[Ee][+-]?\\d+)))\\)"
     },
     "AnomalyDetectorMetricTimezone":{
       "type":"string",
@@ -761,6 +781,18 @@
         "TRAINED"
       ]
     },
+    "AnomalyDetectorType":{
+      "type":"string",
+      "enum":[
+        "SINGLE_METRIC",
+        "METRIC_MATH"
+      ]
+    },
+    "AnomalyDetectorTypes":{
+      "type":"list",
+      "member":{"shape":"AnomalyDetectorType"},
+      "max":2
+    },
     "AnomalyDetectors":{
       "type":"list",
       "member":{"shape":"AnomalyDetector"}
@@ -1034,27 +1066,38 @@
     },
     "DeleteAnomalyDetectorInput":{
       "type":"structure",
-      "required":[
-        "Namespace",
-        "MetricName",
-        "Stat"
-      ],
       "members":{
         "Namespace":{
           "shape":"Namespace",
-          "documentation":"<p>The namespace associated with the anomaly detection model to delete.</p>"
+          "documentation":"<p>The namespace associated with the anomaly detection model to delete.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "MetricName":{
           "shape":"MetricName",
-          "documentation":"<p>The metric name associated with the anomaly detection model to delete.</p>"
+          "documentation":"<p>The metric name associated with the anomaly detection model to delete.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "Dimensions":{
           "shape":"Dimensions",
-          "documentation":"<p>The metric dimensions associated with the anomaly detection model to delete.</p>"
+          "documentation":"<p>The metric dimensions associated with the anomaly detection model to delete.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "Stat":{
           "shape":"AnomalyDetectorMetricStat",
-          "documentation":"<p>The statistic associated with the anomaly detection model to delete.</p>"
+          "documentation":"<p>The statistic associated with the anomaly detection model to delete.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
+        },
+        "SingleMetricAnomalyDetector":{
+          "shape":"SingleMetricAnomalyDetector",
+          "documentation":"<p>A single metric anomaly detector to be deleted.</p> <p>When using <code>SingleMetricAnomalyDetector</code>, you cannot include the following parameters in the same operation:</p> <ul> <li> <p> <code>Dimensions</code>,</p> </li> <li> <p> <code>MetricName</code> </p> </li> <li> <p> <code>Namespace</code> </p> </li> <li> <p> <code>Stat</code> </p> </li> <li> <p>the <code>MetricMathAnomalyDetector</code> parameters of <code>DeleteAnomalyDetectorInput</code> </p> </li> </ul> <p>Instead, specify the single metric anomaly detector attributes as part of the <code>SingleMetricAnomalyDetector</code> property.</p>"
+        },
+        "MetricMathAnomalyDetector":{
+          "shape":"MetricMathAnomalyDetector",
+          "documentation":"<p>The metric math anomaly detector to be deleted.</p> <p>When using <code>MetricMathAnomalyDetector</code>, you cannot include following parameters in the same operation:</p> <ul> <li> <p> <code>Dimensions</code>,</p> </li> <li> <p> <code>MetricName</code> </p> </li> <li> <p> <code>Namespace</code> </p> </li> <li> <p> <code>Stat</code> </p> </li> <li> <p>the <code>SingleMetricAnomalyDetector</code> parameters of <code>DeleteAnomalyDetectorInput</code> </p> </li> </ul> <p>Instead, specify the metric math anomaly detector attributes as part of the <code>MetricMathAnomalyDetector</code> property.</p>"
         }
       }
     },
@@ -1288,6 +1331,10 @@
         "Dimensions":{
           "shape":"Dimensions",
           "documentation":"<p>Limits the results to only the anomaly detection models that are associated with the specified metric dimensions. If there are multiple metrics that have these dimensions and have anomaly detection models associated, they're all returned.</p>"
+        },
+        "AnomalyDetectorTypes":{
+          "shape":"AnomalyDetectorTypes",
+          "documentation":"<p>The anomaly detector types to request when using <code>DescribeAnomalyDetectorsInput</code>. If empty, defaults to <code>SINGLE_METRIC</code>.</p>"
         }
       }
     },
@@ -1802,14 +1849,14 @@
         },
         "Schema":{
           "shape":"InsightRuleSchema",
-          "documentation":"<p>For rules that you create, this is always <code>{\"Name\": \"CloudWatchLogRule\", \"Version\": 1}</code>. For built-in rules, this is <code>{\"Name\": \"ServiceLogRule\", \"Version\": 1}</code> </p>"
+          "documentation":"<p>For rules that you create, this is always <code>{\"Name\": \"CloudWatchLogRule\", \"Version\": 1}</code>. For managed rules, this is <code>{\"Name\": \"ServiceLogRule\", \"Version\": 1}</code> </p>"
         },
         "Definition":{
           "shape":"InsightRuleDefinition",
           "documentation":"<p>The definition of the rule, as a JSON object. The definition contains the keywords used to define contributors, the value to aggregate on if this rule returns a sum instead of a count, and the filters. For details on the valid syntax, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights-RuleSyntax.html\">Contributor Insights Rule Syntax</a>.</p>"
         }
       },
-      "documentation":"<p>This structure contains the definition for a Contributor Insights rule.</p>"
+      "documentation":"<p>This structure contains the definition for a Contributor Insights rule. For more information about this rule, see<a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights.html\"> Using Constributor Insights to analyze high-cardinality data</a> in the <i>Amazon CloudWatch User Guide</i>.</p>"
     },
     "InsightRuleAggregationStatistic":{"type":"string"},
     "InsightRuleContributor":{
@@ -2535,6 +2582,16 @@
       "min":1
     },
     "MetricLabel":{"type":"string"},
+    "MetricMathAnomalyDetector":{
+      "type":"structure",
+      "members":{
+        "MetricDataQueries":{
+          "shape":"MetricDataQueries",
+          "documentation":"<p>An array of metric data query structures that enables you to create an anomaly detector based on the result of a metric math expression. Each item in <code>MetricDataQueries</code> gets a metric or performs a math expression. One item in <code>MetricDataQueries</code> is the expression that provides the time series that the anomaly detector uses as input. Designate the expression by setting <code>ReturnData</code> to <code>True</code> for this object in the array. For all other expressions and metrics, set <code>ReturnData</code> to <code>False</code>. The designated expression must return a single time series.</p>"
+        }
+      },
+      "documentation":"<p>Indicates the CloudWatch math expression that provides the time series the anomaly detector uses as input. The designated math expression must return a single time series.</p>"
+    },
     "MetricName":{
       "type":"string",
       "max":255,
@@ -2697,31 +2754,42 @@
     },
     "PutAnomalyDetectorInput":{
       "type":"structure",
-      "required":[
-        "Namespace",
-        "MetricName",
-        "Stat"
-      ],
       "members":{
         "Namespace":{
           "shape":"Namespace",
-          "documentation":"<p>The namespace of the metric to create the anomaly detection model for.</p>"
+          "documentation":"<p>The namespace of the metric to create the anomaly detection model for.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "MetricName":{
           "shape":"MetricName",
-          "documentation":"<p>The name of the metric to create the anomaly detection model for.</p>"
+          "documentation":"<p>The name of the metric to create the anomaly detection model for.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "Dimensions":{
           "shape":"Dimensions",
-          "documentation":"<p>The metric dimensions to create the anomaly detection model for.</p>"
+          "documentation":"<p>The metric dimensions to create the anomaly detection model for.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "Stat":{
           "shape":"AnomalyDetectorMetricStat",
-          "documentation":"<p>The statistic to use for the metric and the anomaly detection model.</p>"
+          "documentation":"<p>The statistic to use for the metric and the anomaly detection model.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Use SingleMetricAnomalyDetector."
         },
         "Configuration":{
           "shape":"AnomalyDetectorConfiguration",
           "documentation":"<p>The configuration specifies details about how the anomaly detection model is to be trained, including time ranges to exclude when training and updating the model. You can specify as many as 10 time ranges.</p> <p>The configuration can also include the time zone to use for the metric.</p>"
+        },
+        "SingleMetricAnomalyDetector":{
+          "shape":"SingleMetricAnomalyDetector",
+          "documentation":"<p>A single metric anomaly detector to be created.</p> <p>When using <code>SingleMetricAnomalyDetector</code>, you cannot include the following parameters in the same operation:</p> <ul> <li> <p> <code>Dimensions</code> </p> </li> <li> <p> <code>MetricName</code> </p> </li> <li> <p> <code>Namespace</code> </p> </li> <li> <p> <code>Stat</code> </p> </li> <li> <p>the <code>MetricMatchAnomalyDetector</code> parameters of <code>PutAnomalyDetectorInput</code> </p> </li> </ul> <p>Instead, specify the single metric anomaly detector attributes as part of the property <code>SingleMetricAnomalyDetector</code>.</p>"
+        },
+        "MetricMathAnomalyDetector":{
+          "shape":"MetricMathAnomalyDetector",
+          "documentation":"<p>The metric math anomaly detector to be created.</p> <p>When using <code>MetricMathAnomalyDetector</code>, you cannot include the following parameters in the same operation:</p> <ul> <li> <p> <code>Dimensions</code> </p> </li> <li> <p> <code>MetricName</code> </p> </li> <li> <p> <code>Namespace</code> </p> </li> <li> <p> <code>Stat</code> </p> </li> <li> <p>the <code>SingleMetricAnomalyDetector</code> parameters of <code>PutAnomalyDetectorInput</code> </p> </li> </ul> <p>Instead, specify the metric math anomaly detector attributes as part of the property <code>MetricMathAnomalyDetector</code>.</p>"
         }
       }
     },
@@ -3092,6 +3160,28 @@
         }
       }
     },
+    "SingleMetricAnomalyDetector":{
+      "type":"structure",
+      "members":{
+        "Namespace":{
+          "shape":"Namespace",
+          "documentation":"<p>The namespace of the metric to create the anomaly detection model for.</p>"
+        },
+        "MetricName":{
+          "shape":"MetricName",
+          "documentation":"<p>The name of the metric to create the anomaly detection model for.</p>"
+        },
+        "Dimensions":{
+          "shape":"Dimensions",
+          "documentation":"<p>The metric dimensions to create the anomaly detection model for.</p>"
+        },
+        "Stat":{
+          "shape":"AnomalyDetectorMetricStat",
+          "documentation":"<p>The statistic to use for the metric and anomaly detection model.</p>"
+        }
+      },
+      "documentation":"<p>Designates the CloudWatch metric and statistic that provides the time series the anomaly detector uses as input.</p>"
+    },
     "Size":{"type":"long"},
     "StandardUnit":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/service-2.json b/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/service-2.json
index 20b3993fbac..7186a4d1ac4 100644
--- a/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/service-2.json
@@ -895,6 +895,11 @@
         }
       }
     },
+    "ListRecommendationsMaxResults":{
+      "type":"integer",
+      "max":300,
+      "min":1
+    },
     "ListRecommendationsRequest":{
       "type":"structure",
       "required":["CodeReviewArn"],
@@ -906,7 +911,7 @@
           "locationName":"NextToken"
         },
         "MaxResults":{
-          "shape":"MaxResults",
+          "shape":"ListRecommendationsMaxResults",
           "documentation":"<p> The maximum number of results that are returned per call. The default is 100. </p>",
           "location":"querystring",
           "locationName":"MaxResults"
@@ -1666,7 +1671,7 @@
     },
     "Text":{
       "type":"string",
-      "max":2048,
+      "max":5000,
       "min":1
     },
     "ThirdPartySourceRepository":{
diff --git a/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/waiters-2.json b/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/waiters-2.json
index 7a1fd0ef906..cd1730fabf1 100644
--- a/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/waiters-2.json
+++ b/contrib/python/botocore/py3/botocore/data/codeguru-reviewer/2019-09-19/waiters-2.json
@@ -7,7 +7,7 @@
             "description": "Wait until a repository association is complete.",
             "operation": "DescribeRepositoryAssociation",
             "delay": 10,
-            "maxAttempts": 20,
+            "maxAttempts": 30,
             "acceptors": [
             {
                 "state": "success",
@@ -16,6 +16,12 @@
                 "expected": "Associated"
             },
             {
+                "state": "failure",
+                "matcher": "path",
+                "argument": "RepositoryAssociation.State",
+                "expected": "Failed"
+            },
+            {
                 "state": "retry",
                 "matcher": "path",
                 "argument": "RepositoryAssociation.State",
@@ -27,7 +33,7 @@
             "description": "Wait until a code review is complete.",
             "operation": "DescribeCodeReview",
             "delay": 10,
-            "maxAttempts": 60,
+            "maxAttempts": 180,
             "acceptors": [
             {
                 "state": "success",
@@ -36,6 +42,12 @@
                 "expected": "Completed"
             },
             {
+                "state": "failure",
+                "matcher": "path",
+                "argument": "CodeReview.State",
+                "expected": "Failed"
+            },
+            {
                 "state": "retry",
                 "matcher": "path",
                 "argument": "CodeReview.State",
diff --git a/contrib/python/botocore/py3/botocore/data/cognito-idp/2016-04-18/service-2.json b/contrib/python/botocore/py3/botocore/data/cognito-idp/2016-04-18/service-2.json
index e65cd8da315..35d103b24f4 100644
--- a/contrib/python/botocore/py3/botocore/data/cognito-idp/2016-04-18/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/cognito-idp/2016-04-18/service-2.json
@@ -96,7 +96,7 @@
         {"shape":"UnsupportedUserStateException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Creates a new user in the specified user pool.</p> <p>If <code>MessageAction</code> is not set, the default is to send a welcome message via email or phone (SMS).</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note> <p>This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.</p> <p>Alternatively, you can call <code>AdminCreateUser</code> with “SUPPRESS” for the <code>MessageAction</code> parameter, and Amazon Cognito will not send any email. </p> <p>In either case, the user will be in the <code>FORCE_CHANGE_PASSWORD</code> state until they sign in and change their password.</p> <p> <code>AdminCreateUser</code> requires developer credentials.</p>"
+      "documentation":"<p>Creates a new user in the specified user pool.</p> <p>If <code>MessageAction</code> isn't set, the default is to send a welcome message via email or phone (SMS).</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note> <p>This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.</p> <p>Alternatively, you can call <code>AdminCreateUser</code> with <code>SUPPRESS</code> for the <code>MessageAction</code> parameter, and Amazon Cognito won't send any email. </p> <p>In either case, the user will be in the <code>FORCE_CHANGE_PASSWORD</code> state until they sign in and change their password.</p> <p> <code>AdminCreateUser</code> requires developer credentials.</p>"
     },
     "AdminDeleteUser":{
       "name":"AdminDeleteUser",
@@ -150,7 +150,7 @@
         {"shape":"AliasExistsException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked <code>DestinationUser</code>) signs in, they must create a new user account. See <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html\">AdminLinkProviderForUser</a>.</p> <p>This action is enabled only for admin access and requires developer credentials.</p> <p>The <code>ProviderName</code> must match the value specified when creating an IdP for the pool. </p> <p>To disable a native username + password user, the <code>ProviderName</code> value must be <code>Cognito</code> and the <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code>, with the <code>ProviderAttributeValue</code> being the name that is used in the user pool for the user.</p> <p>The <code>ProviderAttributeName</code> must always be <code>Cognito_Subject</code> for social identity providers. The <code>ProviderAttributeValue</code> must always be the exact subject that was used when the user was originally linked as a source user.</p> <p>For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the <code>ProviderAttributeName</code> and <code>ProviderAttributeValue</code> must be the same values that were used for the <code>SourceUser</code> when the identities were originally linked using <code> AdminLinkProviderForUser</code> call. (If the linking was done with <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>, the same applies here). However, if the user has already signed in, the <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code> and <code>ProviderAttributeValue</code> must be the subject of the SAML assertion.</p>"
+      "documentation":"<p>Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Amazon Cognito User Pools native username + password user, they aren't permitted to use their password to sign in. If the user to deactivate is a linked external identity provider (IdP) user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked <code>DestinationUser</code>) signs in, they must create a new user account. See <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html\">AdminLinkProviderForUser</a>.</p> <p>This action is enabled only for admin access and requires developer credentials.</p> <p>The <code>ProviderName</code> must match the value specified when creating an IdP for the pool. </p> <p>To deactivate a native username + password user, the <code>ProviderName</code> value must be <code>Cognito</code> and the <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code>. The <code>ProviderAttributeValue</code> must be the name that is used in the user pool for the user.</p> <p>The <code>ProviderAttributeName</code> must always be <code>Cognito_Subject</code> for social identity providers. The <code>ProviderAttributeValue</code> must always be the exact subject that was used when the user was originally linked as a source user.</p> <p>For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the <code>ProviderAttributeName</code> and <code>ProviderAttributeValue</code> must be the same values that were used for the <code>SourceUser</code> when the identities were originally linked using <code> AdminLinkProviderForUser</code> call. (If the linking was done with <code>ProviderAttributeName</code> set to <code>Cognito_Subject</code>, the same applies here). However, if the user has already signed in, the <code>ProviderAttributeName</code> must be <code>Cognito_Subject</code> and <code>ProviderAttributeValue</code> must be the subject of the SAML assertion.</p>"
     },
     "AdminDisableUser":{
       "name":"AdminDisableUser",
@@ -267,7 +267,7 @@
         {"shape":"UserNotFoundException"},
         {"shape":"UserNotConfirmedException"}
       ],
-      "documentation":"<p>Initiates the authentication flow, as an administrator.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note> <p>Calling this action requires developer credentials.</p>"
+      "documentation":"<p>Initiates the authentication flow, as an administrator.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note> <p>Calling this action requires developer credentials.</p>"
     },
     "AdminLinkProviderForUser":{
       "name":"AdminLinkProviderForUser",
@@ -287,7 +287,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an identity from an external identity provider (<code>SourceUser</code>) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account. </p> <p> For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account. </p> <note> <p>The maximum number of federated identities linked to a user is 5.</p> </note> <important> <p>Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.</p> </important> <p>This action is enabled only for admin access and requires developer credentials.</p>"
+      "documentation":"<p>Links an existing user account in a user pool (<code>DestinationUser</code>) to an identity from an external identity provider (<code>SourceUser</code>) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account. </p> <p> For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.</p> <note> <p>The maximum number of federated identities linked to a user is 5.</p> </note> <important> <p>Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.</p> </important> <p>This action is administrative and requires developer credentials.</p>"
     },
     "AdminListDevices":{
       "name":"AdminListDevices",
@@ -342,7 +342,7 @@
         {"shape":"UserPoolAddOnNotEnabledException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Lists a history of user activity and any risks detected as part of Amazon Cognito advanced security.</p>"
+      "documentation":"<p>A history of user activity and any risks detected as part of Amazon Cognito advanced security.</p>"
     },
     "AdminRemoveUserFromGroup":{
       "name":"AdminRemoveUserFromGroup",
@@ -384,7 +384,7 @@
         {"shape":"InvalidSmsRoleTrustRelationshipException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Resets the specified user's password in a user pool as an administrator. Works on any user.</p> <p>When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note> <p>Calling this action requires developer credentials.</p>"
+      "documentation":"<p>Resets the specified user's password in a user pool as an administrator. Works on any user.</p> <p>When a developer calls this API, the current password is invalidated, so it must be changed. If a user tries to sign in after the API is called, the app will get a PasswordResetRequiredException exception back and should direct the user down the flow to reset the password, which is the same as the forgot password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note> <p>Calling this action requires developer credentials.</p>"
     },
     "AdminRespondToAuthChallenge":{
       "name":"AdminRespondToAuthChallenge",
@@ -416,7 +416,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"SoftwareTokenMFANotFoundException"}
       ],
-      "documentation":"<p>Responds to an authentication challenge, as an administrator.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note> <p>Calling this action requires developer credentials.</p>"
+      "documentation":"<p>Responds to an authentication challenge, as an administrator.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note> <p>Calling this action requires developer credentials.</p>"
     },
     "AdminSetUserMFAPreference":{
       "name":"AdminSetUserMFAPreference",
@@ -435,7 +435,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Sets the user's multi-factor authentication (MFA) preference, including which MFA options are enabled and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in.</p>"
+      "documentation":"<p>The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.</p>"
     },
     "AdminSetUserPassword":{
       "name":"AdminSetUserPassword",
@@ -454,7 +454,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InvalidPasswordException"}
       ],
-      "documentation":"<p>Sets the specified user's password in a user pool as an administrator. Works on any user. </p> <p>The password can be temporary or permanent. If it is temporary, the user status will be placed into the <code>FORCE_CHANGE_PASSWORD</code> state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the <code>NEW_PASSWORD_REQUIRED</code> challenge. If the user does not sign in before it expires, the user will not be able to sign in and their password will need to be reset by an administrator. </p> <p>Once the user has set a new password, or the password is permanent, the user status will be set to <code>Confirmed</code>.</p>"
+      "documentation":"<p>Sets the specified user's password in a user pool as an administrator. Works on any user. </p> <p>The password can be temporary or permanent. If it is temporary, the user status enters the <code>FORCE_CHANGE_PASSWORD</code> state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the <code>NEW_PASSWORD_REQUIRED</code> challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password. </p> <p>Once the user has set a new password, or the password is permanent, the user status is set to <code>Confirmed</code>.</p>"
     },
     "AdminSetUserSettings":{
       "name":"AdminSetUserSettings",
@@ -471,7 +471,7 @@
         {"shape":"UserNotFoundException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p> <i>This action is no longer supported.</i> You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html\">AdminSetUserMFAPreference</a> instead.</p>"
+      "documentation":"<p> <i>This action is no longer supported.</i> You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserMFAPreference.html\">AdminSetUserMFAPreference</a> instead.</p>"
     },
     "AdminUpdateAuthEventFeedback":{
       "name":"AdminUpdateAuthEventFeedback",
@@ -490,7 +490,7 @@
         {"shape":"UserPoolAddOnNotEnabledException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Provides feedback for an authentication event as to whether it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.</p>"
+      "documentation":"<p>Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.</p>"
     },
     "AdminUpdateDeviceStatus":{
       "name":"AdminUpdateDeviceStatus",
@@ -534,7 +534,7 @@
         {"shape":"InvalidEmailRoleAccessPolicyException"},
         {"shape":"InvalidSmsRoleTrustRelationshipException"}
       ],
-      "documentation":"<p>Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p> <p>In addition to updating user attributes, this API can also be used to mark phone and email as verified.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note> <p>Calling this action requires developer credentials.</p>"
+      "documentation":"<p>Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p> <p>In addition to updating user attributes, this API can also be used to mark phone and email as verified.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note> <p>Calling this action requires developer credentials.</p>"
     },
     "AdminUserGlobalSignOut":{
       "name":"AdminUserGlobalSignOut",
@@ -552,7 +552,7 @@
         {"shape":"UserNotFoundException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Signs out users from all devices, as an administrator. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.</p> <p>Calling this action requires developer credentials.</p>"
+      "documentation":"<p>Signs out users from all devices, as an administrator. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they're issued.</p> <p>Calling this action requires developer credentials.</p>"
     },
     "AssociateSoftwareToken":{
       "name":"AssociateSoftwareToken",
@@ -570,7 +570,7 @@
         {"shape":"InternalErrorException"},
         {"shape":"SoftwareTokenMFANotFoundException"}
       ],
-      "documentation":"<p>Returns a unique generated shared secret key code for the user account. The request takes an access token or a session string, but not both.</p> <note> <p>Calling AssociateSoftwareToken immediately disassociates the existing software token from the user account. If the user doesn't subsequently verify the software token, their account is essentially set up to authenticate without MFA. If MFA config is set to Optional at the user pool level, the user can then login without MFA. However, if MFA is set to Required for the user pool, the user will be asked to setup a new software token MFA during sign in.</p> </note>"
+      "documentation":"<p>Returns a unique generated shared secret key code for the user account. The request takes an access token or a session string, but not both.</p> <note> <p>Calling AssociateSoftwareToken immediately disassociates the existing software token from the user account. If the user doesn't subsequently verify the software token, their account is set up to authenticate without MFA. If MFA config is set to Optional at the user pool level, the user can then log in without MFA. However, if MFA is set to Required for the user pool, the user is asked to set up a new software token MFA during sign-in.</p> </note>"
     },
     "ChangePassword":{
       "name":"ChangePassword",
@@ -728,7 +728,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Creates a new OAuth2.0 resource server and defines custom scopes in it.</p>"
+      "documentation":"<p>Creates a new OAuth2.0 resource server and defines custom scopes within it.</p>"
     },
     "CreateUserImportJob":{
       "name":"CreateUserImportJob",
@@ -768,7 +768,7 @@
         {"shape":"UserPoolTaggingException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Creates a new Amazon Cognito user pool and sets the password policy for the pool.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>"
+      "documentation":"<p>Creates a new Amazon Cognito user pool and sets the password policy for the pool.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>"
     },
     "CreateUserPoolClient":{
       "name":"CreateUserPoolClient",
@@ -788,7 +788,7 @@
         {"shape":"InvalidOAuthFlowException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Creates the user pool client.</p> <p>When you create a new user pool client, token revocation is automatically enabled. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
+      "documentation":"<p>Creates the user pool client.</p> <p>When you create a new user pool client, token revocation is automatically activated. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
     },
     "CreateUserPoolDomain":{
       "name":"CreateUserPoolDomain",
@@ -1111,7 +1111,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the <code>Username</code> parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html\">Recovering User Accounts</a> in the <i>Amazon Cognito Developer Guide</i>. If neither a verified phone number nor a verified email exists, an <code>InvalidParameterException</code> is thrown. To use the confirmation code for resetting the password, call <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html\">ConfirmForgotPassword</a>.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the <code>Username</code> parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html\">Recovering User Accounts</a> in the <i>Amazon Cognito Developer Guide</i>. If neither a verified phone number nor a verified email exists, an <code>InvalidParameterException</code> is thrown. To use the confirmation code for resetting the password, call <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html\">ConfirmForgotPassword</a>. </p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "GetCSVHeader":{
@@ -1129,7 +1129,7 @@
         {"shape":"NotAuthorizedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Gets the header information for the .csv file to be used as input for the user import job.</p>"
+      "documentation":"<p>Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.</p>"
     },
     "GetDevice":{
       "name":"GetDevice",
@@ -1216,7 +1216,7 @@
         {"shape":"TooManyRequestsException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Gets the UI Customization information for a particular app client's app UI, if there is something set. If nothing is set for the particular client, but there is an existing pool level customization (app <code>clientId</code> will be <code>ALL</code>), then that is returned. If nothing is present, then an empty shape is returned.</p>"
+      "documentation":"<p>Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client. If nothing is set for the particular client, but there is an existing pool level customization (the app <code>clientId</code> is <code>ALL</code>), then that information is returned. If nothing is present, then an empty shape is returned.</p>"
     },
     "GetUser":{
       "name":"GetUser",
@@ -1265,7 +1265,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Gets the user attribute verification code for the specified attribute name.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Gets the user attribute verification code for the specified attribute name.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "GetUserPoolMfaConfig":{
@@ -1302,7 +1302,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Signs out users from all devices. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they are issued.</p>"
+      "documentation":"<p>Signs out users from all devices. It also invalidates all refresh tokens issued to a user. The user's current access and ID tokens remain valid until their expiry. Access and Id tokens expire one hour after they're issued.</p>"
     },
     "InitiateAuth":{
       "name":"InitiateAuth",
@@ -1328,7 +1328,7 @@
         {"shape":"InvalidSmsRoleAccessPolicyException"},
         {"shape":"InvalidSmsRoleTrustRelationshipException"}
       ],
-      "documentation":"<p>Initiates the authentication flow.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Initiates the authentication flow.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "ListDevices":{
@@ -1468,7 +1468,7 @@
         {"shape":"NotAuthorizedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Lists the user pools associated with an account.</p>"
+      "documentation":"<p>Lists the user pools associated with an Amazon Web Services account.</p>"
     },
     "ListUsers":{
       "name":"ListUsers",
@@ -1528,7 +1528,7 @@
         {"shape":"UserNotFoundException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Resends the confirmation (for confirmation of registration) to a specific user in the user pool.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Resends the confirmation (for confirmation of registration) to a specific user in the user pool.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "RespondToAuthChallenge":{
@@ -1561,7 +1561,7 @@
         {"shape":"InternalErrorException"},
         {"shape":"SoftwareTokenMFANotFoundException"}
       ],
-      "documentation":"<p>Responds to the authentication challenge.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Responds to the authentication challenge.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "RevokeToken":{
@@ -1580,7 +1580,7 @@
         {"shape":"UnsupportedOperationException"},
         {"shape":"UnsupportedTokenTypeException"}
       ],
-      "documentation":"<p>Revokes all of the access tokens generated by the specified refresh token. After the token is revoked, you can not use the revoked token to access Cognito authenticated APIs.</p>"
+      "documentation":"<p>Revokes all of the access tokens generated by the specified refresh token. After the token is revoked, you can't use the revoked token to access Amazon Cognito authenticated APIs.</p>"
     },
     "SetRiskConfiguration":{
       "name":"SetRiskConfiguration",
@@ -1600,7 +1600,7 @@
         {"shape":"InvalidEmailRoleAccessPolicyException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Configures actions on detected risks. To delete the risk configuration for <code>UserPoolId</code> or <code>ClientId</code>, pass null values for all four configuration types.</p> <p>To enable Amazon Cognito advanced security features, update the user pool to include the <code>UserPoolAddOns</code> key<code>AdvancedSecurityMode</code>.</p>"
+      "documentation":"<p>Configures actions on detected risks. To delete the risk configuration for <code>UserPoolId</code> or <code>ClientId</code>, pass null values for all four configuration types.</p> <p>To activate Amazon Cognito advanced security features, update the user pool to include the <code>UserPoolAddOns</code> key<code>AdvancedSecurityMode</code>.</p>"
     },
     "SetUICustomization":{
       "name":"SetUICustomization",
@@ -1617,7 +1617,7 @@
         {"shape":"TooManyRequestsException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Sets the UI customization information for a user pool's built-in app UI.</p> <p>You can specify app UI customization settings for a single client (with a specific <code>clientId</code>) or for all clients (by setting the <code>clientId</code> to <code>ALL</code>). If you specify <code>ALL</code>, the default configuration will be used for every client that has no UI customization set previously. If you specify UI customization settings for a particular client, it will no longer fall back to the <code>ALL</code> configuration. </p> <note> <p>To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.</p> </note>"
+      "documentation":"<p>Sets the user interface (UI) customization information for a user pool's built-in app UI.</p> <p>You can specify app UI customization settings for a single client (with a specific <code>clientId</code>) or for all clients (by setting the <code>clientId</code> to <code>ALL</code>). If you specify <code>ALL</code>, the default configuration is used for every client that has no previously set UI customization. If you specify UI customization settings for a particular client, it will no longer return to the <code>ALL</code> configuration.</p> <note> <p>To use this API, your user pool must have a domain associated with it. Otherwise, there is no place to host the app's pages, and the service will throw an error.</p> </note>"
     },
     "SetUserMFAPreference":{
       "name":"SetUserMFAPreference",
@@ -1636,7 +1636,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are enabled and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are enabled. If multiple options are enabled and no preference is set, a challenge to choose an MFA option will be returned during sign in. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign in attempts, disable MFA for users and turn on Adaptive Authentication for the user pool.</p>"
+      "documentation":"<p>Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.</p>"
     },
     "SetUserPoolMfaConfig":{
       "name":"SetUserPoolMfaConfig",
@@ -1655,7 +1655,7 @@
         {"shape":"NotAuthorizedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Set the user pool multi-factor authentication (MFA) configuration.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>"
+      "documentation":"<p>Sets the user pool multi-factor authentication (MFA) configuration.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>"
     },
     "SetUserSettings":{
       "name":"SetUserSettings",
@@ -1674,7 +1674,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p> <i>This action is no longer supported.</i> You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html\">SetUserMFAPreference</a> instead.</p>",
+      "documentation":"<p> <i>This action is no longer supported.</i> You can use it to configure only SMS MFA. You can't use it to configure time-based one-time password (TOTP) software token MFA. To configure either type of MFA, use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserMFAPreference.html\">SetUserMFAPreference</a> instead.</p>",
       "authtype":"none"
     },
     "SignUp":{
@@ -1701,7 +1701,7 @@
         {"shape":"InvalidEmailRoleAccessPolicyException"},
         {"shape":"CodeDeliveryFailureException"}
       ],
-      "documentation":"<p>Registers the user in the specified user pool and creates a user name, password, and user attributes.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Registers the user in the specified user pool and creates a user name, password, and user attributes.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "StartUserImportJob":{
@@ -1755,7 +1755,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.</p> <p>Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an <code>Environment</code> tag key to both user pools. The value of this key might be <code>Test</code> for one user pool and <code>Production</code> for the other.</p> <p>Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an IAM policy, you can constrain permissions for user pools based on specific tags or tag values.</p> <p>You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.</p>"
+      "documentation":"<p>Assigns a set of tags to an Amazon Cognito user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.</p> <p>Each tag consists of a key and value, both of which you define. A key is a general category for more specific values. For example, if you have two versions of a user pool, one for testing and another for production, you might assign an <code>Environment</code> tag key to both user pools. The value of this key might be <code>Test</code> for one user pool, and <code>Production</code> for the other.</p> <p>Tags are useful for cost tracking and access control. You can activate your tags so that they appear on the Billing and Cost Management console, where you can track the costs associated with your user pools. In an Identity and Access Management policy, you can constrain permissions for user pools based on specific tags or tag values.</p> <p>You can use this action up to 5 times per second, per account. A user pool can have as many as 50 tags.</p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -1772,7 +1772,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account</p>"
+      "documentation":"<p>Removes the specified tags from an Amazon Cognito user pool. You can use this action up to 5 times per second, per account.</p>"
     },
     "UpdateAuthEventFeedback":{
       "name":"UpdateAuthEventFeedback",
@@ -1791,7 +1791,7 @@
         {"shape":"UserPoolAddOnNotEnabledException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Provides the feedback for an authentication event whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.</p>"
+      "documentation":"<p>Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.</p>"
     },
     "UpdateDeviceStatus":{
       "name":"UpdateDeviceStatus",
@@ -1864,7 +1864,7 @@
         {"shape":"TooManyRequestsException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Updates the name and scopes of resource server. All other fields are read-only.</p> <important> <p>If you don't provide a value for an attribute, it will be set to the default value.</p> </important>"
+      "documentation":"<p>Updates the name and scopes of resource server. All other fields are read-only.</p> <important> <p>If you don't provide a value for an attribute, it is set to the default value.</p> </important>"
     },
     "UpdateUserAttributes":{
       "name":"UpdateUserAttributes",
@@ -1894,7 +1894,7 @@
         {"shape":"UserNotConfirmedException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Allows a user to update a specific attribute (one at a time).</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>",
+      "documentation":"<p>Allows a user to update a specific attribute (one at a time).</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>",
       "authtype":"none"
     },
     "UpdateUserPool":{
@@ -1918,7 +1918,7 @@
         {"shape":"UserPoolTaggingException"},
         {"shape":"InvalidEmailRoleAccessPolicyException"}
       ],
-      "documentation":"<p>Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html\">DescribeUserPool</a>. If you don't provide a value for an attribute, it will be set to the default value.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, U.S. telecom carriers require that you register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Cognito will use the the registered number automatically. Otherwise, Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon SNS might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you’ll have limitations, such as sending messages to only verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>. </p> </note>"
+      "documentation":"<p>Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html\">DescribeUserPool</a>. If you don't provide a value for an attribute, it will be set to the default value.</p> <note> <p>This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to U.S. phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with <a href=\"https://console.aws.amazon.com/pinpoint/home/\">Amazon Pinpoint</a>. Amazon Cognito will use the registered number automatically. Otherwise, Amazon Cognito users that must receive SMS messages might be unable to sign up, activate their accounts, or sign in.</p> <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in SMS sandbox. In <i> <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">sandbox mode</a> </i>, you will have limitations, such as sending messages only to verified phone numbers. After testing in the sandbox environment, you can move out of the SMS sandbox and into production. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html\"> SMS message settings for Amazon Cognito User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </note>"
     },
     "UpdateUserPoolClient":{
       "name":"UpdateUserPoolClient",
@@ -1955,7 +1955,7 @@
         {"shape":"TooManyRequestsException"},
         {"shape":"InternalErrorException"}
       ],
-      "documentation":"<p>Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.</p> <p>You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You cannot use it to change the domain for a user pool.</p> <p>A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.</p> <p>Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.</p> <p>However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.</p> <p>When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Region.</p> <p>After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.</p> <p>For more information about adding a custom domain to your user pool, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html\">Using Your Own Domain for the Hosted UI</a>.</p>"
+      "documentation":"<p>Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.</p> <p>You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can't use it to change the domain for a user pool.</p> <p>A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.</p> <p>Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.</p> <p>However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.</p> <p>When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.</p> <p>After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.</p> <p>For more information about adding a custom domain to your user pool, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html\">Using Your Own Domain for the Hosted UI</a>.</p>"
     },
     "VerifySoftwareToken":{
       "name":"VerifySoftwareToken",
@@ -1980,7 +1980,7 @@
         {"shape":"SoftwareTokenMFANotFoundException"},
         {"shape":"CodeMismatchException"}
       ],
-      "documentation":"<p>Use this API to register a user's entered TOTP code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.</p>"
+      "documentation":"<p>Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.</p>"
     },
     "VerifyUserAttribute":{
       "name":"VerifyUserAttribute",
@@ -2038,7 +2038,7 @@
         },
         "EventAction":{
           "shape":"AccountTakeoverEventActionType",
-          "documentation":"<p>The event action.</p> <ul> <li> <p> <code>BLOCK</code> Choosing this action will block the request.</p> </li> <li> <p> <code>MFA_IF_CONFIGURED</code> Throw MFA challenge if user has configured it, else allow the request.</p> </li> <li> <p> <code>MFA_REQUIRED</code> Throw MFA challenge if user has configured it, else block the request.</p> </li> <li> <p> <code>NO_ACTION</code> Allow the user sign-in.</p> </li> </ul>"
+          "documentation":"<p>The event action.</p> <ul> <li> <p> <code>BLOCK</code> Choosing this action will block the request.</p> </li> <li> <p> <code>MFA_IF_CONFIGURED</code> Present an MFA challenge if user has configured it, else allow the request.</p> </li> <li> <p> <code>MFA_REQUIRED</code> Present an MFA challenge if user has configured it, else block the request.</p> </li> <li> <p> <code>NO_ACTION</code> Allow the user to sign in.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Account takeover action type.</p>"
@@ -2080,7 +2080,7 @@
         },
         "Actions":{
           "shape":"AccountTakeoverActionsType",
-          "documentation":"<p>Account takeover risk configuration actions</p>"
+          "documentation":"<p>Account takeover risk configuration actions.</p>"
         }
       },
       "documentation":"<p>Configuration for mitigation actions and notification for different levels of risk detected for a potential account takeover.</p>"
@@ -2148,7 +2148,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the <code>clientMetadata</code> attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>If your user pool configuration includes triggers, the AdminConfirmSignUp API action invokes the Lambda function that is specified for the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. In this payload, the <code>clientMetadata</code> attribute provides the data that you assigned to the ClientMetadata parameter in your AdminConfirmSignUp request. In your function code in Lambda, you can process the ClientMetadata value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to confirm user registration.</p>"
@@ -2168,7 +2168,7 @@
         },
         "UnusedAccountValidityDays":{
           "shape":"AdminCreateUserUnusedAccountValidityDaysType",
-          "documentation":"<p>The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call <code>AdminCreateUser</code> again, specifying <code>\"RESEND\"</code> for the <code>MessageAction</code> parameter. The default value for this parameter is 7. </p> <note> <p>If you set a value for <code>TemporaryPasswordValidityDays</code> in <code>PasswordPolicy</code>, that value will be used and <code>UnusedAccountValidityDays</code> will be deprecated for that user pool. </p> </note>"
+          "documentation":"<p>The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call <code>AdminCreateUser</code> again, specifying <code>\"RESEND\"</code> for the <code>MessageAction</code> parameter. The default value for this parameter is 7. </p> <note> <p>If you set a value for <code>TemporaryPasswordValidityDays</code> in <code>PasswordPolicy</code>, that value will be used, and <code>UnusedAccountValidityDays</code> will be no longer be an available parameter for that user pool.</p> </note>"
         },
         "InviteMessageTemplate":{
           "shape":"MessageTemplateType",
@@ -2190,35 +2190,35 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.</p>"
+          "documentation":"<p>The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.</p>"
         },
         "UserAttributes":{
           "shape":"AttributeListType",
-          "documentation":"<p>An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than <code>Username</code>. However, any attributes that you specify as required (when creating a user pool or in the <b>Attributes</b> tab of the console) must be supplied either by you (in your call to <code>AdminCreateUser</code>) or by the user (when he or she signs up in response to your welcome message).</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p> <p>To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the <b>Users</b> tab of the Amazon Cognito console for managing your user pools.</p> <p>In your call to <code>AdminCreateUser</code>, you can set the <code>email_verified</code> attribute to <code>True</code>, and you can set the <code>phone_number_verified</code> attribute to <code>True</code>. (You can also do this by calling <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html\">AdminUpdateUserAttributes</a>.)</p> <ul> <li> <p> <b>email</b>: The email address of the user to whom the message that contains the code and username will be sent. Required if the <code>email_verified</code> attribute is set to <code>True</code>, or if <code>\"EMAIL\"</code> is specified in the <code>DesiredDeliveryMediums</code> parameter.</p> </li> <li> <p> <b>phone_number</b>: The phone number of the user to whom the message that contains the code and username will be sent. Required if the <code>phone_number_verified</code> attribute is set to <code>True</code>, or if <code>\"SMS\"</code> is specified in the <code>DesiredDeliveryMediums</code> parameter.</p> </li> </ul>"
+          "documentation":"<p>An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than <code>Username</code>. However, any attributes that you specify as required (when creating a user pool or in the <b>Attributes</b> tab of the console) either you should supply (in your call to <code>AdminCreateUser</code>) or the user should supply (when they sign up in response to your welcome message).</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p> <p>To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the <b>Users</b> tab of the Amazon Cognito console for managing your user pools.</p> <p>In your call to <code>AdminCreateUser</code>, you can set the <code>email_verified</code> attribute to <code>True</code>, and you can set the <code>phone_number_verified</code> attribute to <code>True</code>. You can also do this by calling <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html\">AdminUpdateUserAttributes</a>.</p> <ul> <li> <p> <b>email</b>: The email address of the user to whom the message that contains the code and username will be sent. Required if the <code>email_verified</code> attribute is set to <code>True</code>, or if <code>\"EMAIL\"</code> is specified in the <code>DesiredDeliveryMediums</code> parameter.</p> </li> <li> <p> <b>phone_number</b>: The phone number of the user to whom the message that contains the code and username will be sent. Required if the <code>phone_number_verified</code> attribute is set to <code>True</code>, or if <code>\"SMS\"</code> is specified in the <code>DesiredDeliveryMediums</code> parameter.</p> </li> </ul>"
         },
         "ValidationData":{
           "shape":"AttributeListType",
-          "documentation":"<p>The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.</p> <p>To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.</p> <p>The user's validation data is not persisted.</p>"
+          "documentation":"<p>The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.</p> <p>To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.</p> <p>The user's validation data isn't persisted.</p>"
         },
         "TemporaryPassword":{
           "shape":"PasswordType",
-          "documentation":"<p>The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.</p> <p>The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page along with a new password to be used in all future sign-ins.</p> <p>This parameter is not required. If you do not specify a value, Amazon Cognito generates one for you.</p> <p>The temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call <code>AdminCreateUser</code> again, specifying <code>\"RESEND\"</code> for the <code>MessageAction</code> parameter.</p>"
+          "documentation":"<p>The user's temporary password. This password must conform to the password policy that you specified when you created the user pool.</p> <p>The temporary password is valid only once. To complete the Admin Create User flow, the user must enter the temporary password in the sign-in page, along with a new password to be used in all future sign-ins.</p> <p>This parameter isn't required. If you don't specify a value, Amazon Cognito generates one for you.</p> <p>The temporary password can only be used until the user account expiration limit that you specified when you created the user pool. To reset the account after that time limit, you must call <code>AdminCreateUser</code> again, specifying <code>\"RESEND\"</code> for the <code>MessageAction</code> parameter.</p>"
         },
         "ForceAliasCreation":{
           "shape":"ForceAliasCreation",
-          "documentation":"<p>This parameter is only used if the <code>phone_number_verified</code> or <code>email_verified</code> attribute is set to <code>True</code>. Otherwise, it is ignored.</p> <p>If this parameter is set to <code>True</code> and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.</p> <p>If this parameter is set to <code>False</code>, the API throws an <code>AliasExistsException</code> error if the alias already exists. The default value is <code>False</code>.</p>"
+          "documentation":"<p>This parameter is used only if the <code>phone_number_verified</code> or <code>email_verified</code> attribute is set to <code>True</code>. Otherwise, it is ignored.</p> <p>If this parameter is set to <code>True</code> and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.</p> <p>If this parameter is set to <code>False</code>, the API throws an <code>AliasExistsException</code> error if the alias already exists. The default value is <code>False</code>.</p>"
         },
         "MessageAction":{
           "shape":"MessageActionType",
-          "documentation":"<p>Set to <code>\"RESEND\"</code> to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to <code>\"SUPPRESS\"</code> to suppress sending the message. Only one value can be specified.</p>"
+          "documentation":"<p>Set to <code>RESEND</code> to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to <code>SUPPRESS</code> to suppress sending the message. You can specify only one value.</p>"
         },
         "DesiredDeliveryMediums":{
           "shape":"DeliveryMediumListType",
-          "documentation":"<p>Specify <code>\"EMAIL\"</code> if email will be used to send the welcome message. Specify <code>\"SMS\"</code> if the phone number will be used. The default value is <code>\"SMS\"</code>. More than one value can be specified.</p>"
+          "documentation":"<p>Specify <code>\"EMAIL\"</code> if email will be used to send the welcome message. Specify <code>\"SMS\"</code> if the phone number will be used. The default value is <code>\"SMS\"</code>. You can specify more than one value.</p>"
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the <i>pre sign-up</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the <i>pre sign-up</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to create a user in the specified user pool.</p>"
@@ -2256,7 +2256,7 @@
         },
         "UserAttributeNames":{
           "shape":"AttributeNameListType",
-          "documentation":"<p>An array of strings representing the user attribute names you wish to delete.</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p>"
+          "documentation":"<p>An array of strings representing the user attribute names you want to delete.</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p>"
         }
       },
       "documentation":"<p>Represents the request to delete user attributes as an administrator.</p>"
@@ -2280,7 +2280,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to delete.</p>"
+          "documentation":"<p>The user name of the user you want to delete.</p>"
         }
       },
       "documentation":"<p>Represents the request to delete a user as an administrator.</p>"
@@ -2320,7 +2320,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to disable.</p>"
+          "documentation":"<p>The user name of the user you want to disable.</p>"
         }
       },
       "documentation":"<p>Represents the request to disable the user as an administrator.</p>"
@@ -2344,7 +2344,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to enable.</p>"
+          "documentation":"<p>The user name of the user you want to enable.</p>"
         }
       },
       "documentation":"<p>Represents the request that enables the user as an administrator.</p>"
@@ -2425,7 +2425,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to retrieve.</p>"
+          "documentation":"<p>The user name of the user you want to retrieve.</p>"
         }
       },
       "documentation":"<p>Represents the request to get the specified user as an administrator.</p>"
@@ -2436,7 +2436,7 @@
       "members":{
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user about whom you are receiving information.</p>"
+          "documentation":"<p>The user name of the user about whom you're receiving information.</p>"
         },
         "UserAttributes":{
           "shape":"AttributeListType",
@@ -2452,15 +2452,15 @@
         },
         "Enabled":{
           "shape":"BooleanType",
-          "documentation":"<p>Indicates that the status is enabled.</p>"
+          "documentation":"<p>Indicates that the status is <code>enabled</code>.</p>"
         },
         "UserStatus":{
           "shape":"UserStatusType",
-          "documentation":"<p>The user status. Can be one of the following:</p> <ul> <li> <p>UNCONFIRMED - User has been created but not confirmed.</p> </li> <li> <p>CONFIRMED - User has been confirmed.</p> </li> <li> <p>ARCHIVED - User is no longer active.</p> </li> <li> <p>COMPROMISED - User is disabled due to a potential security threat.</p> </li> <li> <p>UNKNOWN - User status is not known.</p> </li> <li> <p>RESET_REQUIRED - User is confirmed, but the user must request a code and reset his or her password before he or she can sign in.</p> </li> <li> <p>FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change his or her password to a new value before doing anything else. </p> </li> </ul>"
+          "documentation":"<p>The user status. Can be one of the following:</p> <ul> <li> <p>UNCONFIRMED - User has been created but not confirmed.</p> </li> <li> <p>CONFIRMED - User has been confirmed.</p> </li> <li> <p>ARCHIVED - User is no longer active.</p> </li> <li> <p>COMPROMISED - User is disabled due to a potential security threat.</p> </li> <li> <p>UNKNOWN - User status isn't known.</p> </li> <li> <p>RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.</p> </li> <li> <p>FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else. </p> </li> </ul>"
         },
         "MFAOptions":{
           "shape":"MFAOptionListType",
-          "documentation":"<p> <i>This response parameter is no longer supported.</i> It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.</p>"
+          "documentation":"<p> <i>This response parameter is no longer supported.</i> It provides information only about SMS MFA configurations. It doesn't provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.</p>"
         },
         "PreferredMfaSetting":{
           "shape":"StringType",
@@ -2468,7 +2468,7 @@
         },
         "UserMFASettingList":{
           "shape":"UserMFASettingListType",
-          "documentation":"<p>The MFA options that are enabled for the user. The possible values in this list are <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>"
+          "documentation":"<p>The MFA options that are activated for the user. The possible values in this list are <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>"
         }
       },
       "documentation":"<p>Represents the response from the server from the request to get the specified user as an administrator.</p>"
@@ -2491,15 +2491,15 @@
         },
         "AuthFlow":{
           "shape":"AuthFlowType",
-          "documentation":"<p>The authentication flow for this call to execute. The API action will depend on this value. For example:</p> <ul> <li> <p> <code>REFRESH_TOKEN_AUTH</code> will take in a valid refresh token and return new tokens.</p> </li> <li> <p> <code>USER_SRP_AUTH</code> will take in <code>USERNAME</code> and <code>SRP_A</code> and return the SRP variables to be used for next challenge execution.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code> will take in <code>USERNAME</code> and <code>PASSWORD</code> and return the next challenge or tokens.</p> </li> </ul> <p>Valid values include:</p> <ul> <li> <p> <code>USER_SRP_AUTH</code>: Authentication flow for the Secure Remote Password (SRP) protocol.</p> </li> <li> <p> <code>REFRESH_TOKEN_AUTH</code>/<code>REFRESH_TOKEN</code>: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.</p> </li> <li> <p> <code>CUSTOM_AUTH</code>: Custom authentication flow.</p> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code>: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if the USERNAME is not found in the user pool. </p> </li> <li> <p> <code>ADMIN_USER_PASSWORD_AUTH</code>: Admin-based user password authentication. This replaces the <code>ADMIN_NO_SRP_AUTH</code> authentication flow. In this flow, Cognito receives the password in the request instead of using the SRP process to verify passwords.</p> </li> </ul>"
+          "documentation":"<p>The authentication flow for this call to run. The API action will depend on this value. For example:</p> <ul> <li> <p> <code>REFRESH_TOKEN_AUTH</code> will take in a valid refresh token and return new tokens.</p> </li> <li> <p> <code>USER_SRP_AUTH</code> will take in <code>USERNAME</code> and <code>SRP_A</code> and return the Secure Remote Password (SRP) protocol variables to be used for next challenge execution.</p> </li> <li> <p> <code>ADMIN_USER_PASSWORD_AUTH</code> will take in <code>USERNAME</code> and <code>PASSWORD</code> and return the next challenge or tokens.</p> </li> </ul> <p>Valid values include:</p> <ul> <li> <p> <code>USER_SRP_AUTH</code>: Authentication flow for the Secure Remote Password (SRP) protocol.</p> </li> <li> <p> <code>REFRESH_TOKEN_AUTH</code>/<code>REFRESH_TOKEN</code>: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.</p> </li> <li> <p> <code>CUSTOM_AUTH</code>: Custom authentication flow.</p> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: Non-SRP authentication flow; you can pass in the USERNAME and PASSWORD directly if the flow is enabled for calling the app client.</p> </li> <li> <p> <code>ADMIN_USER_PASSWORD_AUTH</code>: Admin-based user password authentication. This replaces the <code>ADMIN_NO_SRP_AUTH</code> authentication flow. In this flow, Amazon Cognito receives the password in the request instead of using the SRP process to verify passwords.</p> </li> </ul>"
         },
         "AuthParameters":{
           "shape":"AuthParametersType",
-          "documentation":"<p>The authentication parameters. These are inputs corresponding to the <code>AuthFlow</code> that you are invoking. The required values depend on the value of <code>AuthFlow</code>:</p> <ul> <li> <p>For <code>USER_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SRP_A</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>REFRESH_TOKEN_AUTH/REFRESH_TOKEN</code>: <code>REFRESH_TOKEN</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>ADMIN_NO_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>PASSWORD</code> (required), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>CUSTOM_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>DEVICE_KEY</code>. To start the authentication flow with password verification, include <code>ChallengeName: SRP_A</code> and <code>SRP_A: (The SRP_A Value)</code>.</p> </li> </ul>"
+          "documentation":"<p>The authentication parameters. These are inputs corresponding to the <code>AuthFlow</code> that you're invoking. The required values depend on the value of <code>AuthFlow</code>:</p> <ul> <li> <p>For <code>USER_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SRP_A</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>REFRESH_TOKEN_AUTH/REFRESH_TOKEN</code>: <code>REFRESH_TOKEN</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>ADMIN_NO_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>PASSWORD</code> (required), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>CUSTOM_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>DEVICE_KEY</code>. To start the authentication flow with password verification, include <code>ChallengeName: SRP_A</code> and <code>SRP_A: (The SRP_A Value)</code>.</p> </li> </ul>"
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:</p> <ul> <li> <p>Pre signup</p> </li> <li> <p>Pre authentication</p> </li> <li> <p>User migration</p> </li> </ul> <p>When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a <code>validationData</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the <code>validationData</code> value to enhance your workflow for your specific needs.</p> <p>When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it does not provide the ClientMetadata value as input:</p> <ul> <li> <p>Post authentication</p> </li> <li> <p>Custom message</p> </li> <li> <p>Pre token generation</p> </li> <li> <p>Create auth challenge</p> </li> <li> <p>Define auth challenge</p> </li> <li> <p>Verify auth challenge</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminInitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:</p> <ul> <li> <p>Pre signup</p> </li> <li> <p>Pre authentication</p> </li> <li> <p>User migration</p> </li> </ul> <p>When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a <code>validationData</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminInitiateAuth request. In your function code in Lambda, you can process the <code>validationData</code> value to enhance your workflow for your specific needs.</p> <p>When you use the AdminInitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:</p> <ul> <li> <p>Post authentication</p> </li> <li> <p>Custom message</p> </li> <li> <p>Pre token generation</p> </li> <li> <p>Create auth challenge</p> </li> <li> <p>Define auth challenge</p> </li> <li> <p>Verify auth challenge</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         },
         "AnalyticsMetadata":{
           "shape":"AnalyticsMetadataType",
@@ -2517,19 +2517,19 @@
       "members":{
         "ChallengeName":{
           "shape":"ChallengeNameType",
-          "documentation":"<p>The name of the challenge which you are responding to with this call. This is returned to you in the <code>AdminInitiateAuth</code> response if you need to pass another challenge.</p> <ul> <li> <p> <code>MFA_SETUP</code>: If MFA is required, users who do not have at least one of the MFA methods set up are presented with an <code>MFA_SETUP</code> challenge. The user must set up at least one MFA type to continue to authenticate.</p> </li> <li> <p> <code>SELECT_MFA_TYPE</code>: Selects the MFA type. Valid MFA options are <code>SMS_MFA</code> for text SMS MFA, and <code>SOFTWARE_TOKEN_MFA</code> for TOTP software token MFA.</p> </li> <li> <p> <code>SMS_MFA</code>: Next challenge is to supply an <code>SMS_MFA_CODE</code>, delivered via SMS.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: Next challenge is to supply <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after the client-side SRP calculations.</p> </li> <li> <p> <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code>: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: This is returned if you need to authenticate with <code>USERNAME</code> and <code>PASSWORD</code> directly. An app client must be enabled to use this flow.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their passwords after successful first login. This challenge should be passed with <code>NEW_PASSWORD</code> and any other required attributes.</p> </li> <li> <p> <code>MFA_SETUP</code>: For users who are required to setup an MFA factor before they can sign-in. The MFA types enabled for the user pool will be listed in the challenge parameters <code>MFA_CAN_SETUP</code> value. </p> <p> To setup software token MFA, use the session returned here from <code>InitiateAuth</code> as an input to <code>AssociateSoftwareToken</code>, and use the session returned by <code>VerifySoftwareToken</code> as an input to <code>RespondToAuthChallenge</code> with challenge name <code>MFA_SETUP</code> to complete sign-in. To setup SMS MFA, users will need help from an administrator to add a phone number to their account and then call <code>InitiateAuth</code> again to restart sign-in.</p> </li> </ul>"
+          "documentation":"<p>The name of the challenge that you're responding to with this call. This is returned in the <code>AdminInitiateAuth</code> response if you must pass another challenge.</p> <ul> <li> <p> <code>MFA_SETUP</code>: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an <code>MFA_SETUP</code> challenge. The user must set up at least one MFA type to continue to authenticate.</p> </li> <li> <p> <code>SELECT_MFA_TYPE</code>: Selects the MFA type. Valid MFA options are <code>SMS_MFA</code> for text SMS MFA, and <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time password (TOTP) software token MFA.</p> </li> <li> <p> <code>SMS_MFA</code>: Next challenge is to supply an <code>SMS_MFA_CODE</code>, delivered via SMS.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: Next challenge is to supply <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after the client-side SRP calculations.</p> </li> <li> <p> <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code>: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: This is returned if you must authenticate with <code>USERNAME</code> and <code>PASSWORD</code> directly. An app client must be enabled to use this flow.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their passwords after successful first login. This challenge should be passed with <code>NEW_PASSWORD</code> and any other required attributes.</p> </li> <li> <p> <code>MFA_SETUP</code>: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters <code>MFA_CAN_SETUP</code> value. </p> <p> To set up software token MFA, use the session returned here from <code>InitiateAuth</code> as an input to <code>AssociateSoftwareToken</code>, and use the session returned by <code>VerifySoftwareToken</code> as an input to <code>RespondToAuthChallenge</code> with challenge name <code>MFA_SETUP</code> to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call <code>InitiateAuth</code> again to restart sign-in.</p> </li> </ul>"
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If <code>AdminInitiateAuth</code> or <code>AdminRespondToAuthChallenge</code> API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>AdminRespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. If <code>AdminInitiateAuth</code> or <code>AdminRespondToAuthChallenge</code> API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>AdminRespondToAuthChallenge</code> API call.</p>"
         },
         "ChallengeParameters":{
           "shape":"ChallengeParametersType",
-          "documentation":"<p>The challenge parameters. These are returned to you in the <code>AdminInitiateAuth</code> response if you need to pass another challenge. The responses in this parameter should be used to compute inputs to the next call (<code>AdminRespondToAuthChallenge</code>).</p> <p>All challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable).</p> <p>The value of the <code>USER_ID_FOR_SRP</code> attribute will be the user's actual username, not an alias (such as email address or phone number), even if you specified an alias in your call to <code>AdminInitiateAuth</code>. This is because, in the <code>AdminRespondToAuthChallenge</code> API <code>ChallengeResponses</code>, the <code>USERNAME</code> attribute cannot be an alias.</p>"
+          "documentation":"<p>The challenge parameters. These are returned to you in the <code>AdminInitiateAuth</code> response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (<code>AdminRespondToAuthChallenge</code>).</p> <p>All challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable).</p> <p>The value of the <code>USER_ID_FOR_SRP</code> attribute is the user's actual username, not an alias (such as email address or phone number), even if you specified an alias in your call to <code>AdminInitiateAuth</code>. This happens because, in the <code>AdminRespondToAuthChallenge</code> API <code>ChallengeResponses</code>, the <code>USERNAME</code> attribute can't be an alias.</p>"
         },
         "AuthenticationResult":{
           "shape":"AuthenticationResultType",
-          "documentation":"<p>The result of the authentication response. This is only returned if the caller does not need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, <code>ChallengeName</code>, <code>ChallengeParameters</code>, and <code>Session</code> are returned.</p>"
+          "documentation":"<p>The result of the authentication response. This is only returned if the caller doesn't need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, <code>ChallengeName</code>, <code>ChallengeParameters</code>, and <code>Session</code> are returned.</p>"
         }
       },
       "documentation":"<p>Initiates the authentication response, as an administrator.</p>"
@@ -2548,11 +2548,11 @@
         },
         "DestinationUser":{
           "shape":"ProviderUserIdentifierType",
-          "documentation":"<p>The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.</p> <p>For a native username + password user, the <code>ProviderAttributeValue</code> for the <code>DestinationUser</code> should be the username in the user pool. For a federated user, it should be the provider-specific <code>user_id</code>.</p> <p>The <code>ProviderAttributeName</code> of the <code>DestinationUser</code> is ignored.</p> <p>The <code>ProviderName</code> should be set to <code>Cognito</code> for users in Cognito user pools.</p>"
+          "documentation":"<p>The existing user in the user pool to be linked to the external identity provider user account. Can be a native (Username + Password) Amazon Cognito User Pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, an exception is thrown. This is the user that is returned when the new user (with the linked identity provider attribute) signs in.</p> <p>For a native username + password user, the <code>ProviderAttributeValue</code> for the <code>DestinationUser</code> should be the username in the user pool. For a federated user, it should be the provider-specific <code>user_id</code>.</p> <p>The <code>ProviderAttributeName</code> of the <code>DestinationUser</code> is ignored.</p> <p>The <code>ProviderName</code> should be set to <code>Cognito</code> for users in Cognito user pools.</p> <important> <p>All attributes in the DestinationUser profile must be mutable. If you have assigned the user any immutable custom attributes, the operation won't succeed.</p> </important>"
         },
         "SourceUser":{
           "shape":"ProviderUserIdentifierType",
-          "documentation":"<p>An external identity provider account for a user who does not currently exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.</p> <p>If the <code>SourceUser</code> is a federated social identity provider user (Facebook, Google, or Login with Amazon), you must set the <code>ProviderAttributeName</code> to <code>Cognito_Subject</code>. For social identity providers, the <code>ProviderName</code> will be <code>Facebook</code>, <code>Google</code>, or <code>LoginWithAmazon</code>, and Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for <code>id</code>, <code>sub</code>, and <code>user_id</code>, respectively. The <code>ProviderAttributeValue</code> for the user must be the same value as the <code>id</code>, <code>sub</code>, or <code>user_id</code> value found in the social identity provider token.</p> <p/> <p>For SAML, the <code>ProviderAttributeName</code> can be any value that matches a claim in the SAML assertion. If you wish to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML identity provider and submit that claim name as the <code>ProviderAttributeName</code>. If you set <code>ProviderAttributeName</code> to <code>Cognito_Subject</code>, Cognito will automatically parse the default unique identifier found in the subject from the SAML token.</p>"
+          "documentation":"<p>An external identity provider account for a user who doesn't exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.</p> <p>If the <code>SourceUser</code> is using a federated social identity provider, such as Facebook, Google, or Login with Amazon, you must set the <code>ProviderAttributeName</code> to <code>Cognito_Subject</code>. For social identity providers, the <code>ProviderName</code> will be <code>Facebook</code>, <code>Google</code>, or <code>LoginWithAmazon</code>, and Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for <code>id</code>, <code>sub</code>, and <code>user_id</code>, respectively. The <code>ProviderAttributeValue</code> for the user must be the same value as the <code>id</code>, <code>sub</code>, or <code>user_id</code> value found in the social identity provider token.</p> <p/> <p>For SAML, the <code>ProviderAttributeName</code> can be any value that matches a claim in the SAML assertion. If you want to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML identity provider and submit that claim name as the <code>ProviderAttributeName</code>. If you set <code>ProviderAttributeName</code> to <code>Cognito_Subject</code>, Amazon Cognito will automatically parse the default unique identifier found in the subject from the SAML token.</p>"
         }
       }
     },
@@ -2712,11 +2712,11 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user whose password you wish to reset.</p>"
+          "documentation":"<p>The user name of the user whose password you want to reset.</p>"
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminResetUserPassword API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminResetUserPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to reset a user's password as an administrator.</p>"
@@ -2749,11 +2749,11 @@
         },
         "ChallengeResponses":{
           "shape":"ChallengeResponsesType",
-          "documentation":"<p>The challenge responses. These are inputs corresponding to the value of <code>ChallengeName</code>, for example:</p> <ul> <li> <p> <code>SMS_MFA</code>: <code>SMS_MFA_CODE</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret).</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, <code>TIMESTAMP</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret).</p> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: <code>PASSWORD</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret). </p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: <code>NEW_PASSWORD</code>, any other required attributes, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret). </p> </li> <li> <p> <code>MFA_SETUP</code> requires <code>USERNAME</code>, plus you need to use the session value returned by <code>VerifySoftwareToken</code> in the <code>Session</code> parameter.</p> </li> </ul> <p>The value of the <code>USERNAME</code> attribute must be the user's actual username, not an alias (such as email address or phone number). To make this easier, the <code>AdminInitiateAuth</code> response includes the actual username value in the <code>USERNAMEUSER_ID_FOR_SRP</code> attribute, even if you specified an alias in your call to <code>AdminInitiateAuth</code>.</p>"
+          "documentation":"<p>The challenge responses. These are inputs corresponding to the value of <code>ChallengeName</code>, for example:</p> <ul> <li> <p> <code>SMS_MFA</code>: <code>SMS_MFA_CODE</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret).</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, <code>TIMESTAMP</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret).</p> <note> <p> <code>PASSWORD_VERIFIER</code> requires <code>DEVICE_KEY</code> when signing in with a remembered device.</p> </note> </li> <li> <p> <code>ADMIN_NO_SRP_AUTH</code>: <code>PASSWORD</code>, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret). </p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: <code>NEW_PASSWORD</code>, any other required attributes, <code>USERNAME</code>, <code>SECRET_HASH</code> (if app client is configured with client secret). </p> </li> <li> <p> <code>MFA_SETUP</code> requires <code>USERNAME</code>, plus you must use the session value returned by <code>VerifySoftwareToken</code> in the <code>Session</code> parameter.</p> </li> </ul> <p>The value of the <code>USERNAME</code> attribute must be the user's actual username, not an alias (such as an email address or phone number). To make this simpler, the <code>AdminInitiateAuth</code> response includes the actual username value in the <code>USERNAMEUSER_ID_FOR_SRP</code> attribute. This happens even if you specified an alias in your call to <code>AdminInitiateAuth</code>.</p>"
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If <code>InitiateAuth</code> or <code>RespondToAuthChallenge</code> API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. If an <code>InitiateAuth</code> or <code>RespondToAuthChallenge</code> API call determines that the caller must pass another challenge, it returns a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
         },
         "AnalyticsMetadata":{
           "shape":"AnalyticsMetadataType",
@@ -2765,7 +2765,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, <i>post authentication</i>, <i>user migration</i>, <i>pre token generation</i>, <i>define auth challenge</i>, <i>create auth challenge</i>, and <i>verify auth challenge response</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, <i>post authentication</i>, <i>user migration</i>, <i>pre token generation</i>, <i>define auth challenge</i>, <i>create auth challenge</i>, and <i>verify auth challenge response</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminRespondToAuthChallenge request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>The request to respond to the authentication challenge, as an administrator.</p>"
@@ -2779,7 +2779,7 @@
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
         },
         "ChallengeParameters":{
           "shape":"ChallengeParametersType",
@@ -2836,7 +2836,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user whose password you wish to set.</p>"
+          "documentation":"<p>The user name of the user whose password you want to set.</p>"
         },
         "Password":{
           "shape":"PasswordType",
@@ -2863,11 +2863,11 @@
       "members":{
         "UserPoolId":{
           "shape":"UserPoolIdType",
-          "documentation":"<p>The ID of the user pool that contains the user that you are setting options for.</p>"
+          "documentation":"<p>The ID of the user pool that contains the user whose options you're setting.</p>"
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user that you are setting options for.</p>"
+          "documentation":"<p>The user name of the user whose options you're setting.</p>"
         },
         "MFAOptions":{
           "shape":"MFAOptionListType",
@@ -2945,7 +2945,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The status response from the request to update the device, as an administrator.</p>"
+      "documentation":"<p>The status response to the request to update the device, as an administrator.</p>"
     },
     "AdminUpdateUserAttributesRequest":{
       "type":"structure",
@@ -2969,7 +2969,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the AdminUpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminUpdateUserAttributes request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to update the user's attributes as an administrator.</p>"
@@ -3044,11 +3044,11 @@
         },
         "ApplicationArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project for Pinpoint integration with the chosen User Pool Client. Amazon Cognito publishes events to the pinpoint project declared by the app ARN.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project for integration with the chosen User Pool Client. Amazon Cognito publishes events to the Amazon Pinpointproject declared by the app ARN.</p>"
         },
         "RoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.</p>"
+          "documentation":"<p>The ARN of an Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.</p>"
         },
         "ExternalId":{
           "shape":"StringType",
@@ -3059,7 +3059,7 @@
           "documentation":"<p>If <code>UserDataShared</code> is <code>true</code>, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.</p>"
         }
       },
-      "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.</p> <note> <p>In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region. </p> </note>"
+      "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.</p> <note> <p>In Regions where Pinpoint isn't available, User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In Regions where Pinpoint is available, User Pools will support sending events to Amazon Pinpoint projects within that same Region. </p> </note>"
     },
     "AnalyticsMetadataType":{
       "type":"structure",
@@ -3069,7 +3069,7 @@
           "documentation":"<p>The endpoint ID.</p>"
         }
       },
-      "documentation":"<p>An Amazon Pinpoint analytics endpoint.</p> <p>An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics.</p> <note> <p>Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.</p> </note>"
+      "documentation":"<p>An Amazon Pinpoint analytics endpoint.</p> <p>An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics.</p> <note> <p>Amazon Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region in which the user pool resides.</p> </note>"
     },
     "ArnType":{
       "type":"string",
@@ -3086,7 +3086,7 @@
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.</p>"
         }
       }
     },
@@ -3095,11 +3095,11 @@
       "members":{
         "SecretCode":{
           "shape":"SecretCodeType",
-          "documentation":"<p>A unique generated shared secret code that is used in the TOTP algorithm to generate a one time code.</p>"
+          "documentation":"<p>A unique generated shared secret code that is used in the time-based one-time password (TOTP) algorithm to generate a one-time code.</p>"
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. This allows authentication of the user as part of the MFA setup process.</p>"
         }
       }
     },
@@ -3185,7 +3185,7 @@
         },
         "EventContextData":{
           "shape":"EventContextDataType",
-          "documentation":"<p>The user context data captured at the time of an event request. It provides additional information about the client from which event the request is received.</p>"
+          "documentation":"<p>The user context data captured at the time of an event request. This value provides additional information about the client from which event the request is received.</p>"
         },
         "EventFeedback":{
           "shape":"EventFeedbackType",
@@ -3303,7 +3303,7 @@
       "members":{
         "ChallengeName":{
           "shape":"ChallengeName",
-          "documentation":"<p>The challenge name</p>"
+          "documentation":"<p>The challenge name.</p>"
         },
         "ChallengeResponse":{
           "shape":"ChallengeResponse",
@@ -3421,7 +3421,7 @@
           "documentation":"<p>The message provided when the code mismatch exception is thrown.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown if the provided code does not match what the server was expecting.</p>",
+      "documentation":"<p>This exception is thrown if the provided code doesn't match what the server was expecting.</p>",
       "exception":true
     },
     "CompletionMessageType":{
@@ -3439,7 +3439,7 @@
           "documentation":"<p>The event action.</p>"
         }
       },
-      "documentation":"<p>The compromised credentials actions type</p>"
+      "documentation":"<p>The compromised credentials actions type.</p>"
     },
     "CompromisedCredentialsEventActionType":{
       "type":"string",
@@ -3505,7 +3505,7 @@
       "members":{
         "UserConfirmationNecessary":{
           "shape":"BooleanType",
-          "documentation":"<p>Indicates whether the user confirmation is necessary to confirm the device response.</p>"
+          "documentation":"<p>Indicates whether the user confirmation must confirm the device response.</p>"
         }
       },
       "documentation":"<p>Confirms the device response.</p>"
@@ -3549,7 +3549,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the function that is assigned to the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmForgotPassword API action, Amazon Cognito invokes the function that is assigned to the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmForgotPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>The request representing the confirmation for a password reset.</p>"
@@ -3578,7 +3578,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user whose registration you wish to confirm.</p>"
+          "documentation":"<p>The user name of the user whose registration you want to confirm.</p>"
         },
         "ConfirmationCode":{
           "shape":"ConfirmationCodeType",
@@ -3598,7 +3598,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ConfirmSignUp API action, Amazon Cognito invokes the function that is assigned to the <i>post confirmation</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ConfirmSignUp request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to confirm registration of a user.</p>"
@@ -3634,7 +3634,7 @@
         },
         "ServerPath":{
           "shape":"StringType",
-          "documentation":"<p>Your server path where this API is invoked. </p>"
+          "documentation":"<p>Your server path where this API is invoked.</p>"
         },
         "HttpHeaders":{
           "shape":"HttpHeaderList",
@@ -3642,7 +3642,7 @@
         },
         "EncodedData":{
           "shape":"StringType",
-          "documentation":"<p>Encoded data containing device fingerprinting details, collected using the Amazon Cognito context data collection library.</p>"
+          "documentation":"<p>Encoded data containing device fingerprinting details collected using the Amazon Cognito context data collection library.</p>"
         }
       },
       "documentation":"<p>Contextual user data type used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>"
@@ -3668,11 +3668,11 @@
         },
         "RoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The role ARN for the group.</p>"
+          "documentation":"<p>The role Amazon Resource Name (ARN) for the group.</p>"
         },
         "Precedence":{
           "shape":"PrecedenceType",
-          "documentation":"<p>A nonnegative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower <code>Precedence</code> values take precedence over groups with higher or null <code>Precedence</code> values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN will be used in the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims in the user's tokens.</p> <p>Two groups can have the same <code>Precedence</code> value. If this happens, neither group takes precedence over the other. If two groups with the same <code>Precedence</code> have the same role ARN, that role is used in the <code>cognito:preferred_role</code> claim in tokens for users in each group. If the two groups have different role ARNs, the <code>cognito:preferred_role</code> claim is not set in users' tokens.</p> <p>The default <code>Precedence</code> value is null.</p>"
+          "documentation":"<p>A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower <code>Precedence</code> values take precedence over groups with higher ornull <code>Precedence</code> values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims.</p> <p>Two groups can have the same <code>Precedence</code> value. If this happens, neither group takes precedence over the other. If two groups with the same <code>Precedence</code> have the same role ARN, that role is used in the <code>cognito:preferred_role</code> claim in tokens for users in each group. If the two groups have different role ARNs, the <code>cognito:preferred_role</code> claim isn't set in users' tokens.</p> <p>The default <code>Precedence</code> value is null.</p>"
         }
       }
     },
@@ -3708,7 +3708,7 @@
         },
         "ProviderDetails":{
           "shape":"ProviderDetailsType",
-          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type.</p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>api_version</p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p>client_id</p> </li> <li> <p>team_id</p> </li> <li> <p>key_id</p> </li> <li> <p>private_key</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For OIDC providers:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>attributes_request_method</p> </li> <li> <p>oidc_issuer</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>authorize_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>token_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>jwks_uri <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p>MetadataFile OR MetadataURL</p> </li> <li> <p>IDPSignout <i>optional</i> </p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type.</p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>api_version</p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p>client_id</p> </li> <li> <p>team_id</p> </li> <li> <p>key_id</p> </li> <li> <p>private_key</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For OpenID Connect (OIDC) providers:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>attributes_request_method</p> </li> <li> <p>oidc_issuer</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>authorize_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>token_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>jwks_uri <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url_add_attributes <i>a read-only property that is set automatically</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p>MetadataFile OR MetadataURL</p> </li> <li> <p>IDPSignout (optional)</p> </li> </ul> </li> </ul>"
         },
         "AttributeMapping":{
           "shape":"AttributeMappingType",
@@ -3744,7 +3744,7 @@
         },
         "Identifier":{
           "shape":"ResourceServerIdentifierType",
-          "documentation":"<p>A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example, <code>https://my-weather-api.example.com</code>.</p>"
+          "documentation":"<p>A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located, such as <code>https://my-weather-api.example.com</code>.</p>"
         },
         "Name":{
           "shape":"ResourceServerNameType",
@@ -3752,7 +3752,7 @@
         },
         "Scopes":{
           "shape":"ResourceServerScopeListType",
-          "documentation":"<p>A list of scopes. Each scope is map, where the keys are <code>name</code> and <code>description</code>.</p>"
+          "documentation":"<p>A list of scopes. Each scope is a key-value map with the keys <code>name</code> and <code>description</code>.</p>"
         }
       }
     },
@@ -3784,7 +3784,7 @@
         },
         "CloudWatchLogsRoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The role ARN for the Amazon CloudWatch Logging role for the user import job.</p>"
+          "documentation":"<p>The role ARN for the Amazon CloudWatch Logs Logging role for the user import job.</p>"
         }
       },
       "documentation":"<p>Represents the request to create the user import job.</p>"
@@ -3820,19 +3820,19 @@
         },
         "RefreshTokenValidity":{
           "shape":"RefreshTokenValidityType",
-          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and can't be used.</p>"
         },
         "AccessTokenValidity":{
           "shape":"AccessTokenValidityType",
-          "documentation":"<p>The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in TokenValidityUnits.</p>"
+          "documentation":"<p>The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you will override the default time unit.</p>"
         },
         "IdTokenValidity":{
           "shape":"IdTokenValidityType",
-          "documentation":"<p>The time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in TokenValidityUnits.</p>"
+          "documentation":"<p>The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you will override the default time unit.</p>"
         },
         "TokenValidityUnits":{
           "shape":"TokenValidityUnitsType",
-          "documentation":"<p>The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.</p>"
+          "documentation":"<p>The units in which the validity times are represented. Default for RefreshToken is days, and default for ID and access tokens are hours.</p>"
         },
         "ReadAttributes":{
           "shape":"ClientPermissionListType",
@@ -3840,11 +3840,11 @@
         },
         "WriteAttributes":{
           "shape":"ClientPermissionListType",
-          "documentation":"<p>The user pool attributes that the app client can write to.</p> <p>If your app client allows users to sign in through an identity provider, this array must include all attributes that are mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client lacks write access to a mapped attribute, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html\">Specifying Identity Provider Attribute Mappings for Your User Pool</a>.</p>"
+          "documentation":"<p>The user pool attributes that the app client can write to.</p> <p>If your app client allows users to sign in through an identity provider, this array must include all attributes that are mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client lacks write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html\">Specifying Identity Provider Attribute Mappings for Your User Pool</a>.</p>"
         },
         "ExplicitAuthFlows":{
           "shape":"ExplicitAuthFlowsListType",
-          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are deprecated in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix cannot be used along with values without <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
+          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are no longer supported, in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix must be used only along with the <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP-based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
         },
         "SupportedIdentityProviders":{
           "shape":"SupportedIdentityProvidersListType",
@@ -3872,19 +3872,19 @@
         },
         "AllowedOAuthFlowsUserPoolClient":{
           "shape":"BooleanType",
-          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.</p>"
+          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.</p>"
         },
         "AnalyticsConfiguration":{
           "shape":"AnalyticsConfigurationType",
-          "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.</p> <note> <p>In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region. </p> </note>"
+          "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.</p> <note> <p>In Amazon Web Services Regions where isn't available, User Pools only supports sending events to Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions where is available, User Pools will support sending events to Amazon Pinpoint projects within that same Region. </p> </note>"
         },
         "PreventUserExistenceErrors":{
           "shape":"PreventUserExistenceErrorTypes",
-          "documentation":"<p>Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to <code>ENABLED</code> and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs will return a <code>UserNotFoundException</code> exception if the user does not exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the old behavior of Cognito where user existence related errors are not prevented.</p> </li> </ul> <note> <p>After February 15th 2020, the value of <code>PreventUserExistenceErrors</code> will default to <code>ENABLED</code> for newly created user pool clients if no value is provided.</p> </note>"
+          "documentation":"<p>Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs return a <code>UserNotFoundException</code> exception if the user doesn't exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.</p> </li> </ul>"
         },
         "EnableTokenRevocation":{
           "shape":"WrappedBooleanType",
-          "documentation":"<p>Enables or disables token revocation. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p> <p>If you don't include this parameter, token revocation is automatically enabled for the new user pool client.</p>"
+          "documentation":"<p>Activates or deactivates token revocation. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p> <p>If you don't include this parameter, token revocation is automatically activated for the new user pool client.</p>"
         }
       },
       "documentation":"<p>Represents the request to create a user pool client.</p>"
@@ -3908,7 +3908,7 @@
       "members":{
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>The domain string.</p>"
+          "documentation":"<p>The domain string. For custom domains, this is the fully-qualified domain name, such as <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is the prefix alone, such as <code>auth</code>.</p>"
         },
         "UserPoolId":{
           "shape":"UserPoolIdType",
@@ -3943,7 +3943,7 @@
         },
         "LambdaConfig":{
           "shape":"LambdaConfigType",
-          "documentation":"<p>The Lambda trigger configuration information for the new user pool.</p> <note> <p>In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you will need to make an extra call to add permission for these event sources to invoke your Lambda function.</p> <p/> <p>For more information on using the Lambda API to add permission, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html\"> AddPermission </a>. </p> <p>For adding permission using the CLI, see <a href=\"https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html\"> add-permission </a>.</p> </note>"
+          "documentation":"<p>The Lambda trigger configuration information for the new user pool.</p> <note> <p>In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.</p> <p/> <p>For more information on using the Lambda API to add permission, see<a href=\"https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html\"> AddPermission </a>. </p> <p>For adding permission using the CLI, see<a href=\"https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html\"> add-permission </a>.</p> </note>"
         },
         "AutoVerifiedAttributes":{
           "shape":"VerifiedAttributesListType",
@@ -3955,7 +3955,7 @@
         },
         "UsernameAttributes":{
           "shape":"UsernameAttributesListType",
-          "documentation":"<p>Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up.</p>"
+          "documentation":"<p>Specifies whether a user can use an email address or phone number as a username when they sign up.</p>"
         },
         "SmsVerificationMessage":{
           "shape":"SmsVerificationMessageType",
@@ -4007,15 +4007,15 @@
         },
         "UserPoolAddOns":{
           "shape":"UserPoolAddOnsType",
-          "documentation":"<p>Used to enable advanced security risk detection. Set the key <code>AdvancedSecurityMode</code> to the value \"AUDIT\".</p>"
+          "documentation":"<p>Enables advanced security risk detection. Set the key <code>AdvancedSecurityMode</code> to the value \"AUDIT\".</p>"
         },
         "UsernameConfiguration":{
           "shape":"UsernameConfigurationType",
-          "documentation":"<p>You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to <code>False</code>, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html\">UsernameConfigurationType</a>.</p>"
+          "documentation":"<p>Case sensitivity on the username input for the selected sign-in option. For example, when case sensitivity is set to <code>False</code>, users can sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html\">UsernameConfigurationType</a>.</p>"
         },
         "AccountRecoverySetting":{
           "shape":"AccountRecoverySettingType",
-          "documentation":"<p>Use this setting to define which verified available method a user can use to recover their password when they call <code>ForgotPassword</code>. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.</p>"
+          "documentation":"<p>The available verified method a user can use to recover their password when they call <code>ForgotPassword</code>. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.</p>"
         }
       },
       "documentation":"<p>Represents the request to create a user pool.</p>"
@@ -4062,11 +4062,11 @@
       "members":{
         "LambdaVersion":{
           "shape":"CustomEmailSenderLambdaVersionType",
-          "documentation":"<p>The Lambda version represents the signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom email Lambda function. The only supported value is <code>V1_0</code>.</p>"
+          "documentation":"<p>Signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom email Lambda function. The only supported value is <code>V1_0</code>.</p>"
         },
         "LambdaArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send email notifications to users.</p>"
         }
       },
       "documentation":"<p>A custom email sender Lambda configuration type.</p>"
@@ -4084,11 +4084,11 @@
       "members":{
         "LambdaVersion":{
           "shape":"CustomSMSSenderLambdaVersionType",
-          "documentation":"<p>The Lambda version represents the signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is <code>V1_0</code>.</p>"
+          "documentation":"<p>Signature of the \"request\" attribute in the \"event\" information that Amazon Cognito passes to your custom SMS Lambda function. The only supported value is <code>V1_0</code>.</p>"
         },
         "LambdaArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda function that Amazon Cognito activates to send SMS notifications to users.</p>"
         }
       },
       "documentation":"<p>A custom SMS sender Lambda configuration type.</p>"
@@ -4165,7 +4165,7 @@
       "members":{
         "UserAttributeNames":{
           "shape":"AttributeNameListType",
-          "documentation":"<p>An array of strings representing the user attribute names you wish to delete.</p> <p>For custom attributes, you must prepend the <code>custom:</code> prefix to the attribute name.</p>"
+          "documentation":"<p>An array of strings representing the user attribute names you want to delete.</p> <p>For custom attributes, you must prependattach the <code>custom:</code> prefix to the front of the attribute name.</p>"
         },
         "AccessToken":{
           "shape":"TokenModelType",
@@ -4207,7 +4207,7 @@
       "members":{
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>The domain string.</p>"
+          "documentation":"<p>The domain string. For custom domains, this is the fully-qualified domain name, such as <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is the prefix alone, such as <code>auth</code>.</p>"
         },
         "UserPoolId":{
           "shape":"UserPoolIdType",
@@ -4393,7 +4393,7 @@
       "members":{
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>The domain string.</p>"
+          "documentation":"<p>The domain string. For custom domains, this is the fully-qualified domain name, such as <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is the prefix alone, such as <code>auth</code>.</p>"
         }
       }
     },
@@ -4436,14 +4436,14 @@
       "members":{
         "ChallengeRequiredOnNewDevice":{
           "shape":"BooleanType",
-          "documentation":"<p>Indicates whether a challenge is required on a new device. Only applicable to a new device.</p>"
+          "documentation":"<p>When true, device authentication can replace SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).</p> <note> <p>Users that sign in with devices that have not been confirmed or remembered will still have to provide a second factor, whether or not ChallengeRequiredOnNewDevice is true, when your user pool requires MFA.</p> </note>"
         },
         "DeviceOnlyRememberedOnUserPrompt":{
           "shape":"BooleanType",
-          "documentation":"<p>If true, a device is only remembered on user prompt.</p>"
+          "documentation":"<p>When true, users can opt in to remembering their device. Your app code must use callback functions to return the user's choice.</p>"
         }
       },
-      "documentation":"<p>The configuration for the user pool's device tracking.</p>"
+      "documentation":"<p>The device tracking configuration for a user pool. A user pool with device tracking deactivated returns a null value.</p> <note> <p>When you provide values for any DeviceConfiguration field, you activate device tracking.</p> </note>"
     },
     "DeviceKeyType":{
       "type":"string",
@@ -4479,7 +4479,7 @@
           "documentation":"<p>The salt.</p>"
         }
       },
-      "documentation":"<p>The device verifier against which it will be authenticated.</p>"
+      "documentation":"<p>The device verifier against which it is authenticated.</p>"
     },
     "DeviceType":{
       "type":"structure",
@@ -4502,7 +4502,7 @@
         },
         "DeviceLastAuthenticatedDate":{
           "shape":"DateType",
-          "documentation":"<p>The date in which the device was last authenticated.</p>"
+          "documentation":"<p>The date when the device was last authenticated.</p>"
         }
       },
       "documentation":"<p>The device type.</p>"
@@ -4516,19 +4516,19 @@
         },
         "AWSAccountId":{
           "shape":"AWSAccountIdType",
-          "documentation":"<p>The account ID for the user pool owner.</p>"
+          "documentation":"<p>The Amazon Web Services ID for the user pool owner.</p>"
         },
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>The domain string.</p>"
+          "documentation":"<p>The domain string. For custom domains, this is the fully-qualified domain name, such as <code>auth.example.com</code>. For Amazon Cognito prefix domains, this is the prefix alone, such as <code>auth</code>.</p>"
         },
         "S3Bucket":{
           "shape":"S3BucketType",
-          "documentation":"<p>The S3 bucket where the static files for this domain are stored.</p>"
+          "documentation":"<p>The Amazon S3 bucket where the static files for this domain are stored.</p>"
         },
         "CloudFrontDistribution":{
           "shape":"StringType",
-          "documentation":"<p>The ARN of the CloudFront distribution.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon CloudFront distribution.</p>"
         },
         "Version":{
           "shape":"DomainVersionType",
@@ -4583,26 +4583,26 @@
       "members":{
         "SourceArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of a verified email address in Amazon SES. This email address is used in one of the following ways, depending on the value that you specify for the <code>EmailSendingAccount</code> parameter:</p> <ul> <li> <p>If you specify <code>COGNITO_DEFAULT</code>, Amazon Cognito uses this address as the custom FROM address when it emails your users by using its built-in email account.</p> </li> <li> <p>If you specify <code>DEVELOPER</code>, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.</p> </li> </ul>"
+          "documentation":"<p>The ARN of a verified email address in Amazon SES. Amazon Cognito uses this email address in one of the following ways, depending on the value that you specify for the <code>EmailSendingAccount</code> parameter:</p> <ul> <li> <p>If you specify <code>COGNITO_DEFAULT</code>, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.</p> </li> <li> <p>If you specify <code>DEVELOPER</code>, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.</p> </li> </ul>"
         },
         "ReplyToEmailAddress":{
           "shape":"EmailAddressType",
-          "documentation":"<p>The destination to which the receiver of the email should reply to.</p>"
+          "documentation":"<p>The destination to which the receiver of the email should reply.</p>"
         },
         "EmailSendingAccount":{
           "shape":"EmailSendingAccountType",
-          "documentation":"<p>Specifies whether Amazon Cognito emails your users by using its built-in email functionality or your Amazon SES email configuration. Specify one of the following values:</p> <dl> <dt>COGNITO_DEFAULT</dt> <dd> <p>When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is below the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.</p> <p>To look up the email delivery limit for the default option, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html\">Limits in Amazon Cognito</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <p>The default FROM address is no-reply@verificationemail.com. To customize the FROM address, provide the ARN of an Amazon SES verified email address for the <code>SourceArn</code> parameter.</p> <p> If EmailSendingAccount is COGNITO_DEFAULT, the following parameters aren't allowed:</p> <ul> <li> <p>EmailVerificationMessage</p> </li> <li> <p>EmailVerificationSubject</p> </li> <li> <p>InviteMessageTemplate.EmailMessage</p> </li> <li> <p>InviteMessageTemplate.EmailSubject</p> </li> <li> <p>VerificationMessageTemplate.EmailMessage</p> </li> <li> <p>VerificationMessageTemplate.EmailMessageByLink</p> </li> <li> <p>VerificationMessageTemplate.EmailSubject,</p> </li> <li> <p>VerificationMessageTemplate.EmailSubjectByLink</p> </li> </ul> <note> <p>DEVELOPER EmailSendingAccount is required.</p> </note> </dd> <dt>DEVELOPER</dt> <dd> <p>When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your account.</p> <p>If you use this option, you must provide the ARN of an Amazon SES verified email address for the <code>SourceArn</code> parameter.</p> <p>Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a <i>service-linked role</i>, which is a type of IAM role, in your account. This role contains the permissions that allow Amazon Cognito to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html\">Using Service-Linked Roles for Amazon Cognito</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </dd> </dl>"
+          "documentation":"<p>Specifies whether Amazon Cognito emails your users by using its built-in email functionality or your Amazon Simple Email Service email configuration. Specify one of the following values:</p> <dl> <dt>COGNITO_DEFAULT</dt> <dd> <p>When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.</p> <p>To look up the email delivery limit for the default option, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html\">Limits in </a> in the <i> Developer Guide</i>.</p> <p>The default FROM address is <code>no-reply@verificationemail.com</code>. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the <code>SourceArn</code> parameter.</p> <p> If EmailSendingAccount is COGNITO_DEFAULT, you can't use the following parameters:</p> <ul> <li> <p>EmailVerificationMessage</p> </li> <li> <p>EmailVerificationSubject</p> </li> <li> <p>InviteMessageTemplate.EmailMessage</p> </li> <li> <p>InviteMessageTemplate.EmailSubject</p> </li> <li> <p>VerificationMessageTemplate.EmailMessage</p> </li> <li> <p>VerificationMessageTemplate.EmailMessageByLink</p> </li> <li> <p>VerificationMessageTemplate.EmailSubject,</p> </li> <li> <p>VerificationMessageTemplate.EmailSubjectByLink</p> </li> </ul> <note> <p>DEVELOPER EmailSendingAccount is required.</p> </note> </dd> <dt>DEVELOPER</dt> <dd> <p>When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your Amazon Web Services account.</p> <p>If you use this option, you must provide the ARN of an Amazon SES verified email address for the <code>SourceArn</code> parameter.</p> <p>Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a <i>service-linked role</i>, which is a type of role, in your Amazon Web Services account. This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html\">Using Service-Linked Roles for Amazon Cognito</a> in the <i>Amazon Cognito Developer Guide</i>.</p> </dd> </dl>"
         },
         "From":{
           "shape":"StringType",
-          "documentation":"<p>Identifies either the sender’s email address or the sender’s name with their email address. For example, <code>testuser@example.com</code> or <code>Test User &lt;testuser@example.com&gt;</code>. This address will appear before the body of the email.</p>"
+          "documentation":"<p>Either the sender’s email address or the sender’s name with their email address. For example, <code>testuser@example.com</code> or <code>Test User &lt;testuser@example.com&gt;</code>. This address appears before the body of the email.</p>"
         },
         "ConfigurationSet":{
           "shape":"SESConfigurationSet",
-          "documentation":"<p>The set of configuration rules that can be applied to emails sent using Amazon SES. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails: </p> <ul> <li> <p>Event publishing – Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as SNS and CloudWatch.</p> </li> <li> <p>IP pool management – When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.</p> </li> </ul>"
+          "documentation":"<p>The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails: </p> <ul> <li> <p>Event publishing – Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other Amazon Web Services services such as and Amazon CloudWatch.</p> </li> <li> <p>IP pool management – When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>The email configuration type. </p> <note> <p>Amazon Cognito has specific regions for use with Amazon SES. For more information on the supported regions, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html\">Email Settings for Amazon Cognito User Pools</a>.</p> </note>"
+      "documentation":"<p>The email configuration type.</p> <note> <p>Amazon Cognito has specific Regions for use with Amazon Simple Email Service. For more information on the supported Regions, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html\">Email settings for Amazon Cognito user pools</a>.</p> </note>"
     },
     "EmailNotificationBodyType":{
       "type":"string",
@@ -4834,7 +4834,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, and <i>user migration</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ForgotPassword API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, and <i>user migration</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ForgotPassword request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to reset a user's password.</p>"
@@ -4859,7 +4859,7 @@
           "documentation":"<p>The user pool ID for the user pool that the users are to be imported into.</p>"
         }
       },
-      "documentation":"<p>Represents the request to get the header information for the .csv file for the user import job.</p>"
+      "documentation":"<p>Represents the request to get the header information of the CSV file for the user import job.</p>"
     },
     "GetCSVHeaderResponse":{
       "type":"structure",
@@ -4870,10 +4870,10 @@
         },
         "CSVHeader":{
           "shape":"ListOfStringTypes",
-          "documentation":"<p>The header information for the .csv file for the user import job.</p>"
+          "documentation":"<p>The header information of the CSV file for the user import job.</p>"
         }
       },
-      "documentation":"<p>Represents the response from the server to the request to get the header information for the .csv file for the user import job.</p>"
+      "documentation":"<p>Represents the response from the server to the request to get the header information of the CSV file for the user import job.</p>"
     },
     "GetDeviceRequest":{
       "type":"structure",
@@ -4963,7 +4963,7 @@
           "documentation":"<p>The user pool ID.</p>"
         }
       },
-      "documentation":"<p>Request to get a signing certificate from Cognito.</p>"
+      "documentation":"<p>Request to get a signing certificate from Amazon Cognito.</p>"
     },
     "GetSigningCertificateResponse":{
       "type":"structure",
@@ -4973,7 +4973,7 @@
           "documentation":"<p>The signing certificate.</p>"
         }
       },
-      "documentation":"<p>Response from Cognito for a signing certificate request.</p>"
+      "documentation":"<p>Response from Amazon Cognito for a signing certificate request.</p>"
     },
     "GetUICustomizationRequest":{
       "type":"structure",
@@ -5016,7 +5016,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the GetUserAttributeVerificationCode API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your GetUserAttributeVerificationCode request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to get user attribute verification.</p>"
@@ -5054,7 +5054,7 @@
         },
         "MfaConfiguration":{
           "shape":"UserPoolMfaType",
-          "documentation":"<p>The multi-factor (MFA) configuration. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA will not be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor enabled.</p> </li> </ul>"
+          "documentation":"<p>The multi-factor (MFA) configuration. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA won't be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor activated.</p> </li> </ul>"
         }
       }
     },
@@ -5078,7 +5078,7 @@
       "members":{
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to retrieve from the get user request.</p>"
+          "documentation":"<p>The user name of the user you want to retrieve from the get user request.</p>"
         },
         "UserAttributes":{
           "shape":"AttributeListType",
@@ -5086,7 +5086,7 @@
         },
         "MFAOptions":{
           "shape":"MFAOptionListType",
-          "documentation":"<p> <i>This response parameter is no longer supported.</i> It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.</p>"
+          "documentation":"<p> <i>This response parameter is no longer supported.</i> It provides information only about SMS MFA configurations. It doesn't provide information about time-based one-time password (TOTP) software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.</p>"
         },
         "PreferredMfaSetting":{
           "shape":"StringType",
@@ -5094,7 +5094,7 @@
         },
         "UserMFASettingList":{
           "shape":"UserMFASettingListType",
-          "documentation":"<p>The MFA options that are enabled for the user. The possible values in this list are <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>"
+          "documentation":"<p>The MFA options that are activated for the user. The possible values in this list are <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>"
         }
       },
       "documentation":"<p>Represents the response from the server from the request to get information about the user.</p>"
@@ -5151,11 +5151,11 @@
         },
         "RoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The role ARN for the group.</p>"
+          "documentation":"<p>The role Amazon Resource Name (ARN) for the group.</p>"
         },
         "Precedence":{
           "shape":"PrecedenceType",
-          "documentation":"<p>A nonnegative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. If a user belongs to two or more groups, it is the group with the highest precedence whose role ARN will be used in the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims in the user's tokens. Groups with higher <code>Precedence</code> values take precedence over groups with lower <code>Precedence</code> values or with null <code>Precedence</code> values.</p> <p>Two groups can have the same <code>Precedence</code> value. If this happens, neither group takes precedence over the other. If two groups with the same <code>Precedence</code> have the same role ARN, that role is used in the <code>cognito:preferred_role</code> claim in tokens for users in each group. If the two groups have different role ARNs, the <code>cognito:preferred_role</code> claim is not set in users' tokens.</p> <p>The default <code>Precedence</code> value is null.</p>"
+          "documentation":"<p>A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower <code>Precedence</code> values take precedence over groups with higher ornull <code>Precedence</code> values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims.</p> <p>Two groups can have the same <code>Precedence</code> value. If this happens, neither group takes precedence over the other. If two groups with the same <code>Precedence</code> have the same role ARN, that role is used in the <code>cognito:preferred_role</code> claim in tokens for users in each group. If the two groups have different role ARNs, the <code>cognito:preferred_role</code> claim isn't set in users' tokens.</p> <p>The default <code>Precedence</code> value is null.</p>"
         },
         "LastModifiedDate":{
           "shape":"DateType",
@@ -5177,7 +5177,7 @@
       "members":{
         "headerName":{
           "shape":"StringType",
-          "documentation":"<p>The header name</p>"
+          "documentation":"<p>The header name.</p>"
         },
         "headerValue":{
           "shape":"StringType",
@@ -5212,7 +5212,7 @@
         },
         "ProviderDetails":{
           "shape":"ProviderDetailsType",
-          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type.</p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>api_version</p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p>client_id</p> </li> <li> <p>team_id</p> </li> <li> <p>key_id</p> </li> <li> <p>private_key</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For OIDC providers:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>attributes_request_method</p> </li> <li> <p>oidc_issuer</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>authorize_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>token_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>jwks_uri <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p>MetadataFile OR MetadataURL</p> </li> <li> <p>IDPSignOut <i>optional</i> </p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type.</p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>api_version</p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p>client_id</p> </li> <li> <p>team_id</p> </li> <li> <p>key_id</p> </li> <li> <p>private_key</p> </li> <li> <p>authorize_scopes</p> </li> </ul> </li> <li> <p>For OIDC providers:</p> <ul> <li> <p>client_id</p> </li> <li> <p>client_secret</p> </li> <li> <p>attributes_request_method</p> </li> <li> <p>oidc_issuer</p> </li> <li> <p>authorize_scopes</p> </li> <li> <p>authorize_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>token_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>jwks_uri <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p>attributes_url_add_attributes <i>a read-only property that is set automatically</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p>MetadataFile or MetadataURL</p> </li> <li> <p>IDPSignOut <i>optional</i> </p> </li> </ul> </li> </ul>"
         },
         "AttributeMapping":{
           "shape":"AttributeMappingType",
@@ -5267,15 +5267,15 @@
       "members":{
         "AuthFlow":{
           "shape":"AuthFlowType",
-          "documentation":"<p>The authentication flow for this call to execute. The API action will depend on this value. For example: </p> <ul> <li> <p> <code>REFRESH_TOKEN_AUTH</code> will take in a valid refresh token and return new tokens.</p> </li> <li> <p> <code>USER_SRP_AUTH</code> will take in <code>USERNAME</code> and <code>SRP_A</code> and return the SRP variables to be used for next challenge execution.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code> will take in <code>USERNAME</code> and <code>PASSWORD</code> and return the next challenge or tokens.</p> </li> </ul> <p>Valid values include:</p> <ul> <li> <p> <code>USER_SRP_AUTH</code>: Authentication flow for the Secure Remote Password (SRP) protocol.</p> </li> <li> <p> <code>REFRESH_TOKEN_AUTH</code>/<code>REFRESH_TOKEN</code>: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.</p> </li> <li> <p> <code>CUSTOM_AUTH</code>: Custom authentication flow.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code>: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if the USERNAME is not found in the user pool. </p> </li> <li> <p> <code>ADMIN_USER_PASSWORD_AUTH</code>: Admin-based user password authentication. This replaces the <code>ADMIN_NO_SRP_AUTH</code> authentication flow. In this flow, Cognito receives the password in the request instead of using the SRP process to verify passwords.</p> </li> </ul> <p> <code>ADMIN_NO_SRP_AUTH</code> is not a valid value.</p>"
+          "documentation":"<p>The authentication flow for this call to run. The API action will depend on this value. For example:</p> <ul> <li> <p> <code>REFRESH_TOKEN_AUTH</code> takes in a valid refresh token and returns new tokens.</p> </li> <li> <p> <code>USER_SRP_AUTH</code> takes in <code>USERNAME</code> and <code>SRP_A</code> and returns the SRP variables to be used for next challenge execution.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code> takes in <code>USERNAME</code> and <code>PASSWORD</code> and returns the next challenge or tokens.</p> </li> </ul> <p>Valid values include:</p> <ul> <li> <p> <code>USER_SRP_AUTH</code>: Authentication flow for the Secure Remote Password (SRP) protocol.</p> </li> <li> <p> <code>REFRESH_TOKEN_AUTH</code>/<code>REFRESH_TOKEN</code>: Authentication flow for refreshing the access token and ID token by supplying a valid refresh token.</p> </li> <li> <p> <code>CUSTOM_AUTH</code>: Custom authentication flow.</p> </li> <li> <p> <code>USER_PASSWORD_AUTH</code>: Non-SRP authentication flow; USERNAME and PASSWORD are passed directly. If a user migration Lambda trigger is set, this flow will invoke the user migration Lambda if it doesn't find the USERNAME in the user pool. </p> </li> </ul> <p> <code>ADMIN_NO_SRP_AUTH</code> isn't a valid value.</p>"
         },
         "AuthParameters":{
           "shape":"AuthParametersType",
-          "documentation":"<p>The authentication parameters. These are inputs corresponding to the <code>AuthFlow</code> that you are invoking. The required values depend on the value of <code>AuthFlow</code>:</p> <ul> <li> <p>For <code>USER_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SRP_A</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>REFRESH_TOKEN_AUTH/REFRESH_TOKEN</code>: <code>REFRESH_TOKEN</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>CUSTOM_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>DEVICE_KEY</code>. To start the authentication flow with password verification, include <code>ChallengeName: SRP_A</code> and <code>SRP_A: (The SRP_A Value)</code>.</p> </li> </ul>"
+          "documentation":"<p>The authentication parameters. These are inputs corresponding to the <code>AuthFlow</code> that you're invoking. The required values depend on the value of <code>AuthFlow</code>:</p> <ul> <li> <p>For <code>USER_SRP_AUTH</code>: <code>USERNAME</code> (required), <code>SRP_A</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>REFRESH_TOKEN_AUTH/REFRESH_TOKEN</code>: <code>REFRESH_TOKEN</code> (required), <code>SECRET_HASH</code> (required if the app client is configured with a client secret), <code>DEVICE_KEY</code>.</p> </li> <li> <p>For <code>CUSTOM_AUTH</code>: <code>USERNAME</code> (required), <code>SECRET_HASH</code> (if app client is configured with client secret), <code>DEVICE_KEY</code>. To start the authentication flow with password verification, include <code>ChallengeName: SRP_A</code> and <code>SRP_A: (The SRP_A Value)</code>.</p> </li> </ul>"
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:</p> <ul> <li> <p>Pre signup</p> </li> <li> <p>Pre authentication</p> </li> <li> <p>User migration</p> </li> </ul> <p>When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a <code>validationData</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the <code>validationData</code> value to enhance your workflow for your specific needs.</p> <p>When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it does not provide the ClientMetadata value as input:</p> <ul> <li> <p>Post authentication</p> </li> <li> <p>Custom message</p> </li> <li> <p>Pre token generation</p> </li> <li> <p>Create auth challenge</p> </li> <li> <p>Define auth challenge</p> </li> <li> <p>Verify auth challenge</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for certain custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the InitiateAuth API action, Amazon Cognito invokes the Lambda functions that are specified for various triggers. The ClientMetadata value is passed as input to the functions for only the following triggers:</p> <ul> <li> <p>Pre signup</p> </li> <li> <p>Pre authentication</p> </li> <li> <p>User migration</p> </li> </ul> <p>When Amazon Cognito invokes the functions for these triggers, it passes a JSON payload, which the function receives as input. This payload contains a <code>validationData</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your InitiateAuth request. In your function code in Lambda, you can process the <code>validationData</code> value to enhance your workflow for your specific needs.</p> <p>When you use the InitiateAuth API action, Amazon Cognito also invokes the functions for the following triggers, but it doesn't provide the ClientMetadata value as input:</p> <ul> <li> <p>Post authentication</p> </li> <li> <p>Custom message</p> </li> <li> <p>Pre token generation</p> </li> <li> <p>Create auth challenge</p> </li> <li> <p>Define auth challenge</p> </li> <li> <p>Verify auth challenge</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         },
         "ClientId":{
           "shape":"ClientIdType",
@@ -5297,19 +5297,19 @@
       "members":{
         "ChallengeName":{
           "shape":"ChallengeNameType",
-          "documentation":"<p>The name of the challenge which you are responding to with this call. This is returned to you in the <code>AdminInitiateAuth</code> response if you need to pass another challenge.</p> <p>Valid values include the following. Note that all of these challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable) in the parameters.</p> <ul> <li> <p> <code>SMS_MFA</code>: Next challenge is to supply an <code>SMS_MFA_CODE</code>, delivered via SMS.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: Next challenge is to supply <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after the client-side SRP calculations.</p> </li> <li> <p> <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code>: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their passwords after successful first login. This challenge should be passed with <code>NEW_PASSWORD</code> and any other required attributes.</p> </li> <li> <p> <code>MFA_SETUP</code>: For users who are required to setup an MFA factor before they can sign-in. The MFA types enabled for the user pool will be listed in the challenge parameters <code>MFA_CAN_SETUP</code> value. </p> <p> To setup software token MFA, use the session returned here from <code>InitiateAuth</code> as an input to <code>AssociateSoftwareToken</code>, and use the session returned by <code>VerifySoftwareToken</code> as an input to <code>RespondToAuthChallenge</code> with challenge name <code>MFA_SETUP</code> to complete sign-in. To setup SMS MFA, users will need help from an administrator to add a phone number to their account and then call <code>InitiateAuth</code> again to restart sign-in.</p> </li> </ul>"
+          "documentation":"<p>The name of the challenge that you're responding to with this call. This name is returned in the <code>AdminInitiateAuth</code> response if you must pass another challenge.</p> <p>Valid values include the following. Note that all of these challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable) in the parameters.</p> <ul> <li> <p> <code>SMS_MFA</code>: Next challenge is to supply an <code>SMS_MFA_CODE</code>, delivered via SMS.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: Next challenge is to supply <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after the client-side SRP calculations.</p> </li> <li> <p> <code>CUSTOM_CHALLENGE</code>: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code>: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: For users who are required to change their passwords after successful first login. This challenge should be passed with <code>NEW_PASSWORD</code> and any other required attributes.</p> </li> <li> <p> <code>MFA_SETUP</code>: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters <code>MFA_CAN_SETUP</code> value. </p> <p> To set up software token MFA, use the session returned here from <code>InitiateAuth</code> as an input to <code>AssociateSoftwareToken</code>. Use the session returned by <code>VerifySoftwareToken</code> as an input to <code>RespondToAuthChallenge</code> with challenge name <code>MFA_SETUP</code> to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call <code>InitiateAuth</code> again to restart sign-in.</p> </li> </ul>"
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should pass both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
         },
         "ChallengeParameters":{
           "shape":"ChallengeParametersType",
-          "documentation":"<p>The challenge parameters. These are returned to you in the <code>InitiateAuth</code> response if you need to pass another challenge. The responses in this parameter should be used to compute inputs to the next call (<code>RespondToAuthChallenge</code>). </p> <p>All challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable).</p>"
+          "documentation":"<p>The challenge parameters. These are returned in the <code>InitiateAuth</code> response if you must pass another challenge. The responses in this parameter should be used to compute inputs to the next call (<code>RespondToAuthChallenge</code>). </p> <p>All challenges require <code>USERNAME</code> and <code>SECRET_HASH</code> (if applicable).</p>"
         },
         "AuthenticationResult":{
           "shape":"AuthenticationResultType",
-          "documentation":"<p>The result of the authentication response. This is only returned if the caller does not need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, <code>ChallengeName</code>, <code>ChallengeParameters</code>, and <code>Session</code> are returned.</p>"
+          "documentation":"<p>The result of the authentication response. This result is only returned if the caller doesn't need to pass another challenge. If the caller does need to pass another challenge before it gets tokens, <code>ChallengeName</code>, <code>ChallengeParameters</code>, and <code>Session</code> are returned.</p>"
         }
       },
       "documentation":"<p>Initiates the authentication response.</p>"
@@ -5332,10 +5332,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when you have an unverified email address or the identity policy is not set on an email address that Amazon Cognito can access.</p>"
+          "documentation":"<p>The message returned when you have an unverified email address or the identity policy isn't set on an email address that Amazon Cognito can access.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTP status code: 400.</p>",
+      "documentation":"<p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP status code: 400.</p>",
       "exception":true
     },
     "InvalidLambdaResponseException":{
@@ -5343,10 +5343,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the Amazon Cognito service throws an invalid Lambda response exception.</p>"
+          "documentation":"<p>The message returned when Amazon Cognito hrows an invalid Lambda response exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the Amazon Cognito service encounters an invalid Lambda response.</p>",
+      "documentation":"<p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>",
       "exception":true
     },
     "InvalidOAuthFlowException":{
@@ -5354,7 +5354,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when the specified OAuth flow is invalid.</p>",
+      "documentation":"<p>This exception is thrown when the specified OAuth flow is not valid.</p>",
       "exception":true
     },
     "InvalidParameterException":{
@@ -5373,10 +5373,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the Amazon Cognito service throws an invalid user password exception.</p>"
+          "documentation":"<p>The message returned when Amazon Cognito throws an invalid user password exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the Amazon Cognito service encounters an invalid password.</p>",
+      "documentation":"<p>This exception is thrown when Amazon Cognito encounters an invalid password.</p>",
       "exception":true
     },
     "InvalidSmsRoleAccessPolicyException":{
@@ -5384,10 +5384,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message retuned when the invalid SMS role access policy exception is thrown.</p>"
+          "documentation":"<p>The message returned when the invalid SMS role access policy exception is thrown.</p>"
         }
       },
-      "documentation":"<p>This exception is returned when the role provided for SMS configuration does not have permission to publish using Amazon SNS.</p>",
+      "documentation":"<p>This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS.</p>",
       "exception":true
     },
     "InvalidSmsRoleTrustRelationshipException":{
@@ -5395,10 +5395,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the role trust relationship for the SMS message is invalid.</p>"
+          "documentation":"<p>The message returned when the role trust relationship for the SMS message is not valid.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the trust relationship is invalid for the role provided for SMS configuration. This can happen if you do not trust <code>cognito-idp.amazonaws.com</code> or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool.</p>",
+      "documentation":"<p>This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust <code>cognito-idp.amazonaws.com</code> or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool.</p>",
       "exception":true
     },
     "InvalidUserPoolConfigurationException":{
@@ -5406,10 +5406,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the user pool configuration is invalid.</p>"
+          "documentation":"<p>The message returned when the user pool configuration is not valid.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the user pool configuration is invalid.</p>",
+      "documentation":"<p>This exception is thrown when the user pool configuration is not valid.</p>",
       "exception":true
     },
     "LambdaConfigType":{
@@ -5465,7 +5465,7 @@
         },
         "KMSKeyID":{
           "shape":"ArnType",
-          "documentation":"<p>The Amazon Resource Name of Key Management Service <a href=\"/kms/latest/developerguide/concepts.html#master_keys\">Customer master keys</a> . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to <code>CustomEmailSender</code> and <code>CustomSMSSender</code>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an <a href=\"/kms/latest/developerguide/concepts.html#master_keys\">KMS key</a>. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to <code>CustomEmailSender</code> and <code>CustomSMSSender</code>.</p>"
         }
       },
       "documentation":"<p>Specifies the configuration for Lambda triggers.</p>"
@@ -5800,7 +5800,7 @@
         },
         "Filter":{
           "shape":"UserFilterType",
-          "documentation":"<p>A filter string of the form \"<i>AttributeName</i> <i>Filter-Type</i> \"<i>AttributeValue</i>\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"<code>family_name</code> = \\\"Reddy\\\"\".</p> <ul> <li> <p> <i>AttributeName</i>: The name of the attribute to search for. You can only search for one attribute at a time.</p> </li> <li> <p> <i>Filter-Type</i>: For an exact match, use =, for example, \"<code>given_name</code> = \\\"Jon\\\"\". For a prefix (\"starts with\") match, use ^=, for example, \"<code>given_name</code> ^= \\\"Jon\\\"\". </p> </li> <li> <p> <i>AttributeValue</i>: The attribute value that must be matched for each user.</p> </li> </ul> <p>If the filter string is empty, <code>ListUsers</code> returns all users in the user pool.</p> <p>You can only search for the following standard attributes:</p> <ul> <li> <p> <code>username</code> (case-sensitive)</p> </li> <li> <p> <code>email</code> </p> </li> <li> <p> <code>phone_number</code> </p> </li> <li> <p> <code>name</code> </p> </li> <li> <p> <code>given_name</code> </p> </li> <li> <p> <code>family_name</code> </p> </li> <li> <p> <code>preferred_username</code> </p> </li> <li> <p> <code>cognito:user_status</code> (called <b>Status</b> in the Console) (case-insensitive)</p> </li> <li> <p> <code>status (called <b>Enabled</b> in the Console) (case-sensitive)</code> </p> </li> <li> <p> <code>sub</code> </p> </li> </ul> <p>Custom attributes are not searchable.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api\">Searching for Users Using the ListUsers API</a> and <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples\">Examples of Using the ListUsers API</a> in the <i>Amazon Cognito Developer Guide</i>.</p>"
+          "documentation":"<p>A filter string of the form \"<i>AttributeName</i> <i>Filter-Type</i> \"<i>AttributeValue</i>\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"<code>family_name</code> = \\\"Reddy\\\"\".</p> <ul> <li> <p> <i>AttributeName</i>: The name of the attribute to search for. You can only search for one attribute at a time.</p> </li> <li> <p> <i>Filter-Type</i>: For an exact match, use =, for example, \"<code>given_name</code> = \\\"Jon\\\"\". For a prefix (\"starts with\") match, use ^=, for example, \"<code>given_name</code> ^= \\\"Jon\\\"\". </p> </li> <li> <p> <i>AttributeValue</i>: The attribute value that must be matched for each user.</p> </li> </ul> <p>If the filter string is empty, <code>ListUsers</code> returns all users in the user pool.</p> <p>You can only search for the following standard attributes:</p> <ul> <li> <p> <code>username</code> (case-sensitive)</p> </li> <li> <p> <code>email</code> </p> </li> <li> <p> <code>phone_number</code> </p> </li> <li> <p> <code>name</code> </p> </li> <li> <p> <code>given_name</code> </p> </li> <li> <p> <code>family_name</code> </p> </li> <li> <p> <code>preferred_username</code> </p> </li> <li> <p> <code>cognito:user_status</code> (called <b>Status</b> in the Console) (case-insensitive)</p> </li> <li> <p> <code>status (called <b>Enabled</b> in the Console) (case-sensitive)</code> </p> </li> <li> <p> <code>sub</code> </p> </li> </ul> <p>Custom attributes aren't searchable.</p> <note> <p>You can also list users with a client-side filter. The server-side filter matches no more than 1 attribute. For an advanced search, use a client-side filter with the <code>--query</code> parameter of the <code>list-users</code> action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result. </p> <p>For more information about server-side and client-side filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">FilteringCLI output</a> in the <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Command Line Interface User Guide</a>. </p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-using-listusers-api\">Searching for Users Using the ListUsers API</a> and <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-manage-user-accounts.html#cognito-user-pools-searching-for-users-listusers-api-examples\">Examples of Using the ListUsers API</a> in the <i>Amazon Cognito Developer Guide</i>.</p>"
         }
       },
       "documentation":"<p>Represents the request to list users.</p>"
@@ -5834,7 +5834,7 @@
           "documentation":"<p>The message returned when Amazon Cognito throws an MFA method not found exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when Amazon Cognito cannot find a multi-factor authentication (MFA) method.</p>",
+      "documentation":"<p>This exception is thrown when Amazon Cognito can't find a multi-factor authentication (MFA) method.</p>",
       "exception":true
     },
     "MFAOptionListType":{
@@ -5853,7 +5853,7 @@
           "documentation":"<p>The attribute name of the MFA option type. The only valid value is <code>phone_number</code>.</p>"
         }
       },
-      "documentation":"<p> <i>This data type is no longer supported.</i> You can use it only for SMS MFA configurations. You can't use it for TOTP software token MFA configurations.</p>"
+      "documentation":"<p> <i>This data type is no longer supported.</i> You can use it only for SMS multi-factor authentication (MFA) configurations. You can't use it for time-based one-time password (TOTP) software token MFA configurations.</p>"
     },
     "MessageActionType":{
       "type":"string",
@@ -5903,7 +5903,7 @@
           "documentation":"<p>The message returned when the Amazon Cognito service returns a not authorized exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when a user is not authorized.</p>",
+      "documentation":"<p>This exception is thrown when a user isn't authorized.</p>",
       "exception":true
     },
     "NotifyConfigurationType":{
@@ -5912,7 +5912,7 @@
       "members":{
         "From":{
           "shape":"StringType",
-          "documentation":"<p>The email address that is sending the email. It must be either individually verified with Amazon SES, or from a domain that has been verified with Amazon SES.</p>"
+          "documentation":"<p>The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES.</p>"
         },
         "ReplyTo":{
           "shape":"StringType",
@@ -5920,7 +5920,7 @@
         },
         "SourceArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. It permits Amazon Cognito to send for the email address specified in the <code>From</code> parameter.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. This identity permits Amazon Cognito to send for the email address specified in the <code>From</code> parameter.</p>"
         },
         "BlockEmail":{
           "shape":"NotifyEmailType",
@@ -5932,7 +5932,7 @@
         },
         "MfaEmail":{
           "shape":"NotifyEmailType",
-          "documentation":"<p>The MFA email template used when MFA is challenged as part of a detected risk.</p>"
+          "documentation":"<p>The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk.</p>"
         }
       },
       "documentation":"<p>The notify configuration type.</p>"
@@ -5943,15 +5943,15 @@
       "members":{
         "Subject":{
           "shape":"EmailNotificationSubjectType",
-          "documentation":"<p>The subject.</p>"
+          "documentation":"<p>The email subject.</p>"
         },
         "HtmlBody":{
           "shape":"EmailNotificationBodyType",
-          "documentation":"<p>The HTML body.</p>"
+          "documentation":"<p>The email HTML body.</p>"
         },
         "TextBody":{
           "shape":"EmailNotificationBodyType",
-          "documentation":"<p>The text body.</p>"
+          "documentation":"<p>The email text body.</p>"
         }
       },
       "documentation":"<p>The notify email type.</p>"
@@ -5968,7 +5968,7 @@
           "documentation":"<p>The maximum value of an attribute that is of the number data type.</p>"
         }
       },
-      "documentation":"<p>The minimum and maximum value of an attribute that is of the number data type.</p>"
+      "documentation":"<p>The minimum and maximum values of an attribute that is of the number data type.</p>"
     },
     "OAuthFlowType":{
       "type":"string",
@@ -6004,7 +6004,7 @@
       "members":{
         "MinimumLength":{
           "shape":"PasswordPolicyMinLengthType",
-          "documentation":"<p>The minimum length of the password policy that you have set. Cannot be less than 6.</p>"
+          "documentation":"<p>The minimum length of the password in the policy that you have set. This value can't be less than 6.</p>"
         },
         "RequireUppercase":{
           "shape":"BooleanType",
@@ -6024,7 +6024,7 @@
         },
         "TemporaryPasswordValidityDays":{
           "shape":"TemporaryPasswordValidityDaysType",
-          "documentation":"<p>In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.</p> <note> <p>When you set <code>TemporaryPasswordValidityDays</code> for a user pool, you will no longer be able to set the deprecated <code>UnusedAccountValidityDays</code> value for that user pool.</p> </note>"
+          "documentation":"<p>The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.</p> <note> <p>When you set <code>TemporaryPasswordValidityDays</code> for a user pool, you can no longer set the deprecated <code>UnusedAccountValidityDays</code> value for that user pool.</p> </note>"
         }
       },
       "documentation":"<p>The password policy type.</p>"
@@ -6128,15 +6128,15 @@
       "members":{
         "ProviderName":{
           "shape":"ProviderNameType",
-          "documentation":"<p>The name of the provider, for example, Facebook, Google, or Login with Amazon.</p>"
+          "documentation":"<p>The name of the provider, such as Facebook, Google, or Login with Amazon.</p>"
         },
         "ProviderAttributeName":{
           "shape":"StringType",
-          "documentation":"<p>The name of the provider attribute to link to, for example, <code>NameID</code>.</p>"
+          "documentation":"<p>The name of the provider attribute to link to, such as <code>NameID</code>.</p>"
         },
         "ProviderAttributeValue":{
           "shape":"StringType",
-          "documentation":"<p>The value of the provider attribute to link to, for example, <code>xxxxx_account</code>.</p>"
+          "documentation":"<p>The value of the provider attribute to link to, such as <code>xxxxx_account</code>.</p>"
         }
       },
       "documentation":"<p>A container for information about an identity provider for a user pool.</p>"
@@ -6184,7 +6184,7 @@
         },
         "Name":{
           "shape":"RecoveryOptionNameType",
-          "documentation":"<p>Specifies the recovery method for a user.</p>"
+          "documentation":"<p>The recovery method for a user.</p>"
         }
       },
       "documentation":"<p>A map containing a priority as a key, and recovery method name as a value.</p>"
@@ -6221,7 +6221,7 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user to whom you wish to resend a confirmation code.</p>"
+          "documentation":"<p>The <code>username</code> attribute of the user to whom you want to resend a confirmation code.</p>"
         },
         "AnalyticsMetadata":{
           "shape":"AnalyticsMetadataType",
@@ -6229,7 +6229,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the ResendConfirmationCode API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your ResendConfirmationCode request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to resend the confirmation code.</p>"
@@ -6242,7 +6242,7 @@
           "documentation":"<p>The code delivery details returned by the server in response to the request to resend the confirmation code.</p>"
         }
       },
-      "documentation":"<p>The response from the server when the Amazon Cognito Your User Pools service makes the request to resend a confirmation code.</p>"
+      "documentation":"<p>The response from the server when Amazon Cognito makes the request to resend a confirmation code.</p>"
     },
     "ResourceNotFoundException":{
       "type":"structure",
@@ -6252,7 +6252,7 @@
           "documentation":"<p>The message returned when the Amazon Cognito service returns a resource not found exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the Amazon Cognito service cannot find the requested resource.</p>",
+      "documentation":"<p>This exception is thrown when the Amazon Cognito service can't find the requested resource.</p>",
       "exception":true
     },
     "ResourceServerIdentifierType":{
@@ -6340,15 +6340,15 @@
         },
         "ChallengeName":{
           "shape":"ChallengeNameType",
-          "documentation":"<p>The challenge name. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html\">InitiateAuth</a>.</p> <p> <code>ADMIN_NO_SRP_AUTH</code> is not a valid value.</p>"
+          "documentation":"<p>The challenge name. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html\">InitiateAuth</a>.</p> <p> <code>ADMIN_NO_SRP_AUTH</code> isn't a valid value.</p>"
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If <code>InitiateAuth</code> or <code>RespondToAuthChallenge</code> API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. If <code>InitiateAuth</code> or <code>RespondToAuthChallenge</code> API call determines that the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
         },
         "ChallengeResponses":{
           "shape":"ChallengeResponsesType",
-          "documentation":"<p>The challenge responses. These are inputs corresponding to the value of <code>ChallengeName</code>, for example:</p> <note> <p> <code>SECRET_HASH</code> (if app client is configured with client secret) applies to all inputs below (including <code>SOFTWARE_TOKEN_MFA</code>).</p> </note> <ul> <li> <p> <code>SMS_MFA</code>: <code>SMS_MFA_CODE</code>, <code>USERNAME</code>.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, <code>TIMESTAMP</code>, <code>USERNAME</code>.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: <code>NEW_PASSWORD</code>, any other required attributes, <code>USERNAME</code>. </p> </li> <li> <p> <code>SOFTWARE_TOKEN_MFA</code>: <code>USERNAME</code> and <code>SOFTWARE_TOKEN_MFA_CODE</code> are required attributes.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code> requires <code>USERNAME</code>, <code>DEVICE_KEY</code>, <code>SRP_A</code> (and <code>SECRET_HASH</code>).</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code> requires everything that <code>PASSWORD_VERIFIER</code> requires plus <code>DEVICE_KEY</code>.</p> </li> <li> <p> <code>MFA_SETUP</code> requires <code>USERNAME</code>, plus you need to use the session value returned by <code>VerifySoftwareToken</code> in the <code>Session</code> parameter.</p> </li> </ul>"
+          "documentation":"<p>The challenge responses. These are inputs corresponding to the value of <code>ChallengeName</code>, for example:</p> <note> <p> <code>SECRET_HASH</code> (if app client is configured with client secret) applies to all of the inputs that follow (including <code>SOFTWARE_TOKEN_MFA</code>).</p> </note> <ul> <li> <p> <code>SMS_MFA</code>: <code>SMS_MFA_CODE</code>, <code>USERNAME</code>.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, <code>TIMESTAMP</code>, <code>USERNAME</code>.</p> <note> <p> <code>PASSWORD_VERIFIER</code> requires <code>DEVICE_KEY</code> when signing in with a remembered device.</p> </note> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>: <code>NEW_PASSWORD</code>, any other required attributes, <code>USERNAME</code>. </p> </li> <li> <p> <code>SOFTWARE_TOKEN_MFA</code>: <code>USERNAME</code> and <code>SOFTWARE_TOKEN_MFA_CODE</code> are required attributes.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code> requires <code>USERNAME</code>, <code>DEVICE_KEY</code>, <code>SRP_A</code> (and <code>SECRET_HASH</code>).</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code> requires everything that <code>PASSWORD_VERIFIER</code> requires, plus <code>DEVICE_KEY</code>.</p> </li> <li> <p> <code>MFA_SETUP</code> requires <code>USERNAME</code>, plus you must use the session value returned by <code>VerifySoftwareToken</code> in the <code>Session</code> parameter.</p> </li> </ul>"
         },
         "AnalyticsMetadata":{
           "shape":"AnalyticsMetadataType",
@@ -6360,7 +6360,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>post authentication</i>, <i>pre token generation</i>, <i>define auth challenge</i>, <i>create auth challenge</i>, and <i>verify auth challenge</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the RespondToAuthChallenge API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>post authentication</i>, <i>pre token generation</i>, <i>define auth challenge</i>, <i>create auth challenge</i>, and <i>verify auth challenge</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your RespondToAuthChallenge request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>The request to respond to an authentication challenge.</p>"
@@ -6374,7 +6374,7 @@
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service. If the caller must pass another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next <code>RespondToAuthChallenge</code> API call.</p>"
         },
         "ChallengeParameters":{
           "shape":"ChallengeParametersType",
@@ -6396,7 +6396,7 @@
       "members":{
         "Token":{
           "shape":"TokenModelType",
-          "documentation":"<p>The token that you want to revoke.</p>"
+          "documentation":"<p>The refresh token that you want to revoke.</p>"
         },
         "ClientId":{
           "shape":"ClientIdType",
@@ -6426,11 +6426,11 @@
         },
         "CompromisedCredentialsRiskConfiguration":{
           "shape":"CompromisedCredentialsRiskConfigurationType",
-          "documentation":"<p>The compromised credentials risk configuration object including the <code>EventFilter</code> and the <code>EventAction</code> </p>"
+          "documentation":"<p>The compromised credentials risk configuration object, including the <code>EventFilter</code> and the <code>EventAction</code>.</p>"
         },
         "AccountTakeoverRiskConfiguration":{
           "shape":"AccountTakeoverRiskConfigurationType",
-          "documentation":"<p>The account takeover risk configuration object including the <code>NotifyConfiguration</code> object and <code>Actions</code> to take in the case of an account takeover.</p>"
+          "documentation":"<p>The account takeover risk configuration object, including the <code>NotifyConfiguration</code> object and <code>Actions</code> to take if there is an account takeover.</p>"
         },
         "RiskExceptionConfiguration":{
           "shape":"RiskExceptionConfigurationType",
@@ -6456,11 +6456,11 @@
       "members":{
         "BlockedIPRangeList":{
           "shape":"BlockedIPRangeListType",
-          "documentation":"<p>Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDR notation: a compact representation of an IP address and its associated routing prefix.</p>"
+          "documentation":"<p>Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix.</p>"
         },
         "SkippedIPRangeList":{
           "shape":"SkippedIPRangeListType",
-          "documentation":"<p>Risk detection is not performed on the IP addresses in the range list. The IP range is in CIDR notation.</p>"
+          "documentation":"<p>Risk detection isn't performed on the IP addresses in this range list. The IP range is in CIDR notation.</p>"
         }
       },
       "documentation":"<p>The type of the configuration to override the risk decision.</p>"
@@ -6490,14 +6490,14 @@
       "members":{
         "Enabled":{
           "shape":"BooleanType",
-          "documentation":"<p>Specifies whether SMS text message MFA is enabled. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted.</p>"
+          "documentation":"<p>Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.</p>"
         },
         "PreferredMfa":{
           "shape":"BooleanType",
           "documentation":"<p>Specifies whether SMS is the preferred MFA method.</p>"
         }
       },
-      "documentation":"<p>The type used for enabling SMS MFA at the user level. Phone numbers don't need to be verified to be used for SMS MFA. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign in attempts, disable MFA for users and turn on Adaptive Authentication for the user pool.</p>"
+      "documentation":"<p>The type used for enabling SMS multi-factor authentication (MFA) at the user level. Phone numbers don't need to be verified to be used for SMS MFA. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.</p>"
     },
     "SchemaAttributeType":{
       "type":"structure",
@@ -6512,17 +6512,17 @@
         },
         "DeveloperOnlyAttribute":{
           "shape":"BooleanType",
-          "documentation":"<note> <p>We recommend that you use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes\">WriteAttributes</a> in the user pool client to control how attributes can be mutated for new use cases instead of using <code>DeveloperOnlyAttribute</code>.</p> </note> <p>Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token. For example, <code>DeveloperOnlyAttribute</code> can be modified using AdminUpdateUserAttributes but cannot be updated using UpdateUserAttributes.</p>",
+          "documentation":"<note> <p>You should use <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes\">WriteAttributes</a> in the user pool client to control how attributes can be mutated for new use cases instead of using <code>DeveloperOnlyAttribute</code>.</p> </note> <p>Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won't be able to modify this attribute using their access token. For example, <code>DeveloperOnlyAttribute</code> can be modified using AdminUpdateUserAttributes but can't be updated using UpdateUserAttributes.</p>",
           "box":true
         },
         "Mutable":{
           "shape":"BooleanType",
-          "documentation":"<p>Specifies whether the value of the attribute can be changed.</p> <p>For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to <code>true</code>. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html\">Specifying Identity Provider Attribute Mappings for Your User Pool</a>.</p>",
+          "documentation":"<p>Specifies whether the value of the attribute can be changed.</p> <p>For any user pool attribute that is mapped to an identity provider attribute, you must set this parameter to <code>true</code>. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html\">Specifying Identity Provider Attribute Mappings for Your User Pool</a>.</p>",
           "box":true
         },
         "Required":{
           "shape":"BooleanType",
-          "documentation":"<p>Specifies whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.</p>",
+          "documentation":"<p>Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.</p>",
           "box":true
         },
         "NumberAttributeConstraints":{
@@ -6547,7 +6547,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when the specified scope does not exist.</p>",
+      "documentation":"<p>This exception is thrown when the specified scope doesn't exist.</p>",
       "exception":true
     },
     "ScopeListType":{
@@ -6598,7 +6598,7 @@
         },
         "ClientId":{
           "shape":"ClientIdType",
-          "documentation":"<p>The app client ID. If <code>ClientId</code> is null, then the risk configuration is mapped to <code>userPoolId</code>. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.</p> <p>Otherwise, <code>ClientId</code> is mapped to the client. When the client ID is not null, the user pool configuration is overridden and the risk configuration for the client is used instead.</p>"
+          "documentation":"<p>The app client ID. If <code>ClientId</code> is null, then the risk configuration is mapped to <code>userPoolId</code>. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.</p> <p>Otherwise, <code>ClientId</code> is mapped to the client. When the client ID isn't null, the user pool configuration is overridden and the risk configuration for the client is used instead.</p>"
         },
         "CompromisedCredentialsRiskConfiguration":{
           "shape":"CompromisedCredentialsRiskConfigurationType",
@@ -6697,7 +6697,7 @@
         },
         "MfaConfiguration":{
           "shape":"UserPoolMfaType",
-          "documentation":"<p>The MFA configuration. Users who don't have an MFA factor set up won't be able to sign-in if you set the MfaConfiguration value to ‘ON’. See <a href=\"cognito/latest/developerguide/user-pool-settings-mfa.html\">Adding Multi-Factor Authentication (MFA) to a User Pool</a> to learn more. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA will not be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor enabled.</p> </li> </ul>"
+          "documentation":"<p>The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users with an MFA factor set up can sign in. To learn more, see <a href=\"cognito/latest/developerguide/user-pool-settings-mfa.html\">Adding Multi-Factor Authentication (MFA) to a User Pool</a>. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA won't be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor activated.</p> </li> </ul>"
         }
       }
     },
@@ -6714,7 +6714,7 @@
         },
         "MfaConfiguration":{
           "shape":"UserPoolMfaType",
-          "documentation":"<p>The MFA configuration. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA will not be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor enabled.</p> </li> </ul>"
+          "documentation":"<p>The MFA configuration. Valid values include:</p> <ul> <li> <p> <code>OFF</code> MFA won't be used for any users.</p> </li> <li> <p> <code>ON</code> MFA is required for all users to sign in.</p> </li> <li> <p> <code>OPTIONAL</code> MFA will be required only for individual users who have an MFA factor enabled.</p> </li> </ul>"
         }
       }
     },
@@ -6760,11 +6760,11 @@
         },
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to register.</p>"
+          "documentation":"<p>The user name of the user you want to register.</p>"
         },
         "Password":{
           "shape":"PasswordType",
-          "documentation":"<p>The password of the user you wish to register.</p>"
+          "documentation":"<p>The password of the user you want to register.</p>"
         },
         "UserAttributes":{
           "shape":"AttributeListType",
@@ -6784,7 +6784,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, and <i>post confirmation</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.</p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the SignUp API action, Amazon Cognito invokes any functions that are assigned to the following triggers: <i>pre sign-up</i>, <i>custom message</i>, and <i>post confirmation</i>. When Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your SignUp request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to register a user.</p>"
@@ -6806,7 +6806,7 @@
         },
         "UserSub":{
           "shape":"StringType",
-          "documentation":"<p>The UUID of the authenticated user. This is not the same as <code>username</code>.</p>"
+          "documentation":"<p>The UUID of the authenticated user. This isn't the same as <code>username</code>.</p>"
         }
       },
       "documentation":"<p>The response from the server for a registration request.</p>"
@@ -6822,21 +6822,21 @@
       "members":{
         "SnsCallerArn":{
           "shape":"ArnType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) caller. This is the ARN of the IAM role in your account which Cognito will use to send SMS messages. SMS messages are subject to a <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html\">spending limit</a>. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your Amazon Web Services account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html\">spending limit</a>. </p>"
         },
         "ExternalId":{
           "shape":"StringType",
-          "documentation":"<p>The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an <code>ExternalId</code>, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the <code>ExternalID</code>. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the <code>ExternalId</code>.</p> <p>For more information about the <code>ExternalId</code> of a role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html\">How to use an external ID when granting access to your Amazon Web Services resources to a third party</a> </p>"
+          "documentation":"<p>The external ID is a value that you should use to add security to your IAM role that is used to call Amazon SNS to send SMS messages for your user pool. If you provide an <code>ExternalId</code>, the Amazon Cognito User Pool will include it when attempting to assume your IAM role so that you can set your roles trust policy to require the <code>ExternalID</code>. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito will create a role with the required permissions and a trust policy that demonstrates use of the <code>ExternalId</code>.</p> <p>For more information about the <code>ExternalId</code> of a role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html\">How to use an external ID when granting access to your Amazon Web Services resources to a third party</a> </p>"
         }
       },
-      "documentation":"<p>The SMS configuration type that includes the settings the Cognito User Pool needs to call for the Amazon SNS service to send an SMS message from your account. The Cognito User Pool makes the request to the Amazon SNS Service by using an IAM role that you provide for your account.</p>"
+      "documentation":"<p>The SMS configuration type that includes the settings the Amazon Cognito User Pool must call for the Amazon Simple Notification Service service to send an SMS message from your Amazon Web Services account. The Amazon Cognito User Pool makes the request to the Amazon SNS Service by using an Identity and Access Management role that you provide for your Amazon Web Services account.</p>"
     },
     "SmsMfaConfigType":{
       "type":"structure",
       "members":{
         "SmsAuthenticationMessage":{
           "shape":"SmsVerificationMessageType",
-          "documentation":"<p>The SMS authentication message that will be sent to users with the code they need to sign in. The message must contain the ‘{####}’ placeholder, which will be replaced with the code. If the message is not included, and default message will be used.</p>"
+          "documentation":"<p>The SMS authentication message that will be sent to users with the code they must sign in. The message must contain the ‘{####}’ placeholder, which is replaced with the code. If the message isn't included, and default message will be used.</p>"
         },
         "SmsConfiguration":{
           "shape":"SmsConfigurationType",
@@ -6856,7 +6856,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when the software token TOTP multi-factor authentication (MFA) is not enabled for the user pool.</p>",
+      "documentation":"<p>This exception is thrown when the software token time-based one-time password (TOTP) multi-factor authentication (MFA) isn't activated for the user pool.</p>",
       "exception":true
     },
     "SoftwareTokenMFAUserCodeType":{
@@ -6870,7 +6870,7 @@
       "members":{
         "Enabled":{
           "shape":"BooleanType",
-          "documentation":"<p>Specifies whether software token MFA is enabled.</p>"
+          "documentation":"<p>Specifies whether software token MFA is activated.</p>"
         }
       },
       "documentation":"<p>The type used for enabling software token MFA at the user pool level.</p>"
@@ -6880,14 +6880,14 @@
       "members":{
         "Enabled":{
           "shape":"BooleanType",
-          "documentation":"<p>Specifies whether software token MFA is enabled. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted.</p>"
+          "documentation":"<p>Specifies whether software token MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.</p>"
         },
         "PreferredMfa":{
           "shape":"BooleanType",
           "documentation":"<p>Specifies whether software token MFA is the preferred MFA method.</p>"
         }
       },
-      "documentation":"<p>The type used for enabling software token MFA at the user level. If an MFA type is enabled for a user, the user will be prompted for MFA during all sign in attempts, unless device tracking is turned on and the device has been trusted. If you would like MFA to be applied selectively based on the assessed risk level of sign in attempts, disable MFA for users and turn on Adaptive Authentication for the user pool.</p>"
+      "documentation":"<p>The type used for enabling software token MFA at the user level. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.</p>"
     },
     "StartUserImportJobRequest":{
       "type":"structure",
@@ -7027,15 +7027,15 @@
       "members":{
         "AccessToken":{
           "shape":"TimeUnitsType",
-          "documentation":"<p> A time unit in “seconds”, “minutes”, “hours” or “days” for the value in AccessTokenValidity, defaults to hours.</p>"
+          "documentation":"<p> A time unit in “seconds”, “minutes”, “hours”, or “days” for the value in AccessTokenValidity, defaulting to hours.</p>"
         },
         "IdToken":{
           "shape":"TimeUnitsType",
-          "documentation":"<p>A time unit in “seconds”, “minutes”, “hours” or “days” for the value in IdTokenValidity, defaults to hours.</p>"
+          "documentation":"<p>A time unit in “seconds”, “minutes”, “hours”, or “days” for the value in IdTokenValidity, defaulting to hours.</p>"
         },
         "RefreshToken":{
           "shape":"TimeUnitsType",
-          "documentation":"<p>A time unit in “seconds”, “minutes”, “hours” or “days” for the value in RefreshTokenValidity, defaults to days.</p>"
+          "documentation":"<p>A time unit in “seconds”, “minutes”, “hours”, or “days” for the value in RefreshTokenValidity, defaulting to days.</p>"
         }
       },
       "documentation":"<p>The data type for TokenValidityUnits that specifics the time measurements for token validity.</p>"
@@ -7045,10 +7045,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the Amazon Cognito service returns a too many failed attempts exception.</p>"
+          "documentation":"<p>The message returned when Amazon Cognito returns a <code>TooManyFailedAttempts</code> exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the user has made too many failed attempts for a given action (e.g., sign in).</p>",
+      "documentation":"<p>This exception is thrown when the user has made too many failed attempts for a given action, such as sign-in.</p>",
       "exception":true
     },
     "TooManyRequestsException":{
@@ -7101,7 +7101,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when the request is not authorized. This can happen due to an invalid access token in the request.</p>",
+      "documentation":"<p>Exception that is thrown when the request isn't authorized. This can happen due to an invalid access token in the request.</p>",
       "exception":true
     },
     "UnexpectedLambdaException":{
@@ -7109,10 +7109,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when the Amazon Cognito service returns an unexpected Lambda exception.</p>"
+          "documentation":"<p>The message returned when Amazon Cognito returns an unexpected Lambda exception.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when the Amazon Cognito service encounters an unexpected exception with the Lambda service.</p>",
+      "documentation":"<p>This exception is thrown when Amazon Cognito encounters an unexpected exception with Lambda.</p>",
       "exception":true
     },
     "UnsupportedIdentityProviderException":{
@@ -7120,7 +7120,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when the specified identifier is not supported.</p>",
+      "documentation":"<p>This exception is thrown when the specified identifier isn't supported.</p>",
       "exception":true
     },
     "UnsupportedOperationException":{
@@ -7128,7 +7128,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when you attempt to perform an operation that is not enabled for the user pool client.</p>",
+      "documentation":"<p>Exception that is thrown when you attempt to perform an operation that isn't enabled for the user pool client.</p>",
       "exception":true
     },
     "UnsupportedTokenTypeException":{
@@ -7136,7 +7136,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when an unsupported token is passed to an operation.</p>",
+      "documentation":"<p>Exception that is thrown when an unsupported token is passed to an operation.</p>",
       "exception":true
     },
     "UnsupportedUserStateException":{
@@ -7258,7 +7258,7 @@
         },
         "RoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The new role ARN for the group. This is used for setting the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims in the token.</p>"
+          "documentation":"<p>The new role Amazon Resource Name (ARN) for the group. This is used for setting the <code>cognito:roles</code> and <code>cognito:preferred_role</code> claims in the token.</p>"
         },
         "Precedence":{
           "shape":"PrecedenceType",
@@ -7367,7 +7367,7 @@
         },
         "ClientMetadata":{
           "shape":"ClientMetadataType",
-          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>Take the following limitations into consideration when you use the ClientMetadata parameter:</p> <ul> <li> <p>Amazon Cognito does not store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Amazon Cognito does not validate the ClientMetadata value.</p> </li> <li> <p>Amazon Cognito does not encrypt the the ClientMetadata value, so don't use it to provide sensitive information.</p> </li> </ul> </note>"
+          "documentation":"<p>A map of custom key-value pairs that you can provide as input for any custom workflows that this action initiates. </p> <p>You create custom workflows by assigning Lambda functions to user pool triggers. When you use the UpdateUserAttributes API action, Amazon Cognito invokes the function that is assigned to the <i>custom message</i> trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a <code>clientMetadata</code> attribute, which provides the data that you assigned to the ClientMetadata parameter in your UpdateUserAttributes request. In your function code in Lambda, you can process the <code>clientMetadata</code> value to enhance your workflow for your specific needs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html\">Customizing User Pool Workflows with Lambda Triggers</a> in the <i>Amazon Cognito Developer Guide</i>.</p> <note> <p>When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:</p> <ul> <li> <p>Store the ClientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.</p> </li> <li> <p>Validate the ClientMetadata value.</p> </li> <li> <p>Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.</p> </li> </ul> </note>"
         }
       },
       "documentation":"<p>Represents the request to update user attributes.</p>"
@@ -7403,19 +7403,19 @@
         },
         "RefreshTokenValidity":{
           "shape":"RefreshTokenValidityType",
-          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and can't be used.</p>"
         },
         "AccessTokenValidity":{
           "shape":"AccessTokenValidityType",
-          "documentation":"<p>The time limit, after which the access token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit after which the access token is no longer valid and can't be used.</p>"
         },
         "IdTokenValidity":{
           "shape":"IdTokenValidityType",
-          "documentation":"<p>The time limit, after which the ID token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit after which the ID token is no longer valid and can't be used.</p>"
         },
         "TokenValidityUnits":{
           "shape":"TokenValidityUnitsType",
-          "documentation":"<p>The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.</p>"
+          "documentation":"<p>The units in which the validity times are represented. Default for RefreshToken is days, and default for ID and access tokens is hours.</p>"
         },
         "ReadAttributes":{
           "shape":"ClientPermissionListType",
@@ -7427,7 +7427,7 @@
         },
         "ExplicitAuthFlows":{
           "shape":"ExplicitAuthFlowsListType",
-          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are deprecated in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix cannot be used along with values without <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
+          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are no longer supported in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix must be used only along with values with the <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP-based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
         },
         "SupportedIdentityProviders":{
           "shape":"SupportedIdentityProvidersListType",
@@ -7435,7 +7435,7 @@
         },
         "CallbackURLs":{
           "shape":"CallbackURLsListType",
-          "documentation":"<p>A list of allowed redirect (callback) URLs for the identity providers.</p> <p>A redirect URI must:</p> <ul> <li> <p>Be an absolute URI.</p> </li> <li> <p>Be registered with the authorization server.</p> </li> <li> <p>Not include a fragment component.</p> </li> </ul> <p>See <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.2\">OAuth 2.0 - Redirection Endpoint</a>.</p> <p>Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.</p> <p>App callback URLs such as myapp://example are also supported.</p>"
+          "documentation":"<p>A list of allowed redirect (callback) URLs for the identity providers.</p> <p>A redirect URI must:</p> <ul> <li> <p>Be an absolute URI.</p> </li> <li> <p>Be registered with the authorization server.</p> </li> <li> <p>Not include a fragment component.</p> </li> </ul> <p>See <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.2\">OAuth 2.0 - Redirection Endpoint</a>.</p> <p>Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.</p> <p>App callback URLs such as <code>myapp://example</code> are also supported.</p>"
         },
         "LogoutURLs":{
           "shape":"LogoutURLsListType",
@@ -7443,7 +7443,7 @@
         },
         "DefaultRedirectURI":{
           "shape":"RedirectUrlType",
-          "documentation":"<p>The default redirect URI. Must be in the <code>CallbackURLs</code> list.</p> <p>A redirect URI must:</p> <ul> <li> <p>Be an absolute URI.</p> </li> <li> <p>Be registered with the authorization server.</p> </li> <li> <p>Not include a fragment component.</p> </li> </ul> <p>See <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.2\">OAuth 2.0 - Redirection Endpoint</a>.</p> <p>Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.</p> <p>App callback URLs such as myapp://example are also supported.</p>"
+          "documentation":"<p>The default redirect URI. Must be in the <code>CallbackURLs</code> list.</p> <p>A redirect URI must:</p> <ul> <li> <p>Be an absolute URI.</p> </li> <li> <p>Be registered with the authorization server.</p> </li> <li> <p>Not include a fragment component.</p> </li> </ul> <p>See <a href=\"https://tools.ietf.org/html/rfc6749#section-3.1.2\">OAuth 2.0 - Redirection Endpoint</a>.</p> <p>Amazon Cognito requires HTTPS over HTTP except for <code>http://localhost</code> for testing purposes only.</p> <p>App callback URLs such as <code>myapp://example</code> are also supported.</p>"
         },
         "AllowedOAuthFlows":{
           "shape":"OAuthFlowsType",
@@ -7455,19 +7455,19 @@
         },
         "AllowedOAuthFlowsUserPoolClient":{
           "shape":"BooleanType",
-          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.</p>"
+          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.</p>"
         },
         "AnalyticsConfiguration":{
           "shape":"AnalyticsConfigurationType",
-          "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.</p> <note> <p>In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region. </p> </note>"
+          "documentation":"<p>The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.</p> <note> <p>In Amazon Web Services Regions where isn't available, User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In Regions where Pinpoint is available, User Pools will support sending events to Amazon Pinpoint projects within that same Region. </p> </note>"
         },
         "PreventUserExistenceErrors":{
           "shape":"PreventUserExistenceErrorTypes",
-          "documentation":"<p>Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to <code>ENABLED</code> and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs will return a <code>UserNotFoundException</code> exception if the user does not exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the old behavior of Cognito where user existence related errors are not prevented.</p> </li> </ul> <note> <p>After February 15th 2020, the value of <code>PreventUserExistenceErrors</code> will default to <code>ENABLED</code> for newly created user pool clients if no value is provided.</p> </note>"
+          "documentation":"<p>Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs return a <code>UserNotFoundException</code> exception if the user doesn't exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.</p> </li> </ul>"
         },
         "EnableTokenRevocation":{
           "shape":"WrappedBooleanType",
-          "documentation":"<p>Enables or disables token revocation. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
+          "documentation":"<p>Activates or deactivates token revocation. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
         }
       },
       "documentation":"<p>Represents the request to update the user pool client.</p>"
@@ -7477,7 +7477,7 @@
       "members":{
         "UserPoolClient":{
           "shape":"UserPoolClientType",
-          "documentation":"<p>The user pool client value from the response from the server when an update user pool client request is made.</p>"
+          "documentation":"<p>The user pool client value from the response from the server when you request to update the user pool client.</p>"
         }
       },
       "documentation":"<p>Represents the response from the server to the request to update the user pool client.</p>"
@@ -7492,11 +7492,11 @@
       "members":{
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. For example: <code>auth.example.com</code>. </p> <p>This string can include only lowercase letters, numbers, and hyphens. Do not use a hyphen for the first or last character. Use periods to separate subdomain names.</p>"
+          "documentation":"<p>The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be <code>auth.example.com</code>. </p> <p>This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.</p>"
         },
         "UserPoolId":{
           "shape":"UserPoolIdType",
-          "documentation":"<p>The ID of the user pool that is associated with the custom domain that you are updating the certificate for.</p>"
+          "documentation":"<p>The ID of the user pool that is associated with the custom domain whose certificate you're updating.</p>"
         },
         "CustomDomainConfig":{
           "shape":"CustomDomainConfigType",
@@ -7525,7 +7525,7 @@
         },
         "Policies":{
           "shape":"UserPoolPolicyType",
-          "documentation":"<p>A container with the policies you wish to update in a user pool.</p>"
+          "documentation":"<p>A container with the policies you want to update in a user pool.</p>"
         },
         "LambdaConfig":{
           "shape":"LambdaConfigType",
@@ -7533,7 +7533,7 @@
         },
         "AutoVerifiedAttributes":{
           "shape":"VerifiedAttributesListType",
-          "documentation":"<p>The attributes that are automatically verified when the Amazon Cognito service makes a request to update user pools.</p>"
+          "documentation":"<p>The attributes that are automatically verified when Amazon Cognito requests to update user pools.</p>"
         },
         "SmsVerificationMessage":{
           "shape":"SmsVerificationMessageType",
@@ -7557,7 +7557,7 @@
         },
         "MfaConfiguration":{
           "shape":"UserPoolMfaType",
-          "documentation":"<p>Can be one of the following values:</p> <ul> <li> <p> <code>OFF</code> - MFA tokens are not required and cannot be specified during user registration.</p> </li> <li> <p> <code>ON</code> - MFA tokens are required for all user registrations. You can only specify ON when you are initially creating a user pool. You can use the <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html\">SetUserPoolMfaConfig</a> API operation to turn MFA \"ON\" for existing user pools. </p> </li> <li> <p> <code>OPTIONAL</code> - Users have the option when registering to create an MFA token.</p> </li> </ul>"
+          "documentation":"<p>Can be one of the following values:</p> <ul> <li> <p> <code>OFF</code> - MFA tokens aren't required and can't be specified during user registration.</p> </li> <li> <p> <code>ON</code> - MFA tokens are required for all user registrations. You can only specify ON when you're initially creating a user pool. You can use the <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html\">SetUserPoolMfaConfig</a> API operation to turn MFA \"ON\" for existing user pools. </p> </li> <li> <p> <code>OPTIONAL</code> - Users have the option when registering to create an MFA token.</p> </li> </ul>"
         },
         "DeviceConfiguration":{
           "shape":"DeviceConfigurationType",
@@ -7581,11 +7581,11 @@
         },
         "UserPoolAddOns":{
           "shape":"UserPoolAddOnsType",
-          "documentation":"<p>Used to enable advanced security risk detection. Set the key <code>AdvancedSecurityMode</code> to the value \"AUDIT\".</p>"
+          "documentation":"<p>Enables advanced security risk detection. Set the key <code>AdvancedSecurityMode</code> to the value \"AUDIT\".</p>"
         },
         "AccountRecoverySetting":{
           "shape":"AccountRecoverySettingType",
-          "documentation":"<p>Use this setting to define which verified available method a user can use to recover their password when they call <code>ForgotPassword</code>. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.</p>"
+          "documentation":"<p>The available verified method a user can use to recover their password when they call <code>ForgotPassword</code>. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.</p>"
         }
       },
       "documentation":"<p>Represents the request to update the user pool.</p>"
@@ -7601,10 +7601,10 @@
       "members":{
         "EncodedData":{
           "shape":"StringType",
-          "documentation":"<p>Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>"
+          "documentation":"<p>Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>"
         }
       },
-      "documentation":"<p>Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>"
+      "documentation":"<p>Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.</p>"
     },
     "UserFilterType":{
       "type":"string",
@@ -7618,7 +7618,7 @@
           "documentation":"<p>The message returned when the user pool has an import job running.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when you are trying to modify a user pool while a user import job is in progress for that pool.</p>",
+      "documentation":"<p>This exception is thrown when you're trying to modify a user pool while a user import job is in progress for that pool.</p>",
       "exception":true
     },
     "UserImportJobIdType":{
@@ -7679,11 +7679,11 @@
         },
         "Status":{
           "shape":"UserImportJobStatusType",
-          "documentation":"<p>The status of the user import job. One of the following:</p> <ul> <li> <p> <code>Created</code> - The job was created but not started.</p> </li> <li> <p> <code>Pending</code> - A transition state. You have started the job, but it has not begun importing users yet.</p> </li> <li> <p> <code>InProgress</code> - The job has started, and users are being imported.</p> </li> <li> <p> <code>Stopping</code> - You have stopped the job, but the job has not stopped importing users yet.</p> </li> <li> <p> <code>Stopped</code> - You have stopped the job, and the job has stopped importing users.</p> </li> <li> <p> <code>Succeeded</code> - The job has completed successfully.</p> </li> <li> <p> <code>Failed</code> - The job has stopped due to an error.</p> </li> <li> <p> <code>Expired</code> - You created a job, but did not start the job within 24-48 hours. All data associated with the job was deleted, and the job cannot be started.</p> </li> </ul>"
+          "documentation":"<p>The status of the user import job. One of the following:</p> <ul> <li> <p> <code>Created</code> - The job was created but not started.</p> </li> <li> <p> <code>Pending</code> - A transition state. You have started the job, but it has not begun importing users yet.</p> </li> <li> <p> <code>InProgress</code> - The job has started, and users are being imported.</p> </li> <li> <p> <code>Stopping</code> - You have stopped the job, but the job has not stopped importing users yet.</p> </li> <li> <p> <code>Stopped</code> - You have stopped the job, and the job has stopped importing users.</p> </li> <li> <p> <code>Succeeded</code> - The job has completed successfully.</p> </li> <li> <p> <code>Failed</code> - The job has stopped due to an error.</p> </li> <li> <p> <code>Expired</code> - You created a job, but did not start the job within 24-48 hours. All data associated with the job was deleted, and the job can't be started.</p> </li> </ul>"
         },
         "CloudWatchLogsRoleArn":{
           "shape":"ArnType",
-          "documentation":"<p>The role ARN for the Amazon CloudWatch Logging role for the user import job. For more information, see \"Creating the CloudWatch Logs IAM Role\" in the Amazon Cognito Developer Guide.</p>"
+          "documentation":"<p>The role Amazon Resource Name (ARN) for the Amazon CloudWatch Logging role for the user import job. For more information, see \"Creating the CloudWatch Logs IAM Role\" in the Amazon Cognito Developer Guide.</p>"
         },
         "ImportedUsers":{
           "shape":"LongType",
@@ -7695,7 +7695,7 @@
         },
         "FailedUsers":{
           "shape":"LongType",
-          "documentation":"<p>The number of users that could not be imported.</p>"
+          "documentation":"<p>The number of users that couldn't be imported.</p>"
         },
         "CompletionMessage":{
           "shape":"CompletionMessageType",
@@ -7730,10 +7730,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when a user is not confirmed successfully.</p>"
+          "documentation":"<p>The message returned when a user isn't confirmed successfully.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when a user is not confirmed successfully.</p>",
+      "documentation":"<p>This exception is thrown when a user isn't confirmed successfully.</p>",
       "exception":true
     },
     "UserNotFoundException":{
@@ -7741,10 +7741,10 @@
       "members":{
         "message":{
           "shape":"MessageType",
-          "documentation":"<p>The message returned when a user is not found.</p>"
+          "documentation":"<p>The message returned when a user isn't found.</p>"
         }
       },
-      "documentation":"<p>This exception is thrown when a user is not found.</p>",
+      "documentation":"<p>This exception is thrown when a user isn't found.</p>",
       "exception":true
     },
     "UserPoolAddOnNotEnabledException":{
@@ -7752,7 +7752,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when user pool add-ons are not enabled.</p>",
+      "documentation":"<p>This exception is thrown when user pool add-ons aren't enabled.</p>",
       "exception":true
     },
     "UserPoolAddOnsType":{
@@ -7817,15 +7817,15 @@
         },
         "RefreshTokenValidity":{
           "shape":"RefreshTokenValidityType",
-          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit, in days, after which the refresh token is no longer valid and can't be used.</p>"
         },
         "AccessTokenValidity":{
           "shape":"AccessTokenValidityType",
-          "documentation":"<p>The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and can't be used.</p>"
         },
         "IdTokenValidity":{
           "shape":"IdTokenValidityType",
-          "documentation":"<p>The time limit, specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and cannot be used.</p>"
+          "documentation":"<p>The time limit specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and can't be used.</p>"
         },
         "TokenValidityUnits":{
           "shape":"TokenValidityUnitsType",
@@ -7841,7 +7841,7 @@
         },
         "ExplicitAuthFlows":{
           "shape":"ExplicitAuthFlowsListType",
-          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are deprecated in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix cannot be used along with values without <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
+          "documentation":"<p>The authentication flows that are supported by the user pool clients. Flow names without the <code>ALLOW_</code> prefix are no longer supported in favor of new names with the <code>ALLOW_</code> prefix. Note that values with <code>ALLOW_</code> prefix must be used only along with values including the <code>ALLOW_</code> prefix.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ALLOW_ADMIN_USER_PASSWORD_AUTH</code>: Enable admin based user password authentication flow <code>ADMIN_USER_PASSWORD_AUTH</code>. This setting replaces the <code>ADMIN_NO_SRP_AUTH</code> setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_CUSTOM_AUTH</code>: Enable Lambda trigger based authentication.</p> </li> <li> <p> <code>ALLOW_USER_PASSWORD_AUTH</code>: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.</p> </li> <li> <p> <code>ALLOW_USER_SRP_AUTH</code>: Enable SRP-based authentication.</p> </li> <li> <p> <code>ALLOW_REFRESH_TOKEN_AUTH</code>: Enable authflow to refresh tokens.</p> </li> </ul>"
         },
         "SupportedIdentityProviders":{
           "shape":"SupportedIdentityProvidersListType",
@@ -7869,20 +7869,20 @@
         },
         "AllowedOAuthFlowsUserPoolClient":{
           "shape":"BooleanType",
-          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.</p>",
+          "documentation":"<p>Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.</p>",
           "box":true
         },
         "AnalyticsConfiguration":{
           "shape":"AnalyticsConfigurationType",
-          "documentation":"<p>The Amazon Pinpoint analytics configuration for the user pool client.</p> <note> <p>Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.</p> </note>"
+          "documentation":"<p>The Amazon Pinpoint analytics configuration for the user pool client.</p> <note> <p>Amazon Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region in which the user pool resides.</p> </note>"
         },
         "PreventUserExistenceErrors":{
           "shape":"PreventUserExistenceErrorTypes",
-          "documentation":"<p>Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to <code>ENABLED</code> and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs will return a <code>UserNotFoundException</code> exception if the user does not exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the old behavior of Cognito where user existence related errors are not prevented.</p> </li> </ul> <note> <p>After February 15th 2020, the value of <code>PreventUserExistenceErrors</code> will default to <code>ENABLED</code> for newly created user pool clients if no value is provided.</p> </note>"
+          "documentation":"<p>Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to <code>ENABLED</code> and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to <code>LEGACY</code>, those APIs return a <code>UserNotFoundException</code> exception if the user doesn't exist in the user pool.</p> <p>Valid values include:</p> <ul> <li> <p> <code>ENABLED</code> - This prevents user existence-related errors.</p> </li> <li> <p> <code>LEGACY</code> - This represents the old behavior of Cognito where user existence related errors aren't prevented.</p> </li> </ul>"
         },
         "EnableTokenRevocation":{
           "shape":"WrappedBooleanType",
-          "documentation":"<p>Indicates whether token revocation is enabled for the user pool client. When you create a new user pool client, token revocation is enabled by default. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
+          "documentation":"<p>Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html\">RevokeToken</a>.</p>"
         }
       },
       "documentation":"<p>Contains information about a user pool client.</p>"
@@ -7956,7 +7956,7 @@
       "members":{
         "message":{"shape":"MessageType"}
       },
-      "documentation":"<p>This exception is thrown when a user pool tag cannot be set or updated.</p>",
+      "documentation":"<p>This exception is thrown when a user pool tag can't be set or updated.</p>",
       "exception":true
     },
     "UserPoolTagsListType":{
@@ -8005,15 +8005,15 @@
         },
         "AutoVerifiedAttributes":{
           "shape":"VerifiedAttributesListType",
-          "documentation":"<p>Specifies the attributes that are auto-verified in a user pool.</p>"
+          "documentation":"<p>The attributes that are auto-verified in a user pool.</p>"
         },
         "AliasAttributes":{
           "shape":"AliasAttributesListType",
-          "documentation":"<p>Specifies the attributes that are aliased in a user pool.</p>"
+          "documentation":"<p>The attributes that are aliased in a user pool.</p>"
         },
         "UsernameAttributes":{
           "shape":"UsernameAttributesListType",
-          "documentation":"<p>Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up.</p>"
+          "documentation":"<p>Specifies whether a user can use an email address or phone number as a username when they sign up.</p>"
         },
         "SmsVerificationMessage":{
           "shape":"SmsVerificationMessageType",
@@ -8037,7 +8037,7 @@
         },
         "MfaConfiguration":{
           "shape":"UserPoolMfaType",
-          "documentation":"<p>Can be one of the following values:</p> <ul> <li> <p> <code>OFF</code> - MFA tokens are not required and cannot be specified during user registration.</p> </li> <li> <p> <code>ON</code> - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.</p> </li> <li> <p> <code>OPTIONAL</code> - Users have the option when registering to create an MFA token.</p> </li> </ul>"
+          "documentation":"<p>Can be one of the following values:</p> <ul> <li> <p> <code>OFF</code> - MFA tokens aren't required and can't be specified during user registration.</p> </li> <li> <p> <code>ON</code> - MFA tokens are required for all user registrations. You can only specify required when you're initially creating a user pool.</p> </li> <li> <p> <code>OPTIONAL</code> - Users have the option when registering to create an MFA token.</p> </li> </ul>"
         },
         "DeviceConfiguration":{
           "shape":"DeviceConfigurationType",
@@ -8061,19 +8061,19 @@
         },
         "SmsConfigurationFailure":{
           "shape":"StringType",
-          "documentation":"<p>The reason why the SMS configuration cannot send the messages to your users.</p> <p>This message might include comma-separated values to describe why your SMS configuration can't send messages to user pool end users.</p> <ul> <li> <p>InvalidSmsRoleAccessPolicyException - The IAM role which Cognito uses to send SMS messages is not properly configured. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html\">SmsConfigurationType</a>.</p> </li> <li> <p>SNSSandbox - The account is in SNS Sandbox and messages won’t reach unverified end users. This parameter won’t get populated with SNSSandbox if the IAM user creating the user pool doesn’t have SNS permissions. To learn how to move your account out of the sandbox, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html\">Moving out of the SMS sandbox</a>.</p> </li> </ul>"
+          "documentation":"<p>The reason why the SMS configuration can't send the messages to your users.</p> <p>This message might include comma-separated values to describe why your SMS configuration can't send messages to user pool end users.</p> <ul> <li> <p>InvalidSmsRoleAccessPolicyException - The Identity and Access Management role that Amazon Cognito uses to send SMS messages isn't properly configured. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SmsConfigurationType.html\">SmsConfigurationType</a>.</p> </li> <li> <p>SNSSandbox - The Amazon Web Services account is in SNS Sandbox and messages will only reach verified end users. This parameter won’t get populated with SNSSandbox if the IAM user creating the user pool doesn’t have SNS permissions. To learn how to move your Amazon Web Services account out of the sandbox, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox-moving-to-production.html\">Moving out of the SMS sandbox</a>.</p> </li> </ul>"
         },
         "EmailConfigurationFailure":{
           "shape":"StringType",
-          "documentation":"<p>The reason why the email configuration cannot send the messages to your users.</p>"
+          "documentation":"<p>The reason why the email configuration can't send the messages to your users.</p>"
         },
         "Domain":{
           "shape":"DomainType",
-          "documentation":"<p>Holds the domain prefix if the user pool has a domain associated with it.</p>"
+          "documentation":"<p>The domain prefix, if the user pool has a domain associated with it.</p>"
         },
         "CustomDomain":{
           "shape":"DomainType",
-          "documentation":"<p>A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: <code>auth.example.com</code>.</p> <p>For more information about adding a custom domain to your user pool, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html\">Using Your Own Domain for the Hosted UI</a>.</p>"
+          "documentation":"<p>A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. An example of a custom domain name might be <code>auth.example.com</code>.</p> <p>For more information about adding a custom domain to your user pool, see <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html\">Using Your Own Domain for the Hosted UI</a>.</p>"
         },
         "AdminCreateUserConfig":{
           "shape":"AdminCreateUserConfigType",
@@ -8085,7 +8085,7 @@
         },
         "UsernameConfiguration":{
           "shape":"UsernameConfigurationType",
-          "documentation":"<p>You can choose to enable case sensitivity on the username input for the selected sign-in option. For example, when this is set to <code>False</code>, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html\">UsernameConfigurationType</a>.</p>"
+          "documentation":"<p>Case sensitivity of the username input for the selected sign-in option. For example, when case sensitivity is set to <code>False</code>, users can sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html\">UsernameConfigurationType</a>.</p>"
         },
         "Arn":{
           "shape":"ArnType",
@@ -8093,7 +8093,7 @@
         },
         "AccountRecoverySetting":{
           "shape":"AccountRecoverySettingType",
-          "documentation":"<p>Use this setting to define which verified available method a user can use to recover their password when they call <code>ForgotPassword</code>. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.</p>"
+          "documentation":"<p>The available verified method a user can use to recover their password when they call <code>ForgotPassword</code>. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.</p>"
         }
       },
       "documentation":"<p>A container for information about the user pool.</p>"
@@ -8115,7 +8115,7 @@
       "members":{
         "Username":{
           "shape":"UsernameType",
-          "documentation":"<p>The user name of the user you wish to describe.</p>"
+          "documentation":"<p>The user name of the user you want to describe.</p>"
         },
         "Attributes":{
           "shape":"AttributeListType",
@@ -8135,7 +8135,7 @@
         },
         "UserStatus":{
           "shape":"UserStatusType",
-          "documentation":"<p>The user status. Can be one of the following:</p> <ul> <li> <p>UNCONFIRMED - User has been created but not confirmed.</p> </li> <li> <p>CONFIRMED - User has been confirmed.</p> </li> <li> <p>ARCHIVED - User is no longer active.</p> </li> <li> <p>COMPROMISED - User is disabled due to a potential security threat.</p> </li> <li> <p>UNKNOWN - User status is not known.</p> </li> <li> <p>RESET_REQUIRED - User is confirmed, but the user must request a code and reset his or her password before he or she can sign in.</p> </li> <li> <p>FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change his or her password to a new value before doing anything else. </p> </li> </ul>"
+          "documentation":"<p>The user status. This can be one of the following:</p> <ul> <li> <p>UNCONFIRMED - User has been created but not confirmed.</p> </li> <li> <p>CONFIRMED - User has been confirmed.</p> </li> <li> <p>ARCHIVED - User is no longer active.</p> </li> <li> <p>COMPROMISED - User is disabled due to a potential security threat.</p> </li> <li> <p>UNKNOWN - User status isn't known.</p> </li> <li> <p>RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.</p> </li> <li> <p>FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else. </p> </li> </ul>"
         },
         "MFAOptions":{
           "shape":"MFAOptionListType",
@@ -8161,7 +8161,7 @@
       "members":{
         "CaseSensitive":{
           "shape":"WrappedBooleanType",
-          "documentation":"<p>Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.</p> <p>Valid values include:</p> <ul> <li> <p> <b> <code>True</code> </b>: Enables case sensitivity for all username input. When this option is set to <code>True</code>, users must sign in using the exact capitalization of their given username. For example, “UserName”. This is the default value.</p> </li> <li> <p> <b> <code>False</code> </b>: Enables case insensitivity for all username input. For example, when this option is set to <code>False</code>, users will be able to sign in using either \"username\" or \"Username\". This option also enables both <code>preferred_username</code> and <code>email</code> alias to be case insensitive, in addition to the <code>username</code> attribute.</p> </li> </ul>"
+          "documentation":"<p>Specifies whether username case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.</p> <p>Valid values include:</p> <ul> <li> <p> <b> <code>True</code> </b>: Enables case sensitivity for all username input. When this option is set to <code>True</code>, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.</p> </li> <li> <p> <b> <code>False</code> </b>: Enables case insensitivity for all username input. For example, when this option is set to <code>False</code>, users can sign in using either \"username\" or \"Username\". This option also enables both <code>preferred_username</code> and <code>email</code> alias to be case insensitive, in addition to the <code>username</code> attribute.</p> </li> </ul>"
         }
       },
       "documentation":"<p>The username configuration type. </p>"
@@ -8239,11 +8239,11 @@
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service.</p>"
         },
         "UserCode":{
           "shape":"SoftwareTokenMFAUserCodeType",
-          "documentation":"<p>The one time password computed using the secret code returned by <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html\">AssociateSoftwareToken\"</a>.</p>"
+          "documentation":"<p>The one- time password computed using the secret code returned by <a href=\"https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AssociateSoftwareToken.html\">AssociateSoftwareToken</a>.</p>"
         },
         "FriendlyDeviceName":{
           "shape":"StringType",
@@ -8260,7 +8260,7 @@
         },
         "Session":{
           "shape":"SessionType",
-          "documentation":"<p>The session which should be passed both ways in challenge-response calls to the service.</p>"
+          "documentation":"<p>The session that should be passed both ways in challenge-response calls to the service.</p>"
         }
       }
     },
@@ -8281,7 +8281,7 @@
       "members":{
         "AccessToken":{
           "shape":"TokenModelType",
-          "documentation":"<p>Represents the access token of the request to verify user attributes.</p>"
+          "documentation":"<p>The access token of the request to verify user attributes.</p>"
         },
         "AttributeName":{
           "shape":"AttributeNameType",
@@ -8302,5 +8302,5 @@
     },
     "WrappedBooleanType":{"type":"boolean"}
   },
-  "documentation":"<p>Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.</p> <p>This API reference provides information about user pools in Amazon Cognito User Pools.</p> <p>For more information, see the <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html\">Amazon Cognito Documentation</a>.</p>"
+  "documentation":"<p>Using the Amazon Cognito user pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.</p> <p>This API reference provides information about user pools in Amazon Cognito user pools.</p> <p>For more information, see the <a href=\"https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html\">Amazon Cognito Documentation</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/comprehend/2017-11-27/service-2.json b/contrib/python/botocore/py3/botocore/data/comprehend/2017-11-27/service-2.json
index 58017b6f10c..31fc4d479ea 100644
--- a/contrib/python/botocore/py3/botocore/data/comprehend/2017-11-27/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/comprehend/2017-11-27/service-2.json
@@ -242,6 +242,21 @@
       ],
       "documentation":"<p>Deletes an entity recognizer.</p> <p>Only those recognizers that are in terminated states (IN_ERROR, TRAINED) will be deleted. If an active inference job is using the model, a <code>ResourceInUseException</code> will be returned.</p> <p>This is an asynchronous action that puts the recognizer into a DELETING state, and it is then removed by a background job. Once removed, the recognizer disappears from your account and is no longer available for use. </p>"
     },
+    "DeleteResourcePolicy":{
+      "name":"DeleteResourcePolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteResourcePolicyRequest"},
+      "output":{"shape":"DeleteResourcePolicyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes a resource-based policy that is attached to a custom model.</p>"
+    },
     "DescribeDocumentClassificationJob":{
       "name":"DescribeDocumentClassificationJob",
       "http":{
@@ -386,6 +401,21 @@
       ],
       "documentation":"<p>Gets the properties associated with a PII entities detection job. For example, you can use this operation to get the job status.</p>"
     },
+    "DescribeResourcePolicy":{
+      "name":"DescribeResourcePolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeResourcePolicyRequest"},
+      "output":{"shape":"DescribeResourcePolicyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets the details of a resource-based policy that is attached to a custom model, including the JSON body of the policy.</p>"
+    },
     "DescribeSentimentDetectionJob":{
       "name":"DescribeSentimentDetectionJob",
       "http":{
@@ -514,6 +544,27 @@
       ],
       "documentation":"<p>Inspects text for syntax and the part of speech of words in the document. For more information, <a>how-syntax</a>.</p>"
     },
+    "ImportModel":{
+      "name":"ImportModel",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ImportModelRequest"},
+      "output":{"shape":"ImportModelResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"ResourceUnavailableException"},
+        {"shape":"TooManyTagsException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"ResourceLimitExceededException"},
+        {"shape":"KmsKeyValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a new custom model that replicates a source custom model that you import. The source model can be in your AWS account or another one.</p> <p>If the source model is in another AWS account, then it must have a resource-based policy that authorizes you to import it.</p> <p>The source model must be in the same AWS region that you're using when you import. You can't import a model that's in a different region.</p>"
+    },
     "ListDocumentClassificationJobs":{
       "name":"ListDocumentClassificationJobs",
       "http":{
@@ -734,6 +785,21 @@
       ],
       "documentation":"<p>Gets a list of the topic detection jobs that you have submitted.</p>"
     },
+    "PutResourcePolicy":{
+      "name":"PutResourcePolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PutResourcePolicyRequest"},
+      "output":{"shape":"PutResourcePolicyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Attaches a resource-based policy to a custom model. You can use this policy to authorize an entity in another AWS account to import the custom model, which replicates it in Amazon Comprehend in their account.</p>"
+    },
     "StartDocumentClassificationJob":{
       "name":"StartDocumentClassificationJob",
       "http":{
@@ -1589,6 +1655,10 @@
         "ModelKmsKeyId":{
           "shape":"KmsKeyId",
           "documentation":"<p>ID for the AWS Key Management Service (KMS) key that Amazon Comprehend uses to encrypt trained custom models. The ModelKmsKeyId can be either of the following formats:</p> <ul> <li> <p>KMS Key ID: <code>\"1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> <li> <p>Amazon Resource Name (ARN) of a KMS Key: <code>\"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> </ul>"
+        },
+        "ModelPolicy":{
+          "shape":"Policy",
+          "documentation":"<p>The resource-based policy to attach to your custom document classifier model. You can use this policy to allow another AWS account to import your custom model.</p> <p>Provide your policy as a JSON body that you enter as a UTF-8 encoded string without line breaks. To provide valid JSON, enclose the attribute names and values in double quotes. If the JSON body is also enclosed in double quotes, then you must escape the double quotes that are inside the policy:</p> <p> <code>\"{\\\"attribute\\\": \\\"value\\\", \\\"attribute\\\": [\\\"value\\\"]}\"</code> </p> <p>To avoid escaping quotes, you can use single quotes to enclose the policy and double quotes to enclose the JSON names and values:</p> <p> <code>'{\"attribute\": \"value\", \"attribute\": [\"value\"]}'</code> </p>"
         }
       }
     },
@@ -1694,6 +1764,10 @@
         "ModelKmsKeyId":{
           "shape":"KmsKeyId",
           "documentation":"<p>ID for the AWS Key Management Service (KMS) key that Amazon Comprehend uses to encrypt trained custom models. The ModelKmsKeyId can be either of the following formats</p> <ul> <li> <p>KMS Key ID: <code>\"1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> <li> <p>Amazon Resource Name (ARN) of a KMS Key: <code>\"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> </ul>"
+        },
+        "ModelPolicy":{
+          "shape":"Policy",
+          "documentation":"<p>The JSON resource-based policy to attach to your custom entity recognizer model. You can use this policy to allow another AWS account to import your custom model.</p> <p>Provide your JSON as a UTF-8 encoded string without line breaks. To provide valid JSON for your policy, enclose the attribute names and values in double quotes. If the JSON body is also enclosed in double quotes, then you must escape the double quotes that are inside the policy:</p> <p> <code>\"{\\\"attribute\\\": \\\"value\\\", \\\"attribute\\\": [\\\"value\\\"]}\"</code> </p> <p>To avoid escaping quotes, you can use single quotes to enclose the policy and double quotes to enclose the JSON names and values:</p> <p> <code>'{\"attribute\": \"value\", \"attribute\": [\"value\"]}'</code> </p>"
         }
       }
     },
@@ -1761,6 +1835,25 @@
       "members":{
       }
     },
+    "DeleteResourcePolicyRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ComprehendModelArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom model version that has the policy to delete.</p>"
+        },
+        "PolicyRevisionId":{
+          "shape":"PolicyRevisionId",
+          "documentation":"<p>The revision ID of the policy to delete.</p>"
+        }
+      }
+    },
+    "DeleteResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DescribeDocumentClassificationJobRequest":{
       "type":"structure",
       "required":["JobId"],
@@ -1929,6 +2022,37 @@
         "PiiEntitiesDetectionJobProperties":{"shape":"PiiEntitiesDetectionJobProperties"}
       }
     },
+    "DescribeResourcePolicyRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ComprehendModelArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the policy to describe.</p>"
+        }
+      }
+    },
+    "DescribeResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+        "ResourcePolicy":{
+          "shape":"Policy",
+          "documentation":"<p>The JSON body of the resource-based policy.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time at which the policy was created.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time at which the policy was last modified.</p>"
+        },
+        "PolicyRevisionId":{
+          "shape":"PolicyRevisionId",
+          "documentation":"<p>The revision ID of the policy. Each time you modify a policy, Amazon Comprehend assigns a new revision ID, and it deletes the prior version of the policy.</p>"
+        }
+      }
+    },
     "DescribeSentimentDetectionJobRequest":{
       "type":"structure",
       "required":["JobId"],
@@ -2384,6 +2508,10 @@
         "VersionName":{
           "shape":"VersionName",
           "documentation":"<p>The version name that you assigned to the document classifier.</p>"
+        },
+        "SourceModelArn":{
+          "shape":"DocumentClassifierArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the source model. This model was imported from a different AWS account to create the document classifier model in your AWS account.</p>"
         }
       },
       "documentation":"<p>Provides information about a document classifier.</p>"
@@ -3030,6 +3158,10 @@
         "VersionName":{
           "shape":"VersionName",
           "documentation":"<p>The version name you assigned to the entity recognizer.</p>"
+        },
+        "SourceModelArn":{
+          "shape":"EntityRecognizerArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the source model. This model was imported from a different AWS account to create the entity recognizer model in your AWS account.</p>"
         }
       },
       "documentation":"<p>Describes information about an entity recognizer.</p>"
@@ -3085,7 +3217,7 @@
     "EntityTypeName":{
       "type":"string",
       "max":64,
-      "pattern":"^(?:(?!\\\\n+|\\\\t+|\\\\r+|[\\r\\t\\n,]).)+$"
+      "pattern":"^(?![^\\n\\r\\t,]*\\\\n|\\\\r|\\\\t)[^\\n\\r\\t,]+$"
     },
     "EntityTypesEvaluationMetrics":{
       "type":"structure",
@@ -3213,6 +3345,45 @@
       "min":20,
       "pattern":"arn:aws(-[^:]+)?:iam::[0-9]{12}:role/.+"
     },
+    "ImportModelRequest":{
+      "type":"structure",
+      "required":["SourceModelArn"],
+      "members":{
+        "SourceModelArn":{
+          "shape":"ComprehendModelArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom model to import.</p>"
+        },
+        "ModelName":{
+          "shape":"ComprehendArnName",
+          "documentation":"<p>The name to assign to the custom model that is created in Amazon Comprehend by this import.</p>"
+        },
+        "VersionName":{
+          "shape":"VersionName",
+          "documentation":"<p>The version name given to the custom model that is created by this import. Version names can have a maximum of 256 characters. Alphanumeric characters, hyphens (-) and underscores (_) are allowed. The version name must be unique among all models with the same classifier name in the account/AWS Region.</p>"
+        },
+        "ModelKmsKeyId":{
+          "shape":"KmsKeyId",
+          "documentation":"<p>ID for the AWS Key Management Service (KMS) key that Amazon Comprehend uses to encrypt trained custom models. The ModelKmsKeyId can be either of the following formats:</p> <ul> <li> <p>KMS Key ID: <code>\"1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> <li> <p>Amazon Resource Name (ARN) of a KMS Key: <code>\"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\"</code> </p> </li> </ul>"
+        },
+        "DataAccessRoleArn":{
+          "shape":"IamRoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Management (IAM) role that allows Amazon Comprehend to use Amazon Key Management Service (KMS) to encrypt or decrypt the custom model.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Tags to be associated with the custom model that is created by this import. A tag is a key-value pair that adds as a metadata to a resource used by Amazon Comprehend. For example, a tag with \"Sales\" as the key might be added to a resource to indicate its use by the sales department.</p>"
+        }
+      }
+    },
+    "ImportModelResponse":{
+      "type":"structure",
+      "members":{
+        "ModelArn":{
+          "shape":"ComprehendModelArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom model being imported.</p>"
+        }
+      }
+    },
     "InferenceUnitsInteger":{
       "type":"integer",
       "min":1
@@ -4152,6 +4323,47 @@
       },
       "documentation":"<p>Provides configuration parameters for the output of PII entity detection jobs.</p>"
     },
+    "Policy":{
+      "type":"string",
+      "max":20000,
+      "min":1,
+      "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+"
+    },
+    "PolicyRevisionId":{
+      "type":"string",
+      "max":64,
+      "pattern":"[0-9A-Fa-f]+"
+    },
+    "PutResourcePolicyRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "ResourcePolicy"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"ComprehendModelArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom model to attach the policy to.</p>"
+        },
+        "ResourcePolicy":{
+          "shape":"Policy",
+          "documentation":"<p>The JSON resource-based policy to attach to your custom model. Provide your JSON as a UTF-8 encoded string without line breaks. To provide valid JSON for your policy, enclose the attribute names and values in double quotes. If the JSON body is also enclosed in double quotes, then you must escape the double quotes that are inside the policy:</p> <p> <code>\"{\\\"attribute\\\": \\\"value\\\", \\\"attribute\\\": [\\\"value\\\"]}\"</code> </p> <p>To avoid escaping quotes, you can use single quotes to enclose the policy and double quotes to enclose the JSON names and values:</p> <p> <code>'{\"attribute\": \"value\", \"attribute\": [\"value\"]}'</code> </p>"
+        },
+        "PolicyRevisionId":{
+          "shape":"PolicyRevisionId",
+          "documentation":"<p>The revision ID that Amazon Comprehend assigned to the policy that you are updating. If you are creating a new policy that has no prior version, don't use this parameter. Amazon Comprehend creates the revision ID for you.</p>"
+        }
+      }
+    },
+    "PutResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+        "PolicyRevisionId":{
+          "shape":"PolicyRevisionId",
+          "documentation":"<p>The revision ID of the policy. Each time you modify a policy, Amazon Comprehend assigns a new revision ID, and it deletes the prior version of the policy.</p>"
+        }
+      }
+    },
     "RedactionConfig":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/comprehendmedical/2018-10-30/service-2.json b/contrib/python/botocore/py3/botocore/data/comprehendmedical/2018-10-30/service-2.json
index 5dbf33b10c5..5dfb28c4780 100644
--- a/contrib/python/botocore/py3/botocore/data/comprehendmedical/2018-10-30/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/comprehendmedical/2018-10-30/service-2.json
@@ -78,6 +78,22 @@
       ],
       "documentation":"<p>Gets the properties associated with an InferRxNorm job. Use this operation to get the status of an inference job.</p>"
     },
+    "DescribeSNOMEDCTInferenceJob":{
+      "name":"DescribeSNOMEDCTInferenceJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeSNOMEDCTInferenceJobRequest"},
+      "output":{"shape":"DescribeSNOMEDCTInferenceJobResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Gets the properties associated with an InferSNOMEDCT job. Use this operation to get the status of an inference job. </p>"
+    },
     "DetectEntities":{
       "name":"DetectEntities",
       "http":{
@@ -170,6 +186,24 @@
       ],
       "documentation":"<p>InferRxNorm detects medications as entities listed in a patient record and links to the normalized concept identifiers in the RxNorm database from the National Library of Medicine. Amazon Comprehend Medical only detects medical entities in English language texts. </p>"
     },
+    "InferSNOMEDCT":{
+      "name":"InferSNOMEDCT",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"InferSNOMEDCTRequest"},
+      "output":{"shape":"InferSNOMEDCTResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidEncodingException"},
+        {"shape":"TextSizeLimitExceededException"}
+      ],
+      "documentation":"<p> InferSNOMEDCT detects possible medical concepts as entities and links them to codes from the Systematized Nomenclature of Medicine, Clinical Terms (SNOMED-CT) ontology</p>"
+    },
     "ListEntitiesDetectionV2Jobs":{
       "name":"ListEntitiesDetectionV2Jobs",
       "http":{
@@ -234,6 +268,22 @@
       ],
       "documentation":"<p>Gets a list of InferRxNorm jobs that you have submitted.</p>"
     },
+    "ListSNOMEDCTInferenceJobs":{
+      "name":"ListSNOMEDCTInferenceJobs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListSNOMEDCTInferenceJobsRequest"},
+      "output":{"shape":"ListSNOMEDCTInferenceJobsResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Gets a list of InferSNOMEDCT jobs a user has submitted. </p>"
+    },
     "StartEntitiesDetectionV2Job":{
       "name":"StartEntitiesDetectionV2Job",
       "http":{
@@ -298,6 +348,22 @@
       ],
       "documentation":"<p>Starts an asynchronous job to detect medication entities and link them to the RxNorm ontology. Use the <code>DescribeRxNormInferenceJob</code> operation to track the status of a job.</p>"
     },
+    "StartSNOMEDCTInferenceJob":{
+      "name":"StartSNOMEDCTInferenceJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"StartSNOMEDCTInferenceJobRequest"},
+      "output":{"shape":"StartSNOMEDCTInferenceJobResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Starts an asynchronous job to detect medical concepts and link them to the SNOMED-CT ontology. Use the DescribeSNOMEDCTInferenceJob operation to track the status of a job. </p>"
+    },
     "StopEntitiesDetectionV2Job":{
       "name":"StopEntitiesDetectionV2Job",
       "http":{
@@ -357,6 +423,22 @@
         {"shape":"InternalServerException"}
       ],
       "documentation":"<p>Stops an InferRxNorm inference job in progress.</p>"
+    },
+    "StopSNOMEDCTInferenceJob":{
+      "name":"StopSNOMEDCTInferenceJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"StopSNOMEDCTInferenceJobRequest"},
+      "output":{"shape":"StopSNOMEDCTInferenceJobResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Stops an InferSNOMEDCT inference job in progress. </p>"
     }
   },
   "shapes":{
@@ -370,11 +452,11 @@
         },
         "Score":{
           "shape":"Float",
-          "documentation":"<p> The level of confidence that Amazon Comprehend Medical has that the segment of text is correctly recognized as an attribute. </p>"
+          "documentation":"<p> The level of confidence that Comprehend Medical; has that the segment of text is correctly recognized as an attribute. </p>"
         },
         "RelationshipScore":{
           "shape":"Float",
-          "documentation":"<p> The level of confidence that Amazon Comprehend Medical has that this attribute is correctly related to this entity. </p>"
+          "documentation":"<p> The level of confidence that Comprehend Medical; has that this attribute is correctly related to this entity. </p>"
         },
         "RelationshipType":{
           "shape":"RelationshipType",
@@ -425,6 +507,16 @@
       "max":20000,
       "min":1
     },
+    "Characters":{
+      "type":"structure",
+      "members":{
+        "OriginalTextCharacters":{
+          "shape":"Integer",
+          "documentation":"<p> The number of characters present in the input text document as processed by Comprehend Medical. </p>"
+        }
+      },
+      "documentation":"<p> The number of characters in the input text to be analyzed. </p>"
+    },
     "ClientRequestTokenString":{
       "type":"string",
       "max":64,
@@ -498,7 +590,7 @@
         },
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) that gives Amazon Comprehend Medical read access to your input data.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that gives Comprehend Medical; read access to your input data.</p>"
         },
         "ManifestFilePath":{
           "shape":"ManifestFilePath",
@@ -525,7 +617,7 @@
       "members":{
         "JobId":{
           "shape":"JobId",
-          "documentation":"<p>The identifier that Amazon Comprehend Medical generated for the job. The <code>StartEntitiesDetectionV2Job</code> operation returns this identifier in its response.</p>"
+          "documentation":"<p>The identifier that Comprehend Medical; generated for the job. The <code>StartEntitiesDetectionV2Job</code> operation returns this identifier in its response.</p>"
         }
       }
     },
@@ -563,7 +655,7 @@
       "members":{
         "JobId":{
           "shape":"JobId",
-          "documentation":"<p>The identifier that Amazon Comprehend Medical generated for the job. The <code>StartPHIDetectionJob</code> operation returns this identifier in its response.</p>"
+          "documentation":"<p>The identifier that Comprehend Medical; generated for the job. The <code>StartPHIDetectionJob</code> operation returns this identifier in its response.</p>"
         }
       }
     },
@@ -595,6 +687,22 @@
         }
       }
     },
+    "DescribeSNOMEDCTInferenceJobRequest":{
+      "type":"structure",
+      "required":["JobId"],
+      "members":{
+        "JobId":{
+          "shape":"JobId",
+          "documentation":"<p> The identifier that Amazon Comprehend Medical generated for the job. The StartSNOMEDCTInferenceJob operation returns this identifier in its response. </p>"
+        }
+      }
+    },
+    "DescribeSNOMEDCTInferenceJobResponse":{
+      "type":"structure",
+      "members":{
+        "ComprehendMedicalAsyncJobProperties":{"shape":"ComprehendMedicalAsyncJobProperties"}
+      }
+    },
     "DetectEntitiesRequest":{
       "type":"structure",
       "required":["Text"],
@@ -614,7 +722,7 @@
       "members":{
         "Entities":{
           "shape":"EntityList",
-          "documentation":"<p> The collection of medical entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Amazon Comprehend Medical has in the detection and analysis. Attributes and traits of the entity are also returned.</p>"
+          "documentation":"<p> The collection of medical entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Comprehend Medical; has in the detection and analysis. Attributes and traits of the entity are also returned.</p>"
         },
         "UnmappedAttributes":{
           "shape":"UnmappedAttributeList",
@@ -684,7 +792,7 @@
       "members":{
         "Entities":{
           "shape":"EntityList",
-          "documentation":"<p> The collection of PHI entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Amazon Comprehend Medical has in its detection. </p>"
+          "documentation":"<p> The collection of PHI entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Comprehend Medical; has in its detection. </p>"
         },
         "PaginationToken":{
           "shape":"String",
@@ -713,7 +821,7 @@
         },
         "Score":{
           "shape":"Float",
-          "documentation":"<p>The level of confidence that Amazon Comprehend Medical has in the accuracy of the detection.</p>"
+          "documentation":"<p>The level of confidence that Comprehend Medical; has in the accuracy of the detection.</p>"
         },
         "Text":{
           "shape":"String",
@@ -746,6 +854,7 @@
       "type":"string",
       "enum":[
         "NAME",
+        "DX_NAME",
         "DOSAGE",
         "ROUTE_OR_MODE",
         "FORM",
@@ -759,13 +868,16 @@
         "TEST_NAME",
         "TEST_VALUE",
         "TEST_UNITS",
+        "TEST_UNIT",
         "PROCEDURE_NAME",
         "TREATMENT_NAME",
         "DATE",
         "AGE",
         "CONTACT_POINT",
+        "PHONE_OR_FAX",
         "EMAIL",
         "IDENTIFIER",
+        "ID",
         "URL",
         "ADDRESS",
         "PROFESSION",
@@ -954,7 +1066,7 @@
         },
         "Score":{
           "shape":"Float",
-          "documentation":"<p>The level of confidence that Amazon Comprehend Medical has that the segment of text is correctly recognized as a trait.</p>"
+          "documentation":"<p>The level of confidence that Comprehend Medical; has that the segment of text is correctly recognized as a trait.</p>"
         }
       },
       "documentation":"<p>Contextual information for the entity. The traits recognized by InferICD10CM are <code>DIAGNOSIS</code>, <code>SIGN</code>, <code>SYMPTOM</code>, and <code>NEGATION</code>.</p>"
@@ -1034,6 +1146,42 @@
         }
       }
     },
+    "InferSNOMEDCTRequest":{
+      "type":"structure",
+      "required":["Text"],
+      "members":{
+        "Text":{
+          "shape":"OntologyLinkingBoundedLengthString",
+          "documentation":"<p> The input text to be analyzed using InferSNOMEDCT. The text should be a string with 1 to 10000 characters. </p>"
+        }
+      }
+    },
+    "InferSNOMEDCTResponse":{
+      "type":"structure",
+      "required":["Entities"],
+      "members":{
+        "Entities":{
+          "shape":"SNOMEDCTEntityList",
+          "documentation":"<p> The collection of medical concept entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Comprehend Medical has in the detection and analysis. Attributes and traits of the entity are also returned. </p>"
+        },
+        "PaginationToken":{
+          "shape":"String",
+          "documentation":"<p> If the result of the request is truncated, the pagination token can be used to fetch the next page of entities. </p>"
+        },
+        "ModelVersion":{
+          "shape":"String",
+          "documentation":"<p> The version of the model used to analyze the documents, in the format n.n.n You can use this information to track the model used for a particular batch of documents. </p>"
+        },
+        "SNOMEDCTDetails":{
+          "shape":"SNOMEDCTDetails",
+          "documentation":"<p> The details of the SNOMED-CT revision, including the edition, language, and version date. </p>"
+        },
+        "Characters":{
+          "shape":"Characters",
+          "documentation":"<p> The number of characters in the input request documentation. </p>"
+        }
+      }
+    },
     "InputDataConfig":{
       "type":"structure",
       "required":["S3Bucket"],
@@ -1229,6 +1377,33 @@
         }
       }
     },
+    "ListSNOMEDCTInferenceJobsRequest":{
+      "type":"structure",
+      "members":{
+        "Filter":{"shape":"ComprehendMedicalAsyncJobFilter"},
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p> Identifies the next page of InferSNOMEDCT results to return. </p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResultsInteger",
+          "documentation":"<p> The maximum number of results to return in each page. The default is 100. </p>"
+        }
+      }
+    },
+    "ListSNOMEDCTInferenceJobsResponse":{
+      "type":"structure",
+      "members":{
+        "ComprehendMedicalAsyncJobPropertiesList":{
+          "shape":"ComprehendMedicalAsyncJobPropertiesList",
+          "documentation":"<p> A list containing the properties of each job that is returned. </p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p> Identifies the next page of results to return. </p>"
+        }
+      }
+    },
     "ManifestFilePath":{
       "type":"string",
       "max":4096,
@@ -1255,7 +1430,7 @@
         },
         "S3Key":{
           "shape":"S3Key",
-          "documentation":"<p>The path to the output data files in the S3 bucket. Amazon Comprehend Medical creates an output directory using the job ID so that the output from one job does not overwrite the output of another.</p>"
+          "documentation":"<p>The path to the output data files in the S3 bucket. Comprehend Medical; creates an output directory using the job ID so that the output from one job does not overwrite the output of another.</p>"
         }
       },
       "documentation":"<p>The output properties for a detection job.</p>"
@@ -1279,6 +1454,7 @@
         "ACUITY",
         "TEST_VALUE",
         "TEST_UNITS",
+        "TEST_UNIT",
         "DIRECTION",
         "SYSTEM_ORGAN_SITE"
       ]
@@ -1461,12 +1637,222 @@
       "max":1024,
       "pattern":".*"
     },
+    "SNOMEDCTAttribute":{
+      "type":"structure",
+      "members":{
+        "Category":{
+          "shape":"SNOMEDCTEntityCategory",
+          "documentation":"<p> The category of the detected attribute. Possible categories include MEDICAL_CONDITION, ANATOMY, and TEST_TREATMENT_PROCEDURE. </p>"
+        },
+        "Type":{
+          "shape":"SNOMEDCTAttributeType",
+          "documentation":"<p> The type of attribute. Possible types include DX_NAME, ACUITY, DIRECTION, SYSTEM_ORGAN_SITE,TEST_NAME, TEST_VALUE, TEST_UNIT, PROCEDURE_NAME, and TREATMENT_NAME. </p>"
+        },
+        "Score":{
+          "shape":"Float",
+          "documentation":"<p> The level of confidence that Comprehend Medical has that the segment of text is correctly recognized as an attribute. </p>"
+        },
+        "RelationshipScore":{
+          "shape":"Float",
+          "documentation":"<p> The level of confidence that Comprehend Medical has that this attribute is correctly related to this entity. </p>"
+        },
+        "RelationshipType":{
+          "shape":"SNOMEDCTRelationshipType",
+          "documentation":"<p> The type of relationship that exists between the entity and the related attribute. </p>"
+        },
+        "Id":{
+          "shape":"Integer",
+          "documentation":"<p> The numeric identifier for this attribute. This is a monotonically increasing id unique within this response rather than a global unique identifier. </p>"
+        },
+        "BeginOffset":{
+          "shape":"Integer",
+          "documentation":"<p> The 0-based character offset in the input text that shows where the attribute begins. The offset returns the UTF-8 code point in the string. </p>"
+        },
+        "EndOffset":{
+          "shape":"Integer",
+          "documentation":"<p> The 0-based character offset in the input text that shows where the attribute ends. The offset returns the UTF-8 code point in the string. </p>"
+        },
+        "Text":{
+          "shape":"String",
+          "documentation":"<p> The segment of input text extracted as this attribute. </p>"
+        },
+        "Traits":{
+          "shape":"SNOMEDCTTraitList",
+          "documentation":"<p> Contextual information for an attribute. Examples include signs, symptoms, diagnosis, and negation. </p>"
+        },
+        "SNOMEDCTConcepts":{
+          "shape":"SNOMEDCTConceptList",
+          "documentation":"<p> The SNOMED-CT concepts specific to an attribute, along with a score indicating the likelihood of the match. </p>"
+        }
+      },
+      "documentation":"<p> The extracted attributes that relate to an entity. An extracted segment of the text that is an attribute of an entity, or otherwise related to an entity, such as the dosage of a medication taken. </p>"
+    },
+    "SNOMEDCTAttributeList":{
+      "type":"list",
+      "member":{"shape":"SNOMEDCTAttribute"}
+    },
+    "SNOMEDCTAttributeType":{
+      "type":"string",
+      "enum":[
+        "ACUITY",
+        "QUALITY",
+        "DIRECTION",
+        "SYSTEM_ORGAN_SITE",
+        "TEST_VALUE",
+        "TEST_UNIT"
+      ]
+    },
+    "SNOMEDCTConcept":{
+      "type":"structure",
+      "members":{
+        "Description":{
+          "shape":"String",
+          "documentation":"<p> The description of the SNOMED-CT concept. </p>"
+        },
+        "Code":{
+          "shape":"String",
+          "documentation":"<p> The numeric ID for the SNOMED-CT concept. </p>"
+        },
+        "Score":{
+          "shape":"Float",
+          "documentation":"<p> The level of confidence Comprehend Medical has that the entity should be linked to the identified SNOMED-CT concept. </p>"
+        }
+      },
+      "documentation":"<p> The SNOMED-CT concepts that the entity could refer to, along with a score indicating the likelihood of the match. </p>"
+    },
+    "SNOMEDCTConceptList":{
+      "type":"list",
+      "member":{"shape":"SNOMEDCTConcept"}
+    },
+    "SNOMEDCTDetails":{
+      "type":"structure",
+      "members":{
+        "Edition":{
+          "shape":"String",
+          "documentation":"<p> The edition of SNOMED-CT used. The edition used for the InferSNOMEDCT editions is the US edition. </p>"
+        },
+        "Language":{
+          "shape":"String",
+          "documentation":"<p> The language used in the SNOMED-CT ontology. All Amazon Comprehend Medical operations are US English (en). </p>"
+        },
+        "VersionDate":{
+          "shape":"String",
+          "documentation":"<p> The version date of the SNOMED-CT ontology used. </p>"
+        }
+      },
+      "documentation":"<p> The information about the revision of the SNOMED-CT ontology in the response. Specifically, the details include the SNOMED-CT edition, language, and version date. </p>"
+    },
+    "SNOMEDCTEntity":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"Integer",
+          "documentation":"<p> The numeric identifier for the entity. This is a monotonically increasing id unique within this response rather than a global unique identifier. </p>"
+        },
+        "Text":{
+          "shape":"OntologyLinkingBoundedLengthString",
+          "documentation":"<p> The segment of input text extracted as this entity. </p>"
+        },
+        "Category":{
+          "shape":"SNOMEDCTEntityCategory",
+          "documentation":"<p> The category of the detected entity. Possible categories are MEDICAL_CONDITION, ANATOMY, or TEST_TREATMENT_PROCEDURE. </p>"
+        },
+        "Type":{
+          "shape":"SNOMEDCTEntityType",
+          "documentation":"<p> Describes the specific type of entity with category of entities. Possible types include DX_NAME, ACUITY, DIRECTION, SYSTEM_ORGAN_SITE, TEST_NAME, TEST_VALUE, TEST_UNIT, PROCEDURE_NAME, or TREATMENT_NAME. </p>"
+        },
+        "Score":{
+          "shape":"Float",
+          "documentation":"<p> The level of confidence that Comprehend Medical has in the accuracy of the detected entity. </p>"
+        },
+        "BeginOffset":{
+          "shape":"Integer",
+          "documentation":"<p> The 0-based character offset in the input text that shows where the entity begins. The offset returns the UTF-8 code point in the string. </p>"
+        },
+        "EndOffset":{
+          "shape":"Integer",
+          "documentation":"<p> The 0-based character offset in the input text that shows where the entity ends. The offset returns the UTF-8 code point in the string. </p>"
+        },
+        "Attributes":{
+          "shape":"SNOMEDCTAttributeList",
+          "documentation":"<p> An extracted segment of the text that is an attribute of an entity, or otherwise related to an entity, such as the dosage of a medication taken. </p>"
+        },
+        "Traits":{
+          "shape":"SNOMEDCTTraitList",
+          "documentation":"<p> Contextual information for the entity. </p>"
+        },
+        "SNOMEDCTConcepts":{
+          "shape":"SNOMEDCTConceptList",
+          "documentation":"<p> The SNOMED concepts that the entity could refer to, along with a score indicating the likelihood of the match. </p>"
+        }
+      },
+      "documentation":"<p> The collection of medical entities extracted from the input text and their associated information. For each entity, the response provides the entity text, the entity category, where the entity text begins and ends, and the level of confidence that Comprehend Medical has in the detection and analysis. Attributes and traits of the entity are also returned. </p>"
+    },
+    "SNOMEDCTEntityCategory":{
+      "type":"string",
+      "enum":[
+        "MEDICAL_CONDITION",
+        "ANATOMY",
+        "TEST_TREATMENT_PROCEDURE"
+      ]
+    },
+    "SNOMEDCTEntityList":{
+      "type":"list",
+      "member":{"shape":"SNOMEDCTEntity"}
+    },
+    "SNOMEDCTEntityType":{
+      "type":"string",
+      "enum":[
+        "DX_NAME",
+        "TEST_NAME",
+        "PROCEDURE_NAME",
+        "TREATMENT_NAME"
+      ]
+    },
+    "SNOMEDCTRelationshipType":{
+      "type":"string",
+      "enum":[
+        "ACUITY",
+        "QUALITY",
+        "TEST_VALUE",
+        "TEST_UNITS",
+        "DIRECTION",
+        "SYSTEM_ORGAN_SITE"
+      ]
+    },
+    "SNOMEDCTTrait":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"SNOMEDCTTraitName",
+          "documentation":"<p> The name or contextual description of a detected trait. </p>"
+        },
+        "Score":{
+          "shape":"Float",
+          "documentation":"<p> The level of confidence that Comprehend Medical has in the accuracy of a detected trait. </p>"
+        }
+      },
+      "documentation":"<p> Contextual information for an entity. </p>"
+    },
+    "SNOMEDCTTraitList":{
+      "type":"list",
+      "member":{"shape":"SNOMEDCTTrait"}
+    },
+    "SNOMEDCTTraitName":{
+      "type":"string",
+      "enum":[
+        "NEGATION",
+        "DIAGNOSIS",
+        "SIGN",
+        "SYMPTOM"
+      ]
+    },
     "ServiceUnavailableException":{
       "type":"structure",
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p> The Amazon Comprehend Medical service is temporarily unavailable. Please wait and then retry your request. </p>",
+      "documentation":"<p> The Comprehend Medical; service is temporarily unavailable. Please wait and then retry your request. </p>",
       "exception":true
     },
     "StartEntitiesDetectionV2JobRequest":{
@@ -1480,15 +1866,15 @@
       "members":{
         "InputDataConfig":{
           "shape":"InputDataConfig",
-          "documentation":"<p>Specifies the format and location of the input data for the job.</p>"
+          "documentation":"<p>The input configuration that specifies the format and location of the input data for the job.</p>"
         },
         "OutputDataConfig":{
           "shape":"OutputDataConfig",
-          "documentation":"<p>Specifies where to send the output files.</p>"
+          "documentation":"<p>The output configuration that specifies where to send the output files.</p>"
         },
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Amazon Comprehend Medical read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Comprehend Medical; read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
         },
         "JobName":{
           "shape":"JobName",
@@ -1496,7 +1882,7 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenString",
-          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Amazon Comprehend Medical generates one.</p>",
+          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Comprehend Medical; generates one for you.</p>",
           "idempotencyToken":true
         },
         "KMSKey":{
@@ -1505,7 +1891,7 @@
         },
         "LanguageCode":{
           "shape":"LanguageCode",
-          "documentation":"<p>The language of the input documents. All documents must be in the same language.</p>"
+          "documentation":"<p>The language of the input documents. All documents must be in the same language. Comprehend Medical; processes files in US English (en).</p>"
         }
       }
     },
@@ -1537,7 +1923,7 @@
         },
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Amazon Comprehend Medical read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Comprehend Medical; read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
         },
         "JobName":{
           "shape":"JobName",
@@ -1545,7 +1931,7 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenString",
-          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Amazon Comprehend Medical generates one.</p>",
+          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Comprehend Medical; generates one.</p>",
           "idempotencyToken":true
         },
         "KMSKey":{
@@ -1586,7 +1972,7 @@
         },
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Amazon Comprehend Medical read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Comprehend Medical; read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
         },
         "JobName":{
           "shape":"JobName",
@@ -1594,7 +1980,7 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenString",
-          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Amazon Comprehend Medical generates one.</p>",
+          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Comprehend Medical; generates one.</p>",
           "idempotencyToken":true
         },
         "KMSKey":{
@@ -1635,7 +2021,7 @@
         },
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Amazon Comprehend Medical read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Comprehend Medical; read access to your input data. For more information, see <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/access-control-managing-permissions-med.html#auth-role-permissions-med\"> Role-Based Permissions Required for Asynchronous Operations</a>.</p>"
         },
         "JobName":{
           "shape":"JobName",
@@ -1643,7 +2029,7 @@
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenString",
-          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Amazon Comprehend Medical generates one.</p>",
+          "documentation":"<p>A unique identifier for the request. If you don't set the client request token, Comprehend Medical; generates one.</p>",
           "idempotencyToken":true
         },
         "KMSKey":{
@@ -1665,6 +2051,49 @@
         }
       }
     },
+    "StartSNOMEDCTInferenceJobRequest":{
+      "type":"structure",
+      "required":[
+        "InputDataConfig",
+        "OutputDataConfig",
+        "DataAccessRoleArn",
+        "LanguageCode"
+      ],
+      "members":{
+        "InputDataConfig":{"shape":"InputDataConfig"},
+        "OutputDataConfig":{"shape":"OutputDataConfig"},
+        "DataAccessRoleArn":{
+          "shape":"IamRoleArn",
+          "documentation":"<p> The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants Amazon Comprehend Medical read access to your input data. </p>"
+        },
+        "JobName":{
+          "shape":"JobName",
+          "documentation":"<p> The user generated name the asynchronous InferSNOMEDCT job. </p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestTokenString",
+          "documentation":"<p> A unique identifier for the request. If you don't set the client request token, Amazon Comprehend Medical generates one. </p>",
+          "idempotencyToken":true
+        },
+        "KMSKey":{
+          "shape":"KMSKey",
+          "documentation":"<p> An AWS Key Management Service key used to encrypt your output files. If you do not specify a key, the files are written in plain text. </p>"
+        },
+        "LanguageCode":{
+          "shape":"LanguageCode",
+          "documentation":"<p> The language of the input documents. All documents must be in the same language. </p>"
+        }
+      }
+    },
+    "StartSNOMEDCTInferenceJobResponse":{
+      "type":"structure",
+      "members":{
+        "JobId":{
+          "shape":"JobId",
+          "documentation":"<p> The identifier generated for the job. To get the status of a job, use this identifier with the StartSNOMEDCTInferenceJob operation. </p>"
+        }
+      }
+    },
     "StopEntitiesDetectionV2JobRequest":{
       "type":"structure",
       "required":["JobId"],
@@ -1741,6 +2170,25 @@
         }
       }
     },
+    "StopSNOMEDCTInferenceJobRequest":{
+      "type":"structure",
+      "required":["JobId"],
+      "members":{
+        "JobId":{
+          "shape":"JobId",
+          "documentation":"<p> The job id of the asynchronous InferSNOMEDCT job to be stopped. </p>"
+        }
+      }
+    },
+    "StopSNOMEDCTInferenceJobResponse":{
+      "type":"structure",
+      "members":{
+        "JobId":{
+          "shape":"JobId",
+          "documentation":"<p> The identifier generated for the job. To get the status of job, use this identifier with the DescribeSNOMEDCTInferenceJob operation. </p>"
+        }
+      }
+    },
     "String":{
       "type":"string",
       "min":1
@@ -1771,7 +2219,7 @@
         },
         "Score":{
           "shape":"Float",
-          "documentation":"<p> The level of confidence that Amazon Comprehend Medical has in the accuracy of this trait.</p>"
+          "documentation":"<p> The level of confidence that Comprehend Medical; has in the accuracy of this trait.</p>"
         }
       },
       "documentation":"<p> Provides contextual information about the extracted entity. </p>"
@@ -1785,14 +2233,14 @@
       "members":{
         "Type":{
           "shape":"EntityType",
-          "documentation":"<p> The type of the attribute, could be one of the following values: \"MEDICATION\", \"MEDICAL_CONDITION\", \"ANATOMY\", \"TEST_AND_TREATMENT_PROCEDURE\" or \"PROTECTED_HEALTH_INFORMATION\". </p>"
+          "documentation":"<p> The type of the unmapped attribute, could be one of the following values: \"MEDICATION\", \"MEDICAL_CONDITION\", \"ANATOMY\", \"TEST_AND_TREATMENT_PROCEDURE\" or \"PROTECTED_HEALTH_INFORMATION\". </p>"
         },
         "Attribute":{
           "shape":"Attribute",
           "documentation":"<p> The specific attribute that has been extracted but not mapped to an entity. </p>"
         }
       },
-      "documentation":"<p> An attribute that we extracted, but were unable to relate to an entity. </p>"
+      "documentation":"<p> An attribute that was extracted, but Comprehend Medical; was unable to relate to an entity. </p>"
     },
     "UnmappedAttributeList":{
       "type":"list",
@@ -1807,5 +2255,5 @@
       "exception":true
     }
   },
-  "documentation":"<p> Amazon Comprehend Medical extracts structured information from unstructured clinical text. Use these actions to gain insight in your documents. </p>"
+  "documentation":"<p> Comprehend Medical; extracts structured information from unstructured clinical text. Use these actions to gain insight in your documents. </p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/compute-optimizer/2019-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/compute-optimizer/2019-11-01/service-2.json
index 613ec4f4c65..6493799b2f2 100644
--- a/contrib/python/botocore/py3/botocore/data/compute-optimizer/2019-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/compute-optimizer/2019-11-01/service-2.json
@@ -13,6 +13,26 @@
     "uid":"compute-optimizer-2019-11-01"
   },
   "operations":{
+    "DeleteRecommendationPreferences":{
+      "name":"DeleteRecommendationPreferences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteRecommendationPreferencesRequest"},
+      "output":{"shape":"DeleteRecommendationPreferencesResponse"},
+      "errors":[
+        {"shape":"OptInRequiredException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"MissingAuthenticationToken"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Deletes a recommendation preference, such as enhanced infrastructure metrics.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+    },
     "DescribeRecommendationExportJobs":{
       "name":"DescribeRecommendationExportJobs",
       "http":{
@@ -193,6 +213,26 @@
       ],
       "documentation":"<p>Returns the projected utilization metrics of Amazon EC2 instance recommendations.</p> <note> <p>The <code>Cpu</code> and <code>Memory</code> metrics are the only projected utilization metrics returned when you run this action. Additionally, the <code>Memory</code> metric is returned only for resources that have the unified CloudWatch agent installed on them. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/metrics.html#cw-agent\">Enabling Memory Utilization with the CloudWatch Agent</a>.</p> </note>"
     },
+    "GetEffectiveRecommendationPreferences":{
+      "name":"GetEffectiveRecommendationPreferences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetEffectiveRecommendationPreferencesRequest"},
+      "output":{"shape":"GetEffectiveRecommendationPreferencesResponse"},
+      "errors":[
+        {"shape":"OptInRequiredException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"MissingAuthenticationToken"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Returns the recommendation preferences that are in effect for a given resource, such as enhanced infrastructure metrics. Considers all applicable preferences that you might have set at the resource, account, and organization level.</p> <p>When you create a recommendation preference, you can set its status to <code>Active</code> or <code>Inactive</code>. Use this action to view the recommendation preferences that are in effect, or <code>Active</code>.</p>"
+    },
     "GetEnrollmentStatus":{
       "name":"GetEnrollmentStatus",
       "http":{
@@ -249,6 +289,26 @@
       ],
       "documentation":"<p>Returns Lambda function recommendations.</p> <p>Compute Optimizer generates recommendations for functions that meet a specific set of requirements. For more information, see the <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/requirements.html\">Supported resources and requirements</a> in the <i>Compute Optimizer User Guide</i>.</p>"
     },
+    "GetRecommendationPreferences":{
+      "name":"GetRecommendationPreferences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetRecommendationPreferencesRequest"},
+      "output":{"shape":"GetRecommendationPreferencesResponse"},
+      "errors":[
+        {"shape":"OptInRequiredException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"MissingAuthenticationToken"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Returns existing recommendation preferences, such as enhanced infrastructure metrics.</p> <p>Use the <code>scope</code> parameter to specify which preferences to return. You can specify to return preferences for an organization, a specific account ID, or a specific EC2 instance or Auto Scaling group Amazon Resource Name (ARN).</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+    },
     "GetRecommendationSummaries":{
       "name":"GetRecommendationSummaries",
       "http":{
@@ -268,6 +328,26 @@
       ],
       "documentation":"<p>Returns the optimization findings for an account.</p> <p>It returns the number of:</p> <ul> <li> <p>Amazon EC2 instances in an account that are <code>Underprovisioned</code>, <code>Overprovisioned</code>, or <code>Optimized</code>.</p> </li> <li> <p>Auto Scaling groups in an account that are <code>NotOptimized</code>, or <code>Optimized</code>.</p> </li> <li> <p>Amazon EBS volumes in an account that are <code>NotOptimized</code>, or <code>Optimized</code>.</p> </li> <li> <p>Lambda functions in an account that are <code>NotOptimized</code>, or <code>Optimized</code>.</p> </li> </ul>"
     },
+    "PutRecommendationPreferences":{
+      "name":"PutRecommendationPreferences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PutRecommendationPreferencesRequest"},
+      "output":{"shape":"PutRecommendationPreferencesResponse"},
+      "errors":[
+        {"shape":"OptInRequiredException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"MissingAuthenticationToken"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Creates a new recommendation preference or updates an existing recommendation preference, such as enhanced infrastructure metrics.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+    },
     "UpdateEnrollmentStatus":{
       "name":"UpdateEnrollmentStatus",
       "http":{
@@ -393,7 +473,19 @@
         },
         "lastRefreshTimestamp":{
           "shape":"LastRefreshTimestamp",
-          "documentation":"<p>The timestamp of when the Auto Scaling group recommendation was last refreshed.</p>"
+          "documentation":"<p>The timestamp of when the Auto Scaling group recommendation was last generated.</p>"
+        },
+        "currentPerformanceRisk":{
+          "shape":"CurrentPerformanceRisk",
+          "documentation":"<p>The risk of the current Auto Scaling group not meeting the performance needs of its workloads. The higher the risk, the more likely the current Auto Scaling group configuration has insufficient capacity and cannot meet workload requirements.</p>"
+        },
+        "effectiveRecommendationPreferences":{
+          "shape":"EffectiveRecommendationPreferences",
+          "documentation":"<p>An object that describes the effective recommendation preferences for the Auto Scaling group.</p>"
+        },
+        "inferredWorkloadTypes":{
+          "shape":"InferredWorkloadTypes",
+          "documentation":"<p>The applications that might be running on the instances in the Auto Scaling group as inferred by Compute Optimizer.</p> <p>Compute Optimizer can infer if one of the following applications might be running on the instances:</p> <ul> <li> <p> <code>AmazonEmr</code> - Infers that Amazon EMR might be running on the instances.</p> </li> <li> <p> <code>ApacheCassandra</code> - Infers that Apache Cassandra might be running on the instances.</p> </li> <li> <p> <code>ApacheHadoop</code> - Infers that Apache Hadoop might be running on the instances.</p> </li> <li> <p> <code>Memcached</code> - Infers that Memcached might be running on the instances.</p> </li> <li> <p> <code>NGINX</code> - Infers that NGINX might be running on the instances.</p> </li> <li> <p> <code>PostgreSql</code> - Infers that PostgreSQL might be running on the instances.</p> </li> <li> <p> <code>Redis</code> - Infers that Redis might be running on the instances.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Describes an Auto Scaling group recommendation.</p>"
@@ -416,6 +508,14 @@
         "rank":{
           "shape":"Rank",
           "documentation":"<p>The rank of the Auto Scaling group recommendation option.</p> <p>The top recommendation option is ranked as <code>1</code>.</p>"
+        },
+        "savingsOpportunity":{
+          "shape":"SavingsOpportunity",
+          "documentation":"<p>An object that describes the savings opportunity for the Auto Scaling group recommendation option. Savings opportunity includes the estimated monthly savings amount and percentage.</p>"
+        },
+        "migrationEffort":{
+          "shape":"MigrationEffort",
+          "documentation":"<p>The level of effort required to migrate from the current instance type to the recommended instance type.</p> <p>For example, the migration effort is <code>Low</code> if Amazon EMR is the inferred workload type and an Amazon Web Services Graviton instance type is recommended. The migration effort is <code>Medium</code> if a workload type couldn't be inferred but an Amazon Web Services Graviton instance type is recommended. The migration effort is <code>VeryLow</code> if both the current and recommended instance types are of the same CPU architecture.</p>"
         }
       },
       "documentation":"<p>Describes a recommendation option for an Auto Scaling group.</p>"
@@ -441,7 +541,71 @@
       "member":{"shape":"CpuVendorArchitecture"}
     },
     "CreationTimestamp":{"type":"timestamp"},
+    "Currency":{
+      "type":"string",
+      "enum":[
+        "USD",
+        "CNY"
+      ]
+    },
     "CurrentInstanceType":{"type":"string"},
+    "CurrentPerformanceRisk":{
+      "type":"string",
+      "enum":[
+        "VeryLow",
+        "Low",
+        "Medium",
+        "High"
+      ]
+    },
+    "CurrentPerformanceRiskRatings":{
+      "type":"structure",
+      "members":{
+        "high":{
+          "shape":"High",
+          "documentation":"<p>A count of the applicable resource types with a high performance risk rating.</p>"
+        },
+        "medium":{
+          "shape":"Medium",
+          "documentation":"<p>A count of the applicable resource types with a medium performance risk rating.</p>"
+        },
+        "low":{
+          "shape":"Low",
+          "documentation":"<p>A count of the applicable resource types with a low performance risk rating.</p>"
+        },
+        "veryLow":{
+          "shape":"VeryLow",
+          "documentation":"<p>A count of the applicable resource types with a very low performance risk rating.</p>"
+        }
+      },
+      "documentation":"<p>Describes the performance risk ratings for a given resource type.</p> <p>Resources with a <code>high</code> or <code>medium</code> rating are at risk of not meeting the performance needs of their workloads, while resources with a <code>low</code> rating are performing well in their workloads.</p>"
+    },
+    "DeleteRecommendationPreferencesRequest":{
+      "type":"structure",
+      "required":[
+        "resourceType",
+        "recommendationPreferenceNames"
+      ],
+      "members":{
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The target resource type of the recommendation preference to delete.</p> <p>The <code>Ec2Instance</code> option encompasses standalone instances and instances that are part of Auto Scaling groups. The <code>AutoScalingGroup</code> option encompasses only instances that are part of an Auto Scaling group.</p>"
+        },
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>An object that describes the scope of the recommendation preference to delete.</p> <p>You can delete recommendation preferences that are created at the organization level (for management accounts of an organization only), account level, and resource level. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "recommendationPreferenceNames":{
+          "shape":"RecommendationPreferenceNames",
+          "documentation":"<p>The name of the recommendation preference to delete.</p> <p>Enhanced infrastructure metrics (<code>EnhancedInfrastructureMetrics</code>) is the only feature that can be activated through preferences. Therefore, it is also the only recommendation preference that can be deleted.</p>"
+        }
+      }
+    },
+    "DeleteRecommendationPreferencesResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DescribeRecommendationExportJobsRequest":{
       "type":"structure",
       "members":{
@@ -540,6 +704,31 @@
       "type":"list",
       "member":{"shape":"EBSUtilizationMetric"}
     },
+    "EffectiveRecommendationPreferences":{
+      "type":"structure",
+      "members":{
+        "cpuVendorArchitectures":{
+          "shape":"CpuVendorArchitectures",
+          "documentation":"<p>Describes the CPU vendor and architecture for an instance or Auto Scaling group recommendations.</p> <p>For example, when you specify <code>AWS_ARM64</code> with:</p> <ul> <li> <p>A <a>GetEC2InstanceRecommendations</a> or <a>GetAutoScalingGroupRecommendations</a> request, Compute Optimizer returns recommendations that consist of Graviton2 instance types only.</p> </li> <li> <p>A <a>GetEC2RecommendationProjectedMetrics</a> request, Compute Optimizer returns projected utilization metrics for Graviton2 instance type recommendations only.</p> </li> <li> <p>A <a>ExportEC2InstanceRecommendations</a> or <a>ExportAutoScalingGroupRecommendations</a> request, Compute Optimizer exports recommendations that consist of Graviton2 instance types only.</p> </li> </ul>"
+        },
+        "enhancedInfrastructureMetrics":{
+          "shape":"EnhancedInfrastructureMetrics",
+          "documentation":"<p>Describes the activation status of the enhanced infrastructure metrics preference.</p> <p>A status of <code>Active</code> confirms that the preference is applied in the latest recommendation refresh, and a status of <code>Inactive</code> confirms that it's not yet applied to recommendations.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "inferredWorkloadTypes":{
+          "shape":"InferredWorkloadTypesPreference",
+          "documentation":"<p>Describes the activation status of the inferred workload types preference.</p> <p>A status of <code>Active</code> confirms that the preference is applied in the latest recommendation refresh. A status of <code>Inactive</code> confirms that it's not yet applied to recommendations.</p>"
+        }
+      },
+      "documentation":"<p>Describes the effective recommendation preferences for a resource.</p>"
+    },
+    "EnhancedInfrastructureMetrics":{
+      "type":"string",
+      "enum":[
+        "Active",
+        "Inactive"
+      ]
+    },
     "EnrollmentFilter":{
       "type":"structure",
       "members":{
@@ -563,6 +752,20 @@
       "member":{"shape":"EnrollmentFilter"}
     },
     "ErrorMessage":{"type":"string"},
+    "EstimatedMonthlySavings":{
+      "type":"structure",
+      "members":{
+        "currency":{
+          "shape":"Currency",
+          "documentation":"<p>The currency of the estimated monthly savings.</p>"
+        },
+        "value":{
+          "shape":"Value",
+          "documentation":"<p>The value of the estimated monthly savings.</p>"
+        }
+      },
+      "documentation":"<p>Describes the estimated monthly savings amount possible, based on On-Demand instance pricing, by adopting Compute Optimizer recommendations for a given resource.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/view-ec2-recommendations.html#ec2-savings-calculation\">Estimated monthly savings and savings opportunities</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+    },
     "ExportAutoScalingGroupRecommendationsRequest":{
       "type":"structure",
       "required":["s3DestinationConfig"],
@@ -675,7 +878,7 @@
         },
         "s3DestinationConfig":{
           "shape":"S3DestinationConfig",
-          "documentation":"<p>An object to specify the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for the export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permissions policy policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+          "documentation":"<p>An object to specify the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for the export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permissions policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the policy that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer User Guide</i>.</p>"
         },
         "fileFormat":{
           "shape":"FileFormat",
@@ -788,7 +991,16 @@
         "RecommendationOptionsMemory",
         "RecommendationOptionsStorage",
         "RecommendationOptionsNetwork",
-        "LastRefreshTimestamp"
+        "LastRefreshTimestamp",
+        "CurrentPerformanceRisk",
+        "RecommendationOptionsSavingsOpportunityPercentage",
+        "RecommendationOptionsEstimatedMonthlySavingsCurrency",
+        "RecommendationOptionsEstimatedMonthlySavingsValue",
+        "EffectiveRecommendationPreferencesCpuVendorArchitectures",
+        "EffectiveRecommendationPreferencesEnhancedInfrastructureMetrics",
+        "EffectiveRecommendationPreferencesInferredWorkloadTypes",
+        "InferredWorkloadTypes",
+        "RecommendationOptionsMigrationEffort"
       ]
     },
     "ExportableAutoScalingGroupFields":{
@@ -840,7 +1052,16 @@
         "RecommendationOptionsStandardThreeYearNoUpfrontReservedPrice",
         "RecommendationsSourcesRecommendationSourceArn",
         "RecommendationsSourcesRecommendationSourceType",
-        "LastRefreshTimestamp"
+        "LastRefreshTimestamp",
+        "CurrentPerformanceRisk",
+        "RecommendationOptionsSavingsOpportunityPercentage",
+        "RecommendationOptionsEstimatedMonthlySavingsCurrency",
+        "RecommendationOptionsEstimatedMonthlySavingsValue",
+        "EffectiveRecommendationPreferencesCpuVendorArchitectures",
+        "EffectiveRecommendationPreferencesEnhancedInfrastructureMetrics",
+        "EffectiveRecommendationPreferencesInferredWorkloadTypes",
+        "InferredWorkloadTypes",
+        "RecommendationOptionsMigrationEffort"
       ]
     },
     "ExportableInstanceFields":{
@@ -871,7 +1092,11 @@
         "RecommendationOptionsProjectedUtilizationMetricsDurationLowerBound",
         "RecommendationOptionsProjectedUtilizationMetricsDurationUpperBound",
         "RecommendationOptionsProjectedUtilizationMetricsDurationExpected",
-        "LastRefreshTimestamp"
+        "LastRefreshTimestamp",
+        "CurrentPerformanceRisk",
+        "RecommendationOptionsSavingsOpportunityPercentage",
+        "RecommendationOptionsEstimatedMonthlySavingsCurrency",
+        "RecommendationOptionsEstimatedMonthlySavingsValue"
       ]
     },
     "ExportableLambdaFunctionFields":{
@@ -904,7 +1129,11 @@
         "RecommendationOptionsConfigurationVolumeSize",
         "RecommendationOptionsMonthlyPrice",
         "RecommendationOptionsPerformanceRisk",
-        "LastRefreshTimestamp"
+        "LastRefreshTimestamp",
+        "CurrentPerformanceRisk",
+        "RecommendationOptionsSavingsOpportunityPercentage",
+        "RecommendationOptionsEstimatedMonthlySavingsCurrency",
+        "RecommendationOptionsEstimatedMonthlySavingsValue"
       ]
     },
     "ExportableVolumeFields":{
@@ -1148,6 +1377,25 @@
         }
       }
     },
+    "GetEffectiveRecommendationPreferencesRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource for which to confirm effective recommendation preferences. Only EC2 instance and Auto Scaling group ARNs are currently supported.</p>"
+        }
+      }
+    },
+    "GetEffectiveRecommendationPreferencesResponse":{
+      "type":"structure",
+      "members":{
+        "enhancedInfrastructureMetrics":{
+          "shape":"EnhancedInfrastructureMetrics",
+          "documentation":"<p>The status of the enhanced infrastructure metrics recommendation preference. Considers all applicable preferences that you might have set at the resource, account, and organization level.</p> <p>A status of <code>Active</code> confirms that the preference is applied in the latest recommendation refresh, and a status of <code>Inactive</code> confirms that it's not yet applied to recommendations.</p> <p>To validate whether the preference is applied to your last generated set of recommendations, review the <code>effectiveRecommendationPreferences</code> value in the response of the <a>GetAutoScalingGroupRecommendations</a> and <a>GetEC2InstanceRecommendations</a> actions.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        }
+      }
+    },
     "GetEnrollmentStatusRequest":{
       "type":"structure",
       "members":{
@@ -1268,6 +1516,41 @@
       "type":"list",
       "member":{"shape":"GetRecommendationError"}
     },
+    "GetRecommendationPreferencesRequest":{
+      "type":"structure",
+      "required":["resourceType"],
+      "members":{
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The target resource type of the recommendation preference for which to return preferences.</p> <p>The <code>Ec2Instance</code> option encompasses standalone instances and instances that are part of Auto Scaling groups. The <code>AutoScalingGroup</code> option encompasses only instances that are part of an Auto Scaling group.</p>"
+        },
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>An object that describes the scope of the recommendation preference to return.</p> <p>You can return recommendation preferences that are created at the organization level (for management accounts of an organization only), account level, and resource level. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to advance to the next page of recommendation preferences.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of recommendation preferences to return with a single request.</p> <p>To retrieve the remaining results, make another request with the returned <code>nextToken</code> value.</p>"
+        }
+      }
+    },
+    "GetRecommendationPreferencesResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to advance to the next page of recommendation preferences.</p> <p>This value is null when there are no more pages of recommendation preferences to return.</p>"
+        },
+        "recommendationPreferencesDetails":{
+          "shape":"RecommendationPreferencesDetails",
+          "documentation":"<p>An array of objects that describe recommendation preferences.</p>"
+        }
+      }
+    },
     "GetRecommendationSummariesRequest":{
       "type":"structure",
       "members":{
@@ -1298,8 +1581,32 @@
         }
       }
     },
+    "High":{"type":"long"},
     "Identifier":{"type":"string"},
     "IncludeMemberAccounts":{"type":"boolean"},
+    "InferredWorkloadType":{
+      "type":"string",
+      "enum":[
+        "AmazonEmr",
+        "ApacheCassandra",
+        "ApacheHadoop",
+        "Memcached",
+        "Nginx",
+        "PostgreSql",
+        "Redis"
+      ]
+    },
+    "InferredWorkloadTypes":{
+      "type":"list",
+      "member":{"shape":"InferredWorkloadType"}
+    },
+    "InferredWorkloadTypesPreference":{
+      "type":"string",
+      "enum":[
+        "Active",
+        "Inactive"
+      ]
+    },
     "InstanceArn":{"type":"string"},
     "InstanceArns":{
       "type":"list",
@@ -1351,7 +1658,19 @@
         },
         "lastRefreshTimestamp":{
           "shape":"LastRefreshTimestamp",
-          "documentation":"<p>The timestamp of when the instance recommendation was last refreshed.</p>"
+          "documentation":"<p>The timestamp of when the instance recommendation was last generated.</p>"
+        },
+        "currentPerformanceRisk":{
+          "shape":"CurrentPerformanceRisk",
+          "documentation":"<p>The risk of the current instance not meeting the performance needs of its workloads. The higher the risk, the more likely the current instance cannot meet the performance requirements of its workload.</p>"
+        },
+        "effectiveRecommendationPreferences":{
+          "shape":"EffectiveRecommendationPreferences",
+          "documentation":"<p>An object that describes the effective recommendation preferences for the instance.</p>"
+        },
+        "inferredWorkloadTypes":{
+          "shape":"InferredWorkloadTypes",
+          "documentation":"<p>The applications that might be running on the instance as inferred by Compute Optimizer.</p> <p>Compute Optimizer can infer if one of the following applications might be running on the instance:</p> <ul> <li> <p> <code>AmazonEmr</code> - Infers that Amazon EMR might be running on the instance.</p> </li> <li> <p> <code>ApacheCassandra</code> - Infers that Apache Cassandra might be running on the instance.</p> </li> <li> <p> <code>ApacheHadoop</code> - Infers that Apache Hadoop might be running on the instance.</p> </li> <li> <p> <code>Memcached</code> - Infers that Memcached might be running on the instance.</p> </li> <li> <p> <code>NGINX</code> - Infers that NGINX might be running on the instance.</p> </li> <li> <p> <code>PostgreSql</code> - Infers that PostgreSQL might be running on the instance.</p> </li> <li> <p> <code>Redis</code> - Infers that Redis might be running on the instance.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Describes an Amazon EC2 instance recommendation.</p>"
@@ -1403,6 +1722,14 @@
         "rank":{
           "shape":"Rank",
           "documentation":"<p>The rank of the instance recommendation option.</p> <p>The top recommendation option is ranked as <code>1</code>.</p>"
+        },
+        "savingsOpportunity":{
+          "shape":"SavingsOpportunity",
+          "documentation":"<p>An object that describes the savings opportunity for the instance recommendation option. Savings opportunity includes the estimated monthly savings amount and percentage.</p>"
+        },
+        "migrationEffort":{
+          "shape":"MigrationEffort",
+          "documentation":"<p>The level of effort required to migrate from the current instance type to the recommended instance type.</p> <p>For example, the migration effort is <code>Low</code> if Amazon EMR is the inferred workload type and an Amazon Web Services Graviton instance type is recommended. The migration effort is <code>Medium</code> if a workload type couldn't be inferred but an Amazon Web Services Graviton instance type is recommended. The migration effort is <code>VeryLow</code> if both the current and recommended instance types are of the same CPU architecture.</p>"
         }
       },
       "documentation":"<p>Describes a recommendation option for an Amazon EC2 instance.</p>"
@@ -1517,6 +1844,10 @@
         "projectedUtilizationMetrics":{
           "shape":"LambdaFunctionMemoryProjectedMetrics",
           "documentation":"<p>An array of objects that describe the projected utilization metrics of the function recommendation option.</p>"
+        },
+        "savingsOpportunity":{
+          "shape":"SavingsOpportunity",
+          "documentation":"<p>An object that describes the savings opportunity for the Lambda function recommendation option. Savings opportunity includes the estimated monthly savings amount and percentage.</p>"
         }
       },
       "documentation":"<p>Describes a recommendation option for an Lambda function.</p>"
@@ -1572,7 +1903,7 @@
         },
         "lastRefreshTimestamp":{
           "shape":"LastRefreshTimestamp",
-          "documentation":"<p>The timestamp of when the function recommendation was last refreshed.</p>"
+          "documentation":"<p>The timestamp of when the function recommendation was last generated.</p>"
         },
         "finding":{
           "shape":"LambdaFunctionRecommendationFinding",
@@ -1585,6 +1916,10 @@
         "memorySizeRecommendationOptions":{
           "shape":"LambdaFunctionMemoryRecommendationOptions",
           "documentation":"<p>An array of objects that describe the memory configuration recommendation options for the function.</p>"
+        },
+        "currentPerformanceRisk":{
+          "shape":"CurrentPerformanceRisk",
+          "documentation":"<p>The risk of the current Lambda function not meeting the performance needs of its workloads. The higher the risk, the more likely the current Lambda function requires more memory.</p>"
         }
       },
       "documentation":"<p>Describes an Lambda function recommendation.</p>"
@@ -1673,11 +2008,13 @@
       "synthetic":true
     },
     "LookBackPeriodInDays":{"type":"double"},
+    "Low":{"type":"long"},
     "MaxResults":{
       "type":"integer",
       "box":true
     },
     "MaxSize":{"type":"integer"},
+    "Medium":{"type":"long"},
     "MemberAccountsEnrolled":{"type":"boolean"},
     "MemorySize":{"type":"integer"},
     "Message":{"type":"string"},
@@ -1713,6 +2050,15 @@
       "type":"list",
       "member":{"shape":"MetricValue"}
     },
+    "MigrationEffort":{
+      "type":"string",
+      "enum":[
+        "VeryLow",
+        "Low",
+        "Medium",
+        "High"
+      ]
+    },
     "MinSize":{"type":"integer"},
     "MissingAuthenticationToken":{
       "type":"structure",
@@ -1782,6 +2128,33 @@
       "type":"list",
       "member":{"shape":"UtilizationMetric"}
     },
+    "PutRecommendationPreferencesRequest":{
+      "type":"structure",
+      "required":["resourceType"],
+      "members":{
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The target resource type of the recommendation preference to create.</p> <p>The <code>Ec2Instance</code> option encompasses standalone instances and instances that are part of Auto Scaling groups. The <code>AutoScalingGroup</code> option encompasses only instances that are part of an Auto Scaling group.</p>"
+        },
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>An object that describes the scope of the recommendation preference to create.</p> <p>You can create recommendation preferences at the organization level (for management accounts of an organization only), account level, and resource level. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p> <note> <p>You cannot create recommendation preferences for Auto Scaling groups at the organization and account levels. You can create recommendation preferences for Auto Scaling groups only at the resource level by specifying a scope name of <code>ResourceArn</code> and a scope value of the Auto Scaling group Amazon Resource Name (ARN). This will configure the preference for all instances that are part of the specified Auto Scaling group. You also cannot create recommendation preferences at the resource level for instances that are part of an Auto Scaling group. You can create recommendation preferences at the resource level only for standalone instances.</p> </note>"
+        },
+        "enhancedInfrastructureMetrics":{
+          "shape":"EnhancedInfrastructureMetrics",
+          "documentation":"<p>The status of the enhanced infrastructure metrics recommendation preference to create or update.</p> <p>Specify the <code>Active</code> status to activate the preference, or specify <code>Inactive</code> to deactivate the preference.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "inferredWorkloadTypes":{
+          "shape":"InferredWorkloadTypesPreference",
+          "documentation":"<p>The status of the inferred workload types recommendation preference to create or update.</p> <note> <p>The inferred workload type feature is active by default. To deactivate it, create a recommendation preference.</p> </note> <p>Specify the <code>Inactive</code> status to deactivate the feature, or specify <code>Active</code> to activate it.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/inferred-workload-types.html\">Inferred workload types</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        }
+      }
+    },
+    "PutRecommendationPreferencesResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "Rank":{"type":"integer"},
     "ReasonCodeSummaries":{
       "type":"list",
@@ -1843,6 +2216,17 @@
       "type":"list",
       "member":{"shape":"InstanceRecommendationOption"}
     },
+    "RecommendationPreferenceName":{
+      "type":"string",
+      "enum":[
+        "EnhancedInfrastructureMetrics",
+        "InferredWorkloadTypes"
+      ]
+    },
+    "RecommendationPreferenceNames":{
+      "type":"list",
+      "member":{"shape":"RecommendationPreferenceName"}
+    },
     "RecommendationPreferences":{
       "type":"structure",
       "members":{
@@ -1851,7 +2235,33 @@
           "documentation":"<p>Specifies the CPU vendor and architecture for Amazon EC2 instance and Auto Scaling group recommendations.</p> <p>For example, when you specify <code>AWS_ARM64</code> with:</p> <ul> <li> <p>A <a>GetEC2InstanceRecommendations</a> or <a>GetAutoScalingGroupRecommendations</a> request, Compute Optimizer returns recommendations that consist of Graviton2 instance types only.</p> </li> <li> <p>A <a>GetEC2RecommendationProjectedMetrics</a> request, Compute Optimizer returns projected utilization metrics for Graviton2 instance type recommendations only.</p> </li> <li> <p>A <a>ExportEC2InstanceRecommendations</a> or <a>ExportAutoScalingGroupRecommendations</a> request, Compute Optimizer exports recommendations that consist of Graviton2 instance types only.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes preferences for recommendations.</p>"
+      "documentation":"<p>Describes the recommendation preferences to return in the response of a <a>GetAutoScalingGroupRecommendations</a>, <a>GetEC2InstanceRecommendations</a>, and <a>GetEC2RecommendationProjectedMetrics</a> request.</p>"
+    },
+    "RecommendationPreferencesDetail":{
+      "type":"structure",
+      "members":{
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>An object that describes the scope of the recommendation preference.</p> <p>Recommendation preferences can be created at the organization level (for management accounts of an organization only), account level, and resource level. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The target resource type of the recommendation preference to create.</p> <p>The <code>Ec2Instance</code> option encompasses standalone instances and instances that are part of Auto Scaling groups. The <code>AutoScalingGroup</code> option encompasses only instances that are part of an Auto Scaling group.</p>"
+        },
+        "enhancedInfrastructureMetrics":{
+          "shape":"EnhancedInfrastructureMetrics",
+          "documentation":"<p>The status of the enhanced infrastructure metrics recommendation preference.</p> <p>A status of <code>Active</code> confirms that the preference is applied in the latest recommendation refresh, and a status of <code>Inactive</code> confirms that it's not yet applied to recommendations.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p>"
+        },
+        "inferredWorkloadTypes":{
+          "shape":"InferredWorkloadTypesPreference",
+          "documentation":"<p>The status of the inferred workload types recommendation preference.</p> <p>A status of <code>Active</code> confirms that the preference is applied in the latest recommendation refresh. A status of <code>Inactive</code> confirms that it's not yet applied to recommendations.</p>"
+        }
+      },
+      "documentation":"<p>Describes a recommendation preference.</p>"
+    },
+    "RecommendationPreferencesDetails":{
+      "type":"list",
+      "member":{"shape":"RecommendationPreferencesDetail"}
     },
     "RecommendationSource":{
       "type":"structure",
@@ -1894,11 +2304,19 @@
         },
         "recommendationResourceType":{
           "shape":"RecommendationSourceType",
-          "documentation":"<p>The resource type of the recommendation.</p>"
+          "documentation":"<p>The resource type that the recommendation summary applies to.</p>"
         },
         "accountId":{
           "shape":"AccountId",
           "documentation":"<p>The Amazon Web Services account ID of the recommendation summary.</p>"
+        },
+        "savingsOpportunity":{
+          "shape":"SavingsOpportunity",
+          "documentation":"<p>An object that describes the savings opportunity for a given resource type. Savings opportunity includes the estimated monthly savings amount and percentage.</p>"
+        },
+        "currentPerformanceRiskRatings":{
+          "shape":"CurrentPerformanceRiskRatings",
+          "documentation":"<p>An object that describes the performance risk ratings for a given resource type.</p>"
         }
       },
       "documentation":"<p>A summary of a recommendation.</p>"
@@ -1926,6 +2344,7 @@
       "type":"list",
       "member":{"shape":"RecommendedOptionProjectedMetric"}
     },
+    "ResourceArn":{"type":"string"},
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
@@ -1941,7 +2360,8 @@
         "Ec2Instance",
         "AutoScalingGroup",
         "EbsVolume",
-        "LambdaFunction"
+        "LambdaFunction",
+        "NotApplicable"
       ]
     },
     "S3Destination":{
@@ -1976,6 +2396,44 @@
       },
       "documentation":"<p>Describes the destination Amazon Simple Storage Service (Amazon S3) bucket name and key prefix for a recommendations export job.</p> <p>You must create the destination Amazon S3 bucket for your recommendations export before you create the export job. Compute Optimizer does not create the S3 bucket for you. After you create the S3 bucket, ensure that it has the required permission policy to allow Compute Optimizer to write the export file to it. If you plan to specify an object prefix when you create the export job, you must include the object prefix in the policy that you add to the S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/create-s3-bucket-policy-for-compute-optimizer.html\">Amazon S3 Bucket Policy for Compute Optimizer</a> in the <i>Compute Optimizer User Guide</i>.</p>"
     },
+    "SavingsOpportunity":{
+      "type":"structure",
+      "members":{
+        "savingsOpportunityPercentage":{
+          "shape":"SavingsOpportunityPercentage",
+          "documentation":"<p>The estimated monthly savings possible as a percentage of monthly cost by adopting Compute Optimizer recommendations for a given resource.</p>"
+        },
+        "estimatedMonthlySavings":{
+          "shape":"EstimatedMonthlySavings",
+          "documentation":"<p>An object that describes the estimated monthly savings amount possible, based on On-Demand instance pricing, by adopting Compute Optimizer recommendations for a given resource.</p>"
+        }
+      },
+      "documentation":"<p>Describes the savings opportunity for recommendations of a given resource type or for the recommendation option of an individual resource.</p> <p>Savings opportunity represents the estimated monthly savings you can achieve by implementing a given Compute Optimizer recommendation.</p> <important> <p>Savings opportunity data requires that you opt in to Cost Explorer, as well as activate <b>Receive Amazon EC2 resource recommendations</b> in the Cost Explorer preferences page. That creates a connection between Cost Explorer and Compute Optimizer. With this connection, Cost Explorer generates savings estimates considering the price of existing resources, the price of recommended resources, and historical usage data. Estimated monthly savings reflects the projected dollar savings associated with each of the recommendations generated. For more information, see <a href=\"https://docs.aws.amazon.com/cost-management/latest/userguide/ce-enable.html\">Enabling Cost Explorer</a> and <a href=\"https://docs.aws.amazon.com/cost-management/latest/userguide/ce-rightsizing.html\">Optimizing your cost with Rightsizing Recommendations</a> in the <i>Cost Management User Guide</i>.</p> </important>"
+    },
+    "SavingsOpportunityPercentage":{"type":"double"},
+    "Scope":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"ScopeName",
+          "documentation":"<p>The name of the scope.</p> <p>The following scopes are possible:</p> <ul> <li> <p> <code>Organization</code> - Specifies that the recommendation preference applies at the organization level, for all member accounts of an organization.</p> </li> <li> <p> <code>AccountId</code> - Specifies that the recommendation preference applies at the account level, for all resources of a given resource type in an account.</p> </li> <li> <p> <code>ResourceArn</code> - Specifies that the recommendation preference applies at the individual resource level.</p> </li> </ul>"
+        },
+        "value":{
+          "shape":"ScopeValue",
+          "documentation":"<p>The value of the scope.</p> <p>If you specified the <code>name</code> of the scope as:</p> <ul> <li> <p> <code>Organization</code> - The <code>value</code> must be <code>ALL_ACCOUNTS</code>.</p> </li> <li> <p> <code>AccountId</code> - The <code>value</code> must be a 12-digit Amazon Web Services account ID.</p> </li> <li> <p> <code>ResourceArn</code> - The <code>value</code> must be the Amazon Resource Name (ARN) of an EC2 instance or an Auto Scaling group.</p> </li> </ul> <p>Only EC2 instance and Auto Scaling group ARNs are currently supported.</p>"
+        }
+      },
+      "documentation":"<p>Describes the scope of a recommendation preference.</p> <p>Recommendation preferences can be created at the organization level (for management accounts of an organization only), account level, and resource level. For more information, see <a href=\"https://docs.aws.amazon.com/compute-optimizer/latest/ug/enhanced-infrastructure-metrics.html\">Activating enhanced infrastructure metrics</a> in the <i>Compute Optimizer User Guide</i>.</p> <note> <p>You cannot create recommendation preferences for Auto Scaling groups at the organization and account levels. You can create recommendation preferences for Auto Scaling groups only at the resource level by specifying a scope name of <code>ResourceArn</code> and a scope value of the Auto Scaling group Amazon Resource Name (ARN). This will configure the preference for all instances that are part of the specified Auto Scaling group. You also cannot create recommendation preferences at the resource level for instances that are part of an Auto Scaling group. You can create recommendation preferences at the resource level only for standalone instances.</p> </note>"
+    },
+    "ScopeName":{
+      "type":"string",
+      "enum":[
+        "Organization",
+        "AccountId",
+        "ResourceArn"
+      ]
+    },
+    "ScopeValue":{"type":"string"},
     "ServiceUnavailableException":{
       "type":"structure",
       "members":{
@@ -2082,6 +2540,8 @@
       "type":"list",
       "member":{"shape":"UtilizationMetric"}
     },
+    "Value":{"type":"double"},
+    "VeryLow":{"type":"long"},
     "VolumeArn":{"type":"string"},
     "VolumeArns":{
       "type":"list",
@@ -2154,7 +2614,11 @@
         },
         "lastRefreshTimestamp":{
           "shape":"LastRefreshTimestamp",
-          "documentation":"<p>The timestamp of when the volume recommendation was last refreshed.</p>"
+          "documentation":"<p>The timestamp of when the volume recommendation was last generated.</p>"
+        },
+        "currentPerformanceRisk":{
+          "shape":"CurrentPerformanceRisk",
+          "documentation":"<p>The risk of the current EBS volume not meeting the performance needs of its workloads. The higher the risk, the more likely the current EBS volume doesn't have sufficient capacity.</p>"
         }
       },
       "documentation":"<p>Describes an Amazon Elastic Block Store (Amazon EBS) volume recommendation.</p>"
@@ -2173,6 +2637,10 @@
         "rank":{
           "shape":"Rank",
           "documentation":"<p>The rank of the volume recommendation option.</p> <p>The top recommendation option is ranked as <code>1</code>.</p>"
+        },
+        "savingsOpportunity":{
+          "shape":"SavingsOpportunity",
+          "documentation":"<p>An object that describes the savings opportunity for the EBS volume recommendation option. Savings opportunity includes the estimated monthly savings amount and percentage.</p>"
         }
       },
       "documentation":"<p>Describes a recommendation option for an Amazon Elastic Block Store (Amazon EBS) instance.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/config/2014-11-12/service-2.json b/contrib/python/botocore/py3/botocore/data/config/2014-11-12/service-2.json
index 0fe37d7e852..b00ee554908 100644
--- a/contrib/python/botocore/py3/botocore/data/config/2014-11-12/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/config/2014-11-12/service-2.json
@@ -6589,7 +6589,13 @@
         "AWS::EFS::AccessPoint",
         "AWS::EFS::FileSystem",
         "AWS::EKS::Cluster",
-        "AWS::OpenSearch::Domain"
+        "AWS::OpenSearch::Domain",
+        "AWS::EC2::TransitGateway",
+        "AWS::Kinesis::Stream",
+        "AWS::Kinesis::StreamConsumer",
+        "AWS::CodeDeploy::Application",
+        "AWS::CodeDeploy::DeploymentConfig",
+        "AWS::CodeDeploy::DeploymentGroup"
       ]
     },
     "ResourceTypeList":{
diff --git a/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/paginators-1.json b/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/paginators-1.json
index 6e6e4b51328..5e23cb9dcaa 100644
--- a/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/paginators-1.json
@@ -149,6 +149,29 @@
       "limit_key": "MaxResults",
       "output_token": "NextToken",
       "result_key": "Permissions"
+    },
+    "ListContactReferences": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "result_key": "ReferenceSummaryList"
+    },
+    "ListContactFlowModules": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "ContactFlowModulesSummaryList"
+    },
+    "ListDefaultVocabularies": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "DefaultVocabularyList"
+    },
+    "SearchVocabularies": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "VocabularySummaryList"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/service-2.json b/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/service-2.json
index d0bd79dbacd..8e17a3a5e5e 100644
--- a/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/connect/2017-08-08/service-2.json
@@ -49,6 +49,23 @@
       ],
       "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Allows the specified Amazon Connect instance to access the specified Amazon Lex or Amazon Lex V2 bot.</p>"
     },
+    "AssociateDefaultVocabulary":{
+      "name":"AssociateDefaultVocabulary",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/default-vocabulary/{InstanceId}/{LanguageCode}"
+      },
+      "input":{"shape":"AssociateDefaultVocabularyRequest"},
+      "output":{"shape":"AssociateDefaultVocabularyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Associates an existing vocabulary as the default. Contact Lens for Amazon Connect uses the vocabulary in post-call and real-time analysis sessions for the given language.</p>"
+    },
     "AssociateInstanceStorageConfig":{
       "name":"AssociateInstanceStorageConfig",
       "http":{
@@ -194,6 +211,28 @@
       ],
       "documentation":"<p>Creates a contact flow for the specified Amazon Connect instance.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p>"
     },
+    "CreateContactFlowModule":{
+      "name":"CreateContactFlowModule",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/contact-flow-modules/{InstanceId}"
+      },
+      "input":{"shape":"CreateContactFlowModuleRequest"},
+      "output":{"shape":"CreateContactFlowModuleResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidContactFlowModuleException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"DuplicateResourceException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"IdempotencyException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Creates a contact flow module for the specified Amazon Connect instance. </p>"
+    },
     "CreateHoursOfOperation":{
       "name":"CreateHoursOfOperation",
       "http":{
@@ -211,7 +250,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Creates hours of operation. </p>"
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Creates hours of operation. </p>"
     },
     "CreateInstance":{
       "name":"CreateInstance",
@@ -378,6 +417,60 @@
       ],
       "documentation":"<p>Creates a new user hierarchy group.</p>"
     },
+    "CreateVocabulary":{
+      "name":"CreateVocabulary",
+      "http":{
+        "method":"POST",
+        "requestUri":"/vocabulary/{InstanceId}"
+      },
+      "input":{"shape":"CreateVocabularyRequest"},
+      "output":{"shape":"CreateVocabularyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Creates a custom vocabulary associated with your Amazon Connect instance. You can set a custom vocabulary to be your default vocabulary for a given language. Contact Lens for Amazon Connect uses the default vocabulary in post-call and real-time contact analysis sessions for that language.</p>"
+    },
+    "DeleteContactFlow":{
+      "name":"DeleteContactFlow",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/contact-flows/{InstanceId}/{ContactFlowId}"
+      },
+      "input":{"shape":"DeleteContactFlowRequest"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Deletes a contact flow for the specified Amazon Connect instance.</p>"
+    },
+    "DeleteContactFlowModule":{
+      "name":"DeleteContactFlowModule",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}"
+      },
+      "input":{"shape":"DeleteContactFlowModuleRequest"},
+      "output":{"shape":"DeleteContactFlowModuleResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Deletes the specified contact flow module.</p>"
+    },
     "DeleteHoursOfOperation":{
       "name":"DeleteHoursOfOperation",
       "http":{
@@ -392,7 +485,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Deletes an hours of operation.</p>"
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Deletes an hours of operation.</p>"
     },
     "DeleteInstance":{
       "name":"DeleteInstance",
@@ -505,6 +598,24 @@
       ],
       "documentation":"<p>Deletes an existing user hierarchy group. It must not be associated with any agents or have any active child groups.</p>"
     },
+    "DeleteVocabulary":{
+      "name":"DeleteVocabulary",
+      "http":{
+        "method":"POST",
+        "requestUri":"/vocabulary-remove/{InstanceId}/{VocabularyId}"
+      },
+      "input":{"shape":"DeleteVocabularyRequest"},
+      "output":{"shape":"DeleteVocabularyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Deletes the vocabulary that has the given identifier.</p>"
+    },
     "DescribeAgentStatus":{
       "name":"DescribeAgentStatus",
       "http":{
@@ -522,6 +633,23 @@
       ],
       "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Describes an agent status.</p>"
     },
+    "DescribeContact":{
+      "name":"DescribeContact",
+      "http":{
+        "method":"GET",
+        "requestUri":"/contacts/{InstanceId}/{ContactId}"
+      },
+      "input":{"shape":"DescribeContactRequest"},
+      "output":{"shape":"DescribeContactResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Describes the specified contact. </p> <important> <p>Contact information remains available in Amazon Connect for 24 months, and then it is deleted.</p> </important>"
+    },
     "DescribeContactFlow":{
       "name":"DescribeContactFlow",
       "http":{
@@ -540,6 +668,24 @@
       ],
       "documentation":"<p>Describes the specified contact flow.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p>"
     },
+    "DescribeContactFlowModule":{
+      "name":"DescribeContactFlowModule",
+      "http":{
+        "method":"GET",
+        "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}"
+      },
+      "input":{"shape":"DescribeContactFlowModuleRequest"},
+      "output":{"shape":"DescribeContactFlowModuleResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Describes the specified contact flow module.</p>"
+    },
     "DescribeHoursOfOperation":{
       "name":"DescribeHoursOfOperation",
       "http":{
@@ -555,7 +701,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Describes the hours of operation.</p>"
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Describes the hours of operation.</p>"
     },
     "DescribeInstance":{
       "name":"DescribeInstance",
@@ -725,6 +871,23 @@
       ],
       "documentation":"<p>Describes the hierarchy structure of the specified Amazon Connect instance.</p>"
     },
+    "DescribeVocabulary":{
+      "name":"DescribeVocabulary",
+      "http":{
+        "method":"GET",
+        "requestUri":"/vocabulary/{InstanceId}/{VocabularyId}"
+      },
+      "input":{"shape":"DescribeVocabularyRequest"},
+      "output":{"shape":"DescribeVocabularyResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes the specified vocabulary.</p>"
+    },
     "DisassociateApprovedOrigin":{
       "name":"DisassociateApprovedOrigin",
       "http":{
@@ -969,6 +1132,24 @@
       ],
       "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>For the specified version of Amazon Lex, returns a paginated list of all the Amazon Lex bots currently associated with the instance. </p>"
     },
+    "ListContactFlowModules":{
+      "name":"ListContactFlowModules",
+      "http":{
+        "method":"GET",
+        "requestUri":"/contact-flow-modules-summary/{InstanceId}"
+      },
+      "input":{"shape":"ListContactFlowModulesRequest"},
+      "output":{"shape":"ListContactFlowModulesResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Provides information about the contact flow modules for the specified Amazon Connect instance.</p>"
+    },
     "ListContactFlows":{
       "name":"ListContactFlows",
       "http":{
@@ -986,6 +1167,39 @@
       ],
       "documentation":"<p>Provides information about the contact flows for the specified Amazon Connect instance.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p> <p>For more information about contact flows, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/concepts-contact-flows.html\">Contact Flows</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
     },
+    "ListContactReferences":{
+      "name":"ListContactReferences",
+      "http":{
+        "method":"GET",
+        "requestUri":"/contact/references/{InstanceId}/{ContactId}"
+      },
+      "input":{"shape":"ListContactReferencesRequest"},
+      "output":{"shape":"ListContactReferencesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>For the specified <code>referenceTypes</code>, returns a list of references associated with the contact. </p>"
+    },
+    "ListDefaultVocabularies":{
+      "name":"ListDefaultVocabularies",
+      "http":{
+        "method":"POST",
+        "requestUri":"/default-vocabulary-summary/{InstanceId}"
+      },
+      "input":{"shape":"ListDefaultVocabulariesRequest"},
+      "output":{"shape":"ListDefaultVocabulariesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the default vocabularies for the specified Amazon Connect instance.</p>"
+    },
     "ListHoursOfOperations":{
       "name":"ListHoursOfOperations",
       "http":{
@@ -1269,7 +1483,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Provides summary information about the security profiles for the specified Amazon Connect instance.</p> <p>For more information about security profiles, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html\">Security Profiles</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
+      "documentation":"<p>Provides summary information about the security profiles for the specified Amazon Connect instance.</p> <p>For more information about security profiles, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html\">Security Profiles</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -1353,6 +1567,22 @@
       ],
       "documentation":"<p>When a contact is being recorded, and the recording has been suspended using SuspendContactRecording, this API resumes recording the call.</p> <p>Only voice recordings are supported at this time.</p>"
     },
+    "SearchVocabularies":{
+      "name":"SearchVocabularies",
+      "http":{
+        "method":"POST",
+        "requestUri":"/vocabulary-summary/{InstanceId}"
+      },
+      "input":{"shape":"SearchVocabulariesRequest"},
+      "output":{"shape":"SearchVocabulariesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Searches for vocabularies within a specific Amazon Connect instance using <code>State</code>, <code>NameStartsWith</code>, and <code>LanguageCode</code>.</p>"
+    },
     "StartChatContact":{
       "name":"StartChatContact",
       "http":{
@@ -1368,7 +1598,7 @@
         {"shape":"InternalServiceException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Initiates a contact flow to start a new chat for the customer. Response of this API provides a token required to obtain credentials from the <a href=\"https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_CreateParticipantConnection.html\">CreateParticipantConnection</a> API in the Amazon Connect Participant Service.</p> <p>When a new chat contact is successfully created, clients must subscribe to the participant’s connection for the created chat within 5 minutes. This is achieved by invoking <a href=\"https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_CreateParticipantConnection.html\">CreateParticipantConnection</a> with WEBSOCKET and CONNECTION_CREDENTIALS. </p> <p>A 429 error occurs in two situations:</p> <ul> <li> <p>API rate limit is exceeded. API TPS throttling returns a <code>TooManyRequests</code> exception.</p> </li> <li> <p>The <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-service-limits.html\">quota for concurrent active chats</a> is exceeded. Active chat throttling returns a <code>LimitExceededException</code>.</p> </li> </ul> <p>For more information about chat, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/chat.html\">Chat</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
+      "documentation":"<p>Initiates a contact flow to start a new chat for the customer. Response of this API provides a token required to obtain credentials from the <a href=\"https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_CreateParticipantConnection.html\">CreateParticipantConnection</a> API in the Amazon Connect Participant Service.</p> <p>When a new chat contact is successfully created, clients must subscribe to the participant’s connection for the created chat within 5 minutes. This is achieved by invoking <a href=\"https://docs.aws.amazon.com/connect-participant/latest/APIReference/API_CreateParticipantConnection.html\">CreateParticipantConnection</a> with WEBSOCKET and CONNECTION_CREDENTIALS. </p> <p>A 429 error occurs in the following situations:</p> <ul> <li> <p>API rate limit is exceeded. API TPS throttling returns a <code>TooManyRequests</code> exception.</p> </li> <li> <p>The <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-service-limits.html\">quota for concurrent active chats</a> is exceeded. Active chat throttling returns a <code>LimitExceededException</code>.</p> </li> </ul> <p>If you use the <code>ChatDurationInMinutes</code> parameter and receive a 400 error, your account may not support the ability to configure custom chat durations. For more information, contact Amazon Web Services Support. </p> <p>For more information about chat, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/chat.html\">Chat</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
     },
     "StartContactRecording":{
       "name":"StartContactRecording",
@@ -1553,6 +1783,23 @@
       ],
       "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Updates agent status.</p>"
     },
+    "UpdateContact":{
+      "name":"UpdateContact",
+      "http":{
+        "method":"POST",
+        "requestUri":"/contacts/{InstanceId}/{ContactId}"
+      },
+      "input":{"shape":"UpdateContactRequest"},
+      "output":{"shape":"UpdateContactResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Adds or updates user-defined contact information associated with the specified contact. At least one field to be updated must be present in the request.</p> <important> <p>You can add or update user-defined contact information for both ongoing and completed contacts.</p> </important>"
+    },
     "UpdateContactAttributes":{
       "name":"UpdateContactAttributes",
       "http":{
@@ -1586,6 +1833,60 @@
       ],
       "documentation":"<p>Updates the specified contact flow.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p>"
     },
+    "UpdateContactFlowMetadata":{
+      "name":"UpdateContactFlowMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/contact-flows/{InstanceId}/{ContactFlowId}/metadata"
+      },
+      "input":{"shape":"UpdateContactFlowMetadataRequest"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"DuplicateResourceException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Updates metadata about specified contact flow.</p>"
+    },
+    "UpdateContactFlowModuleContent":{
+      "name":"UpdateContactFlowModuleContent",
+      "http":{
+        "method":"POST",
+        "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/content"
+      },
+      "input":{"shape":"UpdateContactFlowModuleContentRequest"},
+      "output":{"shape":"UpdateContactFlowModuleContentResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidContactFlowModuleException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Updates specified contact flow module for the specified Amazon Connect instance. </p>"
+    },
+    "UpdateContactFlowModuleMetadata":{
+      "name":"UpdateContactFlowModuleMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/metadata"
+      },
+      "input":{"shape":"UpdateContactFlowModuleMetadataRequest"},
+      "output":{"shape":"UpdateContactFlowModuleMetadataResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"DuplicateResourceException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Updates metadata about specified contact flow module.</p>"
+    },
     "UpdateContactFlowName":{
       "name":"UpdateContactFlowName",
       "http":{
@@ -1603,6 +1904,24 @@
       ],
       "documentation":"<p>The name of the contact flow.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p>"
     },
+    "UpdateContactSchedule":{
+      "name":"UpdateContactSchedule",
+      "http":{
+        "method":"POST",
+        "requestUri":"/contact/schedule"
+      },
+      "input":{"shape":"UpdateContactScheduleRequest"},
+      "output":{"shape":"UpdateContactScheduleResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Updates the scheduled time of a task contact that is already scheduled.</p>"
+    },
     "UpdateHoursOfOperation":{
       "name":"UpdateHoursOfOperation",
       "http":{
@@ -1618,7 +1937,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Updates the hours of operation.</p>"
+      "documentation":"<p>This API is in preview release for Amazon Connect and is subject to change.</p> <p>Updates the hours of operation.</p>"
     },
     "UpdateInstanceAttribute":{
       "name":"UpdateInstanceAttribute",
@@ -1968,7 +2287,7 @@
       "members":{
         "Message":{"shape":"Message"}
       },
-      "documentation":"<p>You do not have sufficient access to perform this action.</p>",
+      "documentation":"<p>You do not have sufficient permissions to perform this action.</p>",
       "error":{"httpStatusCode":403},
       "exception":true
     },
@@ -1981,11 +2300,30 @@
       "max":100,
       "min":1
     },
+    "AgentInfo":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"AgentResourceId",
+          "documentation":"<p>The identifier of the agent who accepted the contact.</p>"
+        },
+        "ConnectedToAgentTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp when the contact was connected to the agent.</p>"
+        }
+      },
+      "documentation":"<p>Information about the agent who accepted the contact.</p>"
+    },
     "AgentLastName":{
       "type":"string",
       "max":100,
       "min":1
     },
+    "AgentResourceId":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
     "AgentStatus":{
       "type":"structure",
       "members":{
@@ -2146,6 +2484,36 @@
         }
       }
     },
+    "AssociateDefaultVocabularyRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "LanguageCode"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>",
+          "location":"uri",
+          "locationName":"LanguageCode"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary. If this is empty, the default is set to none.</p>"
+        }
+      }
+    },
+    "AssociateDefaultVocabularyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "AssociateInstanceStorageConfigRequest":{
       "type":"structure",
       "required":[
@@ -2302,6 +2670,24 @@
       "max":100,
       "min":1
     },
+    "AttachmentReference":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ReferenceKey",
+          "documentation":"<p>Identifier of the attachment reference.</p>"
+        },
+        "Value":{
+          "shape":"ReferenceValue",
+          "documentation":"<p>Contains the location path of the attachment reference.</p>"
+        },
+        "Status":{
+          "shape":"ReferenceStatus",
+          "documentation":"<p>Status of an attachment reference type.</p>"
+        }
+      },
+      "documentation":"<p>Information about the attachment reference if the <code>referenceType</code> is <code>ATTACHMENT</code>. Otherwise, null.</p>"
+    },
     "Attribute":{
       "type":"structure",
       "members":{
@@ -2362,7 +2748,7 @@
     "Channels":{
       "type":"list",
       "member":{"shape":"Channel"},
-      "max":1
+      "max":3
     },
     "ChatContent":{
       "type":"string",
@@ -2374,6 +2760,11 @@
       "max":100,
       "min":1
     },
+    "ChatDurationInMinutes":{
+      "type":"integer",
+      "max":10080,
+      "min":60
+    },
     "ChatMessage":{
       "type":"structure",
       "required":[
@@ -2426,6 +2817,68 @@
       "max":10,
       "min":1
     },
+    "Contact":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the contact.</p>"
+        },
+        "Id":{
+          "shape":"ContactId",
+          "documentation":"<p>The identifier for the contact.</p>"
+        },
+        "InitialContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>If this contact is related to other contacts, this is the ID of the initial contact.</p>"
+        },
+        "PreviousContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>If this contact is not the first contact, this is the ID of the previous contact.</p>"
+        },
+        "InitiationMethod":{
+          "shape":"ContactInitiationMethod",
+          "documentation":"<p>Indicates how the contact was initiated.</p>"
+        },
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the contact.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the contact.</p>"
+        },
+        "Channel":{
+          "shape":"Channel",
+          "documentation":"<p>How the contact reached your contact center.</p>"
+        },
+        "QueueInfo":{
+          "shape":"QueueInfo",
+          "documentation":"<p>If this contact was queued, this contains information about the queue. </p>"
+        },
+        "AgentInfo":{
+          "shape":"AgentInfo",
+          "documentation":"<p>Information about the agent who accepted the contact.</p>"
+        },
+        "InitiationTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The date and time this contact was initiated, in UTC time. For <code>INBOUND</code>, this is when the contact arrived. For <code>OUTBOUND</code>, this is when the agent began dialing. For <code>CALLBACK</code>, this is when the callback contact was created. For <code>TRANSFER</code> and <code>QUEUE_TRANSFER</code>, this is when the transfer was initiated. For <code>API</code>, this is when the request arrived.</p>"
+        },
+        "DisconnectTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp when the customer endpoint disconnected from Amazon Connect.</p>"
+        },
+        "LastUpdateTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp when contact was last updated.</p>"
+        },
+        "ScheduledTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp, in Unix epoch time format, at which to start running the inbound flow. </p>"
+        }
+      },
+      "documentation":"<p>Contains information about a contact.</p>"
+    },
     "ContactFlow":{
       "type":"structure",
       "members":{
@@ -2445,6 +2898,10 @@
           "shape":"ContactFlowType",
           "documentation":"<p>The type of the contact flow. For descriptions of the available types, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/create-contact-flow.html#contact-flow-types\">Choose a Contact Flow Type</a> in the <i>Amazon Connect Administrator Guide</i>.</p>"
         },
+        "State":{
+          "shape":"ContactFlowState",
+          "documentation":"<p>The type of contact flow.</p>"
+        },
         "Description":{
           "shape":"ContactFlowDescription",
           "documentation":"<p>The description of the contact flow.</p>"
@@ -2466,6 +2923,106 @@
       "type":"string",
       "max":500
     },
+    "ContactFlowModule":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
+        },
+        "Id":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>"
+        },
+        "Name":{
+          "shape":"ContactFlowModuleName",
+          "documentation":"<p>The name of the contact flow module.</p>"
+        },
+        "Content":{
+          "shape":"ContactFlowModuleContent",
+          "documentation":"<p>The content of the contact flow module.</p>"
+        },
+        "Description":{
+          "shape":"ContactFlowModuleDescription",
+          "documentation":"<p>The description of the contact flow module.</p>"
+        },
+        "State":{
+          "shape":"ContactFlowModuleState",
+          "documentation":"<p>The type of contact flow module.</p>"
+        },
+        "Status":{
+          "shape":"ContactFlowModuleStatus",
+          "documentation":"<p>The status of the contact flow module.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about a contact flow module.</p>"
+    },
+    "ContactFlowModuleContent":{
+      "type":"string",
+      "max":256000,
+      "min":1
+    },
+    "ContactFlowModuleDescription":{
+      "type":"string",
+      "max":500,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "ContactFlowModuleId":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
+    "ContactFlowModuleName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "ContactFlowModuleState":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "ARCHIVED"
+      ]
+    },
+    "ContactFlowModuleStatus":{
+      "type":"string",
+      "enum":[
+        "PUBLISHED",
+        "SAVED"
+      ]
+    },
+    "ContactFlowModuleSummary":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>"
+        },
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the contact flow module.</p>"
+        },
+        "Name":{
+          "shape":"ContactFlowModuleName",
+          "documentation":"<p>The name of the contact flow module.</p>"
+        },
+        "State":{
+          "shape":"ContactFlowModuleState",
+          "documentation":"<p>The type of contact flow module.</p>"
+        }
+      },
+      "documentation":"<p>Contains summary information about a contact flow.</p>"
+    },
+    "ContactFlowModulesSummaryList":{
+      "type":"list",
+      "member":{"shape":"ContactFlowModuleSummary"}
+    },
     "ContactFlowName":{
       "type":"string",
       "min":1
@@ -2479,6 +3036,13 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "ContactFlowState":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "ARCHIVED"
+      ]
+    },
     "ContactFlowSummary":{
       "type":"structure",
       "members":{
@@ -2497,6 +3061,10 @@
         "ContactFlowType":{
           "shape":"ContactFlowType",
           "documentation":"<p>The type of contact flow.</p>"
+        },
+        "ContactFlowState":{
+          "shape":"ContactFlowState",
+          "documentation":"<p>The type of contact flow.</p>"
         }
       },
       "documentation":"<p>Contains summary information about a contact flow.</p> <p>You can also create and update contact flows using the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/flow-language.html\">Amazon Connect Flow language</a>.</p>"
@@ -2529,6 +3097,17 @@
       "max":256,
       "min":1
     },
+    "ContactInitiationMethod":{
+      "type":"string",
+      "enum":[
+        "INBOUND",
+        "OUTBOUND",
+        "TRANSFER",
+        "QUEUE_TRANSFER",
+        "CALLBACK",
+        "API"
+      ]
+    },
     "ContactNotFoundException":{
       "type":"structure",
       "members":{
@@ -2596,6 +3175,56 @@
         }
       }
     },
+    "CreateContactFlowModuleRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "Name",
+        "Content"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "Name":{
+          "shape":"ContactFlowModuleName",
+          "documentation":"<p>The name of the contact flow module.</p>"
+        },
+        "Description":{
+          "shape":"ContactFlowModuleDescription",
+          "documentation":"<p>The description of the contact flow module. </p>"
+        },
+        "Content":{
+          "shape":"ContactFlowModuleContent",
+          "documentation":"<p>The content of the contact flow module.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateContactFlowModuleResponse":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>"
+        },
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the contact flow module.</p>"
+        }
+      }
+    },
     "CreateContactFlowRequest":{
       "type":"structure",
       "required":[
@@ -3061,6 +3690,10 @@
           "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
           "location":"uri",
           "locationName":"InstanceId"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
         }
       }
     },
@@ -3144,6 +3777,66 @@
         }
       }
     },
+    "CreateVocabularyRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "VocabularyName",
+        "LanguageCode",
+        "Content"
+      ],
+      "members":{
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If a create request is received more than once with same client token, subsequent requests return the previous response without creating a vocabulary again.</p>",
+          "idempotencyToken":true
+        },
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "VocabularyName":{
+          "shape":"VocabularyName",
+          "documentation":"<p>A unique name of the custom vocabulary.</p>"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        },
+        "Content":{
+          "shape":"VocabularyContent",
+          "documentation":"<p>The content of the custom vocabulary in plain-text format with a table of values. Each row in the table represents a word or a phrase, described with <code>Phrase</code>, <code>IPA</code>, <code>SoundsLike</code>, and <code>DisplayAs</code> fields. Separate the fields with TAB characters. The size limit is 50KB. For more information, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/custom-vocabulary.html#create-vocabulary-table\">Create a custom vocabulary using a table</a>.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        }
+      }
+    },
+    "CreateVocabularyResponse":{
+      "type":"structure",
+      "required":[
+        "VocabularyArn",
+        "VocabularyId",
+        "State"
+      ],
+      "members":{
+        "VocabularyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom vocabulary.</p>"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>"
+        },
+        "State":{
+          "shape":"VocabularyState",
+          "documentation":"<p>The current state of the custom vocabulary.</p>"
+        }
+      }
+    },
     "Credentials":{
       "type":"structure",
       "members":{
@@ -3240,11 +3933,90 @@
       "type":"list",
       "member":{"shape":"CurrentMetric"}
     },
+    "DefaultVocabulary":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "LanguageCode",
+        "VocabularyId",
+        "VocabularyName"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>"
+        },
+        "VocabularyName":{
+          "shape":"VocabularyName",
+          "documentation":"<p>A unique name of the custom vocabulary.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about a default vocabulary.</p>"
+    },
+    "DefaultVocabularyList":{
+      "type":"list",
+      "member":{"shape":"DefaultVocabulary"}
+    },
     "Delay":{
       "type":"integer",
       "max":9999,
       "min":0
     },
+    "DeleteContactFlowModuleRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowModuleId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowModuleId":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowModuleId"
+        }
+      }
+    },
+    "DeleteContactFlowModuleResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteContactFlowRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowId":{
+          "shape":"ContactFlowId",
+          "documentation":"<p>The identifier of the contact flow.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowId"
+        }
+      }
+    },
     "DeleteHoursOfOperationRequest":{
       "type":"structure",
       "required":[
@@ -3411,6 +4183,49 @@
         }
       }
     },
+    "DeleteVocabularyRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "VocabularyId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>",
+          "location":"uri",
+          "locationName":"VocabularyId"
+        }
+      }
+    },
+    "DeleteVocabularyResponse":{
+      "type":"structure",
+      "required":[
+        "VocabularyArn",
+        "VocabularyId",
+        "State"
+      ],
+      "members":{
+        "VocabularyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom vocabulary.</p>"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>"
+        },
+        "State":{
+          "shape":"VocabularyState",
+          "documentation":"<p>The current state of the custom vocabulary.</p>"
+        }
+      }
+    },
     "DescribeAgentStatusRequest":{
       "type":"structure",
       "required":[
@@ -3441,6 +4256,36 @@
         }
       }
     },
+    "DescribeContactFlowModuleRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowModuleId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowModuleId":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowModuleId"
+        }
+      }
+    },
+    "DescribeContactFlowModuleResponse":{
+      "type":"structure",
+      "members":{
+        "ContactFlowModule":{
+          "shape":"ContactFlowModule",
+          "documentation":"<p>Information about the contact flow module.</p>"
+        }
+      }
+    },
     "DescribeContactFlowRequest":{
       "type":"structure",
       "required":[
@@ -3471,6 +4316,36 @@
         }
       }
     },
+    "DescribeContactRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>The identifier of the contact.</p>",
+          "location":"uri",
+          "locationName":"ContactId"
+        }
+      }
+    },
+    "DescribeContactResponse":{
+      "type":"structure",
+      "members":{
+        "Contact":{
+          "shape":"Contact",
+          "documentation":"<p>Information about the contact.</p>"
+        }
+      }
+    },
     "DescribeHoursOfOperationRequest":{
       "type":"structure",
       "required":[
@@ -3790,6 +4665,37 @@
         }
       }
     },
+    "DescribeVocabularyRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "VocabularyId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "VocabularyId":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>",
+          "location":"uri",
+          "locationName":"VocabularyId"
+        }
+      }
+    },
+    "DescribeVocabularyResponse":{
+      "type":"structure",
+      "required":["Vocabulary"],
+      "members":{
+        "Vocabulary":{
+          "shape":"Vocabulary",
+          "documentation":"<p>A list of specific words that you want Contact Lens for Amazon Connect to recognize in your audio input. They are generally domain-specific words and phrases, words that Contact Lens is not recognizing, or proper nouns.</p>"
+        }
+      }
+    },
     "Description":{
       "type":"string",
       "max":4096,
@@ -4073,7 +4979,7 @@
       "members":{
         "Queues":{
           "shape":"Queues",
-          "documentation":"<p>The queues to use to filter the metrics. You can specify up to 100 queues per request.</p>"
+          "documentation":"<p>The queues to use to filter the metrics. You should specify at least one queue, and can specify up to 100 queues per request. The <code>GetCurrentMetricsData</code> API in particular requires a queue when you include a <code>Filter</code> in your request. </p>"
         },
         "Channels":{
           "shape":"Channels",
@@ -4290,6 +5196,10 @@
         "HierarchyPath":{
           "shape":"HierarchyPath",
           "documentation":"<p>Information about the levels in the hierarchy group.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
         }
       },
       "documentation":"<p>Contains information about a hierarchy group.</p>"
@@ -4656,6 +5566,15 @@
       },
       "documentation":"<p>The start time or end time for an hours of operation.</p>"
     },
+    "IdempotencyException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"Message"}
+      },
+      "documentation":"<p>An entity with the same name already exists.</p>",
+      "error":{"httpStatusCode":409},
+      "exception":true
+    },
     "InboundCallsEnabled":{"type":"boolean"},
     "Instance":{
       "type":"structure",
@@ -4916,6 +5835,15 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "InvalidContactFlowModuleException":{
+      "type":"structure",
+      "members":{
+        "Problems":{"shape":"Problems"}
+      },
+      "documentation":"<p>The problems with the module. Please fix before trying again.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
     "InvalidParameterException":{
       "type":"structure",
       "members":{
@@ -5185,6 +6113,50 @@
         }
       }
     },
+    "ListContactFlowModulesRequest":{
+      "type":"structure",
+      "required":["InstanceId"],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResult1000",
+          "documentation":"<p>The maximum number of results to return per page.</p>",
+          "box":true,
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "ContactFlowModuleState":{
+          "shape":"ContactFlowModuleState",
+          "documentation":"<p>The state of the contact flow module.</p>",
+          "location":"querystring",
+          "locationName":"state"
+        }
+      }
+    },
+    "ListContactFlowModulesResponse":{
+      "type":"structure",
+      "members":{
+        "ContactFlowModulesSummaryList":{
+          "shape":"ContactFlowModulesSummaryList",
+          "documentation":"<p>Information about the contact flow module.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If there are additional results, this is the token for the next set of results.</p>"
+        }
+      }
+    },
     "ListContactFlowsRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -5228,6 +6200,91 @@
         }
       }
     },
+    "ListContactReferencesRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactId",
+        "ReferenceTypes"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>The identifier of the initial contact.</p>",
+          "location":"uri",
+          "locationName":"ContactId"
+        },
+        "ReferenceTypes":{
+          "shape":"ReferenceTypes",
+          "documentation":"<p>The type of reference.</p>",
+          "location":"querystring",
+          "locationName":"referenceTypes"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.</p> <important> <p>This is not expected to be set, because the value returned in the previous response is always null.</p> </important>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListContactReferencesResponse":{
+      "type":"structure",
+      "members":{
+        "ReferenceSummaryList":{
+          "shape":"ReferenceSummaryList",
+          "documentation":"<p>Information about the contact flows.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If there are additional results, this is the token for the next set of results.</p> <important> <p>This is always returned as null in the response.</p> </important>"
+        }
+      }
+    },
+    "ListDefaultVocabulariesRequest":{
+      "type":"structure",
+      "required":["InstanceId"],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResult100",
+          "documentation":"<p>The maximum number of results to return per page.</p>"
+        },
+        "NextToken":{
+          "shape":"VocabularyNextToken",
+          "documentation":"<p>The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.</p>"
+        }
+      }
+    },
+    "ListDefaultVocabulariesResponse":{
+      "type":"structure",
+      "required":["DefaultVocabularyList"],
+      "members":{
+        "DefaultVocabularyList":{
+          "shape":"DefaultVocabularyList",
+          "documentation":"<p>A list of default vocabularies.</p>"
+        },
+        "NextToken":{
+          "shape":"VocabularyNextToken",
+          "documentation":"<p>If there are additional results, this is the token for the next set of results.</p>"
+        }
+      }
+    },
     "ListHoursOfOperationsRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -5393,7 +6450,7 @@
         },
         "IntegrationType":{
           "shape":"IntegrationType",
-          "documentation":"<p>The type of integration.</p>",
+          "documentation":"<p>The integration type.</p>",
           "location":"querystring",
           "locationName":"integrationType"
         },
@@ -5455,7 +6512,7 @@
       "members":{
         "LambdaFunctions":{
           "shape":"FunctionArnsList",
-          "documentation":"<p>The Lambda function ARNs associated with the specified instance.</p>"
+          "documentation":"<p>The Lambdafunction ARNs associated with the specified instance.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -6639,6 +7696,20 @@
       "min":1
     },
     "QueueId":{"type":"string"},
+    "QueueInfo":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"QueueId",
+          "documentation":"<p>The identifier of the agent who accepted the contact.</p>"
+        },
+        "EnqueueTimestamp":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp when the contact was added to the queue.</p>"
+        }
+      },
+      "documentation":"<p>If this contact was queued, this contains information about the queue. </p>"
+    },
     "QueueMaxContacts":{
       "type":"integer",
       "min":0
@@ -6849,11 +7920,11 @@
       "members":{
         "Value":{
           "shape":"ReferenceValue",
-          "documentation":"<p>A formatted URL that displays to an agent in the Contact Control Panel (CCP)</p>"
+          "documentation":"<p>A valid value for the reference. For example, for a URL reference, a formatted URL that is displayed to an agent in the Contact Control Panel (CCP).</p>"
         },
         "Type":{
           "shape":"ReferenceType",
-          "documentation":"<p>A valid URL.</p>"
+          "documentation":"<p>The type of the reference. Only <code>URL</code> type can be added or updated on a contact.</p>"
         }
       },
       "documentation":"<p>A link that an agent selects to complete a given task. You can have up to 4,096 UTF-8 bytes across all references for a contact.</p>"
@@ -6863,9 +7934,43 @@
       "max":4096,
       "min":1
     },
+    "ReferenceStatus":{
+      "type":"string",
+      "enum":[
+        "APPROVED",
+        "REJECTED"
+      ]
+    },
+    "ReferenceSummary":{
+      "type":"structure",
+      "members":{
+        "Url":{
+          "shape":"UrlReference",
+          "documentation":"<p>Information about the URL reference if the <code>referenceType</code> is <code>URL</code>. Otherwise, null.</p>"
+        },
+        "Attachment":{
+          "shape":"AttachmentReference",
+          "documentation":"<p>Information about the attachment reference if the <code>referenceType</code> is <code>ATTACHMENT</code>. Otherwise, null.</p>"
+        }
+      },
+      "documentation":"<p>Contains summary information about a reference. <code>ReferenceSummary</code> contains only one non null field between the URL and attachment based on the reference type.</p>",
+      "union":true
+    },
+    "ReferenceSummaryList":{
+      "type":"list",
+      "member":{"shape":"ReferenceSummary"}
+    },
     "ReferenceType":{
       "type":"string",
-      "enum":["URL"]
+      "enum":[
+        "URL",
+        "ATTACHMENT"
+      ]
+    },
+    "ReferenceTypes":{
+      "type":"list",
+      "member":{"shape":"ReferenceType"},
+      "max":2
     },
     "ReferenceValue":{
       "type":"string",
@@ -7137,6 +8242,51 @@
       },
       "documentation":"<p>Information about the Amazon Simple Storage Service (Amazon S3) storage type.</p>"
     },
+    "SearchVocabulariesRequest":{
+      "type":"structure",
+      "required":["InstanceId"],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "MaxResults":{
+          "shape":"MaxResult100",
+          "documentation":"<p>The maximum number of results to return per page.</p>"
+        },
+        "NextToken":{
+          "shape":"VocabularyNextToken",
+          "documentation":"<p>The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.</p>"
+        },
+        "State":{
+          "shape":"VocabularyState",
+          "documentation":"<p>The current state of the custom vocabulary.</p>"
+        },
+        "NameStartsWith":{
+          "shape":"VocabularyName",
+          "documentation":"<p>The starting pattern of the name of the vocabulary.</p>"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        }
+      }
+    },
+    "SearchVocabulariesResponse":{
+      "type":"structure",
+      "members":{
+        "VocabularySummaryList":{
+          "shape":"VocabularySummaryList",
+          "documentation":"<p>The list of the available custom vocabularies.</p>"
+        },
+        "NextToken":{
+          "shape":"VocabularyNextToken",
+          "documentation":"<p>If there are additional results, this is the token for the next set of results.</p>"
+        }
+      }
+    },
     "SecurityKey":{
       "type":"structure",
       "members":{
@@ -7286,6 +8436,10 @@
           "shape":"ClientToken",
           "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
           "idempotencyToken":true
+        },
+        "ChatDurationInMinutes":{
+          "shape":"ChatDurationInMinutes",
+          "documentation":"<p>The total duration of the newly started chat session. If not specified, the chat session duration defaults to 25 hour. The minumum configurable time is 60 minutes. The maximum configurable time is 10,080 minutes (7 days).</p>"
         }
       }
     },
@@ -7476,6 +8630,10 @@
           "shape":"ClientToken",
           "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
           "idempotencyToken":true
+        },
+        "ScheduledTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp, in Unix Epoch seconds format, at which to start running the inbound contact flow. The scheduled time cannot be in the past. It must be within up to 6 days in future. </p>"
         }
       }
     },
@@ -7824,6 +8982,108 @@
         }
       }
     },
+    "UpdateContactFlowMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowId":{
+          "shape":"ContactFlowId",
+          "documentation":"<p>The identifier of the contact flow.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowId"
+        },
+        "Name":{
+          "shape":"ContactFlowName",
+          "documentation":"<p>TThe name of the contact flow.</p>"
+        },
+        "Description":{
+          "shape":"ContactFlowDescription",
+          "documentation":"<p>The description of the contact flow.</p>"
+        },
+        "ContactFlowState":{
+          "shape":"ContactFlowState",
+          "documentation":"<p>The state of contact flow.</p>"
+        }
+      }
+    },
+    "UpdateContactFlowModuleContentRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowModuleId",
+        "Content"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowModuleId":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowModuleId"
+        },
+        "Content":{
+          "shape":"ContactFlowModuleContent",
+          "documentation":"<p>The content of the contact flow module.</p>"
+        }
+      }
+    },
+    "UpdateContactFlowModuleContentResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateContactFlowModuleMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactFlowModuleId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactFlowModuleId":{
+          "shape":"ContactFlowModuleId",
+          "documentation":"<p>The identifier of the contact flow module.</p>",
+          "location":"uri",
+          "locationName":"ContactFlowModuleId"
+        },
+        "Name":{
+          "shape":"ContactFlowModuleName",
+          "documentation":"<p>The name of the contact flow module.</p>"
+        },
+        "Description":{
+          "shape":"ContactFlowModuleDescription",
+          "documentation":"<p>The description of the contact flow module.</p>"
+        },
+        "State":{
+          "shape":"ContactFlowModuleState",
+          "documentation":"<p>The state of contact flow module.</p>"
+        }
+      }
+    },
+    "UpdateContactFlowModuleMetadataResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdateContactFlowNameRequest":{
       "type":"structure",
       "required":[
@@ -7853,6 +9113,71 @@
         }
       }
     },
+    "UpdateContactRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactId"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>",
+          "location":"uri",
+          "locationName":"InstanceId"
+        },
+        "ContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>The identifier of the contact. This is the identifier of the contact associated with the first interaction with your contact center.</p>",
+          "location":"uri",
+          "locationName":"ContactId"
+        },
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the contact.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the contact.</p>"
+        },
+        "References":{
+          "shape":"ContactReferences",
+          "documentation":"<p>A formatted URL that is shown to an agent in the Contact Control Panel (CCP).</p>"
+        }
+      }
+    },
+    "UpdateContactResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateContactScheduleRequest":{
+      "type":"structure",
+      "required":[
+        "InstanceId",
+        "ContactId",
+        "ScheduledTime"
+      ],
+      "members":{
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The identifier of the Amazon Connect instance. You can find the instanceId in the ARN of the instance.</p>"
+        },
+        "ContactId":{
+          "shape":"ContactId",
+          "documentation":"<p>The identifier of the contact.</p>"
+        },
+        "ScheduledTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp, in Unix Epoch seconds format, at which to start running the inbound contact flow. The scheduled time cannot be in the past. It must be within up to 6 days in future. </p>"
+        }
+      }
+    },
+    "UpdateContactScheduleResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdateHoursOfOperationDescription":{
       "type":"string",
       "max":250,
@@ -8454,6 +9779,20 @@
         }
       }
     },
+    "UrlReference":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ReferenceKey",
+          "documentation":"<p>Identifier of the URL reference.</p>"
+        },
+        "Value":{
+          "shape":"ReferenceValue",
+          "documentation":"<p>A valid URL.</p>"
+        }
+      },
+      "documentation":"<p>The URL reference.</p>"
+    },
     "UseCase":{
       "type":"structure",
       "members":{
@@ -8626,6 +9965,161 @@
       "member":{"shape":"UserSummary"}
     },
     "Value":{"type":"double"},
+    "Vocabulary":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Id",
+        "Arn",
+        "LanguageCode",
+        "State",
+        "LastModifiedTime"
+      ],
+      "members":{
+        "Name":{
+          "shape":"VocabularyName",
+          "documentation":"<p>A unique name of the custom vocabulary.</p>"
+        },
+        "Id":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>"
+        },
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom vocabulary.</p>"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        },
+        "State":{
+          "shape":"VocabularyState",
+          "documentation":"<p>The current state of the custom vocabulary.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"VocabularyLastModifiedTime",
+          "documentation":"<p>The timestamp when the custom vocabulary was last modified.</p>"
+        },
+        "FailureReason":{
+          "shape":"VocabularyFailureReason",
+          "documentation":"<p>The reason why the custom vocabulary was not created.</p>"
+        },
+        "Content":{
+          "shape":"VocabularyContent",
+          "documentation":"<p>The content of the custom vocabulary in plain-text format with a table of values. Each row in the table represents a word or a phrase, described with <code>Phrase</code>, <code>IPA</code>, <code>SoundsLike</code>, and <code>DisplayAs</code> fields. Separate the fields with TAB characters. For more information, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/custom-vocabulary.html#create-vocabulary-table\">Create a custom vocabulary using a table</a>.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about a custom vocabulary.</p>"
+    },
+    "VocabularyContent":{
+      "type":"string",
+      "max":60000,
+      "min":1
+    },
+    "VocabularyFailureReason":{"type":"string"},
+    "VocabularyId":{
+      "type":"string",
+      "max":500,
+      "min":1
+    },
+    "VocabularyLanguageCode":{
+      "type":"string",
+      "enum":[
+        "ar-AE",
+        "de-CH",
+        "de-DE",
+        "en-AB",
+        "en-AU",
+        "en-GB",
+        "en-IE",
+        "en-IN",
+        "en-US",
+        "en-WL",
+        "es-ES",
+        "es-US",
+        "fr-CA",
+        "fr-FR",
+        "hi-IN",
+        "it-IT",
+        "ja-JP",
+        "ko-KR",
+        "pt-BR",
+        "pt-PT",
+        "zh-CN"
+      ]
+    },
+    "VocabularyLastModifiedTime":{"type":"timestamp"},
+    "VocabularyName":{
+      "type":"string",
+      "max":140,
+      "min":1,
+      "pattern":"^[0-9a-zA-Z._-]+"
+    },
+    "VocabularyNextToken":{
+      "type":"string",
+      "max":131070,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "VocabularyState":{
+      "type":"string",
+      "enum":[
+        "CREATION_IN_PROGRESS",
+        "ACTIVE",
+        "CREATION_FAILED",
+        "DELETE_IN_PROGRESS"
+      ]
+    },
+    "VocabularySummary":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Id",
+        "Arn",
+        "LanguageCode",
+        "State",
+        "LastModifiedTime"
+      ],
+      "members":{
+        "Name":{
+          "shape":"VocabularyName",
+          "documentation":"<p>A unique name of the custom vocabulary.</p>"
+        },
+        "Id":{
+          "shape":"VocabularyId",
+          "documentation":"<p>The identifier of the custom vocabulary.</p>"
+        },
+        "Arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the custom vocabulary.</p>"
+        },
+        "LanguageCode":{
+          "shape":"VocabularyLanguageCode",
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/transcribe-whatis.html\">What is Amazon Transcribe?</a> </p>"
+        },
+        "State":{
+          "shape":"VocabularyState",
+          "documentation":"<p>The current state of the custom vocabulary.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"VocabularyLastModifiedTime",
+          "documentation":"<p>The timestamp when the custom vocabulary was last modified.</p>"
+        },
+        "FailureReason":{
+          "shape":"VocabularyFailureReason",
+          "documentation":"<p>The reason why the custom vocabulary was not created.</p>"
+        }
+      },
+      "documentation":"<p>Contains summary information about the custom vocabulary.</p>"
+    },
+    "VocabularySummaryList":{
+      "type":"list",
+      "member":{"shape":"VocabularySummary"}
+    },
     "VoiceRecordingConfiguration":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/customer-profiles/2020-08-15/service-2.json b/contrib/python/botocore/py3/botocore/data/customer-profiles/2020-08-15/service-2.json
index 0ab01732e72..33279763bd5 100644
--- a/contrib/python/botocore/py3/botocore/data/customer-profiles/2020-08-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/customer-profiles/2020-08-15/service-2.json
@@ -45,7 +45,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates a domain, which is a container for all customer data, such as customer profile attributes, object types, profile keys, and encryption keys. You can create multiple domains, and each domain can have multiple third-party integrations.</p> <p>Each Amazon Connect instance can be associated with only one domain. Multiple Amazon Connect instances can be associated with one domain.</p> <p>Use this API or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_UpdateDomain.html\">UpdateDomain</a> to enable <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">identity resolution</a>: set <code>Matching</code> to true. </p>"
+      "documentation":"<p>Creates a domain, which is a container for all customer data, such as customer profile attributes, object types, profile keys, and encryption keys. You can create multiple domains, and each domain can have multiple third-party integrations.</p> <p>Each Amazon Connect instance can be associated with only one domain. Multiple Amazon Connect instances can be associated with one domain.</p> <p>Use this API or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_UpdateDomain.html\">UpdateDomain</a> to enable <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">identity resolution</a>: set <code>Matching</code> to true. </p> <p>To prevent cross-service impersonation when you call this API, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/cross-service-confused-deputy-prevention.html\">Cross-service confused deputy prevention</a> for sample policies that you should apply. </p>"
     },
     "CreateProfile":{
       "name":"CreateProfile",
@@ -166,6 +166,23 @@
       ],
       "documentation":"<p>Removes a ProfileObjectType from a specific domain as well as removes all the ProfileObjects of that type. It also disables integrations from this specific ProfileObjectType. In addition, it scrubs all of the fields of the standard profile that were populated from this ProfileObjectType.</p>"
     },
+    "GetAutoMergingPreview":{
+      "name":"GetAutoMergingPreview",
+      "http":{
+        "method":"POST",
+        "requestUri":"/domains/{DomainName}/identity-resolution-jobs/auto-merging-preview"
+      },
+      "input":{"shape":"GetAutoMergingPreviewRequest"},
+      "output":{"shape":"GetAutoMergingPreviewResponse"},
+      "errors":[
+        {"shape":"BadRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Tests the auto-merging settings of your Identity Resolution Job without merging your data. It randomly selects a sample of matching groups from the existing matching results, and applies the automerging settings that you provided. You can then view the number of profiles in the sample, the number of matches, and the number of profiles identified to be merged. This enables you to evaluate the accuracy of the attributes in your matching list. </p> <p>You can't view which profiles are matched and would be merged.</p> <important> <p>We strongly recommend you use this API to do a dry run of the automerging process before running the Identity Resolution Job. Include <b>at least</b> two matching attributes. If your matching list includes too few attributes (such as only <code>FirstName</code> or only <code>LastName</code>), there may be a large number of matches. This increases the chances of erroneous merges.</p> </important>"
+    },
     "GetDomain":{
       "name":"GetDomain",
       "http":{
@@ -183,6 +200,23 @@
       ],
       "documentation":"<p>Returns information about a specific domain.</p>"
     },
+    "GetIdentityResolutionJob":{
+      "name":"GetIdentityResolutionJob",
+      "http":{
+        "method":"GET",
+        "requestUri":"/domains/{DomainName}/identity-resolution-jobs/{JobId}"
+      },
+      "input":{"shape":"GetIdentityResolutionJobRequest"},
+      "output":{"shape":"GetIdentityResolutionJobResponse"},
+      "errors":[
+        {"shape":"BadRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about an Identity Resolution Job in a specific domain. </p> <p>Identity Resolution Jobs are set up using the Amazon Connect admin console. For more information, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/use-identity-resolution.html\">Use Identity Resolution to consolidate similar profiles</a>.</p>"
+    },
     "GetIntegration":{
       "name":"GetIntegration",
       "http":{
@@ -215,7 +249,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>This API is in preview release for Amazon Connect and subject to change.</p> <p>Before calling this API, use <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_CreateDomain.html\">CreateDomain</a> or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_UpdateDomain.html\">UpdateDomain</a> to enable identity resolution: set <code>Matching</code> to true.</p> <p>GetMatches returns potentially matching profiles, based on the results of the latest run of a machine learning process. </p> <important> <p>Amazon Connect starts a batch process every Saturday at 12AM UTC to identify matching profiles. The results are returned up to seven days after the Saturday run.</p> </important> <p>Amazon Connect uses the following profile attributes to identify matches:</p> <ul> <li> <p>PhoneNumber</p> </li> <li> <p>HomePhoneNumber</p> </li> <li> <p>BusinessPhoneNumber</p> </li> <li> <p>MobilePhoneNumber</p> </li> <li> <p>EmailAddress</p> </li> <li> <p>PersonalEmailAddress</p> </li> <li> <p>BusinessEmailAddress</p> </li> <li> <p>FullName</p> </li> <li> <p>BusinessName</p> </li> </ul> <p>For example, two or more profiles—with spelling mistakes such as <b>John Doe</b> and <b>Jhn Doe</b>, or different casing email addresses such as <b>JOHN_DOE@ANYCOMPANY.COM</b> and <b>johndoe@anycompany.com</b>, or different phone number formats such as <b>555-010-0000</b> and <b>+1-555-010-0000</b>—can be detected as belonging to the same customer <b>John Doe</b> and merged into a unified profile.</p>"
+      "documentation":"<p>Before calling this API, use <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_CreateDomain.html\">CreateDomain</a> or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_UpdateDomain.html\">UpdateDomain</a> to enable identity resolution: set <code>Matching</code> to true.</p> <p>GetMatches returns potentially matching profiles, based on the results of the latest run of a machine learning process. </p> <important> <p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p> </important> <p>Amazon Connect uses the following profile attributes to identify matches:</p> <ul> <li> <p>PhoneNumber</p> </li> <li> <p>HomePhoneNumber</p> </li> <li> <p>BusinessPhoneNumber</p> </li> <li> <p>MobilePhoneNumber</p> </li> <li> <p>EmailAddress</p> </li> <li> <p>PersonalEmailAddress</p> </li> <li> <p>BusinessEmailAddress</p> </li> <li> <p>FullName</p> </li> <li> <p>BusinessName</p> </li> </ul> <p>For example, two or more profiles—with spelling mistakes such as <b>John Doe</b> and <b>Jhn Doe</b>, or different casing email addresses such as <b>JOHN_DOE@ANYCOMPANY.COM</b> and <b>johndoe@anycompany.com</b>, or different phone number formats such as <b>555-010-0000</b> and <b>+1-555-010-0000</b>—can be detected as belonging to the same customer <b>John Doe</b> and merged into a unified profile.</p>"
     },
     "GetProfileObjectType":{
       "name":"GetProfileObjectType",
@@ -285,6 +319,23 @@
       ],
       "documentation":"<p>Returns a list of all the domains for an AWS account that have been created.</p>"
     },
+    "ListIdentityResolutionJobs":{
+      "name":"ListIdentityResolutionJobs",
+      "http":{
+        "method":"GET",
+        "requestUri":"/domains/{DomainName}/identity-resolution-jobs"
+      },
+      "input":{"shape":"ListIdentityResolutionJobsRequest"},
+      "output":{"shape":"ListIdentityResolutionJobsResponse"},
+      "errors":[
+        {"shape":"BadRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists all of the Identity Resolution Jobs in your domain. The response sorts the list by <code>JobStartTime</code>.</p>"
+    },
     "ListIntegrations":{
       "name":"ListIntegrations",
       "http":{
@@ -382,7 +433,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>This API is in preview release for Amazon Connect and subject to change.</p> <p>Runs an AWS Lambda job that does the following:</p> <ol> <li> <p>All the profileKeys in the <code>ProfileToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>All the objects in the <code>ProfileToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>All the <code>ProfileToBeMerged</code> will be deleted at the end.</p> </li> <li> <p>All the profileKeys in the <code>ProfileIdsToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>Standard fields are merged as follows:</p> <ol> <li> <p>Fields are always \"union\"-ed if there are no conflicts in standard fields or attributeKeys.</p> </li> <li> <p>When there are conflicting fields:</p> <ol> <li> <p>If no <code>SourceProfileIds</code> entry is specified, the main Profile value is always taken. </p> </li> <li> <p>If a <code>SourceProfileIds</code> entry is specified, the specified profileId is always taken, even if it is a NULL value.</p> </li> </ol> </li> </ol> </li> </ol> <p>You can use MergeProfiles together with <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a>, which returns potentially matching profiles, or use it with the results of another matching system. After profiles have been merged, they cannot be separated (unmerged).</p>"
+      "documentation":"<p>Runs an AWS Lambda job that does the following:</p> <ol> <li> <p>All the profileKeys in the <code>ProfileToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>All the objects in the <code>ProfileToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>All the <code>ProfileToBeMerged</code> will be deleted at the end.</p> </li> <li> <p>All the profileKeys in the <code>ProfileIdsToBeMerged</code> will be moved to the main profile.</p> </li> <li> <p>Standard fields are merged as follows:</p> <ol> <li> <p>Fields are always \"union\"-ed if there are no conflicts in standard fields or attributeKeys.</p> </li> <li> <p>When there are conflicting fields:</p> <ol> <li> <p>If no <code>SourceProfileIds</code> entry is specified, the main Profile value is always taken. </p> </li> <li> <p>If a <code>SourceProfileIds</code> entry is specified, the specified profileId is always taken, even if it is a NULL value.</p> </li> </ol> </li> </ol> </li> </ol> <p>You can use MergeProfiles together with <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a>, which returns potentially matching profiles, or use it with the results of another matching system. After profiles have been merged, they cannot be separated (unmerged).</p>"
     },
     "PutIntegration":{
       "name":"PutIntegration",
@@ -497,7 +548,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Updates the properties of a domain, including creating or selecting a dead letter queue or an encryption key.</p> <p>After a domain is created, the name can’t be changed.</p> <p>Use this API or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_CreateDomain.html\">CreateDomain</a> to enable <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">identity resolution</a>: set <code>Matching</code> to true. </p>"
+      "documentation":"<p>Updates the properties of a domain, including creating or selecting a dead letter queue or an encryption key.</p> <p>After a domain is created, the name can’t be changed.</p> <p>Use this API or <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_CreateDomain.html\">CreateDomain</a> to enable <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">identity resolution</a>: set <code>Matching</code> to true. </p> <p>To prevent cross-service impersonation when you call this API, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/cross-service-confused-deputy-prevention.html\">Cross-service confused deputy prevention</a> for sample policies that you should apply. </p>"
     },
     "UpdateProfile":{
       "name":"UpdateProfile",
@@ -631,6 +682,25 @@
       "key":{"shape":"string1To255"},
       "value":{"shape":"string1To255"}
     },
+    "AutoMerging":{
+      "type":"structure",
+      "required":["Enabled"],
+      "members":{
+        "Enabled":{
+          "shape":"optionalBoolean",
+          "documentation":"<p>The flag that enables the auto-merging of duplicate profiles.</p>"
+        },
+        "Consolidation":{
+          "shape":"Consolidation",
+          "documentation":"<p>A list of matching attributes that represent matching criteria. If two profiles meet at least one of the requirements in the matching attributes list, they will be merged.</p>"
+        },
+        "ConflictResolution":{
+          "shape":"ConflictResolution",
+          "documentation":"<p>How the auto-merging process should resolve conflicts between different profiles. For example, if Profile A and Profile B have the same <code>FirstName</code> and <code>LastName</code> (and that is the matching criteria), which <code>EmailAddress</code> should be used? </p>"
+        }
+      },
+      "documentation":"<p>Configuration settings for how to perform the auto-merging of profiles.</p>"
+    },
     "BadRequestException":{
       "type":"structure",
       "members":{
@@ -651,6 +721,28 @@
       "max":512,
       "pattern":".*"
     },
+    "ConflictResolution":{
+      "type":"structure",
+      "required":["ConflictResolvingModel"],
+      "members":{
+        "ConflictResolvingModel":{
+          "shape":"ConflictResolvingModel",
+          "documentation":"<p>How the auto-merging process should resolve conflicts between different profiles.</p> <ul> <li> <p> <code>RECENCY</code>: Uses the data that was most recently updated.</p> </li> <li> <p> <code>SOURCE</code>: Uses the data from a specific source. For example, if a company has been aquired or two departments have merged, data from the specified source is used. If two duplicate profiles are from the same source, then <code>RECENCY</code> is used again.</p> </li> </ul>"
+        },
+        "SourceName":{
+          "shape":"string1To255",
+          "documentation":"<p>The <code>ObjectType</code> name that is used to resolve profile merging conflicts when choosing <code>SOURCE</code> as the <code>ConflictResolvingModel</code>.</p>"
+        }
+      },
+      "documentation":"<p>How the auto-merging process should resolve conflicts between different profiles.</p>"
+    },
+    "ConflictResolvingModel":{
+      "type":"string",
+      "enum":[
+        "RECENCY",
+        "SOURCE"
+      ]
+    },
     "ConnectorOperator":{
       "type":"structure",
       "members":{
@@ -682,6 +774,17 @@
       "max":256,
       "pattern":"[\\w/!@#+=.-]+"
     },
+    "Consolidation":{
+      "type":"structure",
+      "required":["MatchingAttributesList"],
+      "members":{
+        "MatchingAttributesList":{
+          "shape":"MatchingAttributesList",
+          "documentation":"<p>A list of matching criteria.</p>"
+        }
+      },
+      "documentation":"<p>The matching criteria to be used during the auto-merging process. </p>"
+    },
     "CreateDomainRequest":{
       "type":"structure",
       "required":[
@@ -709,7 +812,7 @@
         },
         "Matching":{
           "shape":"MatchingRequest",
-          "documentation":"<p>The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process every Saturday at 12AM UTC to detect duplicate profiles in your domains. After that batch process completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. </p>"
+          "documentation":"<p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p>"
         },
         "Tags":{
           "shape":"TagMap",
@@ -744,7 +847,7 @@
         },
         "Matching":{
           "shape":"MatchingResponse",
-          "documentation":"<p>The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process every Saturday at 12AM UTC to detect duplicate profiles in your domains. After that batch process completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. </p>"
+          "documentation":"<p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p>"
         },
         "CreatedAt":{
           "shape":"timestamp",
@@ -1096,6 +1199,27 @@
       },
       "documentation":"<p>Usage-specific statistics about the domain.</p>"
     },
+    "Double":{"type":"double"},
+    "ExportingConfig":{
+      "type":"structure",
+      "members":{
+        "S3Exporting":{
+          "shape":"S3ExportingConfig",
+          "documentation":"<p>The S3 location where Identity Resolution Jobs write result files.</p>"
+        }
+      },
+      "documentation":"<p>Configuration information about the S3 bucket where Identity Resolution Jobs writes result files. </p> <note> <p>You need to give Customer Profiles service principal write permission to your S3 bucket. Otherwise, you'll get an exception in the API response. For an example policy, see <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/cross-service-confused-deputy-prevention.html#customer-profiles-cross-service\">Amazon Connect Customer Profiles cross-service confused deputy prevention</a>. </p> </note>"
+    },
+    "ExportingLocation":{
+      "type":"structure",
+      "members":{
+        "S3Exporting":{
+          "shape":"S3ExportingLocation",
+          "documentation":"<p>Information about the S3 location where Identity Resolution Jobs write result files.</p>"
+        }
+      },
+      "documentation":"<p>The S3 location where Identity Resolution Jobs write result files.</p>"
+    },
     "FieldContentType":{
       "type":"string",
       "enum":[
@@ -1260,6 +1384,52 @@
         "UNSPECIFIED"
       ]
     },
+    "GetAutoMergingPreviewRequest":{
+      "type":"structure",
+      "required":[
+        "DomainName",
+        "Consolidation",
+        "ConflictResolution"
+      ],
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>",
+          "location":"uri",
+          "locationName":"DomainName"
+        },
+        "Consolidation":{
+          "shape":"Consolidation",
+          "documentation":"<p>A list of matching attributes that represent matching criteria.</p>"
+        },
+        "ConflictResolution":{
+          "shape":"ConflictResolution",
+          "documentation":"<p>How the auto-merging process should resolve conflicts between different profiles.</p>"
+        }
+      }
+    },
+    "GetAutoMergingPreviewResponse":{
+      "type":"structure",
+      "required":["DomainName"],
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>"
+        },
+        "NumberOfMatchesInSample":{
+          "shape":"long",
+          "documentation":"<p>The number of match groups in the domain that have been reviewed in this preview dry run.</p>"
+        },
+        "NumberOfProfilesInSample":{
+          "shape":"long",
+          "documentation":"<p>The number of profiles found in this preview dry run.</p>"
+        },
+        "NumberOfProfilesWillBeMerged":{
+          "shape":"long",
+          "documentation":"<p>The number of profiles that would be merged if this wasn't a preview dry run.</p>"
+        }
+      }
+    },
     "GetDomainRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1302,7 +1472,7 @@
         },
         "Matching":{
           "shape":"MatchingResponse",
-          "documentation":"<p>The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process every Saturday at 12AM UTC to detect duplicate profiles in your domains. After that batch process completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. </p>"
+          "documentation":"<p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p>"
         },
         "CreatedAt":{
           "shape":"timestamp",
@@ -1318,6 +1488,76 @@
         }
       }
     },
+    "GetIdentityResolutionJobRequest":{
+      "type":"structure",
+      "required":[
+        "DomainName",
+        "JobId"
+      ],
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>",
+          "location":"uri",
+          "locationName":"DomainName"
+        },
+        "JobId":{
+          "shape":"uuid",
+          "documentation":"<p>The unique identifier of the Identity Resolution Job.</p>",
+          "location":"uri",
+          "locationName":"JobId"
+        }
+      }
+    },
+    "GetIdentityResolutionJobResponse":{
+      "type":"structure",
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>"
+        },
+        "JobId":{
+          "shape":"uuid",
+          "documentation":"<p>The unique identifier of the Identity Resolution Job.</p>"
+        },
+        "Status":{
+          "shape":"IdentityResolutionJobStatus",
+          "documentation":"<p>The status of the Identity Resolution Job.</p> <ul> <li> <p> <code>PENDING</code>: The Identity Resolution Job is scheduled but has not started yet. If you turn off the Identity Resolution feature in your domain, jobs in the <code>PENDING</code> state are deleted.</p> </li> <li> <p> <code>PREPROCESSING</code>: The Identity Resolution Job is loading your data.</p> </li> <li> <p> <code>FIND_MATCHING</code>: The Identity Resolution Job is using the machine learning model to identify profiles that belong to the same matching group.</p> </li> <li> <p> <code>MERGING</code>: The Identity Resolution Job is merging duplicate profiles.</p> </li> <li> <p> <code>COMPLETED</code>: The Identity Resolution Job completed successfully.</p> </li> <li> <p> <code>PARTIAL_SUCCESS</code>: There's a system error and not all of the data is merged. The Identity Resolution Job writes a message indicating the source of the problem.</p> </li> <li> <p> <code>FAILED</code>: The Identity Resolution Job did not merge any data. It writes a message indicating the source of the problem.</p> </li> </ul>"
+        },
+        "Message":{
+          "shape":"stringTo2048",
+          "documentation":"<p>The error messages that are generated when the Identity Resolution Job runs.</p>"
+        },
+        "JobStartTime":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the Identity Resolution Job was started or will be started.</p>"
+        },
+        "JobEndTime":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the Identity Resolution Job was completed.</p>"
+        },
+        "LastUpdatedAt":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the Identity Resolution Job was most recently edited.</p>"
+        },
+        "JobExpirationTime":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the Identity Resolution Job will expire.</p>"
+        },
+        "AutoMerging":{
+          "shape":"AutoMerging",
+          "documentation":"<p>Configuration settings for how to perform the auto-merging of profiles.</p>"
+        },
+        "ExportingLocation":{
+          "shape":"ExportingLocation",
+          "documentation":"<p>The S3 location where the Identity Resolution Job writes result files.</p>"
+        },
+        "JobStats":{
+          "shape":"JobStats",
+          "documentation":"<p>Statistics about the Identity Resolution Job.</p>"
+        }
+      }
+    },
     "GetIntegrationRequest":{
       "type":"structure",
       "required":[
@@ -1342,7 +1582,6 @@
       "required":[
         "DomainName",
         "Uri",
-        "ObjectTypeName",
         "CreatedAt",
         "LastUpdatedAt"
       ],
@@ -1370,6 +1609,10 @@
         "Tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        },
+        "ObjectTypeNames":{
+          "shape":"ObjectTypeNames",
+          "documentation":"<p>A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an <code>ObjectTypeName</code> (template) used to ingest the event. It supports the following event types: <code>SegmentIdentify</code>, <code>ShopifyCreateCustomers</code>, <code>ShopifyUpdateCustomers</code>, <code>ShopifyCreateDraftOrders</code>, <code>ShopifyUpdateDraftOrders</code>, <code>ShopifyCreateOrders</code>, and <code>ShopifyUpdatedOrders</code>.</p>"
         }
       }
     },
@@ -1470,6 +1713,10 @@
           "shape":"boolean",
           "documentation":"<p>Indicates whether a profile should be created when data is received if one doesn’t exist for an object of this type. The default is <code>FALSE</code>. If the AllowProfileCreation flag is set to <code>FALSE</code>, then the service tries to fetch a standard profile and associate this object with the profile. If it is set to <code>TRUE</code>, and if no match is found, then the service creates a new standard profile.</p>"
         },
+        "SourceLastUpdatedTimestampFormat":{
+          "shape":"string1To255",
+          "documentation":"<p>The format of your <code>sourceLastUpdatedTimestamp</code> that was previously set up.</p>"
+        },
         "Fields":{
           "shape":"FieldMap",
           "documentation":"<p>A map of the name and ObjectType field.</p>"
@@ -1523,6 +1770,10 @@
           "shape":"boolean",
           "documentation":"<p>Indicates whether a profile should be created when data is received if one doesn’t exist for an object of this type. The default is <code>FALSE</code>. If the AllowProfileCreation flag is set to <code>FALSE</code>, then the service tries to fetch a standard profile and associate this object with the profile. If it is set to <code>TRUE</code>, and if no match is found, then the service creates a new standard profile.</p>"
         },
+        "SourceLastUpdatedTimestampFormat":{
+          "shape":"string1To255",
+          "documentation":"<p>The format of your <code>sourceLastUpdatedTimestamp</code> that was previously set up.</p>"
+        },
         "Fields":{
           "shape":"FieldMap",
           "documentation":"<p>A map of the name and ObjectType field.</p>"
@@ -1533,6 +1784,60 @@
         }
       }
     },
+    "IdentityResolutionJob":{
+      "type":"structure",
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>"
+        },
+        "JobId":{
+          "shape":"uuid",
+          "documentation":"<p>The unique identifier of the Identity Resolution Job.</p>"
+        },
+        "Status":{
+          "shape":"IdentityResolutionJobStatus",
+          "documentation":"<p>The status of the Identity Resolution Job.</p> <ul> <li> <p> <code>PENDING</code>: The Identity Resolution Job is scheduled but has not started yet. If you turn off the Identity Resolution feature in your domain, jobs in the <code>PENDING</code> state are deleted.</p> </li> <li> <p> <code>PREPROCESSING</code>: The Identity Resolution Job is loading your data.</p> </li> <li> <p> <code>FIND_MATCHING</code>: The Identity Resolution Job is using the machine learning model to identify profiles that belong to the same matching group.</p> </li> <li> <p> <code>MERGING</code>: The Identity Resolution Job is merging duplicate profiles.</p> </li> <li> <p> <code>COMPLETED</code>: The Identity Resolution Job completed successfully.</p> </li> <li> <p> <code>PARTIAL_SUCCESS</code>: There's a system error and not all of the data is merged. The Identity Resolution Job writes a message indicating the source of the problem.</p> </li> <li> <p> <code>FAILED</code>: The Identity Resolution Job did not merge any data. It writes a message indicating the source of the problem.</p> </li> </ul>"
+        },
+        "JobStartTime":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the job was started or will be started.</p>"
+        },
+        "JobEndTime":{
+          "shape":"timestamp",
+          "documentation":"<p>The timestamp of when the job was completed.</p>"
+        },
+        "JobStats":{
+          "shape":"JobStats",
+          "documentation":"<p>Statistics about an Identity Resolution Job.</p>"
+        },
+        "ExportingLocation":{
+          "shape":"ExportingLocation",
+          "documentation":"<p>The S3 location where the Identity Resolution Job writes result files.</p>"
+        },
+        "Message":{
+          "shape":"stringTo2048",
+          "documentation":"<p>The error messages that are generated when the Identity Resolution Job runs.</p>"
+        }
+      },
+      "documentation":"<p>Information about the Identity Resolution Job.</p>"
+    },
+    "IdentityResolutionJobStatus":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "PREPROCESSING",
+        "FIND_MATCHING",
+        "MERGING",
+        "COMPLETED",
+        "PARTIAL_SUCCESS",
+        "FAILED"
+      ]
+    },
+    "IdentityResolutionJobsList":{
+      "type":"list",
+      "member":{"shape":"IdentityResolutionJob"}
+    },
     "IncrementalPullConfig":{
       "type":"structure",
       "members":{
@@ -1557,6 +1862,60 @@
       "exception":true,
       "fault":true
     },
+    "JobSchedule":{
+      "type":"structure",
+      "required":[
+        "DayOfTheWeek",
+        "Time"
+      ],
+      "members":{
+        "DayOfTheWeek":{
+          "shape":"JobScheduleDayOfTheWeek",
+          "documentation":"<p>The day when the Identity Resolution Job should run every week.</p>"
+        },
+        "Time":{
+          "shape":"JobScheduleTime",
+          "documentation":"<p>The time when the Identity Resolution Job should run every week.</p>"
+        }
+      },
+      "documentation":"<p>The day and time when do you want to start the Identity Resolution Job every week.</p>"
+    },
+    "JobScheduleDayOfTheWeek":{
+      "type":"string",
+      "enum":[
+        "SUNDAY",
+        "MONDAY",
+        "TUESDAY",
+        "WEDNESDAY",
+        "THURSDAY",
+        "FRIDAY",
+        "SATURDAY"
+      ]
+    },
+    "JobScheduleTime":{
+      "type":"string",
+      "max":5,
+      "min":3,
+      "pattern":"^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$"
+    },
+    "JobStats":{
+      "type":"structure",
+      "members":{
+        "NumberOfProfilesReviewed":{
+          "shape":"long",
+          "documentation":"<p>The number of profiles reviewed.</p>"
+        },
+        "NumberOfMatchesFound":{
+          "shape":"long",
+          "documentation":"<p>The number of matches found.</p>"
+        },
+        "NumberOfMergesDone":{
+          "shape":"long",
+          "documentation":"<p>The number of merges completed.</p>"
+        }
+      },
+      "documentation":"<p>Statistics about the Identity Resolution Job.</p>"
+    },
     "KeyMap":{
       "type":"map",
       "key":{"shape":"name"},
@@ -1660,12 +2019,48 @@
         }
       }
     },
+    "ListIdentityResolutionJobsRequest":{
+      "type":"structure",
+      "required":["DomainName"],
+      "members":{
+        "DomainName":{
+          "shape":"name",
+          "documentation":"<p>The unique name of the domain.</p>",
+          "location":"uri",
+          "locationName":"DomainName"
+        },
+        "NextToken":{
+          "shape":"token",
+          "documentation":"<p>The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"next-token"
+        },
+        "MaxResults":{
+          "shape":"maxSize100",
+          "documentation":"<p>The maximum number of results to return per page.</p>",
+          "location":"querystring",
+          "locationName":"max-results"
+        }
+      }
+    },
+    "ListIdentityResolutionJobsResponse":{
+      "type":"structure",
+      "members":{
+        "IdentityResolutionJobsList":{
+          "shape":"IdentityResolutionJobsList",
+          "documentation":"<p>A list of Identity Resolution Jobs.</p>"
+        },
+        "NextToken":{
+          "shape":"token",
+          "documentation":"<p>If there are additional results, this is the token for the next set of results.</p>"
+        }
+      }
+    },
     "ListIntegrationItem":{
       "type":"structure",
       "required":[
         "DomainName",
         "Uri",
-        "ObjectTypeName",
         "CreatedAt",
         "LastUpdatedAt"
       ],
@@ -1693,6 +2088,10 @@
         "Tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        },
+        "ObjectTypeNames":{
+          "shape":"ObjectTypeNames",
+          "documentation":"<p>A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an <code>ObjectTypeName</code> (template) used to ingest the event. It supports the following event types: <code>SegmentIdentify</code>, <code>ShopifyCreateCustomers</code>, <code>ShopifyUpdateCustomers</code>, <code>ShopifyCreateDraftOrders</code>, <code>ShopifyUpdateDraftOrders</code>, <code>ShopifyCreateOrders</code>, and <code>ShopifyUpdatedOrders</code>.</p>"
         }
       },
       "documentation":"<p>An integration in list of integrations.</p>"
@@ -1903,7 +2302,7 @@
         },
         "ObjectFilter":{
           "shape":"ObjectFilter",
-          "documentation":"<p>Applies a filter to the response to include profile objects with the specified index values. This filter is only supported for ObjectTypeName _asset and _case.</p>"
+          "documentation":"<p>Applies a filter to the response to include profile objects with the specified index values. This filter is only supported for ObjectTypeName _asset, _case and _order.</p>"
         }
       }
     },
@@ -1983,6 +2382,10 @@
         "ProfileIds":{
           "shape":"ProfileIdList",
           "documentation":"<p>A list of identifiers for profiles that match.</p>"
+        },
+        "ConfidenceScore":{
+          "shape":"Double",
+          "documentation":"<p>A number between 0 and 1 that represents the confidence level of assigning profiles to a matching group. A score of 1 likely indicates an exact match.</p>"
         }
       },
       "documentation":"<p>The Match group object.</p>"
@@ -1991,6 +2394,18 @@
       "type":"list",
       "member":{"shape":"MatchItem"}
     },
+    "MatchingAttributes":{
+      "type":"list",
+      "member":{"shape":"string1To255"},
+      "max":20,
+      "min":1
+    },
+    "MatchingAttributesList":{
+      "type":"list",
+      "member":{"shape":"MatchingAttributes"},
+      "max":10,
+      "min":1
+    },
     "MatchingRequest":{
       "type":"structure",
       "required":["Enabled"],
@@ -1998,6 +2413,18 @@
         "Enabled":{
           "shape":"optionalBoolean",
           "documentation":"<p>The flag that enables the matching process of duplicate profiles.</p>"
+        },
+        "JobSchedule":{
+          "shape":"JobSchedule",
+          "documentation":"<p>The day and time when do you want to start the Identity Resolution Job every week.</p>"
+        },
+        "AutoMerging":{
+          "shape":"AutoMerging",
+          "documentation":"<p>Configuration information about the auto-merging process.</p>"
+        },
+        "ExportingConfig":{
+          "shape":"ExportingConfig",
+          "documentation":"<p>Configuration information for exporting Identity Resolution results, for example, to an S3 bucket.</p>"
         }
       },
       "documentation":"<p>The flag that enables the matching process of duplicate profiles.</p>"
@@ -2008,6 +2435,18 @@
         "Enabled":{
           "shape":"optionalBoolean",
           "documentation":"<p>The flag that enables the matching process of duplicate profiles.</p>"
+        },
+        "JobSchedule":{
+          "shape":"JobSchedule",
+          "documentation":"<p>The day and time when do you want to start the Identity Resolution Job every week.</p>"
+        },
+        "AutoMerging":{
+          "shape":"AutoMerging",
+          "documentation":"<p>Configuration information about the auto-merging process.</p>"
+        },
+        "ExportingConfig":{
+          "shape":"ExportingConfig",
+          "documentation":"<p>Configuration information for exporting Identity Resolution results, for example, to an S3 bucket.</p>"
         }
       },
       "documentation":"<p>The flag that enables the matching process of duplicate profiles.</p>"
@@ -2063,14 +2502,14 @@
       "members":{
         "KeyName":{
           "shape":"name",
-          "documentation":"<p>A searchable identifier of a standard profile object. The predefined keys you can use to search for _asset include: _assetId, _assetName, _serialNumber. The predefined keys you can use to search for _case include: _caseId.</p>"
+          "documentation":"<p>A searchable identifier of a standard profile object. The predefined keys you can use to search for _asset include: _assetId, _assetName, _serialNumber. The predefined keys you can use to search for _case include: _caseId. The predefined keys you can use to search for _order include: _orderId.</p>"
         },
         "Values":{
           "shape":"requestValueList",
           "documentation":"<p>A list of key values.</p>"
         }
       },
-      "documentation":"<p>The filter applied to ListProfileObjects response to include profile objects with the specified index values. This filter is only supported for ObjectTypeName _asset and _case.</p>"
+      "documentation":"<p>The filter applied to ListProfileObjects response to include profile objects with the specified index values. This filter is only supported for ObjectTypeName _asset, _case and _order.</p>"
     },
     "ObjectTypeField":{
       "type":"structure",
@@ -2095,7 +2534,7 @@
       "members":{
         "StandardIdentifiers":{
           "shape":"StandardIdentifierList",
-          "documentation":"<p>The types of keys that a ProfileObject can have. Each ProfileObject can have only 1 UNIQUE key but multiple PROFILE keys. PROFILE, ASSET or CASE means that this key can be used to tie an object to a PROFILE, ASSET or CASE respectively. UNIQUE means that it can be used to uniquely identify an object. If a key a is marked as SECONDARY, it will be used to search for profiles after all other PROFILE keys have been searched. A LOOKUP_ONLY key is only used to match a profile but is not persisted to be used for searching of the profile. A NEW_ONLY key is only used if the profile does not already exist before the object is ingested, otherwise it is only used for matching objects to profiles.</p>"
+          "documentation":"<p>The types of keys that a ProfileObject can have. Each ProfileObject can have only 1 UNIQUE key but multiple PROFILE keys. PROFILE, ASSET, CASE, or ORDER means that this key can be used to tie an object to a PROFILE, ASSET, CASE, or ORDER respectively. UNIQUE means that it can be used to uniquely identify an object. If a key a is marked as SECONDARY, it will be used to search for profiles after all other PROFILE keys have been searched. A LOOKUP_ONLY key is only used to match a profile but is not persisted to be used for searching of the profile. A NEW_ONLY key is only used if the profile does not already exist before the object is ingested, otherwise it is only used for matching objects to profiles.</p>"
         },
         "FieldNames":{
           "shape":"FieldNameList",
@@ -2108,6 +2547,11 @@
       "type":"list",
       "member":{"shape":"ObjectTypeKey"}
     },
+    "ObjectTypeNames":{
+      "type":"map",
+      "key":{"shape":"string1To255"},
+      "value":{"shape":"typeName"}
+    },
     "OperatorPropertiesKeys":{
       "type":"string",
       "enum":[
@@ -2262,10 +2706,7 @@
     },
     "PutIntegrationRequest":{
       "type":"structure",
-      "required":[
-        "DomainName",
-        "ObjectTypeName"
-      ],
+      "required":["DomainName"],
       "members":{
         "DomainName":{
           "shape":"name",
@@ -2288,6 +2729,10 @@
         "FlowDefinition":{
           "shape":"FlowDefinition",
           "documentation":"<p>The configuration that controls how Customer Profiles retrieves data from the source.</p>"
+        },
+        "ObjectTypeNames":{
+          "shape":"ObjectTypeNames",
+          "documentation":"<p>A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an <code>ObjectTypeName</code> (template) used to ingest the event. It supports the following event types: <code>SegmentIdentify</code>, <code>ShopifyCreateCustomers</code>, <code>ShopifyUpdateCustomers</code>, <code>ShopifyCreateDraftOrders</code>, <code>ShopifyUpdateDraftOrders</code>, <code>ShopifyCreateOrders</code>, and <code>ShopifyUpdatedOrders</code>.</p>"
         }
       }
     },
@@ -2296,7 +2741,6 @@
       "required":[
         "DomainName",
         "Uri",
-        "ObjectTypeName",
         "CreatedAt",
         "LastUpdatedAt"
       ],
@@ -2324,6 +2768,10 @@
         "Tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags used to organize, track, or control access for this resource.</p>"
+        },
+        "ObjectTypeNames":{
+          "shape":"ObjectTypeNames",
+          "documentation":"<p>A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an <code>ObjectTypeName</code> (template) used to ingest the event. It supports the following event types: <code>SegmentIdentify</code>, <code>ShopifyCreateCustomers</code>, <code>ShopifyUpdateCustomers</code>, <code>ShopifyCreateDraftOrders</code>, <code>ShopifyUpdateDraftOrders</code>, <code>ShopifyCreateOrders</code>, and <code>ShopifyUpdatedOrders</code>.</p>"
         }
       }
     },
@@ -2400,6 +2848,10 @@
           "shape":"boolean",
           "documentation":"<p>Indicates whether a profile should be created when data is received if one doesn’t exist for an object of this type. The default is <code>FALSE</code>. If the AllowProfileCreation flag is set to <code>FALSE</code>, then the service tries to fetch a standard profile and associate this object with the profile. If it is set to <code>TRUE</code>, and if no match is found, then the service creates a new standard profile.</p>"
         },
+        "SourceLastUpdatedTimestampFormat":{
+          "shape":"string1To255",
+          "documentation":"<p>The format of your <code>sourceLastUpdatedTimestamp</code> that was previously set up. </p>"
+        },
         "Fields":{
           "shape":"FieldMap",
           "documentation":"<p>A map of the name and ObjectType field.</p>"
@@ -2445,6 +2897,10 @@
           "shape":"boolean",
           "documentation":"<p>Indicates whether a profile should be created when data is received if one doesn’t exist for an object of this type. The default is <code>FALSE</code>. If the AllowProfileCreation flag is set to <code>FALSE</code>, then the service tries to fetch a standard profile and associate this object with the profile. If it is set to <code>TRUE</code>, and if no match is found, then the service creates a new standard profile.</p>"
         },
+        "SourceLastUpdatedTimestampFormat":{
+          "shape":"string1To255",
+          "documentation":"<p>The format of your <code>sourceLastUpdatedTimestamp</code> that was previously set up in fields that were parsed using <a href=\"https://docs.oracle.com/javase/10/docs/api/java/text/SimpleDateFormat.html\">SimpleDateFormat</a>. If you have <code>sourceLastUpdatedTimestamp</code> in your field, you must set up <code>sourceLastUpdatedTimestampFormat</code>.</p>"
+        },
         "Fields":{
           "shape":"FieldMap",
           "documentation":"<p>A map of the name and ObjectType field.</p>"
@@ -2501,6 +2957,35 @@
         "NO_OP"
       ]
     },
+    "S3ExportingConfig":{
+      "type":"structure",
+      "required":["S3BucketName"],
+      "members":{
+        "S3BucketName":{
+          "shape":"s3BucketName",
+          "documentation":"<p>The name of the S3 bucket where Identity Resolution Jobs write result files.</p>"
+        },
+        "S3KeyName":{
+          "shape":"s3KeyNameCustomerOutputConfig",
+          "documentation":"<p>The S3 key name of the location where Identity Resolution Jobs write result files.</p>"
+        }
+      },
+      "documentation":"<p>Configuration information about the S3 bucket where Identity Resolution Jobs write result files.</p>"
+    },
+    "S3ExportingLocation":{
+      "type":"structure",
+      "members":{
+        "S3BucketName":{
+          "shape":"s3BucketName",
+          "documentation":"<p>The name of the S3 bucket name where Identity Resolution Jobs write result files.</p>"
+        },
+        "S3KeyName":{
+          "shape":"s3KeyName",
+          "documentation":"<p>The S3 key name of the location where Identity Resolution Jobs write result files.</p>"
+        }
+      },
+      "documentation":"<p>The S3 location where Identity Resolution Jobs write result files.</p>"
+    },
     "S3SourceProperties":{
       "type":"structure",
       "required":["BucketName"],
@@ -2635,7 +3120,7 @@
         },
         "KeyName":{
           "shape":"name",
-          "documentation":"<p>A searchable identifier of a customer profile. The predefined keys you can use to search include: _account, _profileId, _fullName, _phone, _email, _ctrContactId, _marketoLeadId, _salesforceAccountId, _salesforceContactId, _zendeskUserId, _zendeskExternalId, _serviceNowSystemId.</p>"
+          "documentation":"<p>A searchable identifier of a customer profile. The predefined keys you can use to search include: _account, _profileId, _assetId, _caseId, _orderId, _fullName, _phone, _email, _ctrContactId, _marketoLeadId, _salesforceAccountId, _salesforceContactId, _salesforceAssetId, _zendeskUserId, _zendeskExternalId, _zendeskTicketId, _serviceNowSystemId, _serviceNowIncidentId, _segmentUserId, _shopifyCustomerId, _shopifyOrderId.</p>"
         },
         "Values":{
           "shape":"requestValueList",
@@ -2768,7 +3253,8 @@
         "UNIQUE",
         "SECONDARY",
         "LOOKUP_ONLY",
-        "NEW_ONLY"
+        "NEW_ONLY",
+        "ORDER"
       ]
     },
     "StandardIdentifierList":{
@@ -3026,7 +3512,7 @@
         },
         "Matching":{
           "shape":"MatchingRequest",
-          "documentation":"<p>The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process every Saturday at 12AM UTC to detect duplicate profiles in your domains. After that batch process completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. </p>"
+          "documentation":"<p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p>"
         },
         "Tags":{
           "shape":"TagMap",
@@ -3060,7 +3546,7 @@
         },
         "Matching":{
           "shape":"MatchingResponse",
-          "documentation":"<p>The process of matching duplicate profiles. If Matching = true, Amazon Connect Customer Profiles starts a weekly batch process every Saturday at 12AM UTC to detect duplicate profiles in your domains. After that batch process completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. </p>"
+          "documentation":"<p>The process of matching duplicate profiles. If <code>Matching</code> = <code>true</code>, Amazon Connect Customer Profiles starts a weekly batch process called Identity Resolution Job. If you do not specify a date and time for Identity Resolution Job to run, by default it runs every Saturday at 12AM UTC to detect duplicate profiles in your domains. </p> <p>After the Identity Resolution Job completes, use the <a href=\"https://docs.aws.amazon.com/customerprofiles/latest/APIReference/API_GetMatches.html\">GetMatches</a> API to return and review the results. Or, if you have configured <code>ExportingConfig</code> in the <code>MatchingRequest</code>, you can download the results from S3.</p>"
         },
         "CreatedAt":{
           "shape":"timestamp",
@@ -3246,6 +3732,24 @@
       "type":"list",
       "member":{"shape":"string1To255"}
     },
+    "s3BucketName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^[a-z0-9.-]+$"
+    },
+    "s3KeyName":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".*"
+    },
+    "s3KeyNameCustomerOutputConfig":{
+      "type":"string",
+      "max":800,
+      "min":1,
+      "pattern":".*"
+    },
     "sqsQueueUrl":{
       "type":"string",
       "max":255,
diff --git a/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/paginators-1.json b/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/paginators-1.json
index ee856e1b7f3..d18a749efa7 100644
--- a/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/paginators-1.json
@@ -41,6 +41,12 @@
       "limit_key": "MaxResults",
       "output_token": "NextToken",
       "result_key": "Schedules"
+    },
+    "ListRulesets": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "Rulesets"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/service-2.json
index 5f93e95e44f..98e359d4577 100644
--- a/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/databrew/2017-07-25/service-2.json
@@ -108,6 +108,21 @@
       ],
       "documentation":"<p>Creates a new job to transform input data, using steps defined in an existing Glue DataBrew recipe</p>"
     },
+    "CreateRuleset":{
+      "name":"CreateRuleset",
+      "http":{
+        "method":"POST",
+        "requestUri":"/rulesets"
+      },
+      "input":{"shape":"CreateRulesetRequest"},
+      "output":{"shape":"CreateRulesetResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Creates a new ruleset that can be used in a profile job to validate the data quality of a dataset.</p>"
+    },
     "CreateSchedule":{
       "name":"CreateSchedule",
       "http":{
@@ -183,6 +198,21 @@
       ],
       "documentation":"<p>Deletes a single version of a DataBrew recipe.</p>"
     },
+    "DeleteRuleset":{
+      "name":"DeleteRuleset",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/rulesets/{name}"
+      },
+      "input":{"shape":"DeleteRulesetRequest"},
+      "output":{"shape":"DeleteRulesetResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes a ruleset.</p>"
+    },
     "DeleteSchedule":{
       "name":"DeleteSchedule",
       "http":{
@@ -267,6 +297,20 @@
       ],
       "documentation":"<p>Returns the definition of a specific DataBrew recipe corresponding to a particular version.</p>"
     },
+    "DescribeRuleset":{
+      "name":"DescribeRuleset",
+      "http":{
+        "method":"GET",
+        "requestUri":"/rulesets/{name}"
+      },
+      "input":{"shape":"DescribeRulesetRequest"},
+      "output":{"shape":"DescribeRulesetResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves detailed information about the ruleset.</p>"
+    },
     "DescribeSchedule":{
       "name":"DescribeSchedule",
       "http":{
@@ -360,6 +404,20 @@
       ],
       "documentation":"<p>Lists all of the DataBrew recipes that are defined.</p>"
     },
+    "ListRulesets":{
+      "name":"ListRulesets",
+      "http":{
+        "method":"GET",
+        "requestUri":"/rulesets"
+      },
+      "input":{"shape":"ListRulesetsRequest"},
+      "output":{"shape":"ListRulesetsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>List all rulesets available in the current account or rulesets associated with a specific resource (dataset).</p>"
+    },
     "ListSchedules":{
       "name":"ListSchedules",
       "http":{
@@ -567,6 +625,20 @@
       ],
       "documentation":"<p>Modifies the definition of an existing DataBrew recipe job.</p>"
     },
+    "UpdateRuleset":{
+      "name":"UpdateRuleset",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/rulesets/{name}"
+      },
+      "input":{"shape":"UpdateRulesetRequest"},
+      "output":{"shape":"UpdateRulesetResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates specified ruleset.</p>"
+    },
     "UpdateSchedule":{
       "name":"UpdateSchedule",
       "http":{
@@ -598,6 +670,29 @@
       "max":255
     },
     "ActionId":{"type":"integer"},
+    "AllowedStatisticList":{
+      "type":"list",
+      "member":{"shape":"AllowedStatistics"},
+      "min":1
+    },
+    "AllowedStatistics":{
+      "type":"structure",
+      "required":["Statistics"],
+      "members":{
+        "Statistics":{
+          "shape":"StatisticList",
+          "documentation":"<p>One or more column statistics to allow for columns that contain detected entities.</p>"
+        }
+      },
+      "documentation":"<p>Configuration of statistics that are allowed to be run on columns that contain detected entities. When undefined, no statistics will be computed on columns that contain detected entities.</p>"
+    },
+    "AnalyticsMode":{
+      "type":"string",
+      "enum":[
+        "ENABLE",
+        "DISABLE"
+      ]
+    },
     "Arn":{
       "type":"string",
       "max":2048,
@@ -643,6 +738,12 @@
       "max":63,
       "min":3
     },
+    "BucketOwner":{
+      "type":"string",
+      "max":12,
+      "min":12,
+      "pattern":"^[0-9]{12}$"
+    },
     "CatalogId":{
       "type":"string",
       "max":255,
@@ -652,7 +753,8 @@
       "type":"string",
       "max":255,
       "min":1,
-      "pattern":"^[a-zA-Z0-9][a-zA-Z0-9-]*$"
+      "pattern":"^[a-zA-Z0-9][a-zA-Z0-9-]*$",
+      "sensitive":true
     },
     "ColumnName":{
       "type":"string",
@@ -847,6 +949,10 @@
           "shape":"ProfileConfiguration",
           "documentation":"<p>Configuration for profile jobs. Used to select columns, do evaluations, and override default parameters of evaluations. When configuration is null, the profile job will run with default settings.</p>"
         },
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job.</p>"
+        },
         "RoleArn":{
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be assumed when DataBrew runs the job.</p>"
@@ -1028,6 +1134,46 @@
         }
       }
     },
+    "CreateRulesetRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "TargetArn",
+        "Rules"
+      ],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset to be created. Valid characters are alphanumeric (A-Z, a-z, 0-9), hyphen (-), period (.), and space.</p>"
+        },
+        "Description":{
+          "shape":"RulesetDescription",
+          "documentation":"<p>The description of the ruleset.</p>"
+        },
+        "TargetArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a resource (dataset) that the ruleset is associated with.</p>"
+        },
+        "Rules":{
+          "shape":"RuleList",
+          "documentation":"<p>A list of rules that are defined with the ruleset. A rule includes one or more checks to be validated on a DataBrew dataset.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata tags to apply to the ruleset.</p>"
+        }
+      }
+    },
+    "CreateRulesetResponse":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The unique name of the created ruleset.</p>"
+        }
+      }
+    },
     "CreateScheduleRequest":{
       "type":"structure",
       "required":[
@@ -1160,10 +1306,7 @@
     },
     "DatabaseInputDefinition":{
       "type":"structure",
-      "required":[
-        "GlueConnectionName",
-        "DatabaseTableName"
-      ],
+      "required":["GlueConnectionName"],
       "members":{
         "GlueConnectionName":{
           "shape":"GlueConnectionName",
@@ -1173,7 +1316,11 @@
           "shape":"DatabaseTableName",
           "documentation":"<p>The table within the target database.</p>"
         },
-        "TempDirectory":{"shape":"S3Location"}
+        "TempDirectory":{"shape":"S3Location"},
+        "QueryString":{
+          "shape":"QueryString",
+          "documentation":"<p>Custom SQL to run against the provided Glue connection. This SQL will be used as the input for DataBrew projects and jobs.</p>"
+        }
       },
       "documentation":"<p>Connection information for dataset input files stored in a database.</p>"
     },
@@ -1463,6 +1610,28 @@
         }
       }
     },
+    "DeleteRulesetRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset to be deleted.</p>",
+          "location":"uri",
+          "locationName":"name"
+        }
+      }
+    },
+    "DeleteRulesetResponse":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the deleted ruleset.</p>"
+        }
+      }
+    },
     "DeleteScheduleRequest":{
       "type":"structure",
       "required":["Name"],
@@ -1637,6 +1806,10 @@
           "shape":"ProfileConfiguration",
           "documentation":"<p>Configuration for profile jobs. Used to select columns, do evaluations, and override default parameters of evaluations. When configuration is null, the profile job will run with default settings.</p>"
         },
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job.</p>"
+        },
         "RecipeReference":{"shape":"RecipeReference"},
         "ResourceArn":{
           "shape":"Arn",
@@ -1713,6 +1886,10 @@
           "shape":"ProfileConfiguration",
           "documentation":"<p>Configuration for profile jobs. Used to select columns, do evaluations, and override default parameters of evaluations. When configuration is null, the profile job will run with default settings.</p>"
         },
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job.</p>"
+        },
         "RunId":{
           "shape":"JobRunId",
           "documentation":"<p>The unique identifier of the job run.</p>"
@@ -1903,6 +2080,64 @@
         }
       }
     },
+    "DescribeRulesetRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset to be described.</p>",
+          "location":"uri",
+          "locationName":"name"
+        }
+      }
+    },
+    "DescribeRulesetResponse":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset.</p>"
+        },
+        "Description":{
+          "shape":"RulesetDescription",
+          "documentation":"<p>The description of the ruleset.</p>"
+        },
+        "TargetArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a resource (dataset) that the ruleset is associated with.</p>"
+        },
+        "Rules":{
+          "shape":"RuleList",
+          "documentation":"<p>A list of rules that are defined with the ruleset. A rule includes one or more checks to be validated on a DataBrew dataset.</p>"
+        },
+        "CreateDate":{
+          "shape":"Date",
+          "documentation":"<p>The date and time that the ruleset was created.</p>"
+        },
+        "CreatedBy":{
+          "shape":"CreatedBy",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the user who created the ruleset.</p>"
+        },
+        "LastModifiedBy":{
+          "shape":"LastModifiedBy",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the user who last modified the ruleset.</p>"
+        },
+        "LastModifiedDate":{
+          "shape":"Date",
+          "documentation":"<p>The modification date and time of the ruleset.</p>"
+        },
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the ruleset.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata tags that have been applied to the ruleset.</p>"
+        }
+      }
+    },
     "DescribeScheduleRequest":{
       "type":"structure",
       "required":["Name"],
@@ -1957,6 +2192,7 @@
         }
       }
     },
+    "Disabled":{"type":"boolean"},
     "EncryptionKeyArn":{
       "type":"string",
       "max":2048,
@@ -1969,6 +2205,32 @@
         "SSE-S3"
       ]
     },
+    "EntityDetectorConfiguration":{
+      "type":"structure",
+      "required":["EntityTypes"],
+      "members":{
+        "EntityTypes":{
+          "shape":"EntityTypeList",
+          "documentation":"<p>Entity types to detect. Can be any of the following:</p> <ul> <li> <p>USA_SSN</p> </li> <li> <p>EMAIL</p> </li> <li> <p>USA_ITIN</p> </li> <li> <p>USA_PASSPORT_NUMBER</p> </li> <li> <p>PHONE_NUMBER</p> </li> <li> <p>USA_DRIVING_LICENSE</p> </li> <li> <p>BANK_ACCOUNT</p> </li> <li> <p>CREDIT_CARD</p> </li> <li> <p>IP_ADDRESS</p> </li> <li> <p>MAC_ADDRESS</p> </li> <li> <p>USA_DEA_NUMBER</p> </li> <li> <p>USA_HCPCS_CODE</p> </li> <li> <p>USA_NATIONAL_PROVIDER_IDENTIFIER</p> </li> <li> <p>USA_NATIONAL_DRUG_CODE</p> </li> <li> <p>USA_HEALTH_INSURANCE_CLAIM_NUMBER</p> </li> <li> <p>USA_MEDICARE_BENEFICIARY_IDENTIFIER</p> </li> <li> <p>USA_CPT_CODE</p> </li> <li> <p>PERSON_NAME</p> </li> <li> <p>DATE</p> </li> </ul> <p>The Entity type group USA_ALL is also supported, and includes all of the above entity types except PERSON_NAME and DATE.</p>"
+        },
+        "AllowedStatistics":{
+          "shape":"AllowedStatisticList",
+          "documentation":"<p>Configuration of statistics that are allowed to be run on columns that contain detected entities. When undefined, no statistics will be computed on columns that contain detected entities.</p>"
+        }
+      },
+      "documentation":"<p>Configuration of entity detection for a profile job. When undefined, entity detection is disabled.</p>"
+    },
+    "EntityType":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[A-Z_][A-Z\\\\d_]*$"
+    },
+    "EntityTypeList":{
+      "type":"list",
+      "member":{"shape":"EntityType"},
+      "min":1
+    },
     "ErrorCode":{
       "type":"string",
       "pattern":"^[1-5][0-9][0-9]$"
@@ -1996,7 +2258,7 @@
       "type":"string",
       "max":1024,
       "min":4,
-      "pattern":"^[<>0-9A-Za-z_:)(!= ]+$"
+      "pattern":"^[<>0-9A-Za-z_.,:)(!= ]+$"
     },
     "FilesLimit":{
       "type":"structure",
@@ -2033,7 +2295,7 @@
           "documentation":"<p>The map of substitution variable names to their values used in this filter expression.</p>"
         }
       },
-      "documentation":"<p>Represents a structure for defining parameter conditions. Supported conditions are described here: <a href=\"https://docs-aws.amazon.com/databrew/latest/dg/datasets.multiple-files.html#conditions.for.dynamic.datasets\">Supported conditions for dynamic datasets</a> in the <i>Glue DataBrew Developer Guide</i>.</p>"
+      "documentation":"<p>Represents a structure for defining parameter conditions. Supported conditions are described here: <a href=\"https://docs.aws.amazon.com/databrew/latest/dg/datasets.multiple-files.html#conditions.for.dynamic.datasets\">Supported conditions for dynamic datasets</a> in the <i>Glue DataBrew Developer Guide</i>.</p>"
     },
     "FormatOptions":{
       "type":"structure",
@@ -2077,6 +2339,10 @@
         "DatabaseInputDefinition":{
           "shape":"DatabaseInputDefinition",
           "documentation":"<p>Connection information for dataset input files stored in a database.</p>"
+        },
+        "Metadata":{
+          "shape":"Metadata",
+          "documentation":"<p>Contains additional resource information needed for specific datasets.</p>"
         }
       },
       "documentation":"<p>Represents information on how DataBrew can find data, in either the Glue Data Catalog or Amazon S3.</p>"
@@ -2194,6 +2460,10 @@
         "JobSample":{
           "shape":"JobSample",
           "documentation":"<p>A sample configuration for profile jobs only, which determines the number of rows on which the profile job is run. If a <code>JobSample</code> value isn't provided, the default value is used. The default value is CUSTOM_ROWS for the mode parameter and 20,000 for the size parameter.</p>"
+        },
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job.</p>"
         }
       },
       "documentation":"<p>Represents all of the attributes of a DataBrew job.</p>"
@@ -2282,6 +2552,10 @@
         "JobSample":{
           "shape":"JobSample",
           "documentation":"<p>A sample configuration for profile jobs only, which determines the number of rows on which the profile job is run. If a <code>JobSample</code> value isn't provided, the default is used. The default value is CUSTOM_ROWS for the mode parameter and 20,000 for the size parameter.</p>"
+        },
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job run.</p>"
         }
       },
       "documentation":"<p>Represents one run of a DataBrew job.</p>"
@@ -2564,6 +2838,43 @@
         }
       }
     },
+    "ListRulesetsRequest":{
+      "type":"structure",
+      "members":{
+        "TargetArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a resource (dataset). Using this parameter indicates to return only those rulesets that are associated with the specified resource.</p>",
+          "location":"querystring",
+          "locationName":"targetArn"
+        },
+        "MaxResults":{
+          "shape":"MaxResults100",
+          "documentation":"<p>The maximum number of results to return in this request.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token generated by DataBrew that specifies where to continue pagination if a previous request was truncated. To get the next set of pages, pass in the NextToken value from the response object of the previous page call.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListRulesetsResponse":{
+      "type":"structure",
+      "required":["Rulesets"],
+      "members":{
+        "Rulesets":{
+          "shape":"RulesetItemList",
+          "documentation":"<p>A list of RulesetItem. RulesetItem contains meta data of a ruleset.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token that you can use in a subsequent call to retrieve the next set of results.</p>"
+        }
+      }
+    },
     "ListSchedulesRequest":{
       "type":"structure",
       "members":{
@@ -2655,6 +2966,16 @@
       "min":0
     },
     "Message":{"type":"string"},
+    "Metadata":{
+      "type":"structure",
+      "members":{
+        "SourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) associated with the dataset. Currently, DataBrew only supports ARNs from Amazon AppFlow.</p>"
+        }
+      },
+      "documentation":"<p>Contains additional resource information needed for specific datasets.</p>"
+    },
     "MultiLine":{"type":"boolean"},
     "NextToken":{
       "type":"string",
@@ -2809,6 +3130,10 @@
         "ColumnStatisticsConfigurations":{
           "shape":"ColumnStatisticsConfigurationList",
           "documentation":"<p>List of configurations for column evaluations. ColumnStatisticsConfigurations are used to select evaluations and override parameters of evaluations for particular columns. When ColumnStatisticsConfigurations is undefined, the profile job will profile all supported columns and run all supported evaluations. </p>"
+        },
+        "EntityDetectorConfiguration":{
+          "shape":"EntityDetectorConfiguration",
+          "documentation":"<p>Configuration of entity detection for a profile job. When undefined, entity detection is disabled.</p>"
         }
       },
       "documentation":"<p>Configuration for profile jobs. Configuration can be used to select columns, do evaluations, and override default parameters of evaluations. When configuration is undefined, the profile job will apply default settings to all supported columns. </p>"
@@ -2915,6 +3240,11 @@
       }
     },
     "PublishedBy":{"type":"string"},
+    "QueryString":{
+      "type":"string",
+      "max":10000,
+      "min":1
+    },
     "Recipe":{
       "type":"structure",
       "required":["Name"],
@@ -3080,6 +3410,122 @@
       "exception":true
     },
     "Result":{"type":"string"},
+    "RowRange":{"type":"integer"},
+    "Rule":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "CheckExpression"
+      ],
+      "members":{
+        "Name":{
+          "shape":"RuleName",
+          "documentation":"<p>The name of the rule.</p>"
+        },
+        "Disabled":{
+          "shape":"Disabled",
+          "documentation":"<p>A value that specifies whether the rule is disabled. Once a rule is disabled, a profile job will not validate it during a job run. Default value is false.</p>"
+        },
+        "CheckExpression":{
+          "shape":"Expression",
+          "documentation":"<p>The expression which includes column references, condition names followed by variable references, possibly grouped and combined with other conditions. For example, <code>(:col1 starts_with :prefix1 or :col1 starts_with :prefix2) and (:col1 ends_with :suffix1 or :col1 ends_with :suffix2)</code>. Column and value references are substitution variables that should start with the ':' symbol. Depending on the context, substitution variables' values can be either an actual value or a column name. These values are defined in the SubstitutionMap. If a CheckExpression starts with a column reference, then ColumnSelectors in the rule should be null. If ColumnSelectors has been defined, then there should be no columnn reference in the left side of a condition, for example, <code>is_between :val1 and :val2</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/databrew/latest/dg/profile.data-quality-available-checks.html\">Available checks</a> </p>"
+        },
+        "SubstitutionMap":{
+          "shape":"ValuesMap",
+          "documentation":"<p>The map of substitution variable names to their values used in a check expression. Variable names should start with a ':' (colon). Variable values can either be actual values or column names. To differentiate between the two, column names should be enclosed in backticks, for example, <code>\":col1\": \"`Column A`\".</code> </p>"
+        },
+        "Threshold":{
+          "shape":"Threshold",
+          "documentation":"<p>The threshold used with a non-aggregate check expression. Non-aggregate check expressions will be applied to each row in a specific column, and the threshold will be used to determine whether the validation succeeds.</p>"
+        },
+        "ColumnSelectors":{
+          "shape":"ColumnSelectorList",
+          "documentation":"<p>List of column selectors. Selectors can be used to select columns using a name or regular expression from the dataset. Rule will be applied to selected columns.</p>"
+        }
+      },
+      "documentation":"<p>Represents a single data quality requirement that should be validated in the scope of this dataset.</p>"
+    },
+    "RuleCount":{
+      "type":"integer",
+      "min":0
+    },
+    "RuleList":{
+      "type":"list",
+      "member":{"shape":"Rule"},
+      "min":1
+    },
+    "RuleName":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "RulesetDescription":{
+      "type":"string",
+      "max":1024
+    },
+    "RulesetItem":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "TargetArn"
+      ],
+      "members":{
+        "AccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the ruleset.</p>"
+        },
+        "CreatedBy":{
+          "shape":"CreatedBy",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the user who created the ruleset.</p>"
+        },
+        "CreateDate":{
+          "shape":"Date",
+          "documentation":"<p>The date and time that the ruleset was created.</p>"
+        },
+        "Description":{
+          "shape":"RulesetDescription",
+          "documentation":"<p>The description of the ruleset.</p>"
+        },
+        "LastModifiedBy":{
+          "shape":"LastModifiedBy",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the user who last modified the ruleset.</p>"
+        },
+        "LastModifiedDate":{
+          "shape":"Date",
+          "documentation":"<p>The modification date and time of the ruleset.</p>"
+        },
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset.</p>"
+        },
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the ruleset.</p>"
+        },
+        "RuleCount":{
+          "shape":"RuleCount",
+          "documentation":"<p>The number of rules that are defined in the ruleset.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata tags that have been applied to the ruleset.</p>"
+        },
+        "TargetArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a resource (dataset) that the ruleset is associated with.</p>"
+        }
+      },
+      "documentation":"<p>Contains metadata about the ruleset.</p>"
+    },
+    "RulesetItemList":{
+      "type":"list",
+      "member":{"shape":"RulesetItem"}
+    },
+    "RulesetName":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
     "S3Location":{
       "type":"structure",
       "required":["Bucket"],
@@ -3091,9 +3537,13 @@
         "Key":{
           "shape":"Key",
           "documentation":"<p>The unique name of the object in the bucket.</p>"
+        },
+        "BucketOwner":{
+          "shape":"BucketOwner",
+          "documentation":"<p>The Amazon Web Services account ID of the bucket owner.</p>"
         }
       },
-      "documentation":"<p>Represents an Amazon S3 location (bucket name and object key) where DataBrew can read input data, or write output from a job.</p>"
+      "documentation":"<p>Represents an Amazon S3 location (bucket name, bucket owner, and object key) where DataBrew can read input data, or write output from a job.</p>"
     },
     "S3TableOutputOptions":{
       "type":"structure",
@@ -3351,6 +3801,10 @@
         }
       }
     },
+    "StartRowIndex":{
+      "type":"integer",
+      "min":0
+    },
     "StartedBy":{"type":"string"},
     "Statistic":{
       "type":"string",
@@ -3491,6 +3945,45 @@
       "max":1024,
       "min":1
     },
+    "Threshold":{
+      "type":"structure",
+      "required":["Value"],
+      "members":{
+        "Value":{
+          "shape":"ThresholdValue",
+          "documentation":"<p>The value of a threshold.</p>"
+        },
+        "Type":{
+          "shape":"ThresholdType",
+          "documentation":"<p>The type of a threshold. Used for comparison of an actual count of rows that satisfy the rule to the threshold value.</p>"
+        },
+        "Unit":{
+          "shape":"ThresholdUnit",
+          "documentation":"<p>Unit of threshold value. Can be either a COUNT or PERCENTAGE of the full sample size used for validation.</p>"
+        }
+      },
+      "documentation":"<p>The threshold used with a non-aggregate check expression. The non-aggregate check expression will be applied to each row in a specific column. Then the threshold will be used to determine whether the validation succeeds.</p>"
+    },
+    "ThresholdType":{
+      "type":"string",
+      "enum":[
+        "GREATER_THAN_OR_EQUAL",
+        "LESS_THAN_OR_EQUAL",
+        "GREATER_THAN",
+        "LESS_THAN"
+      ]
+    },
+    "ThresholdUnit":{
+      "type":"string",
+      "enum":[
+        "COUNT",
+        "PERCENTAGE"
+      ]
+    },
+    "ThresholdValue":{
+      "type":"double",
+      "min":0
+    },
     "Timeout":{
       "type":"integer",
       "min":0
@@ -3601,6 +4094,10 @@
           "documentation":"<p>The maximum number of times to retry the job after a job run fails.</p>"
         },
         "OutputLocation":{"shape":"S3Location"},
+        "ValidationConfigurations":{
+          "shape":"ValidationConfigurationList",
+          "documentation":"<p>List of validation configurations that are applied to the profile job.</p>"
+        },
         "RoleArn":{
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role to be assumed when DataBrew runs the job.</p>"
@@ -3754,6 +4251,39 @@
         }
       }
     },
+    "UpdateRulesetRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Rules"
+      ],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the ruleset to be updated.</p>",
+          "location":"uri",
+          "locationName":"name"
+        },
+        "Description":{
+          "shape":"RulesetDescription",
+          "documentation":"<p>The description of the ruleset.</p>"
+        },
+        "Rules":{
+          "shape":"RuleList",
+          "documentation":"<p>A list of rules that are defined with the ruleset. A rule includes one or more checks to be validated on a DataBrew dataset.</p>"
+        }
+      }
+    },
+    "UpdateRulesetResponse":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"RulesetName",
+          "documentation":"<p>The name of the updated ruleset.</p>"
+        }
+      }
+    },
     "UpdateScheduleRequest":{
       "type":"structure",
       "required":[
@@ -3787,6 +4317,26 @@
         }
       }
     },
+    "ValidationConfiguration":{
+      "type":"structure",
+      "required":["RulesetArn"],
+      "members":{
+        "RulesetArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the ruleset to be validated in the profile job. The TargetArn of the selected ruleset should be the same as the Amazon Resource Name (ARN) of the dataset that is associated with the profile job.</p>"
+        },
+        "ValidationMode":{
+          "shape":"ValidationMode",
+          "documentation":"<p>Mode of data quality validation. Default mode is “CHECK_ALL” which verifies all rules defined in the selected ruleset.</p>"
+        }
+      },
+      "documentation":"<p>Configuration for data quality validation. Used to select the Rulesets and Validation Mode to be used in the profile job. When ValidationConfiguration is null, the profile job will run without data quality validation.</p>"
+    },
+    "ValidationConfigurationList":{
+      "type":"list",
+      "member":{"shape":"ValidationConfiguration"},
+      "min":1
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
@@ -3796,6 +4346,10 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "ValidationMode":{
+      "type":"string",
+      "enum":["CHECK_ALL"]
+    },
     "ValueReference":{
       "type":"string",
       "max":128,
@@ -3822,6 +4376,18 @@
         "HiddenColumns":{
           "shape":"HiddenColumnList",
           "documentation":"<p>A list of columns to hide in the view frame.</p>"
+        },
+        "StartRowIndex":{
+          "shape":"StartRowIndex",
+          "documentation":"<p>The starting index for the range of rows to return in the view frame.</p>"
+        },
+        "RowRange":{
+          "shape":"RowRange",
+          "documentation":"<p>The number of rows to include in the view frame, beginning with the <code>StartRowIndex</code> value.</p>"
+        },
+        "Analytics":{
+          "shape":"AnalyticsMode",
+          "documentation":"<p>Controls if analytics computation is enabled or disabled. Enabled by default.</p>"
         }
       },
       "documentation":"<p>Represents the data being transformed during an action.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/dataexchange/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/dataexchange/2017-07-25/service-2.json
index 7bc3ee5f2ff..cdd927da385 100644
--- a/contrib/python/botocore/py3/botocore/data/dataexchange/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/dataexchange/2017-07-25/service-2.json
@@ -698,6 +698,47 @@
       "errors": [],
       "documentation": "<p>This operation lists the tags on the resource.</p>"
     },
+    "SendApiAsset": {
+      "name": "SendApiAsset",
+      "http": {
+        "method": "POST",
+        "requestUri": "/v1",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "SendApiAssetRequest"
+      },
+      "output": {
+        "shape": "SendApiAssetResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response</p>"
+        },
+        {
+          "shape": "ValidationException",
+          "documentation": "<p>400 response</p>"
+        },
+        {
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response</p>"
+        },
+        {
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response</p>"
+        }
+      ],
+      "documentation": "<p>This operation invokes an API Gateway API asset. The request is proxied to the provider’s API Gateway API.</p>",
+      "endpoint": {
+        "hostPrefix": "api-fulfill."
+      }
+    },
     "StartJob": {
       "name": "StartJob",
       "http": {
@@ -955,6 +996,52 @@
       },
       "documentation": "<p>What occurs after a certain event.</p>"
     },
+    "ApiDescription": {
+      "type": "string",
+      "documentation": "<p>The description of the API.</p>"
+    },
+    "ApiGatewayApiAsset": {
+      "type": "structure",
+      "members": {
+        "ApiDescription": {
+          "shape": "ApiDescription",
+          "documentation": "<p>The API description of the API asset.</p>"
+        },
+        "ApiEndpoint": {
+          "shape": "__string",
+          "documentation": "<p>The API endpoint of the API asset.</p>"
+        },
+        "ApiId": {
+          "shape": "__string",
+          "documentation": "<p>The unique identifier of the API asset.</p>"
+        },
+        "ApiKey": {
+          "shape": "__string",
+          "documentation": "<p>The API key of the API asset.</p>"
+        },
+        "ApiName": {
+          "shape": "__string",
+          "documentation": "<p>The API name of the API asset.</p>"
+        },
+        "ApiSpecificationDownloadUrl": {
+          "shape": "__string",
+          "documentation": "<p>The download URL of the API specification of the API asset.</p>"
+        },
+        "ApiSpecificationDownloadUrlExpiresAt": {
+          "shape": "Timestamp",
+          "documentation": "<p>The date and time that the upload URL expires, in ISO 8601 format.</p>"
+        },
+        "ProtocolType": {
+          "shape": "ProtocolType",
+          "documentation": "<p>The protocol type of the API asset.</p>"
+        },
+        "Stage": {
+          "shape": "__string",
+          "documentation": "<p>The stage of the API asset.</p>"
+        }
+      },
+      "documentation": "<p>The API Gateway API that is the asset.</p>"
+    },
     "Arn": {
       "type": "string",
       "documentation": "<p>An Amazon Resource Name (ARN) that uniquely identifies an AWS resource.</p>"
@@ -991,6 +1078,10 @@
         "RedshiftDataShareAsset": {
           "shape": "RedshiftDataShareAsset",
           "documentation": "<p>The Amazon Redshift datashare that is the asset.</p>"
+        },
+        "ApiGatewayApiAsset": {
+          "shape": "ApiGatewayApiAsset",
+          "documentation": "<p>Information about the API Gateway API asset.</p>"
         }
       },
       "documentation": "<p>Information about the asset.</p>"
@@ -1024,7 +1115,7 @@
         },
         "Name": {
           "shape": "AssetName",
-          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key.</p>"
+          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name.</p>"
         },
         "RevisionId": {
           "shape": "Id",
@@ -1039,7 +1130,7 @@
           "documentation": "<p>The date and time that the asset was last updated, in ISO 8601 format.</p>"
         }
       },
-      "documentation": "<p>An asset in AWS Data Exchange is a piece of data. The asset can be a structured data file, an image file, or some other data file that can be stored as an S3 object, or an Amazon Redshift datashare (Preview). When you create an import job for your files, you create an asset in AWS Data Exchange for each of those files.</p>",
+      "documentation": "<p>An asset in AWS Data Exchange is a piece of data (S3 object) or a means of fulfilling data (Amazon Redshift datashare or Amazon API Gateway API). The asset can be a structured data file, an image file, or some other data file that can be stored as an S3 object, an Amazon API Gateway API, or an Amazon Redshift datashare (Preview). When you create an import job for your files, API Gateway APIs, or Amazon Redshift datashares, you create an asset in AWS Data Exchange.</p>",
       "required": [
         "AssetType",
         "CreatedAt",
@@ -1054,7 +1145,7 @@
     },
     "AssetName": {
       "type": "string",
-      "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key.</p>"
+      "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name.</p>"
     },
     "AssetSourceEntry": {
       "type": "structure",
@@ -1079,7 +1170,8 @@
       "documentation": "<p>The type of asset that is added to a data set.</p>",
       "enum": [
         "S3_SNAPSHOT",
-        "REDSHIFT_DATA_SHARE"
+        "REDSHIFT_DATA_SHARE",
+        "API_GATEWAY_API"
       ]
     },
     "AutoExportRevisionDestinationEntry": {
@@ -1845,7 +1937,7 @@
         },
         "Name": {
           "shape": "AssetName",
-          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key.</p>"
+          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name.</p>"
         },
         "RevisionId": {
           "shape": "Id",
@@ -2084,6 +2176,118 @@
       "type": "string",
       "documentation": "<p>A unique identifier.</p>"
     },
+    "ImportAssetFromApiGatewayApiRequestDetails": {
+      "type": "structure",
+      "members": {
+        "ApiDescription": {
+          "shape": "ApiDescription",
+          "documentation": "<p>The API description. Markdown supported.</p>"
+        },
+        "ApiId": {
+          "shape": "__string",
+          "documentation": "<p>The API Gateway API ID.</p>"
+        },
+        "ApiKey": {
+          "shape": "__string",
+          "documentation": "<p>The API Gateway API key.</p>"
+        },
+        "ApiName": {
+          "shape": "__string",
+          "documentation": "<p>The API name.</p>"
+        },
+        "ApiSpecificationMd5Hash": {
+          "shape": "__stringMin24Max24PatternAZaZ094AZaZ092AZaZ093",
+          "documentation": "<p>The Base64-encoded MD5 hash of the OpenAPI 3.0 JSON API specification file. It is used to ensure the integrity of the file.</p>"
+        },
+        "DataSetId": {
+          "shape": "Id",
+          "documentation": "<p>The data set ID.</p>"
+        },
+        "ProtocolType": {
+          "shape": "ProtocolType",
+          "documentation": "<p>The protocol type.</p>"
+        },
+        "RevisionId": {
+          "shape": "Id",
+          "documentation": "<p>The revision ID.</p>"
+        },
+        "Stage": {
+          "shape": "__string",
+          "documentation": "<p>The API stage.</p>"
+        }
+      },
+      "documentation": "<p>The request details.</p>",
+      "required": [
+        "ApiName",
+        "ProtocolType",
+        "ApiSpecificationMd5Hash",
+        "Stage",
+        "DataSetId",
+        "ApiId",
+        "RevisionId"
+      ]
+    },
+    "ImportAssetFromApiGatewayApiResponseDetails": {
+      "type": "structure",
+      "members": {
+        "ApiDescription": {
+          "shape": "ApiDescription",
+          "documentation": "<p>The API description.</p>"
+        },
+        "ApiId": {
+          "shape": "__string",
+          "documentation": "<p>The API ID.</p>"
+        },
+        "ApiKey": {
+          "shape": "__string",
+          "documentation": "<p>The API key.</p>"
+        },
+        "ApiName": {
+          "shape": "__string",
+          "documentation": "<p>The API name.</p>"
+        },
+        "ApiSpecificationMd5Hash": {
+          "shape": "__stringMin24Max24PatternAZaZ094AZaZ092AZaZ093",
+          "documentation": "<p>The Base64-encoded Md5 hash for the API asset, used to ensure the integrity of the API at that location.</p>"
+        },
+        "ApiSpecificationUploadUrl": {
+          "shape": "__string",
+          "documentation": "<p>The upload URL of the API specification.</p>"
+        },
+        "ApiSpecificationUploadUrlExpiresAt": {
+          "shape": "Timestamp",
+          "documentation": "<p>The date and time that the upload URL expires, in ISO 8601 format.</p>"
+        },
+        "DataSetId": {
+          "shape": "Id",
+          "documentation": "<p>The data set ID.</p>"
+        },
+        "ProtocolType": {
+          "shape": "ProtocolType",
+          "documentation": "<p>The protocol type.</p>"
+        },
+        "RevisionId": {
+          "shape": "Id",
+          "documentation": "<p>The revision ID.</p>"
+        },
+        "Stage": {
+          "shape": "__string",
+          "documentation": "<p>The API stage.</p>"
+        }
+      },
+      "documentation": "<p>The response details.</p>",
+      "required": [
+        "ApiSpecificationUploadUrlExpiresAt",
+        "ApiName",
+        "ProtocolType",
+        "ApiSpecificationMd5Hash",
+        "Stage",
+        "DataSetId",
+        "ApiId",
+        "RevisionId",
+        "ApiSpecificationUploadUrl"
+      ]
+    },
     "ImportAssetFromSignedUrlJobErrorDetails": {
       "type": "structure",
       "members": {
@@ -2393,7 +2597,10 @@
         "Amazon Redshift datashare assets per import job from Redshift",
         "Concurrent in progress jobs to import assets from Amazon Redshift datashares",
         "Revisions per Amazon Redshift datashare data set",
-        "Amazon Redshift datashare assets per revision"
+        "Amazon Redshift datashare assets per revision",
+        "Concurrent in progress jobs to import assets from an API Gateway API",
+        "Amazon API Gateway API assets per revision",
+        "Revisions per Amazon API Gateway API data set"
       ]
     },
     "ListDataSetRevisionsRequest": {
@@ -2681,6 +2888,12 @@
         "ProductId"
       ]
     },
+    "ProtocolType": {
+      "type": "string",
+      "enum": [
+        "REST"
+      ]
+    },
     "RedshiftDataShareAsset": {
       "type": "structure",
       "members": {
@@ -2733,6 +2946,10 @@
         "ImportAssetsFromRedshiftDataShares": {
           "shape": "ImportAssetsFromRedshiftDataSharesRequestDetails",
           "documentation": "<p>Details from an import from Amazon Redshift datashare request.</p>"
+        },
+        "ImportAssetFromApiGatewayApi": {
+          "shape": "ImportAssetFromApiGatewayApiRequestDetails",
+          "documentation": "<p>Information about the import asset from API Gateway API request.</p>"
         }
       },
       "documentation": "<p>The details for the request.</p>"
@@ -2798,6 +3015,10 @@
         "ImportAssetsFromRedshiftDataShares": {
           "shape": "ImportAssetsFromRedshiftDataSharesResponseDetails",
           "documentation": "<p>Details from an import from Amazon Redshift datashare response.</p>"
+        },
+        "ImportAssetFromApiGatewayApi": {
+          "shape": "ImportAssetFromApiGatewayApiResponseDetails",
+          "documentation": "<p>The response details.</p>"
         }
       },
       "documentation": "<p>Details for the response.</p>"
@@ -2895,6 +3116,79 @@
         "Size"
       ]
     },
+    "SendApiAssetRequest": {
+      "type": "structure",
+      "members": {
+        "Body": {
+          "shape": "__string",
+          "documentation": "<p>The request body.</p>"
+        },
+        "QueryStringParameters": {
+          "shape": "MapOf__string",
+          "location": "querystring",
+          "documentation": "<p>Attach query string parameters to the end of the URI (for example, /v1/examplePath?exampleParam=exampleValue).</p>"
+        },
+        "AssetId": {
+          "shape": "__string",
+          "location": "header",
+          "locationName": "x-amzn-dataexchange-asset-id",
+          "documentation": "<p>Asset ID value for the API request.</p>"
+        },
+        "DataSetId": {
+          "shape": "__string",
+          "location": "header",
+          "locationName": "x-amzn-dataexchange-data-set-id",
+          "documentation": "<p>Data set ID value for the API request.</p>"
+        },
+        "RequestHeaders": {
+          "shape": "MapOf__string",
+          "location": "headers",
+          "locationName": "x-amzn-dataexchange-header-",
+          "documentation": "<p>Any header value prefixed with x-amzn-dataexchange-header- will have that stripped before sending the Asset API request. Use this when you want to override a header that AWS Data Exchange uses. Alternatively, you can use the header without a prefix to the HTTP request.</p>"
+        },
+        "Method": {
+          "shape": "__string",
+          "location": "header",
+          "locationName": "x-amzn-dataexchange-http-method",
+          "documentation": "<p>HTTP method value for the API request. Alternatively, you can use the appropriate verb in your request.</p>"
+        },
+        "Path": {
+          "shape": "__string",
+          "location": "header",
+          "locationName": "x-amzn-dataexchange-path",
+          "documentation": "<p>URI path value for the API request. Alternatively, you can set the URI path directly by invoking /v1/{pathValue}</p>"
+        },
+        "RevisionId": {
+          "shape": "__string",
+          "location": "header",
+          "locationName": "x-amzn-dataexchange-revision-id",
+          "documentation": "<p>Revision ID value for the API request.</p>"
+        }
+      },
+      "documentation": "<p>The request body for SendApiAsset.</p>",
+      "required": [
+        "DataSetId",
+        "RevisionId",
+        "AssetId"
+      ],
+      "payload": "Body"
+    },
+    "SendApiAssetResponse": {
+      "type": "structure",
+      "members": {
+        "Body": {
+          "shape": "__string",
+          "documentation": "<p>The response body from the underlying API tracked by the API asset.</p>"
+        },
+        "ResponseHeaders": {
+          "shape": "MapOf__string",
+          "documentation": "<p>The response headers from the underlying API tracked by the API asset.</p>",
+          "location": "headers",
+          "locationName": ""
+        }
+      },
+      "payload": "Body"
+    },
     "ServerSideEncryptionTypes": {
       "type": "string",
       "documentation": "<p>The types of encryption supported in export jobs to Amazon S3.</p>",
@@ -3008,7 +3302,8 @@
         "EXPORT_ASSETS_TO_S3",
         "EXPORT_ASSET_TO_SIGNED_URL",
         "EXPORT_REVISIONS_TO_S3",
-        "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES"
+        "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES",
+        "IMPORT_ASSET_FROM_API_GATEWAY_API"
       ]
     },
     "UntagResourceRequest": {
@@ -3049,7 +3344,7 @@
         },
         "Name": {
           "shape": "AssetName",
-          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key.</p>"
+          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name.</p>"
         },
         "RevisionId": {
           "shape": "__string",
@@ -3095,7 +3390,7 @@
         },
         "Name": {
           "shape": "AssetName",
-          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key.</p>"
+          "documentation": "<p>The name of the asset. When importing from Amazon S3, the S3 object key is used as the asset name. When exporting to Amazon S3, the asset name is used as default target S3 object key. When importing from Amazon API Gateway API, the API name is used as the asset name. When importing from Amazon Redshift, the datashare name is used as the asset name.</p>"
         },
         "RevisionId": {
           "shape": "Id",
@@ -3391,4 +3686,4 @@
     }
   },
   "documentation": "<p>AWS Data Exchange is a service that makes it easy for AWS customers to exchange data in the cloud. You can use the AWS Data Exchange APIs to create, update, manage, and access file-based data set in the AWS Cloud.</p><p>As a subscriber, you can view and access the data sets that you have an entitlement to through a subscription. You can use the APIS to download or copy your entitled data sets to Amazon S3 for use across a variety of AWS analytics and machine learning services.</p><p>As a provider, you can create and manage your data sets that you would like to publish to a product. Being able to package and provide your data sets into products requires a few steps to determine eligibility. For more information, visit the AWS Data Exchange User Guide.</p><p>A data set is a collection of data that can be changed or updated over time. Data sets can be updated using revisions, which represent a new version or incremental change to a data set.  A revision contains one or more assets. An asset in AWS Data Exchange is a piece of data that can be stored as an Amazon S3 object. The asset can be a structured data file, an image file, or some other data file. Jobs are asynchronous import or export operations used to create or copy assets.</p>"
-}
\ No newline at end of file
+}
diff --git a/contrib/python/botocore/py3/botocore/data/datasync/2018-11-09/service-2.json b/contrib/python/botocore/py3/botocore/data/datasync/2018-11-09/service-2.json
index b22c2dbcdab..3621fc9c59c 100644
--- a/contrib/python/botocore/py3/botocore/data/datasync/2018-11-09/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/datasync/2018-11-09/service-2.json
@@ -56,6 +56,20 @@
       ],
       "documentation":"<p>Creates an endpoint for an Amazon EFS file system.</p>"
     },
+    "CreateLocationFsxLustre":{
+      "name":"CreateLocationFsxLustre",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateLocationFsxLustreRequest"},
+      "output":{"shape":"CreateLocationFsxLustreResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalException"}
+      ],
+      "documentation":"<p>Creates an endpoint for an Amazon FSx for Lustre file system.</p>"
+    },
     "CreateLocationFsxWindows":{
       "name":"CreateLocationFsxWindows",
       "http":{
@@ -224,6 +238,20 @@
       ],
       "documentation":"<p>Returns metadata, such as the path information about an Amazon EFS location.</p>"
     },
+    "DescribeLocationFsxLustre":{
+      "name":"DescribeLocationFsxLustre",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeLocationFsxLustreRequest"},
+      "output":{"shape":"DescribeLocationFsxLustreResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"InternalException"}
+      ],
+      "documentation":"<p>Returns metadata, such as the path information about an Amazon FSx for Lustre location.</p>"
+    },
     "DescribeLocationFsxWindows":{
       "name":"DescribeLocationFsxWindows",
       "http":{
@@ -697,6 +725,40 @@
       },
       "documentation":"<p>CreateLocationEfs</p>"
     },
+    "CreateLocationFsxLustreRequest":{
+      "type":"structure",
+      "required":[
+        "FsxFilesystemArn",
+        "SecurityGroupArns"
+      ],
+      "members":{
+        "FsxFilesystemArn":{
+          "shape":"FsxFilesystemArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the FSx for Lustre file system.</p>"
+        },
+        "SecurityGroupArns":{
+          "shape":"Ec2SecurityGroupArnList",
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the security groups that are used to configure the FSx for Lustre file system.</p>"
+        },
+        "Subdirectory":{
+          "shape":"FsxLustreSubdirectory",
+          "documentation":"<p>A subdirectory in the location's path. This subdirectory in the FSx for Lustre file system is used to read data from the FSx for Lustre source location or write data to the FSx for Lustre destination.</p>"
+        },
+        "Tags":{
+          "shape":"InputTagList",
+          "documentation":"<p>The key-value pair that represents a tag that you want to add to the resource. The value can be an empty string. This value helps you manage, filter, and search for your resources. We recommend that you create a name tag for your location.</p>"
+        }
+      }
+    },
+    "CreateLocationFsxLustreResponse":{
+      "type":"structure",
+      "members":{
+        "LocationArn":{
+          "shape":"LocationArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the FSx for Lustre file system location that's created. </p>"
+        }
+      }
+    },
     "CreateLocationFsxWindowsRequest":{
       "type":"structure",
       "required":[
@@ -708,7 +770,7 @@
       "members":{
         "Subdirectory":{
           "shape":"FsxWindowsSubdirectory",
-          "documentation":"<p>A subdirectory in the location’s path. This subdirectory in the Amazon FSx for Windows File Server file system is used to read data from the Amazon FSx for Windows File Server source location or write data to the FSx for Windows File Server destination.</p>"
+          "documentation":"<p>A subdirectory in the location's path. This subdirectory in the Amazon FSx for Windows File Server file system is used to read data from the Amazon FSx for Windows File Server source location or write data to the FSx for Windows File Server destination.</p>"
         },
         "FsxFilesystemArn":{
           "shape":"FsxFilesystemArn",
@@ -716,7 +778,7 @@
         },
         "SecurityGroupArns":{
           "shape":"Ec2SecurityGroupArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the security groups that are to use to configure the FSx for Windows File Server file system.</p>"
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the security groups that are used to configure the FSx for Windows File Server file system.</p>"
         },
         "Tags":{
           "shape":"InputTagList",
@@ -1189,6 +1251,37 @@
       },
       "documentation":"<p>DescribeLocationEfsResponse</p>"
     },
+    "DescribeLocationFsxLustreRequest":{
+      "type":"structure",
+      "required":["LocationArn"],
+      "members":{
+        "LocationArn":{
+          "shape":"LocationArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the FSx for Lustre location to describe. </p>"
+        }
+      }
+    },
+    "DescribeLocationFsxLustreResponse":{
+      "type":"structure",
+      "members":{
+        "LocationArn":{
+          "shape":"LocationArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the FSx for Lustre location that was described.</p>"
+        },
+        "LocationUri":{
+          "shape":"LocationUri",
+          "documentation":"<p>The URI of the FSx for Lustre location that was described.</p>"
+        },
+        "SecurityGroupArns":{
+          "shape":"Ec2SecurityGroupArnList",
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the security groups that are configured for the FSx for Lustre file system.</p>"
+        },
+        "CreationTime":{
+          "shape":"Time",
+          "documentation":"<p>The time that the FSx for Lustre location was created.</p>"
+        }
+      }
+    },
     "DescribeLocationFsxWindowsRequest":{
       "type":"structure",
       "required":["LocationArn"],
@@ -1708,6 +1801,11 @@
       "max":128,
       "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\\-0-9]*:[0-9]{12}:file-system/fs-.*$"
     },
+    "FsxLustreSubdirectory":{
+      "type":"string",
+      "max":4096,
+      "pattern":"^[a-zA-Z0-9_\\-\\+\\./\\(\\)\\$\\p{Zs}]+$"
+    },
     "FsxWindowsSubdirectory":{
       "type":"string",
       "max":4096,
@@ -2065,7 +2163,7 @@
         },
         "LocationUri":{
           "shape":"LocationUri",
-          "documentation":"<p>Represents a list of URLs of a location. <code>LocationUri</code> returns an array that contains a list of locations when the <a href=\"https://docs.aws.amazon.com/datasync/latest/userguide/API_ListLocations.html\">ListLocations</a> operation is called.</p> <p>Format: <code>TYPE://GLOBAL_ID/SUBDIR</code>.</p> <p>TYPE designates the type of location. Valid values: NFS | EFS | S3.</p> <p>GLOBAL_ID is the globally unique identifier of the resource that backs the location. An example for EFS is <code>us-east-2.fs-abcd1234</code>. An example for Amazon S3 is the bucket name, such as <code>myBucket</code>. An example for NFS is a valid IPv4 address or a host name compliant with Domain Name Service (DNS).</p> <p>SUBDIR is a valid file system path, delimited by forward slashes as is the *nix convention. For NFS and Amazon EFS, it's the export path to mount the location. For Amazon S3, it's the prefix path that you mount to and treat as the root of the location.</p> <p/>"
+          "documentation":"<p>Represents a list of URIs of a location. <code>LocationUri</code> returns an array that contains a list of locations when the <a href=\"https://docs.aws.amazon.com/datasync/latest/userguide/API_ListLocations.html\">ListLocations</a> operation is called.</p> <p>Format: <code>TYPE://GLOBAL_ID/SUBDIR</code>.</p> <p>TYPE designates the type of location. Valid values: NFS | EFS | S3.</p> <p>GLOBAL_ID is the globally unique identifier of the resource that backs the location. An example for EFS is <code>us-east-2.fs-abcd1234</code>. An example for Amazon S3 is the bucket name, such as <code>myBucket</code>. An example for NFS is a valid IPv4 address or a host name compliant with Domain Name Service (DNS).</p> <p>SUBDIR is a valid file system path, delimited by forward slashes as is the *nix convention. For NFS and Amazon EFS, it's the export path to mount the location. For Amazon S3, it's the prefix path that you mount to and treat as the root of the location.</p> <p/>"
         }
       },
       "documentation":"<p>Represents a single entry in a list of locations. <code>LocationListEntry</code> returns an array that contains a list of locations when the <a href=\"https://docs.aws.amazon.com/datasync/latest/userguide/API_ListLocations.html\">ListLocations</a> operation is called.</p>"
@@ -2073,7 +2171,7 @@
     "LocationUri":{
       "type":"string",
       "max":4356,
-      "pattern":"^(efs|nfs|s3|smb|fsxw)://[a-zA-Z0-9.\\-]+$"
+      "pattern":"^(efs|nfs|s3|smb|fsxw|fsxl)://[a-zA-Z0-9.\\-]+$"
     },
     "LogGroupArn":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/detective/2018-10-26/service-2.json b/contrib/python/botocore/py3/botocore/data/detective/2018-10-26/service-2.json
index 6d539d71ecb..74c0896f0d8 100644
--- a/contrib/python/botocore/py3/botocore/data/detective/2018-10-26/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/detective/2018-10-26/service-2.json
@@ -56,7 +56,7 @@
         {"shape":"ValidationException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Sends a request to invite the specified AWS accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph. </p> <p> <code>CreateMembers</code> verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally.</p> <p>The request provides the behavior graph ARN and the list of accounts to invite.</p> <p>The response separates the requested accounts into two lists:</p> <ul> <li> <p>The accounts that <code>CreateMembers</code> was able to start the verification for. This list includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification.</p> </li> <li> <p>The accounts that <code>CreateMembers</code> was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.</p> </li> </ul>"
+      "documentation":"<p> <code>CreateMembers</code> is used to send invitations to accounts. For the organization behavior graph, the Detective administrator account uses <code>CreateMembers</code> to enable organization accounts as member accounts.</p> <p>For invited accounts, <code>CreateMembers</code> sends a request to invite the specified Amazon Web Services accounts to be member accounts in the behavior graph. This operation can only be called by the administrator account for a behavior graph. </p> <p> <code>CreateMembers</code> verifies the accounts and then invites the verified accounts. The administrator can optionally specify to not send invitation emails to the member accounts. This would be used when the administrator manages their member accounts centrally.</p> <p>For organization accounts in the organization behavior graph, <code>CreateMembers</code> attempts to enable the accounts. The organization accounts do not receive invitations.</p> <p>The request provides the behavior graph ARN and the list of accounts to invite or to enable.</p> <p>The response separates the requested accounts into two lists:</p> <ul> <li> <p>The accounts that <code>CreateMembers</code> was able to process. For invited accounts, includes member accounts that are being verified, that have passed verification and are to be invited, and that have failed verification. For organization accounts in the organization behavior graph, includes accounts that can be enabled and that cannot be enabled.</p> </li> <li> <p>The accounts that <code>CreateMembers</code> was unable to process. This list includes accounts that were already invited to be member accounts in the behavior graph.</p> </li> </ul>"
     },
     "DeleteGraph":{
       "name":"DeleteGraph",
@@ -70,7 +70,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Disables the specified behavior graph and queues it to be deleted. This operation removes the graph from each member account's list of behavior graphs.</p> <p> <code>DeleteGraph</code> can only be called by the administrator account for a behavior graph.</p>"
+      "documentation":"<p>Disables the specified behavior graph and queues it to be deleted. This operation removes the behavior graph from each member account's list of behavior graphs.</p> <p> <code>DeleteGraph</code> can only be called by the administrator account for a behavior graph.</p>"
     },
     "DeleteMembers":{
       "name":"DeleteMembers",
@@ -86,7 +86,35 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Deletes one or more member accounts from the administrator account's behavior graph. This operation can only be called by a Detective administrator account. That account cannot use <code>DeleteMembers</code> to delete their own account from the behavior graph. To disable a behavior graph, the administrator account uses the <code>DeleteGraph</code> API method.</p>"
+      "documentation":"<p>Removes the specified member accounts from the behavior graph. The removed accounts no longer contribute data to the behavior graph. This operation can only be called by the administrator account for the behavior graph.</p> <p>For invited accounts, the removed accounts are deleted from the list of accounts in the behavior graph. To restore the account, the administrator account must send another invitation.</p> <p>For organization accounts in the organization behavior graph, the Detective administrator account can always enable the organization account again. Organization accounts that are not enabled as member accounts are not included in the <code>ListMembers</code> results for the organization behavior graph.</p> <p>An administrator account cannot use <code>DeleteMembers</code> to remove their own account from the behavior graph. To disable a behavior graph, the administrator account uses the <code>DeleteGraph</code> API method.</p>"
+    },
+    "DescribeOrganizationConfiguration":{
+      "name":"DescribeOrganizationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orgs/describeOrganizationConfiguration"
+      },
+      "input":{"shape":"DescribeOrganizationConfigurationRequest"},
+      "output":{"shape":"DescribeOrganizationConfigurationResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Returns information about the configuration for the organization behavior graph. Currently indicates whether to automatically enable new organization accounts as member accounts.</p> <p>Can only be called by the Detective administrator account for the organization. </p>"
+    },
+    "DisableOrganizationAdminAccount":{
+      "name":"DisableOrganizationAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orgs/disableAdminAccount"
+      },
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Removes the Detective administrator account for the organization in the current Region. Deletes the behavior graph for that account.</p> <p>Can only be called by the organization management account. Before you can select a different Detective administrator account, you must remove the Detective administrator account in all Regions.</p>"
     },
     "DisassociateMembership":{
       "name":"DisassociateMembership",
@@ -101,7 +129,21 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Removes the member account from the specified behavior graph. This operation can only be called by a member account that has the <code>ENABLED</code> status.</p>"
+      "documentation":"<p>Removes the member account from the specified behavior graph. This operation can only be called by an invited member account that has the <code>ENABLED</code> status.</p> <p> <code>DisassociateMembership</code> cannot be called by an organization account in the organization behavior graph. For the organization behavior graph, the Detective administrator account determines which organization accounts to enable or disable as member accounts.</p>"
+    },
+    "EnableOrganizationAdminAccount":{
+      "name":"EnableOrganizationAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orgs/enableAdminAccount"
+      },
+      "input":{"shape":"EnableOrganizationAdminAccountRequest"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Designates the Detective administrator account for the organization in the current Region.</p> <p>If the account does not have Detective enabled, then enables Detective for that account and creates a new behavior graph.</p> <p>Can only be called by the organization management account.</p> <p>The Detective administrator account for an organization must be the same in all Regions. If you already designated a Detective administrator account in another Region, then you must designate the same account.</p>"
     },
     "GetMembers":{
       "name":"GetMembers",
@@ -144,7 +186,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by a member account.</p> <p>Open invitations are invitations that the member account has not responded to.</p> <p>The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.</p>"
+      "documentation":"<p>Retrieves the list of open and accepted behavior graph invitations for the member account. This operation can only be called by an invited member account.</p> <p>Open invitations are invitations that the member account has not responded to.</p> <p>The results do not include behavior graphs for which the member account declined the invitation. The results also do not include behavior graphs that the member account resigned from or was removed from.</p>"
     },
     "ListMembers":{
       "name":"ListMembers",
@@ -159,7 +201,22 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Retrieves the list of member accounts for a behavior graph. Does not return member accounts that were removed from the behavior graph.</p>"
+      "documentation":"<p>Retrieves the list of member accounts for a behavior graph.</p> <p>For invited accounts, the results do not include member accounts that were removed from the behavior graph.</p> <p>For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.</p>"
+    },
+    "ListOrganizationAdminAccounts":{
+      "name":"ListOrganizationAdminAccounts",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orgs/adminAccountslist"
+      },
+      "input":{"shape":"ListOrganizationAdminAccountsRequest"},
+      "output":{"shape":"ListOrganizationAdminAccountsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Returns information about the Detective administrator account for an organization. Can only be called by the organization management account.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -190,7 +247,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by a member account that has the <code>INVITED</code> status.</p>"
+      "documentation":"<p>Rejects an invitation to contribute the account data to a behavior graph. This operation must be called by an invited member account that has the <code>INVITED</code> status.</p> <p> <code>RejectInvitation</code> cannot be called by an organization account in the organization behavior graph. In the organization behavior graph, organization accounts do not receive an invitation.</p>"
     },
     "StartMonitoringMember":{
       "name":"StartMonitoringMember",
@@ -239,6 +296,20 @@
         {"shape":"ResourceNotFoundException"}
       ],
       "documentation":"<p>Removes tags from a behavior graph.</p>"
+    },
+    "UpdateOrganizationConfiguration":{
+      "name":"UpdateOrganizationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orgs/updateOrganizationConfiguration"
+      },
+      "input":{"shape":"UpdateOrganizationConfigurationRequest"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Updates the configuration for the Organizations integration in the current Region. Can only be called by the Detective administrator account for the organization.</p>"
     }
   },
   "shapes":{
@@ -261,14 +332,14 @@
       "members":{
         "AccountId":{
           "shape":"AccountId",
-          "documentation":"<p>The account identifier of the AWS account.</p>"
+          "documentation":"<p>The account identifier of the Amazon Web Services account.</p>"
         },
         "EmailAddress":{
           "shape":"EmailAddress",
-          "documentation":"<p>The AWS account root user email address for the AWS account.</p>"
+          "documentation":"<p>The Amazon Web Services account root user email address for the Amazon Web Services account.</p>"
         }
       },
-      "documentation":"<p>An AWS account that is the administrator account of or a member of a behavior graph.</p>"
+      "documentation":"<p>An Amazon Web Services account that is the administrator account of or a member of a behavior graph.</p>"
     },
     "AccountId":{
       "type":"string",
@@ -288,6 +359,28 @@
       "max":50,
       "min":1
     },
+    "Administrator":{
+      "type":"structure",
+      "members":{
+        "AccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account identifier of the Detective administrator account for the organization.</p>"
+        },
+        "GraphArn":{
+          "shape":"GraphArn",
+          "documentation":"<p>The ARN of the organization behavior graph.</p>"
+        },
+        "DelegationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the Detective administrator account was enabled. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>"
+        }
+      },
+      "documentation":"<p>Information about the Detective administrator account for an organization.</p>"
+    },
+    "AdministratorList":{
+      "type":"list",
+      "member":{"shape":"Administrator"}
+    },
     "Boolean":{"type":"boolean"},
     "ByteValue":{"type":"long"},
     "ConflictException":{
@@ -326,7 +419,7 @@
       "members":{
         "GraphArn":{
           "shape":"GraphArn",
-          "documentation":"<p>The ARN of the behavior graph to invite the member accounts to contribute their data to.</p>"
+          "documentation":"<p>The ARN of the behavior graph.</p>"
         },
         "Message":{
           "shape":"EmailMessage",
@@ -334,11 +427,11 @@
         },
         "DisableEmailNotification":{
           "shape":"Boolean",
-          "documentation":"<p>if set to <code>true</code>, then the member accounts do not receive email notifications. By default, this is set to <code>false</code>, and the member accounts receive email notifications.</p>"
+          "documentation":"<p>if set to <code>true</code>, then the invited accounts do not receive email notifications. By default, this is set to <code>false</code>, and the invited accounts receive email notifications.</p> <p>Organization accounts in the organization behavior graph do not receive email notifications.</p>"
         },
         "Accounts":{
           "shape":"AccountList",
-          "documentation":"<p>The list of AWS accounts to invite to become member accounts in the behavior graph. You can invite up to 50 accounts at a time. For each invited account, the account list contains the account identifier and the AWS account root user email address.</p>"
+          "documentation":"<p>The list of Amazon Web Services accounts to invite or to enable. You can invite or enable up to 50 accounts at a time. For each invited account, the account list contains the account identifier and the Amazon Web Services account root user email address. For organization accounts in the organization behavior graph, the email address is not required.</p>"
         }
       }
     },
@@ -347,11 +440,11 @@
       "members":{
         "Members":{
           "shape":"MemberDetailList",
-          "documentation":"<p>The set of member account invitation requests that Detective was able to process. This includes accounts that are being verified, that failed verification, and that passed verification and are being sent an invitation.</p>"
+          "documentation":"<p>The set of member account invitation or enablement requests that Detective was able to process. This includes accounts that are being verified, that failed verification, and that passed verification and are being sent an invitation or are being enabled.</p>"
         },
         "UnprocessedAccounts":{
           "shape":"UnprocessedAccountList",
-          "documentation":"<p>The list of accounts for which Detective was unable to process the invitation request. For each account, the list provides the reason why the request could not be processed. The list includes accounts that are already member accounts in the behavior graph.</p>"
+          "documentation":"<p>The list of accounts for which Detective was unable to process the invitation or enablement request. For each account, the list provides the reason why the request could not be processed. The list includes accounts that are already member accounts in the behavior graph.</p>"
         }
       }
     },
@@ -374,11 +467,11 @@
       "members":{
         "GraphArn":{
           "shape":"GraphArn",
-          "documentation":"<p>The ARN of the behavior graph to delete members from.</p>"
+          "documentation":"<p>The ARN of the behavior graph to remove members from.</p>"
         },
         "AccountIds":{
           "shape":"AccountIdList",
-          "documentation":"<p>The list of AWS account identifiers for the member accounts to delete from the behavior graph. You can delete up to 50 member accounts at a time.</p>"
+          "documentation":"<p>The list of Amazon Web Services account identifiers for the member accounts to remove from the behavior graph. You can remove up to 50 member accounts at a time.</p>"
         }
       }
     },
@@ -387,11 +480,30 @@
       "members":{
         "AccountIds":{
           "shape":"AccountIdList",
-          "documentation":"<p>The list of AWS account identifiers for the member accounts that Detective successfully deleted from the behavior graph.</p>"
+          "documentation":"<p>The list of Amazon Web Services account identifiers for the member accounts that Detective successfully removed from the behavior graph.</p>"
         },
         "UnprocessedAccounts":{
           "shape":"UnprocessedAccountList",
-          "documentation":"<p>The list of member accounts that Detective was not able to delete from the behavior graph. For each member account, provides the reason that the deletion could not be processed.</p>"
+          "documentation":"<p>The list of member accounts that Detective was not able to remove from the behavior graph. For each member account, provides the reason that the deletion could not be processed.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationConfigurationRequest":{
+      "type":"structure",
+      "required":["GraphArn"],
+      "members":{
+        "GraphArn":{
+          "shape":"GraphArn",
+          "documentation":"<p>The ARN of the organization behavior graph.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "AutoEnable":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.</p>"
         }
       }
     },
@@ -416,6 +528,16 @@
       "max":1000,
       "min":1
     },
+    "EnableOrganizationAdminAccountRequest":{
+      "type":"structure",
+      "required":["AccountId"],
+      "members":{
+        "AccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account identifier of the account to designate as the Detective administrator account for the organization.</p>"
+        }
+      }
+    },
     "ErrorMessage":{"type":"string"},
     "GetMembersRequest":{
       "type":"structure",
@@ -430,7 +552,7 @@
         },
         "AccountIds":{
           "shape":"AccountIdList",
-          "documentation":"<p>The list of AWS account identifiers for the member account for which to return member details. You can request details for up to 50 member accounts at a time.</p> <p>You cannot use <code>GetMembers</code> to retrieve information about member accounts that were removed from the behavior graph.</p>"
+          "documentation":"<p>The list of Amazon Web Services account identifiers for the member account for which to return member details. You can request details for up to 50 member accounts at a time.</p> <p>You cannot use <code>GetMembers</code> to retrieve information about member accounts that were removed from the behavior graph.</p>"
         }
       }
     },
@@ -456,7 +578,7 @@
         },
         "CreatedTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The date and time that the behavior graph was created. The value is in milliseconds since the epoch.</p>"
+          "documentation":"<p>The date and time that the behavior graph was created. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>"
         }
       },
       "documentation":"<p>A behavior graph in Detective.</p>"
@@ -478,6 +600,13 @@
       "error":{"httpStatusCode":500},
       "exception":true
     },
+    "InvitationType":{
+      "type":"string",
+      "enum":[
+        "INVITATION",
+        "ORGANIZATION"
+      ]
+    },
     "ListGraphsRequest":{
       "type":"structure",
       "members":{
@@ -553,11 +682,37 @@
       "members":{
         "MemberDetails":{
           "shape":"MemberDetailList",
-          "documentation":"<p>The list of member accounts in the behavior graph.</p> <p>The results include member accounts that did not pass verification and member accounts that have not yet accepted the invitation to the behavior graph. The results do not include member accounts that were removed from the behavior graph.</p>"
+          "documentation":"<p>The list of member accounts in the behavior graph.</p> <p>For invited accounts, the results include member accounts that did not pass verification and member accounts that have not yet accepted the invitation to the behavior graph. The results do not include member accounts that were removed from the behavior graph.</p> <p>For the organization behavior graph, the results do not include organization accounts that the Detective administrator account has not enabled as member accounts.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>If there are more member accounts remaining in the results, then use this pagination token to request the next page of member accounts.</p>"
+        }
+      }
+    },
+    "ListOrganizationAdminAccountsRequest":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>For requests to get the next page of results, the pagination token that was returned with the previous set of results. The initial request does not include a pagination token.</p>"
+        },
+        "MaxResults":{
+          "shape":"MemberResultsLimit",
+          "documentation":"<p>The maximum number of results to return.</p>"
+        }
+      }
+    },
+    "ListOrganizationAdminAccountsResponse":{
+      "type":"structure",
+      "members":{
+        "Administrators":{
+          "shape":"AdministratorList",
+          "documentation":"<p>The list of delegated administrator accounts.</p>"
         },
         "NextToken":{
           "shape":"PaginationToken",
-          "documentation":"<p>If there are more member accounts remaining in the results, then this is the pagination token to use to request the next page of member accounts.</p>"
+          "documentation":"<p>If there are more accounts remaining in the results, then this is the pagination token to use to request the next page of accounts.</p>"
         }
       }
     },
@@ -587,29 +742,29 @@
       "members":{
         "AccountId":{
           "shape":"AccountId",
-          "documentation":"<p>The AWS account identifier for the member account.</p>"
+          "documentation":"<p>The Amazon Web Services account identifier for the member account.</p>"
         },
         "EmailAddress":{
           "shape":"EmailAddress",
-          "documentation":"<p>The AWS account root user email address for the member account.</p>"
+          "documentation":"<p>The Amazon Web Services account root user email address for the member account.</p>"
         },
         "GraphArn":{
           "shape":"GraphArn",
-          "documentation":"<p>The ARN of the behavior graph that the member account was invited to.</p>"
+          "documentation":"<p>The ARN of the behavior graph.</p>"
         },
         "MasterId":{
           "shape":"AccountId",
-          "documentation":"<p>The AWS account identifier of the administrator account for the behavior graph.</p>",
+          "documentation":"<p>The Amazon Web Services account identifier of the administrator account for the behavior graph.</p>",
           "deprecated":true,
           "deprecatedMessage":"This property is deprecated. Use AdministratorId instead."
         },
         "AdministratorId":{
           "shape":"AccountId",
-          "documentation":"<p>The AWS account identifier of the administrator account for the behavior graph.</p>"
+          "documentation":"<p>The Amazon Web Services account identifier of the administrator account for the behavior graph.</p>"
         },
         "Status":{
           "shape":"MemberStatus",
-          "documentation":"<p>The current membership status of the member account. The status can have one of the following values:</p> <ul> <li> <p> <code>INVITED</code> - Indicates that the member was sent an invitation but has not yet responded.</p> </li> <li> <p> <code>VERIFICATION_IN_PROGRESS</code> - Indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph.</p> </li> <li> <p> <code>VERIFICATION_FAILED</code> - Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.</p> </li> <li> <p> <code>ENABLED</code> - Indicates that the member account accepted the invitation to contribute to the behavior graph.</p> </li> <li> <p> <code>ACCEPTED_BUT_DISABLED</code> - Indicates that the member account accepted the invitation but is prevented from contributing data to the behavior graph. <code>DisabledReason</code> provides the reason why the member account is not enabled.</p> </li> </ul> <p>Member accounts that declined an invitation or that were removed from the behavior graph are not included.</p>"
+          "documentation":"<p>The current membership status of the member account. The status can have one of the following values:</p> <ul> <li> <p> <code>INVITED</code> - For invited accounts only. Indicates that the member was sent an invitation but has not yet responded.</p> </li> <li> <p> <code>VERIFICATION_IN_PROGRESS</code> - For invited accounts only, indicates that Detective is verifying that the account identifier and email address provided for the member account match. If they do match, then Detective sends the invitation. If the email address and account identifier don't match, then the member cannot be added to the behavior graph.</p> <p>For organization accounts in the organization behavior graph, indicates that Detective is verifying that the account belongs to the organization.</p> </li> <li> <p> <code>VERIFICATION_FAILED</code> - For invited accounts only. Indicates that the account and email address provided for the member account do not match, and Detective did not send an invitation to the account.</p> </li> <li> <p> <code>ENABLED</code> - Indicates that the member account currently contributes data to the behavior graph. For invited accounts, the member account accepted the invitation. For organization accounts in the organization behavior graph, the Detective administrator account enabled the organization account as a member account.</p> </li> <li> <p> <code>ACCEPTED_BUT_DISABLED</code> - The account accepted the invitation, or was enabled by the Detective administrator account, but is prevented from contributing data to the behavior graph. <code>DisabledReason</code> provides the reason why the member account is not enabled.</p> </li> </ul> <p>Invited accounts that declined an invitation or that were removed from the behavior graph are not included. In the organization behavior graph, organization accounts that the Detective administrator account did not enable are not included.</p>"
         },
         "DisabledReason":{
           "shape":"MemberDisabledReason",
@@ -617,11 +772,11 @@
         },
         "InvitedTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The date and time that Detective sent the invitation to the member account. The value is in milliseconds since the epoch.</p>"
+          "documentation":"<p>For invited accounts, the date and time that Detective sent the invitation to the account. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>"
         },
         "UpdatedTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The date and time that the member account was last updated. The value is in milliseconds since the epoch.</p>"
+          "documentation":"<p>The date and time that the member account was last updated. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>"
         },
         "VolumeUsageInBytes":{
           "shape":"ByteValue",
@@ -629,7 +784,7 @@
         },
         "VolumeUsageUpdatedTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The data and time when the member account data volume was last updated.</p>"
+          "documentation":"<p>The data and time when the member account data volume was last updated. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>"
         },
         "PercentOfGraphUtilization":{
           "shape":"Percentage",
@@ -639,12 +794,16 @@
         },
         "PercentOfGraphUtilizationUpdatedTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The date and time when the graph utilization percentage was last updated.</p>",
+          "documentation":"<p>The date and time when the graph utilization percentage was last updated. The value is an ISO8601 formatted string. For example, <code>2021-08-18T16:35:56.284Z</code>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This property is deprecated. Use VolumeUsageUpdatedTime instead."
+        },
+        "InvitationType":{
+          "shape":"InvitationType",
+          "documentation":"<p>The type of behavior graph membership.</p> <p>For an organization account in the organization behavior graph, the type is <code>ORGANIZATION</code>.</p> <p>For an account that was invited to a behavior graph, the type is <code>INVITATION</code>. </p>"
         }
       },
-      "documentation":"<p>Details about a member account that was invited to contribute to a behavior graph.</p>"
+      "documentation":"<p>Details about a member account in a behavior graph.</p>"
     },
     "MemberDetailList":{
       "type":"list",
@@ -703,7 +862,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>This request cannot be completed for one of the following reasons.</p> <ul> <li> <p>The request would cause the number of member accounts in the behavior graph to exceed the maximum allowed. A behavior graph cannot have more than 1000 member accounts.</p> </li> <li> <p>The request would cause the data rate for the behavior graph to exceed the maximum allowed.</p> </li> <li> <p>Detective is unable to verify the data rate for the member account. This is usually because the member account is not enrolled in Amazon GuardDuty. </p> </li> </ul>",
+      "documentation":"<p>This request cannot be completed for one of the following reasons.</p> <ul> <li> <p>The request would cause the number of member accounts in the behavior graph to exceed the maximum allowed. A behavior graph cannot have more than 1200 member accounts.</p> </li> <li> <p>The request would cause the data rate for the behavior graph to exceed the maximum allowed.</p> </li> <li> <p>Detective is unable to verify the data rate for the member account. This is usually because the member account is not enrolled in Amazon GuardDuty.</p> </li> </ul>",
       "error":{"httpStatusCode":402},
       "exception":true
     },
@@ -775,12 +934,21 @@
       "type":"timestamp",
       "timestampFormat":"iso8601"
     },
+    "TooManyRequestsException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The request cannot be completed because too many other requests are occurring at the same time.</p>",
+      "error":{"httpStatusCode":429},
+      "exception":true
+    },
     "UnprocessedAccount":{
       "type":"structure",
       "members":{
         "AccountId":{
           "shape":"AccountId",
-          "documentation":"<p>The AWS account identifier of the member account that was not processed.</p>"
+          "documentation":"<p>The Amazon Web Services account identifier of the member account that was not processed.</p>"
         },
         "Reason":{
           "shape":"UnprocessedReason",
@@ -820,6 +988,20 @@
       "members":{
       }
     },
+    "UpdateOrganizationConfigurationRequest":{
+      "type":"structure",
+      "required":["GraphArn"],
+      "members":{
+        "GraphArn":{
+          "shape":"GraphArn",
+          "documentation":"<p>The ARN of the organization behavior graph.</p>"
+        },
+        "AutoEnable":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to automatically enable new organization accounts as member accounts in the organization behavior graph.</p>"
+        }
+      }
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
@@ -830,5 +1012,5 @@
       "exception":true
     }
   },
-  "documentation":"<p>Detective uses machine learning and purpose-built visualizations to help you analyze and investigate security issues across your Amazon Web Services (AWS) workloads. Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from AWS CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.</p> <p>The Detective API primarily supports the creation and management of behavior graphs. A behavior graph contains the extracted data from a set of member accounts, and is created and managed by an administrator account.</p> <p>Every behavior graph is specific to a Region. You can only use the API to manage graphs that belong to the Region that is associated with the currently selected endpoint.</p> <p>A Detective administrator account can use the Detective API to do the following:</p> <ul> <li> <p>Enable and disable Detective. Enabling Detective creates a new behavior graph.</p> </li> <li> <p>View the list of member accounts in a behavior graph.</p> </li> <li> <p>Add member accounts to a behavior graph.</p> </li> <li> <p>Remove member accounts from a behavior graph.</p> </li> </ul> <p>A member account can use the Detective API to do the following:</p> <ul> <li> <p>View the list of behavior graphs that they are invited to.</p> </li> <li> <p>Accept an invitation to contribute to a behavior graph.</p> </li> <li> <p>Decline an invitation to contribute to a behavior graph.</p> </li> <li> <p>Remove their account from a behavior graph.</p> </li> </ul> <p>All API actions are logged as CloudTrail events. See <a href=\"https://docs.aws.amazon.com/detective/latest/adminguide/logging-using-cloudtrail.html\">Logging Detective API Calls with CloudTrail</a>.</p> <note> <p>We replaced the term \"master account\" with the term \"administrator account.\" An administrator account is used to centrally manage multiple accounts. In the case of Detective, the administrator account manages the accounts in their behavior graph.</p> </note>"
+  "documentation":"<p>Detective uses machine learning and purpose-built visualizations to help you to analyze and investigate security issues across your Amazon Web Services (Amazon Web Services) workloads. Detective automatically extracts time-based events such as login attempts, API calls, and network traffic from CloudTrail and Amazon Virtual Private Cloud (Amazon VPC) flow logs. It also extracts findings detected by Amazon GuardDuty.</p> <p>The Detective API primarily supports the creation and management of behavior graphs. A behavior graph contains the extracted data from a set of member accounts, and is created and managed by an administrator account.</p> <p>To add a member account to the behavior graph, the administrator account sends an invitation to the account. When the account accepts the invitation, it becomes a member account in the behavior graph.</p> <p>Detective is also integrated with Organizations. The organization management account designates the Detective administrator account for the organization. That account becomes the administrator account for the organization behavior graph. The Detective administrator account can enable any organization account as a member account in the organization behavior graph. The organization accounts do not receive invitations. The Detective administrator account can also invite other accounts to the organization behavior graph.</p> <p>Every behavior graph is specific to a Region. You can only use the API to manage behavior graphs that belong to the Region that is associated with the currently selected endpoint.</p> <p>The administrator account for a behavior graph can use the Detective API to do the following:</p> <ul> <li> <p>Enable and disable Detective. Enabling Detective creates a new behavior graph.</p> </li> <li> <p>View the list of member accounts in a behavior graph.</p> </li> <li> <p>Add member accounts to a behavior graph.</p> </li> <li> <p>Remove member accounts from a behavior graph.</p> </li> <li> <p>Apply tags to a behavior graph.</p> </li> </ul> <p>The organization management account can use the Detective API to select the delegated administrator for Detective.</p> <p>The Detective administrator account for an organization can use the Detective API to do the following:</p> <ul> <li> <p>Perform all of the functions of an administrator account.</p> </li> <li> <p>Determine whether to automatically enable new organization accounts as member accounts in the organization behavior graph.</p> </li> </ul> <p>An invited member account can use the Detective API to do the following:</p> <ul> <li> <p>View the list of behavior graphs that they are invited to.</p> </li> <li> <p>Accept an invitation to contribute to a behavior graph.</p> </li> <li> <p>Decline an invitation to contribute to a behavior graph.</p> </li> <li> <p>Remove their account from a behavior graph.</p> </li> </ul> <p>All API actions are logged as CloudTrail events. See <a href=\"https://docs.aws.amazon.com/detective/latest/adminguide/logging-using-cloudtrail.html\">Logging Detective API Calls with CloudTrail</a>.</p> <note> <p>We replaced the term \"master account\" with the term \"administrator account.\" An administrator account is used to centrally manage multiple accounts. In the case of Detective, the administrator account manages the accounts in their behavior graph.</p> </note>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/paginators-1.json
index 39f9bec3485..452828faa96 100644
--- a/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/paginators-1.json
@@ -5,14 +5,16 @@
       "output_token": "NextToken",
       "result_key": [
         "CloudFormation",
-        "Service"
+        "Service",
+        "Tags"
       ]
     },
     "GetResourceCollection": {
       "input_token": "NextToken",
       "output_token": "NextToken",
       "result_key": [
-        "ResourceCollection.CloudFormation.StackNames"
+        "ResourceCollection.CloudFormation.StackNames",
+        "ResourceCollection.Tags"
       ],
       "non_aggregate_keys": [
         "ResourceCollection"
@@ -73,6 +75,34 @@
       "result_key": [
         "Costs"
       ]
+    },
+    "DescribeOrganizationResourceCollectionHealth": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "result_key": [
+        "CloudFormation",
+        "Account",
+        "Service",
+        "Tags"
+      ]
+    },
+    "ListOrganizationInsights": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": [
+        "ProactiveInsights",
+        "ReactiveInsights"
+      ]
+    },
+    "SearchOrganizationInsights": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": [
+        "ProactiveInsights",
+        "ReactiveInsights"
+      ]
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/service-2.json
index 67f9d8faf22..f74723efc86 100644
--- a/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/devops-guru/2020-12-01/service-2.json
@@ -30,7 +30,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Adds a notification channel to DevOps Guru. A notification channel is used to notify you about important DevOps Guru events, such as when an insight is generated. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for AWS KMS–encrypted Amazon SNS topics</a>.</p>"
+      "documentation":"<p> Adds a notification channel to DevOps Guru. A notification channel is used to notify you about important DevOps Guru events, such as when an insight is generated. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an Amazon Web Services Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for Amazon Web Services KMS–encrypted Amazon SNS topics</a>.</p>"
     },
     "DescribeAccountHealth":{
       "name":"DescribeAccountHealth",
@@ -47,7 +47,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns the number of open reactive insights, the number of open proactive insights, and the number of metrics analyzed in your AWS account. Use these numbers to gauge the health of operations in your AWS account. </p>"
+      "documentation":"<p> Returns the number of open reactive insights, the number of open proactive insights, and the number of metrics analyzed in your Amazon Web Services account. Use these numbers to gauge the health of operations in your Amazon Web Services account. </p>"
     },
     "DescribeAccountOverview":{
       "name":"DescribeAccountOverview",
@@ -100,7 +100,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns the most recent feedback submitted in the current AWS account and Region. </p>"
+      "documentation":"<p> Returns the most recent feedback submitted in the current Amazon Web Services account and Region. </p>"
     },
     "DescribeInsight":{
       "name":"DescribeInsight",
@@ -120,6 +120,57 @@
       ],
       "documentation":"<p> Returns details about an insight that you specify using its ID. </p>"
     },
+    "DescribeOrganizationHealth":{
+      "name":"DescribeOrganizationHealth",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organization/health",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeOrganizationHealthRequest"},
+      "output":{"shape":"DescribeOrganizationHealthResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Returns active insights, predictive insights, and resource hours analyzed in last hour.</p>"
+    },
+    "DescribeOrganizationOverview":{
+      "name":"DescribeOrganizationOverview",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organization/overview",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeOrganizationOverviewRequest"},
+      "output":{"shape":"DescribeOrganizationOverviewResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Returns an overview of your organization's history based on the specified time range. The overview includes the total reactive and proactive insights.</p>"
+    },
+    "DescribeOrganizationResourceCollectionHealth":{
+      "name":"DescribeOrganizationResourceCollectionHealth",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organization/health/resource-collection",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeOrganizationResourceCollectionHealthRequest"},
+      "output":{"shape":"DescribeOrganizationResourceCollectionHealthResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Provides an overview of your system's health. If additional member accounts are part of your organization, you can filter those accounts using the <code>AccountIds</code> field.</p>"
+    },
     "DescribeResourceCollectionHealth":{
       "name":"DescribeResourceCollectionHealth",
       "http":{
@@ -135,7 +186,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns the number of open proactive insights, open reactive insights, and the Mean Time to Recover (MTTR) for all closed insights in resource collections in your account. You specify the type of AWS resources collection. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+      "documentation":"<p> Returns the number of open proactive insights, open reactive insights, and the Mean Time to Recover (MTTR) for all closed insights in resource collections in your account. You specify the type of Amazon Web Services resources collection. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
     },
     "DescribeServiceIntegration":{
       "name":"DescribeServiceIntegration",
@@ -152,7 +203,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns the integration status of services that are integrated with DevOps Guru. The one service that can be integrated with DevOps Guru is AWS Systems Manager, which can be used to create an OpsItem for each generated insight. </p>"
+      "documentation":"<p> Returns the integration status of services that are integrated with DevOps Guru. The one service that can be integrated with DevOps Guru is Amazon Web Services Systems Manager, which can be used to create an OpsItem for each generated insight. </p>"
     },
     "GetCostEstimation":{
       "name":"GetCostEstimation",
@@ -170,7 +221,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Returns an estimate of the monthly cost for DevOps Guru to analyze your AWS resources. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>.</p>"
+      "documentation":"<p>Returns an estimate of the monthly cost for DevOps Guru to analyze your Amazon Web Services resources. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>.</p>"
     },
     "GetResourceCollection":{
       "name":"GetResourceCollection",
@@ -188,7 +239,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns lists AWS resources that are of the specified resource collection type. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+      "documentation":"<p> Returns lists Amazon Web Services resources that are of the specified resource collection type. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
     },
     "ListAnomaliesForInsight":{
       "name":"ListAnomaliesForInsight",
@@ -241,7 +292,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns a list of insights in your AWS account. You can specify which insights are returned by their start time and status (<code>ONGOING</code>, <code>CLOSED</code>, or <code>ANY</code>). </p>"
+      "documentation":"<p> Returns a list of insights in your Amazon Web Services account. You can specify which insights are returned by their start time and status (<code>ONGOING</code>, <code>CLOSED</code>, or <code>ANY</code>). </p>"
     },
     "ListNotificationChannels":{
       "name":"ListNotificationChannels",
@@ -260,6 +311,23 @@
       ],
       "documentation":"<p> Returns a list of notification channels configured for DevOps Guru. Each notification channel is used to notify you when DevOps Guru generates an insight that contains information about how to improve your operations. The one supported notification channel is Amazon Simple Notification Service (Amazon SNS). </p>"
     },
+    "ListOrganizationInsights":{
+      "name":"ListOrganizationInsights",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organization/insights",
+        "responseCode":200
+      },
+      "input":{"shape":"ListOrganizationInsightsRequest"},
+      "output":{"shape":"ListOrganizationInsightsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Returns a list of insights associated with the account or OU Id.</p>"
+    },
     "ListRecommendations":{
       "name":"ListRecommendations",
       "http":{
@@ -331,7 +399,24 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Returns a list of insights in your AWS account. You can specify which insights are returned by their start time, one or more statuses (<code>ONGOING</code>, <code>CLOSED</code>, and <code>CLOSED</code>), one or more severities (<code>LOW</code>, <code>MEDIUM</code>, and <code>HIGH</code>), and type (<code>REACTIVE</code> or <code>PROACTIVE</code>). </p> <p> Use the <code>Filters</code> parameter to specify status and severity search parameters. Use the <code>Type</code> parameter to specify <code>REACTIVE</code> or <code>PROACTIVE</code> in your search. </p>"
+      "documentation":"<p> Returns a list of insights in your Amazon Web Services account. You can specify which insights are returned by their start time, one or more statuses (<code>ONGOING</code>, <code>CLOSED</code>, and <code>CLOSED</code>), one or more severities (<code>LOW</code>, <code>MEDIUM</code>, and <code>HIGH</code>), and type (<code>REACTIVE</code> or <code>PROACTIVE</code>). </p> <p> Use the <code>Filters</code> parameter to specify status and severity search parameters. Use the <code>Type</code> parameter to specify <code>REACTIVE</code> or <code>PROACTIVE</code> in your search. </p>"
+    },
+    "SearchOrganizationInsights":{
+      "name":"SearchOrganizationInsights",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organization/insights/search",
+        "responseCode":200
+      },
+      "input":{"shape":"SearchOrganizationInsightsRequest"},
+      "output":{"shape":"SearchOrganizationInsightsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p> Returns a list of insights in your organization. You can specify which insights are returned by their start time, one or more statuses (<code>ONGOING</code>, <code>CLOSED</code>, and <code>CLOSED</code>), one or more severities (<code>LOW</code>, <code>MEDIUM</code>, and <code>HIGH</code>), and type (<code>REACTIVE</code> or <code>PROACTIVE</code>). </p> <p> Use the <code>Filters</code> parameter to specify status and severity search parameters. Use the <code>Type</code> parameter to specify <code>REACTIVE</code> or <code>PROACTIVE</code> in your search. </p>"
     },
     "StartCostEstimation":{
       "name":"StartCostEstimation",
@@ -350,7 +435,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Starts the creation of an estimate of the monthly cost to analyze your AWS resources.</p>"
+      "documentation":"<p>Starts the creation of an estimate of the monthly cost to analyze your Amazon Web Services resources.</p>"
     },
     "UpdateResourceCollection":{
       "name":"UpdateResourceCollection",
@@ -368,7 +453,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Updates the collection of resources that DevOps Guru analyzes. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. This method also creates the IAM role required for you to use DevOps Guru. </p>"
+      "documentation":"<p> Updates the collection of resources that DevOps Guru analyzes. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. This method also creates the IAM role required for you to use DevOps Guru. </p>"
     },
     "UpdateServiceIntegration":{
       "name":"UpdateServiceIntegration",
@@ -386,7 +471,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p> Enables or disables integration with a service that can be integrated with DevOps Guru. The one service that can be integrated with DevOps Guru is AWS Systems Manager, which can be used to create an OpsItem for each generated insight. </p>"
+      "documentation":"<p> Enables or disables integration with a service that can be integrated with DevOps Guru. The one service that can be integrated with DevOps Guru is Amazon Web Services Systems Manager, which can be used to create an OpsItem for each generated insight. </p>"
     }
   },
   "shapes":{
@@ -400,6 +485,44 @@
       "error":{"httpStatusCode":403},
       "exception":true
     },
+    "AccountHealth":{
+      "type":"structure",
+      "members":{
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
+        },
+        "Insight":{
+          "shape":"AccountInsightHealth",
+          "documentation":"<p> Information about the health of the Amazon Web Services resources in your account, including the number of open proactive, open reactive insights, and the Mean Time to Recover (MTTR) of closed insights. </p>"
+        }
+      },
+      "documentation":"<p> Returns the number of open reactive insights, the number of open proactive insights, and the number of metrics analyzed in your Amazon Web Services account. Use these numbers to gauge the health of operations in your Amazon Web Services account. </p>"
+    },
+    "AccountHealths":{
+      "type":"list",
+      "member":{"shape":"AccountHealth"}
+    },
+    "AccountIdList":{
+      "type":"list",
+      "member":{"shape":"AwsAccountId"},
+      "max":5,
+      "min":0
+    },
+    "AccountInsightHealth":{
+      "type":"structure",
+      "members":{
+        "OpenProactiveInsights":{
+          "shape":"NumOpenProactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open proactive insights in your Amazon Web Services account.</p>"
+        },
+        "OpenReactiveInsights":{
+          "shape":"NumOpenReactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open reactive insights in your Amazon Web Services account.</p>"
+        }
+      },
+      "documentation":"<p> Information about the number of open reactive and proactive insights that can be used to gauge the health of your system. </p>"
+    },
     "AddNotificationChannelRequest":{
       "type":"structure",
       "required":["Config"],
@@ -420,16 +543,18 @@
         }
       }
     },
+    "AnomalyDescription":{"type":"string"},
     "AnomalyId":{
       "type":"string",
       "max":100,
       "min":1,
-      "pattern":"^[\\w-]*$"
+      "pattern":"^[\\w~.-]*$"
     },
     "AnomalyLimit":{
       "type":"double",
       "box":true
     },
+    "AnomalyName":{"type":"string"},
     "AnomalyReportedTimeRange":{
       "type":"structure",
       "required":["OpenTime"],
@@ -445,6 +570,24 @@
       },
       "documentation":"<p> A time range that specifies when DevOps Guru opens and then closes an anomaly. This is different from <code>AnomalyTimeRange</code>, which specifies the time range when DevOps Guru actually observes the anomalous behavior. </p>"
     },
+    "AnomalyResource":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ResourceName",
+          "documentation":"<p>The name of the Amazon Web Services resource.</p>"
+        },
+        "Type":{
+          "shape":"ResourceType",
+          "documentation":"<p>The type of the Amazon Web Services resource.</p>"
+        }
+      },
+      "documentation":"<p>The Amazon Web Services resources in which DevOps Guru detected unusual behavior that resulted in the generation of an anomaly. When DevOps Guru detects multiple related anomalies, it creates and insight with details about the anomalous behavior and suggestions about how to correct the problem.</p>"
+    },
+    "AnomalyResources":{
+      "type":"list",
+      "member":{"shape":"AnomalyResource"}
+    },
     "AnomalySeverity":{
       "type":"string",
       "enum":[
@@ -458,10 +601,14 @@
       "members":{
         "CloudWatchMetrics":{
           "shape":"CloudWatchMetricsDetails",
-          "documentation":"<p> An array of <code>CloudWatchMetricsDetail</code> object that contains information about the analyzed metrics that displayed anomalous behavior. </p>"
+          "documentation":"<p>An array of <code>CloudWatchMetricsDetail</code> objects that contain information about analyzed CloudWatch metrics that show anomalous behavior. </p>"
+        },
+        "PerformanceInsightsMetrics":{
+          "shape":"PerformanceInsightsMetricsDetails",
+          "documentation":"<p>An array of <code>PerformanceInsightsMetricsDetail</code> objects that contain information about analyzed Performance Insights metrics that show anomalous behavior.</p>"
         }
       },
-      "documentation":"<p> Details about the source of the anomalous operational data that triggered the anomaly. The one supported source is Amazon CloudWatch metrics. </p>"
+      "documentation":"<p> Details about the source of the anomalous operational data that triggered the anomaly.</p>"
     },
     "AnomalyStatus":{
       "type":"string",
@@ -485,6 +632,29 @@
       },
       "documentation":"<p> A time range that specifies when the observed unusual behavior in an anomaly started and ended. This is different from <code>AnomalyReportedTimeRange</code>, which specifies the time range when DevOps Guru opens and then closes an anomaly. </p>"
     },
+    "AnomalyType":{
+      "type":"string",
+      "enum":[
+        "CAUSAL",
+        "CONTEXTUAL"
+      ]
+    },
+    "AppBoundaryKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "AssociatedResourceArns":{
+      "type":"list",
+      "member":{"shape":"ResourceArn"}
+    },
+    "AwsAccountId":{
+      "type":"string",
+      "max":12,
+      "min":12,
+      "pattern":"^\\d{12}$"
+    },
     "Channels":{
       "type":"list",
       "member":{"shape":"NotificationChannel"}
@@ -503,7 +673,7 @@
           "documentation":"<p> An array of CloudFormation stack names. </p>"
         }
       },
-      "documentation":"<p> Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>AWS CloudFormation User Guide</i>. </p>"
+      "documentation":"<p> Information about Amazon Web Services CloudFormation stacks. You can use up to 500 stacks to specify which Amazon Web Services resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>Amazon Web Services CloudFormation User Guide</i>. </p>"
     },
     "CloudFormationCollectionFilter":{
       "type":"structure",
@@ -513,7 +683,7 @@
           "documentation":"<p> An array of CloudFormation stack names. </p>"
         }
       },
-      "documentation":"<p> Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>AWS CloudFormation User Guide</i>. </p>"
+      "documentation":"<p> Information about Amazon Web Services CloudFormation stacks. You can use up to 500 stacks to specify which Amazon Web Services resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>Amazon Web Services CloudFormation User Guide</i>. </p>"
     },
     "CloudFormationCostEstimationResourceCollectionFilter":{
       "type":"structure",
@@ -523,7 +693,7 @@
           "documentation":"<p>An array of CloudFormation stack names. Its size is fixed at 1 item.</p>"
         }
       },
-      "documentation":"<p>Information about an AWS CloudFormation stack used to create a monthly cost estimate for DevOps Guru to analyze AWS resources. The maximum number of stacks you can specify for a cost estimate is one. The estimate created is for the cost to analyze the AWS resources defined by the stack. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>AWS CloudFormation User Guide</i>.</p>"
+      "documentation":"<p>Information about an Amazon Web Services CloudFormation stack used to create a monthly cost estimate for DevOps Guru to analyze Amazon Web Services resources. The maximum number of stacks you can specify for a cost estimate is one. The estimate created is for the cost to analyze the Amazon Web Services resources defined by the stack. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>Amazon Web Services CloudFormation User Guide</i>.</p>"
     },
     "CloudFormationHealth":{
       "type":"structure",
@@ -534,15 +704,37 @@
         },
         "Insight":{
           "shape":"InsightHealth",
-          "documentation":"<p> Information about the health of the AWS resources in your account that are specified by an AWS CloudFormation stack, including the number of open proactive, open reactive insights, and the Mean Time to Recover (MTTR) of closed insights. </p>"
+          "documentation":"<p> Information about the health of the Amazon Web Services resources in your account that are specified by an Amazon Web Services CloudFormation stack, including the number of open proactive, open reactive insights, and the Mean Time to Recover (MTTR) of closed insights. </p>"
         }
       },
-      "documentation":"<p> Information about the health of AWS resources in your account that are specified by an AWS CloudFormation stack. </p>"
+      "documentation":"<p> Information about the health of Amazon Web Services resources in your account that are specified by an Amazon Web Services CloudFormation stack. </p>"
     },
     "CloudFormationHealths":{
       "type":"list",
       "member":{"shape":"CloudFormationHealth"}
     },
+    "CloudWatchMetricDataStatusCode":{
+      "type":"string",
+      "enum":[
+        "Complete",
+        "InternalError",
+        "PartialData"
+      ]
+    },
+    "CloudWatchMetricsDataSummary":{
+      "type":"structure",
+      "members":{
+        "TimestampMetricValuePairList":{
+          "shape":"TimestampMetricValuePairList",
+          "documentation":"<p>This is a list of Amazon CloudWatch metric values at given timestamp.</p>"
+        },
+        "StatusCode":{
+          "shape":"CloudWatchMetricDataStatusCode",
+          "documentation":"<p>This is an enum of the status showing whether the metric value pair list has partial or complete data, or if there was an error.</p>"
+        }
+      },
+      "documentation":"<p>Contains information about the analyzed metrics that displayed anomalous behavior. </p>"
+    },
     "CloudWatchMetricsDetail":{
       "type":"structure",
       "members":{
@@ -569,6 +761,10 @@
         "Period":{
           "shape":"CloudWatchMetricsPeriod",
           "documentation":"<p> The length of time associated with the CloudWatch metric in number of seconds. </p>"
+        },
+        "MetricDataSummary":{
+          "shape":"CloudWatchMetricsDataSummary",
+          "documentation":"<p>This object returns anomaly metric data.</p>"
         }
       },
       "documentation":"<p> Information about an Amazon CloudWatch metric. </p>"
@@ -589,7 +785,7 @@
           "documentation":"<p> The value of the CloudWatch dimension. </p>"
         }
       },
-      "documentation":"<p> The dimension of a Amazon CloudWatch metric that is used when DevOps Guru analyzes the resources in your account for operational problems and anomalous behavior. A dimension is a name/value pair that is part of the identity of a metric. A metric can have up to 10 dimensions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Dimension\">Dimensions</a> in the <i>Amazon CloudWatch User Guide</i>. </p>"
+      "documentation":"<p> The dimension of am Amazon CloudWatch metric that is used when DevOps Guru analyzes the resources in your account for operational problems and anomalous behavior. A dimension is a name/value pair that is part of the identity of a metric. A metric can have up to 10 dimensions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Dimension\">Dimensions</a> in the <i>Amazon CloudWatch User Guide</i>. </p>"
     },
     "CloudWatchMetricsDimensionName":{"type":"string"},
     "CloudWatchMetricsDimensionValue":{"type":"string"},
@@ -625,11 +821,11 @@
         "Message":{"shape":"ErrorMessageString"},
         "ResourceId":{
           "shape":"ResourceIdString",
-          "documentation":"<p> The ID of the AWS resource in which a conflict occurred. </p>"
+          "documentation":"<p> The ID of the Amazon Web Services resource in which a conflict occurred. </p>"
         },
         "ResourceType":{
           "shape":"ResourceIdType",
-          "documentation":"<p> The type of the AWS resource in which a conflict occurred. </p>"
+          "documentation":"<p> The type of the Amazon Web Services resource in which a conflict occurred. </p>"
         }
       },
       "documentation":"<p> An exception that is thrown when a conflict occurs. </p>",
@@ -642,10 +838,14 @@
       "members":{
         "CloudFormation":{
           "shape":"CloudFormationCostEstimationResourceCollectionFilter",
-          "documentation":"<p>An object that specifies the CloudFormation stack that defines the AWS resources used to create a monthly estimate for DevOps Guru.</p>"
+          "documentation":"<p>An object that specifies the CloudFormation stack that defines the Amazon Web Services resources used to create a monthly estimate for DevOps Guru.</p>"
+        },
+        "Tags":{
+          "shape":"TagCostEstimationResourceCollectionFilters",
+          "documentation":"<p>The Amazon Web Services tags used to filter the resource collection that is used for a cost estimate.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
         }
       },
-      "documentation":"<p>Information about a filter used to specify which AWS resources are analyzed to create a monthly DevOps Guru cost estimate. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>. </p>"
+      "documentation":"<p>Information about a filter used to specify which Amazon Web Services resources are analyzed to create a monthly DevOps Guru cost estimate. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>. </p>"
     },
     "CostEstimationServiceResourceCount":{"type":"integer"},
     "CostEstimationServiceResourceState":{
@@ -668,6 +868,12 @@
         "COMPLETED"
       ]
     },
+    "CostEstimationTagValues":{
+      "type":"list",
+      "member":{"shape":"TagValue"},
+      "max":1,
+      "min":1
+    },
     "CostEstimationTimeRange":{
       "type":"structure",
       "members":{
@@ -698,19 +904,19 @@
       "members":{
         "OpenReactiveInsights":{
           "shape":"NumOpenReactiveInsights",
-          "documentation":"<p> An integer that specifies the number of open reactive insights in your AWS account. </p>"
+          "documentation":"<p> An integer that specifies the number of open reactive insights in your Amazon Web Services account. </p>"
         },
         "OpenProactiveInsights":{
           "shape":"NumOpenProactiveInsights",
-          "documentation":"<p> An integer that specifies the number of open proactive insights in your AWS account. </p>"
+          "documentation":"<p> An integer that specifies the number of open proactive insights in your Amazon Web Services account. </p>"
         },
         "MetricsAnalyzed":{
           "shape":"NumMetricsAnalyzed",
-          "documentation":"<p> An integer that specifies the number of metrics that have been analyzed in your AWS account. </p>"
+          "documentation":"<p> An integer that specifies the number of metrics that have been analyzed in your Amazon Web Services account. </p>"
         },
         "ResourceHours":{
           "shape":"ResourceHours",
-          "documentation":"<p>The number of Amazon DevOps Guru resource analysis hours billed to the current AWS account in the last hour. </p>"
+          "documentation":"<p>The number of Amazon DevOps Guru resource analysis hours billed to the current Amazon Web Services account in the last hour. </p>"
         }
       }
     },
@@ -738,11 +944,11 @@
       "members":{
         "ReactiveInsights":{
           "shape":"NumReactiveInsights",
-          "documentation":"<p> An integer that specifies the number of open reactive insights in your AWS account that were created during the time range passed in. </p>"
+          "documentation":"<p> An integer that specifies the number of open reactive insights in your Amazon Web Services account that were created during the time range passed in. </p>"
         },
         "ProactiveInsights":{
           "shape":"NumProactiveInsights",
-          "documentation":"<p> An integer that specifies the number of open proactive insights in your AWS account that were created during the time range passed in. </p>"
+          "documentation":"<p> An integer that specifies the number of open proactive insights in your Amazon Web Services account that were created during the time range passed in. </p>"
         },
         "MeanTimeToRecoverInMilliseconds":{
           "shape":"MeanTimeToRecoverInMilliseconds",
@@ -759,6 +965,12 @@
           "documentation":"<p> The ID of the anomaly. </p>",
           "location":"uri",
           "locationName":"Id"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the member account.</p>",
+          "location":"querystring",
+          "locationName":"AccountId"
         }
       }
     },
@@ -767,11 +979,11 @@
       "members":{
         "ProactiveAnomaly":{
           "shape":"ProactiveAnomaly",
-          "documentation":"<p> A <code>ReactiveAnomaly</code> object that represents the requested anomaly. </p>"
+          "documentation":"<p> A <code>ProactiveAnomaly</code> object that represents the requested anomaly. </p>"
         },
         "ReactiveAnomaly":{
           "shape":"ReactiveAnomaly",
-          "documentation":"<p> A <code>ProactiveAnomaly</code> object that represents the requested anomaly. </p>"
+          "documentation":"<p> A <code>ReactiveAnomaly</code> object that represents the requested anomaly. </p>"
         }
       }
     },
@@ -799,6 +1011,12 @@
           "documentation":"<p> The ID of the insight. </p>",
           "location":"uri",
           "locationName":"Id"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the member account in the organization.</p>",
+          "location":"querystring",
+          "locationName":"AccountId"
         }
       }
     },
@@ -815,13 +1033,143 @@
         }
       }
     },
+    "DescribeOrganizationHealthRequest":{
+      "type":"structure",
+      "members":{
+        "AccountIds":{
+          "shape":"AccountIdList",
+          "documentation":"<p>The ID of the Amazon Web Services account.</p>"
+        },
+        "OrganizationalUnitIds":{
+          "shape":"OrganizationalUnitIdList",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationHealthResponse":{
+      "type":"structure",
+      "required":[
+        "OpenReactiveInsights",
+        "OpenProactiveInsights",
+        "MetricsAnalyzed",
+        "ResourceHours"
+      ],
+      "members":{
+        "OpenReactiveInsights":{
+          "shape":"NumOpenReactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open reactive insights in your Amazon Web Services account.</p>"
+        },
+        "OpenProactiveInsights":{
+          "shape":"NumOpenProactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open proactive insights in your Amazon Web Services account.</p>"
+        },
+        "MetricsAnalyzed":{
+          "shape":"NumMetricsAnalyzed",
+          "documentation":"<p>An integer that specifies the number of metrics that have been analyzed in your organization.</p>"
+        },
+        "ResourceHours":{
+          "shape":"ResourceHours",
+          "documentation":"<p>The number of Amazon DevOps Guru resource analysis hours billed to the current Amazon Web Services account in the last hour. </p>"
+        }
+      }
+    },
+    "DescribeOrganizationOverviewRequest":{
+      "type":"structure",
+      "required":["FromTime"],
+      "members":{
+        "FromTime":{
+          "shape":"Timestamp",
+          "documentation":"<p> The start of the time range passed in. The start time granularity is at the day level. The floor of the start time is used. Returned information occurred after this day. </p>"
+        },
+        "ToTime":{
+          "shape":"Timestamp",
+          "documentation":"<p> The end of the time range passed in. The start time granularity is at the day level. The floor of the start time is used. Returned information occurred before this day. If this is not specified, then the current day is used. </p>"
+        },
+        "AccountIds":{
+          "shape":"AccountIdList",
+          "documentation":"<p>The ID of the Amazon Web Services account.</p>"
+        },
+        "OrganizationalUnitIds":{
+          "shape":"OrganizationalUnitIdList",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationOverviewResponse":{
+      "type":"structure",
+      "required":[
+        "ReactiveInsights",
+        "ProactiveInsights"
+      ],
+      "members":{
+        "ReactiveInsights":{
+          "shape":"NumReactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open reactive insights in your Amazon Web Services account.</p>"
+        },
+        "ProactiveInsights":{
+          "shape":"NumProactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open proactive insights in your Amazon Web Services account.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationResourceCollectionHealthRequest":{
+      "type":"structure",
+      "required":["OrganizationResourceCollectionType"],
+      "members":{
+        "OrganizationResourceCollectionType":{
+          "shape":"OrganizationResourceCollectionType",
+          "documentation":"<p> An Amazon Web Services resource collection type. This type specifies how analyzed Amazon Web Services resources are defined. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
+        },
+        "AccountIds":{
+          "shape":"AccountIdList",
+          "documentation":"<p>The ID of the Amazon Web Services account.</p>"
+        },
+        "OrganizationalUnitIds":{
+          "shape":"OrganizationalUnitIdList",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If this value is null, it retrieves the first page.</p>"
+        },
+        "MaxResults":{
+          "shape":"OrganizationResourceCollectionMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationResourceCollectionHealthResponse":{
+      "type":"structure",
+      "members":{
+        "CloudFormation":{
+          "shape":"CloudFormationHealths",
+          "documentation":"<p>The returned <code>CloudFormationHealthOverview</code> object that contains an <code>InsightHealthOverview</code> object with the requested system health information.</p>"
+        },
+        "Service":{
+          "shape":"ServiceHealths",
+          "documentation":"<p>An array of <code>ServiceHealth</code> objects that describes the health of the Amazon Web Services services associated with the resources in the collection.</p>"
+        },
+        "Account":{
+          "shape":"AccountHealths",
+          "documentation":"<p>The name of the organization's account.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If there are no more pages, this value is null.</p>"
+        },
+        "Tags":{
+          "shape":"TagHealths",
+          "documentation":"<p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        }
+      }
+    },
     "DescribeResourceCollectionHealthRequest":{
       "type":"structure",
       "required":["ResourceCollectionType"],
       "members":{
         "ResourceCollectionType":{
           "shape":"ResourceCollectionType",
-          "documentation":"<p> An AWS resource collection type. This type specifies how analyzed AWS resources are defined. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. </p>",
+          "documentation":"<p> An Amazon Web Services resource collection type. This type specifies how analyzed Amazon Web Services resources are defined. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>",
           "location":"uri",
           "locationName":"ResourceCollectionType"
         },
@@ -835,7 +1183,6 @@
     },
     "DescribeResourceCollectionHealthResponse":{
       "type":"structure",
-      "required":["CloudFormation"],
       "members":{
         "CloudFormation":{
           "shape":"CloudFormationHealths",
@@ -843,11 +1190,15 @@
         },
         "Service":{
           "shape":"ServiceHealths",
-          "documentation":"<p>An array of <code>ServiceHealth</code> objects that describes the health of the AWS services associated with the resources in the collection.</p>"
+          "documentation":"<p>An array of <code>ServiceHealth</code> objects that describes the health of the Amazon Web Services services associated with the resources in the collection.</p>"
         },
         "NextToken":{
           "shape":"UuidNextToken",
           "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If there are no more pages, this value is null.</p>"
+        },
+        "Tags":{
+          "shape":"TagHealths",
+          "documentation":"<p>The Amazon Web Services tags that are used by resources in the resource collection.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
         }
       }
     },
@@ -894,7 +1245,7 @@
         },
         "EventSource":{
           "shape":"EventSource",
-          "documentation":"<p> The AWS source that emitted the event. </p>"
+          "documentation":"<p> The Amazon Web Services source that emitted the event. </p>"
         },
         "Name":{
           "shape":"EventName",
@@ -913,7 +1264,7 @@
           "documentation":"<p> An <code>EventResource</code> object that contains information about the resource that emitted the event. </p>"
         }
       },
-      "documentation":"<p> An AWS resource event. AWS resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
+      "documentation":"<p> An Amazon Web Services resource event. Amazon Web Services resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
     },
     "EventClass":{
       "type":"string",
@@ -954,7 +1305,7 @@
           "documentation":"<p> The Amazon Resource Name (ARN) of the resource that emitted an event. </p>"
         }
       },
-      "documentation":"<p> The AWS resource that emitted an event. AWS resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
+      "documentation":"<p> The Amazon Web Services resource that emitted an event. Amazon Web Services resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
     },
     "EventResourceArn":{
       "type":"string",
@@ -1000,7 +1351,7 @@
           "documentation":"<p> The time when the event ended. </p>"
         }
       },
-      "documentation":"<p> The time range during which an AWS event occurred. AWS resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
+      "documentation":"<p> The time range during which an Amazon Web Services event occurred. Amazon Web Services resource events and metrics are analyzed by DevOps Guru to find anomalous behavior and provide recommendations to improve your operational solutions. </p>"
     },
     "Events":{
       "type":"list",
@@ -1022,7 +1373,7 @@
       "members":{
         "ResourceCollection":{
           "shape":"CostEstimationResourceCollectionFilter",
-          "documentation":"<p>The collection of the AWS resources used to create your monthly DevOps Guru cost estimate.</p>"
+          "documentation":"<p>The collection of the Amazon Web Services resources used to create your monthly DevOps Guru cost estimate.</p>"
         },
         "Status":{
           "shape":"CostEstimationStatus",
@@ -1030,7 +1381,7 @@
         },
         "Costs":{
           "shape":"ServiceResourceCosts",
-          "documentation":"<p>An array of <code>ResourceCost</code> objects that each contains details about the monthly cost estimate to analyze one of your AWS resources.</p>"
+          "documentation":"<p>An array of <code>ResourceCost</code> objects that each contains details about the monthly cost estimate to analyze one of your Amazon Web Services resources.</p>"
         },
         "TimeRange":{
           "shape":"CostEstimationTimeRange",
@@ -1038,7 +1389,7 @@
         },
         "TotalCost":{
           "shape":"Cost",
-          "documentation":"<p>The estimated monthly cost to analyze the AWS resources. This value is the sum of the estimated costs to analyze each resource in the <code>Costs</code> object in this response.</p>"
+          "documentation":"<p>The estimated monthly cost to analyze the Amazon Web Services resources. This value is the sum of the estimated costs to analyze each resource in the <code>Costs</code> object in this response.</p>"
         },
         "NextToken":{
           "shape":"UuidNextToken",
@@ -1052,7 +1403,7 @@
       "members":{
         "ResourceCollectionType":{
           "shape":"ResourceCollectionType",
-          "documentation":"<p> The type of AWS resource collections to return. The one valid value is <code>CLOUD_FORMATION</code> for AWS CloudFormation stacks. </p>",
+          "documentation":"<p> The type of Amazon Web Services resource collections to return. The one valid value is <code>CLOUD_FORMATION</code> for Amazon Web Services CloudFormation stacks. </p>",
           "location":"uri",
           "locationName":"ResourceCollectionType"
         },
@@ -1069,7 +1420,7 @@
       "members":{
         "ResourceCollection":{
           "shape":"ResourceCollectionFilter",
-          "documentation":"<p> The requested list of AWS resource collections. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+          "documentation":"<p> The requested list of Amazon Web Services resource collections. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
         },
         "NextToken":{
           "shape":"UuidNextToken",
@@ -1223,6 +1574,10 @@
         "NextToken":{
           "shape":"UuidNextToken",
           "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If this value is null, it retrieves the first page.</p>"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
         }
       }
     },
@@ -1260,7 +1615,7 @@
         },
         "EventSource":{
           "shape":"EventSource",
-          "documentation":"<p> The AWS source that emitted the events you want to filter for. </p>"
+          "documentation":"<p> The Amazon Web Services source that emitted the events you want to filter for. </p>"
         },
         "DataSource":{
           "shape":"EventDataSource",
@@ -1290,6 +1645,10 @@
         "NextToken":{
           "shape":"UuidNextToken",
           "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If this value is null, it retrieves the first page.</p>"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
         }
       }
     },
@@ -1307,6 +1666,12 @@
         }
       }
     },
+    "ListInsightsAccountIdList":{
+      "type":"list",
+      "member":{"shape":"AwsAccountId"},
+      "max":1,
+      "min":0
+    },
     "ListInsightsAnyStatusFilter":{
       "type":"structure",
       "required":[
@@ -1359,6 +1724,12 @@
       },
       "documentation":"<p> Used to filter for insights that have the status <code>ONGOING</code>. </p>"
     },
+    "ListInsightsOrganizationalUnitIdList":{
+      "type":"list",
+      "member":{"shape":"OrganizationalUnitId"},
+      "max":1,
+      "min":0
+    },
     "ListInsightsRequest":{
       "type":"structure",
       "required":["StatusFilter"],
@@ -1434,6 +1805,46 @@
         }
       }
     },
+    "ListOrganizationInsightsRequest":{
+      "type":"structure",
+      "required":["StatusFilter"],
+      "members":{
+        "StatusFilter":{"shape":"ListInsightsStatusFilter"},
+        "MaxResults":{
+          "shape":"ListInsightsMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "AccountIds":{
+          "shape":"ListInsightsAccountIdList",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
+        },
+        "OrganizationalUnitIds":{
+          "shape":"ListInsightsOrganizationalUnitIdList",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If this value is null, it retrieves the first page.</p>"
+        }
+      }
+    },
+    "ListOrganizationInsightsResponse":{
+      "type":"structure",
+      "members":{
+        "ProactiveInsights":{
+          "shape":"ProactiveOrganizationInsights",
+          "documentation":"<p>An integer that specifies the number of open proactive insights in your Amazon Web Services account.</p>"
+        },
+        "ReactiveInsights":{
+          "shape":"ReactiveOrganizationInsights",
+          "documentation":"<p>An integer that specifies the number of open reactive insights in your Amazon Web Services account.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If there are no more pages, this value is null.</p>"
+        }
+      }
+    },
     "ListRecommendationsRequest":{
       "type":"structure",
       "required":["InsightId"],
@@ -1449,6 +1860,10 @@
         "Locale":{
           "shape":"Locale",
           "documentation":"<p>A locale that specifies the language to use for recommendations.</p>"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
         }
       }
     },
@@ -1482,6 +1897,7 @@
       ]
     },
     "MeanTimeToRecoverInMilliseconds":{"type":"long"},
+    "MetricValue":{"type":"double"},
     "NotificationChannel":{
       "type":"structure",
       "members":{
@@ -1494,7 +1910,7 @@
           "documentation":"<p> A <code>NotificationChannelConfig</code> object that contains information about configured notification channels. </p>"
         }
       },
-      "documentation":"<p> Information about a notification channel. A notification channel is used to notify you when DevOps Guru creates an insight. The one supported notification channel is Amazon Simple Notification Service (Amazon SNS). </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for AWS KMS–encrypted Amazon SNS topics</a>.</p>"
+      "documentation":"<p> Information about a notification channel. A notification channel is used to notify you when DevOps Guru creates an insight. The one supported notification channel is Amazon Simple Notification Service (Amazon SNS). </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an Amazon Web Services Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for Amazon Web Services KMS–encrypted Amazon SNS topics</a>.</p>"
     },
     "NotificationChannelConfig":{
       "type":"structure",
@@ -1502,7 +1918,7 @@
       "members":{
         "Sns":{
           "shape":"SnsChannelConfig",
-          "documentation":"<p> Information about a notification channel configured in DevOps Guru to send notifications when insights are created. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for AWS KMS–encrypted Amazon SNS topics</a>.</p>"
+          "documentation":"<p> Information about a notification channel configured in DevOps Guru to send notifications when insights are created. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an Amazon Web Services Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for Amazon Web Services KMS–encrypted Amazon SNS topics</a>.</p>"
         }
       },
       "documentation":"<p> Information about notification channels you have configured with DevOps Guru. The one supported notification channel is Amazon Simple Notification Service (Amazon SNS).</p>"
@@ -1523,29 +1939,222 @@
       "members":{
         "OptInStatus":{
           "shape":"OptInStatus",
-          "documentation":"<p> Specifies if DevOps Guru is enabled to create an AWS Systems Manager OpsItem for each created insight. </p>"
+          "documentation":"<p> Specifies if DevOps Guru is enabled to create an Amazon Web Services Systems Manager OpsItem for each created insight. </p>"
         }
       },
-      "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in AWS Systems Manager OpsCenter for each created insight. </p>"
+      "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in Amazon Web Services Systems Manager OpsCenter for each created insight. </p>"
     },
     "OpsCenterIntegrationConfig":{
       "type":"structure",
       "members":{
         "OptInStatus":{
           "shape":"OptInStatus",
-          "documentation":"<p> Specifies if DevOps Guru is enabled to create an AWS Systems Manager OpsItem for each created insight. </p>"
+          "documentation":"<p> Specifies if DevOps Guru is enabled to create an Amazon Web Services Systems Manager OpsItem for each created insight. </p>"
         }
       },
-      "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in AWS Systems Manager OpsCenter for each created insight. </p>"
+      "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in Amazon Web Services Systems Manager OpsCenter for each created insight. </p>"
     },
     "OptInStatus":{
       "type":"string",
-      "documentation":"<p> Specifies if DevOps Guru is enabled to create an AWS Systems Manager OpsItem for each created insight. </p>",
+      "documentation":"<p> Specifies if DevOps Guru is enabled to create an Amazon Web Services Systems Manager OpsItem for each created insight. </p>",
       "enum":[
         "ENABLED",
         "DISABLED"
       ]
     },
+    "OrganizationResourceCollectionMaxResults":{
+      "type":"integer",
+      "max":500,
+      "min":1
+    },
+    "OrganizationResourceCollectionType":{
+      "type":"string",
+      "enum":[
+        "AWS_CLOUD_FORMATION",
+        "AWS_SERVICE",
+        "AWS_ACCOUNT",
+        "AWS_TAGS"
+      ]
+    },
+    "OrganizationalUnitId":{
+      "type":"string",
+      "max":68,
+      "pattern":"^ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}$"
+    },
+    "OrganizationalUnitIdList":{
+      "type":"list",
+      "member":{"shape":"OrganizationalUnitId"},
+      "max":5,
+      "min":0
+    },
+    "PerformanceInsightsMetricDimension":{"type":"string"},
+    "PerformanceInsightsMetricDimensionGroup":{
+      "type":"structure",
+      "members":{
+        "Group":{
+          "shape":"PerformanceInsightsMetricGroup",
+          "documentation":"<p>The name of the dimension group. Its valid values are:</p> <ul> <li> <p> <code>db</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, Amazon RDS PostgreSQL, Aurora MySQL, Amazon RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.application</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.session_type</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql</code> - The SQL that is currently executing (all engines)</p> </li> <li> <p> <code>db.sql_tokenized</code> - The SQL digest (all engines)</p> </li> <li> <p> <code>db.wait_event</code> - The event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type</code> - The type of event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.user</code> - The user logged in to the database (all engines)</p> </li> </ul>"
+        },
+        "Dimensions":{
+          "shape":"PerformanceInsightsMetricDimensions",
+          "documentation":"<p>A list of specific dimensions from a dimension group. If this parameter is not present, then it signifies that all of the dimensions in the group were requested or are present in the response.</p> <p>Valid values for elements in the <code>Dimensions</code> array are:</p> <ul> <li> <p> <code>db.application.name</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host.id</code> - The host ID of the connected client (all engines)</p> </li> <li> <p> <code>db.host.name</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.name</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, Amazon RDS PostgreSQL, Aurora MySQL, Amazon RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.session_type.name</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql.id</code> - The SQL ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql.db_id</code> - The SQL ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql.statement</code> - The SQL text that is being executed (all engines)</p> </li> <li> <p> <code>db.sql.tokenized_id</code> </p> </li> <li> <p> <code>db.sql_tokenized.id</code> - The SQL digest ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.db_id</code> - SQL digest ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.statement</code> - The SQL digest text (all engines)</p> </li> <li> <p> <code>db.user.id</code> - The ID of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.user.name</code> - The name of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.wait_event.name</code> - The event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event.type</code> - The type of event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type.name</code> - The name of the event type for which the backend is waiting (all engines)</p> </li> </ul>"
+        },
+        "Limit":{
+          "shape":"PerformanceInsightsMetricLimitInteger",
+          "documentation":"<p>The maximum number of items to fetch for this dimension group.</p>"
+        }
+      },
+      "documentation":"<p>A logical grouping of Performance Insights metrics for a related subject area. For example, the <code>db.sql</code> dimension group consists of the following dimensions: <code>db.sql.id</code>, <code>db.sql.db_id</code>, <code>db.sql.statement</code>, and <code>db.sql.tokenized_id</code>.</p> <note> <p>Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned.</p> </note> <p>Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. DB load is measured as average active sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host. </p> <ul> <li> <p>To learn more about Performance Insights and Amazon Aurora DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.html\"> Amazon Aurora User Guide</a>. </p> </li> <li> <p>To learn more about Performance Insights and Amazon RDS DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Amazon RDS User Guide</a>. </p> </li> </ul>"
+    },
+    "PerformanceInsightsMetricDimensions":{
+      "type":"list",
+      "member":{"shape":"PerformanceInsightsMetricDimension"}
+    },
+    "PerformanceInsightsMetricDisplayName":{"type":"string"},
+    "PerformanceInsightsMetricFilterKey":{"type":"string"},
+    "PerformanceInsightsMetricFilterMap":{
+      "type":"map",
+      "key":{"shape":"PerformanceInsightsMetricFilterKey"},
+      "value":{"shape":"PerformanceInsightsMetricFilterValue"}
+    },
+    "PerformanceInsightsMetricFilterValue":{"type":"string"},
+    "PerformanceInsightsMetricGroup":{"type":"string"},
+    "PerformanceInsightsMetricLimitInteger":{
+      "type":"integer",
+      "box":true,
+      "max":10,
+      "min":1
+    },
+    "PerformanceInsightsMetricName":{"type":"string"},
+    "PerformanceInsightsMetricQuery":{
+      "type":"structure",
+      "members":{
+        "Metric":{
+          "shape":"PerformanceInsightsMetricName",
+          "documentation":"<p>The name of the meteric used used when querying an Performance Insights <code>GetResourceMetrics</code> API for anomaly metrics.</p> <p>Valid values for <code>Metric</code> are:</p> <ul> <li> <p> <code>db.load.avg</code> - a scaled representation of the number of active sessions for the database engine.</p> </li> <li> <p> <code>db.sampledload.avg</code> - the raw number of active sessions for the database engine.</p> </li> </ul> <p>If the number of active sessions is less than an internal Performance Insights threshold, <code>db.load.avg</code> and <code>db.sampledload.avg</code> are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with <code>db.load.avg</code> showing the scaled values, <code>db.sampledload.avg</code> showing the raw values, and <code>db.sampledload.avg</code> less than <code>db.load.avg</code>. For most use cases, you can query <code>db.load.avg</code> only. </p>"
+        },
+        "GroupBy":{
+          "shape":"PerformanceInsightsMetricDimensionGroup",
+          "documentation":"<p>The specification for how to aggregate the data points from a Performance Insights <code>GetResourceMetrics</code> API query. The Performance Insights query returns all of the dimensions within that group, unless you provide the names of specific dimensions within that group. You can also request that Performance Insights return a limited number of values for a dimension.</p>"
+        },
+        "Filter":{
+          "shape":"PerformanceInsightsMetricFilterMap",
+          "documentation":"<p>One or more filters to apply to a Performance Insights <code>GetResourceMetrics</code> API query. Restrictions:</p> <ul> <li> <p>Any number of filters by the same dimension, as specified in the <code>GroupBy</code> parameter.</p> </li> <li> <p>A single filter for any other dimension in this dimension group.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>A single query to be processed. Use these parameters to query the Performance Insights <code>GetResourceMetrics</code> API to retrieve the metrics for an anomaly. For more information, see <code> <a href=\"https://docs.aws.amazon.com/performance-insights/latest/APIReference/API_GetResourceMetrics.html\">GetResourceMetrics</a> </code> in the <i>Amazon RDS Performance Insights API Reference</i>.</p> <p>Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. DB load is measured as average active sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host. </p> <ul> <li> <p>To learn more about Performance Insights and Amazon Aurora DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.html\"> Amazon Aurora User Guide</a>. </p> </li> <li> <p>To learn more about Performance Insights and Amazon RDS DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Amazon RDS User Guide</a>. </p> </li> </ul>"
+    },
+    "PerformanceInsightsMetricUnit":{"type":"string"},
+    "PerformanceInsightsMetricsDetail":{
+      "type":"structure",
+      "members":{
+        "MetricDisplayName":{
+          "shape":"PerformanceInsightsMetricDisplayName",
+          "documentation":"<p>The name used for a specific Performance Insights metric.</p>"
+        },
+        "Unit":{
+          "shape":"PerformanceInsightsMetricUnit",
+          "documentation":"<p>The unit of measure for a metric. For example, a session or a process.</p>"
+        },
+        "MetricQuery":{
+          "shape":"PerformanceInsightsMetricQuery",
+          "documentation":"<p>A single query to be processed for the metric. For more information, see <code> <a href=\"https://docs.aws.amazon.com/devops-guru/latest/APIReference/API_PerformanceInsightsMetricQuery.html\">PerformanceInsightsMetricQuery</a> </code>.</p>"
+        },
+        "ReferenceData":{
+          "shape":"PerformanceInsightsReferenceDataList",
+          "documentation":"<p> For more information, see <code> <a href=\"https://docs.aws.amazon.com/devops-guru/latest/APIReference/API_PerformanceInsightsReferenceData.html\">PerformanceInsightsReferenceData</a> </code>. </p>"
+        },
+        "StatsAtAnomaly":{
+          "shape":"PerformanceInsightsStats",
+          "documentation":"<p>The metric statistics during the anomalous period detected by DevOps Guru;</p>"
+        },
+        "StatsAtBaseline":{
+          "shape":"PerformanceInsightsStats",
+          "documentation":"<p>Typical metric statistics that are not considered anomalous. When DevOps Guru analyzes metrics, it compares them to <code>StatsAtBaseline</code> to help determine if they are anomalous.</p>"
+        }
+      },
+      "documentation":"<p>Details about Performance Insights metrics.</p> <p>Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. DB load is measured as average active sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host. </p> <ul> <li> <p>To learn more about Performance Insights and Amazon Aurora DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.html\"> Amazon Aurora User Guide</a>. </p> </li> <li> <p>To learn more about Performance Insights and Amazon RDS DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Amazon RDS User Guide</a>. </p> </li> </ul>"
+    },
+    "PerformanceInsightsMetricsDetails":{
+      "type":"list",
+      "member":{"shape":"PerformanceInsightsMetricsDetail"}
+    },
+    "PerformanceInsightsReferenceComparisonValues":{
+      "type":"structure",
+      "members":{
+        "ReferenceScalar":{
+          "shape":"PerformanceInsightsReferenceScalar",
+          "documentation":"<p>A scalar value DevOps Guru for a metric that DevOps Guru compares to actual metric values. This reference value is used to determine if an actual metric value should be considered anomalous.</p>"
+        },
+        "ReferenceMetric":{
+          "shape":"PerformanceInsightsReferenceMetric",
+          "documentation":"<p>A metric that DevOps Guru compares to actual metric values. This reference metric is used to determine if an actual metric should be considered anomalous.</p>"
+        }
+      },
+      "documentation":"<p>Reference scalar values and other metrics that DevOps Guru displays on a graph in its console along with the actual metrics it analyzed. Compare these reference values to your actual metrics to help you understand anomalous behavior that DevOps Guru detected.</p>"
+    },
+    "PerformanceInsightsReferenceData":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"PerformanceInsightsReferenceName",
+          "documentation":"<p>The name of the reference data.</p>"
+        },
+        "ComparisonValues":{
+          "shape":"PerformanceInsightsReferenceComparisonValues",
+          "documentation":"<p>The specific reference values used to evaluate the Performance Insights. For more information, see <code> <a href=\"https://docs.aws.amazon.com/devops-guru/latest/APIReference/API_PerformanceInsightsReferenceComparisonValues.html\">PerformanceInsightsReferenceComparisonValues</a> </code>. </p>"
+        }
+      },
+      "documentation":"<p>Reference data used to evaluate Performance Insights to determine if its performance is anomalous or not.</p>"
+    },
+    "PerformanceInsightsReferenceDataList":{
+      "type":"list",
+      "member":{"shape":"PerformanceInsightsReferenceData"}
+    },
+    "PerformanceInsightsReferenceMetric":{
+      "type":"structure",
+      "members":{
+        "MetricQuery":{
+          "shape":"PerformanceInsightsMetricQuery",
+          "documentation":"<p>A query to be processed on the metric.</p>"
+        }
+      },
+      "documentation":"<p>Information about a reference metric used to evaluate Performance Insights.</p>"
+    },
+    "PerformanceInsightsReferenceName":{"type":"string"},
+    "PerformanceInsightsReferenceScalar":{
+      "type":"structure",
+      "members":{
+        "Value":{
+          "shape":"PerformanceInsightsValueDouble",
+          "documentation":"<p>The reference value.</p>"
+        }
+      },
+      "documentation":"<p>A reference value to compare Performance Insights metrics against to determine if the metrics demonstrate anomalous behavior.</p>"
+    },
+    "PerformanceInsightsStat":{
+      "type":"structure",
+      "members":{
+        "Type":{
+          "shape":"PerformanceInsightsStatType",
+          "documentation":"<p>The statistic type.</p>"
+        },
+        "Value":{
+          "shape":"PerformanceInsightsValueDouble",
+          "documentation":"<p>The value of the statistic.</p>"
+        }
+      },
+      "documentation":"<p>A statistic in a Performance Insights collection.</p>"
+    },
+    "PerformanceInsightsStatType":{"type":"string"},
+    "PerformanceInsightsStats":{
+      "type":"list",
+      "member":{"shape":"PerformanceInsightsStat"}
+    },
+    "PerformanceInsightsValueDouble":{
+      "type":"double",
+      "box":true
+    },
     "PredictionTimeRange":{
       "type":"structure",
       "required":["StartTime"],
@@ -1574,7 +2183,7 @@
         },
         "Severity":{
           "shape":"AnomalySeverity",
-          "documentation":"<p> The severity of a proactive anomaly. </p>"
+          "documentation":"<p>The severity of the anomaly. The severity of anomalies that generate an insight determine that insight's severity. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"AnomalyStatus",
@@ -1587,7 +2196,7 @@
         "AnomalyTimeRange":{"shape":"AnomalyTimeRange"},
         "AnomalyReportedTimeRange":{
           "shape":"AnomalyReportedTimeRange",
-          "documentation":"<p> A <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
+          "documentation":"<p> An <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
         },
         "PredictionTimeRange":{"shape":"PredictionTimeRange"},
         "SourceDetails":{
@@ -1615,7 +2224,7 @@
         },
         "Severity":{
           "shape":"AnomalySeverity",
-          "documentation":"<p>The severity of the anomaly.</p>"
+          "documentation":"<p>The severity of the anomaly. The severity of anomalies that generate an insight determine that insight's severity. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"AnomalyStatus",
@@ -1628,7 +2237,7 @@
         "AnomalyTimeRange":{"shape":"AnomalyTimeRange"},
         "AnomalyReportedTimeRange":{
           "shape":"AnomalyReportedTimeRange",
-          "documentation":"<p> A <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
+          "documentation":"<p> An <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
         },
         "PredictionTimeRange":{"shape":"PredictionTimeRange"},
         "SourceDetails":{
@@ -1660,7 +2269,7 @@
         },
         "Severity":{
           "shape":"InsightSeverity",
-          "documentation":"<p>The severity of the proactive insight. </p>"
+          "documentation":"<p>The severity of the insight. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"InsightStatus",
@@ -1671,7 +2280,7 @@
         "ResourceCollection":{"shape":"ResourceCollection"},
         "SsmOpsItemId":{
           "shape":"SsmOpsItemId",
-          "documentation":"<p> The ID of the AWS System Manager OpsItem created for this insight. You must enable the creation of OpstItems insights before they are created for each insight. </p>"
+          "documentation":"<p> The ID of the Amazon Web Services System Manager OpsItem created for this insight. You must enable the creation of OpstItems insights before they are created for each insight. </p>"
         }
       },
       "documentation":"<p>Details about a proactive insight. This object is returned by <code>ListInsights</code>.</p>"
@@ -1689,7 +2298,7 @@
         },
         "Severity":{
           "shape":"InsightSeverity",
-          "documentation":"<p>The severity of the proactive insight. </p>"
+          "documentation":"<p>The severity of the insight. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"InsightStatus",
@@ -1700,7 +2309,11 @@
         "ResourceCollection":{"shape":"ResourceCollection"},
         "ServiceCollection":{
           "shape":"ServiceCollection",
-          "documentation":"<p>A collection of the names of AWS services.</p>"
+          "documentation":"<p>A collection of the names of Amazon Web Services services.</p>"
+        },
+        "AssociatedResourceArns":{
+          "shape":"AssociatedResourceArns",
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the Amazon Web Services resources that generated this insight.</p>"
         }
       },
       "documentation":"<p>Details about a proactive insight. This object is returned by <code>DescribeInsight.</code> </p>"
@@ -1709,6 +2322,44 @@
       "type":"list",
       "member":{"shape":"ProactiveInsightSummary"}
     },
+    "ProactiveOrganizationInsightSummary":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"InsightId",
+          "documentation":"<p>The ID of the insight summary.</p>"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account.</p>"
+        },
+        "OrganizationalUnitId":{
+          "shape":"OrganizationalUnitId",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        },
+        "Name":{
+          "shape":"InsightName",
+          "documentation":"<p>The name of the insight summary.</p>"
+        },
+        "Severity":{
+          "shape":"InsightSeverity",
+          "documentation":"<p> An array of severity values used to search for insights. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
+        },
+        "Status":{
+          "shape":"InsightStatus",
+          "documentation":"<p> An array of status values used to search for insights. </p>"
+        },
+        "InsightTimeRange":{"shape":"InsightTimeRange"},
+        "PredictionTimeRange":{"shape":"PredictionTimeRange"},
+        "ResourceCollection":{"shape":"ResourceCollection"},
+        "ServiceCollection":{"shape":"ServiceCollection"}
+      },
+      "documentation":"<p>Details about a proactive insight. This object is returned by <code>DescribeInsight</code>.</p>"
+    },
+    "ProactiveOrganizationInsights":{
+      "type":"list",
+      "member":{"shape":"ProactiveOrganizationInsightSummary"}
+    },
     "PutFeedbackRequest":{
       "type":"structure",
       "members":{
@@ -1736,7 +2387,7 @@
         },
         "Severity":{
           "shape":"AnomalySeverity",
-          "documentation":"<p>The severity of the anomaly. </p>"
+          "documentation":"<p>The severity of the anomaly. The severity of anomalies that generate an insight determine that insight's severity. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"AnomalyStatus",
@@ -1745,7 +2396,7 @@
         "AnomalyTimeRange":{"shape":"AnomalyTimeRange"},
         "AnomalyReportedTimeRange":{
           "shape":"AnomalyReportedTimeRange",
-          "documentation":"<p> A <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
+          "documentation":"<p> An <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
         },
         "SourceDetails":{
           "shape":"AnomalySourceDetails",
@@ -1755,7 +2406,27 @@
           "shape":"InsightId",
           "documentation":"<p> The ID of the insight that contains this anomaly. An insight is composed of related anomalies. </p>"
         },
-        "ResourceCollection":{"shape":"ResourceCollection"}
+        "ResourceCollection":{"shape":"ResourceCollection"},
+        "Type":{
+          "shape":"AnomalyType",
+          "documentation":"<p>The type of the reactive anomaly. It can be one of the following types.</p> <ul> <li> <p> <code>CAUSAL</code> - the anomaly can cause a new insight.</p> </li> <li> <p> <code>CONTEXTUAL</code> - the anomaly contains additional information about an insight or its causal anomaly.</p> </li> </ul>"
+        },
+        "Name":{
+          "shape":"AnomalyName",
+          "documentation":"<p>The name of the reactive anomaly.</p>"
+        },
+        "Description":{
+          "shape":"AnomalyDescription",
+          "documentation":"<p>A description of the reactive anomaly.</p>"
+        },
+        "CausalAnomalyId":{
+          "shape":"AnomalyId",
+          "documentation":"<p>The ID of the causal anomaly that is associated with this reactive anomaly. The ID of a `CAUSAL` anomaly is always `NULL`.</p>"
+        },
+        "AnomalyResources":{
+          "shape":"AnomalyResources",
+          "documentation":"<p>The Amazon Web Services resources in which anomalous behavior was detected by DevOps Guru.</p>"
+        }
       },
       "documentation":"<p>Details about a reactive anomaly. This object is returned by <code>ListAnomalies</code>.</p>"
     },
@@ -1768,7 +2439,7 @@
         },
         "Severity":{
           "shape":"AnomalySeverity",
-          "documentation":"<p> The severity of the reactive anomaly. </p>"
+          "documentation":"<p>The severity of the anomaly. The severity of anomalies that generate an insight determine that insight's severity. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"AnomalyStatus",
@@ -1777,7 +2448,7 @@
         "AnomalyTimeRange":{"shape":"AnomalyTimeRange"},
         "AnomalyReportedTimeRange":{
           "shape":"AnomalyReportedTimeRange",
-          "documentation":"<p> A <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
+          "documentation":"<p> An <code>AnomalyReportedTimeRange</code> object that specifies the time range between when the anomaly is opened and the time when it is closed. </p>"
         },
         "SourceDetails":{
           "shape":"AnomalySourceDetails",
@@ -1787,7 +2458,27 @@
           "shape":"InsightId",
           "documentation":"<p> The ID of the insight that contains this anomaly. An insight is composed of related anomalies. </p>"
         },
-        "ResourceCollection":{"shape":"ResourceCollection"}
+        "ResourceCollection":{"shape":"ResourceCollection"},
+        "Type":{
+          "shape":"AnomalyType",
+          "documentation":"<p>The type of the reactive anomaly. It can be one of the following types.</p> <ul> <li> <p> <code>CAUSAL</code> - the anomaly can cause a new insight.</p> </li> <li> <p> <code>CONTEXTUAL</code> - the anomaly contains additional information about an insight or its causal anomaly.</p> </li> </ul>"
+        },
+        "Name":{
+          "shape":"AnomalyName",
+          "documentation":"<p>The name of the reactive anomaly.</p>"
+        },
+        "Description":{
+          "shape":"AnomalyDescription",
+          "documentation":"<p>A description of the reactive anomaly.</p>"
+        },
+        "CausalAnomalyId":{
+          "shape":"AnomalyId",
+          "documentation":"<p>The ID of the causal anomaly that is associated with this reactive anomaly. The ID of a `CAUSAL` anomaly is always `NULL`.</p>"
+        },
+        "AnomalyResources":{
+          "shape":"AnomalyResources",
+          "documentation":"<p>The Amazon Web Services resources in which anomalous behavior was detected by DevOps Guru.</p>"
+        }
       },
       "documentation":"<p>Details about a reactive anomaly. This object is returned by <code>DescribeAnomaly.</code> </p>"
     },
@@ -1804,7 +2495,7 @@
         },
         "Severity":{
           "shape":"InsightSeverity",
-          "documentation":"<p> The severity of a reactive insight. </p>"
+          "documentation":"<p>The severity of the insight. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"InsightStatus",
@@ -1814,7 +2505,7 @@
         "ResourceCollection":{"shape":"ResourceCollection"},
         "SsmOpsItemId":{
           "shape":"SsmOpsItemId",
-          "documentation":"<p> The ID of the AWS System Manager OpsItem created for this insight. You must enable the creation of OpstItems insights before they are created for each insight. </p>"
+          "documentation":"<p> The ID of the Amazon Web Services System Manager OpsItem created for this insight. You must enable the creation of OpstItems insights before they are created for each insight. </p>"
         }
       },
       "documentation":"<p> Information about a reactive insight. This object is returned by <code>ListInsights</code>. </p>"
@@ -1832,7 +2523,7 @@
         },
         "Severity":{
           "shape":"InsightSeverity",
-          "documentation":"<p> The severity of a reactive insight. </p>"
+          "documentation":"<p>The severity of the insight. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
         },
         "Status":{
           "shape":"InsightStatus",
@@ -1842,7 +2533,11 @@
         "ResourceCollection":{"shape":"ResourceCollection"},
         "ServiceCollection":{
           "shape":"ServiceCollection",
-          "documentation":"<p>A collection of the names of AWS services.</p>"
+          "documentation":"<p>A collection of the names of Amazon Web Services services.</p>"
+        },
+        "AssociatedResourceArns":{
+          "shape":"AssociatedResourceArns",
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the Amazon Web Services resources that generated this insight.</p>"
         }
       },
       "documentation":"<p> Information about a reactive insight. This object is returned by <code>DescribeInsight.</code> </p>"
@@ -1851,6 +2546,43 @@
       "type":"list",
       "member":{"shape":"ReactiveInsightSummary"}
     },
+    "ReactiveOrganizationInsightSummary":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"InsightId",
+          "documentation":"<p>The ID of the insight summary.</p>"
+        },
+        "AccountId":{
+          "shape":"AwsAccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
+        },
+        "OrganizationalUnitId":{
+          "shape":"OrganizationalUnitId",
+          "documentation":"<p>The ID of the organizational unit.</p>"
+        },
+        "Name":{
+          "shape":"InsightName",
+          "documentation":"<p>The name of the insight summary.</p>"
+        },
+        "Severity":{
+          "shape":"InsightSeverity",
+          "documentation":"<p> An array of severity values used to search for insights. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/working-with-insights.html#understanding-insights-severities\">Understanding insight severities</a> in the <i>Amazon DevOps Guru User Guide</i>.</p>"
+        },
+        "Status":{
+          "shape":"InsightStatus",
+          "documentation":"<p> An array of status values used to search for insights. </p>"
+        },
+        "InsightTimeRange":{"shape":"InsightTimeRange"},
+        "ResourceCollection":{"shape":"ResourceCollection"},
+        "ServiceCollection":{"shape":"ServiceCollection"}
+      },
+      "documentation":"<p>Information about a reactive insight. This object is returned by <code>DescribeInsight</code>.</p>"
+    },
+    "ReactiveOrganizationInsights":{
+      "type":"list",
+      "member":{"shape":"ReactiveOrganizationInsightSummary"}
+    },
     "Recommendation":{
       "type":"structure",
       "members":{
@@ -1899,6 +2631,10 @@
         "SourceDetails":{
           "shape":"RelatedAnomalySourceDetails",
           "documentation":"<p> Information about where the anomalous behavior related the recommendation was found. For example, details in Amazon CloudWatch metrics. </p>"
+        },
+        "AnomalyId":{
+          "shape":"AnomalyId",
+          "documentation":"<p>The ID of an anomaly that generated the insight with this recommendation.</p>"
         }
       },
       "documentation":"<p> Information about an anomaly that is related to a recommendation. </p>"
@@ -1912,7 +2648,7 @@
         },
         "Type":{
           "shape":"RecommendationRelatedAnomalyResourceType",
-          "documentation":"<p> The type of the resource. </p>"
+          "documentation":"<p> The type of the resource. Resource types take the same form that is used by Amazon Web Services CloudFormation resource type identifiers, <code>service-provider::service-name::data-type-name</code>. For example, <code>AWS::RDS::DBCluster</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services resource and property types reference</a> in the <i>Amazon Web Services CloudFormation User Guide</i>.</p>"
         }
       },
       "documentation":"<p> Information about a resource in which DevOps Guru detected anomalous behavior. </p>"
@@ -1962,7 +2698,7 @@
         },
         "Resources":{
           "shape":"RecommendationRelatedEventResources",
-          "documentation":"<p> A <code>ResourceCollection</code> object that contains arrays of the names of AWS CloudFormation stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+          "documentation":"<p> A <code>ResourceCollection</code> object that contains arrays of the names of Amazon Web Services CloudFormation stacks. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
         }
       },
       "documentation":"<p> Information about an event that is related to a recommendation. </p>"
@@ -1980,7 +2716,7 @@
           "documentation":"<p> The type of the resource that emitted the event. This corresponds to the <code>Type</code> field in an <code>EventResource</code> object. </p>"
         }
       },
-      "documentation":"<p> Information about an AWS resource that emitted and event that is related to a recommendation in an insight. </p>"
+      "documentation":"<p> Information about an Amazon Web Services resource that emitted and event that is related to a recommendation in an insight. </p>"
     },
     "RecommendationRelatedEventResourceName":{"type":"string"},
     "RecommendationRelatedEventResourceType":{"type":"string"},
@@ -2019,36 +2755,51 @@
       "members":{
       }
     },
+    "ResourceArn":{
+      "type":"string",
+      "max":2048,
+      "min":20
+    },
     "ResourceCollection":{
       "type":"structure",
       "members":{
         "CloudFormation":{
           "shape":"CloudFormationCollection",
-          "documentation":"<p> An array of the names of AWS CloudFormation stacks. The stacks define AWS resources that DevOps Guru analyzes. You can specify up to 500 AWS CloudFormation stacks. </p>"
+          "documentation":"<p> An array of the names of Amazon Web Services CloudFormation stacks. The stacks define Amazon Web Services resources that DevOps Guru analyzes. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
+        },
+        "Tags":{
+          "shape":"TagCollections",
+          "documentation":"<p>The Amazon Web Services tags that are used by resources in the resource collection.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
         }
       },
-      "documentation":"<p> A collection of AWS resources supported by DevOps Guru. The one type of AWS resource collection supported is AWS CloudFormation stacks. DevOps Guru can be configured to analyze only the AWS resources that are defined in the stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+      "documentation":"<p> A collection of Amazon Web Services resources supported by DevOps Guru. The two types of Amazon Web Services resource collections supported are Amazon Web Services CloudFormation stacks and Amazon Web Services resources that contain the same Amazon Web Services tag. DevOps Guru can be configured to analyze the Amazon Web Services resources that are defined in the stacks or that are tagged using the same tag <i>key</i>. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
     },
     "ResourceCollectionFilter":{
       "type":"structure",
       "members":{
         "CloudFormation":{
           "shape":"CloudFormationCollectionFilter",
-          "documentation":"<p> Information about AWS CloudFormation stacks. You can use up to 500 stacks to specify which AWS resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>AWS CloudFormation User Guide</i>. </p>"
+          "documentation":"<p> Information about Amazon Web Services CloudFormation stacks. You can use up to 500 stacks to specify which Amazon Web Services resources in your account to analyze. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>Amazon Web Services CloudFormation User Guide</i>. </p>"
+        },
+        "Tags":{
+          "shape":"TagCollectionFilters",
+          "documentation":"<p>The Amazon Web Services tags used to filter the resources in the resource collection.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
         }
       },
-      "documentation":"<p> Information about a filter used to specify which AWS resources are analyzed for anomalous behavior by DevOps Guru. </p>"
+      "documentation":"<p> Information about a filter used to specify which Amazon Web Services resources are analyzed for anomalous behavior by DevOps Guru. </p>"
     },
     "ResourceCollectionType":{
       "type":"string",
       "enum":[
         "AWS_CLOUD_FORMATION",
-        "AWS_SERVICE"
+        "AWS_SERVICE",
+        "AWS_TAGS"
       ]
     },
     "ResourceHours":{"type":"long"},
     "ResourceIdString":{"type":"string"},
     "ResourceIdType":{"type":"string"},
+    "ResourceName":{"type":"string"},
     "ResourceNotFoundException":{
       "type":"structure",
       "required":[
@@ -2060,11 +2811,11 @@
         "Message":{"shape":"ErrorMessageString"},
         "ResourceId":{
           "shape":"ResourceIdString",
-          "documentation":"<p> The ID of the AWS resource that could not be found. </p>"
+          "documentation":"<p> The ID of the Amazon Web Services resource that could not be found. </p>"
         },
         "ResourceType":{
           "shape":"ResourceIdType",
-          "documentation":"<p> The type of the AWS resource that could not be found. </p>"
+          "documentation":"<p> The type of the Amazon Web Services resource that could not be found. </p>"
         }
       },
       "documentation":"<p>A requested resource could not be found</p>",
@@ -2078,6 +2829,12 @@
       "pattern":"^[a-zA-Z]+[a-zA-Z0-9-_:]*$"
     },
     "RetryAfterSeconds":{"type":"integer"},
+    "SearchInsightsAccountIdList":{
+      "type":"list",
+      "member":{"shape":"AwsAccountId"},
+      "max":1,
+      "min":1
+    },
     "SearchInsightsFilters":{
       "type":"structure",
       "members":{
@@ -2092,7 +2849,7 @@
         "ResourceCollection":{"shape":"ResourceCollection"},
         "ServiceCollection":{
           "shape":"ServiceCollection",
-          "documentation":"<p>A collection of the names of AWS services.</p>"
+          "documentation":"<p>A collection of the names of Amazon Web Services services.</p>"
         }
       },
       "documentation":"<p> Specifies one or more severity values and one or more status values that are used to search for insights. </p>"
@@ -2148,29 +2905,98 @@
         }
       }
     },
+    "SearchOrganizationInsightsFilters":{
+      "type":"structure",
+      "members":{
+        "Severities":{
+          "shape":"InsightSeverities",
+          "documentation":"<p> An array of severity values used to search for insights. </p>"
+        },
+        "Statuses":{
+          "shape":"InsightStatuses",
+          "documentation":"<p> An array of status values used to search for insights. </p>"
+        },
+        "ResourceCollection":{"shape":"ResourceCollection"},
+        "ServiceCollection":{"shape":"ServiceCollection"}
+      },
+      "documentation":"<p> Filters you can use to specify which events are returned when <code>ListEvents</code> is called. </p>"
+    },
+    "SearchOrganizationInsightsMaxResults":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "SearchOrganizationInsightsRequest":{
+      "type":"structure",
+      "required":[
+        "AccountIds",
+        "StartTimeRange",
+        "Type"
+      ],
+      "members":{
+        "AccountIds":{
+          "shape":"SearchInsightsAccountIdList",
+          "documentation":"<p>The ID of the Amazon Web Services account. </p>"
+        },
+        "StartTimeRange":{"shape":"StartTimeRange"},
+        "Filters":{
+          "shape":"SearchOrganizationInsightsFilters",
+          "documentation":"<p> A <code>SearchOrganizationInsightsFilters</code> object that is used to set the severity and status filters on your insight search. </p>"
+        },
+        "MaxResults":{
+          "shape":"SearchOrganizationInsightsMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If this value is null, it retrieves the first page.</p>"
+        },
+        "Type":{
+          "shape":"InsightType",
+          "documentation":"<p> The type of insights you are searching for (<code>REACTIVE</code> or <code>PROACTIVE</code>). </p>"
+        }
+      }
+    },
+    "SearchOrganizationInsightsResponse":{
+      "type":"structure",
+      "members":{
+        "ProactiveInsights":{
+          "shape":"ProactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open proactive insights in your Amazon Web Services account.</p>"
+        },
+        "ReactiveInsights":{
+          "shape":"ReactiveInsights",
+          "documentation":"<p>An integer that specifies the number of open reactive insights in your Amazon Web Services account.</p>"
+        },
+        "NextToken":{
+          "shape":"UuidNextToken",
+          "documentation":"<p>The pagination token to use to retrieve the next page of results for this operation. If there are no more pages, this value is null.</p>"
+        }
+      }
+    },
     "ServiceCollection":{
       "type":"structure",
       "members":{
         "ServiceNames":{
           "shape":"ServiceNames",
-          "documentation":"<p>An array of strings that each specifies the name of an AWS service.</p>"
+          "documentation":"<p>An array of strings that each specifies the name of an Amazon Web Services service.</p>"
         }
       },
-      "documentation":"<p>A collection of the names of AWS services.</p>"
+      "documentation":"<p>A collection of the names of Amazon Web Services services.</p>"
     },
     "ServiceHealth":{
       "type":"structure",
       "members":{
         "ServiceName":{
           "shape":"ServiceName",
-          "documentation":"<p>The name of the AWS service.</p>"
+          "documentation":"<p>The name of the Amazon Web Services service.</p>"
         },
         "Insight":{
           "shape":"ServiceInsightHealth",
-          "documentation":"<p>Represents the health of an AWS service. This is a <code>ServiceInsightHealth</code> that contains the number of open proactive and reactive insights for this service.</p>"
+          "documentation":"<p>Represents the health of an Amazon Web Services service. This is a <code>ServiceInsightHealth</code> that contains the number of open proactive and reactive insights for this service.</p>"
         }
       },
-      "documentation":"<p>Represents the health of an AWS service.</p>"
+      "documentation":"<p>Represents the health of an Amazon Web Services service.</p>"
     },
     "ServiceHealths":{
       "type":"list",
@@ -2181,24 +3007,24 @@
       "members":{
         "OpenProactiveInsights":{
           "shape":"NumOpenProactiveInsights",
-          "documentation":"<p>The number of open proactive insights in the AWS service</p>"
+          "documentation":"<p>The number of open proactive insights in the Amazon Web Services service</p>"
         },
         "OpenReactiveInsights":{
           "shape":"NumOpenReactiveInsights",
-          "documentation":"<p>The number of open reactive insights in the AWS service</p>"
+          "documentation":"<p>The number of open reactive insights in the Amazon Web Services service</p>"
         }
       },
-      "documentation":"<p>Contains the number of open proactive and reactive insights in an analyzed AWS service.</p>"
+      "documentation":"<p>Contains the number of open proactive and reactive insights in an analyzed Amazon Web Services service.</p>"
     },
     "ServiceIntegrationConfig":{
       "type":"structure",
       "members":{
         "OpsCenter":{
           "shape":"OpsCenterIntegration",
-          "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in AWS Systems Manager OpsCenter for each created insight. </p>"
+          "documentation":"<p> Information about whether DevOps Guru is configured to create an OpsItem in Amazon Web Services Systems Manager OpsCenter for each created insight. </p>"
         }
       },
-      "documentation":"<p> Information about the integration of DevOps Guru with another AWS service, such as AWS Systems Manager. </p>"
+      "documentation":"<p> Information about the integration of DevOps Guru with another Amazon Web Services service, such as Amazon Web Services Systems Manager. </p>"
     },
     "ServiceName":{
       "type":"string",
@@ -2248,11 +3074,11 @@
       "members":{
         "Type":{
           "shape":"ResourceType",
-          "documentation":"<p>The type of the AWS resource.</p>"
+          "documentation":"<p>The type of the Amazon Web Services resource.</p>"
         },
         "State":{
           "shape":"CostEstimationServiceResourceState",
-          "documentation":"<p>The state of the resource. The resource is <code>ACTIVE</code> if it produces metrics, events, or logs within an hour, otherwise it is <code>INACTIVE</code>. You pay for the number of active AWS resource hours analyzed for each resource. Inactive resources are not charged. </p>"
+          "documentation":"<p>The state of the resource. The resource is <code>ACTIVE</code> if it produces metrics, events, or logs within an hour, otherwise it is <code>INACTIVE</code>. You pay for the number of active Amazon Web Services resource hours analyzed for each resource. Inactive resources are not charged. </p>"
         },
         "Count":{
           "shape":"CostEstimationServiceResourceCount",
@@ -2267,7 +3093,7 @@
           "documentation":"<p>The total estimated monthly cost to analyze the active resources for this resource.</p>"
         }
       },
-      "documentation":"<p>An object that contains information about the estimated monthly cost to analyze an AWS resource. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>.</p>"
+      "documentation":"<p>An object that contains information about the estimated monthly cost to analyze an Amazon Web Services resource. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/cost-estimate.html\">Estimate your Amazon DevOps Guru costs</a> and <a href=\"http://aws.amazon.com/devops-guru/pricing/\">Amazon DevOps Guru pricing</a>.</p>"
     },
     "ServiceResourceCosts":{
       "type":"list",
@@ -2281,7 +3107,7 @@
           "documentation":"<p> The Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. </p>"
         }
       },
-      "documentation":"<p> Contains the Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an AWS Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for AWS KMS–encrypted Amazon SNS topics</a>.</p>"
+      "documentation":"<p> Contains the Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic. </p> <p>If you use an Amazon SNS topic in another account, you must attach a policy to it that grants DevOps Guru permission to it notifications. DevOps Guru adds the required policy on your behalf to send notifications using Amazon SNS in your account. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-required-permissions.html\">Permissions for cross account Amazon SNS topics</a>.</p> <p>If you use an Amazon SNS topic that is encrypted by an Amazon Web Services Key Management Service customer-managed key (CMK), then you must add permissions to the CMK. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/sns-kms-permissions.html\">Permissions for Amazon Web Services KMS–encrypted Amazon SNS topics</a>.</p>"
     },
     "SsmOpsItemId":{
       "type":"string",
@@ -2305,7 +3131,7 @@
       "members":{
         "ResourceCollection":{
           "shape":"CostEstimationResourceCollectionFilter",
-          "documentation":"<p>The collection of AWS resources used to create a monthly DevOps Guru cost estimate.</p>"
+          "documentation":"<p>The collection of Amazon Web Services resources used to create a monthly DevOps Guru cost estimate.</p>"
         },
         "ClientToken":{
           "shape":"ClientToken",
@@ -2333,6 +3159,104 @@
       },
       "documentation":"<p> A time range used to specify when the behavior of an insight or anomaly started. </p>"
     },
+    "TagCollection":{
+      "type":"structure",
+      "required":[
+        "AppBoundaryKey",
+        "TagValues"
+      ],
+      "members":{
+        "AppBoundaryKey":{
+          "shape":"AppBoundaryKey",
+          "documentation":"<p>An Amazon Web Services tag <i>key</i> that is used to identify the Amazon Web Services resources that DevOps Guru analyzes. All Amazon Web Services resources in your account and Region tagged with this <i>key</i> make up your DevOps Guru application and analysis boundary.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        },
+        "TagValues":{
+          "shape":"TagValues",
+          "documentation":"<p>The values in an Amazon Web Services tag collection.</p> <p>The tag's <i>value</i> is an optional field used to associate a string with the tag <i>key</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). The <i>key</i> and <i>value</i> are the tag's <i>key</i> pair. Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive. You can specify a maximum of 256 characters for a tag value.</p>"
+        }
+      },
+      "documentation":"<p>A collection of Amazon Web Services stags.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+    },
+    "TagCollectionFilter":{
+      "type":"structure",
+      "required":[
+        "AppBoundaryKey",
+        "TagValues"
+      ],
+      "members":{
+        "AppBoundaryKey":{
+          "shape":"AppBoundaryKey",
+          "documentation":"<p>An Amazon Web Services tag <i>key</i> that is used to identify the Amazon Web Services resources that DevOps Guru analyzes. All Amazon Web Services resources in your account and Region tagged with this <i>key</i> make up your DevOps Guru application and analysis boundary.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        },
+        "TagValues":{
+          "shape":"TagValues",
+          "documentation":"<p>The values in an Amazon Web Services tag collection.</p> <p>The tag's <i>value</i> is an optional field used to associate a string with the tag <i>key</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). The <i>key</i> and <i>value</i> are the tag's <i>key</i> pair. Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive. You can specify a maximum of 256 characters for a tag value.</p>"
+        }
+      },
+      "documentation":"<p>A collection of Amazon Web Services tags used to filter insights. This is used to return insights generated from only resources that contain the tags in the tag collection.</p>"
+    },
+    "TagCollectionFilters":{
+      "type":"list",
+      "member":{"shape":"TagCollectionFilter"}
+    },
+    "TagCollections":{
+      "type":"list",
+      "member":{"shape":"TagCollection"}
+    },
+    "TagCostEstimationResourceCollectionFilter":{
+      "type":"structure",
+      "required":[
+        "AppBoundaryKey",
+        "TagValues"
+      ],
+      "members":{
+        "AppBoundaryKey":{
+          "shape":"AppBoundaryKey",
+          "documentation":"<p>An Amazon Web Services tag <i>key</i> that is used to identify the Amazon Web Services resources that DevOps Guru analyzes. All Amazon Web Services resources in your account and Region tagged with this <i>key</i> make up your DevOps Guru application and analysis boundary.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        },
+        "TagValues":{
+          "shape":"CostEstimationTagValues",
+          "documentation":"<p>The values in an Amazon Web Services tag collection.</p> <p>The tag's <i>value</i> is an optional field used to associate a string with the tag <i>key</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). The <i>key</i> and <i>value</i> are the tag's <i>key</i> pair. Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive. You can specify a maximum of 256 characters for a tag value.</p>"
+        }
+      },
+      "documentation":"<p>Information about a collection of Amazon Web Services resources that are identified by an Amazon Web Services tag. This collection of resources is used to create a monthly cost estimate for DevOps Guru to analyze Amazon Web Services resources. The maximum number of tags you can specify for a cost estimate is one. The estimate created is for the cost to analyze the Amazon Web Services resources defined by the tag. For more information, see <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html\">Stacks</a> in the <i>Amazon Web Services CloudFormation User Guide</i>.</p>"
+    },
+    "TagCostEstimationResourceCollectionFilters":{
+      "type":"list",
+      "member":{"shape":"TagCostEstimationResourceCollectionFilter"}
+    },
+    "TagHealth":{
+      "type":"structure",
+      "members":{
+        "AppBoundaryKey":{
+          "shape":"AppBoundaryKey",
+          "documentation":"<p>An Amazon Web Services tag <i>key</i> that is used to identify the Amazon Web Services resources that DevOps Guru analyzes. All Amazon Web Services resources in your account and Region tagged with this <i>key</i> make up your DevOps Guru application and analysis boundary.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        },
+        "TagValue":{
+          "shape":"TagValue",
+          "documentation":"<p>The value in an Amazon Web Services tag.</p> <p>The tag's <i>value</i> is an optional field used to associate a string with the tag <i>key</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). The <i>key</i> and <i>value</i> are the tag's <i>key</i> pair. Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive. You can specify a maximum of 256 characters for a tag value.</p>"
+        },
+        "Insight":{
+          "shape":"InsightHealth",
+          "documentation":"<p>Information about the health of the Amazon Web Services resources in your account that are specified by an Amazon Web Services tag, including the number of open proactive, open reactive insights, and the Mean Time to Recover (MTTR) of closed insights. </p>"
+        }
+      },
+      "documentation":"<p> Information about the health of Amazon Web Services resources in your account that are specified by an Amazon Web Services tag <i>key</i>. </p>"
+    },
+    "TagHealths":{
+      "type":"list",
+      "member":{"shape":"TagHealth"}
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*|\\*)$"
+    },
+    "TagValues":{
+      "type":"list",
+      "member":{"shape":"TagValue"}
+    },
     "ThrottlingException":{
       "type":"structure",
       "required":["Message"],
@@ -2358,6 +3282,24 @@
       "exception":true
     },
     "Timestamp":{"type":"timestamp"},
+    "TimestampMetricValuePair":{
+      "type":"structure",
+      "members":{
+        "Timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>A <code>Timestamp</code> that specifies the time the event occurred. </p>"
+        },
+        "MetricValue":{
+          "shape":"MetricValue",
+          "documentation":"<p>Value of the anomalous metric data point at respective Timestamp.</p>"
+        }
+      },
+      "documentation":"<p>A pair that contains metric values at the respective timestamp.</p>"
+    },
+    "TimestampMetricValuePairList":{
+      "type":"list",
+      "member":{"shape":"TimestampMetricValuePair"}
+    },
     "TopicArn":{
       "type":"string",
       "max":1024,
@@ -2369,10 +3311,10 @@
       "members":{
         "StackNames":{
           "shape":"UpdateStackNames",
-          "documentation":"<p> An array of the names of the AWS CloudFormation stacks to update. You can specify up to 500 AWS CloudFormation stacks. </p>"
+          "documentation":"<p> An array of the names of the Amazon Web Services CloudFormation stacks to update. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
         }
       },
-      "documentation":"<p> Contains the names of AWS CloudFormation stacks used to update a collection of stacks. You can specify up to 500 AWS CloudFormation stacks.</p>"
+      "documentation":"<p> Contains the names of Amazon Web Services CloudFormation stacks used to update a collection of stacks. You can specify up to 500 Amazon Web Services CloudFormation stacks.</p>"
     },
     "UpdateResourceCollectionAction":{
       "type":"string",
@@ -2386,10 +3328,14 @@
       "members":{
         "CloudFormation":{
           "shape":"UpdateCloudFormationCollectionFilter",
-          "documentation":"<p> An collection of AWS CloudFormation stacks. You can specify up to 500 AWS CloudFormation stacks. </p>"
+          "documentation":"<p> A collection of Amazon Web Services CloudFormation stacks. You can specify up to 500 Amazon Web Services CloudFormation stacks. </p>"
+        },
+        "Tags":{
+          "shape":"UpdateTagCollectionFilters",
+          "documentation":"<p>The updated Amazon Web Services tags used to filter the resources in the resource collection.</p> <p>Tags help you identify and organize your Amazon Web Services resources. Many Amazon Web Services services support tagging, so you can assign the same tag to resources from different services to indicate that the resources are related. For example, you can assign the same tag to an Amazon DynamoDB table resource that you assign to an Lambda function. For more information about using tags, see the <a href=\"https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf\">Tagging best practices</a> whitepaper. </p> <p>Each Amazon Web Services tag has two parts. </p> <ul> <li> <p>A tag <i>key</i> (for example, <code>CostCenter</code>, <code>Environment</code>, <code>Project</code>, or <code>Secret</code>). Tag <i>keys</i> are case-sensitive.</p> </li> <li> <p>An optional field known as a tag <i>value</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive.</p> </li> </ul> <p>Together these are known as <i>key</i>-<i>value</i> pairs.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
         }
       },
-      "documentation":"<p> Contains information used to update a collection of AWS resources. </p>"
+      "documentation":"<p> Contains information used to update a collection of Amazon Web Services resources. </p>"
     },
     "UpdateResourceCollectionRequest":{
       "type":"structure",
@@ -2415,7 +3361,7 @@
       "members":{
         "OpsCenter":{"shape":"OpsCenterIntegrationConfig"}
       },
-      "documentation":"<p> Information about updating the integration status of an AWS service, such as AWS Systems Manager, with DevOps Guru. </p>"
+      "documentation":"<p> Information about updating the integration status of an Amazon Web Services service, such as Amazon Web Services Systems Manager, with DevOps Guru. </p>"
     },
     "UpdateServiceIntegrationRequest":{
       "type":"structure",
@@ -2438,6 +3384,34 @@
       "max":100,
       "min":0
     },
+    "UpdateTagCollectionFilter":{
+      "type":"structure",
+      "required":[
+        "AppBoundaryKey",
+        "TagValues"
+      ],
+      "members":{
+        "AppBoundaryKey":{
+          "shape":"AppBoundaryKey",
+          "documentation":"<p>An Amazon Web Services tag <i>key</i> that is used to identify the Amazon Web Services resources that DevOps Guru analyzes. All Amazon Web Services resources in your account and Region tagged with this <i>key</i> make up your DevOps Guru application and analysis boundary.</p> <important> <p>The string used for a <i>key</i> in a tag that you use to define your resource coverage must begin with the prefix <code>Devops-guru-</code>. The tag <i>key</i> might be <code>Devops-guru-deployment-application</code> or <code>Devops-guru-rds-application</code>. While <i>keys</i> are case-sensitive, the case of <i>key</i> characters don't matter to DevOps Guru. For example, DevOps Guru works with a <i>key</i> named <code>devops-guru-rds</code> and a <i>key</i> named <code>DevOps-Guru-RDS</code>. Possible <i>key</i>/<i>value</i> pairs in your application might be <code>Devops-Guru-production-application/RDS</code> or <code>Devops-Guru-production-application/containers</code>.</p> </important>"
+        },
+        "TagValues":{
+          "shape":"UpdateTagValues",
+          "documentation":"<p>The values in an Amazon Web Services tag collection.</p> <p>The tag's <i>value</i> is an optional field used to associate a string with the tag <i>key</i> (for example, <code>111122223333</code>, <code>Production</code>, or a team name). The <i>key</i> and <i>value</i> are the tag's <i>key</i> pair. Omitting the tag <i>value</i> is the same as using an empty string. Like tag <i>keys</i>, tag <i>values</i> are case-sensitive. You can specify a maximum of 256 characters for a tag value.</p>"
+        }
+      },
+      "documentation":"<p>A new collection of Amazon Web Services resources that are defined by an Amazon Web Services tag or tag <i>key</i>/<i>value</i> pair.</p>"
+    },
+    "UpdateTagCollectionFilters":{
+      "type":"list",
+      "member":{"shape":"UpdateTagCollectionFilter"}
+    },
+    "UpdateTagValues":{
+      "type":"list",
+      "member":{"shape":"TagValue"},
+      "max":100,
+      "min":0
+    },
     "UuidNextToken":{
       "type":"string",
       "max":36,
@@ -2491,9 +3465,11 @@
         "UNKNOWN_OPERATION",
         "CANNOT_PARSE",
         "FIELD_VALIDATION_FAILED",
-        "OTHER"
+        "OTHER",
+        "INVALID_PARAMETER_COMBINATION",
+        "PARAMETER_INCONSISTENT_WITH_SERVICE_STATE"
       ]
     }
   },
-  "documentation":"<p> Amazon DevOps Guru is a fully managed service that helps you identify anomalous behavior in business critical operational applications. You specify the AWS resources that you want DevOps Guru to cover, then the Amazon CloudWatch metrics and AWS CloudTrail events related to those resources are analyzed. When anomalous behavior is detected, DevOps Guru creates an <i>insight</i> that includes recommendations, related events, and related metrics that can help you improve your operational applications. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/welcome.html\">What is Amazon DevOps Guru</a>. </p> <p> You can specify 1 or 2 Amazon Simple Notification Service topics so you are notified every time a new insight is created. You can also enable DevOps Guru to generate an OpsItem in AWS Systems Manager for each insight to help you manage and track your work addressing insights. </p> <p> To learn about the DevOps Guru workflow, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/welcome.html#how-it-works\">How DevOps Guru works</a>. To learn about DevOps Guru concepts, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/concepts.html\">Concepts in DevOps Guru</a>. </p>"
+  "documentation":"<p> Amazon DevOps Guru is a fully managed service that helps you identify anomalous behavior in business critical operational applications. You specify the Amazon Web Services resources that you want DevOps Guru to cover, then the Amazon CloudWatch metrics and Amazon Web Services CloudTrail events related to those resources are analyzed. When anomalous behavior is detected, DevOps Guru creates an <i>insight</i> that includes recommendations, related events, and related metrics that can help you improve your operational applications. For more information, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/welcome.html\">What is Amazon DevOps Guru</a>. </p> <p> You can specify 1 or 2 Amazon Simple Notification Service topics so you are notified every time a new insight is created. You can also enable DevOps Guru to generate an OpsItem in Amazon Web Services Systems Manager for each insight to help you manage and track your work addressing insights. </p> <p> To learn about the DevOps Guru workflow, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/welcome.html#how-it-works\">How DevOps Guru works</a>. To learn about DevOps Guru concepts, see <a href=\"https://docs.aws.amazon.com/devops-guru/latest/userguide/concepts.html\">Concepts in DevOps Guru</a>. </p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/directconnect/2012-10-25/service-2.json b/contrib/python/botocore/py3/botocore/data/directconnect/2012-10-25/service-2.json
index 187363d999c..892f091aa55 100644
--- a/contrib/python/botocore/py3/botocore/data/directconnect/2012-10-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/directconnect/2012-10-25/service-2.json
@@ -2309,7 +2309,7 @@
         },
         "virtualInterfaceName":{
           "shape":"VirtualInterfaceName",
-          "documentation":"<p>The name of the virtual interface assigned by the customer network.</p>"
+          "documentation":"<p>Provides the details about a virtual interface's router.</p>"
         }
       }
     },
@@ -2622,6 +2622,7 @@
       "documentation":"<p>A tag key was specified more than once.</p>",
       "exception":true
     },
+    "EnableSiteLink":{"type":"boolean"},
     "EncryptionMode":{"type":"string"},
     "EndTime":{"type":"timestamp"},
     "ErrorMessage":{"type":"string"},
@@ -3071,6 +3072,10 @@
         "tags":{
           "shape":"TagList",
           "documentation":"<p>The tags associated with the private virtual interface.</p>"
+        },
+        "enableSiteLink":{
+          "shape":"EnableSiteLink",
+          "documentation":"<p>Indicates whether to enable or disable SiteLink.</p>"
         }
       },
       "documentation":"<p>Information about a private virtual interface.</p>"
@@ -3258,6 +3263,10 @@
         "tags":{
           "shape":"TagList",
           "documentation":"<p>The tags associated with the transitive virtual interface.</p>"
+        },
+        "enableSiteLink":{
+          "shape":"EnableSiteLink",
+          "documentation":"<p>Indicates whether to enable or disable SiteLink.</p>"
         }
       },
       "documentation":"<p>Information about a transit virtual interface.</p>"
@@ -3395,6 +3404,7 @@
     },
     "RouterTypeIdentifier":{"type":"string"},
     "SecretARN":{"type":"string"},
+    "SiteLinkEnabled":{"type":"boolean"},
     "Software":{"type":"string"},
     "StartBgpFailoverTestRequest":{
       "type":"structure",
@@ -3639,6 +3649,14 @@
         "mtu":{
           "shape":"MTU",
           "documentation":"<p>The maximum transmission unit (MTU), in bytes. The supported values are 1500 and 9001. The default value is 1500.</p>"
+        },
+        "enableSiteLink":{
+          "shape":"EnableSiteLink",
+          "documentation":"<p>Indicates whether to enable or disable SiteLink.</p>"
+        },
+        "virtualInterfaceName":{
+          "shape":"VirtualInterfaceName",
+          "documentation":"<p>The name of the virtual private interface.</p>"
         }
       }
     },
@@ -3779,6 +3797,10 @@
         "tags":{
           "shape":"TagList",
           "documentation":"<p>The tags associated with the virtual interface.</p>"
+        },
+        "siteLinkEnabled":{
+          "shape":"SiteLinkEnabled",
+          "documentation":"<p>Indicates whether SiteLink is enabled.</p>"
         }
       },
       "documentation":"<p>Information about a virtual interface.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/dms/2016-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/dms/2016-01-01/service-2.json
index 5bb241e7709..15fce61c652 100644
--- a/contrib/python/botocore/py3/botocore/data/dms/2016-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/dms/2016-01-01/service-2.json
@@ -471,7 +471,7 @@
       "errors":[
         {"shape":"ResourceNotFoundFault"}
       ],
-      "documentation":"<p>Returns the task assessment results from the Amazon S3 bucket that DMS creates in your Amazon Web Services account. This action always returns the latest results.</p> <p>For more information about DMS task assessments, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.AssessmentReport.html\">Creating a task assessment report</a> in the <a href=\"https://docs.aws.amazon.com/https:/docs.aws.amazon.com/dms/latest/userguide/Welcome.html\"> Database Migration Service User Guide</a>.</p>"
+      "documentation":"<p>Returns the task assessment results from the Amazon S3 bucket that DMS creates in your Amazon Web Services account. This action always returns the latest results.</p> <p>For more information about DMS task assessments, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.AssessmentReport.html\">Creating a task assessment report</a> in the <i>Database Migration Service User Guide</i>.</p>"
     },
     "DescribeReplicationTaskAssessmentRuns":{
       "name":"DescribeReplicationTaskAssessmentRuns",
@@ -760,7 +760,7 @@
         {"shape":"InvalidResourceStateFault"},
         {"shape":"ResourceNotFoundFault"}
       ],
-      "documentation":"<p> Starts the replication task assessment for unsupported data types in the source database. </p>"
+      "documentation":"<p> Starts the replication task assessment for unsupported data types in the source database. </p> <p>You can only use this operation for a task if the following conditions are true:</p> <ul> <li> <p>The task must be in the <code>stopped</code> state.</p> </li> <li> <p>The task must have successful connections to the source and target.</p> </li> </ul> <p>If either of these conditions are not met, an <code>InvalidResourceStateFault</code> error will result. </p> <p>For information about DMS task assessments, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.AssessmentReport.html\">Creating a task assessment report</a> in the <i>Database Migration Service User Guide</i>.</p>"
     },
     "StartReplicationTaskAssessmentRun":{
       "name":"StartReplicationTaskAssessmentRun",
@@ -995,7 +995,7 @@
         },
         "CertificateWallet":{
           "shape":"CertificateWallet",
-          "documentation":"<p>The location of an imported Oracle Wallet certificate for use with SSL.</p>"
+          "documentation":"<p>The location of an imported Oracle Wallet certificate for use with SSL. Example: <code>filebase64(\"${path.root}/rds-ca-2019-root.sso\")</code> </p>"
         },
         "CertificateArn":{
           "shape":"String",
@@ -1096,7 +1096,7 @@
         },
         "EngineName":{
           "shape":"String",
-          "documentation":"<p>The type of engine for the endpoint. Valid values, depending on the <code>EndpointType</code> value, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"docdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
+          "documentation":"<p>The type of engine for the endpoint. Valid values, depending on the <code>EndpointType</code> value, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"opensearch\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"docdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
         },
         "Username":{
           "shape":"String",
@@ -1172,7 +1172,7 @@
         },
         "ElasticsearchSettings":{
           "shape":"ElasticsearchSettings",
-          "documentation":"<p>Settings in JSON format for the target Elasticsearch endpoint. For more information about the available settings, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration\">Extra Connection Attributes When Using Elasticsearch as a Target for DMS</a> in the <i>Database Migration Service User Guide</i>.</p>"
+          "documentation":"<p>Settings in JSON format for the target OpenSearch endpoint. For more information about the available settings, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration\">Extra Connection Attributes When Using OpenSearch as a Target for DMS</a> in the <i>Database Migration Service User Guide</i>.</p>"
         },
         "NeptuneSettings":{
           "shape":"NeptuneSettings",
@@ -1211,6 +1211,10 @@
         "RedisSettings":{
           "shape":"RedisSettings",
           "documentation":"<p>Settings in JSON format for the target Redis endpoint.</p>"
+        },
+        "GcpMySQLSettings":{
+          "shape":"GcpMySQLSettings",
+          "documentation":"<p>Settings in JSON format for the source GCP MySQL endpoint.</p>"
         }
       },
       "documentation":"<p/>"
@@ -1498,7 +1502,7 @@
       "members":{
         "CertificateArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the deleted certificate.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the certificate.</p>"
         }
       }
     },
@@ -1734,7 +1738,7 @@
       "members":{
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>Filters applied to the certificates described in the form of key-value pairs.</p>"
+          "documentation":"<p>Filters applied to the certificates described in the form of key-value pairs. Valid values are <code>certificate-arn</code> and <code>certificate-id</code>.</p>"
         },
         "MaxRecords":{
           "shape":"IntegerOptional",
@@ -1919,7 +1923,7 @@
         },
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>Filters applied to event subscriptions.</p>"
+          "documentation":"<p>Filters applied to event subscriptions.</p> <p>Valid filter names: event-subscription-arn | event-subscription-id </p>"
         },
         "MaxRecords":{
           "shape":"IntegerOptional",
@@ -1975,7 +1979,7 @@
         },
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>Filters applied to events.</p>"
+          "documentation":"<p>Filters applied to events. The only valid filter is <code>replication-instance-id</code>.</p>"
         },
         "MaxRecords":{
           "shape":"IntegerOptional",
@@ -2493,18 +2497,18 @@
         },
         "EndpointUri":{
           "shape":"String",
-          "documentation":"<p>The endpoint for the Elasticsearch cluster. DMS uses HTTPS if a transport protocol (http/https) is not specified.</p>"
+          "documentation":"<p>The endpoint for the OpenSearch cluster. DMS uses HTTPS if a transport protocol (http/https) is not specified.</p>"
         },
         "FullLoadErrorPercentage":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The maximum percentage of records that can fail to be written before a full load operation stops.</p> <p>To avoid early failure, this counter is only effective after 1000 records are transferred. Elasticsearch also has the concept of error monitoring during the last 10 minutes of an Observation Window. If transfer of all records fail in the last 10 minutes, the full load operation stops. </p>"
+          "documentation":"<p>The maximum percentage of records that can fail to be written before a full load operation stops.</p> <p>To avoid early failure, this counter is only effective after 1000 records are transferred. OpenSearch also has the concept of error monitoring during the last 10 minutes of an Observation Window. If transfer of all records fail in the last 10 minutes, the full load operation stops. </p>"
         },
         "ErrorRetryDuration":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The maximum number of seconds for which DMS retries failed API requests to the Elasticsearch cluster.</p>"
+          "documentation":"<p>The maximum number of seconds for which DMS retries failed API requests to the OpenSearch cluster.</p>"
         }
       },
-      "documentation":"<p>Provides information that defines an Elasticsearch endpoint.</p>"
+      "documentation":"<p>Provides information that defines an OpenSearch endpoint.</p>"
     },
     "EncodingTypeValue":{
       "type":"string",
@@ -2534,7 +2538,7 @@
         },
         "EngineName":{
           "shape":"String",
-          "documentation":"<p>The database engine name. Valid values, depending on the EndpointType, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"documentdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
+          "documentation":"<p>The database engine name. Valid values, depending on the EndpointType, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"opensearch\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"documentdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
         },
         "EngineDisplayName":{
           "shape":"String",
@@ -2602,7 +2606,7 @@
         },
         "DmsTransferSettings":{
           "shape":"DmsTransferSettings",
-          "documentation":"<p>The settings in JSON format for the DMS transfer type of source endpoint. </p> <p>Possible settings include the following:</p> <ul> <li> <p> <code>ServiceAccessRoleArn</code> - - The Amazon Resource Name (ARN) used by the service access IAM role. The role must allow the <code>iam:PassRole</code> action.</p> </li> <li> <p> <code>BucketName</code> - The name of the S3 bucket to use.</p> </li> </ul> <p>Shorthand syntax for these settings is as follows: <code>ServiceAccessRoleArn=string,BucketName=string,</code> </p> <p>JSON syntax for these settings is as follows: <code>{ \"ServiceAccessRoleArn\": \"string\", \"BucketName\": \"string\"} </code> </p>"
+          "documentation":"<p>The settings for the DMS Transfer type source. For more information, see the DmsTransferSettings structure. </p>"
         },
         "MongoDbSettings":{
           "shape":"MongoDbSettings",
@@ -2618,7 +2622,7 @@
         },
         "ElasticsearchSettings":{
           "shape":"ElasticsearchSettings",
-          "documentation":"<p>The settings for the Elasticsearch source endpoint. For more information, see the <code>ElasticsearchSettings</code> structure.</p>"
+          "documentation":"<p>The settings for the OpenSearch source endpoint. For more information, see the <code>ElasticsearchSettings</code> structure.</p>"
         },
         "NeptuneSettings":{
           "shape":"NeptuneSettings",
@@ -2656,6 +2660,10 @@
         "RedisSettings":{
           "shape":"RedisSettings",
           "documentation":"<p>The settings for the Redis target endpoint. For more information, see the <code>RedisSettings</code> structure.</p>"
+        },
+        "GcpMySQLSettings":{
+          "shape":"GcpMySQLSettings",
+          "documentation":"<p>Settings in JSON format for the source GCP MySQL endpoint.</p>"
         }
       },
       "documentation":"<p>Describes an endpoint of a database instance in response to operations such as the following:</p> <ul> <li> <p> <code>CreateEndpoint</code> </p> </li> <li> <p> <code>DescribeEndpoint</code> </p> </li> <li> <p> <code>ModifyEndpoint</code> </p> </li> </ul>"
@@ -2852,6 +2860,68 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "GcpMySQLSettings":{
+      "type":"structure",
+      "members":{
+        "AfterConnectScript":{
+          "shape":"String",
+          "documentation":"<p>Specifies a script to run immediately after DMS connects to the endpoint. The migration task continues running regardless if the SQL statement succeeds or fails.</p> <p>For this parameter, provide the code of the script itself, not the name of a file containing the script. </p>"
+        },
+        "CleanSourceMetadataOnMismatch":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Adjusts the behavior of DMS when migrating from an SQL Server source database that is hosted as part of an Always On availability group cluster. If you need DMS to poll all the nodes in the Always On cluster for transaction backups, set this attribute to <code>false</code>. </p>"
+        },
+        "DatabaseName":{
+          "shape":"String",
+          "documentation":"<p>Database name for the endpoint. For a MySQL source or target endpoint, don't explicitly specify the database using the <code>DatabaseName</code> request parameter on either the <code>CreateEndpoint</code> or <code>ModifyEndpoint</code> API call. Specifying <code>DatabaseName</code> when you create or modify a MySQL endpoint replicates all the task tables to this single database. For MySQL endpoints, you specify the database only when you specify the schema in the table-mapping rules of the DMS task. </p>"
+        },
+        "EventsPollInterval":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>Specifies how often to check the binary log for new changes/events when the database is idle. The default is five seconds.</p> <p>Example: <code>eventsPollInterval=5;</code> </p> <p>In the example, DMS checks for changes in the binary logs every five seconds. </p>"
+        },
+        "TargetDbType":{
+          "shape":"TargetDbType",
+          "documentation":"<p>Specifies where to migrate source tables on the target, either to a single database or multiple databases.</p> <p>Example: <code>targetDbType=MULTIPLE_DATABASES</code> </p>"
+        },
+        "MaxFileSize":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>Specifies the maximum size (in KB) of any .csv file used to transfer data to a MySQL-compatible database.</p> <p>Example: <code>maxFileSize=512</code> </p>"
+        },
+        "ParallelLoadThreads":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>Improves performance when loading data into the MySQL-compatible target database. Specifies how many threads to use to load the data into the MySQL-compatible target database. Setting a large number of threads can have an adverse effect on database performance, because a separate connection is required for each thread. The default is one.</p> <p>Example: <code>parallelLoadThreads=1</code> </p>"
+        },
+        "Password":{
+          "shape":"SecretString",
+          "documentation":"<p>Endpoint connection password.</p>"
+        },
+        "Port":{
+          "shape":"IntegerOptional",
+          "documentation":"<p/>"
+        },
+        "ServerName":{
+          "shape":"String",
+          "documentation":"<p>Endpoint TCP port.</p>"
+        },
+        "ServerTimezone":{
+          "shape":"String",
+          "documentation":"<p>Specifies the time zone for the source MySQL database.</p> <p>Example: <code>serverTimezone=US/Pacific;</code> </p> <p>Note: Do not enclose time zones in single quotes.</p>"
+        },
+        "Username":{
+          "shape":"String",
+          "documentation":"<p>Endpoint connection user name.</p>"
+        },
+        "SecretsManagerAccessRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The full Amazon Resource Name (ARN) of the IAM role that specifies DMS as the trusted entity and grants the required permissions to access the value in <code>SecretsManagerSecret.</code> The role must allow the <code>iam:PassRole</code> action. <code>SecretsManagerSecret</code> has the value of the Amazon Web Services Secrets Manager secret that allows access to the MySQL endpoint.</p> <note> <p>You can specify one of two sets of values for these permissions. You can specify the values for this setting and <code>SecretsManagerSecretId</code>. Or you can specify clear-text values for <code>UserName</code>, <code>Password</code>, <code>ServerName</code>, and <code>Port</code>. You can't specify both. For more information on creating this <code>SecretsManagerSecret</code> and the <code>SecretsManagerAccessRoleArn</code> and <code>SecretsManagerSecretId</code> required to access it, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#security-iam-secretsmanager\">Using secrets to access Database Migration Service resources</a> in the Database Migration Service User Guide. </p> </note>"
+        },
+        "SecretsManagerSecretId":{
+          "shape":"String",
+          "documentation":"<p>The full ARN, partial ARN, or friendly name of the <code>SecretsManagerSecret</code> that contains the MySQL endpoint connection details. </p>"
+        }
+      },
+      "documentation":"<p>Settings in JSON format for the source GCP MySQL endpoint.</p>"
+    },
     "IBMDb2Settings":{
       "type":"structure",
       "members":{
@@ -2912,7 +2982,7 @@
         },
         "CertificateWallet":{
           "shape":"CertificateWallet",
-          "documentation":"<p>The location of an imported Oracle Wallet certificate for use with SSL. Provide the name of a <code>.sso</code> file using the <code>fileb://</code> prefix. You can't provide the certificate inline. </p>"
+          "documentation":"<p>The location of an imported Oracle Wallet certificate for use with SSL. Provide the name of a <code>.sso</code> file using the <code>fileb://</code> prefix. You can't provide the certificate inline.</p> <p>Example: <code>filebase64(\"${path.root}/rds-ca-2019-root.sso\")</code> </p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -2997,7 +3067,7 @@
       "members":{
         "message":{"shape":"ExceptionMessage"}
       },
-      "documentation":"<p>The specified master key (CMK) isn't enabled.</p>",
+      "documentation":"<p>The specified KMS key isn't enabled.</p>",
       "exception":true
     },
     "KMSFault":{
@@ -3300,7 +3370,7 @@
         },
         "EngineName":{
           "shape":"String",
-          "documentation":"<p>The type of engine for the endpoint. Valid values, depending on the EndpointType, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"documentdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
+          "documentation":"<p>The type of engine for the endpoint. Valid values, depending on the EndpointType, include <code>\"mysql\"</code>, <code>\"oracle\"</code>, <code>\"postgres\"</code>, <code>\"mariadb\"</code>, <code>\"aurora\"</code>, <code>\"aurora-postgresql\"</code>, <code>\"opensearch\"</code>, <code>\"redshift\"</code>, <code>\"s3\"</code>, <code>\"db2\"</code>, <code>\"azuredb\"</code>, <code>\"sybase\"</code>, <code>\"dynamodb\"</code>, <code>\"mongodb\"</code>, <code>\"kinesis\"</code>, <code>\"kafka\"</code>, <code>\"elasticsearch\"</code>, <code>\"documentdb\"</code>, <code>\"sqlserver\"</code>, and <code>\"neptune\"</code>.</p>"
         },
         "Username":{
           "shape":"String",
@@ -3368,7 +3438,7 @@
         },
         "ElasticsearchSettings":{
           "shape":"ElasticsearchSettings",
-          "documentation":"<p>Settings in JSON format for the target Elasticsearch endpoint. For more information about the available settings, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration\">Extra Connection Attributes When Using Elasticsearch as a Target for DMS</a> in the <i>Database Migration Service User Guide.</i> </p>"
+          "documentation":"<p>Settings in JSON format for the target OpenSearch endpoint. For more information about the available settings, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Elasticsearch.html#CHAP_Target.Elasticsearch.Configuration\">Extra Connection Attributes When Using OpenSearch as a Target for DMS</a> in the <i>Database Migration Service User Guide.</i> </p>"
         },
         "NeptuneSettings":{
           "shape":"NeptuneSettings",
@@ -3410,6 +3480,10 @@
         "ExactSettings":{
           "shape":"BooleanOptional",
           "documentation":"<p>If this attribute is Y, the current call to <code>ModifyEndpoint</code> replaces all existing endpoint settings with the exact settings that you specify in this call. If this attribute is N, the current call to <code>ModifyEndpoint</code> does two things: </p> <ul> <li> <p>It replaces any endpoint settings that already exist with new values, for settings with the same names.</p> </li> <li> <p>It creates new endpoint settings that you specify in the call, for settings with different names. </p> </li> </ul> <p>For example, if you call <code>create-endpoint ... --endpoint-settings '{\"a\":1}' ...</code>, the endpoint has the following endpoint settings: <code>'{\"a\":1}'</code>. If you then call <code>modify-endpoint ... --endpoint-settings '{\"b\":2}' ...</code> for the same endpoint, the endpoint has the following settings: <code>'{\"a\":1,\"b\":2}'</code>. </p> <p>However, suppose that you follow this with a call to <code>modify-endpoint ... --endpoint-settings '{\"b\":2}' --exact-settings ...</code> for that same endpoint again. Then the endpoint has the following settings: <code>'{\"b\":2}'</code>. All existing settings are replaced with the exact settings that you specify. </p>"
+        },
+        "GcpMySQLSettings":{
+          "shape":"GcpMySQLSettings",
+          "documentation":"<p>Settings in JSON format for the source GCP MySQL endpoint.</p>"
         }
       },
       "documentation":"<p/>"
@@ -3714,7 +3788,7 @@
         },
         "EventsPollInterval":{
           "shape":"IntegerOptional",
-          "documentation":"<p>Specifies how often to check the binary log for new changes/events when the database is idle.</p> <p>Example: <code>eventsPollInterval=5;</code> </p> <p>In the example, DMS checks for changes in the binary logs every five seconds.</p>"
+          "documentation":"<p>Specifies how often to check the binary log for new changes/events when the database is idle. The default is five seconds.</p> <p>Example: <code>eventsPollInterval=5;</code> </p> <p>In the example, DMS checks for changes in the binary logs every five seconds.</p>"
         },
         "TargetDbType":{
           "shape":"TargetDbType",
@@ -3726,7 +3800,7 @@
         },
         "ParallelLoadThreads":{
           "shape":"IntegerOptional",
-          "documentation":"<p>Improves performance when loading data into the MySQL-compatible target database. Specifies how many threads to use to load the data into the MySQL-compatible target database. Setting a large number of threads can have an adverse effect on database performance, because a separate connection is required for each thread.</p> <p>Example: <code>parallelLoadThreads=1</code> </p>"
+          "documentation":"<p>Improves performance when loading data into the MySQL-compatible target database. Specifies how many threads to use to load the data into the MySQL-compatible target database. Setting a large number of threads can have an adverse effect on database performance, because a separate connection is required for each thread. The default is one.</p> <p>Example: <code>parallelLoadThreads=1</code> </p>"
         },
         "Password":{
           "shape":"SecretString",
@@ -4118,7 +4192,7 @@
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>Endpoint TCP port.</p>"
+          "documentation":"<p>Endpoint TCP port. The default is 5432.</p>"
         },
         "ServerName":{
           "shape":"String",
@@ -5133,6 +5207,10 @@
           "shape":"String",
           "documentation":"<p>Specifies the folder path of CDC files. For an S3 source, this setting is required if a task captures change data; otherwise, it's optional. If <code>CdcPath</code> is set, DMS reads CDC files from this path and replicates the data changes to the target endpoint. For an S3 target if you set <a href=\"https://docs.aws.amazon.com/dms/latest/APIReference/API_S3Settings.html#DMS-Type-S3Settings-PreserveTransactions\"> <code>PreserveTransactions</code> </a> to <code>true</code>, DMS verifies that you have set this parameter to a folder path on your S3 target where DMS can save the transaction order for the CDC load. DMS creates this CDC folder path in either your S3 target working directory or the S3 target location specified by <a href=\"https://docs.aws.amazon.com/dms/latest/APIReference/API_S3Settings.html#DMS-Type-S3Settings-BucketFolder\"> <code>BucketFolder</code> </a> and <a href=\"https://docs.aws.amazon.com/dms/latest/APIReference/API_S3Settings.html#DMS-Type-S3Settings-BucketName\"> <code>BucketName</code> </a>.</p> <p>For example, if you specify <code>CdcPath</code> as <code>MyChangedData</code>, and you specify <code>BucketName</code> as <code>MyTargetBucket</code> but do not specify <code>BucketFolder</code>, DMS creates the CDC folder path following: <code>MyTargetBucket/MyChangedData</code>.</p> <p>If you specify the same <code>CdcPath</code>, and you specify <code>BucketName</code> as <code>MyTargetBucket</code> and <code>BucketFolder</code> as <code>MyTargetData</code>, DMS creates the CDC folder path following: <code>MyTargetBucket/MyTargetData/MyChangedData</code>.</p> <p>For more information on CDC including transaction order on an S3 target, see <a href=\"https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html#CHAP_Target.S3.EndpointSettings.CdcPath\">Capturing data changes (CDC) including transaction order on the S3 target</a>.</p> <note> <p>This setting is supported in DMS versions 3.4.2 and later.</p> </note>"
         },
+        "UseTaskStartTimeForFullLoadTimestamp":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>When set to true, this parameter uses the task start time as the timestamp column value instead of the time data is written to target. For full load, when <code>useTaskStartTimeForFullLoadTimestamp</code> is set to <code>true</code>, each row of the timestamp column contains the task start time. For CDC loads, each row of the timestamp column contains the transaction commit time.</p> <p>When <code>useTaskStartTimeForFullLoadTimestamp</code> is set to <code>false</code>, the full load timestamp in the timestamp column increments with the time data arrives at the target. </p>"
+        },
         "CannedAclForObjects":{
           "shape":"CannedAclForObjectsValue",
           "documentation":"<p>A value that enables DMS to specify a predefined (canned) access control list for objects created in an Amazon S3 bucket as .csv or .parquet files. For more information about Amazon S3 canned ACLs, see <a href=\"http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl\">Canned ACL</a> in the <i>Amazon S3 Developer Guide.</i> </p> <p>The default value is NONE. Valid values include NONE, PRIVATE, PUBLIC_READ, PUBLIC_READ_WRITE, AUTHENTICATED_READ, AWS_EXEC_READ, BUCKET_OWNER_READ, and BUCKET_OWNER_FULL_CONTROL.</p>"
@@ -5164,6 +5242,10 @@
         "Rfc4180":{
           "shape":"BooleanOptional",
           "documentation":"<p>For an S3 source, when this value is set to <code>true</code> or <code>y</code>, each leading double quotation mark has to be followed by an ending double quotation mark. This formatting complies with RFC 4180. When this value is set to <code>false</code> or <code>n</code>, string literals are copied to the target as is. In this case, a delimiter (row or column) signals the end of the field. Thus, you can't use a delimiter as part of the string, because it signals the end of the value.</p> <p>For an S3 target, an optional parameter used to set behavior to comply with RFC 4180 for data migrated to Amazon S3 using .csv file format only. When this value is set to <code>true</code> or <code>y</code> using Amazon S3 as a target, if the data has quotation marks or newline characters in it, DMS encloses the entire column with an additional pair of double quotation marks (\"). Every quotation mark within the data is repeated twice.</p> <p>The default value is <code>true</code>. Valid values include <code>true</code>, <code>false</code>, <code>y</code>, and <code>n</code>.</p>"
+        },
+        "DatePartitionTimezone":{
+          "shape":"String",
+          "documentation":"<p>When creating an S3 target endpoint, set <code>DatePartitionTimezone</code> to convert the current UTC time into a specified time zone. The conversion occurs when a date partition folder is created and a CDC filename is generated. The time zone format is Area/Location. Use this parameter when <code>DatePartitionedEnabled</code> is set to <code>true</code>, as shown in the following example.</p> <p> <code>s3-settings='{\"DatePartitionEnabled\": true, \"DatePartitionSequence\": \"YYYYMMDDHH\", \"DatePartitionDelimiter\": \"SLASH\", \"DatePartitionTimezone\":\"<i>Asia/Seoul</i>\", \"BucketName\": \"dms-nattarat-test\"}'</code> </p>"
         }
       },
       "documentation":"<p>Settings for exporting data to Amazon S3. </p>"
@@ -5313,7 +5395,7 @@
         },
         "StartReplicationTaskType":{
           "shape":"StartReplicationTaskTypeValue",
-          "documentation":"<p>A type of replication task.</p>"
+          "documentation":"<p>The type of replication task to start.</p> <p>When the migration type is <code>full-load</code> or <code>full-load-and-cdc</code>, the only valid value for the first run of the task is <code>start-replication</code>. You use <code>reload-target</code> to restart the task and <code>resume-processing</code> to resume the task.</p> <p>When the migration type is <code>cdc</code>, you use <code>start-replication</code> to start or restart the task, and <code>resume-processing</code> to resume the task. <code>reload-target</code> is not a valid value for a task with migration type of <code>cdc</code>.</p>"
         },
         "CdcStartTime":{
           "shape":"TStamp",
@@ -5461,7 +5543,7 @@
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>Endpoint TCP port.</p>"
+          "documentation":"<p>Endpoint TCP port. The default is 5000.</p>"
         },
         "ServerName":{
           "shape":"String",
diff --git a/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/paginators-1.json b/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/paginators-1.json
new file mode 100644
index 00000000000..1b140e716c2
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/paginators-1.json
@@ -0,0 +1,40 @@
+{
+  "pagination": {
+    "DescribeJobLogItems": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    },
+    "DescribeJobs": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    },
+    "DescribeRecoveryInstances": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    },
+    "DescribeRecoverySnapshots": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    },
+    "DescribeReplicationConfigurationTemplates": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    },
+    "DescribeSourceServers": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/service-2.json b/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/service-2.json
new file mode 100644
index 00000000000..d166ee73a29
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/drs/2020-02-26/service-2.json
@@ -0,0 +1,3024 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2020-02-26",
+    "endpointPrefix":"drs",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceAbbreviation":"drs",
+    "serviceFullName":"Elastic Disaster Recovery Service",
+    "serviceId":"drs",
+    "signatureVersion":"v4",
+    "signingName":"drs",
+    "uid":"drs-2020-02-26"
+  },
+  "operations":{
+    "CreateReplicationConfigurationTemplate":{
+      "name":"CreateReplicationConfigurationTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/CreateReplicationConfigurationTemplate",
+        "responseCode":201
+      },
+      "input":{"shape":"CreateReplicationConfigurationTemplateRequest"},
+      "output":{"shape":"ReplicationConfigurationTemplate"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Creates a new ReplicationConfigurationTemplate.</p>"
+    },
+    "DeleteJob":{
+      "name":"DeleteJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteJob",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteJobRequest"},
+      "output":{"shape":"DeleteJobResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Deletes a single Job by ID.</p>",
+      "idempotent":true
+    },
+    "DeleteRecoveryInstance":{
+      "name":"DeleteRecoveryInstance",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteRecoveryInstance",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteRecoveryInstanceRequest"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Deletes a single Recovery Instance by ID. This deletes the Recovery Instance resource from Elastic Disaster Recovery. The Recovery Instance must be disconnected first in order to delete it.</p>"
+    },
+    "DeleteReplicationConfigurationTemplate":{
+      "name":"DeleteReplicationConfigurationTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteReplicationConfigurationTemplate",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteReplicationConfigurationTemplateRequest"},
+      "output":{"shape":"DeleteReplicationConfigurationTemplateResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Deletes a single Replication Configuration Template by ID</p>",
+      "idempotent":true
+    },
+    "DeleteSourceServer":{
+      "name":"DeleteSourceServer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteSourceServer",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteSourceServerRequest"},
+      "output":{"shape":"DeleteSourceServerResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Deletes a single Source Server by ID. The Source Server must be disconnected first.</p>",
+      "idempotent":true
+    },
+    "DescribeJobLogItems":{
+      "name":"DescribeJobLogItems",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeJobLogItems",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeJobLogItemsRequest"},
+      "output":{"shape":"DescribeJobLogItemsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Retrieves a detailed Job log with pagination.</p>"
+    },
+    "DescribeJobs":{
+      "name":"DescribeJobs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeJobs",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeJobsRequest"},
+      "output":{"shape":"DescribeJobsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Returns a list of Jobs. Use the JobsID and fromDate and toDate filters to limit which jobs are returned. The response is sorted by creationDataTime - latest date first. Jobs are created by the StartRecovery, TerminateRecoveryInstances and StartFailbackLaunch APIs. Jobs are also created by DiagnosticLaunch and TerminateDiagnosticInstances, which are APIs available only to *Support* and only used in response to relevant support tickets.</p>"
+    },
+    "DescribeRecoveryInstances":{
+      "name":"DescribeRecoveryInstances",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeRecoveryInstances",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeRecoveryInstancesRequest"},
+      "output":{"shape":"DescribeRecoveryInstancesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Lists all Recovery Instances or multiple Recovery Instances by ID.</p>"
+    },
+    "DescribeRecoverySnapshots":{
+      "name":"DescribeRecoverySnapshots",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeRecoverySnapshots",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeRecoverySnapshotsRequest"},
+      "output":{"shape":"DescribeRecoverySnapshotsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Lists all Recovery Snapshots for a single Source Server.</p>"
+    },
+    "DescribeReplicationConfigurationTemplates":{
+      "name":"DescribeReplicationConfigurationTemplates",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeReplicationConfigurationTemplates",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeReplicationConfigurationTemplatesRequest"},
+      "output":{"shape":"DescribeReplicationConfigurationTemplatesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Lists all ReplicationConfigurationTemplates, filtered by Source Server IDs.</p>"
+    },
+    "DescribeSourceServers":{
+      "name":"DescribeSourceServers",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeSourceServers",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeSourceServersRequest"},
+      "output":{"shape":"DescribeSourceServersResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Lists all Source Servers or multiple Source Servers filtered by ID.</p>"
+    },
+    "DisconnectRecoveryInstance":{
+      "name":"DisconnectRecoveryInstance",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DisconnectRecoveryInstance",
+        "responseCode":200
+      },
+      "input":{"shape":"DisconnectRecoveryInstanceRequest"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Disconnect a Recovery Instance from Elastic Disaster Recovery. Data replication is stopped immediately. All AWS resources created by Elastic Disaster Recovery for enabling the replication of the Recovery Instance will be terminated / deleted within 90 minutes. If the agent on the Recovery Instance has not been prevented from communicating with the Elastic Disaster Recovery service, then it will receive a command to uninstall itself (within approximately 10 minutes). The following properties of the Recovery Instance will be changed immediately: dataReplicationInfo.dataReplicationState will be set to DISCONNECTED; The totalStorageBytes property for each of dataReplicationInfo.replicatedDisks will be set to zero; dataReplicationInfo.lagDuration and dataReplicationInfo.lagDuration will be nullified.</p>"
+    },
+    "DisconnectSourceServer":{
+      "name":"DisconnectSourceServer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DisconnectSourceServer",
+        "responseCode":200
+      },
+      "input":{"shape":"DisconnectSourceServerRequest"},
+      "output":{"shape":"SourceServer"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Disconnects a specific Source Server from Elastic Disaster Recovery. Data replication is stopped immediately. All AWS resources created by Elastic Disaster Recovery for enabling the replication of the Source Server will be terminated / deleted within 90 minutes. You cannot disconnect a Source Server if it has a Recovery Instance. If the agent on the Source Server has not been prevented from communicating with the Elastic Disaster Recovery service, then it will receive a command to uninstall itself (within approximately 10 minutes). The following properties of the SourceServer will be changed immediately: dataReplicationInfo.dataReplicationState will be set to DISCONNECTED; The totalStorageBytes property for each of dataReplicationInfo.replicatedDisks will be set to zero; dataReplicationInfo.lagDuration and dataReplicationInfo.lagDuration will be nullified.</p>"
+    },
+    "GetFailbackReplicationConfiguration":{
+      "name":"GetFailbackReplicationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetFailbackReplicationConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"GetFailbackReplicationConfigurationRequest"},
+      "output":{"shape":"GetFailbackReplicationConfigurationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Lists all Failback ReplicationConfigurations, filtered by Recovery Instance ID.</p>"
+    },
+    "GetLaunchConfiguration":{
+      "name":"GetLaunchConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetLaunchConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"GetLaunchConfigurationRequest"},
+      "output":{"shape":"LaunchConfiguration"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Gets a LaunchConfiguration, filtered by Source Server IDs.</p>"
+    },
+    "GetReplicationConfiguration":{
+      "name":"GetReplicationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetReplicationConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"GetReplicationConfigurationRequest"},
+      "output":{"shape":"ReplicationConfiguration"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Gets a ReplicationConfiguration, filtered by Source Server ID.</p>"
+    },
+    "InitializeService":{
+      "name":"InitializeService",
+      "http":{
+        "method":"POST",
+        "requestUri":"/InitializeService",
+        "responseCode":204
+      },
+      "input":{"shape":"InitializeServiceRequest"},
+      "output":{"shape":"InitializeServiceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Initialize Elastic Disaster Recovery.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>List all tags for your Elastic Disaster Recovery resources.</p>"
+    },
+    "RetryDataReplication":{
+      "name":"RetryDataReplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/RetryDataReplication",
+        "responseCode":200
+      },
+      "input":{"shape":"RetryDataReplicationRequest"},
+      "output":{"shape":"SourceServer"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Causes the data replication initiation sequence to begin immediately upon next Handshake for the specified Source Server ID, regardless of when the previous initiation started. This command will work only if the Source Server is stalled or is in a DISCONNECTED or STOPPED state.</p>"
+    },
+    "StartFailbackLaunch":{
+      "name":"StartFailbackLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StartFailbackLaunch",
+        "responseCode":200
+      },
+      "input":{"shape":"StartFailbackLaunchRequest"},
+      "output":{"shape":"StartFailbackLaunchResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Initiates a Job for launching the machine that is being failed back to from the specified Recovery Instance. This will run conversion on the failback client and will reboot your machine, thus completing the failback process.</p>"
+    },
+    "StartRecovery":{
+      "name":"StartRecovery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StartRecovery",
+        "responseCode":202
+      },
+      "input":{"shape":"StartRecoveryRequest"},
+      "output":{"shape":"StartRecoveryResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Launches Recovery Instances for the specified Source Servers. For each Source Server you may choose a point in time snapshot to launch from, or use an on demand snapshot.</p>"
+    },
+    "StopFailback":{
+      "name":"StopFailback",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StopFailback",
+        "responseCode":200
+      },
+      "input":{"shape":"StopFailbackRequest"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Stops the failback process for a specified Recovery Instance. This changes the Failback State of the Recovery Instance back to FAILBACK_NOT_STARTED.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Adds or overwrites only the specified tags for the specified Elastic Disaster Recovery resource or resources. When you specify an existing tag key, the value is overwritten with the new value. Each resource can have a maximum of 50 tags. Each tag consists of a key and optional value.</p>",
+      "idempotent":true
+    },
+    "TerminateRecoveryInstances":{
+      "name":"TerminateRecoveryInstances",
+      "http":{
+        "method":"POST",
+        "requestUri":"/TerminateRecoveryInstances",
+        "responseCode":200
+      },
+      "input":{"shape":"TerminateRecoveryInstancesRequest"},
+      "output":{"shape":"TerminateRecoveryInstancesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Initiates a Job for terminating the EC2 resources associated with the specified Recovery Instances, and then will delete the Recovery Instances from the Elastic Disaster Recovery service.</p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes the specified set of tags from the specified set of Elastic Disaster Recovery resources.</p>",
+      "idempotent":true
+    },
+    "UpdateFailbackReplicationConfiguration":{
+      "name":"UpdateFailbackReplicationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateFailbackReplicationConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateFailbackReplicationConfigurationRequest"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Allows you to update the failback replication configuration of a Recovery Instance by ID.</p>"
+    },
+    "UpdateLaunchConfiguration":{
+      "name":"UpdateLaunchConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateLaunchConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateLaunchConfigurationRequest"},
+      "output":{"shape":"LaunchConfiguration"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Updates a LaunchConfiguration by Source Server ID.</p>",
+      "idempotent":true
+    },
+    "UpdateReplicationConfiguration":{
+      "name":"UpdateReplicationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateReplicationConfiguration",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateReplicationConfigurationRequest"},
+      "output":{"shape":"ReplicationConfiguration"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Allows you to update a ReplicationConfiguration by Source Server ID.</p>",
+      "idempotent":true
+    },
+    "UpdateReplicationConfigurationTemplate":{
+      "name":"UpdateReplicationConfigurationTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateReplicationConfigurationTemplate",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateReplicationConfigurationTemplateRequest"},
+      "output":{"shape":"ReplicationConfigurationTemplate"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"UninitializedAccountException"}
+      ],
+      "documentation":"<p>Updates a ReplicationConfigurationTemplate by ID.</p>"
+    }
+  },
+  "shapes":{
+    "ARN":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:.{16,2044}$"
+    },
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"}
+      },
+      "documentation":"<p>TYou do not have sufficient access to perform this action.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "BoundedString":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "CPU":{
+      "type":"structure",
+      "members":{
+        "cores":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The number of CPU cores.</p>"
+        },
+        "modelName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The model name of the CPU.</p>"
+        }
+      },
+      "documentation":"<p>Information about a server's CPU.</p>"
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"},
+        "resourceId":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "resourceType":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The type of the resource.</p>"
+        }
+      },
+      "documentation":"<p>The request could not be completed due to a conflict with the current state of the target resource.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Cpus":{
+      "type":"list",
+      "member":{"shape":"CPU"},
+      "max":256,
+      "min":0
+    },
+    "CreateReplicationConfigurationTemplateRequest":{
+      "type":"structure",
+      "required":[
+        "associateDefaultSecurityGroup",
+        "bandwidthThrottling",
+        "createPublicIP",
+        "dataPlaneRouting",
+        "defaultLargeStagingDiskType",
+        "ebsEncryption",
+        "pitPolicy",
+        "replicationServerInstanceType",
+        "replicationServersSecurityGroupsIDs",
+        "stagingAreaSubnetId",
+        "stagingAreaTags",
+        "useDedicatedReplicationServer"
+      ],
+      "members":{
+        "associateDefaultSecurityGroup":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to associate the default Elastic Disaster Recovery Security group with the Replication Configuration Template.</p>"
+        },
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Source Server in Mbps.</p>"
+        },
+        "createPublicIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to create a Public IP for the Recovery Instance by default.</p>"
+        },
+        "dataPlaneRouting":{
+          "shape":"ReplicationConfigurationDataPlaneRouting",
+          "documentation":"<p>The data plane routing mechanism that will be used for replication.</p>"
+        },
+        "defaultLargeStagingDiskType":{
+          "shape":"ReplicationConfigurationDefaultLargeStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "ebsEncryption":{
+          "shape":"ReplicationConfigurationEbsEncryption",
+          "documentation":"<p>The type of EBS encryption to be used during replication.</p>"
+        },
+        "ebsEncryptionKeyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the EBS encryption key to be used during replication.</p>"
+        },
+        "pitPolicy":{
+          "shape":"PITPolicy",
+          "documentation":"<p>The Point in time (PIT) policy to manage snapshots taken during replication.</p>"
+        },
+        "replicationServerInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The instance type to be used for the replication server.</p>"
+        },
+        "replicationServersSecurityGroupsIDs":{
+          "shape":"ReplicationServersSecurityGroupsIDs",
+          "documentation":"<p>The security group IDs that will be used by the replication server.</p>"
+        },
+        "stagingAreaSubnetId":{
+          "shape":"SubnetID",
+          "documentation":"<p>The subnet to be used by the replication staging area.</p>"
+        },
+        "stagingAreaTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with all resources created in the replication staging area: EC2 replication server, EBS volumes, EBS snapshots, etc.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with the Replication Configuration Template resource.</p>"
+        },
+        "useDedicatedReplicationServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use a dedicated Replication Server in the replication staging area.</p>"
+        }
+      }
+    },
+    "DataReplicationError":{
+      "type":"structure",
+      "members":{
+        "error":{
+          "shape":"DataReplicationErrorString",
+          "documentation":"<p>Error in data replication.</p>"
+        },
+        "rawError":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Error in data replication.</p>"
+        }
+      },
+      "documentation":"<p>Error in data replication.</p>"
+    },
+    "DataReplicationErrorString":{
+      "type":"string",
+      "enum":[
+        "AGENT_NOT_SEEN",
+        "SNAPSHOTS_FAILURE",
+        "NOT_CONVERGING",
+        "UNSTABLE_NETWORK",
+        "FAILED_TO_CREATE_SECURITY_GROUP",
+        "FAILED_TO_LAUNCH_REPLICATION_SERVER",
+        "FAILED_TO_BOOT_REPLICATION_SERVER",
+        "FAILED_TO_AUTHENTICATE_WITH_SERVICE",
+        "FAILED_TO_DOWNLOAD_REPLICATION_SOFTWARE",
+        "FAILED_TO_CREATE_STAGING_DISKS",
+        "FAILED_TO_ATTACH_STAGING_DISKS",
+        "FAILED_TO_PAIR_REPLICATION_SERVER_WITH_AGENT",
+        "FAILED_TO_CONNECT_AGENT_TO_REPLICATION_SERVER",
+        "FAILED_TO_START_DATA_TRANSFER"
+      ]
+    },
+    "DataReplicationInfo":{
+      "type":"structure",
+      "members":{
+        "dataReplicationError":{
+          "shape":"DataReplicationError",
+          "documentation":"<p>Error in data replication.</p>"
+        },
+        "dataReplicationInitiation":{
+          "shape":"DataReplicationInitiation",
+          "documentation":"<p>Information about whether the data replication has been initiated.</p>"
+        },
+        "dataReplicationState":{
+          "shape":"DataReplicationState",
+          "documentation":"<p>The state of the data replication.</p>"
+        },
+        "etaDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>An estimate of when the data replication will be completed.</p>"
+        },
+        "lagDuration":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>Data replication lag duration.</p>"
+        },
+        "replicatedDisks":{
+          "shape":"DataReplicationInfoReplicatedDisks",
+          "documentation":"<p>The disks that should be replicated.</p>"
+        }
+      },
+      "documentation":"<p>Information about Data Replication</p>"
+    },
+    "DataReplicationInfoReplicatedDisk":{
+      "type":"structure",
+      "members":{
+        "backloggedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The size of the replication backlog in bytes.</p>"
+        },
+        "deviceName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The name of the device.</p>"
+        },
+        "replicatedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of data replicated so far in bytes.</p>"
+        },
+        "rescannedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of data to be rescanned in bytes.</p>"
+        },
+        "totalStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The total amount of data to be replicated in bytes.</p>"
+        }
+      },
+      "documentation":"<p>A disk that should be replicated.</p>"
+    },
+    "DataReplicationInfoReplicatedDisks":{
+      "type":"list",
+      "member":{"shape":"DataReplicationInfoReplicatedDisk"},
+      "max":60,
+      "min":0
+    },
+    "DataReplicationInitiation":{
+      "type":"structure",
+      "members":{
+        "nextAttemptDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the next attempt to initiate data replication.</p>"
+        },
+        "startDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the current attempt to initiate data replication.</p>"
+        },
+        "steps":{
+          "shape":"DataReplicationInitiationSteps",
+          "documentation":"<p>The steps of the current attempt to initiate data replication.</p>"
+        }
+      },
+      "documentation":"<p>Data replication initiation.</p>"
+    },
+    "DataReplicationInitiationStep":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"DataReplicationInitiationStepName",
+          "documentation":"<p>The name of the step.</p>"
+        },
+        "status":{
+          "shape":"DataReplicationInitiationStepStatus",
+          "documentation":"<p>The status of the step.</p>"
+        }
+      },
+      "documentation":"<p>Data replication initiation step.</p>"
+    },
+    "DataReplicationInitiationStepName":{
+      "type":"string",
+      "enum":[
+        "WAIT",
+        "CREATE_SECURITY_GROUP",
+        "LAUNCH_REPLICATION_SERVER",
+        "BOOT_REPLICATION_SERVER",
+        "AUTHENTICATE_WITH_SERVICE",
+        "DOWNLOAD_REPLICATION_SOFTWARE",
+        "CREATE_STAGING_DISKS",
+        "ATTACH_STAGING_DISKS",
+        "PAIR_REPLICATION_SERVER_WITH_AGENT",
+        "CONNECT_AGENT_TO_REPLICATION_SERVER",
+        "START_DATA_TRANSFER"
+      ]
+    },
+    "DataReplicationInitiationStepStatus":{
+      "type":"string",
+      "enum":[
+        "NOT_STARTED",
+        "IN_PROGRESS",
+        "SUCCEEDED",
+        "FAILED",
+        "SKIPPED"
+      ]
+    },
+    "DataReplicationInitiationSteps":{
+      "type":"list",
+      "member":{"shape":"DataReplicationInitiationStep"}
+    },
+    "DataReplicationState":{
+      "type":"string",
+      "enum":[
+        "STOPPED",
+        "INITIATING",
+        "INITIAL_SYNC",
+        "BACKLOG",
+        "CREATING_SNAPSHOT",
+        "CONTINUOUS",
+        "PAUSED",
+        "RESCAN",
+        "STALLED",
+        "DISCONNECTED"
+      ]
+    },
+    "DeleteJobRequest":{
+      "type":"structure",
+      "required":["jobID"],
+      "members":{
+        "jobID":{
+          "shape":"JobID",
+          "documentation":"<p>The ID of the Job to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteJobResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteRecoveryInstanceRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>RThe ID of the Recovery Instance to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteReplicationConfigurationTemplateRequest":{
+      "type":"structure",
+      "required":["replicationConfigurationTemplateID"],
+      "members":{
+        "replicationConfigurationTemplateID":{
+          "shape":"ReplicationConfigurationTemplateID",
+          "documentation":"<p>The ID of the Replication Configuration Template to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteReplicationConfigurationTemplateResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteSourceServerRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteSourceServerResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DescribeJobLogItemsRequest":{
+      "type":"structure",
+      "required":["jobID"],
+      "members":{
+        "jobID":{
+          "shape":"JobID",
+          "documentation":"<p>The ID of the Job for which Job log items will be retrieved.</p>"
+        },
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Job log items to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Job log items to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeJobLogItemsResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"JobLogs",
+          "documentation":"<p>An array of Job log items.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Job log items to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeJobsRequest":{
+      "type":"structure",
+      "required":["filters"],
+      "members":{
+        "filters":{
+          "shape":"DescribeJobsRequestFilters",
+          "documentation":"<p>A set of filters by which to return Jobs.</p>"
+        },
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Jobs to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Job to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeJobsRequestFilters":{
+      "type":"structure",
+      "members":{
+        "fromDate":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The start date in a date range query.</p>"
+        },
+        "jobIDs":{
+          "shape":"DescribeJobsRequestFiltersJobIDs",
+          "documentation":"<p>An array of Job IDs that should be returned. An empty array means all jobs.</p>"
+        },
+        "toDate":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The end date in a date range query.</p>"
+        }
+      },
+      "documentation":"<p>A set of filters by which to return Jobs.</p>"
+    },
+    "DescribeJobsRequestFiltersJobIDs":{
+      "type":"list",
+      "member":{"shape":"JobID"},
+      "max":1000,
+      "min":0
+    },
+    "DescribeJobsResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"JobsList",
+          "documentation":"<p>An array of Jobs.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Job to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeRecoveryInstancesItems":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstance"}
+    },
+    "DescribeRecoveryInstancesRequest":{
+      "type":"structure",
+      "required":["filters"],
+      "members":{
+        "filters":{
+          "shape":"DescribeRecoveryInstancesRequestFilters",
+          "documentation":"<p>A set of filters by which to return Recovery Instances.</p>"
+        },
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Recovery Instances to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Recovery Instance to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeRecoveryInstancesRequestFilters":{
+      "type":"structure",
+      "members":{
+        "recoveryInstanceIDs":{
+          "shape":"RecoveryInstanceIDs",
+          "documentation":"<p>An array of Recovery Instance IDs that should be returned. An empty array means all Recovery Instances.</p>"
+        },
+        "sourceServerIDs":{
+          "shape":"SourceServerIDs",
+          "documentation":"<p>An array of Source Server IDs for which associated Recovery Instances should be returned.</p>"
+        }
+      },
+      "documentation":"<p>A set of filters by which to return Recovery Instances.</p>"
+    },
+    "DescribeRecoveryInstancesResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"DescribeRecoveryInstancesItems",
+          "documentation":"<p>An array of Recovery Instances.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Recovery Instance to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeRecoverySnapshotsRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "filters":{
+          "shape":"DescribeRecoverySnapshotsRequestFilters",
+          "documentation":"<p>A set of filters by which to return Recovery Snapshots.</p>"
+        },
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Recovery Snapshots to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Recovery Snapshot to retrieve.</p>"
+        },
+        "order":{
+          "shape":"RecoverySnapshotsOrder",
+          "documentation":"<p>The sorted ordering by which to return Recovery Snapshots.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>Filter Recovery Snapshots by Source Server ID.</p>"
+        }
+      }
+    },
+    "DescribeRecoverySnapshotsRequestFilters":{
+      "type":"structure",
+      "members":{
+        "fromDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The start date in a date range query.</p>"
+        },
+        "toDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The end date in a date range query.</p>"
+        }
+      },
+      "documentation":"<p>A set of filters by which to return Recovery Snapshots.</p>"
+    },
+    "DescribeRecoverySnapshotsResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"RecoverySnapshotsList",
+          "documentation":"<p>An array of Recovery Snapshots.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Recovery Snapshot to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeReplicationConfigurationTemplatesRequest":{
+      "type":"structure",
+      "required":["replicationConfigurationTemplateIDs"],
+      "members":{
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Replication Configuration Templates to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Replication Configuration Template to retrieve.</p>"
+        },
+        "replicationConfigurationTemplateIDs":{
+          "shape":"ReplicationConfigurationTemplateIDs",
+          "documentation":"<p>The IDs of the Replication Configuration Templates to retrieve. An empty list means all Replication Configuration Templates.</p>"
+        }
+      }
+    },
+    "DescribeReplicationConfigurationTemplatesResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"ReplicationConfigurationTemplates",
+          "documentation":"<p>An array of Replication Configuration Templates.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Replication Configuration Template to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeSourceServersRequest":{
+      "type":"structure",
+      "required":["filters"],
+      "members":{
+        "filters":{
+          "shape":"DescribeSourceServersRequestFilters",
+          "documentation":"<p>A set of filters by which to return Source Servers.</p>"
+        },
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum number of Source Servers to retrieve.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Source Server to retrieve.</p>"
+        }
+      }
+    },
+    "DescribeSourceServersRequestFilters":{
+      "type":"structure",
+      "members":{
+        "hardwareId":{
+          "shape":"BoundedString",
+          "documentation":"<p>An ID that describes the hardware of the Source Server. This is either an EC2 instance id, a VMware uuid or a mac address.</p>"
+        },
+        "sourceServerIDs":{
+          "shape":"DescribeSourceServersRequestFiltersIDs",
+          "documentation":"<p>An array of Source Servers IDs that should be returned. An empty array means all Source Servers.</p>"
+        }
+      },
+      "documentation":"<p>A set of filters by which to return Source Servers.</p>"
+    },
+    "DescribeSourceServersRequestFiltersIDs":{
+      "type":"list",
+      "member":{"shape":"SourceServerID"},
+      "max":200,
+      "min":0
+    },
+    "DescribeSourceServersResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"SourceServersList",
+          "documentation":"<p>An array of Source Servers.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token of the next Source Server to retrieve.</p>"
+        }
+      }
+    },
+    "DisconnectRecoveryInstanceRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance to disconnect.</p>"
+        }
+      }
+    },
+    "DisconnectSourceServerRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server to disconnect.</p>"
+        }
+      }
+    },
+    "Disk":{
+      "type":"structure",
+      "members":{
+        "bytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of storage on the disk in bytes.</p>"
+        },
+        "deviceName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The disk or device name.</p>"
+        }
+      },
+      "documentation":"<p>An object representing a data storage device on a server.</p>"
+    },
+    "Disks":{
+      "type":"list",
+      "member":{"shape":"Disk"},
+      "max":1000,
+      "min":0
+    },
+    "EC2InstanceID":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^i-[0-9a-fA-F]{8,}$"
+    },
+    "EC2InstanceState":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "RUNNING",
+        "STOPPING",
+        "STOPPED",
+        "SHUTTING-DOWN",
+        "TERMINATED",
+        "NOT_FOUND"
+      ]
+    },
+    "EC2InstanceType":{
+      "type":"string",
+      "max":255,
+      "min":0
+    },
+    "EbsSnapshotsList":{
+      "type":"list",
+      "member":{"shape":"ebsSnapshot"}
+    },
+    "EbsVolumeID":{
+      "type":"string",
+      "max":19,
+      "min":10,
+      "pattern":"^vol-([0-9a-fA-F]{8}|[0-9a-fA-F]{17})$"
+    },
+    "FailbackReplicationError":{
+      "type":"string",
+      "enum":[
+        "AGENT_NOT_SEEN",
+        "FAILBACK_CLIENT_NOT_SEEN",
+        "NOT_CONVERGING",
+        "UNSTABLE_NETWORK",
+        "FAILED_TO_ESTABLISH_RECOVERY_INSTANCE_COMMUNICATION",
+        "FAILED_TO_DOWNLOAD_REPLICATION_SOFTWARE_TO_FAILBACK_CLIENT",
+        "FAILED_TO_CONFIGURE_REPLICATION_SOFTWARE",
+        "FAILED_TO_PAIR_AGENT_WITH_REPLICATION_SOFTWARE",
+        "FAILED_TO_ESTABLISH_AGENT_REPLICATOR_SOFTWARE_COMMUNICATION"
+      ]
+    },
+    "FailbackState":{
+      "type":"string",
+      "enum":[
+        "FAILBACK_NOT_STARTED",
+        "FAILBACK_IN_PROGRESS",
+        "FAILBACK_READY_FOR_LAUNCH",
+        "FAILBACK_COMPLETED",
+        "FAILBACK_ERROR"
+      ]
+    },
+    "GetFailbackReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance whose failback replication configuration should be returned.</p>"
+        }
+      }
+    },
+    "GetFailbackReplicationConfigurationResponse":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Recovery Instance in Mbps.</p>"
+        },
+        "name":{
+          "shape":"BoundedString",
+          "documentation":"<p>The name of the Failback Replication Configuration.</p>"
+        },
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance.</p>"
+        },
+        "usePrivateIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use Private IP for the failback replication of the Recovery Instance.</p>"
+        }
+      }
+    },
+    "GetLaunchConfigurationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server that we want to retrieve a Launch Configuration for.</p>"
+        }
+      }
+    },
+    "GetReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Serve for this Replication Configuration.r</p>"
+        }
+      }
+    },
+    "IPsList":{
+      "type":"list",
+      "member":{"shape":"BoundedString"}
+    },
+    "ISO8601DatetimeString":{
+      "type":"string",
+      "max":32,
+      "min":19,
+      "pattern":"^[1-9][0-9]*-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])T([0-1][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9](\\.[0-9]+)?Z$"
+    },
+    "IdentificationHints":{
+      "type":"structure",
+      "members":{
+        "awsInstanceID":{
+          "shape":"EC2InstanceID",
+          "documentation":"<p>AWS Instance ID identification hint.</p>"
+        },
+        "fqdn":{
+          "shape":"BoundedString",
+          "documentation":"<p>Fully Qualified Domain Name identification hint.</p>"
+        },
+        "hostname":{
+          "shape":"BoundedString",
+          "documentation":"<p>Hostname identification hint.</p>"
+        },
+        "vmWareUuid":{
+          "shape":"BoundedString",
+          "documentation":"<p>vCenter VM path identification hint.</p>"
+        }
+      },
+      "documentation":"<p>Hints used to uniquely identify a machine.</p>"
+    },
+    "InitializeServiceRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "InitializeServiceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "InitiatedBy":{
+      "type":"string",
+      "enum":[
+        "START_RECOVERY",
+        "START_DRILL",
+        "FAILBACK",
+        "DIAGNOSTIC",
+        "TERMINATE_RECOVERY_INSTANCES"
+      ]
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"LargeBoundedString"},
+        "retryAfterSeconds":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The number of seconds after which the request should be safe to retry.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        }
+      },
+      "documentation":"<p>The request processing has failed because of an unknown error, exception or failure.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "Job":{
+      "type":"structure",
+      "required":["jobID"],
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of a Job.</p>"
+        },
+        "creationDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of when the Job was created.</p>"
+        },
+        "endDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of when the Job ended.</p>"
+        },
+        "initiatedBy":{
+          "shape":"InitiatedBy",
+          "documentation":"<p>A string representing who initiated the Job.</p>"
+        },
+        "jobID":{
+          "shape":"JobID",
+          "documentation":"<p>The ID of the Job.</p>"
+        },
+        "participatingServers":{
+          "shape":"ParticipatingServers",
+          "documentation":"<p>A list of servers that the Job is acting upon.</p>"
+        },
+        "status":{
+          "shape":"JobStatus",
+          "documentation":"<p>The status of the Job.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A list of tags associated with the Job.</p>"
+        },
+        "type":{
+          "shape":"JobType",
+          "documentation":"<p>The type of the Job.</p>"
+        }
+      },
+      "documentation":"<p>A job is an asynchronous workflow.</p>"
+    },
+    "JobID":{
+      "type":"string",
+      "max":24,
+      "min":24,
+      "pattern":"^drsjob-[0-9a-zA-Z]{17}$"
+    },
+    "JobLog":{
+      "type":"structure",
+      "members":{
+        "event":{
+          "shape":"JobLogEvent",
+          "documentation":"<p>The event represents the type of a log.</p>"
+        },
+        "eventData":{
+          "shape":"JobLogEventData",
+          "documentation":"<p>Metadata associated with a Job log.</p>"
+        },
+        "logDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time the log was taken.</p>"
+        }
+      },
+      "documentation":"<p>A log outputted by a Job.</p>"
+    },
+    "JobLogEvent":{
+      "type":"string",
+      "enum":[
+        "JOB_START",
+        "SERVER_SKIPPED",
+        "CLEANUP_START",
+        "CLEANUP_END",
+        "CLEANUP_FAIL",
+        "SNAPSHOT_START",
+        "SNAPSHOT_END",
+        "SNAPSHOT_FAIL",
+        "USING_PREVIOUS_SNAPSHOT",
+        "USING_PREVIOUS_SNAPSHOT_FAILED",
+        "CONVERSION_START",
+        "CONVERSION_END",
+        "CONVERSION_FAIL",
+        "LAUNCH_START",
+        "LAUNCH_FAILED",
+        "JOB_CANCEL",
+        "JOB_END"
+      ]
+    },
+    "JobLogEventData":{
+      "type":"structure",
+      "members":{
+        "conversionServerID":{
+          "shape":"EC2InstanceID",
+          "documentation":"<p>The ID of a conversion server.</p>"
+        },
+        "rawError":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>A string representing a job error.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of a Source Server.</p>"
+        },
+        "targetInstanceID":{
+          "shape":"EC2InstanceID",
+          "documentation":"<p>The ID of a Recovery Instance.</p>"
+        }
+      },
+      "documentation":"<p>Metadata associated with a Job log.</p>"
+    },
+    "JobLogs":{
+      "type":"list",
+      "member":{"shape":"JobLog"}
+    },
+    "JobStatus":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "STARTED",
+        "COMPLETED"
+      ]
+    },
+    "JobType":{
+      "type":"string",
+      "enum":[
+        "LAUNCH",
+        "TERMINATE"
+      ]
+    },
+    "JobsList":{
+      "type":"list",
+      "member":{"shape":"Job"}
+    },
+    "LargeBoundedString":{
+      "type":"string",
+      "max":65536,
+      "min":0
+    },
+    "LastLaunchResult":{
+      "type":"string",
+      "enum":[
+        "NOT_STARTED",
+        "PENDING",
+        "SUCCEEDED",
+        "FAILED"
+      ]
+    },
+    "LastLaunchType":{
+      "type":"string",
+      "enum":[
+        "RECOVERY",
+        "DRILL"
+      ]
+    },
+    "LaunchConfiguration":{
+      "type":"structure",
+      "members":{
+        "copyPrivateIp":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether we should copy the Private IP of the Source Server to the Recovery Instance.</p>"
+        },
+        "copyTags":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether we want to copy the tags of the Source Server to the EC2 machine of the Recovery Instance.</p>"
+        },
+        "ec2LaunchTemplateID":{
+          "shape":"BoundedString",
+          "documentation":"<p>The EC2 launch template ID of this launch configuration.</p>"
+        },
+        "launchDisposition":{
+          "shape":"LaunchDisposition",
+          "documentation":"<p>The state of the Recovery Instance in EC2 after the recovery operation.</p>"
+        },
+        "licensing":{
+          "shape":"Licensing",
+          "documentation":"<p>The licensing configuration to be used for this launch configuration.</p>"
+        },
+        "name":{
+          "shape":"SmallBoundedString",
+          "documentation":"<p>The name of the launch configuration.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server for this launch configuration.</p>"
+        },
+        "targetInstanceTypeRightSizingMethod":{
+          "shape":"TargetInstanceTypeRightSizingMethod",
+          "documentation":"<p>Whether Elastic Disaster Recovery should try to automatically choose the instance type that best matches the OS, CPU, and RAM of your Source Server.</p>"
+        }
+      }
+    },
+    "LaunchDisposition":{
+      "type":"string",
+      "enum":[
+        "STOPPED",
+        "STARTED"
+      ]
+    },
+    "LaunchStatus":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "IN_PROGRESS",
+        "LAUNCHED",
+        "FAILED",
+        "TERMINATED"
+      ]
+    },
+    "Licensing":{
+      "type":"structure",
+      "members":{
+        "osByol":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to enable \"Bring your own license\" or not.</p>"
+        }
+      },
+      "documentation":"<p>Configuration of a machine's license.</p>"
+    },
+    "LifeCycle":{
+      "type":"structure",
+      "members":{
+        "addedToServiceDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of when the Source Server was added to the service.</p>"
+        },
+        "elapsedReplicationDuration":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The amount of time that the Source Server has been replicating for.</p>"
+        },
+        "firstByteDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the first byte that was replicated from the Source Server.</p>"
+        },
+        "lastLaunch":{
+          "shape":"LifeCycleLastLaunch",
+          "documentation":"<p>An object containing information regarding the last launch of the Source Server.</p>"
+        },
+        "lastSeenByServiceDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time this Source Server was last seen by the service.</p>"
+        }
+      },
+      "documentation":"<p>An object representing the Source Server Lifecycle.</p>"
+    },
+    "LifeCycleLastLaunch":{
+      "type":"structure",
+      "members":{
+        "initiated":{
+          "shape":"LifeCycleLastLaunchInitiated",
+          "documentation":"<p>An object containing information regarding the initiation of the last launch of a Source Server.</p>"
+        }
+      },
+      "documentation":"<p>An object containing information regarding the last launch of a Source Server.</p>"
+    },
+    "LifeCycleLastLaunchInitiated":{
+      "type":"structure",
+      "members":{
+        "apiCallDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time the last Source Server launch was initiated.</p>"
+        },
+        "jobID":{
+          "shape":"JobID",
+          "documentation":"<p>The ID of the Job that was used to last launch the Source Server.</p>"
+        },
+        "type":{
+          "shape":"LastLaunchType",
+          "documentation":"<p>The Job type that was used to last launch the Source Server.</p>"
+        }
+      },
+      "documentation":"<p>An object containing information regarding the initiation of the last launch of a Source Server.</p>"
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the resource whose tags should be returned.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>The tags of the requested resource.</p>"
+        }
+      }
+    },
+    "NetworkInterface":{
+      "type":"structure",
+      "members":{
+        "ips":{
+          "shape":"IPsList",
+          "documentation":"<p>Network interface IPs.</p>"
+        },
+        "isPrimary":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether this is the primary network interface.</p>"
+        },
+        "macAddress":{
+          "shape":"BoundedString",
+          "documentation":"<p>The MAC address of the network interface.</p>"
+        }
+      },
+      "documentation":"<p>Network interface.</p>"
+    },
+    "NetworkInterfaces":{
+      "type":"list",
+      "member":{"shape":"NetworkInterface"},
+      "max":32,
+      "min":0
+    },
+    "OS":{
+      "type":"structure",
+      "members":{
+        "fullString":{
+          "shape":"BoundedString",
+          "documentation":"<p>The long name of the Operating System.</p>"
+        }
+      },
+      "documentation":"<p>Operating System.</p>"
+    },
+    "PITPolicy":{
+      "type":"list",
+      "member":{"shape":"PITPolicyRule"},
+      "max":10,
+      "min":1
+    },
+    "PITPolicyRule":{
+      "type":"structure",
+      "required":[
+        "interval",
+        "retentionDuration",
+        "units"
+      ],
+      "members":{
+        "enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether this rule is enabled or not.</p>"
+        },
+        "interval":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>How often, in the chosen units, a snapshot should be taken.</p>"
+        },
+        "retentionDuration":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>The duration to retain a snapshot for, in the chosen units.</p>"
+        },
+        "ruleID":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The ID of the rule.</p>"
+        },
+        "units":{
+          "shape":"PITPolicyRuleUnits",
+          "documentation":"<p>The units used to measure the interval and retentionDuration.</p>"
+        }
+      },
+      "documentation":"<p>A rule in the Point in Time (PIT) policy representing when to take snapshots and how long to retain them for.</p>"
+    },
+    "PITPolicyRuleUnits":{
+      "type":"string",
+      "enum":[
+        "MINUTE",
+        "HOUR",
+        "DAY"
+      ]
+    },
+    "PaginationToken":{
+      "type":"string",
+      "max":2048,
+      "min":0
+    },
+    "ParticipatingServer":{
+      "type":"structure",
+      "members":{
+        "launchStatus":{
+          "shape":"LaunchStatus",
+          "documentation":"<p>The launch status of a participating server.</p>"
+        },
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The Recovery Instance ID of a participating server.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The Source Server ID of a participating server.</p>"
+        }
+      },
+      "documentation":"<p>Represents a server participating in an asynchronous Job.</p>"
+    },
+    "ParticipatingServers":{
+      "type":"list",
+      "member":{"shape":"ParticipatingServer"}
+    },
+    "PositiveInteger":{
+      "type":"long",
+      "min":0
+    },
+    "RecoveryInstance":{
+      "type":"structure",
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the Recovery Instance.</p>"
+        },
+        "dataReplicationInfo":{
+          "shape":"RecoveryInstanceDataReplicationInfo",
+          "documentation":"<p>The Data Replication Info of the Recovery Instance.</p>"
+        },
+        "ec2InstanceID":{
+          "shape":"EC2InstanceID",
+          "documentation":"<p>The EC2 instance ID of the Recovery Instance.</p>"
+        },
+        "ec2InstanceState":{
+          "shape":"EC2InstanceState",
+          "documentation":"<p>The state of the EC2 instance for this Recovery Instance.</p>"
+        },
+        "failback":{
+          "shape":"RecoveryInstanceFailback",
+          "documentation":"<p>An object representing failback related information of the Recovery Instance.</p>"
+        },
+        "isDrill":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether this Recovery Instance was created for a drill or for an actual Recovery event.</p>"
+        },
+        "jobID":{
+          "shape":"JobID",
+          "documentation":"<p>The ID of the Job that created the Recovery Instance.</p>"
+        },
+        "pointInTimeSnapshotDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the Point in Time (PIT) snapshot that this Recovery Instance was launched from.</p>"
+        },
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance.</p>"
+        },
+        "recoveryInstanceProperties":{
+          "shape":"RecoveryInstanceProperties",
+          "documentation":"<p>Properties of the Recovery Instance machine.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The Source Server ID that this Recovery Instance is associated with.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>An array of tags that are associated with the Recovery Instance.</p>"
+        }
+      },
+      "documentation":"<p>A Recovery Instance is a replica of a Source Server running on EC2.</p>"
+    },
+    "RecoveryInstanceDataReplicationError":{
+      "type":"structure",
+      "members":{
+        "error":{
+          "shape":"FailbackReplicationError",
+          "documentation":"<p>Error in data replication.</p>"
+        },
+        "rawError":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Error in data replication.</p>"
+        }
+      },
+      "documentation":"<p>Error in data replication.</p>"
+    },
+    "RecoveryInstanceDataReplicationInfo":{
+      "type":"structure",
+      "members":{
+        "dataReplicationError":{
+          "shape":"RecoveryInstanceDataReplicationError",
+          "documentation":"<p>Information about Data Replication</p>"
+        },
+        "dataReplicationInitiation":{
+          "shape":"RecoveryInstanceDataReplicationInitiation",
+          "documentation":"<p>Information about whether the data replication has been initiated.</p>"
+        },
+        "dataReplicationState":{
+          "shape":"RecoveryInstanceDataReplicationState",
+          "documentation":"<p>The state of the data replication.</p>"
+        },
+        "etaDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>An estimate of when the data replication will be completed.</p>"
+        },
+        "lagDuration":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>Data replication lag duration.</p>"
+        },
+        "replicatedDisks":{
+          "shape":"RecoveryInstanceDataReplicationInfoReplicatedDisks",
+          "documentation":"<p>The disks that should be replicated.</p>"
+        }
+      },
+      "documentation":"<p>Information about Data Replication</p>"
+    },
+    "RecoveryInstanceDataReplicationInfoReplicatedDisk":{
+      "type":"structure",
+      "members":{
+        "backloggedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The size of the replication backlog in bytes.</p>"
+        },
+        "deviceName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The name of the device.</p>"
+        },
+        "replicatedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of data replicated so far in bytes.</p>"
+        },
+        "rescannedStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of data to be rescanned in bytes.</p>"
+        },
+        "totalStorageBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The total amount of data to be replicated in bytes.</p>"
+        }
+      },
+      "documentation":"<p>A disk that should be replicated.</p>"
+    },
+    "RecoveryInstanceDataReplicationInfoReplicatedDisks":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceDataReplicationInfoReplicatedDisk"},
+      "max":60,
+      "min":0
+    },
+    "RecoveryInstanceDataReplicationInitiation":{
+      "type":"structure",
+      "members":{
+        "startDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the current attempt to initiate data replication.</p>"
+        },
+        "steps":{
+          "shape":"RecoveryInstanceDataReplicationInitiationSteps",
+          "documentation":"<p>The steps of the current attempt to initiate data replication.</p>"
+        }
+      },
+      "documentation":"<p>Data replication initiation.</p>"
+    },
+    "RecoveryInstanceDataReplicationInitiationStep":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"RecoveryInstanceDataReplicationInitiationStepName",
+          "documentation":"<p>The name of the step.</p>"
+        },
+        "status":{
+          "shape":"RecoveryInstanceDataReplicationInitiationStepStatus",
+          "documentation":"<p>The status of the step.</p>"
+        }
+      },
+      "documentation":"<p>Data replication initiation step.</p>"
+    },
+    "RecoveryInstanceDataReplicationInitiationStepName":{
+      "type":"string",
+      "enum":[
+        "LINK_FAILBACK_CLIENT_WITH_RECOVERY_INSTANCE",
+        "COMPLETE_VOLUME_MAPPING",
+        "ESTABLISH_RECOVERY_INSTANCE_COMMUNICATION",
+        "DOWNLOAD_REPLICATION_SOFTWARE_TO_FAILBACK_CLIENT",
+        "CONFIGURE_REPLICATION_SOFTWARE",
+        "PAIR_AGENT_WITH_REPLICATION_SOFTWARE",
+        "ESTABLISH_AGENT_REPLICATOR_SOFTWARE_COMMUNICATION"
+      ]
+    },
+    "RecoveryInstanceDataReplicationInitiationStepStatus":{
+      "type":"string",
+      "enum":[
+        "NOT_STARTED",
+        "IN_PROGRESS",
+        "SUCCEEDED",
+        "FAILED",
+        "SKIPPED"
+      ]
+    },
+    "RecoveryInstanceDataReplicationInitiationSteps":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceDataReplicationInitiationStep"}
+    },
+    "RecoveryInstanceDataReplicationState":{
+      "type":"string",
+      "enum":[
+        "STOPPED",
+        "INITIATING",
+        "INITIAL_SYNC",
+        "BACKLOG",
+        "CREATING_SNAPSHOT",
+        "CONTINUOUS",
+        "PAUSED",
+        "RESCAN",
+        "STALLED",
+        "DISCONNECTED"
+      ]
+    },
+    "RecoveryInstanceDisk":{
+      "type":"structure",
+      "members":{
+        "bytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of storage on the disk in bytes.</p>"
+        },
+        "ebsVolumeID":{
+          "shape":"EbsVolumeID",
+          "documentation":"<p>The EBS Volume ID of this disk.</p>"
+        },
+        "internalDeviceName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The internal device name of this disk. This is the name that is visible on the machine itself and not from the EC2 console.</p>"
+        }
+      },
+      "documentation":"<p>An object representing a block storage device on the Recovery Instance.</p>"
+    },
+    "RecoveryInstanceDisks":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceDisk"},
+      "max":1000,
+      "min":0
+    },
+    "RecoveryInstanceFailback":{
+      "type":"structure",
+      "members":{
+        "agentLastSeenByServiceDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time the agent on the Recovery Instance was last seen by the service.</p>"
+        },
+        "elapsedReplicationDuration":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The amount of time that the Recovery Instance has been replicating for.</p>"
+        },
+        "failbackClientID":{
+          "shape":"BoundedString",
+          "documentation":"<p>The ID of the failback client that this Recovery Instance is associated with.</p>"
+        },
+        "failbackClientLastSeenByServiceDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time that the failback client was last seen by the service.</p>"
+        },
+        "failbackInitiationTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time that the failback initiation started.</p>"
+        },
+        "failbackJobID":{
+          "shape":"JobID",
+          "documentation":"<p>The Job ID of the last failback log for this Recovery Instance.</p>"
+        },
+        "failbackToOriginalServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether we are failing back to the original Source Server for this Recovery Instance.</p>"
+        },
+        "firstByteDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time of the first byte that was replicated from the Recovery Instance.</p>"
+        },
+        "state":{
+          "shape":"FailbackState",
+          "documentation":"<p>The state of the failback process that this Recovery Instance is in.</p>"
+        }
+      },
+      "documentation":"<p>An object representing failback related information of the Recovery Instance.</p>"
+    },
+    "RecoveryInstanceID":{
+      "type":"string",
+      "max":19,
+      "min":10,
+      "pattern":"^i-[0-9a-fA-F]{8,}$"
+    },
+    "RecoveryInstanceIDs":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceID"},
+      "max":200,
+      "min":0
+    },
+    "RecoveryInstanceProperties":{
+      "type":"structure",
+      "members":{
+        "cpus":{
+          "shape":"Cpus",
+          "documentation":"<p>An array of CPUs.</p>"
+        },
+        "disks":{
+          "shape":"RecoveryInstanceDisks",
+          "documentation":"<p>An array of disks.</p>"
+        },
+        "identificationHints":{
+          "shape":"IdentificationHints",
+          "documentation":"<p>Hints used to uniquely identify a machine.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time the Recovery Instance properties were last updated on.</p>"
+        },
+        "networkInterfaces":{
+          "shape":"NetworkInterfaces",
+          "documentation":"<p>An array of network interfaces.</p>"
+        },
+        "os":{
+          "shape":"OS",
+          "documentation":"<p>Operating system.</p>"
+        },
+        "ramBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of RAM in bytes.</p>"
+        }
+      },
+      "documentation":"<p>Properties of the Recovery Instance machine.</p>"
+    },
+    "RecoveryInstancesForTerminationRequest":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceID"},
+      "max":200,
+      "min":1
+    },
+    "RecoverySnapshot":{
+      "type":"structure",
+      "required":[
+        "expectedTimestamp",
+        "snapshotID",
+        "sourceServerID"
+      ],
+      "members":{
+        "ebsSnapshots":{
+          "shape":"EbsSnapshotsList",
+          "documentation":"<p>A list of EBS snapshots.</p>"
+        },
+        "expectedTimestamp":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The timestamp of when we expect the snapshot to be taken.</p>"
+        },
+        "snapshotID":{
+          "shape":"RecoverySnapshotID",
+          "documentation":"<p>The ID of the Recovery Snapshot.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server that the snapshot was taken for.</p>"
+        },
+        "timestamp":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The actual timestamp that the snapshot was taken.</p>"
+        }
+      },
+      "documentation":"<p>A snapshot of a Source Server used during recovery.</p>"
+    },
+    "RecoverySnapshotID":{
+      "type":"string",
+      "max":21,
+      "min":21,
+      "pattern":"^pit-[0-9a-zA-Z]{17}$"
+    },
+    "RecoverySnapshotsList":{
+      "type":"list",
+      "member":{"shape":"RecoverySnapshot"}
+    },
+    "RecoverySnapshotsOrder":{
+      "type":"string",
+      "enum":[
+        "ASC",
+        "DESC"
+      ]
+    },
+    "ReplicationConfiguration":{
+      "type":"structure",
+      "members":{
+        "associateDefaultSecurityGroup":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to associate the default Elastic Disaster Recovery Security group with the Replication Configuration.</p>"
+        },
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Source Server in Mbps.</p>"
+        },
+        "createPublicIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to create a Public IP for the Recovery Instance by default.</p>"
+        },
+        "dataPlaneRouting":{
+          "shape":"ReplicationConfigurationDataPlaneRouting",
+          "documentation":"<p>The data plane routing mechanism that will be used for replication.</p>"
+        },
+        "defaultLargeStagingDiskType":{
+          "shape":"ReplicationConfigurationDefaultLargeStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "ebsEncryption":{
+          "shape":"ReplicationConfigurationEbsEncryption",
+          "documentation":"<p>The type of EBS encryption to be used during replication.</p>"
+        },
+        "ebsEncryptionKeyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the EBS encryption key to be used during replication.</p>"
+        },
+        "name":{
+          "shape":"SmallBoundedString",
+          "documentation":"<p>The name of the Replication Configuration.</p>"
+        },
+        "pitPolicy":{
+          "shape":"PITPolicy",
+          "documentation":"<p>The Point in time (PIT) policy to manage snapshots taken during replication.</p>"
+        },
+        "replicatedDisks":{
+          "shape":"ReplicationConfigurationReplicatedDisks",
+          "documentation":"<p>The configuration of the disks of the Source Server to be replicated.</p>"
+        },
+        "replicationServerInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The instance type to be used for the replication server.</p>"
+        },
+        "replicationServersSecurityGroupsIDs":{
+          "shape":"ReplicationServersSecurityGroupsIDs",
+          "documentation":"<p>The security group IDs that will be used by the replication server.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server for this Replication Configuration.</p>"
+        },
+        "stagingAreaSubnetId":{
+          "shape":"SubnetID",
+          "documentation":"<p>The subnet to be used by the replication staging area.</p>"
+        },
+        "stagingAreaTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with all resources created in the replication staging area: EC2 replication server, EBS volumes, EBS snapshots, etc.</p>"
+        },
+        "useDedicatedReplicationServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use a dedicated Replication Server in the replication staging area.</p>"
+        }
+      }
+    },
+    "ReplicationConfigurationDataPlaneRouting":{
+      "type":"string",
+      "enum":[
+        "PRIVATE_IP",
+        "PUBLIC_IP"
+      ]
+    },
+    "ReplicationConfigurationDefaultLargeStagingDiskType":{
+      "type":"string",
+      "enum":[
+        "GP2",
+        "GP3",
+        "ST1"
+      ]
+    },
+    "ReplicationConfigurationEbsEncryption":{
+      "type":"string",
+      "enum":[
+        "DEFAULT",
+        "CUSTOM"
+      ]
+    },
+    "ReplicationConfigurationReplicatedDisk":{
+      "type":"structure",
+      "members":{
+        "deviceName":{
+          "shape":"BoundedString",
+          "documentation":"<p>The name of the device.</p>"
+        },
+        "iops":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The requested number of I/O operations per second (IOPS).</p>"
+        },
+        "isBootDisk":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to boot from this disk or not.</p>"
+        },
+        "stagingDiskType":{
+          "shape":"ReplicationConfigurationReplicatedDiskStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "throughput":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The throughput to use for the EBS volume in MiB/s. This parameter is valid only for gp3 volumes.</p>"
+        }
+      },
+      "documentation":"<p>The configuration of a disk of the Source Server to be replicated.</p>"
+    },
+    "ReplicationConfigurationReplicatedDiskStagingDiskType":{
+      "type":"string",
+      "enum":[
+        "AUTO",
+        "GP2",
+        "GP3",
+        "IO1",
+        "SC1",
+        "ST1",
+        "STANDARD"
+      ]
+    },
+    "ReplicationConfigurationReplicatedDisks":{
+      "type":"list",
+      "member":{"shape":"ReplicationConfigurationReplicatedDisk"},
+      "max":60,
+      "min":0
+    },
+    "ReplicationConfigurationTemplate":{
+      "type":"structure",
+      "required":["replicationConfigurationTemplateID"],
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Replication Configuration Template ARN.</p>"
+        },
+        "associateDefaultSecurityGroup":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to associate the default Elastic Disaster Recovery Security group with the Replication Configuration Template.</p>"
+        },
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Source Server in Mbps.</p>"
+        },
+        "createPublicIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to create a Public IP for the Recovery Instance by default.</p>"
+        },
+        "dataPlaneRouting":{
+          "shape":"ReplicationConfigurationDataPlaneRouting",
+          "documentation":"<p>The data plane routing mechanism that will be used for replication.</p>"
+        },
+        "defaultLargeStagingDiskType":{
+          "shape":"ReplicationConfigurationDefaultLargeStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "ebsEncryption":{
+          "shape":"ReplicationConfigurationEbsEncryption",
+          "documentation":"<p>The type of EBS encryption to be used during replication.</p>"
+        },
+        "ebsEncryptionKeyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the EBS encryption key to be used during replication.</p>"
+        },
+        "pitPolicy":{
+          "shape":"PITPolicy",
+          "documentation":"<p>The Point in time (PIT) policy to manage snapshots taken during replication.</p>"
+        },
+        "replicationConfigurationTemplateID":{
+          "shape":"ReplicationConfigurationTemplateID",
+          "documentation":"<p>The Replication Configuration Template ID.</p>"
+        },
+        "replicationServerInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The instance type to be used for the replication server.</p>"
+        },
+        "replicationServersSecurityGroupsIDs":{
+          "shape":"ReplicationServersSecurityGroupsIDs",
+          "documentation":"<p>The security group IDs that will be used by the replication server.</p>"
+        },
+        "stagingAreaSubnetId":{
+          "shape":"SubnetID",
+          "documentation":"<p>The subnet to be used by the replication staging area.</p>"
+        },
+        "stagingAreaTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with all resources created in the replication staging area: EC2 replication server, EBS volumes, EBS snapshots, etc.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with the Replication Configuration Template resource.</p>"
+        },
+        "useDedicatedReplicationServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use a dedicated Replication Server in the replication staging area.</p>"
+        }
+      }
+    },
+    "ReplicationConfigurationTemplateID":{
+      "type":"string",
+      "max":21,
+      "min":21,
+      "pattern":"^rct-[0-9a-zA-Z]{17}$"
+    },
+    "ReplicationConfigurationTemplateIDs":{
+      "type":"list",
+      "member":{"shape":"ReplicationConfigurationTemplateID"},
+      "max":200,
+      "min":0
+    },
+    "ReplicationConfigurationTemplates":{
+      "type":"list",
+      "member":{"shape":"ReplicationConfigurationTemplate"}
+    },
+    "ReplicationServersSecurityGroupsIDs":{
+      "type":"list",
+      "member":{"shape":"SecurityGroupID"},
+      "max":32,
+      "min":0
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"},
+        "resourceId":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "resourceType":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The type of the resource.</p>"
+        }
+      },
+      "documentation":"<p>The resource for this operation was not found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "RetryDataReplicationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server whose data replication should be retried.</p>"
+        }
+      }
+    },
+    "SecurityGroupID":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^sg-[0-9a-fA-F]{8,}$"
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"},
+        "quotaCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Quota code.</p>"
+        },
+        "resourceId":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "resourceType":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The type of the resource.</p>"
+        },
+        "serviceCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Service code.</p>"
+        }
+      },
+      "documentation":"<p>The request could not be completed because its exceeded the service quota.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "SmallBoundedString":{
+      "type":"string",
+      "max":128,
+      "min":0
+    },
+    "SourceProperties":{
+      "type":"structure",
+      "members":{
+        "cpus":{
+          "shape":"Cpus",
+          "documentation":"<p>An array of CPUs.</p>"
+        },
+        "disks":{
+          "shape":"Disks",
+          "documentation":"<p>An array of disks.</p>"
+        },
+        "identificationHints":{
+          "shape":"IdentificationHints",
+          "documentation":"<p>Hints used to uniquely identify a machine.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>The date and time the Source Properties were last updated on.</p>"
+        },
+        "networkInterfaces":{
+          "shape":"NetworkInterfaces",
+          "documentation":"<p>An array of network interfaces.</p>"
+        },
+        "os":{
+          "shape":"OS",
+          "documentation":"<p>Operating system.</p>"
+        },
+        "ramBytes":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>The amount of RAM in bytes.</p>"
+        },
+        "recommendedInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The recommended EC2 instance type that will be used when recovering the Source Server.</p>"
+        }
+      },
+      "documentation":"<p>Properties of the Source Server machine.</p>"
+    },
+    "SourceServer":{
+      "type":"structure",
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the Source Server.</p>"
+        },
+        "dataReplicationInfo":{
+          "shape":"DataReplicationInfo",
+          "documentation":"<p>The Data Replication Info of the Source Server.</p>"
+        },
+        "lastLaunchResult":{
+          "shape":"LastLaunchResult",
+          "documentation":"<p>The status of the last recovery launch of this Source Server.</p>"
+        },
+        "lifeCycle":{
+          "shape":"LifeCycle",
+          "documentation":"<p>The lifecycle information of this Source Server.</p>"
+        },
+        "recoveryInstanceId":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance associated with this Source Server.</p>"
+        },
+        "sourceProperties":{
+          "shape":"SourceProperties",
+          "documentation":"<p>The source properties of the Source Server.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>The tags associated with the Source Server.</p>"
+        }
+      }
+    },
+    "SourceServerID":{
+      "type":"string",
+      "max":19,
+      "min":19,
+      "pattern":"^s-[0-9a-zA-Z]{17}$"
+    },
+    "SourceServerIDs":{
+      "type":"list",
+      "member":{"shape":"SourceServerID"}
+    },
+    "SourceServersList":{
+      "type":"list",
+      "member":{"shape":"SourceServer"}
+    },
+    "StartFailbackLaunchRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceIDs"],
+      "members":{
+        "recoveryInstanceIDs":{
+          "shape":"StartFailbackRequestRecoveryInstanceIDs",
+          "documentation":"<p>The IDs of the Recovery Instance whose failback launch we want to request.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>The tags to be associated with the failback launch Job.</p>"
+        }
+      }
+    },
+    "StartFailbackLaunchResponse":{
+      "type":"structure",
+      "members":{
+        "job":{
+          "shape":"Job",
+          "documentation":"<p>The failback launch Job.</p>"
+        }
+      }
+    },
+    "StartFailbackRequestRecoveryInstanceIDs":{
+      "type":"list",
+      "member":{"shape":"RecoveryInstanceID"},
+      "max":200,
+      "min":1
+    },
+    "StartRecoveryRequest":{
+      "type":"structure",
+      "required":["sourceServers"],
+      "members":{
+        "isDrill":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether this Source Server Recovery operation is a drill or not.</p>"
+        },
+        "sourceServers":{
+          "shape":"StartRecoveryRequestSourceServers",
+          "documentation":"<p>The Source Servers that we want to start a Recovery Job for.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>The tags to be associated with the Recovery Job.</p>"
+        }
+      }
+    },
+    "StartRecoveryRequestSourceServer":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "recoverySnapshotID":{
+          "shape":"RecoverySnapshotID",
+          "documentation":"<p>The ID of a Recovery Snapshot we want to recover from. Omit this field to launch from the latest data by taking an on-demand snapshot.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server you want to recover.</p>"
+        }
+      },
+      "documentation":"<p>An object representing the Source Server to recover.</p>"
+    },
+    "StartRecoveryRequestSourceServers":{
+      "type":"list",
+      "member":{"shape":"StartRecoveryRequestSourceServer"},
+      "max":200,
+      "min":1
+    },
+    "StartRecoveryResponse":{
+      "type":"structure",
+      "members":{
+        "job":{
+          "shape":"Job",
+          "documentation":"<p>The Recovery Job.</p>"
+        }
+      }
+    },
+    "StopFailbackRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance we want to stop failback for.</p>"
+        }
+      }
+    },
+    "StrictlyPositiveInteger":{
+      "type":"integer",
+      "min":1
+    },
+    "SubnetID":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^subnet-[0-9a-fA-F]{8,}$"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "TagKeys":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "sensitive":true
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>ARN of the resource for which tags are to be added or updated.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>Array of tags to be added or updated.</p>"
+        }
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "TagsMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"},
+      "sensitive":true
+    },
+    "TargetInstanceTypeRightSizingMethod":{
+      "type":"string",
+      "enum":[
+        "NONE",
+        "BASIC"
+      ]
+    },
+    "TerminateRecoveryInstancesRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceIDs"],
+      "members":{
+        "recoveryInstanceIDs":{
+          "shape":"RecoveryInstancesForTerminationRequest",
+          "documentation":"<p>The IDs of the Recovery Instances that should be terminated.</p>"
+        }
+      }
+    },
+    "TerminateRecoveryInstancesResponse":{
+      "type":"structure",
+      "members":{
+        "job":{
+          "shape":"Job",
+          "documentation":"<p>The Job for terminating the Recovery Instances.</p>"
+        }
+      }
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"LargeBoundedString"},
+        "quotaCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Quota code.</p>"
+        },
+        "retryAfterSeconds":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>The number of seconds after which the request should be safe to retry.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        },
+        "serviceCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Service code.</p>"
+        }
+      },
+      "documentation":"<p>The request was denied due to request throttling.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "UninitializedAccountException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"}
+      },
+      "documentation":"<p>The account performing the request has not been initialized.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>ARN of the resource for which tags are to be removed.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeys",
+          "documentation":"<p>Array of tags to be removed.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UpdateFailbackReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":["recoveryInstanceID"],
+      "members":{
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Recovery Instance in Mbps.</p>"
+        },
+        "name":{
+          "shape":"BoundedString",
+          "documentation":"<p>The name of the Failback Replication Configuration.</p>"
+        },
+        "recoveryInstanceID":{
+          "shape":"RecoveryInstanceID",
+          "documentation":"<p>The ID of the Recovery Instance.</p>"
+        },
+        "usePrivateIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use Private IP for the failback replication of the Recovery Instance.</p>"
+        }
+      }
+    },
+    "UpdateLaunchConfigurationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "copyPrivateIp":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether we should copy the Private IP of the Source Server to the Recovery Instance.</p>"
+        },
+        "copyTags":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether we want to copy the tags of the Source Server to the EC2 machine of the Recovery Instance.</p>"
+        },
+        "launchDisposition":{
+          "shape":"LaunchDisposition",
+          "documentation":"<p>The state of the Recovery Instance in EC2 after the recovery operation.</p>"
+        },
+        "licensing":{
+          "shape":"Licensing",
+          "documentation":"<p>The licensing configuration to be used for this launch configuration.</p>"
+        },
+        "name":{
+          "shape":"SmallBoundedString",
+          "documentation":"<p>The name of the launch configuration.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server that we want to retrieve a Launch Configuration for.</p>"
+        },
+        "targetInstanceTypeRightSizingMethod":{
+          "shape":"TargetInstanceTypeRightSizingMethod",
+          "documentation":"<p>Whether Elastic Disaster Recovery should try to automatically choose the instance type that best matches the OS, CPU, and RAM of your Source Server.</p>"
+        }
+      }
+    },
+    "UpdateReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "associateDefaultSecurityGroup":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to associate the default Elastic Disaster Recovery Security group with the Replication Configuration.</p>"
+        },
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Source Server in Mbps.</p>"
+        },
+        "createPublicIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to create a Public IP for the Recovery Instance by default.</p>"
+        },
+        "dataPlaneRouting":{
+          "shape":"ReplicationConfigurationDataPlaneRouting",
+          "documentation":"<p>The data plane routing mechanism that will be used for replication.</p>"
+        },
+        "defaultLargeStagingDiskType":{
+          "shape":"ReplicationConfigurationDefaultLargeStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "ebsEncryption":{
+          "shape":"ReplicationConfigurationEbsEncryption",
+          "documentation":"<p>The type of EBS encryption to be used during replication.</p>"
+        },
+        "ebsEncryptionKeyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the EBS encryption key to be used during replication.</p>"
+        },
+        "name":{
+          "shape":"SmallBoundedString",
+          "documentation":"<p>The name of the Replication Configuration.</p>"
+        },
+        "pitPolicy":{
+          "shape":"PITPolicy",
+          "documentation":"<p>The Point in time (PIT) policy to manage snapshots taken during replication.</p>"
+        },
+        "replicatedDisks":{
+          "shape":"ReplicationConfigurationReplicatedDisks",
+          "documentation":"<p>The configuration of the disks of the Source Server to be replicated.</p>"
+        },
+        "replicationServerInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The instance type to be used for the replication server.</p>"
+        },
+        "replicationServersSecurityGroupsIDs":{
+          "shape":"ReplicationServersSecurityGroupsIDs",
+          "documentation":"<p>The security group IDs that will be used by the replication server.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>The ID of the Source Server for this Replication Configuration.</p>"
+        },
+        "stagingAreaSubnetId":{
+          "shape":"SubnetID",
+          "documentation":"<p>The subnet to be used by the replication staging area.</p>"
+        },
+        "stagingAreaTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with all resources created in the replication staging area: EC2 replication server, EBS volumes, EBS snapshots, etc.</p>"
+        },
+        "useDedicatedReplicationServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use a dedicated Replication Server in the replication staging area.</p>"
+        }
+      }
+    },
+    "UpdateReplicationConfigurationTemplateRequest":{
+      "type":"structure",
+      "required":["replicationConfigurationTemplateID"],
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>The Replication Configuration Template ARN.</p>"
+        },
+        "associateDefaultSecurityGroup":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to associate the default Elastic Disaster Recovery Security group with the Replication Configuration Template.</p>"
+        },
+        "bandwidthThrottling":{
+          "shape":"PositiveInteger",
+          "documentation":"<p>Configure bandwidth throttling for the outbound data transfer rate of the Source Server in Mbps.</p>"
+        },
+        "createPublicIP":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to create a Public IP for the Recovery Instance by default.</p>"
+        },
+        "dataPlaneRouting":{
+          "shape":"ReplicationConfigurationDataPlaneRouting",
+          "documentation":"<p>The data plane routing mechanism that will be used for replication.</p>"
+        },
+        "defaultLargeStagingDiskType":{
+          "shape":"ReplicationConfigurationDefaultLargeStagingDiskType",
+          "documentation":"<p>The Staging Disk EBS volume type to be used during replication.</p>"
+        },
+        "ebsEncryption":{
+          "shape":"ReplicationConfigurationEbsEncryption",
+          "documentation":"<p>The type of EBS encryption to be used during replication.</p>"
+        },
+        "ebsEncryptionKeyArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the EBS encryption key to be used during replication.</p>"
+        },
+        "pitPolicy":{
+          "shape":"PITPolicy",
+          "documentation":"<p>The Point in time (PIT) policy to manage snapshots taken during replication.</p>"
+        },
+        "replicationConfigurationTemplateID":{
+          "shape":"ReplicationConfigurationTemplateID",
+          "documentation":"<p>The Replication Configuration Template ID.</p>"
+        },
+        "replicationServerInstanceType":{
+          "shape":"EC2InstanceType",
+          "documentation":"<p>The instance type to be used for the replication server.</p>"
+        },
+        "replicationServersSecurityGroupsIDs":{
+          "shape":"ReplicationServersSecurityGroupsIDs",
+          "documentation":"<p>The security group IDs that will be used by the replication server.</p>"
+        },
+        "stagingAreaSubnetId":{
+          "shape":"SubnetID",
+          "documentation":"<p>The subnet to be used by the replication staging area.</p>"
+        },
+        "stagingAreaTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A set of tags to be associated with all resources created in the replication staging area: EC2 replication server, EBS volumes, EBS snapshots, etc.</p>"
+        },
+        "useDedicatedReplicationServer":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether to use a dedicated Replication Server in the replication staging area.</p>"
+        }
+      }
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "fieldList":{
+          "shape":"ValidationExceptionFieldList",
+          "documentation":"<p>A list of fields that failed validation.</p>"
+        },
+        "message":{"shape":"LargeBoundedString"},
+        "reason":{
+          "shape":"ValidationExceptionReason",
+          "documentation":"<p>Validation exception reason.</p>"
+        }
+      },
+      "documentation":"<p>The input fails to satisfy the constraints specified by the AWS service.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ValidationExceptionField":{
+      "type":"structure",
+      "members":{
+        "message":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Validate exception field message.</p>"
+        },
+        "name":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Validate exception field name.</p>"
+        }
+      },
+      "documentation":"<p>Validate exception field.</p>"
+    },
+    "ValidationExceptionFieldList":{
+      "type":"list",
+      "member":{"shape":"ValidationExceptionField"}
+    },
+    "ValidationExceptionReason":{
+      "type":"string",
+      "enum":[
+        "unknownOperation",
+        "cannotParse",
+        "fieldValidationFailed",
+        "other"
+      ]
+    },
+    "ebsSnapshot":{
+      "type":"string",
+      "pattern":"^snap-[0-9a-zA-Z]{17}$"
+    }
+  },
+  "documentation":"<p>AWS Elastic Disaster Recovery Service.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/dynamodb/2012-08-10/service-2.json b/contrib/python/botocore/py3/botocore/data/dynamodb/2012-08-10/service-2.json
index 4fcc2769130..83e2af64007 100644
--- a/contrib/python/botocore/py3/botocore/data/dynamodb/2012-08-10/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/dynamodb/2012-08-10/service-2.json
@@ -25,7 +25,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> This operation allows you to perform batch reads and writes on data stored in DynamoDB, using PartiQL. </p>"
+      "documentation":"<p>This operation allows you to perform batch reads or writes on data stored in DynamoDB, using PartiQL.</p> <note> <p>The entire batch must consist of either read statements or write statements, you cannot mix both in one batch.</p> </note>"
     },
     "BatchGetItem":{
       "name":"BatchGetItem",
@@ -60,7 +60,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>The <code>BatchWriteItem</code> operation puts or deletes multiple items in one or more tables. A single call to <code>BatchWriteItem</code> can write up to 16 MB of data, which can comprise as many as 25 put or delete requests. Individual items to be written can be as large as 400 KB.</p> <note> <p> <code>BatchWriteItem</code> cannot update items. To update items, use the <code>UpdateItem</code> action.</p> </note> <p>The individual <code>PutItem</code> and <code>DeleteItem</code> operations specified in <code>BatchWriteItem</code> are atomic; however <code>BatchWriteItem</code> as a whole is not. If any requested operations fail because the table's provisioned throughput is exceeded or an internal processing failure occurs, the failed operations are returned in the <code>UnprocessedItems</code> response parameter. You can investigate and optionally resend the requests. Typically, you would call <code>BatchWriteItem</code> in a loop. Each iteration would check for unprocessed items and submit a new <code>BatchWriteItem</code> request with those unprocessed items until all items have been processed.</p> <p>If <i>none</i> of the items can be processed due to insufficient provisioned throughput on all of the tables in the request, then <code>BatchWriteItem</code> returns a <code>ProvisionedThroughputExceededException</code>.</p> <important> <p>If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, <i>we strongly recommend that you use an exponential backoff algorithm</i>. If you retry the batch operation immediately, the underlying read or write requests can still fail due to throttling on the individual tables. If you delay the batch operation using exponential backoff, the individual requests in the batch are much more likely to succeed.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#Programming.Errors.BatchOperations\">Batch Operations and Error Handling</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p> </important> <p>With <code>BatchWriteItem</code>, you can efficiently write or delete large amounts of data, such as from Amazon EMR, or copy data from another database into DynamoDB. In order to improve performance with these large-scale operations, <code>BatchWriteItem</code> does not behave in the same way as individual <code>PutItem</code> and <code>DeleteItem</code> calls would. For example, you cannot specify conditions on individual put and delete requests, and <code>BatchWriteItem</code> does not return deleted items in the response.</p> <p>If you use a programming language that supports concurrency, you can use threads to write items in parallel. Your application must include the necessary logic to manage the threads. With languages that don't support threading, you must update or delete the specified items one at a time. In both situations, <code>BatchWriteItem</code> performs the specified put and delete operations in parallel, giving you the power of the thread pool approach without having to introduce complexity into your application.</p> <p>Parallel processing reduces latency, but each specified put and delete request consumes the same number of write capacity units whether it is processed in parallel or not. Delete operations on nonexistent items consume one write capacity unit.</p> <p>If one or more of the following is true, DynamoDB rejects the entire batch write operation:</p> <ul> <li> <p>One or more tables specified in the <code>BatchWriteItem</code> request does not exist.</p> </li> <li> <p>Primary key attributes specified on an item in the request do not match those in the corresponding table's primary key schema.</p> </li> <li> <p>You try to perform multiple operations on the same item in the same <code>BatchWriteItem</code> request. For example, you cannot put and delete the same item in the same <code>BatchWriteItem</code> request. </p> </li> <li> <p> Your request contains at least two items with identical hash and range keys (which essentially is two put operations). </p> </li> <li> <p>There are more than 25 requests in the batch.</p> </li> <li> <p>Any individual item in a batch exceeds 400 KB.</p> </li> <li> <p>The total request size exceeds 16 MB.</p> </li> </ul>",
+      "documentation":"<p>The <code>BatchWriteItem</code> operation puts or deletes multiple items in one or more tables. A single call to <code>BatchWriteItem</code> can transmit up to 16MB of data over the network, consisting of up to 25 item put or delete operations. While individual items can be up to 400 KB once stored, it's important to note that an item's representation might be greater than 400KB while being sent in DynamoDB's JSON format for the API call. For more details on this distinction, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.NamingRulesDataTypes.html\">Naming Rules and Data Types</a>.</p> <note> <p> <code>BatchWriteItem</code> cannot update items. To update items, use the <code>UpdateItem</code> action.</p> </note> <p>The individual <code>PutItem</code> and <code>DeleteItem</code> operations specified in <code>BatchWriteItem</code> are atomic; however <code>BatchWriteItem</code> as a whole is not. If any requested operations fail because the table's provisioned throughput is exceeded or an internal processing failure occurs, the failed operations are returned in the <code>UnprocessedItems</code> response parameter. You can investigate and optionally resend the requests. Typically, you would call <code>BatchWriteItem</code> in a loop. Each iteration would check for unprocessed items and submit a new <code>BatchWriteItem</code> request with those unprocessed items until all items have been processed.</p> <p>If <i>none</i> of the items can be processed due to insufficient provisioned throughput on all of the tables in the request, then <code>BatchWriteItem</code> returns a <code>ProvisionedThroughputExceededException</code>.</p> <important> <p>If DynamoDB returns any unprocessed items, you should retry the batch operation on those items. However, <i>we strongly recommend that you use an exponential backoff algorithm</i>. If you retry the batch operation immediately, the underlying read or write requests can still fail due to throttling on the individual tables. If you delay the batch operation using exponential backoff, the individual requests in the batch are much more likely to succeed.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ErrorHandling.html#Programming.Errors.BatchOperations\">Batch Operations and Error Handling</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p> </important> <p>With <code>BatchWriteItem</code>, you can efficiently write or delete large amounts of data, such as from Amazon EMR, or copy data from another database into DynamoDB. In order to improve performance with these large-scale operations, <code>BatchWriteItem</code> does not behave in the same way as individual <code>PutItem</code> and <code>DeleteItem</code> calls would. For example, you cannot specify conditions on individual put and delete requests, and <code>BatchWriteItem</code> does not return deleted items in the response.</p> <p>If you use a programming language that supports concurrency, you can use threads to write items in parallel. Your application must include the necessary logic to manage the threads. With languages that don't support threading, you must update or delete the specified items one at a time. In both situations, <code>BatchWriteItem</code> performs the specified put and delete operations in parallel, giving you the power of the thread pool approach without having to introduce complexity into your application.</p> <p>Parallel processing reduces latency, but each specified put and delete request consumes the same number of write capacity units whether it is processed in parallel or not. Delete operations on nonexistent items consume one write capacity unit.</p> <p>If one or more of the following is true, DynamoDB rejects the entire batch write operation:</p> <ul> <li> <p>One or more tables specified in the <code>BatchWriteItem</code> request does not exist.</p> </li> <li> <p>Primary key attributes specified on an item in the request do not match those in the corresponding table's primary key schema.</p> </li> <li> <p>You try to perform multiple operations on the same item in the same <code>BatchWriteItem</code> request. For example, you cannot put and delete the same item in the same <code>BatchWriteItem</code> request. </p> </li> <li> <p> Your request contains at least two items with identical hash and range keys (which essentially is two put operations). </p> </li> <li> <p>There are more than 25 requests in the batch.</p> </li> <li> <p>Any individual item in a batch exceeds 400 KB.</p> </li> <li> <p>The total request size exceeds 16 MB.</p> </li> </ul>",
       "endpointdiscovery":{
       }
     },
@@ -115,7 +115,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>The <code>CreateTable</code> operation adds a new table to your account. In an AWS account, table names must be unique within each Region. That is, you can have two tables with same name if you create the tables in different Regions.</p> <p> <code>CreateTable</code> is an asynchronous operation. Upon receiving a <code>CreateTable</code> request, DynamoDB immediately returns a response with a <code>TableStatus</code> of <code>CREATING</code>. After the table is created, DynamoDB sets the <code>TableStatus</code> to <code>ACTIVE</code>. You can perform read and write operations only on an <code>ACTIVE</code> table. </p> <p>You can optionally define secondary indexes on the new table, as part of the <code>CreateTable</code> operation. If you want to create multiple tables with secondary indexes on them, you must create the tables sequentially. Only one table with secondary indexes can be in the <code>CREATING</code> state at any given time.</p> <p>You can use the <code>DescribeTable</code> action to check the table status.</p>",
+      "documentation":"<p>The <code>CreateTable</code> operation adds a new table to your account. In an Amazon Web Services account, table names must be unique within each Region. That is, you can have two tables with same name if you create the tables in different Regions.</p> <p> <code>CreateTable</code> is an asynchronous operation. Upon receiving a <code>CreateTable</code> request, DynamoDB immediately returns a response with a <code>TableStatus</code> of <code>CREATING</code>. After the table is created, DynamoDB sets the <code>TableStatus</code> to <code>ACTIVE</code>. You can perform read and write operations only on an <code>ACTIVE</code> table. </p> <p>You can optionally define secondary indexes on the new table, as part of the <code>CreateTable</code> operation. If you want to create multiple tables with secondary indexes on them, you must create the tables sequentially. Only one table with secondary indexes can be in the <code>CREATING</code> state at any given time.</p> <p>You can use the <code>DescribeTable</code> action to check the table status.</p>",
       "endpointdiscovery":{
       }
     },
@@ -307,7 +307,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the current provisioned-capacity quotas for your AWS account in a Region, both for the Region as a whole and for any one DynamoDB table that you create there.</p> <p>When you establish an AWS account, the account has initial quotas on the maximum read capacity units and write capacity units that you can provision across all of your DynamoDB tables in a given Region. Also, there are per-table quotas that apply when you create a table there. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html\">Service, Account, and Table Quotas</a> page in the <i>Amazon DynamoDB Developer Guide</i>.</p> <p>Although you can increase these quotas by filing a case at <a href=\"https://console.aws.amazon.com/support/home#/\">AWS Support Center</a>, obtaining the increase is not instantaneous. The <code>DescribeLimits</code> action lets you write code to compare the capacity you are currently using to those quotas imposed by your account so that you have enough time to apply for an increase before you hit a quota.</p> <p>For example, you could use one of the AWS SDKs to do the following:</p> <ol> <li> <p>Call <code>DescribeLimits</code> for a particular Region to obtain your current account quotas on provisioned capacity there.</p> </li> <li> <p>Create a variable to hold the aggregate read capacity units provisioned for all your tables in that Region, and one to hold the aggregate write capacity units. Zero them both.</p> </li> <li> <p>Call <code>ListTables</code> to obtain a list of all your DynamoDB tables.</p> </li> <li> <p>For each table name listed by <code>ListTables</code>, do the following:</p> <ul> <li> <p>Call <code>DescribeTable</code> with the table name.</p> </li> <li> <p>Use the data returned by <code>DescribeTable</code> to add the read capacity units and write capacity units provisioned for the table itself to your variables.</p> </li> <li> <p>If the table has one or more global secondary indexes (GSIs), loop over these GSIs and add their provisioned capacity values to your variables as well.</p> </li> </ul> </li> <li> <p>Report the account quotas for that Region returned by <code>DescribeLimits</code>, along with the total current provisioned capacity levels you have calculated.</p> </li> </ol> <p>This will let you see whether you are getting close to your account-level quotas.</p> <p>The per-table quotas apply only when you are creating a new table. They restrict the sum of the provisioned capacity of the new table itself and all its global secondary indexes.</p> <p>For existing tables and their GSIs, DynamoDB doesn't let you increase provisioned capacity extremely rapidly, but the only quota that applies is that the aggregate provisioned capacity over all your tables and GSIs cannot exceed either of the per-account quotas.</p> <note> <p> <code>DescribeLimits</code> should only be called periodically. You can expect throttling errors if you call it more than once in a minute.</p> </note> <p>The <code>DescribeLimits</code> Request element has no content.</p>",
+      "documentation":"<p>Returns the current provisioned-capacity quotas for your Amazon Web Services account in a Region, both for the Region as a whole and for any one DynamoDB table that you create there.</p> <p>When you establish an Amazon Web Services account, the account has initial quotas on the maximum read capacity units and write capacity units that you can provision across all of your DynamoDB tables in a given Region. Also, there are per-table quotas that apply when you create a table there. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html\">Service, Account, and Table Quotas</a> page in the <i>Amazon DynamoDB Developer Guide</i>.</p> <p>Although you can increase these quotas by filing a case at <a href=\"https://console.aws.amazon.com/support/home#/\">Amazon Web Services Support Center</a>, obtaining the increase is not instantaneous. The <code>DescribeLimits</code> action lets you write code to compare the capacity you are currently using to those quotas imposed by your account so that you have enough time to apply for an increase before you hit a quota.</p> <p>For example, you could use one of the Amazon Web Services SDKs to do the following:</p> <ol> <li> <p>Call <code>DescribeLimits</code> for a particular Region to obtain your current account quotas on provisioned capacity there.</p> </li> <li> <p>Create a variable to hold the aggregate read capacity units provisioned for all your tables in that Region, and one to hold the aggregate write capacity units. Zero them both.</p> </li> <li> <p>Call <code>ListTables</code> to obtain a list of all your DynamoDB tables.</p> </li> <li> <p>For each table name listed by <code>ListTables</code>, do the following:</p> <ul> <li> <p>Call <code>DescribeTable</code> with the table name.</p> </li> <li> <p>Use the data returned by <code>DescribeTable</code> to add the read capacity units and write capacity units provisioned for the table itself to your variables.</p> </li> <li> <p>If the table has one or more global secondary indexes (GSIs), loop over these GSIs and add their provisioned capacity values to your variables as well.</p> </li> </ul> </li> <li> <p>Report the account quotas for that Region returned by <code>DescribeLimits</code>, along with the total current provisioned capacity levels you have calculated.</p> </li> </ol> <p>This will let you see whether you are getting close to your account-level quotas.</p> <p>The per-table quotas apply only when you are creating a new table. They restrict the sum of the provisioned capacity of the new table itself and all its global secondary indexes.</p> <p>For existing tables and their GSIs, DynamoDB doesn't let you increase provisioned capacity extremely rapidly, but the only quota that applies is that the aggregate provisioned capacity over all your tables and GSIs cannot exceed either of the per-account quotas.</p> <note> <p> <code>DescribeLimits</code> should only be called periodically. You can expect throttling errors if you call it more than once in a minute.</p> </note> <p>The <code>DescribeLimits</code> Request element has no content.</p>",
       "endpointdiscovery":{
       }
     },
@@ -411,7 +411,7 @@
         {"shape":"InternalServerError"},
         {"shape":"DuplicateItemException"}
       ],
-      "documentation":"<p> This operation allows you to perform reads and singleton writes on data stored in DynamoDB, using PartiQL. </p>"
+      "documentation":"<p>This operation allows you to perform reads and singleton writes on data stored in DynamoDB, using PartiQL.</p>"
     },
     "ExecuteTransaction":{
       "name":"ExecuteTransaction",
@@ -430,7 +430,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> This operation allows you to perform transactional reads or writes on data stored in DynamoDB, using PartiQL. </p>"
+      "documentation":"<p>This operation allows you to perform transactional reads or writes on data stored in DynamoDB, using PartiQL.</p> <note> <p>The entire transaction must consist of either read statements or write statements, you cannot mix both in one transaction. The EXISTS function is an exception and can be used to check the condition of specific attributes of the item in a similar manner to <code>ConditionCheck</code> in the <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/transaction-apis.html#transaction-apis-txwriteitems\">TransactWriteItems</a> API.</p> </note>"
     },
     "ExportTableToPointInTime":{
       "name":"ExportTableToPointInTime",
@@ -479,7 +479,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>List backups associated with an AWS account. To list backups for a given table, specify <code>TableName</code>. <code>ListBackups</code> returns a paginated list of results with at most 1 MB worth of items in a page. You can also specify a maximum number of entries to be returned in a page. </p> <p>In the request, start time is inclusive, but end time is exclusive. Note that these boundaries are for the time at which the original backup was requested.</p> <p>You can call <code>ListBackups</code> a maximum of five times per second.</p>",
+      "documentation":"<p>List backups associated with an Amazon Web Services account. To list backups for a given table, specify <code>TableName</code>. <code>ListBackups</code> returns a paginated list of results with at most 1 MB worth of items in a page. You can also specify a maximum number of entries to be returned in a page.</p> <p>In the request, start time is inclusive, but end time is exclusive. Note that these boundaries are for the time at which the original backup was requested.</p> <p>You can call <code>ListBackups</code> a maximum of five times per second.</p>",
       "endpointdiscovery":{
       }
     },
@@ -574,7 +574,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Creates a new item, or replaces an old item with a new item. If an item that has the same primary key as the new item already exists in the specified table, the new item completely replaces the existing item. You can perform a conditional put operation (add a new item if one with the specified primary key doesn't exist), or replace an existing item if it has certain attribute values. You can return the item's attribute values in the same operation, using the <code>ReturnValues</code> parameter.</p> <important> <p>This topic provides general information about the <code>PutItem</code> API.</p> <p>For information on how to call the <code>PutItem</code> API using the AWS SDK in specific languages, see the following:</p> <ul> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS Command Line Interface</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/DotNetSDKV3/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for .NET</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForCpp/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for C++</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForGoV1/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for Go</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForJava/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for Java</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/AWSJavaScriptSDK/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for JavaScript</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForPHPV3/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for PHP V3</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/boto3/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for Python</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForRubyV2/dynamodb-2012-08-10/PutItem\"> PutItem in the AWS SDK for Ruby V2</a> </p> </li> </ul> </important> <p>When you add an item, the primary key attributes are the only required attributes. Attribute values cannot be null.</p> <p>Empty String and Binary attribute values are allowed. Attribute values of type String and Binary must have a length greater than zero if the attribute is used as a key attribute for a table or index. Set type attributes cannot be empty. </p> <p>Invalid Requests with empty values will be rejected with a <code>ValidationException</code> exception.</p> <note> <p>To prevent a new item from replacing an existing item, use a conditional expression that contains the <code>attribute_not_exists</code> function with the name of the attribute being used as the partition key for the table. Since every record must contain that attribute, the <code>attribute_not_exists</code> function will only succeed if no matching item exists.</p> </note> <p>For more information about <code>PutItem</code>, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html\">Working with Items</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>",
+      "documentation":"<p>Creates a new item, or replaces an old item with a new item. If an item that has the same primary key as the new item already exists in the specified table, the new item completely replaces the existing item. You can perform a conditional put operation (add a new item if one with the specified primary key doesn't exist), or replace an existing item if it has certain attribute values. You can return the item's attribute values in the same operation, using the <code>ReturnValues</code> parameter.</p> <important> <p>This topic provides general information about the <code>PutItem</code> API.</p> <p>For information on how to call the <code>PutItem</code> API using the Amazon Web Services SDK in specific languages, see the following:</p> <ul> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/aws-cli/dynamodb-2012-08-10/PutItem\"> PutItem in the Command Line Interface</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/DotNetSDKV3/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for .NET</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForCpp/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for C++</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForGoV1/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for Go</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForJava/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for Java</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/AWSJavaScriptSDK/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for JavaScript</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForPHPV3/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for PHP V3</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/boto3/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for Python (Boto)</a> </p> </li> <li> <p> <a href=\"http://docs.aws.amazon.com/goto/SdkForRubyV2/dynamodb-2012-08-10/PutItem\"> PutItem in the SDK for Ruby V2</a> </p> </li> </ul> </important> <p>When you add an item, the primary key attributes are the only required attributes. Attribute values cannot be null.</p> <p>Empty String and Binary attribute values are allowed. Attribute values of type String and Binary must have a length greater than zero if the attribute is used as a key attribute for a table or index. Set type attributes cannot be empty. </p> <p>Invalid Requests with empty values will be rejected with a <code>ValidationException</code> exception.</p> <note> <p>To prevent a new item from replacing an existing item, use a conditional expression that contains the <code>attribute_not_exists</code> function with the name of the attribute being used as the partition key for the table. Since every record must contain that attribute, the <code>attribute_not_exists</code> function will only succeed if no matching item exists.</p> </note> <p>For more information about <code>PutItem</code>, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html\">Working with Items</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>",
       "endpointdiscovery":{
       }
     },
@@ -592,7 +592,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>The <code>Query</code> operation finds items based on primary key values. You can query any table or secondary index that has a composite primary key (a partition key and a sort key). </p> <p>Use the <code>KeyConditionExpression</code> parameter to provide a specific value for the partition key. The <code>Query</code> operation will return all of the items from the table or index with that partition key value. You can optionally narrow the scope of the <code>Query</code> operation by specifying a sort key value and a comparison operator in <code>KeyConditionExpression</code>. To further refine the <code>Query</code> results, you can optionally provide a <code>FilterExpression</code>. A <code>FilterExpression</code> determines which items within the results should be returned to you. All of the other results are discarded. </p> <p> A <code>Query</code> operation always returns a result set. If no matching items are found, the result set will be empty. Queries that do not return results consume the minimum number of read capacity units for that type of read operation. </p> <note> <p> DynamoDB calculates the number of read capacity units consumed based on item size, not on the amount of data that is returned to an application. The number of capacity units consumed will be the same whether you request all of the attributes (the default behavior) or just some of them (using a projection expression). The number will also be the same whether or not you use a <code>FilterExpression</code>. </p> </note> <p> <code>Query</code> results are always sorted by the sort key value. If the data type of the sort key is Number, the results are returned in numeric order; otherwise, the results are returned in order of UTF-8 bytes. By default, the sort order is ascending. To reverse the order, set the <code>ScanIndexForward</code> parameter to false. </p> <p> A single <code>Query</code> operation will read up to the maximum number of items set (if using the <code>Limit</code> parameter) or a maximum of 1 MB of data and then apply any filtering to the results using <code>FilterExpression</code>. If <code>LastEvaluatedKey</code> is present in the response, you will need to paginate the result set. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html#Query.Pagination\">Paginating the Results</a> in the <i>Amazon DynamoDB Developer Guide</i>. </p> <p> <code>FilterExpression</code> is applied after a <code>Query</code> finishes, but before the results are returned. A <code>FilterExpression</code> cannot contain partition key or sort key attributes. You need to specify those attributes in the <code>KeyConditionExpression</code>. </p> <note> <p> A <code>Query</code> operation can return an empty result set and a <code>LastEvaluatedKey</code> if all the items read for the page of results are filtered out. </p> </note> <p>You can query a table, a local secondary index, or a global secondary index. For a query on a table or on a local secondary index, you can set the <code>ConsistentRead</code> parameter to <code>true</code> and obtain a strongly consistent result. Global secondary indexes support eventually consistent reads only, so do not specify <code>ConsistentRead</code> when querying a global secondary index.</p>",
+      "documentation":"<p>You must provide the name of the partition key attribute and a single value for that attribute. <code>Query</code> returns all items with that partition key value. Optionally, you can provide a sort key attribute and use a comparison operator to refine the search results.</p> <p>Use the <code>KeyConditionExpression</code> parameter to provide a specific value for the partition key. The <code>Query</code> operation will return all of the items from the table or index with that partition key value. You can optionally narrow the scope of the <code>Query</code> operation by specifying a sort key value and a comparison operator in <code>KeyConditionExpression</code>. To further refine the <code>Query</code> results, you can optionally provide a <code>FilterExpression</code>. A <code>FilterExpression</code> determines which items within the results should be returned to you. All of the other results are discarded. </p> <p> A <code>Query</code> operation always returns a result set. If no matching items are found, the result set will be empty. Queries that do not return results consume the minimum number of read capacity units for that type of read operation. </p> <note> <p> DynamoDB calculates the number of read capacity units consumed based on item size, not on the amount of data that is returned to an application. The number of capacity units consumed will be the same whether you request all of the attributes (the default behavior) or just some of them (using a projection expression). The number will also be the same whether or not you use a <code>FilterExpression</code>. </p> </note> <p> <code>Query</code> results are always sorted by the sort key value. If the data type of the sort key is Number, the results are returned in numeric order; otherwise, the results are returned in order of UTF-8 bytes. By default, the sort order is ascending. To reverse the order, set the <code>ScanIndexForward</code> parameter to false. </p> <p> A single <code>Query</code> operation will read up to the maximum number of items set (if using the <code>Limit</code> parameter) or a maximum of 1 MB of data and then apply any filtering to the results using <code>FilterExpression</code>. If <code>LastEvaluatedKey</code> is present in the response, you will need to paginate the result set. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.html#Query.Pagination\">Paginating the Results</a> in the <i>Amazon DynamoDB Developer Guide</i>. </p> <p> <code>FilterExpression</code> is applied after a <code>Query</code> finishes, but before the results are returned. A <code>FilterExpression</code> cannot contain partition key or sort key attributes. You need to specify those attributes in the <code>KeyConditionExpression</code>. </p> <note> <p> A <code>Query</code> operation can return an empty result set and a <code>LastEvaluatedKey</code> if all the items read for the page of results are filtered out. </p> </note> <p>You can query a table, a local secondary index, or a global secondary index. For a query on a table or on a local secondary index, you can set the <code>ConsistentRead</code> parameter to <code>true</code> and obtain a strongly consistent result. Global secondary indexes support eventually consistent reads only, so do not specify <code>ConsistentRead</code> when querying a global secondary index.</p>",
       "endpointdiscovery":{
       }
     },
@@ -687,7 +687,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> <code>TransactGetItems</code> is a synchronous operation that atomically retrieves multiple items from one or more tables (but not from indexes) in a single account and Region. A <code>TransactGetItems</code> call can contain up to 25 <code>TransactGetItem</code> objects, each of which contains a <code>Get</code> structure that specifies an item to retrieve from a table in the account and Region. A call to <code>TransactGetItems</code> cannot retrieve items from tables in more than one AWS account or Region. The aggregate size of the items in the transaction cannot exceed 4 MB.</p> <p>DynamoDB rejects the entire <code>TransactGetItems</code> request if any of the following is true:</p> <ul> <li> <p>A conflicting operation is in the process of updating an item to be read.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> <li> <p>The aggregate size of the items in the transaction cannot exceed 4 MB.</p> </li> </ul>",
+      "documentation":"<p> <code>TransactGetItems</code> is a synchronous operation that atomically retrieves multiple items from one or more tables (but not from indexes) in a single account and Region. A <code>TransactGetItems</code> call can contain up to 25 <code>TransactGetItem</code> objects, each of which contains a <code>Get</code> structure that specifies an item to retrieve from a table in the account and Region. A call to <code>TransactGetItems</code> cannot retrieve items from tables in more than one Amazon Web Services account or Region. The aggregate size of the items in the transaction cannot exceed 4 MB.</p> <p>DynamoDB rejects the entire <code>TransactGetItems</code> request if any of the following is true:</p> <ul> <li> <p>A conflicting operation is in the process of updating an item to be read.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> <li> <p>The aggregate size of the items in the transaction cannot exceed 4 MB.</p> </li> </ul>",
       "endpointdiscovery":{
       }
     },
@@ -708,7 +708,7 @@
         {"shape":"RequestLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> <code>TransactWriteItems</code> is a synchronous write operation that groups up to 25 action requests. These actions can target items in different tables, but not in different AWS accounts or Regions, and no two actions can target the same item. For example, you cannot both <code>ConditionCheck</code> and <code>Update</code> the same item. The aggregate size of the items in the transaction cannot exceed 4 MB.</p> <p>The actions are completed atomically so that either all of them succeed, or all of them fail. They are defined by the following objects:</p> <ul> <li> <p> <code>Put</code>  &#x97;   Initiates a <code>PutItem</code> operation to write a new item. This structure specifies the primary key of the item to be written, the name of the table to write it in, an optional condition expression that must be satisfied for the write to succeed, a list of the item's attributes, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>Update</code>  &#x97;   Initiates an <code>UpdateItem</code> operation to update an existing item. This structure specifies the primary key of the item to be updated, the name of the table where it resides, an optional condition expression that must be satisfied for the update to succeed, an expression that defines one or more attributes to be updated, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>Delete</code>  &#x97;   Initiates a <code>DeleteItem</code> operation to delete an existing item. This structure specifies the primary key of the item to be deleted, the name of the table where it resides, an optional condition expression that must be satisfied for the deletion to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>ConditionCheck</code>  &#x97;   Applies a condition to an item that is not being modified by the transaction. This structure specifies the primary key of the item to be checked, the name of the table where it resides, a condition expression that must be satisfied for the transaction to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> </ul> <p>DynamoDB rejects the entire <code>TransactWriteItems</code> request if any of the following is true:</p> <ul> <li> <p>A condition in one of the condition expressions is not met.</p> </li> <li> <p>An ongoing operation is in the process of updating the same item.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>An item size becomes too large (bigger than 400 KB), a local secondary index (LSI) becomes too large, or a similar validation error occurs because of changes made by the transaction.</p> </li> <li> <p>The aggregate size of the items in the transaction exceeds 4 MB.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul>",
+      "documentation":"<p> <code>TransactWriteItems</code> is a synchronous write operation that groups up to 25 action requests. These actions can target items in different tables, but not in different Amazon Web Services accounts or Regions, and no two actions can target the same item. For example, you cannot both <code>ConditionCheck</code> and <code>Update</code> the same item. The aggregate size of the items in the transaction cannot exceed 4 MB.</p> <p>The actions are completed atomically so that either all of them succeed, or all of them fail. They are defined by the following objects:</p> <ul> <li> <p> <code>Put</code>  —   Initiates a <code>PutItem</code> operation to write a new item. This structure specifies the primary key of the item to be written, the name of the table to write it in, an optional condition expression that must be satisfied for the write to succeed, a list of the item's attributes, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>Update</code>  —   Initiates an <code>UpdateItem</code> operation to update an existing item. This structure specifies the primary key of the item to be updated, the name of the table where it resides, an optional condition expression that must be satisfied for the update to succeed, an expression that defines one or more attributes to be updated, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>Delete</code>  —   Initiates a <code>DeleteItem</code> operation to delete an existing item. This structure specifies the primary key of the item to be deleted, the name of the table where it resides, an optional condition expression that must be satisfied for the deletion to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> <li> <p> <code>ConditionCheck</code>  —   Applies a condition to an item that is not being modified by the transaction. This structure specifies the primary key of the item to be checked, the name of the table where it resides, a condition expression that must be satisfied for the transaction to succeed, and a field indicating whether to retrieve the item's attributes if the condition is not met.</p> </li> </ul> <p>DynamoDB rejects the entire <code>TransactWriteItems</code> request if any of the following is true:</p> <ul> <li> <p>A condition in one of the condition expressions is not met.</p> </li> <li> <p>An ongoing operation is in the process of updating the same item.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>An item size becomes too large (bigger than 400 KB), a local secondary index (LSI) becomes too large, or a similar validation error occurs because of changes made by the transaction.</p> </li> <li> <p>The aggregate size of the items in the transaction exceeds 4 MB.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul>",
       "endpointdiscovery":{
       }
     },
@@ -758,7 +758,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Updates the status for contributor insights for a specific table or index.</p>"
+      "documentation":"<p>Updates the status for contributor insights for a specific table or index. CloudWatch Contributor Insights for DynamoDB graphs display the partition key and (if applicable) sort key of frequently accessed items and frequently throttled items in plaintext. If you require the use of Amazon Web Services Key Management Service (KMS) to encrypt this table’s partition key and sort key data with an Amazon Web Services managed key or customer managed key, you should not enable CloudWatch Contributor Insights for DynamoDB for this table.</p>"
     },
     "UpdateGlobalTable":{
       "name":"UpdateGlobalTable",
@@ -884,7 +884,7 @@
         },
         "ArchivalReason":{
           "shape":"ArchivalReason",
-          "documentation":"<p>The reason DynamoDB archived the table. Currently, the only possible value is:</p> <ul> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS</code> - The table was archived due to the table's AWS KMS key being inaccessible for more than seven days. An On-Demand backup was created at the archival time.</p> </li> </ul>"
+          "documentation":"<p>The reason DynamoDB archived the table. Currently, the only possible value is:</p> <ul> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS</code> - The table was archived due to the table's KMS key being inaccessible for more than seven days. An On-Demand backup was created at the archival time.</p> </li> </ul>"
         },
         "ArchivalBackupArn":{
           "shape":"BackupArn",
@@ -1202,7 +1202,7 @@
         },
         "BackupType":{
           "shape":"BackupType",
-          "documentation":"<p>BackupType:</p> <ul> <li> <p> <code>USER</code> - You create and manage these using the on-demand backup feature.</p> </li> <li> <p> <code>SYSTEM</code> - If you delete a table with point-in-time recovery enabled, a <code>SYSTEM</code> backup is automatically created and is retained for 35 days (at no additional cost). System backups allow you to restore the deleted table to the state it was in just before the point of deletion. </p> </li> <li> <p> <code>AWS_BACKUP</code> - On-demand backup created by you from AWS Backup service.</p> </li> </ul>"
+          "documentation":"<p>BackupType:</p> <ul> <li> <p> <code>USER</code> - You create and manage these using the on-demand backup feature.</p> </li> <li> <p> <code>SYSTEM</code> - If you delete a table with point-in-time recovery enabled, a <code>SYSTEM</code> backup is automatically created and is retained for 35 days (at no additional cost). System backups allow you to restore the deleted table to the state it was in just before the point of deletion. </p> </li> <li> <p> <code>AWS_BACKUP</code> - On-demand backup created by you from Backup service.</p> </li> </ul>"
         },
         "BackupCreationDateTime":{
           "shape":"BackupCreationDateTime",
@@ -1290,7 +1290,7 @@
         },
         "BackupType":{
           "shape":"BackupType",
-          "documentation":"<p>BackupType:</p> <ul> <li> <p> <code>USER</code> - You create and manage these using the on-demand backup feature.</p> </li> <li> <p> <code>SYSTEM</code> - If you delete a table with point-in-time recovery enabled, a <code>SYSTEM</code> backup is automatically created and is retained for 35 days (at no additional cost). System backups allow you to restore the deleted table to the state it was in just before the point of deletion. </p> </li> <li> <p> <code>AWS_BACKUP</code> - On-demand backup created by you from AWS Backup service.</p> </li> </ul>"
+          "documentation":"<p>BackupType:</p> <ul> <li> <p> <code>USER</code> - You create and manage these using the on-demand backup feature.</p> </li> <li> <p> <code>SYSTEM</code> - If you delete a table with point-in-time recovery enabled, a <code>SYSTEM</code> backup is automatically created and is retained for 35 days (at no additional cost). System backups allow you to restore the deleted table to the state it was in just before the point of deletion. </p> </li> <li> <p> <code>AWS_BACKUP</code> - On-demand backup created by you from Backup service.</p> </li> </ul>"
         },
         "BackupSizeBytes":{
           "shape":"BackupSizeBytes",
@@ -1327,8 +1327,9 @@
       "members":{
         "Statements":{
           "shape":"PartiQLBatchRequest",
-          "documentation":"<p> The list of PartiQL statements representing the batch to run. </p>"
-        }
+          "documentation":"<p>The list of PartiQL statements representing the batch to run.</p>"
+        },
+        "ReturnConsumedCapacity":{"shape":"ReturnConsumedCapacity"}
       }
     },
     "BatchExecuteStatementOutput":{
@@ -1336,7 +1337,11 @@
       "members":{
         "Responses":{
           "shape":"PartiQLBatchResponse",
-          "documentation":"<p> The response to each PartiQL statement in the batch. </p>"
+          "documentation":"<p>The response to each PartiQL statement in the batch.</p>"
+        },
+        "ConsumedCapacity":{
+          "shape":"ConsumedCapacityMultiple",
+          "documentation":"<p>The capacity units consumed by the entire operation. The values of the list are ordered according to the ordering of the statements.</p>"
         }
       }
     },
@@ -1875,7 +1880,7 @@
         },
         "KMSMasterKeyId":{
           "shape":"KMSMasterKeyId",
-          "documentation":"<p>The AWS KMS customer master key (CMK) that should be used for AWS KMS encryption in the new replica. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB KMS master key alias/aws/dynamodb.</p>"
+          "documentation":"<p>The KMS key that should be used for KMS encryption in the new replica. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB KMS key <code>alias/aws/dynamodb</code>.</p>"
         },
         "ProvisionedThroughputOverride":{
           "shape":"ProvisionedThroughputOverride",
@@ -1884,6 +1889,10 @@
         "GlobalSecondaryIndexes":{
           "shape":"ReplicaGlobalSecondaryIndexList",
           "documentation":"<p>Replica-specific global secondary index settings.</p>"
+        },
+        "TableClassOverride":{
+          "shape":"TableClass",
+          "documentation":"<p>Replica-specific table class. If not specified, uses the source table's table class.</p>"
         }
       },
       "documentation":"<p>Represents a replica to be created.</p>"
@@ -1935,6 +1944,10 @@
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>A list of key-value pairs to label the table. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html\">Tagging for DynamoDB</a>.</p>"
+        },
+        "TableClass":{
+          "shape":"TableClass",
+          "documentation":"<p>The table class of the new table. Valid values are <code>STANDARD</code> and <code>STANDARD_INFREQUENT_ACCESS</code>.</p>"
         }
       },
       "documentation":"<p>Represents the input of a <code>CreateTable</code> operation.</p>"
@@ -2198,11 +2211,11 @@
         },
         "ContributorInsightsRuleList":{
           "shape":"ContributorInsightsRuleList",
-          "documentation":"<p>List of names of the associated Alpine rules.</p>"
+          "documentation":"<p>List of names of the associated contributor insights rules.</p>"
         },
         "ContributorInsightsStatus":{
           "shape":"ContributorInsightsStatus",
-          "documentation":"<p>Current Status contributor insights.</p>"
+          "documentation":"<p>Current status of contributor insights.</p>"
         },
         "LastUpdateDateTime":{
           "shape":"LastUpdateDateTime",
@@ -2210,7 +2223,7 @@
         },
         "FailureException":{
           "shape":"FailureException",
-          "documentation":"<p>Returns information about the last failure that encountered.</p> <p>The most common exceptions for a FAILED status are:</p> <ul> <li> <p>LimitExceededException - Per-account Amazon CloudWatch Contributor Insights rule limit reached. Please disable Contributor Insights for other tables/indexes OR disable Contributor Insights rules before retrying.</p> </li> <li> <p>AccessDeniedException - Amazon CloudWatch Contributor Insights rules cannot be modified due to insufficient permissions.</p> </li> <li> <p>AccessDeniedException - Failed to create service-linked role for Contributor Insights due to insufficient permissions.</p> </li> <li> <p>InternalServerError - Failed to create Amazon CloudWatch Contributor Insights rules. Please retry request.</p> </li> </ul>"
+          "documentation":"<p>Returns information about the last failure that was encountered.</p> <p>The most common exceptions for a FAILED status are:</p> <ul> <li> <p>LimitExceededException - Per-account Amazon CloudWatch Contributor Insights rule limit reached. Please disable Contributor Insights for other tables/indexes OR disable Contributor Insights rules before retrying.</p> </li> <li> <p>AccessDeniedException - Amazon CloudWatch Contributor Insights rules cannot be modified due to insufficient permissions.</p> </li> <li> <p>AccessDeniedException - Failed to create service-linked role for Contributor Insights due to insufficient permissions.</p> </li> <li> <p>InternalServerError - Failed to create Amazon CloudWatch Contributor Insights rules. Please retry request.</p> </li> </ul>"
         }
       }
     },
@@ -2416,7 +2429,7 @@
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p> There was an attempt to insert an item with the same primary key as an item that already exists in the DynamoDB table. </p>",
+      "documentation":"<p> There was an attempt to insert an item with the same primary key as an item that already exists in the DynamoDB table.</p>",
       "exception":true
     },
     "Endpoint":{
@@ -2450,20 +2463,21 @@
       "members":{
         "Statement":{
           "shape":"PartiQLStatement",
-          "documentation":"<p> The PartiQL statement representing the operation to run. </p>"
+          "documentation":"<p>The PartiQL statement representing the operation to run.</p>"
         },
         "Parameters":{
           "shape":"PreparedStatementParameters",
-          "documentation":"<p> The parameters for the PartiQL statement, if any. </p>"
+          "documentation":"<p>The parameters for the PartiQL statement, if any.</p>"
         },
         "ConsistentRead":{
           "shape":"ConsistentRead",
-          "documentation":"<p> The consistency of a read operation. If set to <code>true</code>, then a strongly consistent read is used; otherwise, an eventually consistent read is used. </p>"
+          "documentation":"<p>The consistency of a read operation. If set to <code>true</code>, then a strongly consistent read is used; otherwise, an eventually consistent read is used.</p>"
         },
         "NextToken":{
           "shape":"PartiQLNextToken",
-          "documentation":"<p> Set this value to get remaining results, if <code>NextToken</code> was returned in the statement response. </p>"
-        }
+          "documentation":"<p>Set this value to get remaining results, if <code>NextToken</code> was returned in the statement response.</p>"
+        },
+        "ReturnConsumedCapacity":{"shape":"ReturnConsumedCapacity"}
       }
     },
     "ExecuteStatementOutput":{
@@ -2471,12 +2485,13 @@
       "members":{
         "Items":{
           "shape":"ItemList",
-          "documentation":"<p> If a read operation was used, this property will contain the result of the reade operation; a map of attribute names and their values. For the write operations this value will be empty. </p>"
+          "documentation":"<p>If a read operation was used, this property will contain the result of the read operation; a map of attribute names and their values. For the write operations this value will be empty.</p>"
         },
         "NextToken":{
           "shape":"PartiQLNextToken",
-          "documentation":"<p> If the response of a read request exceeds the response payload limit DynamoDB will set this value in the response. If set, you can use that this value in the subsequent request to get the remaining results. </p>"
-        }
+          "documentation":"<p>If the response of a read request exceeds the response payload limit DynamoDB will set this value in the response. If set, you can use that this value in the subsequent request to get the remaining results.</p>"
+        },
+        "ConsumedCapacity":{"shape":"ConsumedCapacity"}
       }
     },
     "ExecuteTransactionInput":{
@@ -2485,12 +2500,16 @@
       "members":{
         "TransactStatements":{
           "shape":"ParameterizedStatements",
-          "documentation":"<p> The list of PartiQL statements representing the transaction to run. </p>"
+          "documentation":"<p>The list of PartiQL statements representing the transaction to run.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p> Set this value to get remaining results, if <code>NextToken</code> was returned in the statement response. </p>",
+          "documentation":"<p>Set this value to get remaining results, if <code>NextToken</code> was returned in the statement response.</p>",
           "idempotencyToken":true
+        },
+        "ReturnConsumedCapacity":{
+          "shape":"ReturnConsumedCapacity",
+          "documentation":"<p>Determines the level of detail about either provisioned or on-demand throughput consumption that is returned in the response. For more information, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_TransactGetItems.html\">TransactGetItems</a> and <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_TransactWriteItems.html\">TransactWriteItems</a>.</p>"
         }
       }
     },
@@ -2499,7 +2518,11 @@
       "members":{
         "Responses":{
           "shape":"ItemResponseList",
-          "documentation":"<p> The response to a PartiQL transaction. </p>"
+          "documentation":"<p>The response to a PartiQL transaction.</p>"
+        },
+        "ConsumedCapacity":{
+          "shape":"ConsumedCapacityMultiple",
+          "documentation":"<p>The capacity units consumed by the entire operation. The values of the list are ordered according to the ordering of the statements.</p>"
         }
       }
     },
@@ -2588,7 +2611,7 @@
         },
         "S3BucketOwner":{
           "shape":"S3BucketOwner",
-          "documentation":"<p>The ID of the AWS account that owns the bucket containing the export.</p>"
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the bucket containing the export.</p>"
         },
         "S3Prefix":{
           "shape":"S3Prefix",
@@ -2596,11 +2619,11 @@
         },
         "S3SseAlgorithm":{
           "shape":"S3SseAlgorithm",
-          "documentation":"<p>Type of encryption used on the bucket where export data is stored. Valid values for <code>S3SseAlgorithm</code> are:</p> <ul> <li> <p> <code>AES256</code> - server-side encryption with Amazon S3 managed keys</p> </li> <li> <p> <code>KMS</code> - server-side encryption with AWS KMS managed keys</p> </li> </ul>"
+          "documentation":"<p>Type of encryption used on the bucket where export data is stored. Valid values for <code>S3SseAlgorithm</code> are:</p> <ul> <li> <p> <code>AES256</code> - server-side encryption with Amazon S3 managed keys</p> </li> <li> <p> <code>KMS</code> - server-side encryption with KMS managed keys</p> </li> </ul>"
         },
         "S3SseKmsKeyId":{
           "shape":"S3SseKmsKeyId",
-          "documentation":"<p>The ID of the AWS KMS managed key used to encrypt the S3 bucket where export data is stored (if applicable).</p>"
+          "documentation":"<p>The ID of the KMS managed key used to encrypt the S3 bucket where export data is stored (if applicable).</p>"
         },
         "FailureCode":{
           "shape":"FailureCode",
@@ -2696,7 +2719,7 @@
         },
         "S3BucketOwner":{
           "shape":"S3BucketOwner",
-          "documentation":"<p>The ID of the AWS account that owns the bucket the export will be stored in.</p>"
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the bucket the export will be stored in.</p>"
         },
         "S3Prefix":{
           "shape":"S3Prefix",
@@ -2704,11 +2727,11 @@
         },
         "S3SseAlgorithm":{
           "shape":"S3SseAlgorithm",
-          "documentation":"<p>Type of encryption used on the bucket where export data will be stored. Valid values for <code>S3SseAlgorithm</code> are:</p> <ul> <li> <p> <code>AES256</code> - server-side encryption with Amazon S3 managed keys</p> </li> <li> <p> <code>KMS</code> - server-side encryption with AWS KMS managed keys</p> </li> </ul>"
+          "documentation":"<p>Type of encryption used on the bucket where export data will be stored. Valid values for <code>S3SseAlgorithm</code> are:</p> <ul> <li> <p> <code>AES256</code> - server-side encryption with Amazon S3 managed keys</p> </li> <li> <p> <code>KMS</code> - server-side encryption with KMS managed keys</p> </li> </ul>"
         },
         "S3SseKmsKeyId":{
           "shape":"S3SseKmsKeyId",
-          "documentation":"<p>The ID of the AWS KMS managed key used to encrypt the S3 bucket where export data will be stored (if applicable).</p>"
+          "documentation":"<p>The ID of the KMS managed key used to encrypt the S3 bucket where export data will be stored (if applicable).</p>"
         },
         "ExportFormat":{
           "shape":"ExportFormat",
@@ -3711,7 +3734,7 @@
       "members":{
         "PointInTimeRecoveryStatus":{
           "shape":"PointInTimeRecoveryStatus",
-          "documentation":"<p>The current state of point in time recovery:</p> <ul> <li> <p> <code>ENABLING</code> - Point in time recovery is being enabled.</p> </li> <li> <p> <code>ENABLED</code> - Point in time recovery is enabled.</p> </li> <li> <p> <code>DISABLED</code> - Point in time recovery is disabled.</p> </li> </ul>"
+          "documentation":"<p>The current state of point in time recovery:</p> <ul> <li> <p> <code>ENABLED</code> - Point in time recovery is enabled.</p> </li> <li> <p> <code>DISABLED</code> - Point in time recovery is disabled.</p> </li> </ul>"
         },
         "EarliestRestorableDateTime":{
           "shape":"Date",
@@ -3838,7 +3861,7 @@
           "documentation":"<p>You exceeded your maximum allowed provisioned throughput.</p>"
         }
       },
-      "documentation":"<p>Your request rate is too high. The AWS SDKs for DynamoDB automatically retry requests that receive this exception. Your request is eventually successful, unless your retry queue is too large to finish. Reduce the frequency of requests and use exponential backoff. For more information, go to <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html#Programming.Errors.RetryAndBackoff\">Error Retries and Exponential Backoff</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>",
+      "documentation":"<p>Your request rate is too high. The Amazon Web Services SDKs for DynamoDB automatically retry requests that receive this exception. Your request is eventually successful, unless your retry queue is too large to finish. Reduce the frequency of requests and use exponential backoff. For more information, go to <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Programming.Errors.html#Programming.Errors.RetryAndBackoff\">Error Retries and Exponential Backoff</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>",
       "exception":true
     },
     "ProvisionedThroughputOverride":{
@@ -3906,7 +3929,7 @@
         },
         "ReturnValues":{
           "shape":"ReturnValue",
-          "documentation":"<p>Use <code>ReturnValues</code> if you want to get the item attributes as they appeared before they were updated with the <code>PutItem</code> request. For <code>PutItem</code>, the valid values are:</p> <ul> <li> <p> <code>NONE</code> - If <code>ReturnValues</code> is not specified, or if its value is <code>NONE</code>, then nothing is returned. (This setting is the default for <code>ReturnValues</code>.)</p> </li> <li> <p> <code>ALL_OLD</code> - If <code>PutItem</code> overwrote an attribute name-value pair, then the content of the old item is returned.</p> </li> </ul> <note> <p>The <code>ReturnValues</code> parameter is used by several DynamoDB operations; however, <code>PutItem</code> does not recognize any values other than <code>NONE</code> or <code>ALL_OLD</code>.</p> </note>"
+          "documentation":"<p>Use <code>ReturnValues</code> if you want to get the item attributes as they appeared before they were updated with the <code>PutItem</code> request. For <code>PutItem</code>, the valid values are:</p> <ul> <li> <p> <code>NONE</code> - If <code>ReturnValues</code> is not specified, or if its value is <code>NONE</code>, then nothing is returned. (This setting is the default for <code>ReturnValues</code>.)</p> </li> <li> <p> <code>ALL_OLD</code> - If <code>PutItem</code> overwrote an attribute name-value pair, then the content of the old item is returned.</p> </li> </ul> <p>The values returned are strongly consistent.</p> <note> <p>The <code>ReturnValues</code> parameter is used by several DynamoDB operations; however, <code>PutItem</code> does not recognize any values other than <code>NONE</code> or <code>ALL_OLD</code>.</p> </note>"
         },
         "ReturnConsumedCapacity":{"shape":"ReturnConsumedCapacity"},
         "ReturnItemCollectionMetrics":{
@@ -4137,7 +4160,7 @@
         },
         "ReplicaStatus":{
           "shape":"ReplicaStatus",
-          "documentation":"<p>The current state of the replica:</p> <ul> <li> <p> <code>CREATING</code> - The replica is being created.</p> </li> <li> <p> <code>UPDATING</code> - The replica is being updated.</p> </li> <li> <p> <code>DELETING</code> - The replica is being deleted.</p> </li> <li> <p> <code>ACTIVE</code> - The replica is ready for use.</p> </li> <li> <p> <code>REGION_DISABLED</code> - The replica is inaccessible because the AWS Region has been disabled.</p> <note> <p>If the AWS Region remains inaccessible for more than 20 hours, DynamoDB will remove this replica from the replication group. The replica will not be deleted and replication will stop from and to this region.</p> </note> </li> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS </code> - The AWS KMS key used to encrypt the table is inaccessible.</p> <note> <p>If the AWS KMS key remains inaccessible for more than 20 hours, DynamoDB will remove this replica from the replication group. The replica will not be deleted and replication will stop from and to this region.</p> </note> </li> </ul>"
+          "documentation":"<p>The current state of the replica:</p> <ul> <li> <p> <code>CREATING</code> - The replica is being created.</p> </li> <li> <p> <code>UPDATING</code> - The replica is being updated.</p> </li> <li> <p> <code>DELETING</code> - The replica is being deleted.</p> </li> <li> <p> <code>ACTIVE</code> - The replica is ready for use.</p> </li> <li> <p> <code>REGION_DISABLED</code> - The replica is inaccessible because the Amazon Web Services Region has been disabled.</p> <note> <p>If the Amazon Web Services Region remains inaccessible for more than 20 hours, DynamoDB will remove this replica from the replication group. The replica will not be deleted and replication will stop from and to this region.</p> </note> </li> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS </code> - The KMS key used to encrypt the table is inaccessible.</p> <note> <p>If the KMS key remains inaccessible for more than 20 hours, DynamoDB will remove this replica from the replication group. The replica will not be deleted and replication will stop from and to this region.</p> </note> </li> </ul>"
         },
         "ReplicaStatusDescription":{
           "shape":"ReplicaStatusDescription",
@@ -4149,7 +4172,7 @@
         },
         "KMSMasterKeyId":{
           "shape":"KMSMasterKeyId",
-          "documentation":"<p>The AWS KMS customer master key (CMK) of the replica that will be used for AWS KMS encryption.</p>"
+          "documentation":"<p>The KMS key of the replica that will be used for KMS encryption.</p>"
         },
         "ProvisionedThroughputOverride":{
           "shape":"ProvisionedThroughputOverride",
@@ -4162,7 +4185,8 @@
         "ReplicaInaccessibleDateTime":{
           "shape":"Date",
           "documentation":"<p>The time at which the replica was first detected as inaccessible. To determine cause of inaccessibility check the <code>ReplicaStatus</code> property.</p>"
-        }
+        },
+        "ReplicaTableClassSummary":{"shape":"TableClassSummary"}
       },
       "documentation":"<p>Contains the details of the replica.</p>"
     },
@@ -4350,7 +4374,8 @@
         "ReplicaGlobalSecondaryIndexSettings":{
           "shape":"ReplicaGlobalSecondaryIndexSettingsDescriptionList",
           "documentation":"<p>Replica global secondary index settings for the global table.</p>"
-        }
+        },
+        "ReplicaTableClassSummary":{"shape":"TableClassSummary"}
       },
       "documentation":"<p>Represents the properties of a replica.</p>"
     },
@@ -4377,6 +4402,10 @@
         "ReplicaGlobalSecondaryIndexSettingsUpdate":{
           "shape":"ReplicaGlobalSecondaryIndexSettingsUpdateList",
           "documentation":"<p>Represents the settings of a global secondary index for a global table that will be modified.</p>"
+        },
+        "ReplicaTableClass":{
+          "shape":"TableClass",
+          "documentation":"<p>Replica-specific table class. If not specified, uses the source table's table class.</p>"
         }
       },
       "documentation":"<p>Represents the settings for a global table in a Region that will be modified.</p>"
@@ -4447,7 +4476,7 @@
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>Throughput exceeds the current throughput quota for your account. Please contact AWS Support at <a href=\"https://aws.amazon.com/support\">AWS Support</a> to request a quota increase.</p>",
+      "documentation":"<p>Throughput exceeds the current throughput quota for your account. Please contact <a href=\"https://aws.amazon.com/support\">Amazon Web Services Support</a> to request a quota increase.</p>",
       "exception":true
     },
     "ResourceArnString":{
@@ -4607,7 +4636,7 @@
     },
     "ReturnConsumedCapacity":{
       "type":"string",
-      "documentation":"<p>Determines the level of detail about provisioned throughput consumption that is returned in the response:</p> <ul> <li> <p> <code>INDEXES</code> - The response includes the aggregate <code>ConsumedCapacity</code> for the operation, together with <code>ConsumedCapacity</code> for each table and secondary index that was accessed.</p> <p>Note that some operations, such as <code>GetItem</code> and <code>BatchGetItem</code>, do not access any indexes at all. In these cases, specifying <code>INDEXES</code> will only return <code>ConsumedCapacity</code> information for table(s).</p> </li> <li> <p> <code>TOTAL</code> - The response includes only the aggregate <code>ConsumedCapacity</code> for the operation.</p> </li> <li> <p> <code>NONE</code> - No <code>ConsumedCapacity</code> details are included in the response.</p> </li> </ul>",
+      "documentation":"<p>Determines the level of detail about either provisioned or on-demand throughput consumption that is returned in the response:</p> <ul> <li> <p> <code>INDEXES</code> - The response includes the aggregate <code>ConsumedCapacity</code> for the operation, together with <code>ConsumedCapacity</code> for each table and secondary index that was accessed.</p> <p>Note that some operations, such as <code>GetItem</code> and <code>BatchGetItem</code>, do not access any indexes at all. In these cases, specifying <code>INDEXES</code> will only return <code>ConsumedCapacity</code> information for table(s).</p> </li> <li> <p> <code>TOTAL</code> - The response includes only the aggregate <code>ConsumedCapacity</code> for the operation.</p> </li> <li> <p> <code>NONE</code> - No <code>ConsumedCapacity</code> details are included in the response.</p> </li> </ul>",
       "enum":[
         "INDEXES",
         "TOTAL",
@@ -4662,15 +4691,15 @@
         },
         "SSEType":{
           "shape":"SSEType",
-          "documentation":"<p>Server-side encryption type. The only supported value is:</p> <ul> <li> <p> <code>KMS</code> - Server-side encryption that uses AWS Key Management Service. The key is stored in your account and is managed by AWS KMS (AWS KMS charges apply).</p> </li> </ul>"
+          "documentation":"<p>Server-side encryption type. The only supported value is:</p> <ul> <li> <p> <code>KMS</code> - Server-side encryption that uses Key Management Service. The key is stored in your account and is managed by KMS (KMS charges apply).</p> </li> </ul>"
         },
         "KMSMasterKeyArn":{
           "shape":"KMSMasterKeyArn",
-          "documentation":"<p>The AWS KMS customer master key (CMK) ARN used for the AWS KMS encryption.</p>"
+          "documentation":"<p>The KMS key ARN used for the KMS encryption.</p>"
         },
         "InaccessibleEncryptionDateTime":{
           "shape":"Date",
-          "documentation":"<p>Indicates the time, in UNIX epoch date format, when DynamoDB detected that the table's AWS KMS key was inaccessible. This attribute will automatically be cleared when DynamoDB detects that the table's AWS KMS key is accessible again. DynamoDB will initiate the table archival process when table's AWS KMS key remains inaccessible for more than seven days from this date.</p>"
+          "documentation":"<p>Indicates the time, in UNIX epoch date format, when DynamoDB detected that the table's KMS key was inaccessible. This attribute will automatically be cleared when DynamoDB detects that the table's KMS key is accessible again. DynamoDB will initiate the table archival process when table's KMS key remains inaccessible for more than seven days from this date.</p>"
         }
       },
       "documentation":"<p>The description of the server-side encryption status on the specified table.</p>"
@@ -4681,15 +4710,15 @@
       "members":{
         "Enabled":{
           "shape":"SSEEnabled",
-          "documentation":"<p>Indicates whether server-side encryption is done using an AWS managed CMK or an AWS owned CMK. If enabled (true), server-side encryption type is set to <code>KMS</code> and an AWS managed CMK is used (AWS KMS charges apply). If disabled (false) or not specified, server-side encryption is set to AWS owned CMK.</p>"
+          "documentation":"<p>Indicates whether server-side encryption is done using an Amazon Web Services managed key or an Amazon Web Services owned key. If enabled (true), server-side encryption type is set to <code>KMS</code> and an Amazon Web Services managed key is used (KMS charges apply). If disabled (false) or not specified, server-side encryption is set to Amazon Web Services owned key.</p>"
         },
         "SSEType":{
           "shape":"SSEType",
-          "documentation":"<p>Server-side encryption type. The only supported value is:</p> <ul> <li> <p> <code>KMS</code> - Server-side encryption that uses AWS Key Management Service. The key is stored in your account and is managed by AWS KMS (AWS KMS charges apply).</p> </li> </ul>"
+          "documentation":"<p>Server-side encryption type. The only supported value is:</p> <ul> <li> <p> <code>KMS</code> - Server-side encryption that uses Key Management Service. The key is stored in your account and is managed by KMS (KMS charges apply).</p> </li> </ul>"
         },
         "KMSMasterKeyId":{
           "shape":"KMSMasterKeyId",
-          "documentation":"<p>The AWS KMS customer master key (CMK) that should be used for the AWS KMS encryption. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB customer master key alias/aws/dynamodb.</p>"
+          "documentation":"<p>The KMS key that should be used for the KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB key <code>alias/aws/dynamodb</code>.</p>"
         }
       },
       "documentation":"<p>Represents the settings used to enable server-side encryption.</p>"
@@ -4975,6 +5004,27 @@
       },
       "documentation":"<p>Represents the auto scaling configuration for a global table.</p>"
     },
+    "TableClass":{
+      "type":"string",
+      "enum":[
+        "STANDARD",
+        "STANDARD_INFREQUENT_ACCESS"
+      ]
+    },
+    "TableClassSummary":{
+      "type":"structure",
+      "members":{
+        "TableClass":{
+          "shape":"TableClass",
+          "documentation":"<p>The table class of the specified table. Valid values are <code>STANDARD</code> and <code>STANDARD_INFREQUENT_ACCESS</code>.</p>"
+        },
+        "LastUpdateDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time at which the table class was last updated.</p>"
+        }
+      },
+      "documentation":"<p>Contains details of the table class.</p>"
+    },
     "TableCreationDateTime":{"type":"timestamp"},
     "TableDescription":{
       "type":"structure",
@@ -4993,7 +5043,7 @@
         },
         "TableStatus":{
           "shape":"TableStatus",
-          "documentation":"<p>The current state of the table:</p> <ul> <li> <p> <code>CREATING</code> - The table is being created.</p> </li> <li> <p> <code>UPDATING</code> - The table is being updated.</p> </li> <li> <p> <code>DELETING</code> - The table is being deleted.</p> </li> <li> <p> <code>ACTIVE</code> - The table is ready for use.</p> </li> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS</code> - The AWS KMS key used to encrypt the table in inaccessible. Table operations may fail due to failure to use the AWS KMS key. DynamoDB will initiate the table archival process when a table's AWS KMS key remains inaccessible for more than seven days. </p> </li> <li> <p> <code>ARCHIVING</code> - The table is being archived. Operations are not allowed until archival is complete. </p> </li> <li> <p> <code>ARCHIVED</code> - The table has been archived. See the ArchivalReason for more information. </p> </li> </ul>"
+          "documentation":"<p>The current state of the table:</p> <ul> <li> <p> <code>CREATING</code> - The table is being created.</p> </li> <li> <p> <code>UPDATING</code> - The table is being updated.</p> </li> <li> <p> <code>DELETING</code> - The table is being deleted.</p> </li> <li> <p> <code>ACTIVE</code> - The table is ready for use.</p> </li> <li> <p> <code>INACCESSIBLE_ENCRYPTION_CREDENTIALS</code> - The KMS key used to encrypt the table in inaccessible. Table operations may fail due to failure to use the KMS key. DynamoDB will initiate the table archival process when a table's KMS key remains inaccessible for more than seven days. </p> </li> <li> <p> <code>ARCHIVING</code> - The table is being archived. Operations are not allowed until archival is complete. </p> </li> <li> <p> <code>ARCHIVED</code> - The table has been archived. See the ArchivalReason for more information. </p> </li> </ul>"
         },
         "CreationDateTime":{
           "shape":"Date",
@@ -5037,7 +5087,7 @@
         },
         "LatestStreamLabel":{
           "shape":"String",
-          "documentation":"<p>A timestamp, in ISO 8601 format, for this stream.</p> <p>Note that <code>LatestStreamLabel</code> is not a unique identifier for the stream, because it is possible that a stream from another table might have the same timestamp. However, the combination of the following three elements is guaranteed to be unique:</p> <ul> <li> <p>AWS customer ID</p> </li> <li> <p>Table name</p> </li> <li> <p> <code>StreamLabel</code> </p> </li> </ul>"
+          "documentation":"<p>A timestamp, in ISO 8601 format, for this stream.</p> <p>Note that <code>LatestStreamLabel</code> is not a unique identifier for the stream, because it is possible that a stream from another table might have the same timestamp. However, the combination of the following three elements is guaranteed to be unique:</p> <ul> <li> <p>Amazon Web Services customer ID</p> </li> <li> <p>Table name</p> </li> <li> <p> <code>StreamLabel</code> </p> </li> </ul>"
         },
         "LatestStreamArn":{
           "shape":"StreamArn",
@@ -5045,7 +5095,7 @@
         },
         "GlobalTableVersion":{
           "shape":"String",
-          "documentation":"<p>Represents the version of <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GlobalTables.html\">global tables</a> in use, if the table is replicated across AWS Regions.</p>"
+          "documentation":"<p>Represents the version of <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GlobalTables.html\">global tables</a> in use, if the table is replicated across Amazon Web Services Regions.</p>"
         },
         "Replicas":{
           "shape":"ReplicaDescriptionList",
@@ -5062,6 +5112,10 @@
         "ArchivalSummary":{
           "shape":"ArchivalSummary",
           "documentation":"<p>Contains information about the table archive.</p>"
+        },
+        "TableClassSummary":{
+          "shape":"TableClassSummary",
+          "documentation":"<p>Contains details of the table class.</p>"
         }
       },
       "documentation":"<p>Represents the properties of a table.</p>"
@@ -5117,14 +5171,14 @@
       "members":{
         "Key":{
           "shape":"TagKeyString",
-          "documentation":"<p>The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value. </p>"
+          "documentation":"<p>The key of the tag. Tag keys are case sensitive. Each DynamoDB table can only have up to one tag with the same key. If you try to add an existing tag (same key), the existing tag value will be updated to the new value.</p>"
         },
         "Value":{
           "shape":"TagValueString",
           "documentation":"<p>The value of the tag. Tag values are case-sensitive and can be null.</p>"
         }
       },
-      "documentation":"<p>Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a single DynamoDB table. </p> <p> AWS-assigned tag names and values are automatically assigned the <code>aws:</code> prefix, which the user cannot assign. AWS-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix <code>user:</code> in the Cost Allocation Report. You cannot backdate the application of a tag. </p> <p>For an overview on tagging DynamoDB resources, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html\">Tagging for DynamoDB</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>"
+      "documentation":"<p>Describes a tag. A tag is a key-value pair. You can add up to 50 tags to a single DynamoDB table. </p> <p>Amazon Web Services-assigned tag names and values are automatically assigned the <code>aws:</code> prefix, which the user cannot assign. Amazon Web Services-assigned tag names do not count towards the tag limit of 50. User-assigned tag names have the prefix <code>user:</code> in the Cost Allocation Report. You cannot backdate the application of a tag.</p> <p>For an overview on tagging DynamoDB resources, see <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tagging.html\">Tagging for DynamoDB</a> in the <i>Amazon DynamoDB Developer Guide</i>.</p>"
     },
     "TagKeyList":{
       "type":"list",
@@ -5288,7 +5342,7 @@
       "members":{
         "TransactItems":{
           "shape":"TransactWriteItemList",
-          "documentation":"<p>An ordered array of up to 25 <code>TransactWriteItem</code> objects, each of which contains a <code>ConditionCheck</code>, <code>Put</code>, <code>Update</code>, or <code>Delete</code> object. These can operate on items in different tables, but the tables must reside in the same AWS account and Region, and no two of them can operate on the same item. </p>"
+          "documentation":"<p>An ordered array of up to 25 <code>TransactWriteItem</code> objects, each of which contains a <code>ConditionCheck</code>, <code>Put</code>, <code>Update</code>, or <code>Delete</code> object. These can operate on items in different tables, but the tables must reside in the same Amazon Web Services account and Region, and no two of them can operate on the same item. </p>"
         },
         "ReturnConsumedCapacity":{"shape":"ReturnConsumedCapacity"},
         "ReturnItemCollectionMetrics":{
@@ -5324,7 +5378,7 @@
           "documentation":"<p>A list of cancellation reasons.</p>"
         }
       },
-      "documentation":"<p>The entire transaction request was canceled.</p> <p>DynamoDB cancels a <code>TransactWriteItems</code> request under the following circumstances:</p> <ul> <li> <p>A condition in one of the condition expressions is not met.</p> </li> <li> <p>A table in the <code>TransactWriteItems</code> request is in a different account or region.</p> </li> <li> <p>More than one action in the <code>TransactWriteItems</code> operation targets the same item.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>An item size becomes too large (larger than 400 KB), or a local secondary index (LSI) becomes too large, or a similar validation error occurs because of changes made by the transaction.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul> <p>DynamoDB cancels a <code>TransactGetItems</code> request under the following circumstances:</p> <ul> <li> <p>There is an ongoing <code>TransactGetItems</code> operation that conflicts with a concurrent <code>PutItem</code>, <code>UpdateItem</code>, <code>DeleteItem</code> or <code>TransactWriteItems</code> request. In this case the <code>TransactGetItems</code> operation fails with a <code>TransactionCanceledException</code>.</p> </li> <li> <p>A table in the <code>TransactGetItems</code> request is in a different account or region.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul> <note> <p>If using Java, DynamoDB lists the cancellation reasons on the <code>CancellationReasons</code> property. This property is not set for other languages. Transaction cancellation reasons are ordered in the order of requested items, if an item has no error it will have <code>NONE</code> code and <code>Null</code> message.</p> </note> <p>Cancellation reason codes and possible error messages:</p> <ul> <li> <p>No Errors:</p> <ul> <li> <p>Code: <code>NONE</code> </p> </li> <li> <p>Message: <code>null</code> </p> </li> </ul> </li> <li> <p>Conditional Check Failed:</p> <ul> <li> <p>Code: <code>ConditionalCheckFailed</code> </p> </li> <li> <p>Message: The conditional request failed. </p> </li> </ul> </li> <li> <p>Item Collection Size Limit Exceeded:</p> <ul> <li> <p>Code: <code>ItemCollectionSizeLimitExceeded</code> </p> </li> <li> <p>Message: Collection size exceeded.</p> </li> </ul> </li> <li> <p>Transaction Conflict:</p> <ul> <li> <p>Code: <code>TransactionConflict</code> </p> </li> <li> <p>Message: Transaction is ongoing for the item.</p> </li> </ul> </li> <li> <p>Provisioned Throughput Exceeded:</p> <ul> <li> <p>Code: <code>ProvisionedThroughputExceeded</code> </p> </li> <li> <p>Messages: </p> <ul> <li> <p>The level of configured provisioned throughput for the table was exceeded. Consider increasing your provisioning level with the UpdateTable API.</p> <note> <p>This Message is received when provisioned throughput is exceeded is on a provisioned DynamoDB table.</p> </note> </li> <li> <p>The level of configured provisioned throughput for one or more global secondary indexes of the table was exceeded. Consider increasing your provisioning level for the under-provisioned global secondary indexes with the UpdateTable API.</p> <note> <p>This message is returned when provisioned throughput is exceeded is on a provisioned GSI.</p> </note> </li> </ul> </li> </ul> </li> <li> <p>Throttling Error:</p> <ul> <li> <p>Code: <code>ThrottlingError</code> </p> </li> <li> <p>Messages: </p> <ul> <li> <p>Throughput exceeds the current capacity of your table or index. DynamoDB is automatically scaling your table or index so please try again shortly. If exceptions persist, check if you have a hot key: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html.</p> <note> <p>This message is returned when writes get throttled on an On-Demand table as DynamoDB is automatically scaling the table.</p> </note> </li> <li> <p>Throughput exceeds the current capacity for one or more global secondary indexes. DynamoDB is automatically scaling your index so please try again shortly.</p> <note> <p>This message is returned when when writes get throttled on an On-Demand GSI as DynamoDB is automatically scaling the GSI.</p> </note> </li> </ul> </li> </ul> </li> <li> <p>Validation Error:</p> <ul> <li> <p>Code: <code>ValidationError</code> </p> </li> <li> <p>Messages: </p> <ul> <li> <p>One or more parameter values were invalid.</p> </li> <li> <p>The update expression attempted to update the secondary index key beyond allowed size limits.</p> </li> <li> <p>The update expression attempted to update the secondary index key to unsupported type.</p> </li> <li> <p>An operand in the update expression has an incorrect data type.</p> </li> <li> <p>Item size to update has exceeded the maximum allowed size.</p> </li> <li> <p>Number overflow. Attempting to store a number with magnitude larger than supported range.</p> </li> <li> <p>Type mismatch for attribute to update.</p> </li> <li> <p>Nesting Levels have exceeded supported limits.</p> </li> <li> <p>The document path provided in the update expression is invalid for update.</p> </li> <li> <p>The provided expression refers to an attribute that does not exist in the item.</p> </li> </ul> </li> </ul> </li> </ul>",
+      "documentation":"<p>The entire transaction request was canceled.</p> <p>DynamoDB cancels a <code>TransactWriteItems</code> request under the following circumstances:</p> <ul> <li> <p>A condition in one of the condition expressions is not met.</p> </li> <li> <p>A table in the <code>TransactWriteItems</code> request is in a different account or region.</p> </li> <li> <p>More than one action in the <code>TransactWriteItems</code> operation targets the same item.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>An item size becomes too large (larger than 400 KB), or a local secondary index (LSI) becomes too large, or a similar validation error occurs because of changes made by the transaction.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul> <p>DynamoDB cancels a <code>TransactGetItems</code> request under the following circumstances:</p> <ul> <li> <p>There is an ongoing <code>TransactGetItems</code> operation that conflicts with a concurrent <code>PutItem</code>, <code>UpdateItem</code>, <code>DeleteItem</code> or <code>TransactWriteItems</code> request. In this case the <code>TransactGetItems</code> operation fails with a <code>TransactionCanceledException</code>.</p> </li> <li> <p>A table in the <code>TransactGetItems</code> request is in a different account or region.</p> </li> <li> <p>There is insufficient provisioned capacity for the transaction to be completed.</p> </li> <li> <p>There is a user error, such as an invalid data format.</p> </li> </ul> <note> <p>If using Java, DynamoDB lists the cancellation reasons on the <code>CancellationReasons</code> property. This property is not set for other languages. Transaction cancellation reasons are ordered in the order of requested items, if an item has no error it will have <code>NONE</code> code and <code>Null</code> message.</p> </note> <p>Cancellation reason codes and possible error messages:</p> <ul> <li> <p>No Errors:</p> <ul> <li> <p>Code: <code>NONE</code> </p> </li> <li> <p>Message: <code>null</code> </p> </li> </ul> </li> <li> <p>Conditional Check Failed:</p> <ul> <li> <p>Code: <code>ConditionalCheckFailed</code> </p> </li> <li> <p>Message: The conditional request failed. </p> </li> </ul> </li> <li> <p>Item Collection Size Limit Exceeded:</p> <ul> <li> <p>Code: <code>ItemCollectionSizeLimitExceeded</code> </p> </li> <li> <p>Message: Collection size exceeded.</p> </li> </ul> </li> <li> <p>Transaction Conflict:</p> <ul> <li> <p>Code: <code>TransactionConflict</code> </p> </li> <li> <p>Message: Transaction is ongoing for the item.</p> </li> </ul> </li> <li> <p>Provisioned Throughput Exceeded:</p> <ul> <li> <p>Code: <code>ProvisionedThroughputExceeded</code> </p> </li> <li> <p>Messages:</p> <ul> <li> <p>The level of configured provisioned throughput for the table was exceeded. Consider increasing your provisioning level with the UpdateTable API.</p> <note> <p>This Message is received when provisioned throughput is exceeded is on a provisioned DynamoDB table.</p> </note> </li> <li> <p>The level of configured provisioned throughput for one or more global secondary indexes of the table was exceeded. Consider increasing your provisioning level for the under-provisioned global secondary indexes with the UpdateTable API.</p> <note> <p>This message is returned when provisioned throughput is exceeded is on a provisioned GSI.</p> </note> </li> </ul> </li> </ul> </li> <li> <p>Throttling Error:</p> <ul> <li> <p>Code: <code>ThrottlingError</code> </p> </li> <li> <p>Messages: </p> <ul> <li> <p>Throughput exceeds the current capacity of your table or index. DynamoDB is automatically scaling your table or index so please try again shortly. If exceptions persist, check if you have a hot key: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/bp-partition-key-design.html.</p> <note> <p>This message is returned when writes get throttled on an On-Demand table as DynamoDB is automatically scaling the table.</p> </note> </li> <li> <p>Throughput exceeds the current capacity for one or more global secondary indexes. DynamoDB is automatically scaling your index so please try again shortly.</p> <note> <p>This message is returned when when writes get throttled on an On-Demand GSI as DynamoDB is automatically scaling the GSI.</p> </note> </li> </ul> </li> </ul> </li> <li> <p>Validation Error:</p> <ul> <li> <p>Code: <code>ValidationError</code> </p> </li> <li> <p>Messages: </p> <ul> <li> <p>One or more parameter values were invalid.</p> </li> <li> <p>The update expression attempted to update the secondary index key beyond allowed size limits.</p> </li> <li> <p>The update expression attempted to update the secondary index key to unsupported type.</p> </li> <li> <p>An operand in the update expression has an incorrect data type.</p> </li> <li> <p>Item size to update has exceeded the maximum allowed size.</p> </li> <li> <p>Number overflow. Attempting to store a number with magnitude larger than supported range.</p> </li> <li> <p>Type mismatch for attribute to update.</p> </li> <li> <p>Nesting Levels have exceeded supported limits.</p> </li> <li> <p>The document path provided in the update expression is invalid for update.</p> </li> <li> <p>The provided expression refers to an attribute that does not exist in the item.</p> </li> </ul> </li> </ul> </li> </ul>",
       "exception":true
     },
     "TransactionConflictException":{
@@ -5634,7 +5688,7 @@
         },
         "KMSMasterKeyId":{
           "shape":"KMSMasterKeyId",
-          "documentation":"<p>The AWS KMS customer master key (CMK) of the replica that should be used for AWS KMS encryption. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB KMS master key alias/aws/dynamodb.</p>"
+          "documentation":"<p>The KMS key of the replica that should be used for KMS encryption. To specify a key, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. Note that you should only provide this parameter if the key is different from the default DynamoDB KMS key <code>alias/aws/dynamodb</code>.</p>"
         },
         "ProvisionedThroughputOverride":{
           "shape":"ProvisionedThroughputOverride",
@@ -5643,6 +5697,10 @@
         "GlobalSecondaryIndexes":{
           "shape":"ReplicaGlobalSecondaryIndexList",
           "documentation":"<p>Replica-specific global secondary index settings.</p>"
+        },
+        "TableClassOverride":{
+          "shape":"TableClass",
+          "documentation":"<p>Replica-specific table class. If not specified, uses the source table's table class.</p>"
         }
       },
       "documentation":"<p>Represents a replica to be modified.</p>"
@@ -5682,6 +5740,10 @@
         "ReplicaUpdates":{
           "shape":"ReplicationGroupUpdateList",
           "documentation":"<p>A list of replica update actions (create, delete, or update) for the table.</p> <note> <p>This property only applies to <a href=\"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html\">Version 2019.11.21</a> of global tables.</p> </note>"
+        },
+        "TableClass":{
+          "shape":"TableClass",
+          "documentation":"<p>The table class of the table to be updated. Valid values are <code>STANDARD</code> and <code>STANDARD_INFREQUENT_ACCESS</code>.</p>"
         }
       },
       "documentation":"<p>Represents the input of an <code>UpdateTable</code> operation.</p>"
@@ -5772,5 +5834,5 @@
       "min":1
     }
   },
-  "documentation":"<fullname>Amazon DynamoDB</fullname> <p>Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database, so that you don't have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.</p> <p>With DynamoDB, you can create database tables that can store and retrieve any amount of data, and serve any level of request traffic. You can scale up or scale down your tables' throughput capacity without downtime or performance degradation, and use the AWS Management Console to monitor resource utilization and performance metrics.</p> <p>DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid state disks (SSDs) and automatically replicated across multiple Availability Zones in an AWS region, providing built-in high availability and data durability. </p>"
+  "documentation":"<fullname>Amazon DynamoDB</fullname> <p>Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. DynamoDB lets you offload the administrative burdens of operating and scaling a distributed database, so that you don't have to worry about hardware provisioning, setup and configuration, replication, software patching, or cluster scaling.</p> <p>With DynamoDB, you can create database tables that can store and retrieve any amount of data, and serve any level of request traffic. You can scale up or scale down your tables' throughput capacity without downtime or performance degradation, and use the Amazon Web Services Management Console to monitor resource utilization and performance metrics.</p> <p>DynamoDB automatically spreads the data and traffic for your tables over a sufficient number of servers to handle your throughput and storage requirements, while maintaining consistent and fast performance. All of your data is stored on solid state disks (SSDs) and automatically replicated across multiple Availability Zones in an Amazon Web Services Region, providing built-in high availability and data durability.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ebs/2019-11-02/service-2.json b/contrib/python/botocore/py3/botocore/data/ebs/2019-11-02/service-2.json
index 0e40101728d..880e4822d00 100644
--- a/contrib/python/botocore/py3/botocore/data/ebs/2019-11-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ebs/2019-11-02/service-2.json
@@ -400,19 +400,19 @@
         },
         "NextToken":{
           "shape":"PageToken",
-          "documentation":"<p>The token to request the next page of results.</p>",
+          "documentation":"<p>The token to request the next page of results.</p> <p>If you specify <b>NextToken</b>, then <b>StartingBlockIndex</b> is ignored.</p>",
           "location":"querystring",
           "locationName":"pageToken"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The number of results to return.</p>",
+          "documentation":"<p>The maximum number of blocks to be returned by the request.</p> <p>Even if additional blocks can be retrieved from the snapshot, the request can return less blocks than <b>MaxResults</b> or an empty array of blocks.</p> <p>To retrieve the next set of blocks from the snapshot, make another request with the returned <b>NextToken</b> value. The value of <b>NextToken</b> is <code>null</code> when there are no more blocks to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         },
         "StartingBlockIndex":{
           "shape":"BlockIndex",
-          "documentation":"<p>The block index from which the comparison should start.</p> <p>The list in the response will start from this block index or the next valid block index in the snapshots.</p>",
+          "documentation":"<p>The block index from which the comparison should start.</p> <p>The list in the response will start from this block index or the next valid block index in the snapshots.</p> <p>If you specify <b>NextToken</b>, then <b>StartingBlockIndex</b> is ignored.</p>",
           "location":"querystring",
           "locationName":"startingBlockIndex"
         }
@@ -455,19 +455,19 @@
         },
         "NextToken":{
           "shape":"PageToken",
-          "documentation":"<p>The token to request the next page of results.</p>",
+          "documentation":"<p>The token to request the next page of results.</p> <p>If you specify <b>NextToken</b>, then <b>StartingBlockIndex</b> is ignored.</p>",
           "location":"querystring",
           "locationName":"pageToken"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The number of results to return.</p>",
+          "documentation":"<p>The maximum number of blocks to be returned by the request.</p> <p>Even if additional blocks can be retrieved from the snapshot, the request can return less blocks than <b>MaxResults</b> or an empty array of blocks.</p> <p>To retrieve the next set of blocks from the snapshot, make another request with the returned <b>NextToken</b> value. The value of <b>NextToken</b> is <code>null</code> when there are no more blocks to return.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         },
         "StartingBlockIndex":{
           "shape":"BlockIndex",
-          "documentation":"<p>The block index from which the list should start. The list in the response will start from this block index or the next valid block index in the snapshot.</p>",
+          "documentation":"<p>The block index from which the list should start. The list in the response will start from this block index or the next valid block index in the snapshot.</p> <p>If you specify <b>NextToken</b>, then <b>StartingBlockIndex</b> is ignored.</p>",
           "location":"querystring",
           "locationName":"startingBlockIndex"
         }
diff --git a/contrib/python/botocore/py3/botocore/data/ec2-instance-connect/2018-04-02/service-2.json b/contrib/python/botocore/py3/botocore/data/ec2-instance-connect/2018-04-02/service-2.json
index cee350c406f..d6fbb9801a6 100644
--- a/contrib/python/botocore/py3/botocore/data/ec2-instance-connect/2018-04-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ec2-instance-connect/2018-04-02/service-2.json
@@ -26,7 +26,8 @@
         {"shape":"InvalidArgsException"},
         {"shape":"ServiceException"},
         {"shape":"ThrottlingException"},
-        {"shape":"EC2InstanceNotFoundException"}
+        {"shape":"EC2InstanceNotFoundException"},
+        {"shape":"EC2InstanceStateInvalidException"}
       ],
       "documentation":"<p>Pushes an SSH public key to the specified EC2 instance for use by the specified user. The key remains for 60 seconds. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html\">Connect to your Linux instance using EC2 Instance Connect</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
@@ -47,7 +48,8 @@
         {"shape":"EC2InstanceNotFoundException"},
         {"shape":"EC2InstanceTypeInvalidException"},
         {"shape":"SerialConsoleSessionLimitExceededException"},
-        {"shape":"SerialConsoleSessionUnavailableException"}
+        {"shape":"SerialConsoleSessionUnavailableException"},
+        {"shape":"EC2InstanceStateInvalidException"}
       ],
       "documentation":"<p>Pushes an SSH public key to the specified EC2 instance. The key remains for 60 seconds, which gives you 60 seconds to establish a serial console connection to the instance using SSH. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-serial-console.html\">EC2 Serial Console</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     }
@@ -75,6 +77,14 @@
       "documentation":"<p>The specified instance was not found.</p>",
       "exception":true
     },
+    "EC2InstanceStateInvalidException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>Unable to connect because the instance is not in a valid state. Connecting to a stopped or terminated instance is not supported. If the instance is stopped, start your instance, and try to connect again.</p>",
+      "exception":true
+    },
     "EC2InstanceTypeInvalidException":{
       "type":"structure",
       "members":{
@@ -107,15 +117,14 @@
     "SSHPublicKey":{
       "type":"string",
       "max":4096,
-      "min":256
+      "min":80
     },
     "SendSSHPublicKeyRequest":{
       "type":"structure",
       "required":[
         "InstanceId",
         "InstanceOSUser",
-        "SSHPublicKey",
-        "AvailabilityZone"
+        "SSHPublicKey"
       ],
       "members":{
         "InstanceId":{
diff --git a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/paginators-1.json b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/paginators-1.json
index e1319683f7c..004062250e1 100644
--- a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/paginators-1.json
@@ -643,6 +643,84 @@
       "limit_key": "MaxResults",
       "output_token": "NextToken",
       "result_key": "SpotPlacementScores"
+    },
+    "DescribeSnapshotTierStatus": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "SnapshotTierStatuses"
+    },
+    "ListSnapshotsInRecycleBin": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "Snapshots"
+    },
+    "DescribeIpamPools": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "IpamPools"
+    },
+    "DescribeIpamScopes": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "IpamScopes"
+    },
+    "DescribeIpams": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "Ipams"
+    },
+    "DescribeNetworkInsightsAccessScopeAnalyses": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "NetworkInsightsAccessScopeAnalyses"
+    },
+    "DescribeNetworkInsightsAccessScopes": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "NetworkInsightsAccessScopes"
+    },
+    "GetIpamAddressHistory": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "HistoryRecords"
+    },
+    "GetIpamPoolAllocations": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "IpamPoolAllocations"
+    },
+    "GetIpamPoolCidrs": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "IpamPoolCidrs"
+    },
+    "GetIpamResourceCidrs": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "IpamResourceCidrs"
+    },
+    "DescribeFastLaunchImages": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "FastLaunchImages"
+    },
+    "ListImagesInRecycleBin": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "Images"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/service-2.json b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/service-2.json
index 290c4a9e1be..34dc719ac45 100644
--- a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/service-2.json
@@ -102,6 +102,16 @@
       "output":{"shape":"AllocateHostsResult"},
       "documentation":"<p>Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.</p>"
     },
+    "AllocateIpamPoolCidr":{
+      "name":"AllocateIpamPoolCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AllocateIpamPoolCidrRequest"},
+      "output":{"shape":"AllocateIpamPoolCidrResult"},
+      "documentation":"<p>Allocate a CIDR from an IPAM pool. In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool. For more information, see <a href=\"/vpc/latest/ipam/allocate-cidrs-ipam.html\">Allocate CIDRs</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "ApplySecurityGroupsToClientVpnTargetNetwork":{
       "name":"ApplySecurityGroupsToClientVpnTargetNetwork",
       "http":{
@@ -318,7 +328,7 @@
       },
       "input":{"shape":"AuthorizeSecurityGroupEgressRequest"},
       "output":{"shape":"AuthorizeSecurityGroupEgressResult"},
-      "documentation":"<p>[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.</p> <p>An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified destination security groups.</p> <p>You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.</p> <p>Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.</p> <p>For information about VPC security group quotas, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html\">Amazon VPC quotas</a>.</p>"
+      "documentation":"<p>[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.</p> <p>An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified source security groups.</p> <p>You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.</p> <p>Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.</p> <p>For information about VPC security group quotas, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html\">Amazon VPC quotas</a>.</p>"
     },
     "AuthorizeSecurityGroupIngress":{
       "name":"AuthorizeSecurityGroupIngress",
@@ -606,7 +616,7 @@
       },
       "input":{"shape":"CreateImageRequest"},
       "output":{"shape":"CreateImageResult"},
-      "documentation":"<p>Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.</p> <p>If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html\">Creating Amazon EBS-Backed Linux AMIs</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+      "documentation":"<p>Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.</p> <important> <p>By default, Amazon EC2 shuts down and reboots the instance before creating the AMI to ensure that everything on the instance is stopped and in a consistent state during the creation process. If you're confident that your instance is in a consistent state appropriate for AMI creation, use the <b>NoReboot</b> parameter to prevent Amazon EC2 from shutting down and rebooting the instance. </p> </important> <p>If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html\">Creating Amazon EBS-Backed Linux AMIs</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
     "CreateInstanceEventWindow":{
       "name":"CreateInstanceEventWindow",
@@ -638,6 +648,36 @@
       "output":{"shape":"CreateInternetGatewayResult"},
       "documentation":"<p>Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using <a>AttachInternetGateway</a>.</p> <p>For more information about your VPC and internet gateway, see the <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/\">Amazon Virtual Private Cloud User Guide</a>.</p>"
     },
+    "CreateIpam":{
+      "name":"CreateIpam",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateIpamRequest"},
+      "output":{"shape":"CreateIpamResult"},
+      "documentation":"<p>Create an IPAM. Amazon VCP IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "CreateIpamPool":{
+      "name":"CreateIpamPool",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateIpamPoolRequest"},
+      "output":{"shape":"CreateIpamPoolResult"},
+      "documentation":"<p>Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/create-top-ipam.html\">Create a top-level pool</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "CreateIpamScope":{
+      "name":"CreateIpamScope",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateIpamScopeRequest"},
+      "output":{"shape":"CreateIpamScopeResult"},
+      "documentation":"<p>Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/add-scope-ipam.html\">Add a scope</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
     "CreateKeyPair":{
       "name":"CreateKeyPair",
       "http":{
@@ -727,6 +767,16 @@
       "input":{"shape":"CreateNetworkAclEntryRequest"},
       "documentation":"<p>Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a separate set of egress rules.</p> <p>We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule between existing ones without having to renumber the rules.</p> <p>After you add an entry, you can't modify it; you must either replace it, or create an entry and delete the old one.</p> <p>For more information about network ACLs, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html\">Network ACLs</a> in the <i>Amazon Virtual Private Cloud User Guide</i>.</p>"
     },
+    "CreateNetworkInsightsAccessScope":{
+      "name":"CreateNetworkInsightsAccessScope",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateNetworkInsightsAccessScopeRequest"},
+      "output":{"shape":"CreateNetworkInsightsAccessScopeResult"},
+      "documentation":"<p>Creates a Network Access Scope.</p> <p>Amazon Web Services Network Access Analyzer enables cloud networking and cloud operations teams to verify that their networks on Amazon Web Services conform to their network security and governance objectives. For more information, see the <a href=\"https://docs.aws.amazon.com/vpc/latest/network-access-analyzer/\">Amazon Web Services Network Access Analyzer Guide</a>.</p>"
+    },
     "CreateNetworkInsightsPath":{
       "name":"CreateNetworkInsightsPath",
       "http":{
@@ -767,6 +817,16 @@
       "output":{"shape":"CreatePlacementGroupResult"},
       "documentation":"<p>Creates a placement group in which to launch instances. The strategy of the placement group determines how the instances are organized within the group. </p> <p>A <code>cluster</code> placement group is a logical grouping of instances within a single Availability Zone that benefit from low network latency, high network throughput. A <code>spread</code> placement group places instances on distinct hardware. A <code>partition</code> placement group places groups of instances in different partitions, where instances in one partition do not share the same hardware with instances in another partition.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html\">Placement groups</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
+    "CreatePublicIpv4Pool":{
+      "name":"CreatePublicIpv4Pool",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreatePublicIpv4PoolRequest"},
+      "output":{"shape":"CreatePublicIpv4PoolResult"},
+      "documentation":"<p>Creates a public IPv4 address pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only. To monitor the status of pool creation, use <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePublicIpv4Pools.html\">DescribePublicIpv4Pools</a>.</p>"
+    },
     "CreateReplaceRootVolumeTask":{
       "name":"CreateReplaceRootVolumeTask",
       "http":{
@@ -1222,6 +1282,36 @@
       "input":{"shape":"DeleteInternetGatewayRequest"},
       "documentation":"<p>Deletes the specified internet gateway. You must detach the internet gateway from the VPC before you can delete it.</p>"
     },
+    "DeleteIpam":{
+      "name":"DeleteIpam",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteIpamRequest"},
+      "output":{"shape":"DeleteIpamResult"},
+      "documentation":"<p>Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.</p> <note> <p>You cannot delete an IPAM if there are CIDRs provisioned to pools or if there are allocations in the pools within the IPAM. To deprovision pool CIDRs, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html\">DeprovisionIpamPoolCidr</a>. To release allocations, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html\">ReleaseIpamPoolAllocation</a>. </p> </note> <p>For more information, see <a href=\"/vpc/latest/ipam/delete-ipam.html\">Delete an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "DeleteIpamPool":{
+      "name":"DeleteIpamPool",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteIpamPoolRequest"},
+      "output":{"shape":"DeleteIpamPoolResult"},
+      "documentation":"<p>Delete an IPAM pool.</p> <note> <p>You cannot delete an IPAM pool if there are allocations in it or CIDRs provisioned to it. To release allocations, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ReleaseIpamPoolAllocation.html\">ReleaseIpamPoolAllocation</a>. To deprovision pool CIDRs, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeprovisionIpamPoolCidr.html\">DeprovisionIpamPoolCidr</a>.</p> </note> <p>For more information, see <a href=\"/vpc/latest/ipam/delete-pool-ipam.html\">Delete a pool</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "DeleteIpamScope":{
+      "name":"DeleteIpamScope",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteIpamScopeRequest"},
+      "output":{"shape":"DeleteIpamScopeResult"},
+      "documentation":"<p>Delete the scope for an IPAM. You cannot delete the default scopes.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/delete-scope-ipam.html\">Delete a scope</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "DeleteKeyPair":{
       "name":"DeleteKeyPair",
       "http":{
@@ -1309,6 +1399,26 @@
       "input":{"shape":"DeleteNetworkAclEntryRequest"},
       "documentation":"<p>Deletes the specified ingress or egress entry (rule) from the specified network ACL.</p>"
     },
+    "DeleteNetworkInsightsAccessScope":{
+      "name":"DeleteNetworkInsightsAccessScope",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteNetworkInsightsAccessScopeRequest"},
+      "output":{"shape":"DeleteNetworkInsightsAccessScopeResult"},
+      "documentation":"<p>Deletes the specified Network Access Scope.</p>"
+    },
+    "DeleteNetworkInsightsAccessScopeAnalysis":{
+      "name":"DeleteNetworkInsightsAccessScopeAnalysis",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteNetworkInsightsAccessScopeAnalysisRequest"},
+      "output":{"shape":"DeleteNetworkInsightsAccessScopeAnalysisResult"},
+      "documentation":"<p>Deletes the specified Network Access Scope analysis.</p>"
+    },
     "DeleteNetworkInsightsAnalysis":{
       "name":"DeleteNetworkInsightsAnalysis",
       "http":{
@@ -1357,6 +1467,16 @@
       "input":{"shape":"DeletePlacementGroupRequest"},
       "documentation":"<p>Deletes the specified placement group. You must terminate all instances in the placement group before you can delete the placement group. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html\">Placement groups</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
+    "DeletePublicIpv4Pool":{
+      "name":"DeletePublicIpv4Pool",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeletePublicIpv4PoolRequest"},
+      "output":{"shape":"DeletePublicIpv4PoolResult"},
+      "documentation":"<p>Delete a public IPv4 pool. A public IPv4 pool is an EC2 IP address pool required for the public IPv4 CIDRs that you own and bring to Amazon Web Services to manage with IPAM. IPv6 addresses you bring to Amazon Web Services, however, use IPAM pools only.</p>"
+    },
     "DeleteQueuedReservedInstances":{
       "name":"DeleteQueuedReservedInstances",
       "http":{
@@ -1665,6 +1785,26 @@
       "output":{"shape":"DeprovisionByoipCidrResult"},
       "documentation":"<p>Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.</p> <p>Before you can release an address range, you must stop advertising it using <a>WithdrawByoipCidr</a> and you must not have any IP addresses allocated from its address range.</p>"
     },
+    "DeprovisionIpamPoolCidr":{
+      "name":"DeprovisionIpamPoolCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeprovisionIpamPoolCidrRequest"},
+      "output":{"shape":"DeprovisionIpamPoolCidrResult"},
+      "documentation":"<p>Deprovision a CIDR provisioned from an IPAM pool. If you deprovision a CIDR from a pool that has a source pool, the CIDR is recycled back into the source pool. For more information, see <a href=\"/vpc/latest/ipam/depro-pool-cidr-ipam.html\">Deprovision pool CIDRs</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
+    "DeprovisionPublicIpv4PoolCidr":{
+      "name":"DeprovisionPublicIpv4PoolCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeprovisionPublicIpv4PoolCidrRequest"},
+      "output":{"shape":"DeprovisionPublicIpv4PoolCidrResult"},
+      "documentation":"<p>Deprovision a CIDR from a public IPv4 pool.</p>"
+    },
     "DeregisterImage":{
       "name":"DeregisterImage",
       "http":{
@@ -1672,7 +1812,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"DeregisterImageRequest"},
-      "documentation":"<p>Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances; however, it doesn't affect any instances that you've already launched from the AMI. You'll continue to incur usage costs for those instances until you terminate them.</p> <p>When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn't affect the files that you uploaded to Amazon S3 when you created the AMI.</p>"
+      "documentation":"<p>Deregisters the specified AMI. After you deregister an AMI, it can't be used to launch new instances.</p> <p>If you deregister an AMI that matches a Recycle Bin retention rule, the AMI is retained in the Recycle Bin for the specified retention period. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html\">Recycle Bin</a> in the Amazon Elastic Compute Cloud User Guide.</p> <p>When you deregister an AMI, it doesn't affect any instances that you've already launched from the AMI. You'll continue to incur usage costs for those instances until you terminate them.</p> <p>When you deregister an Amazon EBS-backed AMI, it doesn't affect the snapshot that was created for the root volume of the instance during the AMI creation process. When you deregister an instance store-backed AMI, it doesn't affect the files that you uploaded to Amazon S3 when you created the AMI.</p>"
     },
     "DeregisterInstanceEventNotificationAttributes":{
       "name":"DeregisterInstanceEventNotificationAttributes",
@@ -1712,7 +1852,7 @@
       },
       "input":{"shape":"DescribeAccountAttributesRequest"},
       "output":{"shape":"DescribeAccountAttributesResult"},
-      "documentation":"<p>Describes attributes of your AWS account. The following are the supported account attributes:</p> <ul> <li> <p> <code>supported-platforms</code>: Indicates whether your account can launch instances into EC2-Classic and EC2-VPC, or only into EC2-VPC.</p> </li> <li> <p> <code>default-vpc</code>: The ID of the default VPC for your account, or <code>none</code>.</p> </li> <li> <p> <code>max-instances</code>: This attribute is no longer supported. The returned value does not reflect your actual vCPU limit for running On-Demand Instances. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits\">On-Demand Instance Limits</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p> </li> <li> <p> <code>vpc-max-security-groups-per-interface</code>: The maximum number of security groups that you can assign to a network interface.</p> </li> <li> <p> <code>max-elastic-ips</code>: The maximum number of Elastic IP addresses that you can allocate for use with EC2-Classic. </p> </li> <li> <p> <code>vpc-max-elastic-ips</code>: The maximum number of Elastic IP addresses that you can allocate for use with EC2-VPC.</p> </li> </ul>"
+      "documentation":"<p>Describes attributes of your Amazon Web Services account. The following are the supported account attributes:</p> <ul> <li> <p> <code>supported-platforms</code>: Indicates whether your account can launch instances into EC2-Classic and EC2-VPC, or only into EC2-VPC.</p> </li> <li> <p> <code>default-vpc</code>: The ID of the default VPC for your account, or <code>none</code>.</p> </li> <li> <p> <code>max-instances</code>: This attribute is no longer supported. The returned value does not reflect your actual vCPU limit for running On-Demand Instances. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-on-demand-instances.html#ec2-on-demand-instances-limits\">On-Demand Instance Limits</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p> </li> <li> <p> <code>vpc-max-security-groups-per-interface</code>: The maximum number of security groups that you can assign to a network interface.</p> </li> <li> <p> <code>max-elastic-ips</code>: The maximum number of Elastic IP addresses that you can allocate for use with EC2-Classic. </p> </li> <li> <p> <code>vpc-max-elastic-ips</code>: The maximum number of Elastic IP addresses that you can allocate for use with EC2-VPC.</p> </li> </ul>"
     },
     "DescribeAddresses":{
       "name":"DescribeAddresses",
@@ -1944,6 +2084,16 @@
       "output":{"shape":"DescribeExportTasksResult"},
       "documentation":"<p>Describes the specified export instance tasks or all of your export instance tasks.</p>"
     },
+    "DescribeFastLaunchImages":{
+      "name":"DescribeFastLaunchImages",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeFastLaunchImagesRequest"},
+      "output":{"shape":"DescribeFastLaunchImagesResult"},
+      "documentation":"<p>Describe details for Windows AMIs that are configured for faster launching.</p>"
+    },
     "DescribeFastSnapshotRestores":{
       "name":"DescribeFastSnapshotRestores",
       "http":{
@@ -2162,7 +2312,7 @@
       },
       "input":{"shape":"DescribeInstanceStatusRequest"},
       "output":{"shape":"DescribeInstanceStatusResult"},
-      "documentation":"<p>Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.</p> <p>Instance status includes the following components:</p> <ul> <li> <p> <b>Status checks</b> - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html\">Status checks for your instances</a> and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html\">Troubleshooting instances with failed status checks</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> <li> <p> <b>Scheduled events</b> - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html\">Scheduled events for your instances</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> <li> <p> <b>Instance state</b> - You can manage your instances from the moment you launch them through their termination. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html\">Instance lifecycle</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> </ul>"
+      "documentation":"<p>Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.</p> <p>Instance status includes the following components:</p> <ul> <li> <p> <b>Status checks</b> - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html\">Status checks for your instances</a> and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstances.html\">Troubleshoot instances with failed status checks</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> <li> <p> <b>Scheduled events</b> - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html\">Scheduled events for your instances</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> <li> <p> <b>Instance state</b> - You can manage your instances from the moment you launch them through their termination. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html\">Instance lifecycle</a> in the <i>Amazon EC2 User Guide</i>.</p> </li> </ul>"
     },
     "DescribeInstanceTypeOfferings":{
       "name":"DescribeInstanceTypeOfferings",
@@ -2204,6 +2354,36 @@
       "output":{"shape":"DescribeInternetGatewaysResult"},
       "documentation":"<p>Describes one or more of your internet gateways.</p>"
     },
+    "DescribeIpamPools":{
+      "name":"DescribeIpamPools",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeIpamPoolsRequest"},
+      "output":{"shape":"DescribeIpamPoolsResult"},
+      "documentation":"<p>Get information about your IPAM pools.</p>"
+    },
+    "DescribeIpamScopes":{
+      "name":"DescribeIpamScopes",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeIpamScopesRequest"},
+      "output":{"shape":"DescribeIpamScopesResult"},
+      "documentation":"<p>Get information about your IPAM scopes.</p>"
+    },
+    "DescribeIpams":{
+      "name":"DescribeIpams",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeIpamsRequest"},
+      "output":{"shape":"DescribeIpamsResult"},
+      "documentation":"<p>Get information about your IPAM pools.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "DescribeIpv6Pools":{
       "name":"DescribeIpv6Pools",
       "http":{
@@ -2344,6 +2524,26 @@
       "output":{"shape":"DescribeNetworkAclsResult"},
       "documentation":"<p>Describes one or more of your network ACLs.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html\">Network ACLs</a> in the <i>Amazon Virtual Private Cloud User Guide</i>.</p>"
     },
+    "DescribeNetworkInsightsAccessScopeAnalyses":{
+      "name":"DescribeNetworkInsightsAccessScopeAnalyses",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeNetworkInsightsAccessScopeAnalysesRequest"},
+      "output":{"shape":"DescribeNetworkInsightsAccessScopeAnalysesResult"},
+      "documentation":"<p>Describes the specified Network Access Scope analyses.</p>"
+    },
+    "DescribeNetworkInsightsAccessScopes":{
+      "name":"DescribeNetworkInsightsAccessScopes",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeNetworkInsightsAccessScopesRequest"},
+      "output":{"shape":"DescribeNetworkInsightsAccessScopesResult"},
+      "documentation":"<p>Describes the specified Network Access Scopes.</p>"
+    },
     "DescribeNetworkInsightsAnalyses":{
       "name":"DescribeNetworkInsightsAnalyses",
       "http":{
@@ -2564,6 +2764,16 @@
       "output":{"shape":"DescribeSnapshotAttributeResult"},
       "documentation":"<p>Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.</p> <p>For more information about EBS snapshots, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html\">Amazon EBS snapshots</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
+    "DescribeSnapshotTierStatus":{
+      "name":"DescribeSnapshotTierStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeSnapshotTierStatusRequest"},
+      "output":{"shape":"DescribeSnapshotTierStatusResult"},
+      "documentation":"<p>Describes the storage tier status of one or more Amazon EBS snapshots.</p>"
+    },
     "DescribeSnapshots":{
       "name":"DescribeSnapshots",
       "http":{
@@ -2642,7 +2852,7 @@
       },
       "input":{"shape":"DescribeStaleSecurityGroupsRequest"},
       "output":{"shape":"DescribeStaleSecurityGroupsResult"},
-      "documentation":"<p>[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in a peer VPC, or a security group in a peer VPC for which the VPC peering connection has been deleted.</p>"
+      "documentation":"<p>[VPC only] Describes the stale security group rules for security groups in a specified VPC. Rules are stale when they reference a deleted security group in the same VPC or in a peer VPC, or if they reference a security group in a peer VPC for which the VPC peering connection has been deleted.</p>"
     },
     "DescribeStoreImageTasks":{
       "name":"DescribeStoreImageTasks",
@@ -3021,6 +3231,16 @@
       "output":{"shape":"DisableEbsEncryptionByDefaultResult"},
       "documentation":"<p>Disables EBS encryption by default for your account in the current Region.</p> <p>After you disable encryption by default, you can still create encrypted volumes by enabling encryption when you create each volume.</p> <p>Disabling encryption by default does not change the encryption status of your existing volumes.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html\">Amazon EBS encryption</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
+    "DisableFastLaunch":{
+      "name":"DisableFastLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisableFastLaunchRequest"},
+      "output":{"shape":"DisableFastLaunchResult"},
+      "documentation":"<p>Discontinue faster launching for a Windows AMI, and clean up existing pre-provisioned snapshots. When you disable faster launching, the AMI uses the standard launch process for each instance. All pre-provisioned snapshots must be removed before you can enable faster launching again.</p> <note> <p>To change these settings, you must own the AMI.</p> </note>"
+    },
     "DisableFastSnapshotRestores":{
       "name":"DisableFastSnapshotRestores",
       "http":{
@@ -3041,6 +3261,16 @@
       "output":{"shape":"DisableImageDeprecationResult"},
       "documentation":"<p>Cancels the deprecation of the specified AMI.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html\">Deprecate an AMI</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
+    "DisableIpamOrganizationAdminAccount":{
+      "name":"DisableIpamOrganizationAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisableIpamOrganizationAdminAccountRequest"},
+      "output":{"shape":"DisableIpamOrganizationAdminAccountResult"},
+      "documentation":"<p>Disable the IPAM account. For more information, see <a href=\"/vpc/latest/ipam/enable-integ-ipam.html\">Enable integration with Organizations</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "DisableSerialConsoleAccess":{
       "name":"DisableSerialConsoleAccess",
       "http":{
@@ -3208,6 +3438,16 @@
       "output":{"shape":"EnableEbsEncryptionByDefaultResult"},
       "documentation":"<p>Enables EBS encryption by default for your account in the current Region.</p> <p>After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html\">Amazon EBS encryption</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p> <p>You can specify the default KMS key for encryption by default using <a>ModifyEbsDefaultKmsKeyId</a> or <a>ResetEbsDefaultKmsKeyId</a>.</p> <p>Enabling encryption by default has no effect on the encryption status of your existing volumes.</p> <p>After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances\">Supported instance types</a>.</p>"
     },
+    "EnableFastLaunch":{
+      "name":"EnableFastLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"EnableFastLaunchRequest"},
+      "output":{"shape":"EnableFastLaunchResult"},
+      "documentation":"<p>When you enable faster launching for a Windows AMI, images are pre-provisioned, using snapshots to launch instances up to 65% faster. To create the optimized Windows image, Amazon EC2 launches an instance and runs through Sysprep steps, rebooting as required. Then it creates a set of reserved snapshots that are used for subsequent launches. The reserved snapshots are automatically replenished as they are used, depending on your settings for launch frequency.</p> <note> <p>To change these settings, you must own the AMI.</p> </note>"
+    },
     "EnableFastSnapshotRestores":{
       "name":"EnableFastSnapshotRestores",
       "http":{
@@ -3228,6 +3468,16 @@
       "output":{"shape":"EnableImageDeprecationResult"},
       "documentation":"<p>Enables deprecation of the specified AMI at the specified date and time.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-deprecate.html\">Deprecate an AMI</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
+    "EnableIpamOrganizationAdminAccount":{
+      "name":"EnableIpamOrganizationAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"EnableIpamOrganizationAdminAccountRequest"},
+      "output":{"shape":"EnableIpamOrganizationAdminAccountResult"},
+      "documentation":"<p>Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see <a href=\"/vpc/latest/ipam/enable-integ-ipam.html\">Enable integration with Organizations</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "EnableSerialConsoleAccess":{
       "name":"EnableSerialConsoleAccess",
       "http":{
@@ -3456,6 +3706,46 @@
       "output":{"shape":"GetInstanceTypesFromInstanceRequirementsResult"},
       "documentation":"<p>Returns a list of instance types with the specified instance attributes. You can use the response to preview the instance types without launching instances. Note that the response does not consider capacity.</p> <p>When you specify multiple parameters, you get instance types that satisfy all of the specified parameters. If you specify multiple values for a parameter, you get instance types that satisfy any of the specified values.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html#spotfleet-get-instance-types-from-instance-requirements\">Preview instance types with specified attributes</a>, <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-attribute-based-instance-type-selection.html\">Attribute-based instance type selection for EC2 Fleet</a>, <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-attribute-based-instance-type-selection.html\">Attribute-based instance type selection for Spot Fleet</a>, and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-placement-score.html\">Spot placement score</a> in the <i>Amazon EC2 User Guide</i>, and <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-instance-type-requirements.html\">Creating an Auto Scaling group using attribute-based instance type selection</a> in the <i>Amazon EC2 Auto Scaling User Guide</i>.</p>"
     },
+    "GetIpamAddressHistory":{
+      "name":"GetIpamAddressHistory",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetIpamAddressHistoryRequest"},
+      "output":{"shape":"GetIpamAddressHistoryResult"},
+      "documentation":"<p>Retrieve historical information about a CIDR within an IPAM scope. For more information, see <a href=\"/vpc/latest/ipam/view-history-cidr-ipam.html\">View the history of IP addresses</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
+    "GetIpamPoolAllocations":{
+      "name":"GetIpamPoolAllocations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetIpamPoolAllocationsRequest"},
+      "output":{"shape":"GetIpamPoolAllocationsResult"},
+      "documentation":"<p>Get a list of all the CIDR allocations in an IPAM pool.</p>"
+    },
+    "GetIpamPoolCidrs":{
+      "name":"GetIpamPoolCidrs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetIpamPoolCidrsRequest"},
+      "output":{"shape":"GetIpamPoolCidrsResult"},
+      "documentation":"<p>Get the CIDRs provisioned to an IPAM pool.</p>"
+    },
+    "GetIpamResourceCidrs":{
+      "name":"GetIpamResourceCidrs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetIpamResourceCidrsRequest"},
+      "output":{"shape":"GetIpamResourceCidrsResult"},
+      "documentation":"<p>Get information about the resources in a scope.</p>"
+    },
     "GetLaunchTemplateData":{
       "name":"GetLaunchTemplateData",
       "http":{
@@ -3486,6 +3776,26 @@
       "output":{"shape":"GetManagedPrefixListEntriesResult"},
       "documentation":"<p>Gets information about the entries for a specified managed prefix list.</p>"
     },
+    "GetNetworkInsightsAccessScopeAnalysisFindings":{
+      "name":"GetNetworkInsightsAccessScopeAnalysisFindings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetNetworkInsightsAccessScopeAnalysisFindingsRequest"},
+      "output":{"shape":"GetNetworkInsightsAccessScopeAnalysisFindingsResult"},
+      "documentation":"<p>Gets the findings for the specified Network Access Scope analysis.</p>"
+    },
+    "GetNetworkInsightsAccessScopeContent":{
+      "name":"GetNetworkInsightsAccessScopeContent",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetNetworkInsightsAccessScopeContentRequest"},
+      "output":{"shape":"GetNetworkInsightsAccessScopeContentResult"},
+      "documentation":"<p>Gets the content for the specified Network Access Scope.</p>"
+    },
     "GetPasswordData":{
       "name":"GetPasswordData",
       "http":{
@@ -3666,6 +3976,26 @@
       "output":{"shape":"ImportVolumeResult"},
       "documentation":"<p>Creates an import volume task using metadata from the specified disk image.</p> <p>This API action supports only single-volume VMs. To import multi-volume VMs, use <a>ImportImage</a> instead. To import a disk to a snapshot, use <a>ImportSnapshot</a> instead.</p> <p>This API action is not supported by the Command Line Interface (CLI). For information about using the Amazon EC2 CLI, which is deprecated, see <a href=\"https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs\">Importing Disks to Amazon EBS</a> in the <i>Amazon EC2 CLI Reference</i> PDF file.</p> <p>For information about the import manifest referenced by this API action, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html\">VM Import Manifest</a>.</p>"
     },
+    "ListImagesInRecycleBin":{
+      "name":"ListImagesInRecycleBin",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListImagesInRecycleBinRequest"},
+      "output":{"shape":"ListImagesInRecycleBinResult"},
+      "documentation":"<p>Lists one or more AMIs that are currently in the Recycle Bin. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html\">Recycle Bin</a> in the Amazon Elastic Compute Cloud User Guide.</p>"
+    },
+    "ListSnapshotsInRecycleBin":{
+      "name":"ListSnapshotsInRecycleBin",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListSnapshotsInRecycleBinRequest"},
+      "output":{"shape":"ListSnapshotsInRecycleBinResult"},
+      "documentation":"<p>Lists one or more snapshots that are currently in the Recycle Bin.</p>"
+    },
     "ModifyAddressAttribute":{
       "name":"ModifyAddressAttribute",
       "http":{
@@ -3800,7 +4130,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"ModifyInstanceAttributeRequest"},
-      "documentation":"<p>Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.</p> <p> <b>Note: </b>Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the <a>ModifyNetworkInterfaceAttribute</a> action.</p> <p>To modify some attributes, the instance must be stopped. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html\">Modifying attributes of a stopped instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.</p> <p> <b>Note: </b>Using this action to change the security groups associated with an elastic network interface (ENI) attached to an instance in a VPC can result in an error if the instance has more than one ENI. To change the security groups associated with an ENI attached to an instance that has multiple ENIs, we recommend that you use the <a>ModifyNetworkInterfaceAttribute</a> action.</p> <p>To modify some attributes, the instance must be stopped. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingAttributesWhileInstanceStopped.html\">Modify a stopped instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
     "ModifyInstanceCapacityReservationAttributes":{
       "name":"ModifyInstanceCapacityReservationAttributes",
@@ -3862,6 +4192,46 @@
       "output":{"shape":"ModifyInstancePlacementResult"},
       "documentation":"<p>Modifies the placement attributes for a specified instance. You can do the following:</p> <ul> <li> <p>Modify the affinity between an instance and a <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html\">Dedicated Host</a>. When affinity is set to <code>host</code> and the instance is not associated with a specific Dedicated Host, the next time the instance is launched, it is automatically associated with the host on which it lands. If the instance is restarted or rebooted, this relationship persists.</p> </li> <li> <p>Change the Dedicated Host with which an instance is associated.</p> </li> <li> <p>Change the instance tenancy of an instance.</p> </li> <li> <p>Move an instance to or from a <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html\">placement group</a>.</p> </li> </ul> <p>At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.</p> <p>To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the <code>stopped</code> state.</p>"
     },
+    "ModifyIpam":{
+      "name":"ModifyIpam",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyIpamRequest"},
+      "output":{"shape":"ModifyIpamResult"},
+      "documentation":"<p>Modify the configurations of an IPAM. </p>"
+    },
+    "ModifyIpamPool":{
+      "name":"ModifyIpamPool",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyIpamPoolRequest"},
+      "output":{"shape":"ModifyIpamPoolResult"},
+      "documentation":"<p>Modify the configurations of an IPAM pool.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/mod-pool-ipam.html\">Modify a pool</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "ModifyIpamResourceCidr":{
+      "name":"ModifyIpamResourceCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyIpamResourceCidrRequest"},
+      "output":{"shape":"ModifyIpamResourceCidrResult"},
+      "documentation":"<p>Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/move-resource-ipam.html\">Move resource CIDRs between scopes</a> and <a href=\"/vpc/latest/ipam/change-monitoring-state-ipam.html\">Change the monitoring state of resource CIDRs</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
+    "ModifyIpamScope":{
+      "name":"ModifyIpamScope",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyIpamScopeRequest"},
+      "output":{"shape":"ModifyIpamScopeResult"},
+      "documentation":"<p>Modify an IPAM scope.</p>"
+    },
     "ModifyLaunchTemplate":{
       "name":"ModifyLaunchTemplate",
       "http":{
@@ -3891,6 +4261,16 @@
       "input":{"shape":"ModifyNetworkInterfaceAttributeRequest"},
       "documentation":"<p>Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.</p>"
     },
+    "ModifyPrivateDnsNameOptions":{
+      "name":"ModifyPrivateDnsNameOptions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyPrivateDnsNameOptionsRequest"},
+      "output":{"shape":"ModifyPrivateDnsNameOptionsResult"},
+      "documentation":"<p>Modifies the options for instance hostnames for the specified instance.</p>"
+    },
     "ModifyReservedInstances":{
       "name":"ModifyReservedInstances",
       "http":{
@@ -3920,6 +4300,16 @@
       "input":{"shape":"ModifySnapshotAttributeRequest"},
       "documentation":"<p>Adds or removes permission settings for the specified snapshot. You may add or remove specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.</p> <p>Encrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.</p> <p>For more information about modifying snapshot permissions, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-modifying-snapshot-permissions.html\">Share a snapshot</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
     },
+    "ModifySnapshotTier":{
+      "name":"ModifySnapshotTier",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifySnapshotTierRequest"},
+      "output":{"shape":"ModifySnapshotTierResult"},
+      "documentation":"<p>Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full snapshot that includes all of the blocks of data that were written to the volume at the time the snapshot was created, and moved from the standard tier to the archive tier. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-archive.html\">Archive Amazon EBS snapshots</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    },
     "ModifySpotFleetRequest":{
       "name":"ModifySpotFleetRequest",
       "http":{
@@ -3937,7 +4327,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"ModifySubnetAttributeRequest"},
-      "documentation":"<p>Modifies a subnet attribute. You can only modify one attribute at a time.</p>"
+      "documentation":"<p>Modifies a subnet attribute. You can only modify one attribute at a time.</p> <p>Use this action to modify subnets on Amazon Web Services Outposts.</p> <ul> <li> <p>To modify a subnet on an Outpost rack, set both <code>MapCustomerOwnedIpOnLaunch</code> and <code>CustomerOwnedIpv4Pool</code>. These two parameters act as a single attribute.</p> </li> <li> <p>To modify a subnet on an Outpost server, set either <code>EnableLniAtDeviceIndex</code> or <code>DisableLniAtDeviceIndex</code>.</p> </li> </ul> <p>For more information about Amazon Web Services Outposts, see the following:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/how-servers-work.html\">Outpost servers</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/how-racks-work.html\">Outpost racks</a> </p> </li> </ul>"
     },
     "ModifyTrafficMirrorFilterNetworkServices":{
       "name":"ModifyTrafficMirrorFilterNetworkServices",
@@ -4057,6 +4447,16 @@
       "output":{"shape":"ModifyVpcEndpointServiceConfigurationResult"},
       "documentation":"<p>Modifies the attributes of your VPC endpoint service configuration. You can change the Network Load Balancers or Gateway Load Balancers for your service, and you can specify whether acceptance is required for requests to connect to your endpoint service through an interface VPC endpoint.</p> <p>If you set or modify the private DNS name, you must prove that you own the private DNS domain name. For more information, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-dns-validation.html\">VPC Endpoint Service Private DNS Name Verification</a> in the <i>Amazon Virtual Private Cloud User Guide</i>.</p>"
     },
+    "ModifyVpcEndpointServicePayerResponsibility":{
+      "name":"ModifyVpcEndpointServicePayerResponsibility",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyVpcEndpointServicePayerResponsibilityRequest"},
+      "output":{"shape":"ModifyVpcEndpointServicePayerResponsibilityResult"},
+      "documentation":"<p>Modifies the payer responsibility for your VPC endpoint service.</p>"
+    },
     "ModifyVpcEndpointServicePermissions":{
       "name":"ModifyVpcEndpointServicePermissions",
       "http":{
@@ -4135,7 +4535,7 @@
       },
       "input":{"shape":"MonitorInstancesRequest"},
       "output":{"shape":"MonitorInstancesResult"},
-      "documentation":"<p>Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html\">Monitoring your instances and volumes</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>To disable detailed monitoring, see .</p>"
+      "documentation":"<p>Enables detailed monitoring for a running instance. Otherwise, basic monitoring is enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html\">Monitor your instances using CloudWatch</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>To disable detailed monitoring, see .</p>"
     },
     "MoveAddressToVpc":{
       "name":"MoveAddressToVpc",
@@ -4147,6 +4547,16 @@
       "output":{"shape":"MoveAddressToVpcResult"},
       "documentation":"<p>Moves an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform. The Elastic IP address must be allocated to your account for more than 24 hours, and it must not be associated with an instance. After the Elastic IP address is moved, it is no longer available for use in the EC2-Classic platform, unless you move it back using the <a>RestoreAddressToClassic</a> request. You cannot move an Elastic IP address that was originally allocated for use in the EC2-VPC platform to the EC2-Classic platform. </p>"
     },
+    "MoveByoipCidrToIpam":{
+      "name":"MoveByoipCidrToIpam",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"MoveByoipCidrToIpamRequest"},
+      "output":{"shape":"MoveByoipCidrToIpamResult"},
+      "documentation":"<p>Move an BYOIP IPv4 CIDR to IPAM from a public IPv4 pool.</p>"
+    },
     "ProvisionByoipCidr":{
       "name":"ProvisionByoipCidr",
       "http":{
@@ -4157,6 +4567,26 @@
       "output":{"shape":"ProvisionByoipCidrResult"},
       "documentation":"<p>Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using <a>AdvertiseByoipCidr</a>.</p> <p>Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html\">Bring your own IP addresses (BYOIP)</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p> <p>Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from <code>pending-provision</code> to <code>provisioned</code>. To monitor the status of an address range, use <a>DescribeByoipCidrs</a>. To allocate an Elastic IP address from your IPv4 address pool, use <a>AllocateAddress</a> with either the specific address from the address pool or the ID of the address pool.</p>"
     },
+    "ProvisionIpamPoolCidr":{
+      "name":"ProvisionIpamPoolCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ProvisionIpamPoolCidrRequest"},
+      "output":{"shape":"ProvisionIpamPoolCidrResult"},
+      "documentation":"<p>Provision a CIDR to an IPAM pool. You can use thsi action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/prov-cidr-ipam.html\">Provision CIDRs to pools</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "ProvisionPublicIpv4PoolCidr":{
+      "name":"ProvisionPublicIpv4PoolCidr",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ProvisionPublicIpv4PoolCidrRequest"},
+      "output":{"shape":"ProvisionPublicIpv4PoolCidrResult"},
+      "documentation":"<p>Provision a CIDR to a public IPv4 pool.</p> <p>For more information about IPAM, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "PurchaseHostReservation":{
       "name":"PurchaseHostReservation",
       "http":{
@@ -4194,7 +4624,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"RebootInstancesRequest"},
-      "documentation":"<p>Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.</p> <p>If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.</p> <p>For more information about troubleshooting, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html\">Getting console output and rebooting instances</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.</p> <p>If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.</p> <p>For more information about troubleshooting, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-console.html\">Troubleshoot an unreachable instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
     "RegisterImage":{
       "name":"RegisterImage",
@@ -4305,6 +4735,16 @@
       "output":{"shape":"ReleaseHostsResult"},
       "documentation":"<p>When you no longer want to use an On-Demand Dedicated Host it can be released. On-Demand billing is stopped and the host goes into <code>released</code> state. The host ID of Dedicated Hosts that have been released can no longer be specified in another request, for example, to modify the host. You must stop or terminate all instances on a host before it can be released.</p> <p>When Dedicated Hosts are released, it may take some time for them to stop counting toward your limit and you may receive capacity errors when trying to allocate new Dedicated Hosts. Wait a few minutes and then try again.</p> <p>Released hosts still appear in a <a>DescribeHosts</a> response.</p>"
     },
+    "ReleaseIpamPoolAllocation":{
+      "name":"ReleaseIpamPoolAllocation",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ReleaseIpamPoolAllocationRequest"},
+      "output":{"shape":"ReleaseIpamPoolAllocationResult"},
+      "documentation":"<p>Release an allocation within an IPAM pool. You can only use this action to release manual allocations. To remove an allocation for a resource without deleting the resource, set its monitored state to false using <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyIpamResourceCidr.html\">ModifyIpamResourceCidr</a>. For more information, see <a href=\"/vpc/latest/ipam/release-pool-alloc-ipam.html\">Release an allocation</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
     "ReplaceIamInstanceProfileAssociation":{
       "name":"ReplaceIamInstanceProfileAssociation",
       "http":{
@@ -4468,6 +4908,16 @@
       "output":{"shape":"RestoreAddressToClassicResult"},
       "documentation":"<p>Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface.</p>"
     },
+    "RestoreImageFromRecycleBin":{
+      "name":"RestoreImageFromRecycleBin",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RestoreImageFromRecycleBinRequest"},
+      "output":{"shape":"RestoreImageFromRecycleBinResult"},
+      "documentation":"<p>Restores an AMI from the Recycle Bin. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin.html\">Recycle Bin</a> in the Amazon Elastic Compute Cloud User Guide.</p>"
+    },
     "RestoreManagedPrefixListVersion":{
       "name":"RestoreManagedPrefixListVersion",
       "http":{
@@ -4478,6 +4928,26 @@
       "output":{"shape":"RestoreManagedPrefixListVersionResult"},
       "documentation":"<p>Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.</p>"
     },
+    "RestoreSnapshotFromRecycleBin":{
+      "name":"RestoreSnapshotFromRecycleBin",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RestoreSnapshotFromRecycleBinRequest"},
+      "output":{"shape":"RestoreSnapshotFromRecycleBinResult"},
+      "documentation":"<p>Restores a snapshot from the Recycle Bin. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-snaps.html#recycle-bin-restore-snaps\">Restore snapshots from the Recycle Bin</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    },
+    "RestoreSnapshotTier":{
+      "name":"RestoreSnapshotTier",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RestoreSnapshotTierRequest"},
+      "output":{"shape":"RestoreSnapshotTierResult"},
+      "documentation":"<p>Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.</p> <p>For more information see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#restore-archived-snapshot\"> Restore an archived snapshot</a> and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-snapshot-archiving.html#modify-temp-restore-period\"> modify the restore period or restore type for a temporarily restored snapshot</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    },
     "RevokeClientVpnIngress":{
       "name":"RevokeClientVpnIngress",
       "http":{
@@ -4565,7 +5035,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"SendDiagnosticInterruptRequest"},
-      "documentation":"<p>Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a <i>kernel panic</i> (on Linux instances), or a <i>blue screen</i>/<i>stop error</i> (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a <i>non-maskable interrupt</i> (NMI).</p> <p>In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.</p> <p>Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.</p> <p>For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html\">Send a diagnostic interrupt</a> (Linux instances) or <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html\">Send a Diagnostic Interrupt</a> (Windows instances).</p>"
+      "documentation":"<p>Sends a diagnostic interrupt to the specified Amazon EC2 instance to trigger a <i>kernel panic</i> (on Linux instances), or a <i>blue screen</i>/<i>stop error</i> (on Windows instances). For instances based on Intel and AMD processors, the interrupt is received as a <i>non-maskable interrupt</i> (NMI).</p> <p>In general, the operating system crashes and reboots when a kernel panic or stop error is triggered. The operating system can also be configured to perform diagnostic tasks, such as generating a memory dump file, loading a secondary kernel, or obtaining a call trace.</p> <p>Before sending a diagnostic interrupt to your instance, ensure that its operating system is configured to perform the required diagnostic tasks.</p> <p>For more information about configuring your operating system to generate a crash dump when a kernel panic or stop error occurs, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/diagnostic-interrupt.html\">Send a diagnostic interrupt (for advanced users)</a> (Linux instances) or <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/diagnostic-interrupt.html\">Send a diagnostic interrupt (for advanced users)</a> (Windows instances).</p>"
     },
     "StartInstances":{
       "name":"StartInstances",
@@ -4575,7 +5045,17 @@
       },
       "input":{"shape":"StartInstancesRequest"},
       "output":{"shape":"StartInstancesResult"},
-      "documentation":"<p>Starts an Amazon EBS-backed instance that you've previously stopped.</p> <p>Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.</p> <p>Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.</p> <p>Performing this operation on an instance that uses an instance store as its root device returns an error.</p> <p>If you attempt to start a T3 instance with <code>host</code> tenancy and the <code>unlimted</code> CPU credit option, the request fails. The <code>unlimited</code> CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to <code>standard</code>, or change its tenancy to <code>default</code> or <code>dedicated</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html\">Stopping instances</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>Starts an Amazon EBS-backed instance that you've previously stopped.</p> <p>Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When an instance is stopped, the compute resources are released and you are not billed for instance usage. However, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. You can restart your instance at any time. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.</p> <p>Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM.</p> <p>Performing this operation on an instance that uses an instance store as its root device returns an error.</p> <p>If you attempt to start a T3 instance with <code>host</code> tenancy and the <code>unlimted</code> CPU credit option, the request fails. The <code>unlimited</code> CPU credit option is not supported on Dedicated Hosts. Before you start the instance, either change its CPU credit option to <code>standard</code>, or change its tenancy to <code>default</code> or <code>dedicated</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html\">Stop and start your instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+    },
+    "StartNetworkInsightsAccessScopeAnalysis":{
+      "name":"StartNetworkInsightsAccessScopeAnalysis",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"StartNetworkInsightsAccessScopeAnalysisRequest"},
+      "output":{"shape":"StartNetworkInsightsAccessScopeAnalysisResult"},
+      "documentation":"<p>Starts analyzing the specified Network Access Scope.</p>"
     },
     "StartNetworkInsightsAnalysis":{
       "name":"StartNetworkInsightsAnalysis",
@@ -4605,7 +5085,7 @@
       },
       "input":{"shape":"StopInstancesRequest"},
       "output":{"shape":"StopInstancesResult"},
-      "documentation":"<p>Stops an Amazon EBS-backed instance.</p> <p>You can use the Stop action to hibernate an instance if the instance is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation\">enabled for hibernation</a> and it meets the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites\">hibernation prerequisites</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.</p> <p>You can't stop or hibernate instance store-backed instances. You can't use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances\">Hibernating interrupted Spot Instances</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.</p> <p>Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html\">Instance lifecycle</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html\">Troubleshooting stopping your instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>Stops an Amazon EBS-backed instance.</p> <p>You can use the Stop action to hibernate an instance if the instance is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#enabling-hibernation\">enabled for hibernation</a> and it meets the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites\">hibernation prerequisites</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html\">Hibernate your instance</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>We don't charge usage for a stopped instance, or data transfer fees; however, your root partition Amazon EBS volume remains and continues to persist your data, and you are charged for Amazon EBS volume usage. Every time you start your instance, Amazon EC2 charges a one-minute minimum for instance usage, and thereafter charges per second for instance usage.</p> <p>You can't stop or hibernate instance store-backed instances. You can't use the Stop action to hibernate Spot Instances, but you can specify that Amazon EC2 should hibernate Spot Instances when they are interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#hibernate-spot-instances\">Hibernating interrupted Spot Instances</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>When you stop or hibernate an instance, we shut it down. You can restart your instance at any time. Before stopping or hibernating an instance, make sure it is in a state from which it can be restarted. Stopping an instance does not preserve data stored in RAM, but hibernating an instance does preserve data stored in RAM. If an instance cannot hibernate successfully, a normal shutdown occurs.</p> <p>Stopping and hibernating an instance is different to rebooting or terminating it. For example, when you stop or hibernate an instance, the root device and any other devices attached to the instance persist. When you terminate an instance, the root device and any other devices attached during the instance launch are automatically deleted. For more information about the differences between rebooting, stopping, hibernating, and terminating instances, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html\">Instance lifecycle</a> in the <i>Amazon EC2 User Guide</i>.</p> <p>When you stop an instance, we attempt to shut it down forcibly after a short while. If your instance appears stuck in the stopping state after a period of time, there may be an issue with the underlying host computer. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesStopping.html\">Troubleshoot stopping your instance</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
     "TerminateClientVpnConnections":{
       "name":"TerminateClientVpnConnections",
@@ -4965,6 +5445,93 @@
         }
       }
     },
+    "AccessScopeAnalysisFinding":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisId"
+        },
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeId"
+        },
+        "FindingId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the finding.</p>",
+          "locationName":"findingId"
+        },
+        "FindingComponents":{
+          "shape":"PathComponentList",
+          "documentation":"<p>The finding components.</p>",
+          "locationName":"findingComponentSet"
+        }
+      },
+      "documentation":"<p>Describes a finding for a Network Access Scope.</p>"
+    },
+    "AccessScopeAnalysisFindingList":{
+      "type":"list",
+      "member":{
+        "shape":"AccessScopeAnalysisFinding",
+        "locationName":"item"
+      }
+    },
+    "AccessScopePath":{
+      "type":"structure",
+      "members":{
+        "Source":{
+          "shape":"PathStatement",
+          "documentation":"<p>The source.</p>",
+          "locationName":"source"
+        },
+        "Destination":{
+          "shape":"PathStatement",
+          "documentation":"<p>The destination.</p>",
+          "locationName":"destination"
+        },
+        "ThroughResources":{
+          "shape":"ThroughResourcesStatementList",
+          "documentation":"<p>The through resources.</p>",
+          "locationName":"throughResourceSet"
+        }
+      },
+      "documentation":"<p>Describes a path.</p>"
+    },
+    "AccessScopePathList":{
+      "type":"list",
+      "member":{
+        "shape":"AccessScopePath",
+        "locationName":"item"
+      }
+    },
+    "AccessScopePathListRequest":{
+      "type":"list",
+      "member":{
+        "shape":"AccessScopePathRequest",
+        "locationName":"item"
+      }
+    },
+    "AccessScopePathRequest":{
+      "type":"structure",
+      "members":{
+        "Source":{
+          "shape":"PathStatementRequest",
+          "documentation":"<p>The source.</p>"
+        },
+        "Destination":{
+          "shape":"PathStatementRequest",
+          "documentation":"<p>The destination.</p>"
+        },
+        "ThroughResources":{
+          "shape":"ThroughResourcesStatementRequestList",
+          "documentation":"<p>The through resources.</p>",
+          "locationName":"ThroughResource"
+        }
+      },
+      "documentation":"<p>Describes a path.</p>"
+    },
     "AccountAttribute":{
       "type":"structure",
       "members":{
@@ -5062,6 +5629,22 @@
         "fulfilled"
       ]
     },
+    "AddIpamOperatingRegion":{
+      "type":"structure",
+      "members":{
+        "RegionName":{
+          "shape":"String",
+          "documentation":"<p>The name of the operating Region.</p>"
+        }
+      },
+      "documentation":"<p>Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "AddIpamOperatingRegionSet":{
+      "type":"list",
+      "member":{"shape":"AddIpamOperatingRegion"},
+      "max":50,
+      "min":0
+    },
     "AddPrefixListEntries":{
       "type":"list",
       "member":{"shape":"AddPrefixListEntry"},
@@ -5189,6 +5772,13 @@
       "type":"string",
       "enum":["domain-name"]
     },
+    "AddressFamily":{
+      "type":"string",
+      "enum":[
+        "ipv4",
+        "ipv6"
+      ]
+    },
     "AddressList":{
       "type":"list",
       "member":{
@@ -5377,6 +5967,56 @@
       },
       "documentation":"<p>Contains the output of AllocateHosts.</p>"
     },
+    "AllocateIpamPoolCidrRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool from which you would like to allocate a CIDR.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR you would like to allocate from the IPAM pool. Note the following:</p> <ul> <li> <p>If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.</p> </li> <li> <p>If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.</p> </li> </ul> <p>Possible values: Any available IPv4 or IPv6 CIDR.</p>"
+        },
+        "NetmaskLength":{
+          "shape":"Integer",
+          "documentation":"<p>The netmask length of the CIDR you would like to allocate from the IPAM pool. Note the following:</p> <ul> <li> <p>If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.</p> </li> <li> <p>If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.</p> </li> </ul> <p>Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.</p>"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring Idempotency</a>.</p>",
+          "idempotencyToken":true
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>A description for the allocation.</p>"
+        },
+        "PreviewNextCidr":{
+          "shape":"Boolean",
+          "documentation":"<p>A preview of the next available CIDR in a pool.</p>"
+        },
+        "DisallowedCidrs":{
+          "shape":"IpamPoolAllocationDisallowedCidrs",
+          "documentation":"<p>Exclude a particular CIDR range from being returned by the pool.</p>",
+          "locationName":"DisallowedCidr"
+        }
+      }
+    },
+    "AllocateIpamPoolCidrResult":{
+      "type":"structure",
+      "members":{
+        "IpamPoolAllocation":{
+          "shape":"IpamPoolAllocation",
+          "documentation":"<p>Information about the allocation created.</p>",
+          "locationName":"ipamPoolAllocation"
+        }
+      }
+    },
     "AllocationId":{"type":"string"},
     "AllocationIdList":{
       "type":"list",
@@ -5513,6 +6153,11 @@
           "shape":"String",
           "documentation":"<p>The Amazon Resource Name (ARN) of the component.</p>",
           "locationName":"arn"
+        },
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>The name of the analysis component.</p>",
+          "locationName":"name"
         }
       },
       "documentation":"<p>Describes a path component.</p>"
@@ -6175,7 +6820,7 @@
       "members":{
         "Ipv6CidrBlockAssociation":{
           "shape":"SubnetIpv6CidrBlockAssociation",
-          "documentation":"<p>Information about the IPv6 CIDR block association.</p>",
+          "documentation":"<p>Information about the IPv6 association.</p>",
           "locationName":"ipv6CidrBlockAssociation"
         },
         "SubnetId":{
@@ -6325,6 +6970,22 @@
         "Ipv6CidrBlock":{
           "shape":"String",
           "documentation":"<p>An IPv6 CIDR block from the IPv6 address pool. You must also specify <code>Ipv6Pool</code> in the request.</p> <p>To let Amazon choose the IPv6 CIDR block for you, omit this parameter.</p>"
+        },
+        "Ipv4IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>Associate a CIDR allocated from an IPv4 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+        },
+        "Ipv4NetmaskLength":{
+          "shape":"NetmaskLength",
+          "documentation":"<p>The netmask length of the IPv4 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+        },
+        "Ipv6IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>Associates a CIDR allocated from an IPv6 IPAM pool to a VPC. For more information about Amazon VPC IP Address Manager (IPAM), see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+        },
+        "Ipv6NetmaskLength":{
+          "shape":"NetmaskLength",
+          "documentation":"<p>The netmask length of the IPv6 CIDR you would like to associate from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
         }
       }
     },
@@ -7206,6 +7867,7 @@
         "uefi"
       ]
     },
+    "BoxedDouble":{"type":"double"},
     "BundleId":{"type":"string"},
     "BundleIdStringList":{
       "type":"list",
@@ -7860,6 +8522,11 @@
           "shape":"String",
           "documentation":"<p>The ID of the Capacity Reservation Fleet to which the Capacity Reservation belongs. Only valid for Capacity Reservations that were created by a Capacity Reservation Fleet.</p>",
           "locationName":"capacityReservationFleetId"
+        },
+        "PlacementGroupArn":{
+          "shape":"PlacementGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the cluster placement group in which the Capacity Reservation was created. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html\"> Capacity Reservations for cluster placement groups</a> in the <i>Amazon EC2 User Guide</i>.</p>",
+          "locationName":"placementGroupArn"
         }
       },
       "documentation":"<p>Describes a Capacity Reservation.</p>"
@@ -8031,7 +8698,13 @@
         "Windows with SQL Server Web",
         "Linux with SQL Server Standard",
         "Linux with SQL Server Web",
-        "Linux with SQL Server Enterprise"
+        "Linux with SQL Server Enterprise",
+        "RHEL with SQL Server Standard",
+        "RHEL with SQL Server Enterprise",
+        "RHEL with SQL Server Web",
+        "RHEL with HA",
+        "RHEL with HA and SQL Server Standard",
+        "RHEL with HA and SQL Server Enterprise"
       ]
     },
     "CapacityReservationOptions":{
@@ -8427,6 +9100,36 @@
       },
       "documentation":"<p>Describes the client-specific data.</p>"
     },
+    "ClientLoginBannerOptions":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Enable or disable a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p> <p>Valid values: <code>true | false</code> </p> <p>Default value: <code>false</code> </p>"
+        },
+        "BannerText":{
+          "shape":"String",
+          "documentation":"<p>Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.</p>"
+        }
+      },
+      "documentation":"<p>Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>"
+    },
+    "ClientLoginBannerResponseOptions":{
+      "type":"structure",
+      "members":{
+        "Enabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Current state of text banner feature.</p> <p>Valid values: <code>true | false</code> </p>",
+          "locationName":"enabled"
+        },
+        "BannerText":{
+          "shape":"String",
+          "documentation":"<p>Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established. UTF-8 encoded characters only. Maximum of 1400 characters.</p>",
+          "locationName":"bannerText"
+        }
+      },
+      "documentation":"<p>Current state of options for customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>"
+    },
     "ClientVpnAssociationId":{"type":"string"},
     "ClientVpnAuthentication":{
       "type":"structure",
@@ -8737,6 +9440,16 @@
           "shape":"ClientConnectResponseOptions",
           "documentation":"<p>The options for managing connection authorization for new client connections.</p>",
           "locationName":"clientConnectOptions"
+        },
+        "SessionTimeoutHours":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum VPN session duration time in hours.</p> <p>Valid values: <code>8 | 10 | 12 | 24</code> </p> <p>Default value: <code>24</code> </p>",
+          "locationName":"sessionTimeoutHours"
+        },
+        "ClientLoginBannerOptions":{
+          "shape":"ClientLoginBannerResponseOptions",
+          "documentation":"<p>Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>",
+          "locationName":"clientLoginBannerOptions"
         }
       },
       "documentation":"<p>Describes a Client VPN endpoint.</p>"
@@ -9356,6 +10069,7 @@
         "locationName":"item"
       }
     },
+    "CoreNetworkArn":{"type":"string"},
     "CpuManufacturer":{
       "type":"string",
       "enum":[
@@ -9576,6 +10290,10 @@
         "OutpostArn":{
           "shape":"OutpostArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.</p>"
+        },
+        "PlacementGroupArn":{
+          "shape":"PlacementGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the cluster placement group in which to create the Capacity Reservation. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cr-cpg.html\"> Capacity Reservations for cluster placement groups</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         }
       }
     },
@@ -9699,6 +10417,14 @@
         "ClientConnectOptions":{
           "shape":"ClientConnectOptions",
           "documentation":"<p>The options for managing connection authorization for new client connections.</p>"
+        },
+        "SessionTimeoutHours":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum VPN session duration time in hours.</p> <p>Valid values: <code>8 | 10 | 12 | 24</code> </p> <p>Default value: <code>24</code> </p>"
+        },
+        "ClientLoginBannerOptions":{
+          "shape":"ClientLoginBannerOptions",
+          "documentation":"<p>Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>"
         }
       }
     },
@@ -9830,6 +10556,10 @@
         "DryRun":{
           "shape":"Boolean",
           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Ipv6Native":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to create an IPv6 only subnet. If you already have a default subnet for this Availability Zone, you must delete it before you can create an IPv6 only subnet.</p>"
         }
       }
     },
@@ -10043,7 +10773,7 @@
         },
         "Type":{
           "shape":"FleetType",
-          "documentation":"<p>The fleet type. The default value is <code>maintain</code>.</p> <ul> <li> <p> <code>maintain</code> - The EC2 Fleet places an asynchronous request for your desired capacity, and continues to maintain your desired Spot capacity by replenishing interrupted Spot Instances.</p> </li> <li> <p> <code>request</code> - The EC2 Fleet places an asynchronous one-time request for your desired capacity, but does submit Spot requests in alternative capacity pools if Spot capacity is unavailable, and does not maintain Spot capacity if Spot Instances are interrupted.</p> </li> <li> <p> <code>instant</code> - The EC2 Fleet places a synchronous one-time request for your desired capacity, and returns errors for any instances that could not be launched.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-request-type\">EC2 Fleet request types</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+          "documentation":"<p>The fleet type. The default value is <code>maintain</code>.</p> <ul> <li> <p> <code>maintain</code> - The EC2 Fleet places an asynchronous request for your desired capacity, and continues to maintain your desired Spot capacity by replenishing interrupted Spot Instances.</p> </li> <li> <p> <code>request</code> - The EC2 Fleet places an asynchronous one-time request for your desired capacity, but does submit Spot requests in alternative capacity pools if Spot capacity is unavailable, and does not maintain Spot capacity if Spot Instances are interrupted.</p> </li> <li> <p> <code>instant</code> - The EC2 Fleet places a synchronous one-time request for your desired capacity, and returns errors for any instances that could not be launched.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/https:/docs.aws.amazon.com/ec2-fleet-request-type.html\">EC2 Fleet request types</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         },
         "ValidFrom":{
           "shape":"DateTime",
@@ -10383,6 +11113,161 @@
         }
       }
     },
+    "CreateIpamPoolRequest":{
+      "type":"structure",
+      "required":["IpamScopeId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope in which you would like to create the IPAM pool.</p>"
+        },
+        "Locale":{
+          "shape":"String",
+          "documentation":"<p>In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you do not choose a locale, resources in Regions others than the IPAM's home region cannot use CIDRs from this pool.</p> <p>Possible values: Any Amazon Web Services Region, such as us-east-1.</p>"
+        },
+        "SourceIpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the source IPAM pool. Use this option to create a pool within an existing pool. Note that the CIDR you provision for the pool within the source pool must be available in the source pool's CIDR range.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>A description for the IPAM pool.</p>"
+        },
+        "AddressFamily":{
+          "shape":"AddressFamily",
+          "documentation":"<p>The IP protocol assigned to this IPAM pool. You must choose either IPv4 or IPv6 protocol for a pool.</p>"
+        },
+        "AutoImport":{
+          "shape":"Boolean",
+          "documentation":"<p>If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only. </p> <p>A locale must be set on the pool for this feature to work.</p>"
+        },
+        "PubliclyAdvertisable":{
+          "shape":"Boolean",
+          "documentation":"<p>Determines if the pool is publicly advertisable. This option is not available for pools with AddressFamily set to <code>ipv4</code>.</p>"
+        },
+        "AllocationMinNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.</p>"
+        },
+        "AllocationMaxNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.</p>"
+        },
+        "AllocationDefaultNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.</p>"
+        },
+        "AllocationResourceTags":{
+          "shape":"RequestIpamResourceTagList",
+          "documentation":"<p>Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.</p>",
+          "locationName":"AllocationResourceTag"
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"TagSpecification"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring Idempotency</a>.</p>",
+          "idempotencyToken":true
+        },
+        "AwsService":{
+          "shape":"IpamPoolAwsService",
+          "documentation":"<p>Limits which service in Amazon Web Services that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.</p>"
+        }
+      }
+    },
+    "CreateIpamPoolResult":{
+      "type":"structure",
+      "members":{
+        "IpamPool":{
+          "shape":"IpamPool",
+          "documentation":"<p>Information about the IPAM pool created.</p>",
+          "locationName":"ipamPool"
+        }
+      }
+    },
+    "CreateIpamRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>A description for the IPAM.</p>"
+        },
+        "OperatingRegions":{
+          "shape":"AddIpamOperatingRegionSet",
+          "documentation":"<p>The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>",
+          "locationName":"OperatingRegion"
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"TagSpecification"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring Idempotency</a>.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateIpamResult":{
+      "type":"structure",
+      "members":{
+        "Ipam":{
+          "shape":"Ipam",
+          "documentation":"<p>Information about the IPAM created.</p>",
+          "locationName":"ipam"
+        }
+      }
+    },
+    "CreateIpamScopeRequest":{
+      "type":"structure",
+      "required":["IpamId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamId":{
+          "shape":"IpamId",
+          "documentation":"<p>The ID of the IPAM for which you're creating this scope.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>A description for the scope you're creating.</p>"
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"TagSpecification"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring Idempotency</a>.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateIpamScopeResult":{
+      "type":"structure",
+      "members":{
+        "IpamScope":{
+          "shape":"IpamScope",
+          "documentation":"<p>Information about the created scope.</p>",
+          "locationName":"ipamScope"
+        }
+      }
+    },
     "CreateKeyPairRequest":{
       "type":"structure",
       "required":["KeyName"],
@@ -10768,6 +11653,51 @@
         }
       }
     },
+    "CreateNetworkInsightsAccessScopeRequest":{
+      "type":"structure",
+      "required":["ClientToken"],
+      "members":{
+        "MatchPaths":{
+          "shape":"AccessScopePathListRequest",
+          "documentation":"<p>The paths to match.</p>",
+          "locationName":"MatchPath"
+        },
+        "ExcludePaths":{
+          "shape":"AccessScopePathListRequest",
+          "documentation":"<p>The paths to exclude.</p>",
+          "locationName":"ExcludePath"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">How to ensure idempotency</a>.</p>",
+          "idempotencyToken":true
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The tags to apply.</p>",
+          "locationName":"TagSpecification"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "CreateNetworkInsightsAccessScopeResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScope":{
+          "shape":"NetworkInsightsAccessScope",
+          "documentation":"<p>The Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScope"
+        },
+        "NetworkInsightsAccessScopeContent":{
+          "shape":"NetworkInsightsAccessScopeContent",
+          "documentation":"<p>The Network Access Scope content.</p>",
+          "locationName":"networkInsightsAccessScopeContent"
+        }
+      }
+    },
     "CreateNetworkInsightsPathRequest":{
       "type":"structure",
       "required":[
@@ -10786,11 +11716,11 @@
           "documentation":"<p>The IP address of the Amazon Web Services resource that is the destination of the path.</p>"
         },
         "Source":{
-          "shape":"String",
+          "shape":"NetworkInsightsResourceId",
           "documentation":"<p>The Amazon Web Services resource that is the source of the path.</p>"
         },
         "Destination":{
-          "shape":"String",
+          "shape":"NetworkInsightsResourceId",
           "documentation":"<p>The Amazon Web Services resource that is the destination of the path.</p>"
         },
         "Protocol":{
@@ -10932,7 +11862,7 @@
         },
         "InterfaceType":{
           "shape":"NetworkInterfaceCreationType",
-          "documentation":"<p>Indicates the type of network interface. To create an Elastic Fabric Adapter (EFA), specify <code>efa</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html\"> Elastic Fabric Adapter</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>. To create a trunk network interface, specify <code>efa</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/eni-trunking.html\"> Network interface trunking</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+          "documentation":"<p>Indicates the type of network interface. To create an Elastic Fabric Adapter (EFA), specify <code>efa</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html\"> Elastic Fabric Adapter</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>. To create a trunk network interface, specify <code>trunk</code>.</p>"
         },
         "SubnetId":{
           "shape":"SubnetId",
@@ -11006,6 +11936,30 @@
         }
       }
     },
+    "CreatePublicIpv4PoolRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"TagSpecification"
+        }
+      }
+    },
+    "CreatePublicIpv4PoolResult":{
+      "type":"structure",
+      "members":{
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the public IPv4 pool.</p>",
+          "locationName":"poolId"
+        }
+      }
+    },
     "CreateReplaceRootVolumeTaskRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -11200,6 +12154,10 @@
           "shape":"VpcPeeringConnectionId",
           "documentation":"<p>The ID of a VPC peering connection.</p>",
           "locationName":"vpcPeeringConnectionId"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the core network.</p>"
         }
       }
     },
@@ -11476,10 +12434,7 @@
     },
     "CreateSubnetRequest":{
       "type":"structure",
-      "required":[
-        "CidrBlock",
-        "VpcId"
-      ],
+      "required":["VpcId"],
       "members":{
         "TagSpecifications":{
           "shape":"TagSpecificationList",
@@ -11496,11 +12451,11 @@
         },
         "CidrBlock":{
           "shape":"String",
-          "documentation":"<p>The IPv4 network range for the subnet, in CIDR notation. For example, <code>10.0.0.0/24</code>. We modify the specified CIDR block to its canonical form; for example, if you specify <code>100.68.0.18/18</code>, we modify it to <code>100.68.0.0/18</code>.</p>"
+          "documentation":"<p>The IPv4 network range for the subnet, in CIDR notation. For example, <code>10.0.0.0/24</code>. We modify the specified CIDR block to its canonical form; for example, if you specify <code>100.68.0.18/18</code>, we modify it to <code>100.68.0.0/18</code>.</p> <p>This parameter is not supported for an IPv6 only subnet.</p>"
         },
         "Ipv6CidrBlock":{
           "shape":"String",
-          "documentation":"<p>The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.</p>"
+          "documentation":"<p>The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.</p> <p>This parameter is required for an IPv6 only subnet.</p>"
         },
         "OutpostArn":{
           "shape":"String",
@@ -11514,6 +12469,10 @@
           "shape":"Boolean",
           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
           "locationName":"dryRun"
+        },
+        "Ipv6Native":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to create an IPv6 only subnet.</p>"
         }
       }
     },
@@ -12491,7 +13450,6 @@
     },
     "CreateVpcRequest":{
       "type":"structure",
-      "required":["CidrBlock"],
       "members":{
         "CidrBlock":{
           "shape":"String",
@@ -12510,6 +13468,22 @@
           "shape":"String",
           "documentation":"<p>The IPv6 CIDR block from the IPv6 address pool. You must also specify <code>Ipv6Pool</code> in the request.</p> <p>To let Amazon choose the IPv6 CIDR block for you, omit this parameter.</p>"
         },
+        "Ipv4IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+        },
+        "Ipv4NetmaskLength":{
+          "shape":"NetmaskLength",
+          "documentation":"<p>The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+        },
+        "Ipv6IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+        },
+        "Ipv6NetmaskLength":{
+          "shape":"NetmaskLength",
+          "documentation":"<p>The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+        },
         "DryRun":{
           "shape":"Boolean",
           "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>",
@@ -13133,6 +14107,78 @@
         }
       }
     },
+    "DeleteIpamPoolRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the pool to delete.</p>"
+        }
+      }
+    },
+    "DeleteIpamPoolResult":{
+      "type":"structure",
+      "members":{
+        "IpamPool":{
+          "shape":"IpamPool",
+          "documentation":"<p>Information about the results of the deletion.</p>",
+          "locationName":"ipamPool"
+        }
+      }
+    },
+    "DeleteIpamRequest":{
+      "type":"structure",
+      "required":["IpamId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamId":{
+          "shape":"IpamId",
+          "documentation":"<p>The ID of the IPAM to delete.</p>"
+        }
+      }
+    },
+    "DeleteIpamResult":{
+      "type":"structure",
+      "members":{
+        "Ipam":{
+          "shape":"Ipam",
+          "documentation":"<p>Information about the results of the deletion.</p>",
+          "locationName":"ipam"
+        }
+      }
+    },
+    "DeleteIpamScopeRequest":{
+      "type":"structure",
+      "required":["IpamScopeId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope to delete.</p>"
+        }
+      }
+    },
+    "DeleteIpamScopeResult":{
+      "type":"structure",
+      "members":{
+        "IpamScope":{
+          "shape":"IpamScope",
+          "documentation":"<p>Information about the results of the deletion.</p>",
+          "locationName":"ipamScope"
+        }
+      }
+    },
     "DeleteKeyPairRequest":{
       "type":"structure",
       "members":{
@@ -13426,6 +14472,54 @@
         }
       }
     },
+    "DeleteNetworkInsightsAccessScopeAnalysisRequest":{
+      "type":"structure",
+      "required":["NetworkInsightsAccessScopeAnalysisId"],
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "DeleteNetworkInsightsAccessScopeAnalysisResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisId"
+        }
+      }
+    },
+    "DeleteNetworkInsightsAccessScopeRequest":{
+      "type":"structure",
+      "required":["NetworkInsightsAccessScopeId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>"
+        }
+      }
+    },
+    "DeleteNetworkInsightsAccessScopeResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeId"
+        }
+      }
+    },
     "DeleteNetworkInsightsAnalysisRequest":{
       "type":"structure",
       "required":["NetworkInsightsAnalysisId"],
@@ -13537,6 +14631,30 @@
         }
       }
     },
+    "DeletePublicIpv4PoolRequest":{
+      "type":"structure",
+      "required":["PoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the public IPv4 pool you want to delete.</p>"
+        }
+      }
+    },
+    "DeletePublicIpv4PoolResult":{
+      "type":"structure",
+      "members":{
+        "ReturnValue":{
+          "shape":"Boolean",
+          "documentation":"<p>Information about the result of deleting the public IPv4 pool.</p>",
+          "locationName":"returnValue"
+        }
+      }
+    },
     "DeleteQueuedReservedInstancesError":{
       "type":"structure",
       "members":{
@@ -13745,7 +14863,7 @@
         },
         "Tags":{
           "shape":"TagList",
-          "documentation":"<p>The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.</p> <p>If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the <code>aws:</code> prefix).</p>",
+          "documentation":"<p>The tags to delete. Specify a tag key and an optional tag value to delete specific tags. If you specify a tag key without a tag value, we delete any tag with this key regardless of its value. If you specify a tag key with an empty string as the tag value, we delete the tag only if its value is an empty string.</p> <p>If you omit this parameter, we delete all user-defined tags for the specified resources. We do not delete Amazon Web Services-generated tags (tags that have the <code>aws:</code> prefix).</p> <p>Constraints: Up to 1000 tags.</p>",
           "locationName":"tag"
         }
       }
@@ -14283,6 +15401,77 @@
         }
       }
     },
+    "DeprovisionIpamPoolCidrRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the pool that has the CIDR you want to deprovision.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR which you want to deprovision from the pool.</p>"
+        }
+      }
+    },
+    "DeprovisionIpamPoolCidrResult":{
+      "type":"structure",
+      "members":{
+        "IpamPoolCidr":{
+          "shape":"IpamPoolCidr",
+          "documentation":"<p>The deprovisioned pool CIDR.</p>",
+          "locationName":"ipamPoolCidr"
+        }
+      }
+    },
+    "DeprovisionPublicIpv4PoolCidrRequest":{
+      "type":"structure",
+      "required":[
+        "PoolId",
+        "Cidr"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the pool that you want to deprovision the CIDR from.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR you want to deprovision from the pool.</p>"
+        }
+      }
+    },
+    "DeprovisionPublicIpv4PoolCidrResult":{
+      "type":"structure",
+      "members":{
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the pool that you deprovisioned the CIDR from.</p>",
+          "locationName":"poolId"
+        },
+        "DeprovisionedAddresses":{
+          "shape":"DeprovisionedAddressSet",
+          "documentation":"<p>The deprovisioned CIDRs.</p>",
+          "locationName":"deprovisionedAddressSet"
+        }
+      }
+    },
+    "DeprovisionedAddressSet":{
+      "type":"list",
+      "member":{
+        "shape":"String",
+        "locationName":"item"
+      }
+    },
     "DeregisterImageRequest":{
       "type":"structure",
       "required":["ImageId"],
@@ -14701,7 +15890,7 @@
         },
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>instance-type</code> - The type of instance for which the Capacity Reservation reserves capacity.</p> </li> <li> <p> <code>owner-id</code> - The ID of the Amazon Web Services account that owns the Capacity Reservation.</p> </li> <li> <p> <code>availability-zone-id</code> - The Availability Zone ID of the Capacity Reservation.</p> </li> <li> <p> <code>instance-platform</code> - The type of operating system for which the Capacity Reservation reserves capacity.</p> </li> <li> <p> <code>availability-zone</code> - The Availability Zone ID of the Capacity Reservation.</p> </li> <li> <p> <code>tenancy</code> - Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:</p> <ul> <li> <p> <code>default</code> - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.</p> </li> <li> <p> <code>dedicated</code> - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.</p> </li> </ul> </li> <li> <p> <code>outpost-arn</code> - The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created.</p> </li> <li> <p> <code>state</code> - The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:</p> <ul> <li> <p> <code>active</code>- The Capacity Reservation is active and the capacity is available for your use.</p> </li> <li> <p> <code>expired</code> - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.</p> </li> <li> <p> <code>cancelled</code> - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.</p> </li> <li> <p> <code>pending</code> - The Capacity Reservation request was successful but the capacity provisioning is still pending.</p> </li> <li> <p> <code>failed</code> - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.</p> </li> </ul> </li> <li> <p> <code>start-date</code> - The date and time at which the Capacity Reservation was started.</p> </li> <li> <p> <code>end-date</code> - The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.</p> </li> <li> <p> <code>end-date-type</code> - Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:</p> <ul> <li> <p> <code>unlimited</code> - The Capacity Reservation remains active until you explicitly cancel it.</p> </li> <li> <p> <code>limited</code> - The Capacity Reservation expires automatically at a specified date and time.</p> </li> </ul> </li> <li> <p> <code>instance-match-criteria</code> - Indicates the type of instance launches that the Capacity Reservation accepts. The options include:</p> <ul> <li> <p> <code>open</code> - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.</p> </li> <li> <p> <code>targeted</code> - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.</p> </li> </ul> </li> </ul>",
+          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>instance-type</code> - The type of instance for which the Capacity Reservation reserves capacity.</p> </li> <li> <p> <code>owner-id</code> - The ID of the Amazon Web Services account that owns the Capacity Reservation.</p> </li> <li> <p> <code>instance-platform</code> - The type of operating system for which the Capacity Reservation reserves capacity.</p> </li> <li> <p> <code>availability-zone</code> - The Availability Zone of the Capacity Reservation.</p> </li> <li> <p> <code>tenancy</code> - Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:</p> <ul> <li> <p> <code>default</code> - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.</p> </li> <li> <p> <code>dedicated</code> - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.</p> </li> </ul> </li> <li> <p> <code>outpost-arn</code> - The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created.</p> </li> <li> <p> <code>state</code> - The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:</p> <ul> <li> <p> <code>active</code>- The Capacity Reservation is active and the capacity is available for your use.</p> </li> <li> <p> <code>expired</code> - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.</p> </li> <li> <p> <code>cancelled</code> - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.</p> </li> <li> <p> <code>pending</code> - The Capacity Reservation request was successful but the capacity provisioning is still pending.</p> </li> <li> <p> <code>failed</code> - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.</p> </li> </ul> </li> <li> <p> <code>start-date</code> - The date and time at which the Capacity Reservation was started.</p> </li> <li> <p> <code>end-date</code> - The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.</p> </li> <li> <p> <code>end-date-type</code> - Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:</p> <ul> <li> <p> <code>unlimited</code> - The Capacity Reservation remains active until you explicitly cancel it.</p> </li> <li> <p> <code>limited</code> - The Capacity Reservation expires automatically at a specified date and time.</p> </li> </ul> </li> <li> <p> <code>instance-match-criteria</code> - Indicates the type of instance launches that the Capacity Reservation accepts. The options include:</p> <ul> <li> <p> <code>open</code> - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.</p> </li> <li> <p> <code>targeted</code> - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.</p> </li> </ul> </li> </ul>",
           "locationName":"Filter"
         },
         "DryRun":{
@@ -15381,6 +16570,111 @@
         }
       }
     },
+    "DescribeFastLaunchImagesRequest":{
+      "type":"structure",
+      "members":{
+        "ImageIds":{
+          "shape":"FastLaunchImageIdList",
+          "documentation":"<p>Details for one or more Windows AMI image IDs.</p>",
+          "locationName":"ImageId"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>Use the following filters to streamline results.</p> <ul> <li> <p> <code>resource-type</code> - The resource type for pre-provisioning.</p> </li> <li> <p> <code>launch-template</code> - The launch template that is associated with the pre-provisioned Windows AMI.</p> </li> <li> <p> <code>owner-id</code> - The owner ID for the pre-provisioning resource.</p> </li> <li> <p> <code>state</code> - The current state of fast launching for the Windows AMI.</p> </li> </ul>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"DescribeFastLaunchImagesRequestMaxResults",
+          "documentation":"<p>The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. If this parameter is not specified, then all results are returned.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "DescribeFastLaunchImagesRequestMaxResults":{
+      "type":"integer",
+      "max":200,
+      "min":0
+    },
+    "DescribeFastLaunchImagesResult":{
+      "type":"structure",
+      "members":{
+        "FastLaunchImages":{
+          "shape":"DescribeFastLaunchImagesSuccessSet",
+          "documentation":"<p>A collection of details about the fast-launch enabled Windows images that meet the requested criteria.</p>",
+          "locationName":"fastLaunchImageSet"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use for the next set of results. This value is null when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "DescribeFastLaunchImagesSuccessItem":{
+      "type":"structure",
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The image ID that identifies the fast-launch enabled Windows image.</p>",
+          "locationName":"imageId"
+        },
+        "ResourceType":{
+          "shape":"FastLaunchResourceType",
+          "documentation":"<p>The resource type that is used for pre-provisioning the Windows AMI. Supported values include: <code>snapshot</code>.</p>",
+          "locationName":"resourceType"
+        },
+        "SnapshotConfiguration":{
+          "shape":"FastLaunchSnapshotConfigurationResponse",
+          "documentation":"<p>A group of parameters that are used for pre-provisioning the associated Windows AMI using snapshots.</p>",
+          "locationName":"snapshotConfiguration"
+        },
+        "LaunchTemplate":{
+          "shape":"FastLaunchLaunchTemplateSpecificationResponse",
+          "documentation":"<p>The launch template that the fast-launch enabled Windows AMI uses when it launches Windows instances from pre-provisioned snapshots.</p>",
+          "locationName":"launchTemplate"
+        },
+        "MaxParallelLaunches":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of parallel instances that are launched for creating resources.</p>",
+          "locationName":"maxParallelLaunches"
+        },
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The owner ID for the fast-launch enabled Windows AMI.</p>",
+          "locationName":"ownerId"
+        },
+        "State":{
+          "shape":"FastLaunchStateCode",
+          "documentation":"<p>The current state of faster launching for the specified Windows AMI.</p>",
+          "locationName":"state"
+        },
+        "StateTransitionReason":{
+          "shape":"String",
+          "documentation":"<p>The reason that faster launching for the Windows AMI changed to the current state.</p>",
+          "locationName":"stateTransitionReason"
+        },
+        "StateTransitionTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The time that faster launching for the Windows AMI changed to the current state.</p>",
+          "locationName":"stateTransitionTime"
+        }
+      },
+      "documentation":"<p>Describe details about a fast-launch enabled Windows image that meets the requested criteria. Criteria are defined by the <code>DescribeFastLaunchImages</code> action filters.</p>"
+    },
+    "DescribeFastLaunchImagesSuccessSet":{
+      "type":"list",
+      "member":{
+        "shape":"DescribeFastLaunchImagesSuccessItem",
+        "locationName":"item"
+      }
+    },
     "DescribeFastSnapshotRestoreSuccessItem":{
       "type":"structure",
       "members":{
@@ -16557,6 +17851,132 @@
         }
       }
     },
+    "DescribeIpamPoolsRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"IpamMaxResults",
+          "documentation":"<p>The maximum number of results to return in the request.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "IpamPoolIds":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The IDs of the IPAM pools you would like information on.</p>",
+          "locationName":"IpamPoolId"
+        }
+      }
+    },
+    "DescribeIpamPoolsResult":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        },
+        "IpamPools":{
+          "shape":"IpamPoolSet",
+          "documentation":"<p>Information about the IPAM pools.</p>",
+          "locationName":"ipamPoolSet"
+        }
+      }
+    },
+    "DescribeIpamScopesRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"IpamMaxResults",
+          "documentation":"<p>The maximum number of results to return in the request.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "IpamScopeIds":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The IDs of the scopes you want information on.</p>",
+          "locationName":"IpamScopeId"
+        }
+      }
+    },
+    "DescribeIpamScopesResult":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        },
+        "IpamScopes":{
+          "shape":"IpamScopeSet",
+          "documentation":"<p>The scopes you want information on.</p>",
+          "locationName":"ipamScopeSet"
+        }
+      }
+    },
+    "DescribeIpamsRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"IpamMaxResults",
+          "documentation":"<p>The maximum number of results to return in the request.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "IpamIds":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The IDs of the IPAMs you want information on.</p>",
+          "locationName":"IpamId"
+        }
+      }
+    },
+    "DescribeIpamsResult":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        },
+        "Ipams":{
+          "shape":"IpamSet",
+          "documentation":"<p>Information about the IPAMs.</p>",
+          "locationName":"ipamSet"
+        }
+      }
+    },
     "DescribeIpv6PoolsRequest":{
       "type":"structure",
       "members":{
@@ -16672,7 +18092,7 @@
         },
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>create-time</code> - The time the launch template version was created.</p> </li> <li> <p> <code>ebs-optimized</code> - A boolean that indicates whether the instance is optimized for Amazon EBS I/O.</p> </li> <li> <p> <code>iam-instance-profile</code> - The ARN of the IAM instance profile.</p> </li> <li> <p> <code>image-id</code> - The ID of the AMI.</p> </li> <li> <p> <code>instance-type</code> - The instance type.</p> </li> <li> <p> <code>is-default-version</code> - A boolean that indicates whether the launch template version is the default version.</p> </li> <li> <p> <code>kernel-id</code> - The kernel ID.</p> </li> <li> <p> <code>ram-disk-id</code> - The RAM disk ID.</p> </li> </ul>",
+          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>create-time</code> - The time the launch template version was created.</p> </li> <li> <p> <code>ebs-optimized</code> - A boolean that indicates whether the instance is optimized for Amazon EBS I/O.</p> </li> <li> <p> <code>http-endpoint</code> - Indicates whether the HTTP metadata endpoint on your instances is enabled (<code>enabled</code> | <code>disabled</code>).</p> </li> <li> <p> <code>http-protocol-ipv4</code> - Indicates whether the IPv4 endpoint for the instance metadata service is enabled (<code>enabled</code> | <code>disabled</code>).</p> </li> <li> <p> <code>host-resource-group-arn</code> - The ARN of the host resource group in which to launch the instances.</p> </li> <li> <p> <code>http-tokens</code> - The state of token usage for your instance metadata requests (<code>optional</code> | <code>required</code>).</p> </li> <li> <p> <code>iam-instance-profile</code> - The ARN of the IAM instance profile.</p> </li> <li> <p> <code>image-id</code> - The ID of the AMI.</p> </li> <li> <p> <code>instance-type</code> - The instance type.</p> </li> <li> <p> <code>is-default-version</code> - A boolean that indicates whether the launch template version is the default version.</p> </li> <li> <p> <code>kernel-id</code> - The kernel ID.</p> </li> <li> <p> <code>license-configuration-arn</code> - The ARN of the license configuration.</p> </li> <li> <p> <code>network-card-index</code> - The index of the network card.</p> </li> <li> <p> <code>ram-disk-id</code> - The RAM disk ID.</p> </li> </ul>",
           "locationName":"Filter"
         }
       }
@@ -17182,6 +18602,102 @@
         }
       }
     },
+    "DescribeNetworkInsightsAccessScopeAnalysesRequest":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisIds":{
+          "shape":"NetworkInsightsAccessScopeAnalysisIdList",
+          "documentation":"<p>The IDs of the Network Access Scope analyses.</p>",
+          "locationName":"NetworkInsightsAccessScopeAnalysisId"
+        },
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>"
+        },
+        "AnalysisStartTimeBegin":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Filters the results based on the start time. The analysis must have started on or after this time.</p>"
+        },
+        "AnalysisStartTimeEnd":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Filters the results based on the start time. The analysis must have started on or before this time.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>There are no supported filters.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"NetworkInsightsMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "DescribeNetworkInsightsAccessScopeAnalysesResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalyses":{
+          "shape":"NetworkInsightsAccessScopeAnalysisList",
+          "documentation":"<p>The Network Access Scope analyses.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "DescribeNetworkInsightsAccessScopesRequest":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeIds":{
+          "shape":"NetworkInsightsAccessScopeIdList",
+          "documentation":"<p>The IDs of the Network Access Scopes.</p>",
+          "locationName":"NetworkInsightsAccessScopeId"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>There are no supported filters.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"NetworkInsightsMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "DescribeNetworkInsightsAccessScopesResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopes":{
+          "shape":"NetworkInsightsAccessScopeList",
+          "documentation":"<p>The Network Access Scopes.</p>",
+          "locationName":"networkInsightsAccessScopeSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
     "DescribeNetworkInsightsAnalysesRequest":{
       "type":"structure",
       "members":{
@@ -17431,7 +18947,7 @@
       "members":{
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>The filters.</p> <ul> <li> <p> <code>group-name</code> - The name of the placement group.</p> </li> <li> <p> <code>state</code> - The state of the placement group (<code>pending</code> | <code>available</code> | <code>deleting</code> | <code>deleted</code>).</p> </li> <li> <p> <code>strategy</code> - The strategy of the placement group (<code>cluster</code> | <code>spread</code> | <code>partition</code>).</p> </li> <li> <p> <code>tag:&lt;key&gt;</code> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.</p> </li> </ul>",
+          "documentation":"<p>The filters.</p> <ul> <li> <p> <code>group-name</code> - The name of the placement group.</p> </li> <li> <p> <code>group-arn</code> - The Amazon Resource Name (ARN) of the placement group.</p> </li> <li> <p> <code>state</code> - The state of the placement group (<code>pending</code> | <code>available</code> | <code>deleting</code> | <code>deleted</code>).</p> </li> <li> <p> <code>strategy</code> - The strategy of the placement group (<code>cluster</code> | <code>spread</code> | <code>partition</code>).</p> </li> <li> <p> <code>tag:&lt;key&gt;</code> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.</p> </li> </ul>",
           "locationName":"Filter"
         },
         "DryRun":{
@@ -18190,12 +19706,50 @@
         }
       }
     },
+    "DescribeSnapshotTierStatusMaxResults":{"type":"integer"},
+    "DescribeSnapshotTierStatusRequest":{
+      "type":"structure",
+      "members":{
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>The filters.</p> <ul> <li> <p> <code>snapshot-id</code> - The snapshot ID.</p> </li> <li> <p> <code>volume-id</code> - The ID of the volume the snapshot is for.</p> </li> <li> <p> <code>last-tiering-operation</code> - The state of the last archive or restore action. (<code>archival-in-progress</code> | <code>archival-completed</code> | <code>archival-failed</code> | <code>permanent-restore-in-progress</code> | <code>permanent-restore-completed</code> | <code>permanent-restore-failed</code> | <code>temporary-restore-in-progress</code> | <code>temporary-restore-completed</code> | <code>temporary-restore-failed</code>)</p> </li> </ul>",
+          "locationName":"Filter"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "MaxResults":{
+          "shape":"DescribeSnapshotTierStatusMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        }
+      }
+    },
+    "DescribeSnapshotTierStatusResult":{
+      "type":"structure",
+      "members":{
+        "SnapshotTierStatuses":{
+          "shape":"snapshotTierStatusSet",
+          "documentation":"<p>Information about the snapshot's storage tier.</p>",
+          "locationName":"snapshotTierStatusSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
     "DescribeSnapshotsRequest":{
       "type":"structure",
       "members":{
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>The filters.</p> <ul> <li> <p> <code>description</code> - A description of the snapshot.</p> </li> <li> <p> <code>encrypted</code> - Indicates whether the snapshot is encrypted (<code>true</code> | <code>false</code>)</p> </li> <li> <p> <code>owner-alias</code> - The owner alias, from an Amazon-maintained list (<code>amazon</code>). This is not the user-configured Amazon Web Services account alias set using the IAM console. We recommend that you use the related parameter instead of this filter.</p> </li> <li> <p> <code>owner-id</code> - The Amazon Web Services account ID of the owner. We recommend that you use the related parameter instead of this filter.</p> </li> <li> <p> <code>progress</code> - The progress of the snapshot, as a percentage (for example, 80%).</p> </li> <li> <p> <code>snapshot-id</code> - The snapshot ID.</p> </li> <li> <p> <code>start-time</code> - The time stamp when the snapshot was initiated.</p> </li> <li> <p> <code>status</code> - The status of the snapshot (<code>pending</code> | <code>completed</code> | <code>error</code>).</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> </li> <li> <p> <code>volume-id</code> - The ID of the volume the snapshot is for.</p> </li> <li> <p> <code>volume-size</code> - The size of the volume, in GiB.</p> </li> </ul>",
+          "documentation":"<p>The filters.</p> <ul> <li> <p> <code>description</code> - A description of the snapshot.</p> </li> <li> <p> <code>encrypted</code> - Indicates whether the snapshot is encrypted (<code>true</code> | <code>false</code>)</p> </li> <li> <p> <code>owner-alias</code> - The owner alias, from an Amazon-maintained list (<code>amazon</code>). This is not the user-configured Amazon Web Services account alias set using the IAM console. We recommend that you use the related parameter instead of this filter.</p> </li> <li> <p> <code>owner-id</code> - The Amazon Web Services account ID of the owner. We recommend that you use the related parameter instead of this filter.</p> </li> <li> <p> <code>progress</code> - The progress of the snapshot, as a percentage (for example, 80%).</p> </li> <li> <p> <code>snapshot-id</code> - The snapshot ID.</p> </li> <li> <p> <code>start-time</code> - The time stamp when the snapshot was initiated.</p> </li> <li> <p> <code>status</code> - The status of the snapshot (<code>pending</code> | <code>completed</code> | <code>error</code>).</p> </li> <li> <p> <code>storage-tier</code> - The storage tier of the snapshot (<code>archive</code> | <code>standard</code>).</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> </li> <li> <p> <code>volume-id</code> - The ID of the volume the snapshot is for.</p> </li> <li> <p> <code>volume-size</code> - The size of the volume, in GiB.</p> </li> </ul>",
           "locationName":"Filter"
         },
         "MaxResults":{
@@ -18652,7 +20206,7 @@
       "members":{
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>availability-zone</code> - The Availability Zone for the subnet. You can also use <code>availabilityZone</code> as the filter name.</p> </li> <li> <p> <code>availability-zone-id</code> - The ID of the Availability Zone for the subnet. You can also use <code>availabilityZoneId</code> as the filter name.</p> </li> <li> <p> <code>available-ip-address-count</code> - The number of IPv4 addresses in the subnet that are available.</p> </li> <li> <p> <code>cidr-block</code> - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use <code>cidr</code> or <code>cidrBlock</code> as the filter names.</p> </li> <li> <p> <code>default-for-az</code> - Indicates whether this is the default subnet for the Availability Zone. You can also use <code>defaultForAz</code> as the filter name.</p> </li> <li> <p> <code>ipv6-cidr-block-association.ipv6-cidr-block</code> - An IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>ipv6-cidr-block-association.association-id</code> - An association ID for an IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>ipv6-cidr-block-association.state</code> - The state of an IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>outpost-arn</code> - The Amazon Resource Name (ARN) of the Outpost.</p> </li> <li> <p> <code>owner-id</code> - The ID of the Amazon Web Services account that owns the subnet.</p> </li> <li> <p> <code>state</code> - The state of the subnet (<code>pending</code> | <code>available</code>).</p> </li> <li> <p> <code>subnet-arn</code> - The Amazon Resource Name (ARN) of the subnet.</p> </li> <li> <p> <code>subnet-id</code> - The ID of the subnet.</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> </li> <li> <p> <code>vpc-id</code> - The ID of the VPC for the subnet.</p> </li> </ul>",
+          "documentation":"<p>One or more filters.</p> <ul> <li> <p> <code>availability-zone</code> - The Availability Zone for the subnet. You can also use <code>availabilityZone</code> as the filter name.</p> </li> <li> <p> <code>availability-zone-id</code> - The ID of the Availability Zone for the subnet. You can also use <code>availabilityZoneId</code> as the filter name.</p> </li> <li> <p> <code>available-ip-address-count</code> - The number of IPv4 addresses in the subnet that are available.</p> </li> <li> <p> <code>cidr-block</code> - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use <code>cidr</code> or <code>cidrBlock</code> as the filter names.</p> </li> <li> <p> <code>default-for-az</code> - Indicates whether this is the default subnet for the Availability Zone (<code>true</code> | <code>false</code>). You can also use <code>defaultForAz</code> as the filter name.</p> </li> <li> <p> <code>ipv6-cidr-block-association.ipv6-cidr-block</code> - An IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>ipv6-cidr-block-association.association-id</code> - An association ID for an IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>ipv6-cidr-block-association.state</code> - The state of an IPv6 CIDR block associated with the subnet.</p> </li> <li> <p> <code>ipv6-native</code> - Indicates whether this is an IPv6 only subnet (<code>true</code> | <code>false</code>).</p> </li> <li> <p> <code>outpost-arn</code> - The Amazon Resource Name (ARN) of the Outpost.</p> </li> <li> <p> <code>owner-id</code> - The ID of the Amazon Web Services account that owns the subnet.</p> </li> <li> <p> <code>state</code> - The state of the subnet (<code>pending</code> | <code>available</code>).</p> </li> <li> <p> <code>subnet-arn</code> - The Amazon Resource Name (ARN) of the subnet.</p> </li> <li> <p> <code>subnet-id</code> - The ID of the subnet.</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p> </li> <li> <p> <code>tag-key</code> - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p> </li> <li> <p> <code>vpc-id</code> - The ID of the VPC for the subnet.</p> </li> </ul>",
           "locationName":"Filter"
         },
         "SubnetIds":{
@@ -20228,6 +21782,74 @@
         }
       }
     },
+    "DisableFastLaunchRequest":{
+      "type":"structure",
+      "required":["ImageId"],
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The ID of the image for which you’re turning off faster launching, and removing pre-provisioned snapshots.</p>"
+        },
+        "Force":{
+          "shape":"Boolean",
+          "documentation":"<p>Forces the image settings to turn off faster launching for your Windows AMI. This parameter overrides any errors that are encountered while cleaning up resources in your account.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "DisableFastLaunchResult":{
+      "type":"structure",
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The ID of the image for which faster-launching has been turned off.</p>",
+          "locationName":"imageId"
+        },
+        "ResourceType":{
+          "shape":"FastLaunchResourceType",
+          "documentation":"<p>The pre-provisioning resource type that must be cleaned after turning off faster launching for the Windows AMI. Supported values include: <code>snapshot</code>.</p>",
+          "locationName":"resourceType"
+        },
+        "SnapshotConfiguration":{
+          "shape":"FastLaunchSnapshotConfigurationResponse",
+          "documentation":"<p>Parameters that were used for faster launching for the Windows AMI before faster launching was turned off. This informs the clean-up process.</p>",
+          "locationName":"snapshotConfiguration"
+        },
+        "LaunchTemplate":{
+          "shape":"FastLaunchLaunchTemplateSpecificationResponse",
+          "documentation":"<p>The launch template that was used to launch Windows instances from pre-provisioned snapshots.</p>",
+          "locationName":"launchTemplate"
+        },
+        "MaxParallelLaunches":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of parallel instances to launch for creating resources.</p>",
+          "locationName":"maxParallelLaunches"
+        },
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The owner of the Windows AMI for which faster launching was turned off.</p>",
+          "locationName":"ownerId"
+        },
+        "State":{
+          "shape":"FastLaunchStateCode",
+          "documentation":"<p>The current state of faster launching for the specified Windows AMI.</p>",
+          "locationName":"state"
+        },
+        "StateTransitionReason":{
+          "shape":"String",
+          "documentation":"<p>The reason that the state changed for faster launching for the Windows AMI.</p>",
+          "locationName":"stateTransitionReason"
+        },
+        "StateTransitionTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The time that the state changed for faster launching for the Windows AMI.</p>",
+          "locationName":"stateTransitionTime"
+        }
+      }
+    },
     "DisableFastSnapshotRestoreErrorItem":{
       "type":"structure",
       "members":{
@@ -20420,6 +22042,30 @@
         }
       }
     },
+    "DisableIpamOrganizationAdminAccountRequest":{
+      "type":"structure",
+      "required":["DelegatedAdminAccountId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "DelegatedAdminAccountId":{
+          "shape":"String",
+          "documentation":"<p>The Organizations member account ID that you want to disable as IPAM account.</p>"
+        }
+      }
+    },
+    "DisableIpamOrganizationAdminAccountResult":{
+      "type":"structure",
+      "members":{
+        "Success":{
+          "shape":"Boolean",
+          "documentation":"<p>The result of disabling the IPAM account.</p>",
+          "locationName":"success"
+        }
+      }
+    },
     "DisableSerialConsoleAccessRequest":{
       "type":"structure",
       "members":{
@@ -21267,7 +22913,7 @@
       "type":"structure",
       "members":{
         "ElasticGpuId":{
-          "shape":"String",
+          "shape":"ElasticGpuId",
           "documentation":"<p>The ID of the Elastic Graphics accelerator.</p>",
           "locationName":"elasticGpuId"
         },
@@ -21504,6 +23150,86 @@
         }
       }
     },
+    "EnableFastLaunchRequest":{
+      "type":"structure",
+      "required":["ImageId"],
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The ID of the image for which you’re enabling faster launching.</p>"
+        },
+        "ResourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of resource to use for pre-provisioning the Windows AMI for faster launching. Supported values include: <code>snapshot</code>, which is the default value.</p>"
+        },
+        "SnapshotConfiguration":{
+          "shape":"FastLaunchSnapshotConfigurationRequest",
+          "documentation":"<p>Configuration settings for creating and managing the snapshots that are used for pre-provisioning the Windows AMI for faster launching. The associated <code>ResourceType</code> must be <code>snapshot</code>.</p>"
+        },
+        "LaunchTemplate":{
+          "shape":"FastLaunchLaunchTemplateSpecificationRequest",
+          "documentation":"<p>The launch template to use when launching Windows instances from pre-provisioned snapshots. Launch template parameters can include either the name or ID of the launch template, but not both.</p>"
+        },
+        "MaxParallelLaunches":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of parallel instances to launch for creating resources. Value must be <code>6</code> or greater. </p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "EnableFastLaunchResult":{
+      "type":"structure",
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The image ID that identifies the Windows AMI for which faster launching was enabled.</p>",
+          "locationName":"imageId"
+        },
+        "ResourceType":{
+          "shape":"FastLaunchResourceType",
+          "documentation":"<p>The type of resource that was defined for pre-provisioning the Windows AMI for faster launching.</p>",
+          "locationName":"resourceType"
+        },
+        "SnapshotConfiguration":{
+          "shape":"FastLaunchSnapshotConfigurationResponse",
+          "documentation":"<p>The configuration settings that were defined for creating and managing the pre-provisioned snapshots for faster launching of the Windows AMI. This property is returned when the associated <code>resourceType</code> is <code>snapshot</code>.</p>",
+          "locationName":"snapshotConfiguration"
+        },
+        "LaunchTemplate":{
+          "shape":"FastLaunchLaunchTemplateSpecificationResponse",
+          "documentation":"<p>The launch template that is used when launching Windows instances from pre-provisioned snapshots.</p>",
+          "locationName":"launchTemplate"
+        },
+        "MaxParallelLaunches":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of parallel instances to launch for creating resources.</p>",
+          "locationName":"maxParallelLaunches"
+        },
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The owner ID for the Windows AMI for which faster launching was enabled.</p>",
+          "locationName":"ownerId"
+        },
+        "State":{
+          "shape":"FastLaunchStateCode",
+          "documentation":"<p>The current state of faster launching for the specified Windows AMI.</p>",
+          "locationName":"state"
+        },
+        "StateTransitionReason":{
+          "shape":"String",
+          "documentation":"<p>The reason that the state changed for faster launching for the Windows AMI.</p>",
+          "locationName":"stateTransitionReason"
+        },
+        "StateTransitionTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The time that the state changed for faster launching for the Windows AMI.</p>",
+          "locationName":"stateTransitionTime"
+        }
+      }
+    },
     "EnableFastSnapshotRestoreErrorItem":{
       "type":"structure",
       "members":{
@@ -21703,6 +23429,30 @@
         }
       }
     },
+    "EnableIpamOrganizationAdminAccountRequest":{
+      "type":"structure",
+      "required":["DelegatedAdminAccountId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "DelegatedAdminAccountId":{
+          "shape":"String",
+          "documentation":"<p>The Organizations member account ID that you want to enable as the IPAM account.</p>"
+        }
+      }
+    },
+    "EnableIpamOrganizationAdminAccountResult":{
+      "type":"structure",
+      "members":{
+        "Success":{
+          "shape":"Boolean",
+          "documentation":"<p>The result of enabling the IPAM account.</p>",
+          "locationName":"success"
+        }
+      }
+    },
     "EnableSerialConsoleAccessRequest":{
       "type":"structure",
       "members":{
@@ -22646,6 +24396,89 @@
         "locationName":"item"
       }
     },
+    "FastLaunchImageIdList":{
+      "type":"list",
+      "member":{
+        "shape":"ImageId",
+        "locationName":"ImageId"
+      }
+    },
+    "FastLaunchLaunchTemplateSpecificationRequest":{
+      "type":"structure",
+      "required":["Version"],
+      "members":{
+        "LaunchTemplateId":{
+          "shape":"LaunchTemplateId",
+          "documentation":"<p>The ID of the launch template to use for faster launching for a Windows AMI.</p>"
+        },
+        "LaunchTemplateName":{
+          "shape":"String",
+          "documentation":"<p>The name of the launch template to use for faster launching for a Windows AMI.</p>"
+        },
+        "Version":{
+          "shape":"String",
+          "documentation":"<p>The version of the launch template to use for faster launching for a Windows AMI.</p>"
+        }
+      },
+      "documentation":"<p>Request to create a launch template for a fast-launch enabled Windows AMI.</p> <note> <p>Note - You can specify either the <code>LaunchTemplateName</code> or the <code>LaunchTemplateId</code>, but not both.</p> </note>"
+    },
+    "FastLaunchLaunchTemplateSpecificationResponse":{
+      "type":"structure",
+      "members":{
+        "LaunchTemplateId":{
+          "shape":"LaunchTemplateId",
+          "documentation":"<p>The ID of the launch template for faster launching of the associated Windows AMI.</p>",
+          "locationName":"launchTemplateId"
+        },
+        "LaunchTemplateName":{
+          "shape":"String",
+          "documentation":"<p>The name of the launch template for faster launching of the associated Windows AMI.</p>",
+          "locationName":"launchTemplateName"
+        },
+        "Version":{
+          "shape":"String",
+          "documentation":"<p>The version of the launch template for faster launching of the associated Windows AMI.</p>",
+          "locationName":"version"
+        }
+      },
+      "documentation":"<p>Identifies the launch template to use for faster launching of the Windows AMI.</p>"
+    },
+    "FastLaunchResourceType":{
+      "type":"string",
+      "enum":["snapshot"]
+    },
+    "FastLaunchSnapshotConfigurationRequest":{
+      "type":"structure",
+      "members":{
+        "TargetResourceCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of pre-provisioned snapshots to keep on hand for a fast-launch enabled Windows AMI.</p>"
+        }
+      },
+      "documentation":"<p>Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI.</p>"
+    },
+    "FastLaunchSnapshotConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "TargetResourceCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of pre-provisioned snapshots requested to keep on hand for a fast-launch enabled Windows AMI.</p>",
+          "locationName":"targetResourceCount"
+        }
+      },
+      "documentation":"<p>Configuration settings for creating and managing pre-provisioned snapshots for a fast-launch enabled Windows AMI.</p>"
+    },
+    "FastLaunchStateCode":{
+      "type":"string",
+      "enum":[
+        "enabling",
+        "enabling-failed",
+        "enabled",
+        "enabled-failed",
+        "disabling",
+        "disabling-failed"
+      ]
+    },
     "FastSnapshotRestoreStateCode":{
       "type":"string",
       "enum":[
@@ -22695,11 +24528,11 @@
         },
         "Values":{
           "shape":"ValueStringList",
-          "documentation":"<p>The filter values. Filter values are case-sensitive.</p>",
+          "documentation":"<p>The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
           "locationName":"Value"
         }
       },
-      "documentation":"<p>A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.</p>"
+      "documentation":"<p>A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.</p> <p>If you specify multiple filters, the filters are joined with an <code>AND</code>, and the request returns only results that match all of the specified filters.</p>"
     },
     "FilterList":{
       "type":"list",
@@ -22708,6 +24541,14 @@
         "locationName":"Filter"
       }
     },
+    "FindingsFound":{
+      "type":"string",
+      "enum":[
+        "true",
+        "false",
+        "unknown"
+      ]
+    },
     "FleetActivityStatus":{
       "type":"string",
       "enum":[
@@ -23142,7 +24983,7 @@
         },
         "TerminationDelay":{
           "shape":"Integer",
-          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p>",
+          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p> <p>Required when <code>ReplacementStrategy</code> is set to <code>launch-before-terminate</code>.</p> <p>Not valid when <code>ReplacementStrategy</code> is set to <code>launch</code>.</p> <p>Valid values: Minimum value of <code>120</code> seconds. Maximum value of <code>7200</code> seconds.</p>",
           "locationName":"terminationDelay"
         }
       },
@@ -23157,10 +24998,10 @@
         },
         "TerminationDelay":{
           "shape":"Integer",
-          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p>"
+          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p> <p>Required when <code>ReplacementStrategy</code> is set to <code>launch-before-terminate</code>.</p> <p>Not valid when <code>ReplacementStrategy</code> is set to <code>launch</code>.</p> <p>Valid values: Minimum value of <code>120</code> seconds. Maximum value of <code>7200</code> seconds.</p>"
         }
       },
-      "documentation":"<p>The Spot Instance replacement strategy to use when Amazon EC2 emits a rebalance notification signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#ec2-fleet-capacity-rebalance\">Capacity rebalancing</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>The Spot Instance replacement strategy to use when Amazon EC2 emits a rebalance notification signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-capacity-rebalance.html\">Capacity rebalancing</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
     "FleetSpotMaintenanceStrategies":{
       "type":"structure",
@@ -23546,6 +25387,15 @@
       "max":1000,
       "min":200
     },
+    "GatewayAssociationState":{
+      "type":"string",
+      "enum":[
+        "associated",
+        "not-associated",
+        "associating",
+        "disassociating"
+      ]
+    },
     "GatewayType":{
       "type":"string",
       "enum":["ipsec.1"]
@@ -24030,6 +25880,214 @@
         }
       }
     },
+    "GetIpamAddressHistoryRequest":{
+      "type":"structure",
+      "required":[
+        "Cidr",
+        "IpamScopeId"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR you want the history of. The CIDR can be an IPv4 or IPv6 IP address range. If you enter a /16 IPv4 CIDR, you will get records that match it exactly. You will not get records for any subnets within the /16 CIDR.</p>"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the IPAM scope that the CIDR is in.</p>"
+        },
+        "VpcId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the VPC you want your history records filtered by.</p>"
+        },
+        "StartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The start of the time period for which you are looking for history. If you omit this option, it will default to the value of EndTime.</p>"
+        },
+        "EndTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The end of the time period for which you are looking for history. If you omit this option, it will default to the current time.</p>"
+        },
+        "MaxResults":{
+          "shape":"IpamAddressHistoryMaxResults",
+          "documentation":"<p>The maximum number of historical results you would like returned per page. Defaults to 100.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "GetIpamAddressHistoryResult":{
+      "type":"structure",
+      "members":{
+        "HistoryRecords":{
+          "shape":"IpamAddressHistoryRecordSet",
+          "documentation":"<p>A historical record for a CIDR within an IPAM scope. If the CIDR is associated with an EC2 instance, you will see an object in the response for the instance and one for the network interface.</p>",
+          "locationName":"historyRecordSet"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetIpamPoolAllocationsMaxResults":{
+      "type":"integer",
+      "max":100000,
+      "min":1000
+    },
+    "GetIpamPoolAllocationsRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool you want to see the allocations for.</p>"
+        },
+        "IpamPoolAllocationId":{
+          "shape":"IpamPoolAllocationId",
+          "documentation":"<p>The ID of the allocation.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"GetIpamPoolAllocationsMaxResults",
+          "documentation":"<p>The maximum number of results you would like returned per page.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "GetIpamPoolAllocationsResult":{
+      "type":"structure",
+      "members":{
+        "IpamPoolAllocations":{
+          "shape":"IpamPoolAllocationSet",
+          "documentation":"<p>The IPAM pool allocations you want information on.</p>",
+          "locationName":"ipamPoolAllocationSet"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetIpamPoolCidrsRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool you want the CIDR for.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"IpamMaxResults",
+          "documentation":"<p>The maximum number of results to return in the request.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "GetIpamPoolCidrsResult":{
+      "type":"structure",
+      "members":{
+        "IpamPoolCidrs":{
+          "shape":"IpamPoolCidrSet",
+          "documentation":"<p>Information about the CIDRs provisioned to an IPAM pool.</p>",
+          "locationName":"ipamPoolCidrSet"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetIpamResourceCidrsRequest":{
+      "type":"structure",
+      "required":["IpamScopeId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p>One or more filters for the request. For more information about filtering, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html\">Filtering CLI output</a>.</p>",
+          "locationName":"Filter"
+        },
+        "MaxResults":{
+          "shape":"IpamMaxResults",
+          "documentation":"<p>The maximum number of results to return in the request.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope that the resource is in.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool that the resource is in.</p>"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "ResourceType":{
+          "shape":"IpamResourceType",
+          "documentation":"<p>The resource type.</p>"
+        },
+        "ResourceTag":{"shape":"RequestIpamResourceTag"},
+        "ResourceOwner":{
+          "shape":"String",
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the resource.</p>"
+        }
+      }
+    },
+    "GetIpamResourceCidrsResult":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        },
+        "IpamResourceCidrs":{
+          "shape":"IpamResourceCidrSet",
+          "documentation":"<p>The resource CIDRs.</p>",
+          "locationName":"ipamResourceCidrSet"
+        }
+      }
+    },
     "GetLaunchTemplateDataRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -24137,6 +26195,77 @@
         }
       }
     },
+    "GetNetworkInsightsAccessScopeAnalysisFindingsRequest":{
+      "type":"structure",
+      "required":["NetworkInsightsAccessScopeAnalysisId"],
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>"
+        },
+        "MaxResults":{
+          "shape":"NetworkInsightsMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "GetNetworkInsightsAccessScopeAnalysisFindingsResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisId"
+        },
+        "AnalysisStatus":{
+          "shape":"AnalysisStatus",
+          "documentation":"<p>The status of Network Access Scope Analysis.</p>",
+          "locationName":"analysisStatus"
+        },
+        "AnalysisFindings":{
+          "shape":"AccessScopeAnalysisFindingList",
+          "documentation":"<p>The findings associated with Network Access Scope Analysis.</p>",
+          "locationName":"analysisFindingSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetNetworkInsightsAccessScopeContentRequest":{
+      "type":"structure",
+      "required":["NetworkInsightsAccessScopeId"],
+      "members":{
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "GetNetworkInsightsAccessScopeContentResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeContent":{
+          "shape":"NetworkInsightsAccessScopeContent",
+          "documentation":"<p>The Network Access Scope content.</p>",
+          "locationName":"networkInsightsAccessScopeContent"
+        }
+      }
+    },
     "GetPasswordDataRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -24993,7 +27122,7 @@
           "locationName":"instanceFamily"
         },
         "OfferingId":{
-          "shape":"String",
+          "shape":"OfferingId",
           "documentation":"<p>The ID of the offering.</p>",
           "locationName":"offeringId"
         },
@@ -25084,7 +27213,7 @@
           "locationName":"hostIdSet"
         },
         "HostReservationId":{
-          "shape":"String",
+          "shape":"HostReservationId",
           "documentation":"<p>The ID of the reservation that specifies the associated Dedicated Hosts.</p>",
           "locationName":"hostReservationId"
         },
@@ -25099,7 +27228,7 @@
           "locationName":"instanceFamily"
         },
         "OfferingId":{
-          "shape":"String",
+          "shape":"OfferingId",
           "documentation":"<p>The ID of the reservation. This remains the same regardless of which Dedicated Hosts are associated with it.</p>",
           "locationName":"offeringId"
         },
@@ -25153,6 +27282,13 @@
         "host"
       ]
     },
+    "HostnameType":{
+      "type":"string",
+      "enum":[
+        "ip-name",
+        "resource-name"
+      ]
+    },
     "Hour":{
       "type":"integer",
       "max":23,
@@ -25606,6 +27742,44 @@
         "locationName":"item"
       }
     },
+    "ImageRecycleBinInfo":{
+      "type":"structure",
+      "members":{
+        "ImageId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the AMI.</p>",
+          "locationName":"imageId"
+        },
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>The name of the AMI.</p>",
+          "locationName":"name"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the AMI.</p>",
+          "locationName":"description"
+        },
+        "RecycleBinEnterTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the AMI entered the Recycle Bin.</p>",
+          "locationName":"recycleBinEnterTime"
+        },
+        "RecycleBinExitTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the AMI is to be permanently deleted from the Recycle Bin.</p>",
+          "locationName":"recycleBinExitTime"
+        }
+      },
+      "documentation":"<p>Information about an AMI that is currently in the Recycle Bin.</p>"
+    },
+    "ImageRecycleBinInfoList":{
+      "type":"list",
+      "member":{
+        "shape":"ImageRecycleBinInfo",
+        "locationName":"item"
+      }
+    },
     "ImageState":{
       "type":"string",
       "enum":[
@@ -25697,7 +27871,7 @@
       "members":{
         "Architecture":{
           "shape":"String",
-          "documentation":"<p>The architecture of the virtual machine.</p> <p>Valid values: <code>i386</code> | <code>x86_64</code> | <code>arm64</code> </p>"
+          "documentation":"<p>The architecture of the virtual machine.</p> <p>Valid values: <code>i386</code> | <code>x86_64</code> </p>"
         },
         "ClientData":{
           "shape":"ClientData",
@@ -26678,6 +28852,16 @@
           "shape":"MillisecondDateTime",
           "documentation":"<p>The time that the usage operation was last updated.</p>",
           "locationName":"usageOperationUpdateTime"
+        },
+        "PrivateDnsNameOptions":{
+          "shape":"PrivateDnsNameOptionsResponse",
+          "documentation":"<p>The options for the instance hostname.</p>",
+          "locationName":"privateDnsNameOptions"
+        },
+        "Ipv6Address":{
+          "shape":"String",
+          "documentation":"<p>The IPv6 address assigned to the instance.</p>",
+          "locationName":"ipv6Address"
         }
       },
       "documentation":"<p>Describes an instance.</p>"
@@ -27352,7 +29536,7 @@
       "members":{
         "HttpTokens":{
           "shape":"HttpTokensState",
-          "documentation":"<p>The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is <code>optional</code>.</p> <p>If the state is <code>optional</code>, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.</p> <p>If the state is <code>required</code>, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.</p>"
+          "documentation":"<p>The state of token usage for your instance metadata requests.</p> <p>If the state is <code>optional</code>, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.</p> <p>If the state is <code>required</code>, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available.</p> <p>Default: <code>optional</code> </p>"
         },
         "HttpPutResponseHopLimit":{
           "shape":"Integer",
@@ -27360,11 +29544,15 @@
         },
         "HttpEndpoint":{
           "shape":"InstanceMetadataEndpointState",
-          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is <code>enabled</code>.</p> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata.</p>"
+          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances.</p> <p>If you specify a value of <code>disabled</code>, you cannot access your instance metadata.</p> <p>Default: <code>enabled</code> </p>"
         },
         "HttpProtocolIpv6":{
           "shape":"InstanceMetadataProtocolState",
           "documentation":"<p>Enables or disables the IPv6 endpoint for the instance metadata service.</p>"
+        },
+        "InstanceMetadataTags":{
+          "shape":"InstanceMetadataTagsState",
+          "documentation":"<p>Set to <code>enabled</code> to allow access to instance tags from the instance metadata. Set to <code>disabled</code> to turn off access to instance tags from the instance metadata. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a>.</p> <p>Default: <code>disabled</code> </p>"
         }
       },
       "documentation":"<p>The metadata options for the instance.</p>"
@@ -27379,7 +29567,7 @@
         },
         "HttpTokens":{
           "shape":"HttpTokensState",
-          "documentation":"<p>The state of token usage for your instance metadata requests. If the parameter is not specified in the request, the default state is <code>optional</code>.</p> <p>If the state is <code>optional</code>, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.</p> <p>If the state is <code>required</code>, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.</p>",
+          "documentation":"<p>The state of token usage for your instance metadata requests.</p> <p>If the state is <code>optional</code>, you can choose to retrieve instance metadata with or without a signed token header on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid signed token, the version 2.0 role credentials are returned.</p> <p>If the state is <code>required</code>, you must send a signed token header with any instance metadata retrieval requests. In this state, retrieving the IAM role credential always returns the version 2.0 credentials; the version 1.0 credentials are not available.</p> <p>Default: <code>optional</code> </p>",
           "locationName":"httpTokens"
         },
         "HttpPutResponseHopLimit":{
@@ -27389,13 +29577,18 @@
         },
         "HttpEndpoint":{
           "shape":"InstanceMetadataEndpointState",
-          "documentation":"<p>Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled.</p>",
+          "documentation":"<p>Indicates whether the HTTP metadata endpoint on your instances is enabled or disabled.</p> <p>If the value is <code>disabled</code>, you cannot access your instance metadata.</p>",
           "locationName":"httpEndpoint"
         },
         "HttpProtocolIpv6":{
           "shape":"InstanceMetadataProtocolState",
           "documentation":"<p>Indicates whether the IPv6 endpoint for the instance metadata service is enabled or disabled.</p>",
           "locationName":"httpProtocolIpv6"
+        },
+        "InstanceMetadataTags":{
+          "shape":"InstanceMetadataTagsState",
+          "documentation":"<p>Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a>.</p>",
+          "locationName":"instanceMetadataTags"
         }
       },
       "documentation":"<p>The metadata options for the instance.</p>"
@@ -27414,6 +29607,13 @@
         "enabled"
       ]
     },
+    "InstanceMetadataTagsState":{
+      "type":"string",
+      "enum":[
+        "disabled",
+        "enabled"
+      ]
+    },
     "InstanceMonitoring":{
       "type":"structure",
       "members":{
@@ -28241,154 +30441,12 @@
     "InstanceType":{
       "type":"string",
       "enum":[
-        "t1.micro",
-        "t2.nano",
-        "t2.micro",
-        "t2.small",
-        "t2.medium",
-        "t2.large",
-        "t2.xlarge",
-        "t2.2xlarge",
-        "t3.nano",
-        "t3.micro",
-        "t3.small",
-        "t3.medium",
-        "t3.large",
-        "t3.xlarge",
-        "t3.2xlarge",
-        "t3a.nano",
-        "t3a.micro",
-        "t3a.small",
-        "t3a.medium",
-        "t3a.large",
-        "t3a.xlarge",
-        "t3a.2xlarge",
-        "t4g.nano",
-        "t4g.micro",
-        "t4g.small",
-        "t4g.medium",
-        "t4g.large",
-        "t4g.xlarge",
-        "t4g.2xlarge",
-        "m1.small",
-        "m1.medium",
-        "m1.large",
-        "m1.xlarge",
-        "m3.medium",
-        "m3.large",
-        "m3.xlarge",
-        "m3.2xlarge",
-        "m4.large",
-        "m4.xlarge",
-        "m4.2xlarge",
-        "m4.4xlarge",
-        "m4.10xlarge",
-        "m4.16xlarge",
-        "m2.xlarge",
-        "m2.2xlarge",
-        "m2.4xlarge",
-        "cr1.8xlarge",
-        "r3.large",
-        "r3.xlarge",
-        "r3.2xlarge",
-        "r3.4xlarge",
-        "r3.8xlarge",
-        "r4.large",
-        "r4.xlarge",
-        "r4.2xlarge",
-        "r4.4xlarge",
-        "r4.8xlarge",
-        "r4.16xlarge",
-        "r5.large",
-        "r5.xlarge",
-        "r5.2xlarge",
-        "r5.4xlarge",
-        "r5.8xlarge",
-        "r5.12xlarge",
-        "r5.16xlarge",
-        "r5.24xlarge",
-        "r5.metal",
-        "r5a.large",
-        "r5a.xlarge",
-        "r5a.2xlarge",
-        "r5a.4xlarge",
-        "r5a.8xlarge",
-        "r5a.12xlarge",
-        "r5a.16xlarge",
-        "r5a.24xlarge",
-        "r5b.large",
-        "r5b.xlarge",
-        "r5b.2xlarge",
-        "r5b.4xlarge",
-        "r5b.8xlarge",
-        "r5b.12xlarge",
-        "r5b.16xlarge",
-        "r5b.24xlarge",
-        "r5b.metal",
-        "r5d.large",
-        "r5d.xlarge",
-        "r5d.2xlarge",
-        "r5d.4xlarge",
-        "r5d.8xlarge",
-        "r5d.12xlarge",
-        "r5d.16xlarge",
-        "r5d.24xlarge",
-        "r5d.metal",
-        "r5ad.large",
-        "r5ad.xlarge",
-        "r5ad.2xlarge",
-        "r5ad.4xlarge",
-        "r5ad.8xlarge",
-        "r5ad.12xlarge",
-        "r5ad.16xlarge",
-        "r5ad.24xlarge",
-        "r6g.metal",
-        "r6g.medium",
-        "r6g.large",
-        "r6g.xlarge",
-        "r6g.2xlarge",
-        "r6g.4xlarge",
-        "r6g.8xlarge",
-        "r6g.12xlarge",
-        "r6g.16xlarge",
-        "r6gd.metal",
-        "r6gd.medium",
-        "r6gd.large",
-        "r6gd.xlarge",
-        "r6gd.2xlarge",
-        "r6gd.4xlarge",
-        "r6gd.8xlarge",
-        "r6gd.12xlarge",
-        "r6gd.16xlarge",
-        "x1.16xlarge",
-        "x1.32xlarge",
-        "x1e.xlarge",
-        "x1e.2xlarge",
-        "x1e.4xlarge",
-        "x1e.8xlarge",
-        "x1e.16xlarge",
-        "x1e.32xlarge",
-        "i2.xlarge",
-        "i2.2xlarge",
-        "i2.4xlarge",
-        "i2.8xlarge",
-        "i3.large",
-        "i3.xlarge",
-        "i3.2xlarge",
-        "i3.4xlarge",
-        "i3.8xlarge",
-        "i3.16xlarge",
-        "i3.metal",
-        "i3en.large",
-        "i3en.xlarge",
-        "i3en.2xlarge",
-        "i3en.3xlarge",
-        "i3en.6xlarge",
-        "i3en.12xlarge",
-        "i3en.24xlarge",
-        "i3en.metal",
-        "hi1.4xlarge",
-        "hs1.8xlarge",
+        "a1.medium",
+        "a1.large",
+        "a1.xlarge",
+        "a1.2xlarge",
+        "a1.4xlarge",
+        "a1.metal",
         "c1.medium",
         "c1.xlarge",
         "c3.large",
@@ -28442,7 +30500,6 @@
         "c5n.9xlarge",
         "c5n.18xlarge",
         "c5n.metal",
-        "c6g.metal",
         "c6g.medium",
         "c6g.large",
         "c6g.xlarge",
@@ -28451,7 +30508,7 @@
         "c6g.8xlarge",
         "c6g.12xlarge",
         "c6g.16xlarge",
-        "c6gd.metal",
+        "c6g.metal",
         "c6gd.medium",
         "c6gd.large",
         "c6gd.xlarge",
@@ -28460,6 +30517,7 @@
         "c6gd.8xlarge",
         "c6gd.12xlarge",
         "c6gd.16xlarge",
+        "c6gd.metal",
         "c6gn.medium",
         "c6gn.large",
         "c6gn.xlarge",
@@ -28468,35 +30526,20 @@
         "c6gn.8xlarge",
         "c6gn.12xlarge",
         "c6gn.16xlarge",
+        "c6i.large",
+        "c6i.xlarge",
+        "c6i.2xlarge",
+        "c6i.4xlarge",
+        "c6i.8xlarge",
+        "c6i.12xlarge",
+        "c6i.16xlarge",
+        "c6i.24xlarge",
+        "c6i.32xlarge",
+        "c6i.metal",
         "cc1.4xlarge",
         "cc2.8xlarge",
-        "g2.2xlarge",
-        "g2.8xlarge",
-        "g3.4xlarge",
-        "g3.8xlarge",
-        "g3.16xlarge",
-        "g3s.xlarge",
-        "g4ad.xlarge",
-        "g4ad.2xlarge",
-        "g4ad.4xlarge",
-        "g4ad.8xlarge",
-        "g4ad.16xlarge",
-        "g4dn.xlarge",
-        "g4dn.2xlarge",
-        "g4dn.4xlarge",
-        "g4dn.8xlarge",
-        "g4dn.12xlarge",
-        "g4dn.16xlarge",
-        "g4dn.metal",
         "cg1.4xlarge",
-        "p2.xlarge",
-        "p2.8xlarge",
-        "p2.16xlarge",
-        "p3.2xlarge",
-        "p3.8xlarge",
-        "p3.16xlarge",
-        "p3dn.24xlarge",
-        "p4d.24xlarge",
+        "cr1.8xlarge",
         "d2.xlarge",
         "d2.2xlarge",
         "d2.4xlarge",
@@ -28515,6 +30558,97 @@
         "f1.2xlarge",
         "f1.4xlarge",
         "f1.16xlarge",
+        "g2.2xlarge",
+        "g2.8xlarge",
+        "g3.4xlarge",
+        "g3.8xlarge",
+        "g3.16xlarge",
+        "g3s.xlarge",
+        "g4ad.xlarge",
+        "g4ad.2xlarge",
+        "g4ad.4xlarge",
+        "g4ad.8xlarge",
+        "g4ad.16xlarge",
+        "g4dn.xlarge",
+        "g4dn.2xlarge",
+        "g4dn.4xlarge",
+        "g4dn.8xlarge",
+        "g4dn.12xlarge",
+        "g4dn.16xlarge",
+        "g4dn.metal",
+        "g5.xlarge",
+        "g5.2xlarge",
+        "g5.4xlarge",
+        "g5.8xlarge",
+        "g5.12xlarge",
+        "g5.16xlarge",
+        "g5.24xlarge",
+        "g5.48xlarge",
+        "g5g.xlarge",
+        "g5g.2xlarge",
+        "g5g.4xlarge",
+        "g5g.8xlarge",
+        "g5g.16xlarge",
+        "g5g.metal",
+        "hi1.4xlarge",
+        "hpc6a.48xlarge",
+        "hs1.8xlarge",
+        "h1.2xlarge",
+        "h1.4xlarge",
+        "h1.8xlarge",
+        "h1.16xlarge",
+        "i2.xlarge",
+        "i2.2xlarge",
+        "i2.4xlarge",
+        "i2.8xlarge",
+        "i3.large",
+        "i3.xlarge",
+        "i3.2xlarge",
+        "i3.4xlarge",
+        "i3.8xlarge",
+        "i3.16xlarge",
+        "i3.metal",
+        "i3en.large",
+        "i3en.xlarge",
+        "i3en.2xlarge",
+        "i3en.3xlarge",
+        "i3en.6xlarge",
+        "i3en.12xlarge",
+        "i3en.24xlarge",
+        "i3en.metal",
+        "im4gn.large",
+        "im4gn.xlarge",
+        "im4gn.2xlarge",
+        "im4gn.4xlarge",
+        "im4gn.8xlarge",
+        "im4gn.16xlarge",
+        "inf1.xlarge",
+        "inf1.2xlarge",
+        "inf1.6xlarge",
+        "inf1.24xlarge",
+        "is4gen.medium",
+        "is4gen.large",
+        "is4gen.xlarge",
+        "is4gen.2xlarge",
+        "is4gen.4xlarge",
+        "is4gen.8xlarge",
+        "m1.small",
+        "m1.medium",
+        "m1.large",
+        "m1.xlarge",
+        "m2.xlarge",
+        "m2.2xlarge",
+        "m2.4xlarge",
+        "m3.medium",
+        "m3.large",
+        "m3.xlarge",
+        "m3.2xlarge",
+        "m4.large",
+        "m4.xlarge",
+        "m4.2xlarge",
+        "m4.4xlarge",
+        "m4.10xlarge",
+        "m4.16xlarge",
         "m5.large",
         "m5.xlarge",
         "m5.2xlarge",
@@ -28532,6 +30666,14 @@
         "m5a.12xlarge",
         "m5a.16xlarge",
         "m5a.24xlarge",
+        "m5ad.large",
+        "m5ad.xlarge",
+        "m5ad.2xlarge",
+        "m5ad.4xlarge",
+        "m5ad.8xlarge",
+        "m5ad.12xlarge",
+        "m5ad.16xlarge",
+        "m5ad.24xlarge",
         "m5d.large",
         "m5d.xlarge",
         "m5d.2xlarge",
@@ -28541,47 +30683,6 @@
         "m5d.16xlarge",
         "m5d.24xlarge",
         "m5d.metal",
-        "m5ad.large",
-        "m5ad.xlarge",
-        "m5ad.2xlarge",
-        "m5ad.4xlarge",
-        "m5ad.8xlarge",
-        "m5ad.12xlarge",
-        "m5ad.16xlarge",
-        "m5ad.24xlarge",
-        "m5zn.large",
-        "m5zn.xlarge",
-        "m5zn.2xlarge",
-        "m5zn.3xlarge",
-        "m5zn.6xlarge",
-        "m5zn.12xlarge",
-        "m5zn.metal",
-        "h1.2xlarge",
-        "h1.4xlarge",
-        "h1.8xlarge",
-        "h1.16xlarge",
-        "z1d.large",
-        "z1d.xlarge",
-        "z1d.2xlarge",
-        "z1d.3xlarge",
-        "z1d.6xlarge",
-        "z1d.12xlarge",
-        "z1d.metal",
-        "u-6tb1.56xlarge",
-        "u-6tb1.112xlarge",
-        "u-9tb1.112xlarge",
-        "u-12tb1.112xlarge",
-        "u-6tb1.metal",
-        "u-9tb1.metal",
-        "u-12tb1.metal",
-        "u-18tb1.metal",
-        "u-24tb1.metal",
-        "a1.medium",
-        "a1.large",
-        "a1.xlarge",
-        "a1.2xlarge",
-        "a1.4xlarge",
-        "a1.metal",
         "m5dn.large",
         "m5dn.xlarge",
         "m5dn.2xlarge",
@@ -28600,28 +30701,23 @@
         "m5n.16xlarge",
         "m5n.24xlarge",
         "m5n.metal",
-        "r5dn.large",
-        "r5dn.xlarge",
-        "r5dn.2xlarge",
-        "r5dn.4xlarge",
-        "r5dn.8xlarge",
-        "r5dn.12xlarge",
-        "r5dn.16xlarge",
-        "r5dn.24xlarge",
-        "r5dn.metal",
-        "r5n.large",
-        "r5n.xlarge",
-        "r5n.2xlarge",
-        "r5n.4xlarge",
-        "r5n.8xlarge",
-        "r5n.12xlarge",
-        "r5n.16xlarge",
-        "r5n.24xlarge",
-        "r5n.metal",
-        "inf1.xlarge",
-        "inf1.2xlarge",
-        "inf1.6xlarge",
-        "inf1.24xlarge",
+        "m5zn.large",
+        "m5zn.xlarge",
+        "m5zn.2xlarge",
+        "m5zn.3xlarge",
+        "m5zn.6xlarge",
+        "m5zn.12xlarge",
+        "m5zn.metal",
+        "m6a.large",
+        "m6a.xlarge",
+        "m6a.2xlarge",
+        "m6a.4xlarge",
+        "m6a.8xlarge",
+        "m6a.12xlarge",
+        "m6a.16xlarge",
+        "m6a.24xlarge",
+        "m6a.32xlarge",
+        "m6a.48xlarge",
         "m6g.metal",
         "m6g.medium",
         "m6g.large",
@@ -28649,7 +30745,171 @@
         "m6i.16xlarge",
         "m6i.24xlarge",
         "m6i.32xlarge",
+        "m6i.metal",
         "mac1.metal",
+        "p2.xlarge",
+        "p2.8xlarge",
+        "p2.16xlarge",
+        "p3.2xlarge",
+        "p3.8xlarge",
+        "p3.16xlarge",
+        "p3dn.24xlarge",
+        "p4d.24xlarge",
+        "r3.large",
+        "r3.xlarge",
+        "r3.2xlarge",
+        "r3.4xlarge",
+        "r3.8xlarge",
+        "r4.large",
+        "r4.xlarge",
+        "r4.2xlarge",
+        "r4.4xlarge",
+        "r4.8xlarge",
+        "r4.16xlarge",
+        "r5.large",
+        "r5.xlarge",
+        "r5.2xlarge",
+        "r5.4xlarge",
+        "r5.8xlarge",
+        "r5.12xlarge",
+        "r5.16xlarge",
+        "r5.24xlarge",
+        "r5.metal",
+        "r5a.large",
+        "r5a.xlarge",
+        "r5a.2xlarge",
+        "r5a.4xlarge",
+        "r5a.8xlarge",
+        "r5a.12xlarge",
+        "r5a.16xlarge",
+        "r5a.24xlarge",
+        "r5ad.large",
+        "r5ad.xlarge",
+        "r5ad.2xlarge",
+        "r5ad.4xlarge",
+        "r5ad.8xlarge",
+        "r5ad.12xlarge",
+        "r5ad.16xlarge",
+        "r5ad.24xlarge",
+        "r5b.large",
+        "r5b.xlarge",
+        "r5b.2xlarge",
+        "r5b.4xlarge",
+        "r5b.8xlarge",
+        "r5b.12xlarge",
+        "r5b.16xlarge",
+        "r5b.24xlarge",
+        "r5b.metal",
+        "r5d.large",
+        "r5d.xlarge",
+        "r5d.2xlarge",
+        "r5d.4xlarge",
+        "r5d.8xlarge",
+        "r5d.12xlarge",
+        "r5d.16xlarge",
+        "r5d.24xlarge",
+        "r5d.metal",
+        "r5dn.large",
+        "r5dn.xlarge",
+        "r5dn.2xlarge",
+        "r5dn.4xlarge",
+        "r5dn.8xlarge",
+        "r5dn.12xlarge",
+        "r5dn.16xlarge",
+        "r5dn.24xlarge",
+        "r5dn.metal",
+        "r5n.large",
+        "r5n.xlarge",
+        "r5n.2xlarge",
+        "r5n.4xlarge",
+        "r5n.8xlarge",
+        "r5n.12xlarge",
+        "r5n.16xlarge",
+        "r5n.24xlarge",
+        "r5n.metal",
+        "r6g.medium",
+        "r6g.large",
+        "r6g.xlarge",
+        "r6g.2xlarge",
+        "r6g.4xlarge",
+        "r6g.8xlarge",
+        "r6g.12xlarge",
+        "r6g.16xlarge",
+        "r6g.metal",
+        "r6gd.medium",
+        "r6gd.large",
+        "r6gd.xlarge",
+        "r6gd.2xlarge",
+        "r6gd.4xlarge",
+        "r6gd.8xlarge",
+        "r6gd.12xlarge",
+        "r6gd.16xlarge",
+        "r6gd.metal",
+        "r6i.large",
+        "r6i.xlarge",
+        "r6i.2xlarge",
+        "r6i.4xlarge",
+        "r6i.8xlarge",
+        "r6i.12xlarge",
+        "r6i.16xlarge",
+        "r6i.24xlarge",
+        "r6i.32xlarge",
+        "r6i.metal",
+        "t1.micro",
+        "t2.nano",
+        "t2.micro",
+        "t2.small",
+        "t2.medium",
+        "t2.large",
+        "t2.xlarge",
+        "t2.2xlarge",
+        "t3.nano",
+        "t3.micro",
+        "t3.small",
+        "t3.medium",
+        "t3.large",
+        "t3.xlarge",
+        "t3.2xlarge",
+        "t3a.nano",
+        "t3a.micro",
+        "t3a.small",
+        "t3a.medium",
+        "t3a.large",
+        "t3a.xlarge",
+        "t3a.2xlarge",
+        "t4g.nano",
+        "t4g.micro",
+        "t4g.small",
+        "t4g.medium",
+        "t4g.large",
+        "t4g.xlarge",
+        "t4g.2xlarge",
+        "u-6tb1.56xlarge",
+        "u-6tb1.112xlarge",
+        "u-9tb1.112xlarge",
+        "u-12tb1.112xlarge",
+        "u-6tb1.metal",
+        "u-9tb1.metal",
+        "u-12tb1.metal",
+        "u-18tb1.metal",
+        "u-24tb1.metal",
+        "vt1.3xlarge",
+        "vt1.6xlarge",
+        "vt1.24xlarge",
+        "x1.16xlarge",
+        "x1.32xlarge",
+        "x1e.xlarge",
+        "x1e.2xlarge",
+        "x1e.4xlarge",
+        "x1e.8xlarge",
+        "x1e.16xlarge",
+        "x1e.32xlarge",
+        "x2iezn.2xlarge",
+        "x2iezn.4xlarge",
+        "x2iezn.6xlarge",
+        "x2iezn.8xlarge",
+        "x2iezn.12xlarge",
+        "x2iezn.metal",
         "x2gd.medium",
         "x2gd.large",
         "x2gd.xlarge",
@@ -28659,9 +30919,13 @@
         "x2gd.12xlarge",
         "x2gd.16xlarge",
         "x2gd.metal",
-        "vt1.3xlarge",
-        "vt1.6xlarge",
-        "vt1.24xlarge"
+        "z1d.large",
+        "z1d.xlarge",
+        "z1d.2xlarge",
+        "z1d.3xlarge",
+        "z1d.6xlarge",
+        "z1d.12xlarge",
+        "z1d.metal"
       ]
     },
     "InstanceTypeHypervisor":{
@@ -29075,6 +31339,718 @@
         "locationName":"item"
       }
     },
+    "Ipam":{
+      "type":"structure",
+      "members":{
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID of the owner of the IPAM.</p>",
+          "locationName":"ownerId"
+        },
+        "IpamId":{
+          "shape":"IpamId",
+          "documentation":"<p>The ID of the IPAM.</p>",
+          "locationName":"ipamId"
+        },
+        "IpamArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the IPAM.</p>",
+          "locationName":"ipamArn"
+        },
+        "IpamRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the IPAM.</p>",
+          "locationName":"ipamRegion"
+        },
+        "PublicDefaultScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the IPAM's default public scope.</p>",
+          "locationName":"publicDefaultScopeId"
+        },
+        "PrivateDefaultScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the IPAM's default private scope.</p>",
+          "locationName":"privateDefaultScopeId"
+        },
+        "ScopeCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see <a href=\"/vpc/latest/ipam/quotas-ipam.html\">Quotas in IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>",
+          "locationName":"scopeCount"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description for the IPAM.</p>",
+          "locationName":"description"
+        },
+        "OperatingRegions":{
+          "shape":"IpamOperatingRegionSet",
+          "documentation":"<p>The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"operatingRegionSet"
+        },
+        "State":{
+          "shape":"IpamState",
+          "documentation":"<p>The state of the IPAM.</p>",
+          "locationName":"state"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"tagSet"
+        }
+      },
+      "documentation":"<p>IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see <a href=\"/vpc/latest/ipam/what-is-it-ipam.html\">What is IPAM?</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
+    "IpamAddressHistoryMaxResults":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
+    "IpamAddressHistoryRecord":{
+      "type":"structure",
+      "members":{
+        "ResourceOwnerId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource owner.</p>",
+          "locationName":"resourceOwnerId"
+        },
+        "ResourceRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the resource.</p>",
+          "locationName":"resourceRegion"
+        },
+        "ResourceType":{
+          "shape":"IpamAddressHistoryResourceType",
+          "documentation":"<p>The type of the resource.</p>",
+          "locationName":"resourceType"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource.</p>",
+          "locationName":"resourceId"
+        },
+        "ResourceCidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR of the resource.</p>",
+          "locationName":"resourceCidr"
+        },
+        "ResourceName":{
+          "shape":"String",
+          "documentation":"<p>The name of the resource.</p>",
+          "locationName":"resourceName"
+        },
+        "ResourceComplianceStatus":{
+          "shape":"IpamComplianceStatus",
+          "documentation":"<p>The compliance status of a resource. For more information on compliance statuses, see <a href=\"/vpc/latest/ipam/monitor-cidr-compliance-ipam.html\">Monitor CIDR usage by resource</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"resourceComplianceStatus"
+        },
+        "ResourceOverlapStatus":{
+          "shape":"IpamOverlapStatus",
+          "documentation":"<p>The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see <a href=\"/vpc/latest/ipam/monitor-cidr-compliance-ipam.html\">Monitor CIDR usage by resource</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"resourceOverlapStatus"
+        },
+        "VpcId":{
+          "shape":"String",
+          "documentation":"<p>The VPC ID of the resource.</p>",
+          "locationName":"vpcId"
+        },
+        "SampledStartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Sampled start time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the start time may have occurred before this specific time.</p>",
+          "locationName":"sampledStartTime"
+        },
+        "SampledEndTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Sampled end time of the resource-to-CIDR association within the IPAM scope. Changes are picked up in periodic snapshots, so the end time may have occurred before this specific time.</p>",
+          "locationName":"sampledEndTime"
+        }
+      },
+      "documentation":"<p>The historical record of a CIDR within an IPAM scope. For more information, see <a href=\"/vpc/latest/ipam/view-history-cidr-ipam.html\">View the history of IP addresses</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>"
+    },
+    "IpamAddressHistoryRecordSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamAddressHistoryRecord",
+        "locationName":"item"
+      }
+    },
+    "IpamAddressHistoryResourceType":{
+      "type":"string",
+      "enum":[
+        "eip",
+        "vpc",
+        "subnet",
+        "network-interface",
+        "instance"
+      ]
+    },
+    "IpamCidrAuthorizationContext":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"String",
+          "documentation":"<p>The plain-text authorization message for the prefix and account.</p>"
+        },
+        "Signature":{
+          "shape":"String",
+          "documentation":"<p>The signed authorization message for the prefix and account.</p>"
+        }
+      },
+      "documentation":"<p>A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.</p>"
+    },
+    "IpamComplianceStatus":{
+      "type":"string",
+      "enum":[
+        "compliant",
+        "noncompliant",
+        "unmanaged",
+        "ignored"
+      ]
+    },
+    "IpamId":{"type":"string"},
+    "IpamManagementState":{
+      "type":"string",
+      "enum":[
+        "managed",
+        "unmanaged",
+        "ignored"
+      ]
+    },
+    "IpamMaxResults":{
+      "type":"integer",
+      "max":1000,
+      "min":5
+    },
+    "IpamNetmaskLength":{
+      "type":"integer",
+      "max":128,
+      "min":0
+    },
+    "IpamOperatingRegion":{
+      "type":"structure",
+      "members":{
+        "RegionName":{
+          "shape":"String",
+          "documentation":"<p>The name of the operating Region.</p>",
+          "locationName":"regionName"
+        }
+      },
+      "documentation":"<p>The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>"
+    },
+    "IpamOperatingRegionSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamOperatingRegion",
+        "locationName":"item"
+      }
+    },
+    "IpamOverlapStatus":{
+      "type":"string",
+      "enum":[
+        "overlapping",
+        "nonoverlapping",
+        "ignored"
+      ]
+    },
+    "IpamPool":{
+      "type":"structure",
+      "members":{
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID of the owner of the IPAM pool.</p>",
+          "locationName":"ownerId"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool.</p>",
+          "locationName":"ipamPoolId"
+        },
+        "SourceIpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.</p>",
+          "locationName":"sourceIpamPoolId"
+        },
+        "IpamPoolArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the IPAM pool.</p>",
+          "locationName":"ipamPoolArn"
+        },
+        "IpamScopeArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the scope of the IPAM pool.</p>",
+          "locationName":"ipamScopeArn"
+        },
+        "IpamScopeType":{
+          "shape":"IpamScopeType",
+          "documentation":"<p>In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.</p>",
+          "locationName":"ipamScopeType"
+        },
+        "IpamArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the IPAM.</p>",
+          "locationName":"ipamArn"
+        },
+        "IpamRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the IPAM pool.</p>",
+          "locationName":"ipamRegion"
+        },
+        "Locale":{
+          "shape":"String",
+          "documentation":"<p>The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.</p>",
+          "locationName":"locale"
+        },
+        "PoolDepth":{
+          "shape":"Integer",
+          "documentation":"<p>The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see <a href=\"/vpc/latest/ipam/quotas-ipam.html\">Quotas in IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>. </p>",
+          "locationName":"poolDepth"
+        },
+        "State":{
+          "shape":"IpamPoolState",
+          "documentation":"<p>The state of the IPAM pool.</p>",
+          "locationName":"state"
+        },
+        "StateMessage":{
+          "shape":"String",
+          "documentation":"<p>A message related to the failed creation of an IPAM pool.</p>",
+          "locationName":"stateMessage"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the IPAM pool.</p>",
+          "locationName":"description"
+        },
+        "AutoImport":{
+          "shape":"Boolean",
+          "documentation":"<p>If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only. </p> <p>A locale must be set on the pool for this feature to work.</p>",
+          "locationName":"autoImport"
+        },
+        "PubliclyAdvertisable":{
+          "shape":"Boolean",
+          "documentation":"<p>Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to <code>ipv4</code>.</p>",
+          "locationName":"publiclyAdvertisable"
+        },
+        "AddressFamily":{
+          "shape":"AddressFamily",
+          "documentation":"<p>The address family of the pool.</p>",
+          "locationName":"addressFamily"
+        },
+        "AllocationMinNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.</p>",
+          "locationName":"allocationMinNetmaskLength"
+        },
+        "AllocationMaxNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.</p>",
+          "locationName":"allocationMaxNetmaskLength"
+        },
+        "AllocationDefaultNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.</p>",
+          "locationName":"allocationDefaultNetmaskLength"
+        },
+        "AllocationResourceTags":{
+          "shape":"IpamResourceTagList",
+          "documentation":"<p>Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.</p>",
+          "locationName":"allocationResourceTagSet"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"tagSet"
+        },
+        "AwsService":{
+          "shape":"IpamPoolAwsService",
+          "documentation":"<p>Limits which service in Amazon Web Services that the pool can be used in. \"ec2\", for example, allows users to use space for Elastic IP addresses and VPCs.</p>",
+          "locationName":"awsService"
+        }
+      },
+      "documentation":"<p>In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.</p>"
+    },
+    "IpamPoolAllocation":{
+      "type":"structure",
+      "members":{
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR for the allocation. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is <code>10.24.34.0/23</code>. An IPv6 CIDR example is <code>2001:DB8::/32</code>.</p>",
+          "locationName":"cidr"
+        },
+        "IpamPoolAllocationId":{
+          "shape":"IpamPoolAllocationId",
+          "documentation":"<p>The ID of an allocation.</p>",
+          "locationName":"ipamPoolAllocationId"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>A description of the pool allocation.</p>",
+          "locationName":"description"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource.</p>",
+          "locationName":"resourceId"
+        },
+        "ResourceType":{
+          "shape":"IpamPoolAllocationResourceType",
+          "documentation":"<p>The type of the resource.</p>",
+          "locationName":"resourceType"
+        },
+        "ResourceRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the resource.</p>",
+          "locationName":"resourceRegion"
+        },
+        "ResourceOwner":{
+          "shape":"String",
+          "documentation":"<p>The owner of the resource.</p>",
+          "locationName":"resourceOwner"
+        }
+      },
+      "documentation":"<p>In IPAM, an allocation is a CIDR assignment from an IPAM pool to another resource or IPAM pool.</p>"
+    },
+    "IpamPoolAllocationDisallowedCidrs":{
+      "type":"list",
+      "member":{
+        "shape":"String",
+        "locationName":"item"
+      }
+    },
+    "IpamPoolAllocationId":{"type":"string"},
+    "IpamPoolAllocationResourceType":{
+      "type":"string",
+      "enum":[
+        "ipam-pool",
+        "vpc",
+        "ec2-public-ipv4-pool",
+        "custom"
+      ]
+    },
+    "IpamPoolAllocationSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamPoolAllocation",
+        "locationName":"item"
+      }
+    },
+    "IpamPoolAwsService":{
+      "type":"string",
+      "enum":["ec2"]
+    },
+    "IpamPoolCidr":{
+      "type":"structure",
+      "members":{
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is <code>10.24.34.0/23</code>. An IPv6 CIDR example is <code>2001:DB8::/32</code>.</p>",
+          "locationName":"cidr"
+        },
+        "State":{
+          "shape":"IpamPoolCidrState",
+          "documentation":"<p>The state of the CIDR.</p>",
+          "locationName":"state"
+        },
+        "FailureReason":{
+          "shape":"IpamPoolCidrFailureReason",
+          "documentation":"<p>Details related to why an IPAM pool CIDR failed to be provisioned.</p>",
+          "locationName":"failureReason"
+        }
+      },
+      "documentation":"<p>A CIDR provisioned to an IPAM pool.</p>"
+    },
+    "IpamPoolCidrFailureCode":{
+      "type":"string",
+      "enum":["cidr-not-available"]
+    },
+    "IpamPoolCidrFailureReason":{
+      "type":"structure",
+      "members":{
+        "Code":{
+          "shape":"IpamPoolCidrFailureCode",
+          "documentation":"<p>An error code related to why an IPAM pool CIDR failed to be provisioned.</p>",
+          "locationName":"code"
+        },
+        "Message":{
+          "shape":"String",
+          "documentation":"<p>A message related to why an IPAM pool CIDR failed to be provisioned.</p>",
+          "locationName":"message"
+        }
+      },
+      "documentation":"<p>Details related to why an IPAM pool CIDR failed to be provisioned.</p>"
+    },
+    "IpamPoolCidrSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamPoolCidr",
+        "locationName":"item"
+      }
+    },
+    "IpamPoolCidrState":{
+      "type":"string",
+      "enum":[
+        "pending-provision",
+        "provisioned",
+        "failed-provision",
+        "pending-deprovision",
+        "deprovisioned",
+        "failed-deprovision",
+        "pending-import",
+        "failed-import"
+      ]
+    },
+    "IpamPoolId":{"type":"string"},
+    "IpamPoolSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamPool",
+        "locationName":"item"
+      }
+    },
+    "IpamPoolState":{
+      "type":"string",
+      "enum":[
+        "create-in-progress",
+        "create-complete",
+        "create-failed",
+        "modify-in-progress",
+        "modify-complete",
+        "modify-failed",
+        "delete-in-progress",
+        "delete-complete",
+        "delete-failed"
+      ]
+    },
+    "IpamResourceCidr":{
+      "type":"structure",
+      "members":{
+        "IpamId":{
+          "shape":"IpamId",
+          "documentation":"<p>The IPAM ID for an IPAM resource.</p>",
+          "locationName":"ipamId"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The scope ID for an IPAM resource.</p>",
+          "locationName":"ipamScopeId"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The pool ID for an IPAM resource.</p>",
+          "locationName":"ipamPoolId"
+        },
+        "ResourceRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region for an IPAM resource.</p>",
+          "locationName":"resourceRegion"
+        },
+        "ResourceOwnerId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account number of the owner of an IPAM resource.</p>",
+          "locationName":"resourceOwnerId"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of an IPAM resource.</p>",
+          "locationName":"resourceId"
+        },
+        "ResourceName":{
+          "shape":"String",
+          "documentation":"<p>The name of an IPAM resource.</p>",
+          "locationName":"resourceName"
+        },
+        "ResourceCidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR for an IPAM resource.</p>",
+          "locationName":"resourceCidr"
+        },
+        "ResourceType":{
+          "shape":"IpamResourceType",
+          "documentation":"<p>The type of IPAM resource.</p>",
+          "locationName":"resourceType"
+        },
+        "ResourceTags":{
+          "shape":"IpamResourceTagList",
+          "documentation":"<p>The tags for an IPAM resource.</p>",
+          "locationName":"resourceTagSet"
+        },
+        "IpUsage":{
+          "shape":"BoxedDouble",
+          "documentation":"<p>The IP address space in the IPAM pool that is allocated to this resource. To convert the decimal to a percentage, multiply the decimal by 100.</p>",
+          "locationName":"ipUsage"
+        },
+        "ComplianceStatus":{
+          "shape":"IpamComplianceStatus",
+          "documentation":"<p>The compliance status of the IPAM resource. For more information on compliance statuses, see <a href=\"/vpc/latest/ipam/monitor-cidr-compliance-ipam.html\">Monitor CIDR usage by resource</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"complianceStatus"
+        },
+        "ManagementState":{
+          "shape":"IpamManagementState",
+          "documentation":"<p>The management state of the resource. For more information about management states, see <a href=\"/vpc/latest/ipam/monitor-cidr-compliance-ipam.html\">Monitor CIDR usage by resource</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"managementState"
+        },
+        "OverlapStatus":{
+          "shape":"IpamOverlapStatus",
+          "documentation":"<p>The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see <a href=\"/vpc/latest/ipam/monitor-cidr-compliance-ipam.html\">Monitor CIDR usage by resource</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"overlapStatus"
+        },
+        "VpcId":{
+          "shape":"String",
+          "documentation":"<p>The ID of a VPC.</p>",
+          "locationName":"vpcId"
+        }
+      },
+      "documentation":"<p>The CIDR for an IPAM resource.</p>"
+    },
+    "IpamResourceCidrSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamResourceCidr",
+        "locationName":"item"
+      }
+    },
+    "IpamResourceTag":{
+      "type":"structure",
+      "members":{
+        "Key":{
+          "shape":"String",
+          "documentation":"<p>The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p>",
+          "locationName":"key"
+        },
+        "Value":{
+          "shape":"String",
+          "documentation":"<p>The value of the tag.</p>",
+          "locationName":"value"
+        }
+      },
+      "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>"
+    },
+    "IpamResourceTagList":{
+      "type":"list",
+      "member":{
+        "shape":"IpamResourceTag",
+        "locationName":"item"
+      }
+    },
+    "IpamResourceType":{
+      "type":"string",
+      "enum":[
+        "vpc",
+        "subnet",
+        "eip",
+        "public-ipv4-pool",
+        "ipv6-pool"
+      ]
+    },
+    "IpamScope":{
+      "type":"structure",
+      "members":{
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID of the owner of the scope.</p>",
+          "locationName":"ownerId"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope.</p>",
+          "locationName":"ipamScopeId"
+        },
+        "IpamScopeArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the scope.</p>",
+          "locationName":"ipamScopeArn"
+        },
+        "IpamArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the IPAM.</p>",
+          "locationName":"ipamArn"
+        },
+        "IpamRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the IPAM scope.</p>",
+          "locationName":"ipamRegion"
+        },
+        "IpamScopeType":{
+          "shape":"IpamScopeType",
+          "documentation":"<p>The type of the scope.</p>",
+          "locationName":"ipamScopeType"
+        },
+        "IsDefault":{
+          "shape":"Boolean",
+          "documentation":"<p>Defines if the scope is the default scope or not.</p>",
+          "locationName":"isDefault"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the scope.</p>",
+          "locationName":"description"
+        },
+        "PoolCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of pools in the scope.</p>",
+          "locationName":"poolCount"
+        },
+        "State":{
+          "shape":"IpamScopeState",
+          "documentation":"<p>The state of the IPAM scope.</p>",
+          "locationName":"state"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key <code>Owner</code> and the value <code>TeamA</code>, specify <code>tag:Owner</code> for the filter name and <code>TeamA</code> for the filter value.</p>",
+          "locationName":"tagSet"
+        }
+      },
+      "documentation":"<p>In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.</p> <p>For more information, see <a href=\"/vpc/latest/ipam/how-it-works-ipam.html\">How IPAM works</a> in the <i>Amazon VPC IPAM User Guide</i> </p>"
+    },
+    "IpamScopeId":{"type":"string"},
+    "IpamScopeSet":{
+      "type":"list",
+      "member":{
+        "shape":"IpamScope",
+        "locationName":"item"
+      }
+    },
+    "IpamScopeState":{
+      "type":"string",
+      "enum":[
+        "create-in-progress",
+        "create-complete",
+        "create-failed",
+        "modify-in-progress",
+        "modify-complete",
+        "modify-failed",
+        "delete-in-progress",
+        "delete-complete",
+        "delete-failed"
+      ]
+    },
+    "IpamScopeType":{
+      "type":"string",
+      "enum":[
+        "public",
+        "private"
+      ]
+    },
+    "IpamSet":{
+      "type":"list",
+      "member":{
+        "shape":"Ipam",
+        "locationName":"item"
+      }
+    },
+    "IpamState":{
+      "type":"string",
+      "enum":[
+        "create-in-progress",
+        "create-complete",
+        "create-failed",
+        "modify-in-progress",
+        "modify-complete",
+        "modify-failed",
+        "delete-in-progress",
+        "delete-complete",
+        "delete-failed"
+      ]
+    },
     "Ipv4PoolEc2Id":{"type":"string"},
     "Ipv4PrefixList":{
       "type":"list",
@@ -29456,11 +32432,11 @@
       "members":{
         "Add":{
           "shape":"LaunchPermissionList",
-          "documentation":"<p>The Amazon Web Services account ID to add to the list of launch permissions for the AMI.</p>"
+          "documentation":"<p>The Amazon Web Services account ID, organization ARN, or OU ARN to add to the list of launch permissions for the AMI.</p>"
         },
         "Remove":{
           "shape":"LaunchPermissionList",
-          "documentation":"<p>The Amazon Web Services account ID to remove from the list of launch permissions for the AMI.</p>"
+          "documentation":"<p>The Amazon Web Services account ID, organization ARN, or OU ARN to remove from the list of launch permissions for the AMI.</p>"
         }
       },
       "documentation":"<p>Describes a launch permission modification.</p>"
@@ -30042,13 +33018,18 @@
         },
         "HttpEndpoint":{
           "shape":"LaunchTemplateInstanceMetadataEndpointState",
-          "documentation":"<p>This parameter enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is <code>enabled</code>.</p> <note> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata. </p> </note>",
+          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is <code>enabled</code>.</p> <note> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata. </p> </note>",
           "locationName":"httpEndpoint"
         },
         "HttpProtocolIpv6":{
           "shape":"LaunchTemplateInstanceMetadataProtocolIpv6",
           "documentation":"<p>Enables or disables the IPv6 endpoint for the instance metadata service.</p> <p>Default: <code>disabled</code> </p>",
           "locationName":"httpProtocolIpv6"
+        },
+        "InstanceMetadataTags":{
+          "shape":"LaunchTemplateInstanceMetadataTagsState",
+          "documentation":"<p> </p>",
+          "locationName":"instanceMetadataTags"
         }
       },
       "documentation":"<p>The metadata options for the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\">Instance Metadata and User Data</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
@@ -30066,11 +33047,15 @@
         },
         "HttpEndpoint":{
           "shape":"LaunchTemplateInstanceMetadataEndpointState",
-          "documentation":"<p>This parameter enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is <code>enabled</code>.</p> <note> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata. </p> </note>"
+          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is <code>enabled</code>.</p> <note> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata. </p> </note>"
         },
         "HttpProtocolIpv6":{
           "shape":"LaunchTemplateInstanceMetadataProtocolIpv6",
           "documentation":"<p>Enables or disables the IPv6 endpoint for the instance metadata service.</p> <p>Default: <code>disabled</code> </p>"
+        },
+        "InstanceMetadataTags":{
+          "shape":"LaunchTemplateInstanceMetadataTagsState",
+          "documentation":"<p>Set to <code>enabled</code> to allow access to instance tags from the instance metadata. Set to <code>disabled</code> to turn off access to instance tags from the instance metadata. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a>.</p> <p>Default: <code>disabled</code> </p>"
         }
       },
       "documentation":"<p>The metadata options for the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\">Instance Metadata and User Data</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
@@ -30089,6 +33074,13 @@
         "enabled"
       ]
     },
+    "LaunchTemplateInstanceMetadataTagsState":{
+      "type":"string",
+      "enum":[
+        "disabled",
+        "enabled"
+      ]
+    },
     "LaunchTemplateInstanceNetworkInterfaceSpecification":{
       "type":"structure",
       "members":{
@@ -30469,6 +33461,45 @@
       },
       "documentation":"<p>Describes the placement of an instance.</p>"
     },
+    "LaunchTemplatePrivateDnsNameOptions":{
+      "type":"structure",
+      "members":{
+        "HostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname to assign to an instance.</p>",
+          "locationName":"hostnameType"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>",
+          "locationName":"enableResourceNameDnsARecord"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>",
+          "locationName":"enableResourceNameDnsAAAARecord"
+        }
+      },
+      "documentation":"<p>Describes the options for instance hostnames.</p>"
+    },
+    "LaunchTemplatePrivateDnsNameOptionsRequest":{
+      "type":"structure",
+      "members":{
+        "HostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname for Amazon EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 native subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.</p>"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>"
+        }
+      },
+      "documentation":"<p>Describes the options for instance hostnames.</p>"
+    },
     "LaunchTemplateSet":{
       "type":"list",
       "member":{
@@ -30705,6 +33736,90 @@
         "locationName":"item"
       }
     },
+    "ListImagesInRecycleBinMaxResults":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
+    "ListImagesInRecycleBinRequest":{
+      "type":"structure",
+      "members":{
+        "ImageIds":{
+          "shape":"ImageIdStringList",
+          "documentation":"<p>The IDs of the AMIs to list. Omit this parameter to list all of the AMIs that are in the Recycle Bin. You can specify up to 20 IDs in a single request.</p>",
+          "locationName":"ImageId"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "MaxResults":{
+          "shape":"ListImagesInRecycleBinMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p> <p>If you do not specify a value for <i>MaxResults</i>, the request returns 1,000 items per page by default. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination\"> Pagination</a>.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "ListImagesInRecycleBinResult":{
+      "type":"structure",
+      "members":{
+        "Images":{
+          "shape":"ImageRecycleBinInfoList",
+          "documentation":"<p>Information about the AMIs.</p>",
+          "locationName":"imageSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListSnapshotsInRecycleBinMaxResults":{
+      "type":"integer",
+      "max":1000,
+      "min":5
+    },
+    "ListSnapshotsInRecycleBinRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"ListSnapshotsInRecycleBinMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "SnapshotIds":{
+          "shape":"SnapshotIdStringList",
+          "documentation":"<p>The IDs of the snapshots to list. Omit this parameter to list all of the snapshots that are in the Recycle Bin.</p>",
+          "locationName":"SnapshotId"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "ListSnapshotsInRecycleBinResult":{
+      "type":"structure",
+      "members":{
+        "Snapshots":{
+          "shape":"SnapshotRecycleBinInfoList",
+          "documentation":"<p>Information about the snapshots.</p>",
+          "locationName":"snapshotSet"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>",
+          "locationName":"nextToken"
+        }
+      }
+    },
     "ListingState":{
       "type":"string",
       "enum":[
@@ -31597,6 +34712,14 @@
         "ClientConnectOptions":{
           "shape":"ClientConnectOptions",
           "documentation":"<p>The options for managing connection authorization for new client connections.</p>"
+        },
+        "SessionTimeoutHours":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum VPN session duration time in hours.</p> <p>Valid values: <code>8 | 10 | 12 | 24</code> </p> <p>Default value: <code>24</code> </p>"
+        },
+        "ClientLoginBannerOptions":{
+          "shape":"ClientLoginBannerOptions",
+          "documentation":"<p>Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>"
         }
       }
     },
@@ -31926,7 +35049,7 @@
         },
         "BlockDeviceMappings":{
           "shape":"InstanceBlockDeviceMappingSpecificationList",
-          "documentation":"<p>Modifies the <code>DeleteOnTermination</code> attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for <code>DeleteOnTermination</code>, the default is <code>true</code> and the volume is deleted when the instance is terminated.</p> <p>To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html#Using_OverridingAMIBDM\">Updating the block device mapping when launching an instance</a> in the <i>Amazon EC2 User Guide</i>.</p>",
+          "documentation":"<p>Modifies the <code>DeleteOnTermination</code> attribute for volumes that are currently attached. The volume must be owned by the caller. If no value is specified for <code>DeleteOnTermination</code>, the default is <code>true</code> and the volume is deleted when the instance is terminated.</p> <p>To add instance store volumes to an Amazon EBS-backed instance, you must add them when you launch the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html#Using_OverridingAMIBDM\">Update the block device mapping when launching an instance</a> in the <i>Amazon EC2 User Guide</i>.</p>",
           "locationName":"blockDeviceMapping"
         },
         "DisableApiTermination":{
@@ -32151,7 +35274,7 @@
         },
         "HttpEndpoint":{
           "shape":"InstanceMetadataEndpointState",
-          "documentation":"<p>This parameter enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the existing state is maintained.</p> <note> <p>If you specify a value of <code>disabled</code>, you will not be able to access your instance metadata.</p> </note>"
+          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances. If this parameter is not specified, the existing state is maintained.</p> <p>If you specify a value of <code>disabled</code>, you cannot access your instance metadata.</p>"
         },
         "DryRun":{
           "shape":"Boolean",
@@ -32159,7 +35282,11 @@
         },
         "HttpProtocolIpv6":{
           "shape":"InstanceMetadataProtocolState",
-          "documentation":"<p>Enables or disables the IPv6 endpoint for the instance metadata service.</p>"
+          "documentation":"<p>Enables or disables the IPv6 endpoint for the instance metadata service. This setting applies only if you have enabled the HTTP metadata endpoint.</p>"
+        },
+        "InstanceMetadataTags":{
+          "shape":"InstanceMetadataTagsState",
+          "documentation":"<p>Set to <code>enabled</code> to allow access to instance tags from the instance metadata. Set to <code>disabled</code> to turn off access to instance tags from the instance metadata. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a>.</p> <p>Default: <code>disabled</code> </p>"
         }
       }
     },
@@ -32208,7 +35335,7 @@
         },
         "PartitionNumber":{
           "shape":"Integer",
-          "documentation":"<p>Reserved for future use.</p>"
+          "documentation":"<p>The number of the partition in which to place the instance. Valid only if the placement group strategy is set to <code>partition</code>.</p>"
         },
         "HostResourceGroupArn":{
           "shape":"String",
@@ -32226,6 +35353,179 @@
         }
       }
     },
+    "ModifyIpamPoolRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool you want to modify.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the IPAM pool you want to modify.</p>"
+        },
+        "AutoImport":{
+          "shape":"Boolean",
+          "documentation":"<p>If true, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only. </p> <p>A locale must be set on the pool for this feature to work.</p>"
+        },
+        "AllocationMinNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. The minimum netmask length must be less than the maximum netmask length.</p>"
+        },
+        "AllocationMaxNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.The maximum netmask length must be greater than the minimum netmask length.</p>"
+        },
+        "AllocationDefaultNetmaskLength":{
+          "shape":"IpamNetmaskLength",
+          "documentation":"<p>The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.</p>"
+        },
+        "ClearAllocationDefaultNetmaskLength":{
+          "shape":"Boolean",
+          "documentation":"<p>Clear the default netmask length allocation rule for this pool.</p>"
+        },
+        "AddAllocationResourceTags":{
+          "shape":"RequestIpamResourceTagList",
+          "documentation":"<p>Add tag allocation rules to a pool. For more information about allocation rules, see <a href=\"/vpc/latest/ipam/create-top-ipam.html\">Create a top-level pool</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"AddAllocationResourceTag"
+        },
+        "RemoveAllocationResourceTags":{
+          "shape":"RequestIpamResourceTagList",
+          "documentation":"<p>Remove tag allocation rules from a pool.</p>",
+          "locationName":"RemoveAllocationResourceTag"
+        }
+      }
+    },
+    "ModifyIpamPoolResult":{
+      "type":"structure",
+      "members":{
+        "IpamPool":{
+          "shape":"IpamPool",
+          "documentation":"<p>The results of the modification.</p>",
+          "locationName":"ipamPool"
+        }
+      }
+    },
+    "ModifyIpamRequest":{
+      "type":"structure",
+      "required":["IpamId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamId":{
+          "shape":"IpamId",
+          "documentation":"<p>The ID of the IPAM you want to modify.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the IPAM you want to modify.</p>"
+        },
+        "AddOperatingRegions":{
+          "shape":"AddIpamOperatingRegionSet",
+          "documentation":"<p>Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i>.</p>",
+          "locationName":"AddOperatingRegion"
+        },
+        "RemoveOperatingRegions":{
+          "shape":"RemoveIpamOperatingRegionSet",
+          "documentation":"<p>The operating Regions to remove.</p>",
+          "locationName":"RemoveOperatingRegion"
+        }
+      }
+    },
+    "ModifyIpamResourceCidrRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceId",
+        "ResourceCidr",
+        "ResourceRegion",
+        "CurrentIpamScopeId",
+        "Monitored"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource you want to modify.</p>"
+        },
+        "ResourceCidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR of the resource you want to modify.</p>"
+        },
+        "ResourceRegion":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services Region of the resource you want to modify.</p>"
+        },
+        "CurrentIpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the current scope that the resource CIDR is in.</p>"
+        },
+        "DestinationIpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope you want to transfer the resource CIDR to.</p>"
+        },
+        "Monitored":{
+          "shape":"Boolean",
+          "documentation":"<p>Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.</p>"
+        }
+      }
+    },
+    "ModifyIpamResourceCidrResult":{
+      "type":"structure",
+      "members":{
+        "IpamResourceCidr":{
+          "shape":"IpamResourceCidr",
+          "locationName":"ipamResourceCidr"
+        }
+      }
+    },
+    "ModifyIpamResult":{
+      "type":"structure",
+      "members":{
+        "Ipam":{
+          "shape":"Ipam",
+          "documentation":"<p>The results of the modification.</p>",
+          "locationName":"ipam"
+        }
+      }
+    },
+    "ModifyIpamScopeRequest":{
+      "type":"structure",
+      "required":["IpamScopeId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamScopeId":{
+          "shape":"IpamScopeId",
+          "documentation":"<p>The ID of the scope you want to modify.</p>"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description of the scope you want to modify.</p>"
+        }
+      }
+    },
+    "ModifyIpamScopeResult":{
+      "type":"structure",
+      "members":{
+        "IpamScope":{
+          "shape":"IpamScope",
+          "documentation":"<p>The results of the modification.</p>",
+          "locationName":"ipamScope"
+        }
+      }
+    },
     "ModifyLaunchTemplateRequest":{
       "type":"structure",
       "members":{
@@ -32345,6 +35645,41 @@
       },
       "documentation":"<p>Contains the parameters for ModifyNetworkInterfaceAttribute.</p>"
     },
+    "ModifyPrivateDnsNameOptionsRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "InstanceId":{
+          "shape":"InstanceId",
+          "documentation":"<p>The ID of the instance.</p>"
+        },
+        "PrivateDnsHostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.</p>"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>"
+        }
+      }
+    },
+    "ModifyPrivateDnsNameOptionsResult":{
+      "type":"structure",
+      "members":{
+        "Return":{
+          "shape":"Boolean",
+          "documentation":"<p>Returns <code>true</code> if the request succeeds; otherwise, it returns an error.</p>",
+          "locationName":"return"
+        }
+      }
+    },
     "ModifyReservedInstancesRequest":{
       "type":"structure",
       "required":[
@@ -32450,6 +35785,39 @@
         }
       }
     },
+    "ModifySnapshotTierRequest":{
+      "type":"structure",
+      "required":["SnapshotId"],
+      "members":{
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot.</p>"
+        },
+        "StorageTier":{
+          "shape":"TargetStorageTier",
+          "documentation":"<p>The name of the storage tier. You must specify <code>archive</code>.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "ModifySnapshotTierResult":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the snapshot.</p>",
+          "locationName":"snapshotId"
+        },
+        "TieringStartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the archive process was started.</p>",
+          "locationName":"tieringStartTime"
+        }
+      }
+    },
     "ModifySpotFleetRequestRequest":{
       "type":"structure",
       "required":["SpotFleetRequestId"],
@@ -32520,6 +35888,30 @@
         "CustomerOwnedIpv4Pool":{
           "shape":"CoipPoolId",
           "documentation":"<p>The customer-owned IPv4 address pool associated with the subnet.</p> <p>You must set this value when you specify <code>true</code> for <code>MapCustomerOwnedIpOnLaunch</code>.</p>"
+        },
+        "EnableDns64":{
+          "shape":"AttributeBooleanValue",
+          "documentation":"<p>Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.</p>"
+        },
+        "PrivateDnsHostnameTypeOnLaunch":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostnames to assign to instances in the subnet at launch. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.</p>"
+        },
+        "EnableResourceNameDnsARecordOnLaunch":{
+          "shape":"AttributeBooleanValue",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>"
+        },
+        "EnableResourceNameDnsAAAARecordOnLaunch":{
+          "shape":"AttributeBooleanValue",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>"
+        },
+        "EnableLniAtDeviceIndex":{
+          "shape":"Integer",
+          "documentation":"<p> Indicates the device position for local network interfaces in this subnet. For example, <code>1</code> indicates local network interfaces in this subnet are the secondary network interface (eth1). A local network interface cannot be the primary network interface (eth0). </p>"
+        },
+        "DisableLniAtDeviceIndex":{
+          "shape":"AttributeBooleanValue",
+          "documentation":"<p> Specify <code>true</code> to indicate that local network interfaces at the current position should be disabled. </p>"
         }
       }
     },
@@ -33078,6 +36470,37 @@
         }
       }
     },
+    "ModifyVpcEndpointServicePayerResponsibilityRequest":{
+      "type":"structure",
+      "required":[
+        "ServiceId",
+        "PayerResponsibility"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "ServiceId":{
+          "shape":"VpcEndpointServiceId",
+          "documentation":"<p>The ID of the service.</p>"
+        },
+        "PayerResponsibility":{
+          "shape":"PayerResponsibility",
+          "documentation":"<p>The entity that is responsible for the endpoint costs. The default is the endpoint owner. If you set the payer responsibility to the service owner, you cannot set it back to the endpoint owner.</p>"
+        }
+      }
+    },
+    "ModifyVpcEndpointServicePayerResponsibilityResult":{
+      "type":"structure",
+      "members":{
+        "ReturnValue":{
+          "shape":"Boolean",
+          "documentation":"<p>Returns <code>true</code> if the request succeeds; otherwise, it returns an error.</p>",
+          "locationName":"return"
+        }
+      }
+    },
     "ModifyVpcEndpointServicePermissionsRequest":{
       "type":"structure",
       "required":["ServiceId"],
@@ -33354,7 +36777,7 @@
         },
         "DPDTimeoutSeconds":{
           "shape":"Integer",
-          "documentation":"<p>The number of seconds after which a DPD timeout occurs.</p> <p>Constraints: A value between 0 and 30.</p> <p>Default: <code>30</code> </p>"
+          "documentation":"<p>The number of seconds after which a DPD timeout occurs.</p> <p>Constraints: A value greater than or equal to 30.</p> <p>Default: <code>30</code> </p>"
         },
         "DPDTimeoutAction":{
           "shape":"String",
@@ -33479,6 +36902,41 @@
         }
       }
     },
+    "MoveByoipCidrToIpamRequest":{
+      "type":"structure",
+      "required":[
+        "Cidr",
+        "IpamPoolId",
+        "IpamPoolOwner"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The BYOIP CIDR.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The IPAM pool ID.</p>"
+        },
+        "IpamPoolOwner":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID of the owner of the IPAM pool.</p>"
+        }
+      }
+    },
+    "MoveByoipCidrToIpamResult":{
+      "type":"structure",
+      "members":{
+        "ByoipCidr":{
+          "shape":"ByoipCidr",
+          "locationName":"byoipCidr"
+        }
+      }
+    },
     "MoveStatus":{
       "type":"string",
       "enum":[
@@ -33640,6 +37098,7 @@
         "deleted"
       ]
     },
+    "NetmaskLength":{"type":"integer"},
     "NetworkAcl":{
       "type":"structure",
       "members":{
@@ -33873,6 +37332,149 @@
       },
       "documentation":"<p>Describes the networking features of the instance type.</p>"
     },
+    "NetworkInsightsAccessScope":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeId"
+        },
+        "NetworkInsightsAccessScopeArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeArn"
+        },
+        "CreatedDate":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The creation date.</p>",
+          "locationName":"createdDate"
+        },
+        "UpdatedDate":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The last updated date.</p>",
+          "locationName":"updatedDate"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags.</p>",
+          "locationName":"tagSet"
+        }
+      },
+      "documentation":"<p>Describes a Network Access Scope.</p>"
+    },
+    "NetworkInsightsAccessScopeAnalysis":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysisId":{
+          "shape":"NetworkInsightsAccessScopeAnalysisId",
+          "documentation":"<p>The ID of the Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisId"
+        },
+        "NetworkInsightsAccessScopeAnalysisArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysisArn"
+        },
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeId"
+        },
+        "Status":{
+          "shape":"AnalysisStatus",
+          "documentation":"<p>The status.</p>",
+          "locationName":"status"
+        },
+        "StatusMessage":{
+          "shape":"String",
+          "documentation":"<p>The status message.</p>",
+          "locationName":"statusMessage"
+        },
+        "WarningMessage":{
+          "shape":"String",
+          "documentation":"<p>The warning message.</p>",
+          "locationName":"warningMessage"
+        },
+        "StartDate":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The analysis start date.</p>",
+          "locationName":"startDate"
+        },
+        "EndDate":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The analysis end date.</p>",
+          "locationName":"endDate"
+        },
+        "FindingsFound":{
+          "shape":"FindingsFound",
+          "documentation":"<p>Indicates whether there are findings.</p>",
+          "locationName":"findingsFound"
+        },
+        "AnalyzedEniCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of network interfaces analyzed.</p>",
+          "locationName":"analyzedEniCount"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags.</p>",
+          "locationName":"tagSet"
+        }
+      },
+      "documentation":"<p>Describes a Network Access Scope analysis.</p>"
+    },
+    "NetworkInsightsAccessScopeAnalysisId":{"type":"string"},
+    "NetworkInsightsAccessScopeAnalysisIdList":{
+      "type":"list",
+      "member":{
+        "shape":"NetworkInsightsAccessScopeAnalysisId",
+        "locationName":"item"
+      }
+    },
+    "NetworkInsightsAccessScopeAnalysisList":{
+      "type":"list",
+      "member":{
+        "shape":"NetworkInsightsAccessScopeAnalysis",
+        "locationName":"item"
+      }
+    },
+    "NetworkInsightsAccessScopeContent":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>",
+          "locationName":"networkInsightsAccessScopeId"
+        },
+        "MatchPaths":{
+          "shape":"AccessScopePathList",
+          "documentation":"<p>The paths to match.</p>",
+          "locationName":"matchPathSet"
+        },
+        "ExcludePaths":{
+          "shape":"AccessScopePathList",
+          "documentation":"<p>The paths to exclude.</p>",
+          "locationName":"excludePathSet"
+        }
+      },
+      "documentation":"<p>Describes the Network Access Scope content.</p>"
+    },
+    "NetworkInsightsAccessScopeId":{"type":"string"},
+    "NetworkInsightsAccessScopeIdList":{
+      "type":"list",
+      "member":{
+        "shape":"NetworkInsightsAccessScopeId",
+        "locationName":"item"
+      }
+    },
+    "NetworkInsightsAccessScopeList":{
+      "type":"list",
+      "member":{
+        "shape":"NetworkInsightsAccessScope",
+        "locationName":"item"
+      }
+    },
     "NetworkInsightsAnalysis":{
       "type":"structure",
       "members":{
@@ -33911,6 +37513,11 @@
           "documentation":"<p>The status message, if the status is <code>failed</code>.</p>",
           "locationName":"statusMessage"
         },
+        "WarningMessage":{
+          "shape":"String",
+          "documentation":"<p>The warning message.</p>",
+          "locationName":"warningMessage"
+        },
         "NetworkPathFound":{
           "shape":"Boolean",
           "documentation":"<p>Indicates whether the destination is reachable from the source.</p>",
@@ -34035,6 +37642,7 @@
         "locationName":"item"
       }
     },
+    "NetworkInsightsResourceId":{"type":"string"},
     "NetworkInterface":{
       "type":"structure",
       "members":{
@@ -34157,6 +37765,16 @@
           "shape":"Boolean",
           "documentation":"<p>Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is <code>true</code>, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.</p>",
           "locationName":"denyAllIgwTraffic"
+        },
+        "Ipv6Native":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this is an IPv6 only network interface.</p>",
+          "locationName":"ipv6Native"
+        },
+        "Ipv6Address":{
+          "shape":"String",
+          "documentation":"<p>The IPv6 globally unique address associated with the network interface.</p>",
+          "locationName":"ipv6Address"
         }
       },
       "documentation":"<p>Describes a network interface.</p>"
@@ -34537,27 +38155,27 @@
       "members":{
         "AllocationStrategy":{
           "shape":"FleetOnDemandAllocationStrategy",
-          "documentation":"<p>The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify <code>lowest-price</code>, EC2 Fleet uses price to determine the order, launching the lowest price first. If you specify <code>prioritized</code>, EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first. If you do not specify a value, EC2 Fleet defaults to <code>lowest-price</code>.</p>",
+          "documentation":"<p>The strategy that determines the order of the launch template overrides to use in fulfilling On-Demand capacity.</p> <p> <code>lowest-price</code> - EC2 Fleet uses price to determine the order, launching the lowest price first.</p> <p> <code>prioritized</code> - EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first.</p> <p>Default: <code>lowest-price</code> </p>",
           "locationName":"allocationStrategy"
         },
         "CapacityReservationOptions":{
           "shape":"CapacityReservationOptions",
-          "documentation":"<p>The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity. Supported only for fleets of type <code>instant</code>.</p>",
+          "documentation":"<p>The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.</p> <p>Supported only for fleets of type <code>instant</code>.</p>",
           "locationName":"capacityReservationOptions"
         },
         "SingleInstanceType":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. Supported only for fleets of type <code>instant</code>.</p>",
+          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.</p> <p>Supported only for fleets of type <code>instant</code>.</p>",
           "locationName":"singleInstanceType"
         },
         "SingleAvailabilityZone":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. Supported only for fleets of type <code>instant</code>.</p>",
+          "documentation":"<p>Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.</p> <p>Supported only for fleets of type <code>instant</code>.</p>",
           "locationName":"singleAvailabilityZone"
         },
         "MinTargetCapacity":{
           "shape":"Integer",
-          "documentation":"<p>The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p>",
+          "documentation":"<p>The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p> <p>Supported only for fleets of type <code>instant</code>.</p> <p>At least one of the following must be specified: <code>SingleAvailabilityZone</code> | <code>SingleInstanceType</code> </p>",
           "locationName":"minTargetCapacity"
         },
         "MaxTotalPrice":{
@@ -34573,23 +38191,23 @@
       "members":{
         "AllocationStrategy":{
           "shape":"FleetOnDemandAllocationStrategy",
-          "documentation":"<p>The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify <code>lowest-price</code>, EC2 Fleet uses price to determine the order, launching the lowest price first. If you specify <code>prioritized</code>, EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first. If you do not specify a value, EC2 Fleet defaults to <code>lowest-price</code>.</p>"
+          "documentation":"<p>The strategy that determines the order of the launch template overrides to use in fulfilling On-Demand capacity.</p> <p> <code>lowest-price</code> - EC2 Fleet uses price to determine the order, launching the lowest price first.</p> <p> <code>prioritized</code> - EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first.</p> <p>Default: <code>lowest-price</code> </p>"
         },
         "CapacityReservationOptions":{
           "shape":"CapacityReservationOptionsRequest",
-          "documentation":"<p>The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity. Supported only for fleets of type <code>instant</code>.</p>"
+          "documentation":"<p>The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity.</p> <p>Supported only for fleets of type <code>instant</code>.</p>"
         },
         "SingleInstanceType":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. Supported only for fleets of type <code>instant</code>.</p>"
+          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet.</p> <p>Supported only for fleets of type <code>instant</code>.</p>"
         },
         "SingleAvailabilityZone":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. Supported only for fleets of type <code>instant</code>.</p>"
+          "documentation":"<p>Indicates that the fleet launches all On-Demand Instances into a single Availability Zone.</p> <p>Supported only for fleets of type <code>instant</code>.</p>"
         },
         "MinTargetCapacity":{
           "shape":"Integer",
-          "documentation":"<p>The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p>"
+          "documentation":"<p>The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p> <p>Supported only for fleets of type <code>instant</code>.</p> <p>At least one of the following must be specified: <code>SingleAvailabilityZone</code> | <code>SingleInstanceType</code> </p>"
         },
         "MaxTotalPrice":{
           "shape":"String",
@@ -34630,6 +38248,88 @@
         "locationName":"Owner"
       }
     },
+    "PacketHeaderStatement":{
+      "type":"structure",
+      "members":{
+        "SourceAddresses":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source addresses.</p>",
+          "locationName":"sourceAddressSet"
+        },
+        "DestinationAddresses":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination addresses.</p>",
+          "locationName":"destinationAddressSet"
+        },
+        "SourcePorts":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source ports.</p>",
+          "locationName":"sourcePortSet"
+        },
+        "DestinationPorts":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination ports.</p>",
+          "locationName":"destinationPortSet"
+        },
+        "SourcePrefixLists":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source prefix lists.</p>",
+          "locationName":"sourcePrefixListSet"
+        },
+        "DestinationPrefixLists":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination prefix lists.</p>",
+          "locationName":"destinationPrefixListSet"
+        },
+        "Protocols":{
+          "shape":"ProtocolList",
+          "documentation":"<p>The protocols.</p>",
+          "locationName":"protocolSet"
+        }
+      },
+      "documentation":"<p>Describes a packet header statement.</p>"
+    },
+    "PacketHeaderStatementRequest":{
+      "type":"structure",
+      "members":{
+        "SourceAddresses":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source addresses.</p>",
+          "locationName":"SourceAddress"
+        },
+        "DestinationAddresses":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination addresses.</p>",
+          "locationName":"DestinationAddress"
+        },
+        "SourcePorts":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source ports.</p>",
+          "locationName":"SourcePort"
+        },
+        "DestinationPorts":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination ports.</p>",
+          "locationName":"DestinationPort"
+        },
+        "SourcePrefixLists":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The source prefix lists.</p>",
+          "locationName":"SourcePrefixList"
+        },
+        "DestinationPrefixLists":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The destination prefix lists.</p>",
+          "locationName":"DestinationPrefixList"
+        },
+        "Protocols":{
+          "shape":"ProtocolList",
+          "documentation":"<p>The protocols.</p>",
+          "locationName":"Protocol"
+        }
+      },
+      "documentation":"<p>Describes a packet header statement.</p>"
+    },
     "PartitionLoadFrequency":{
       "type":"string",
       "enum":[
@@ -34652,6 +38352,11 @@
           "documentation":"<p>The network ACL rule.</p>",
           "locationName":"aclRule"
         },
+        "AttachedTo":{
+          "shape":"AnalysisComponent",
+          "documentation":"<p>The resource to which the path component is attached.</p>",
+          "locationName":"attachedTo"
+        },
         "Component":{
           "shape":"AnalysisComponent",
           "documentation":"<p>The component.</p>",
@@ -34707,6 +38412,40 @@
         "locationName":"item"
       }
     },
+    "PathStatement":{
+      "type":"structure",
+      "members":{
+        "PacketHeaderStatement":{
+          "shape":"PacketHeaderStatement",
+          "documentation":"<p>The packet header statement.</p>",
+          "locationName":"packetHeaderStatement"
+        },
+        "ResourceStatement":{
+          "shape":"ResourceStatement",
+          "documentation":"<p>The resource statement.</p>",
+          "locationName":"resourceStatement"
+        }
+      },
+      "documentation":"<p>Describes a path statement.</p>"
+    },
+    "PathStatementRequest":{
+      "type":"structure",
+      "members":{
+        "PacketHeaderStatement":{
+          "shape":"PacketHeaderStatementRequest",
+          "documentation":"<p>The packet header statement.</p>"
+        },
+        "ResourceStatement":{
+          "shape":"ResourceStatementRequest",
+          "documentation":"<p>The resource statement.</p>"
+        }
+      },
+      "documentation":"<p>Describes a path statement.</p>"
+    },
+    "PayerResponsibility":{
+      "type":"string",
+      "enum":["ServiceOwner"]
+    },
     "PaymentOption":{
       "type":"string",
       "enum":[
@@ -35047,7 +38786,7 @@
         },
         "PartitionNumber":{
           "shape":"Integer",
-          "documentation":"<p>The number of the partition the instance is in. Valid only if the placement group strategy is set to <code>partition</code>.</p> <p>This parameter is not supported by <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet\">CreateFleet</a>.</p>",
+          "documentation":"<p>The number of the partition that the instance is in. Valid only if the placement group strategy is set to <code>partition</code>.</p> <p>This parameter is not supported by <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet\">CreateFleet</a>.</p>",
           "locationName":"partitionNumber"
         },
         "HostId":{
@@ -35105,10 +38844,19 @@
           "shape":"TagList",
           "documentation":"<p>Any tags applied to the placement group.</p>",
           "locationName":"tagSet"
+        },
+        "GroupArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the placement group.</p>",
+          "locationName":"groupArn"
         }
       },
       "documentation":"<p>Describes a placement group.</p>"
     },
+    "PlacementGroupArn":{
+      "type":"string",
+      "pattern":"^arn:aws([a-z-]+)?:ec2:[a-z\\d-]+:\\d{12}:placement-group/([^\\s].+[^\\s]){1,255}$"
+    },
     "PlacementGroupId":{"type":"string"},
     "PlacementGroupIdStringList":{
       "type":"list",
@@ -35534,6 +39282,66 @@
       },
       "documentation":"<p>Information about the private DNS name for the service endpoint. For more information about these parameters, see <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/ndpoint-services-dns-validation.html\">VPC Endpoint Service Private DNS Name Verification</a> in the <i>Amazon Virtual Private Cloud User Guide</i>.</p>"
     },
+    "PrivateDnsNameOptionsOnLaunch":{
+      "type":"structure",
+      "members":{
+        "HostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.</p>",
+          "locationName":"hostnameType"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>",
+          "locationName":"enableResourceNameDnsARecord"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostname with DNS AAAA records.</p>",
+          "locationName":"enableResourceNameDnsAAAARecord"
+        }
+      },
+      "documentation":"<p>Describes the options for instance hostnames.</p>"
+    },
+    "PrivateDnsNameOptionsRequest":{
+      "type":"structure",
+      "members":{
+        "HostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.</p>"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>"
+        }
+      },
+      "documentation":"<p>Describes the options for instance hostnames.</p>"
+    },
+    "PrivateDnsNameOptionsResponse":{
+      "type":"structure",
+      "members":{
+        "HostnameType":{
+          "shape":"HostnameType",
+          "documentation":"<p>The type of hostname to assign to an instance.</p>",
+          "locationName":"hostnameType"
+        },
+        "EnableResourceNameDnsARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS A records.</p>",
+          "locationName":"enableResourceNameDnsARecord"
+        },
+        "EnableResourceNameDnsAAAARecord":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.</p>",
+          "locationName":"enableResourceNameDnsAAAARecord"
+        }
+      },
+      "documentation":"<p>Describes the options for instance hostnames.</p>"
+    },
     "PrivateIpAddressConfigSet":{
       "type":"list",
       "member":{
@@ -35654,6 +39462,13 @@
         "udp"
       ]
     },
+    "ProtocolList":{
+      "type":"list",
+      "member":{
+        "shape":"Protocol",
+        "locationName":"item"
+      }
+    },
     "ProtocolValue":{
       "type":"string",
       "enum":["gre"]
@@ -35689,7 +39504,7 @@
         },
         "MultiRegion":{
           "shape":"Boolean",
-          "documentation":"<para>Reserved.</para>"
+          "documentation":"<p>Reserved.</p>"
         }
       }
     },
@@ -35703,6 +39518,78 @@
         }
       }
     },
+    "ProvisionIpamPoolCidrRequest":{
+      "type":"structure",
+      "required":["IpamPoolId"],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool to which you want to assign a CIDR.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR you want to assign to the IPAM pool.</p>"
+        },
+        "CidrAuthorizationContext":{
+          "shape":"IpamCidrAuthorizationContext",
+          "documentation":"<p>A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option applies to public pools only.</p>"
+        }
+      }
+    },
+    "ProvisionIpamPoolCidrResult":{
+      "type":"structure",
+      "members":{
+        "IpamPoolCidr":{
+          "shape":"IpamPoolCidr",
+          "documentation":"<p>Information about the provisioned CIDR.</p>",
+          "locationName":"ipamPoolCidr"
+        }
+      }
+    },
+    "ProvisionPublicIpv4PoolCidrRequest":{
+      "type":"structure",
+      "required":[
+        "IpamPoolId",
+        "PoolId",
+        "NetmaskLength"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool you would like to use to allocate this CIDR.</p>"
+        },
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the public IPv4 pool you would like to use for this CIDR.</p>"
+        },
+        "NetmaskLength":{
+          "shape":"Integer",
+          "documentation":"<p>The netmask length of the CIDR you would like to allocate to the public IPv4 pool.</p>"
+        }
+      }
+    },
+    "ProvisionPublicIpv4PoolCidrResult":{
+      "type":"structure",
+      "members":{
+        "PoolId":{
+          "shape":"Ipv4PoolEc2Id",
+          "documentation":"<p>The ID of the pool that you want to provision the CIDR to.</p>",
+          "locationName":"poolId"
+        },
+        "PoolAddressRange":{
+          "shape":"PublicIpv4PoolRange",
+          "locationName":"poolAddressRange"
+        }
+      }
+    },
     "ProvisionedBandwidth":{
       "type":"structure",
       "members":{
@@ -35870,7 +39757,7 @@
           "locationName":"hostIdSet"
         },
         "HostReservationId":{
-          "shape":"String",
+          "shape":"HostReservationId",
           "documentation":"<p>The ID of the reservation.</p>",
           "locationName":"hostReservationId"
         },
@@ -36578,6 +40465,57 @@
         }
       }
     },
+    "ReleaseIpamPoolAllocationRequest":{
+      "type":"structure",
+      "required":[
+        "IpamPoolId",
+        "Cidr"
+      ],
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "IpamPoolId":{
+          "shape":"IpamPoolId",
+          "documentation":"<p>The ID of the IPAM pool which contains the allocation you want to release.</p>"
+        },
+        "Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR of the allocation you want to release.</p>"
+        },
+        "IpamPoolAllocationId":{
+          "shape":"IpamPoolAllocationId",
+          "documentation":"<p>The ID of the allocation.</p>"
+        }
+      }
+    },
+    "ReleaseIpamPoolAllocationResult":{
+      "type":"structure",
+      "members":{
+        "Success":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates if the release was successful.</p>",
+          "locationName":"success"
+        }
+      }
+    },
+    "RemoveIpamOperatingRegion":{
+      "type":"structure",
+      "members":{
+        "RegionName":{
+          "shape":"String",
+          "documentation":"<p>The name of the operating Region you want to remove.</p>"
+        }
+      },
+      "documentation":"<p>Remove an operating Region from an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.</p> <p>For more information about operating Regions, see <a href=\"/vpc/latest/ipam/create-ipam.html\">Create an IPAM</a> in the <i>Amazon VPC IPAM User Guide</i> </p>"
+    },
+    "RemoveIpamOperatingRegionSet":{
+      "type":"list",
+      "member":{"shape":"RemoveIpamOperatingRegion"},
+      "max":50,
+      "min":0
+    },
     "RemovePrefixListEntries":{
       "type":"list",
       "member":{"shape":"RemovePrefixListEntry"},
@@ -36857,6 +40795,10 @@
           "shape":"VpcPeeringConnectionId",
           "documentation":"<p>The ID of a VPC peering connection.</p>",
           "locationName":"vpcPeeringConnectionId"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the core network.</p>"
         }
       }
     },
@@ -37032,6 +40974,27 @@
       "max":100,
       "min":0
     },
+    "RequestIpamResourceTag":{
+      "type":"structure",
+      "members":{
+        "Key":{
+          "shape":"String",
+          "documentation":"<p>The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.</p>"
+        },
+        "Value":{
+          "shape":"String",
+          "documentation":"<p>The value for the tag.</p>"
+        }
+      },
+      "documentation":"<p>A tag on an IPAM resource.</p>"
+    },
+    "RequestIpamResourceTagList":{
+      "type":"list",
+      "member":{
+        "shape":"RequestIpamResourceTag",
+        "locationName":"item"
+      }
+    },
     "RequestLaunchTemplateData":{
       "type":"structure",
       "members":{
@@ -37154,6 +41117,10 @@
         "InstanceRequirements":{
           "shape":"InstanceRequirementsRequest",
           "documentation":"<p>The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.</p> <p>If you specify <code>InstanceRequirements</code>, you can't specify <code>InstanceTypes</code>.</p>"
+        },
+        "PrivateDnsNameOptions":{
+          "shape":"LaunchTemplatePrivateDnsNameOptionsRequest",
+          "documentation":"<p>The options for the instance hostname. The default values are inherited from the subnet.</p>"
         }
       },
       "documentation":"<p>The information to include in the launch template.</p>"
@@ -38135,6 +42102,38 @@
         "locationName":"item"
       }
     },
+    "ResourceStatement":{
+      "type":"structure",
+      "members":{
+        "Resources":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The resources.</p>",
+          "locationName":"resourceSet"
+        },
+        "ResourceTypes":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The resource types.</p>",
+          "locationName":"resourceTypeSet"
+        }
+      },
+      "documentation":"<p>Describes a resource statement.</p>"
+    },
+    "ResourceStatementRequest":{
+      "type":"structure",
+      "members":{
+        "Resources":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The resources.</p>",
+          "locationName":"Resource"
+        },
+        "ResourceTypes":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The resource types.</p>",
+          "locationName":"ResourceType"
+        }
+      },
+      "documentation":"<p>Describes a resource statement.</p>"
+    },
     "ResourceType":{
       "type":"string",
       "enum":[
@@ -38158,6 +42157,9 @@
         "instance",
         "instance-event-window",
         "internet-gateway",
+        "ipam",
+        "ipam-pool",
+        "ipam-scope",
         "ipv4pool-ec2",
         "ipv6pool-ec2",
         "key-pair",
@@ -38173,6 +42175,8 @@
         "network-interface",
         "network-insights-analysis",
         "network-insights-path",
+        "network-insights-access-scope",
+        "network-insights-access-scope-analysis",
         "placement-group",
         "prefix-list",
         "replace-root-volume-task",
@@ -38374,6 +42378,11 @@
           "shape":"InstanceRequirements",
           "documentation":"<p>The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes.</p> <p>If you specify <code>InstanceRequirements</code>, you can't specify <code>InstanceTypes</code>.</p>",
           "locationName":"instanceRequirements"
+        },
+        "PrivateDnsNameOptions":{
+          "shape":"LaunchTemplatePrivateDnsNameOptions",
+          "documentation":"<p>The options for the instance hostname.</p>",
+          "locationName":"privateDnsNameOptions"
         }
       },
       "documentation":"<p>The information for a launch template. </p>"
@@ -38413,6 +42422,30 @@
         }
       }
     },
+    "RestoreImageFromRecycleBinRequest":{
+      "type":"structure",
+      "required":["ImageId"],
+      "members":{
+        "ImageId":{
+          "shape":"ImageId",
+          "documentation":"<p>The ID of the AMI to restore.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "RestoreImageFromRecycleBinResult":{
+      "type":"structure",
+      "members":{
+        "Return":{
+          "shape":"Boolean",
+          "documentation":"<p>Returns <code>true</code> if the request succeeds; otherwise, it returns an error.</p>",
+          "locationName":"return"
+        }
+      }
+    },
     "RestoreManagedPrefixListVersionRequest":{
       "type":"structure",
       "required":[
@@ -38449,6 +42482,123 @@
         }
       }
     },
+    "RestoreSnapshotFromRecycleBinRequest":{
+      "type":"structure",
+      "required":["SnapshotId"],
+      "members":{
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot to restore.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "RestoreSnapshotFromRecycleBinResult":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the snapshot.</p>",
+          "locationName":"snapshotId"
+        },
+        "OutpostArn":{
+          "shape":"String",
+          "documentation":"<p>The ARN of the Outpost on which the snapshot is stored. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshots-outposts.html\">Amazon EBS local snapshots on Outposts</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>",
+          "locationName":"outpostArn"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description for the snapshot.</p>",
+          "locationName":"description"
+        },
+        "Encrypted":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the snapshot is encrypted.</p>",
+          "locationName":"encrypted"
+        },
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the EBS snapshot.</p>",
+          "locationName":"ownerId"
+        },
+        "Progress":{
+          "shape":"String",
+          "documentation":"<p>The progress of the snapshot, as a percentage.</p>",
+          "locationName":"progress"
+        },
+        "StartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The time stamp when the snapshot was initiated.</p>",
+          "locationName":"startTime"
+        },
+        "State":{
+          "shape":"SnapshotState",
+          "documentation":"<p>The state of the snapshot.</p>",
+          "locationName":"status"
+        },
+        "VolumeId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the volume that was used to create the snapshot.</p>",
+          "locationName":"volumeId"
+        },
+        "VolumeSize":{
+          "shape":"Integer",
+          "documentation":"<p>The size of the volume, in GiB.</p>",
+          "locationName":"volumeSize"
+        }
+      }
+    },
+    "RestoreSnapshotTierRequest":{
+      "type":"structure",
+      "required":["SnapshotId"],
+      "members":{
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot to restore.</p>"
+        },
+        "TemporaryRestoreDays":{
+          "shape":"RestoreSnapshotTierRequestTemporaryRestoreDays",
+          "documentation":"<p>Specifies the number of days for which to temporarily restore an archived snapshot. Required for temporary restores only. The snapshot will be automatically re-archived after this period.</p> <p>To temporarily restore an archived snapshot, specify the number of days and omit the <b>PermanentRestore</b> parameter or set it to <code>false</code>.</p>"
+        },
+        "PermanentRestore":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to permanently restore an archived snapshot. To permanently restore an archived snapshot, specify <code>true</code> and omit the <b>RestoreSnapshotTierRequest$TemporaryRestoreDays</b> parameter.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "RestoreSnapshotTierRequestTemporaryRestoreDays":{"type":"integer"},
+    "RestoreSnapshotTierResult":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the snapshot.</p>",
+          "locationName":"snapshotId"
+        },
+        "RestoreStartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the snapshot restore process started.</p>",
+          "locationName":"restoreStartTime"
+        },
+        "RestoreDuration":{
+          "shape":"Integer",
+          "documentation":"<p>For temporary restores only. The number of days for which the archived snapshot is temporarily restored.</p>",
+          "locationName":"restoreDuration"
+        },
+        "IsPermanentRestore":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the snapshot is permanently restored. <code>true</code> indicates a permanent restore. <code>false</code> indicates a temporary restore.</p>",
+          "locationName":"isPermanentRestore"
+        }
+      }
+    },
     "ResultRange":{
       "type":"integer",
       "max":500,
@@ -38721,6 +42871,11 @@
           "shape":"String",
           "documentation":"<p>The ID of a VPC peering connection.</p>",
           "locationName":"vpcPeeringConnectionId"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the core network.</p>",
+          "locationName":"coreNetworkArn"
         }
       },
       "documentation":"<p>Describes a route in a route table.</p>"
@@ -38966,7 +43121,7 @@
         },
         "UserData":{
           "shape":"String",
-          "documentation":"<p>The user data to make available to the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html\">Running commands on your Linux instance at launch</a> (Linux) and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html#instancedata-add-user-data\">Adding User Data</a> (Windows). If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.</p>"
+          "documentation":"<p>The user data to make available to the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html\">Run commands on your Linux instance at launch</a> and <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html\">Run commands on your Windows instance at launch</a>. If you are using a command line tool, base64-encoding is performed for you, and you can load the text from a file. Otherwise, you must provide base64-encoded text. User data is limited to 16 KB.</p>"
         },
         "AdditionalInfo":{
           "shape":"String",
@@ -39042,7 +43197,7 @@
         },
         "CpuOptions":{
           "shape":"CpuOptionsRequest",
-          "documentation":"<p>The CPU options for the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html\">Optimizing CPU options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+          "documentation":"<p>The CPU options for the instance. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html\">Optimize CPU options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         },
         "CapacityReservationSpecification":{
           "shape":"CapacityReservationSpecification",
@@ -39064,6 +43219,10 @@
         "EnclaveOptions":{
           "shape":"EnclaveOptionsRequest",
           "documentation":"<p>Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see <a href=\"https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html\"> What is Amazon Web Services Nitro Enclaves?</a> in the <i>Amazon Web Services Nitro Enclaves User Guide</i>.</p> <p>You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.</p>"
+        },
+        "PrivateDnsNameOptions":{
+          "shape":"PrivateDnsNameOptionsRequest",
+          "documentation":"<p>The options for the instance hostname. The default values are inherited from the subnet.</p>"
         }
       }
     },
@@ -40148,6 +44307,11 @@
           "documentation":"<p>Information about the endpoint service private DNS name configuration.</p>",
           "locationName":"privateDnsNameConfiguration"
         },
+        "PayerResponsibility":{
+          "shape":"PayerResponsibility",
+          "documentation":"<p>The payer responsibility.</p>",
+          "locationName":"payerResponsibility"
+        },
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>Any tags assigned to the service.</p>",
@@ -40221,6 +44385,11 @@
           "documentation":"<p>Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.</p>",
           "locationName":"managesVpcEndpoints"
         },
+        "PayerResponsibility":{
+          "shape":"PayerResponsibility",
+          "documentation":"<p>The payer responsibility.</p>",
+          "locationName":"payerResponsibility"
+        },
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>Any tags assigned to the service.</p>",
@@ -40393,6 +44562,16 @@
           "shape":"TagList",
           "documentation":"<p>Any tags assigned to the snapshot.</p>",
           "locationName":"tagSet"
+        },
+        "StorageTier":{
+          "shape":"StorageTier",
+          "documentation":"<p>The storage tier in which the snapshot is stored. <code>standard</code> indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. <code>archive</code> indicates that the snapshot is currently archived and that it must be restored before it can be used.</p>",
+          "locationName":"storageTier"
+        },
+        "RestoreExpiryTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived.</p>",
+          "locationName":"restoreExpiryTime"
         }
       },
       "documentation":"<p>Describes a snapshot.</p>"
@@ -40565,6 +44744,44 @@
         "locationName":"item"
       }
     },
+    "SnapshotRecycleBinInfo":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the snapshot.</p>",
+          "locationName":"snapshotId"
+        },
+        "RecycleBinEnterTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the snaphsot entered the Recycle Bin.</p>",
+          "locationName":"recycleBinEnterTime"
+        },
+        "RecycleBinExitTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the snapshot is to be permanently deleted from the Recycle Bin.</p>",
+          "locationName":"recycleBinExitTime"
+        },
+        "Description":{
+          "shape":"String",
+          "documentation":"<p>The description for the snapshot.</p>",
+          "locationName":"description"
+        },
+        "VolumeId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the volume from which the snapshot was created.</p>",
+          "locationName":"volumeId"
+        }
+      },
+      "documentation":"<p>Information about a snapshot that is currently in the Recycle Bin.</p>"
+    },
+    "SnapshotRecycleBinInfoList":{
+      "type":"list",
+      "member":{
+        "shape":"SnapshotRecycleBinInfo",
+        "locationName":"item"
+      }
+    },
     "SnapshotSet":{
       "type":"list",
       "member":{
@@ -40577,7 +44794,9 @@
       "enum":[
         "pending",
         "completed",
-        "error"
+        "error",
+        "recoverable",
+        "recovering"
       ]
     },
     "SnapshotTaskDetail":{
@@ -40641,6 +44860,72 @@
       },
       "documentation":"<p>Details about the import snapshot task.</p>"
     },
+    "SnapshotTierStatus":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot.</p>",
+          "locationName":"snapshotId"
+        },
+        "VolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume from which the snapshot was created.</p>",
+          "locationName":"volumeId"
+        },
+        "Status":{
+          "shape":"SnapshotState",
+          "documentation":"<p>The state of the snapshot.</p>",
+          "locationName":"status"
+        },
+        "OwnerId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the snapshot.</p>",
+          "locationName":"ownerId"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags that are assigned to the snapshot.</p>",
+          "locationName":"tagSet"
+        },
+        "StorageTier":{
+          "shape":"StorageTier",
+          "documentation":"<p>The storage tier in which the snapshot is stored. <code>standard</code> indicates that the snapshot is stored in the standard snapshot storage tier and that it is ready for use. <code>archive</code> indicates that the snapshot is currently archived and that it must be restored before it can be used.</p>",
+          "locationName":"storageTier"
+        },
+        "LastTieringStartTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the last archive or restore process was started.</p>",
+          "locationName":"lastTieringStartTime"
+        },
+        "LastTieringProgress":{
+          "shape":"Integer",
+          "documentation":"<p>The progress of the last archive or restore process, as a percentage.</p>",
+          "locationName":"lastTieringProgress"
+        },
+        "LastTieringOperationStatus":{
+          "shape":"TieringOperationStatus",
+          "documentation":"<p>The status of the last archive or restore process.</p>",
+          "locationName":"lastTieringOperationStatus"
+        },
+        "LastTieringOperationStatusDetail":{
+          "shape":"String",
+          "documentation":"<p>A message describing the status of the last archive or restore process.</p>",
+          "locationName":"lastTieringOperationStatusDetail"
+        },
+        "ArchivalCompleteTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>The date and time when the last archive process was completed.</p>",
+          "locationName":"archivalCompleteTime"
+        },
+        "RestoreExpiryTime":{
+          "shape":"MillisecondDateTime",
+          "documentation":"<p>Only for archived snapshots that are temporarily restored. Indicates the date and time when a temporarily restored snapshot will be automatically re-archived.</p>",
+          "locationName":"restoreExpiryTime"
+        }
+      },
+      "documentation":"<p>Provides information about a snapshot's storage tier.</p>"
+    },
     "SpotAllocationStrategy":{
       "type":"string",
       "enum":[
@@ -40660,11 +44945,11 @@
         },
         "TerminationDelay":{
           "shape":"Integer",
-          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p>",
+          "documentation":"<p>The amount of time (in seconds) that Amazon EC2 waits before terminating the old Spot Instance after launching a new replacement Spot Instance.</p> <p>Required when <code>ReplacementStrategy</code> is set to <code>launch-before-terminate</code>.</p> <p>Not valid when <code>ReplacementStrategy</code> is set to <code>launch</code>.</p> <p>Valid values: Minimum value of <code>120</code> seconds. Maximum value of <code>7200</code> seconds.</p>",
           "locationName":"terminationDelay"
         }
       },
-      "documentation":"<p>The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-configuration-strategies.html#spot-fleet-capacity-rebalance\">Capacity rebalancing</a> in the <i>Amazon EC2 User Guide for Linux Instances</i>.</p>"
+      "documentation":"<p>The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-capacity-rebalance.html\">Capacity rebalancing</a> in the <i>Amazon EC2 User Guide for Linux Instances</i>.</p>"
     },
     "SpotDatafeedSubscription":{
       "type":"structure",
@@ -41206,7 +45491,7 @@
       "members":{
         "CapacityRebalance":{
           "shape":"SpotCapacityRebalance",
-          "documentation":"<p>The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted.</p>",
+          "documentation":"<p>The Spot Instance replacement strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-capacity-rebalance.html\">Capacity rebalancing</a> in the <i>Amazon EC2 User Guide for Linux Instances</i>.</p>",
           "locationName":"capacityRebalance"
         }
       },
@@ -41243,7 +45528,7 @@
       "members":{
         "AllocationStrategy":{
           "shape":"SpotAllocationStrategy",
-          "documentation":"<p>Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.</p> <p>If the allocation strategy is <code>lowest-price</code>, EC2 Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.</p> <p>If the allocation strategy is <code>diversified</code>, EC2 Fleet launches instances from all of the Spot Instance pools that you specify.</p> <p>If the allocation strategy is <code>capacity-optimized</code> (recommended), EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use <code>capacity-optimized-prioritized</code>. Set a priority for each instance type by using the <code>Priority</code> parameter for <code>LaunchTemplateOverrides</code>. You can assign the same priority to different <code>LaunchTemplateOverrides</code>. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. <code>capacity-optimized-prioritized</code> is supported only if your fleet uses a launch template. Note that if the On-Demand <code>AllocationStrategy</code> is set to <code>prioritized</code>, the same priority is applied when fulfilling On-Demand capacity.</p>",
+          "documentation":"<p>The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.</p> <p> <code>lowest-price</code> - EC2 Fleet launches instances from the Spot Instance pools with the lowest price.</p> <p> <code>diversified</code> - EC2 Fleet launches instances from all of the Spot Instance pools that you specify.</p> <p> <code>capacity-optimized</code> (recommended) - EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use <code>capacity-optimized-prioritized</code>. Set a priority for each instance type by using the <code>Priority</code> parameter for <code>LaunchTemplateOverrides</code>. You can assign the same priority to different <code>LaunchTemplateOverrides</code>. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. <code>capacity-optimized-prioritized</code> is supported only if your fleet uses a launch template. Note that if the On-Demand <code>AllocationStrategy</code> is set to <code>prioritized</code>, the same priority is applied when fulfilling On-Demand capacity.</p> <p>Default: <code>lowest-price</code> </p>",
           "locationName":"allocationStrategy"
         },
         "MaintenanceStrategies":{
@@ -41253,27 +45538,27 @@
         },
         "InstanceInterruptionBehavior":{
           "shape":"SpotInstanceInterruptionBehavior",
-          "documentation":"<p>The behavior when a Spot Instance is interrupted. The default is <code>terminate</code>.</p>",
+          "documentation":"<p>The behavior when a Spot Instance is interrupted.</p> <p>Default: <code>terminate</code> </p>",
           "locationName":"instanceInterruptionBehavior"
         },
         "InstancePoolsToUseCount":{
           "shape":"Integer",
-          "documentation":"<p>The number of Spot pools across which to allocate your target Spot capacity. Valid only when <b>AllocationStrategy</b> is set to <code>lowest-price</code>. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.</p> <p>Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.</p>",
+          "documentation":"<p>The number of Spot pools across which to allocate your target Spot capacity. Supported only when <code>AllocationStrategy</code> is set to <code>lowest-price</code>. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.</p> <p>Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.</p>",
           "locationName":"instancePoolsToUseCount"
         },
         "SingleInstanceType":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. Supported only for fleets of type <code>instant</code>.</p>",
+          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.</p> <p>Supported only for fleets of type <code>instant</code>.</p>",
           "locationName":"singleInstanceType"
         },
         "SingleAvailabilityZone":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet launches all Spot Instances into a single Availability Zone. Supported only for fleets of type <code>instant</code>.</p>",
+          "documentation":"<p>Indicates that the fleet launches all Spot Instances into a single Availability Zone.</p> <p>Supported only for fleets of type <code>instant</code>.</p>",
           "locationName":"singleAvailabilityZone"
         },
         "MinTargetCapacity":{
           "shape":"Integer",
-          "documentation":"<p>The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p>",
+          "documentation":"<p>The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p> <p>Supported only for fleets of type <code>instant</code>.</p> <p>At least one of the following must be specified: <code>SingleAvailabilityZone</code> | <code>SingleInstanceType</code> </p>",
           "locationName":"minTargetCapacity"
         },
         "MaxTotalPrice":{
@@ -41289,7 +45574,7 @@
       "members":{
         "AllocationStrategy":{
           "shape":"SpotAllocationStrategy",
-          "documentation":"<p>Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.</p> <p>If the allocation strategy is <code>lowest-price</code>, EC2 Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.</p> <p>If the allocation strategy is <code>diversified</code>, EC2 Fleet launches instances from all of the Spot Instance pools that you specify.</p> <p>If the allocation strategy is <code>capacity-optimized</code> (recommended), EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use <code>capacity-optimized-prioritized</code>. Set a priority for each instance type by using the <code>Priority</code> parameter for <code>LaunchTemplateOverrides</code>. You can assign the same priority to different <code>LaunchTemplateOverrides</code>. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. <code>capacity-optimized-prioritized</code> is supported only if your fleet uses a launch template. Note that if the On-Demand <code>AllocationStrategy</code> is set to <code>prioritized</code>, the same priority is applied when fulfilling On-Demand capacity.</p>"
+          "documentation":"<p>The strategy that determines how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.</p> <p> <code>lowest-price</code> - EC2 Fleet launches instances from the Spot Instance pools with the lowest price.</p> <p> <code>diversified</code> - EC2 Fleet launches instances from all of the Spot Instance pools that you specify.</p> <p> <code>capacity-optimized</code> (recommended) - EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use <code>capacity-optimized-prioritized</code>. Set a priority for each instance type by using the <code>Priority</code> parameter for <code>LaunchTemplateOverrides</code>. You can assign the same priority to different <code>LaunchTemplateOverrides</code>. EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. <code>capacity-optimized-prioritized</code> is supported only if your fleet uses a launch template. Note that if the On-Demand <code>AllocationStrategy</code> is set to <code>prioritized</code>, the same priority is applied when fulfilling On-Demand capacity.</p> <p>Default: <code>lowest-price</code> </p>"
         },
         "MaintenanceStrategies":{
           "shape":"FleetSpotMaintenanceStrategiesRequest",
@@ -41297,23 +45582,23 @@
         },
         "InstanceInterruptionBehavior":{
           "shape":"SpotInstanceInterruptionBehavior",
-          "documentation":"<p>The behavior when a Spot Instance is interrupted. The default is <code>terminate</code>.</p>"
+          "documentation":"<p>The behavior when a Spot Instance is interrupted.</p> <p>Default: <code>terminate</code> </p>"
         },
         "InstancePoolsToUseCount":{
           "shape":"Integer",
-          "documentation":"<p>The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot <b>AllocationStrategy</b> is set to <code>lowest-price</code>. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.</p> <p>Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.</p>"
+          "documentation":"<p>The number of Spot pools across which to allocate your target Spot capacity. Supported only when Spot <code>AllocationStrategy</code> is set to <code>lowest-price</code>. EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.</p> <p>Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.</p>"
         },
         "SingleInstanceType":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. Supported only for fleets of type <code>instant</code>.</p>"
+          "documentation":"<p>Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet.</p> <p>Supported only for fleets of type <code>instant</code>.</p>"
         },
         "SingleAvailabilityZone":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates that the fleet launches all Spot Instances into a single Availability Zone. Supported only for fleets of type <code>instant</code>.</p>"
+          "documentation":"<p>Indicates that the fleet launches all Spot Instances into a single Availability Zone.</p> <p>Supported only for fleets of type <code>instant</code>.</p>"
         },
         "MinTargetCapacity":{
           "shape":"Integer",
-          "documentation":"<p>The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p>"
+          "documentation":"<p>The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.</p> <p>Supported only for fleets of type <code>instant</code>.</p> <p>At least one of the following must be specified: <code>SingleAvailabilityZone</code> | <code>SingleInstanceType</code> </p>"
         },
         "MaxTotalPrice":{
           "shape":"String",
@@ -41536,6 +45821,43 @@
         }
       }
     },
+    "StartNetworkInsightsAccessScopeAnalysisRequest":{
+      "type":"structure",
+      "required":[
+        "NetworkInsightsAccessScopeId",
+        "ClientToken"
+      ],
+      "members":{
+        "NetworkInsightsAccessScopeId":{
+          "shape":"NetworkInsightsAccessScopeId",
+          "documentation":"<p>The ID of the Network Access Scope.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "TagSpecifications":{
+          "shape":"TagSpecificationList",
+          "documentation":"<p>The tags to apply.</p>",
+          "locationName":"TagSpecification"
+        },
+        "ClientToken":{
+          "shape":"String",
+          "documentation":"<p>Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">How to ensure idempotency</a>.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "StartNetworkInsightsAccessScopeAnalysisResult":{
+      "type":"structure",
+      "members":{
+        "NetworkInsightsAccessScopeAnalysis":{
+          "shape":"NetworkInsightsAccessScopeAnalysis",
+          "documentation":"<p>The Network Access Scope analysis.</p>",
+          "locationName":"networkInsightsAccessScopeAnalysis"
+        }
+      }
+    },
     "StartNetworkInsightsAnalysisRequest":{
       "type":"structure",
       "required":[
@@ -41718,6 +46040,13 @@
       },
       "documentation":"<p>Describes a storage location in Amazon S3.</p>"
     },
+    "StorageTier":{
+      "type":"string",
+      "enum":[
+        "archive",
+        "standard"
+      ]
+    },
     "StoreImageTaskResult":{
       "type":"structure",
       "members":{
@@ -41802,6 +46131,11 @@
           "documentation":"<p>Indicates whether this is the default subnet for the Availability Zone.</p>",
           "locationName":"defaultForAz"
         },
+        "EnableLniAtDeviceIndex":{
+          "shape":"Integer",
+          "documentation":"<p> Indicates the device position for local network interfaces in this subnet. For example, <code>1</code> indicates local network interfaces in this subnet are the secondary network interface (eth1). </p>",
+          "locationName":"enableLniAtDeviceIndex"
+        },
         "MapPublicIpOnLaunch":{
           "shape":"Boolean",
           "documentation":"<p>Indicates whether instances launched in this subnet receive a public IPv4 address.</p>",
@@ -41861,6 +46195,21 @@
           "shape":"String",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Outpost.</p>",
           "locationName":"outpostArn"
+        },
+        "EnableDns64":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.</p>",
+          "locationName":"enableDns64"
+        },
+        "Ipv6Native":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this is an IPv6 only subnet.</p>",
+          "locationName":"ipv6Native"
+        },
+        "PrivateDnsNameOptionsOnLaunch":{
+          "shape":"PrivateDnsNameOptionsOnLaunch",
+          "documentation":"<p>The type of hostnames to assign to instances in the subnet at launch. An instance hostname is based on the IPv4 address or ID of the instance.</p>",
+          "locationName":"privateDnsNameOptionsOnLaunch"
         }
       },
       "documentation":"<p>Describes a subnet.</p>"
@@ -41985,7 +46334,7 @@
       "members":{
         "AssociationId":{
           "shape":"SubnetCidrAssociationId",
-          "documentation":"<p>The association ID for the CIDR block.</p>",
+          "documentation":"<p>The ID of the association.</p>",
           "locationName":"associationId"
         },
         "Ipv6CidrBlock":{
@@ -41995,11 +46344,11 @@
         },
         "Ipv6CidrBlockState":{
           "shape":"SubnetCidrBlockState",
-          "documentation":"<p>Information about the state of the CIDR block.</p>",
+          "documentation":"<p>The state of the CIDR block.</p>",
           "locationName":"ipv6CidrBlockState"
         }
       },
-      "documentation":"<p>Describes an IPv6 CIDR block associated with a subnet.</p>"
+      "documentation":"<p>Describes an association between a subnet and an IPv6 CIDR block.</p>"
     },
     "SubnetIpv6CidrBlockAssociationSet":{
       "type":"list",
@@ -42349,6 +46698,10 @@
         "locationName":"item"
       }
     },
+    "TargetStorageTier":{
+      "type":"string",
+      "enum":["archive"]
+    },
     "TelemetryStatus":{
       "type":"string",
       "enum":[
@@ -42468,6 +46821,55 @@
         "locationName":"item"
       }
     },
+    "ThroughResourcesStatement":{
+      "type":"structure",
+      "members":{
+        "ResourceStatement":{
+          "shape":"ResourceStatement",
+          "documentation":"<p>The resource statement.</p>",
+          "locationName":"resourceStatement"
+        }
+      },
+      "documentation":"<p>Describes a through resource statement.</p>"
+    },
+    "ThroughResourcesStatementList":{
+      "type":"list",
+      "member":{
+        "shape":"ThroughResourcesStatement",
+        "locationName":"item"
+      }
+    },
+    "ThroughResourcesStatementRequest":{
+      "type":"structure",
+      "members":{
+        "ResourceStatement":{
+          "shape":"ResourceStatementRequest",
+          "documentation":"<p>The resource statement.</p>"
+        }
+      },
+      "documentation":"<p>Describes a through resource statement.</p>"
+    },
+    "ThroughResourcesStatementRequestList":{
+      "type":"list",
+      "member":{
+        "shape":"ThroughResourcesStatementRequest",
+        "locationName":"item"
+      }
+    },
+    "TieringOperationStatus":{
+      "type":"string",
+      "enum":[
+        "archival-in-progress",
+        "archival-completed",
+        "archival-failed",
+        "temporary-restore-in-progress",
+        "temporary-restore-completed",
+        "temporary-restore-failed",
+        "permanent-restore-in-progress",
+        "permanent-restore-completed",
+        "permanent-restore-failed"
+      ]
+    },
     "TotalLocalStorageGB":{
       "type":"structure",
       "members":{
@@ -46070,7 +50472,7 @@
           "locationName":"coreNetworkAttachmentArn"
         },
         "GatewayAssociationState":{
-          "shape":"String",
+          "shape":"GatewayAssociationState",
           "documentation":"<p>The current state of the gateway association.</p>",
           "locationName":"gatewayAssociationState"
         },
@@ -46380,7 +50782,7 @@
         },
         "DPDTimeoutSeconds":{
           "shape":"Integer",
-          "documentation":"<p>The number of seconds after which a DPD timeout occurs.</p> <p>Constraints: A value between 0 and 30.</p> <p>Default: <code>30</code> </p>"
+          "documentation":"<p>The number of seconds after which a DPD timeout occurs.</p> <p>Constraints: A value greater than or equal to 30.</p> <p>Default: <code>30</code> </p>"
         },
         "DPDTimeoutAction":{
           "shape":"String",
@@ -46489,8 +50891,15 @@
         "Region"
       ]
     },
+    "snapshotTierStatusSet":{
+      "type":"list",
+      "member":{
+        "shape":"SnapshotTierStatus",
+        "locationName":"item"
+      }
+    },
     "totalFpgaMemory":{"type":"integer"},
     "totalGpuMemory":{"type":"integer"}
   },
-  "documentation":"<fullname>Amazon Elastic Compute Cloud</fullname> <p>Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the AWS Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.</p> <p>To learn more, see the following resources:</p> <ul> <li> <p>Amazon EC2: <a href=\"http://aws.amazon.com/ec2\">AmazonEC2 product page</a>, <a href=\"http://aws.amazon.com/documentation/ec2\">Amazon EC2 documentation</a> </p> </li> <li> <p>Amazon EBS: <a href=\"http://aws.amazon.com/ebs\">Amazon EBS product page</a>, <a href=\"http://aws.amazon.com/documentation/ebs\">Amazon EBS documentation</a> </p> </li> <li> <p>Amazon VPC: <a href=\"http://aws.amazon.com/vpc\">Amazon VPC product page</a>, <a href=\"http://aws.amazon.com/documentation/vpc\">Amazon VPC documentation</a> </p> </li> <li> <p>AWS VPN: <a href=\"http://aws.amazon.com/vpn\">AWS VPN product page</a>, <a href=\"http://aws.amazon.com/documentation/vpn\">AWS VPN documentation</a> </p> </li> </ul>"
+  "documentation":"<fullname>Amazon Elastic Compute Cloud</fullname> <p>Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the Amazon Web Services Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the Amazon Web Services Cloud where you can launch Amazon Web Services resources in a virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.</p> <p>To learn more, see the following resources:</p> <ul> <li> <p>Amazon EC2: <a href=\"http://aws.amazon.com/ec2\">AmazonEC2 product page</a>, <a href=\"http://aws.amazon.com/documentation/ec2\">Amazon EC2 documentation</a> </p> </li> <li> <p>Amazon EBS: <a href=\"http://aws.amazon.com/ebs\">Amazon EBS product page</a>, <a href=\"http://aws.amazon.com/documentation/ebs\">Amazon EBS documentation</a> </p> </li> <li> <p>Amazon VPC: <a href=\"http://aws.amazon.com/vpc\">Amazon VPC product page</a>, <a href=\"http://aws.amazon.com/documentation/vpc\">Amazon VPC documentation</a> </p> </li> <li> <p>Amazon Web Services VPN: <a href=\"http://aws.amazon.com/vpn\">Amazon Web Services VPN product page</a>, <a href=\"http://aws.amazon.com/documentation/vpn\">Amazon Web Services VPN documentation</a> </p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/waiters-2.json b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/waiters-2.json
index 133c6800b5f..75d0696523d 100644
--- a/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/waiters-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ec2/2016-11-15/waiters-2.json
@@ -281,6 +281,24 @@
         }
       ]
     },
+    "InternetGatewayExists": {
+      "operation": "DescribeInternetGateways",
+      "delay": 5,
+      "maxAttempts": 6,
+      "acceptors": [
+        {
+          "expected": true,
+          "matcher": "path",
+          "state": "success",
+          "argument": "length(InternetGateways[].InternetGatewayId) > `0`"
+        },
+        {
+          "expected": "InvalidInternetGateway.NotFound",
+          "matcher": "error",
+          "state": "retry"
+        }
+      ]
+    },
     "KeyPairExists": {
       "operation": "DescribeKeyPairs",
       "delay": 5,
diff --git a/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/paginators-1.json b/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/paginators-1.json
index bc0ca83b09c..cf908018545 100644
--- a/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/paginators-1.json
@@ -43,6 +43,12 @@
       ],
       "output_token": "nextToken",
       "result_key": "previewResults"
+    },
+    "DescribePullThroughCacheRules": {
+      "input_token": "nextToken",
+      "limit_key": "maxResults",
+      "output_token": "nextToken",
+      "result_key": "pullThroughCacheRules"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/service-2.json b/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/service-2.json
index a53d4ee1f8e..eb275f5455f 100644
--- a/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ecr/2015-09-21/service-2.json
@@ -59,6 +59,22 @@
       ],
       "documentation":"<p>Gets detailed information for an image. Images are specified with either an <code>imageTag</code> or <code>imageDigest</code>.</p> <p>When an image is pulled, the BatchGetImage API is called once to retrieve the image manifest.</p>"
     },
+    "BatchGetRepositoryScanningConfiguration":{
+      "name":"BatchGetRepositoryScanningConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"BatchGetRepositoryScanningConfigurationRequest"},
+      "output":{"shape":"BatchGetRepositoryScanningConfigurationResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"RepositoryNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the scanning configuration for one or more repositories.</p>"
+    },
     "CompleteLayerUpload":{
       "name":"CompleteLayerUpload",
       "http":{
@@ -80,6 +96,24 @@
       ],
       "documentation":"<p>Informs Amazon ECR that the image layer upload has completed for a specified registry, repository name, and upload ID. You can optionally provide a <code>sha256</code> digest of the image layer for data validation purposes.</p> <p>When an image is pushed, the CompleteLayerUpload API is called once per each new image layer to verify that the upload has completed.</p> <note> <p>This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the <code>docker</code> CLI to pull, tag, and push images.</p> </note>"
     },
+    "CreatePullThroughCacheRule":{
+      "name":"CreatePullThroughCacheRule",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreatePullThroughCacheRuleRequest"},
+      "output":{"shape":"CreatePullThroughCacheRuleResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ValidationException"},
+        {"shape":"PullThroughCacheRuleAlreadyExistsException"},
+        {"shape":"UnsupportedUpstreamRegistryException"},
+        {"shape":"LimitExceededException"}
+      ],
+      "documentation":"<p>Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an external public registry in your Amazon ECR private registry.</p>"
+    },
     "CreateRepository":{
       "name":"CreateRepository",
       "http":{
@@ -115,6 +149,22 @@
       ],
       "documentation":"<p>Deletes the lifecycle policy associated with the specified repository.</p>"
     },
+    "DeletePullThroughCacheRule":{
+      "name":"DeletePullThroughCacheRule",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeletePullThroughCacheRuleRequest"},
+      "output":{"shape":"DeletePullThroughCacheRuleResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ValidationException"},
+        {"shape":"PullThroughCacheRuleNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a pull through cache rule.</p>"
+    },
     "DeleteRegistryPolicy":{
       "name":"DeleteRegistryPolicy",
       "http":{
@@ -194,7 +244,8 @@
         {"shape":"InvalidParameterException"},
         {"shape":"RepositoryNotFoundException"},
         {"shape":"ImageNotFoundException"},
-        {"shape":"ScanNotFoundException"}
+        {"shape":"ScanNotFoundException"},
+        {"shape":"ValidationException"}
       ],
       "documentation":"<p>Returns the scan findings for the specified image.</p>"
     },
@@ -214,6 +265,22 @@
       ],
       "documentation":"<p>Returns metadata about the images in a repository.</p> <note> <p>Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the <code>docker images</code> command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by <a>DescribeImages</a>.</p> </note>"
     },
+    "DescribePullThroughCacheRules":{
+      "name":"DescribePullThroughCacheRules",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribePullThroughCacheRulesRequest"},
+      "output":{"shape":"DescribePullThroughCacheRulesResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ValidationException"},
+        {"shape":"PullThroughCacheRuleNotFoundException"}
+      ],
+      "documentation":"<p>Returns the pull through cache rules for a registry.</p>"
+    },
     "DescribeRegistry":{
       "name":"DescribeRegistry",
       "http":{
@@ -323,6 +390,21 @@
       ],
       "documentation":"<p>Retrieves the permissions policy for a registry.</p>"
     },
+    "GetRegistryScanningConfiguration":{
+      "name":"GetRegistryScanningConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetRegistryScanningConfigurationRequest"},
+      "output":{"shape":"GetRegistryScanningConfigurationResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves the scanning configuration for a registry.</p>"
+    },
     "GetRepositoryPolicy":{
       "name":"GetRepositoryPolicy",
       "http":{
@@ -418,7 +500,8 @@
       "errors":[
         {"shape":"ServerException"},
         {"shape":"InvalidParameterException"},
-        {"shape":"RepositoryNotFoundException"}
+        {"shape":"RepositoryNotFoundException"},
+        {"shape":"ValidationException"}
       ],
       "documentation":"<p>Updates the image scanning configuration for the specified repository.</p>"
     },
@@ -467,6 +550,21 @@
       ],
       "documentation":"<p>Creates or updates the permissions policy for your registry.</p> <p>A registry policy is used to specify permissions for another Amazon Web Services account and is used when configuring cross-account replication. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry-permissions.html\">Registry permissions</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
     },
+    "PutRegistryScanningConfiguration":{
+      "name":"PutRegistryScanningConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PutRegistryScanningConfigurationRequest"},
+      "output":{"shape":"PutRegistryScanningConfigurationResponse"},
+      "errors":[
+        {"shape":"ServerException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Creates or updates the scanning configuration for your private registry.</p>"
+    },
     "PutReplicationConfiguration":{
       "name":"PutReplicationConfiguration",
       "http":{
@@ -511,7 +609,8 @@
         {"shape":"UnsupportedImageTypeException"},
         {"shape":"LimitExceededException"},
         {"shape":"RepositoryNotFoundException"},
-        {"shape":"ImageNotFoundException"}
+        {"shape":"ImageNotFoundException"},
+        {"shape":"ValidationException"}
       ],
       "documentation":"<p>Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html\">Image scanning</a> in the <i>Amazon Elastic Container Registry User Guide</i>.</p>"
     },
@@ -587,6 +686,7 @@
     }
   },
   "shapes":{
+    "Arch":{"type":"string"},
     "Arn":{"type":"string"},
     "Attribute":{
       "type":"structure",
@@ -619,6 +719,7 @@
       "max":256,
       "min":1
     },
+    "Author":{"type":"string"},
     "AuthorizationData":{
       "type":"structure",
       "members":{
@@ -641,10 +742,49 @@
       "type":"list",
       "member":{"shape":"AuthorizationData"}
     },
+    "AwsEcrContainerImageDetails":{
+      "type":"structure",
+      "members":{
+        "architecture":{
+          "shape":"Arch",
+          "documentation":"<p>The architecture of the Amazon ECR container image.</p>"
+        },
+        "author":{
+          "shape":"Author",
+          "documentation":"<p>The image author of the Amazon ECR container image.</p>"
+        },
+        "imageHash":{
+          "shape":"ImageDigest",
+          "documentation":"<p>The image hash of the Amazon ECR container image.</p>"
+        },
+        "imageTags":{
+          "shape":"ImageTagsList",
+          "documentation":"<p>The image tags attached to the Amazon ECR container image.</p>"
+        },
+        "platform":{
+          "shape":"Platform",
+          "documentation":"<p>The platform of the Amazon ECR container image.</p>"
+        },
+        "pushedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time the Amazon ECR container image was pushed.</p>"
+        },
+        "registry":{
+          "shape":"RegistryId",
+          "documentation":"<p>The registry the Amazon ECR container image belongs to.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository the Amazon ECR container image resides in.</p>"
+        }
+      },
+      "documentation":"<p>The image details of the Amazon ECR container image.</p>"
+    },
     "Base64":{
       "type":"string",
       "pattern":"^\\S+$"
     },
+    "BaseScore":{"type":"double"},
     "BatchCheckLayerAvailabilityRequest":{
       "type":"structure",
       "required":[
@@ -752,6 +892,29 @@
         }
       }
     },
+    "BatchGetRepositoryScanningConfigurationRequest":{
+      "type":"structure",
+      "required":["repositoryNames"],
+      "members":{
+        "repositoryNames":{
+          "shape":"ScanningConfigurationRepositoryNameList",
+          "documentation":"<p>One or more repository names to get the scanning configuration for.</p>"
+        }
+      }
+    },
+    "BatchGetRepositoryScanningConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "scanningConfigurations":{
+          "shape":"RepositoryScanningConfigurationList",
+          "documentation":"<p>The scanning configuration for the requested repositories.</p>"
+        },
+        "failures":{
+          "shape":"RepositoryScanningConfigurationFailureList",
+          "documentation":"<p>Any failures associated with the call.</p>"
+        }
+      }
+    },
     "BatchedOperationLayerDigest":{
       "type":"string",
       "max":1000,
@@ -810,13 +973,55 @@
         }
       }
     },
+    "CreatePullThroughCacheRuleRequest":{
+      "type":"structure",
+      "required":[
+        "ecrRepositoryPrefix",
+        "upstreamRegistryUrl"
+      ],
+      "members":{
+        "ecrRepositoryPrefix":{
+          "shape":"PullThroughCacheRuleRepositoryPrefix",
+          "documentation":"<p>The repository name prefix to use when caching images from the source registry.</p>"
+        },
+        "upstreamRegistryUrl":{
+          "shape":"Url",
+          "documentation":"<p>The registry URL of the upstream public registry to use as the source for the pull through cache rule.</p>"
+        },
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.</p>"
+        }
+      }
+    },
+    "CreatePullThroughCacheRuleResponse":{
+      "type":"structure",
+      "members":{
+        "ecrRepositoryPrefix":{
+          "shape":"PullThroughCacheRuleRepositoryPrefix",
+          "documentation":"<p>The Amazon ECR repository prefix associated with the pull through cache rule.</p>"
+        },
+        "upstreamRegistryUrl":{
+          "shape":"Url",
+          "documentation":"<p>The upstream registry URL associated with the pull through cache rule.</p>"
+        },
+        "createdAt":{
+          "shape":"CreationTimestamp",
+          "documentation":"<p>The date and time, in JavaScript date format, when the pull through cache rule was created.</p>"
+        },
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The registry ID associated with the request.</p>"
+        }
+      }
+    },
     "CreateRepositoryRequest":{
       "type":"structure",
       "required":["repositoryName"],
       "members":{
         "registryId":{
           "shape":"RegistryId",
-          "documentation":"<p>The AWS account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.</p>"
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry to create the repository. If you do not specify a registry, the default registry is assumed.</p>"
         },
         "repositoryName":{
           "shape":"RepositoryName",
@@ -850,6 +1055,77 @@
       }
     },
     "CreationTimestamp":{"type":"timestamp"},
+    "CvssScore":{
+      "type":"structure",
+      "members":{
+        "baseScore":{
+          "shape":"BaseScore",
+          "documentation":"<p>The base CVSS score used for the finding.</p>"
+        },
+        "scoringVector":{
+          "shape":"ScoringVector",
+          "documentation":"<p>The vector string of the CVSS score.</p>"
+        },
+        "source":{
+          "shape":"Source",
+          "documentation":"<p>The source of the CVSS score.</p>"
+        },
+        "version":{
+          "shape":"Version",
+          "documentation":"<p>The version of CVSS used for the score.</p>"
+        }
+      },
+      "documentation":"<p>The CVSS score for a finding.</p>"
+    },
+    "CvssScoreAdjustment":{
+      "type":"structure",
+      "members":{
+        "metric":{
+          "shape":"Metric",
+          "documentation":"<p>The metric used to adjust the CVSS score.</p>"
+        },
+        "reason":{
+          "shape":"Reason",
+          "documentation":"<p>The reason the CVSS score has been adjustment.</p>"
+        }
+      },
+      "documentation":"<p>Details on adjustments Amazon Inspector made to the CVSS score for a finding.</p>"
+    },
+    "CvssScoreAdjustmentList":{
+      "type":"list",
+      "member":{"shape":"CvssScoreAdjustment"}
+    },
+    "CvssScoreDetails":{
+      "type":"structure",
+      "members":{
+        "adjustments":{
+          "shape":"CvssScoreAdjustmentList",
+          "documentation":"<p>An object that contains details about adjustment Amazon Inspector made to the CVSS score.</p>"
+        },
+        "score":{
+          "shape":"Score",
+          "documentation":"<p>The CVSS score.</p>"
+        },
+        "scoreSource":{
+          "shape":"Source",
+          "documentation":"<p>The source for the CVSS score.</p>"
+        },
+        "scoringVector":{
+          "shape":"ScoringVector",
+          "documentation":"<p>The vector for the CVSS score.</p>"
+        },
+        "version":{
+          "shape":"Version",
+          "documentation":"<p>The CVSS version used in scoring.</p>"
+        }
+      },
+      "documentation":"<p>Information about the CVSS score.</p>"
+    },
+    "CvssScoreList":{
+      "type":"list",
+      "member":{"shape":"CvssScore"}
+    },
+    "Date":{"type":"timestamp"},
     "DeleteLifecyclePolicyRequest":{
       "type":"structure",
       "required":["repositoryName"],
@@ -885,6 +1161,41 @@
         }
       }
     },
+    "DeletePullThroughCacheRuleRequest":{
+      "type":"structure",
+      "required":["ecrRepositoryPrefix"],
+      "members":{
+        "ecrRepositoryPrefix":{
+          "shape":"PullThroughCacheRuleRepositoryPrefix",
+          "documentation":"<p>The Amazon ECR repository prefix associated with the pull through cache rule to delete.</p>"
+        },
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.</p>"
+        }
+      }
+    },
+    "DeletePullThroughCacheRuleResponse":{
+      "type":"structure",
+      "members":{
+        "ecrRepositoryPrefix":{
+          "shape":"PullThroughCacheRuleRepositoryPrefix",
+          "documentation":"<p>The Amazon ECR repository prefix associated with the request.</p>"
+        },
+        "upstreamRegistryUrl":{
+          "shape":"Url",
+          "documentation":"<p>The upstream registry URL associated with the pull through cache rule.</p>"
+        },
+        "createdAt":{
+          "shape":"CreationTimestamp",
+          "documentation":"<p>The timestamp associated with the pull through cache rule.</p>"
+        },
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The registry ID associated with the request.</p>"
+        }
+      }
+    },
     "DeleteRegistryPolicyRequest":{
       "type":"structure",
       "members":{
@@ -1098,6 +1409,40 @@
         }
       }
     },
+    "DescribePullThroughCacheRulesRequest":{
+      "type":"structure",
+      "members":{
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.</p>"
+        },
+        "ecrRepositoryPrefixes":{
+          "shape":"PullThroughCacheRuleRepositoryPrefixList",
+          "documentation":"<p>The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The <code>nextToken</code> value returned from a previous paginated <code>DescribePullThroughCacheRulesRequest</code> request where <code>maxResults</code> was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the <code>nextToken</code> value. This value is null when there are no more results to return.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of pull through cache rules returned by <code>DescribePullThroughCacheRulesRequest</code> in paginated output. When this parameter is used, <code>DescribePullThroughCacheRulesRequest</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>DescribePullThroughCacheRulesRequest</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 1000. If this parameter is not used, then <code>DescribePullThroughCacheRulesRequest</code> returns up to 100 results and a <code>nextToken</code> value, if applicable.</p>"
+        }
+      }
+    },
+    "DescribePullThroughCacheRulesResponse":{
+      "type":"structure",
+      "members":{
+        "pullThroughCacheRules":{
+          "shape":"PullThroughCacheRuleList",
+          "documentation":"<p>The details of the pull through cache rules.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The <code>nextToken</code> value to include in a future <code>DescribePullThroughCacheRulesRequest</code> request. When the results of a <code>DescribePullThroughCacheRulesRequest</code> request exceed <code>maxResults</code>, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.</p>"
+        }
+      }
+    },
     "DescribeRegistryRequest":{
       "type":"structure",
       "members":{
@@ -1167,7 +1512,7 @@
       "members":{
         "encryptionType":{
           "shape":"EncryptionType",
-          "documentation":"<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide.</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide.</i>.</p>"
+          "documentation":"<p>The encryption type to use.</p> <p>If you use the <code>KMS</code> encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html\">Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p> <p>If you use the <code>AES256</code> encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES-256 encryption algorithm. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)</a> in the <i>Amazon Simple Storage Service Console Developer Guide</i>.</p>"
         },
         "kmsKey":{
           "shape":"KmsKey",
@@ -1183,9 +1528,82 @@
         "KMS"
       ]
     },
+    "EnhancedImageScanFinding":{
+      "type":"structure",
+      "members":{
+        "awsAccountId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the image.</p>"
+        },
+        "description":{
+          "shape":"FindingDescription",
+          "documentation":"<p>The description of the finding.</p>"
+        },
+        "findingArn":{
+          "shape":"FindingArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the finding.</p>"
+        },
+        "firstObservedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time that the finding was first observed.</p>"
+        },
+        "lastObservedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time that the finding was last observed.</p>"
+        },
+        "packageVulnerabilityDetails":{
+          "shape":"PackageVulnerabilityDetails",
+          "documentation":"<p>An object that contains the details of a package vulnerability finding.</p>"
+        },
+        "remediation":{
+          "shape":"Remediation",
+          "documentation":"<p>An object that contains the details about how to remediate a finding.</p>"
+        },
+        "resources":{
+          "shape":"ResourceList",
+          "documentation":"<p>Contains information on the resources involved in a finding.</p>"
+        },
+        "score":{
+          "shape":"Score",
+          "documentation":"<p>The Amazon Inspector score given to the finding.</p>"
+        },
+        "scoreDetails":{
+          "shape":"ScoreDetails",
+          "documentation":"<p>An object that contains details of the Amazon Inspector score.</p>"
+        },
+        "severity":{
+          "shape":"Severity",
+          "documentation":"<p>The severity of the finding.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the finding.</p>"
+        },
+        "title":{
+          "shape":"Title",
+          "documentation":"<p>The title of the finding.</p>"
+        },
+        "type":{
+          "shape":"Type",
+          "documentation":"<p>The type of the finding.</p>"
+        },
+        "updatedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time the finding was last updated at.</p>"
+        }
+      },
+      "documentation":"<p>The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.</p>"
+    },
+    "EnhancedImageScanFindingList":{
+      "type":"list",
+      "member":{"shape":"EnhancedImageScanFinding"}
+    },
+    "Epoch":{"type":"integer"},
     "EvaluationTimestamp":{"type":"timestamp"},
     "ExceptionMessage":{"type":"string"},
     "ExpirationTimestamp":{"type":"timestamp"},
+    "FilePath":{"type":"string"},
+    "FindingArn":{"type":"string"},
     "FindingDescription":{"type":"string"},
     "FindingName":{"type":"string"},
     "FindingSeverity":{
@@ -1381,6 +1799,24 @@
         }
       }
     },
+    "GetRegistryScanningConfigurationRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetRegistryScanningConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The ID of the registry.</p>"
+        },
+        "scanningConfiguration":{
+          "shape":"RegistryScanningConfiguration",
+          "documentation":"<p>The scanning configuration for the registry.</p>"
+        }
+      }
+    },
     "GetRepositoryPolicyRequest":{
       "type":"structure",
       "required":["repositoryName"],
@@ -1597,7 +2033,7 @@
         },
         "registryId":{
           "shape":"RegistryId",
-          "documentation":"<p>The AWS account ID associated with the registry to which the image belongs.</p>"
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry to which the image belongs.</p>"
         },
         "status":{
           "shape":"ReplicationStatus",
@@ -1655,13 +2091,17 @@
           "shape":"VulnerabilitySourceUpdateTimestamp",
           "documentation":"<p>The time when the vulnerability data was last scanned.</p>"
         },
+        "findingSeverityCounts":{
+          "shape":"FindingSeverityCounts",
+          "documentation":"<p>The image vulnerability counts, sorted by severity.</p>"
+        },
         "findings":{
           "shape":"ImageScanFindingList",
           "documentation":"<p>The findings from the image scan.</p>"
         },
-        "findingSeverityCounts":{
-          "shape":"FindingSeverityCounts",
-          "documentation":"<p>The image vulnerability counts, sorted by severity.</p>"
+        "enhancedFindings":{
+          "shape":"EnhancedImageScanFindingList",
+          "documentation":"<p>Details about the enhanced scan findings from Amazon Inspector.</p>"
         }
       },
       "documentation":"<p>The details of an image scan.</p>"
@@ -1733,6 +2173,10 @@
         "IMMUTABLE"
       ]
     },
+    "ImageTagsList":{
+      "type":"list",
+      "member":{"shape":"ImageTag"}
+    },
     "InitiateLayerUploadRequest":{
       "type":"structure",
       "required":["repositoryName"],
@@ -2156,12 +2600,115 @@
       "max":100,
       "min":1
     },
+    "Metric":{"type":"string"},
     "NextToken":{"type":"string"},
+    "PackageManager":{"type":"string"},
+    "PackageVulnerabilityDetails":{
+      "type":"structure",
+      "members":{
+        "cvss":{
+          "shape":"CvssScoreList",
+          "documentation":"<p>An object that contains details about the CVSS score of a finding.</p>"
+        },
+        "referenceUrls":{
+          "shape":"ReferenceUrlsList",
+          "documentation":"<p>One or more URLs that contain details about this vulnerability type.</p>"
+        },
+        "relatedVulnerabilities":{
+          "shape":"RelatedVulnerabilitiesList",
+          "documentation":"<p>One or more vulnerabilities related to the one identified in this finding.</p>"
+        },
+        "source":{
+          "shape":"Source",
+          "documentation":"<p>The source of the vulnerability information.</p>"
+        },
+        "sourceUrl":{
+          "shape":"Url",
+          "documentation":"<p>A URL to the source of the vulnerability information.</p>"
+        },
+        "vendorCreatedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time that this vulnerability was first added to the vendor's database.</p>"
+        },
+        "vendorSeverity":{
+          "shape":"Severity",
+          "documentation":"<p>The severity the vendor has given to this vulnerability type.</p>"
+        },
+        "vendorUpdatedAt":{
+          "shape":"Date",
+          "documentation":"<p>The date and time the vendor last updated this vulnerability in their database.</p>"
+        },
+        "vulnerabilityId":{
+          "shape":"VulnerabilityId",
+          "documentation":"<p>The ID given to this vulnerability.</p>"
+        },
+        "vulnerablePackages":{
+          "shape":"VulnerablePackagesList",
+          "documentation":"<p>The packages impacted by this vulnerability.</p>"
+        }
+      },
+      "documentation":"<p>Information about a package vulnerability finding.</p>"
+    },
     "PartSize":{
       "type":"long",
       "min":0
     },
+    "Platform":{"type":"string"},
     "ProxyEndpoint":{"type":"string"},
+    "PullThroughCacheRule":{
+      "type":"structure",
+      "members":{
+        "ecrRepositoryPrefix":{
+          "shape":"PullThroughCacheRuleRepositoryPrefix",
+          "documentation":"<p>The Amazon ECR repository prefix associated with the pull through cache rule.</p>"
+        },
+        "upstreamRegistryUrl":{
+          "shape":"Url",
+          "documentation":"<p>The upstream registry URL associated with the pull through cache rule.</p>"
+        },
+        "createdAt":{
+          "shape":"CreationTimestamp",
+          "documentation":"<p>The date and time the pull through cache was created.</p>"
+        },
+        "registryId":{
+          "shape":"RegistryId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.</p>"
+        }
+      },
+      "documentation":"<p>The details of a pull through cache rule.</p>"
+    },
+    "PullThroughCacheRuleAlreadyExistsException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"}
+      },
+      "documentation":"<p>A pull through cache rule with these settings already exists for the private registry.</p>",
+      "exception":true
+    },
+    "PullThroughCacheRuleList":{
+      "type":"list",
+      "member":{"shape":"PullThroughCacheRule"}
+    },
+    "PullThroughCacheRuleNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"}
+      },
+      "documentation":"<p>The pull through cache rule was not found. Specify a valid pull through cache rule and try again.</p>",
+      "exception":true
+    },
+    "PullThroughCacheRuleRepositoryPrefix":{
+      "type":"string",
+      "max":20,
+      "min":2,
+      "pattern":"[a-z0-9]+(?:[._-][a-z0-9]+)*"
+    },
+    "PullThroughCacheRuleRepositoryPrefixList":{
+      "type":"list",
+      "member":{"shape":"PullThroughCacheRuleRepositoryPrefix"},
+      "max":100,
+      "min":1
+    },
     "PushTimestamp":{"type":"timestamp"},
     "PutImageRequest":{
       "type":"structure",
@@ -2342,6 +2889,28 @@
         }
       }
     },
+    "PutRegistryScanningConfigurationRequest":{
+      "type":"structure",
+      "members":{
+        "scanType":{
+          "shape":"ScanType",
+          "documentation":"<p>The scanning type to set for the registry.</p> <p>By default, the <code>BASIC</code> scan type is used. When basic scanning is set, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed. Alternatively, you can do manual scans of images with basic scanning.</p> <p>When the <code>ENHANCED</code> scan type is set, Amazon Inspector provides automated, continuous scanning of all repositories in your registry.</p>"
+        },
+        "rules":{
+          "shape":"RegistryScanningRuleList",
+          "documentation":"<p>The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.</p>"
+        }
+      }
+    },
+    "PutRegistryScanningConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "registryScanningConfiguration":{
+          "shape":"RegistryScanningConfiguration",
+          "documentation":"<p>The scanning configuration for your registry.</p>"
+        }
+      }
+    },
     "PutReplicationConfigurationRequest":{
       "type":"structure",
       "required":["replicationConfiguration"],
@@ -2361,6 +2930,26 @@
         }
       }
     },
+    "Reason":{"type":"string"},
+    "Recommendation":{
+      "type":"structure",
+      "members":{
+        "url":{
+          "shape":"Url",
+          "documentation":"<p>The URL address to the CVE remediation recommendations.</p>"
+        },
+        "text":{
+          "shape":"RecommendationText",
+          "documentation":"<p>The recommended course of action to remediate the finding.</p>"
+        }
+      },
+      "documentation":"<p>Details about the recommended course of action to remediate the finding.</p>"
+    },
+    "RecommendationText":{"type":"string"},
+    "ReferenceUrlsList":{
+      "type":"list",
+      "member":{"shape":"Url"}
+    },
     "ReferencedImagesNotFoundException":{
       "type":"structure",
       "members":{
@@ -2392,6 +2981,60 @@
       "max":10240,
       "min":0
     },
+    "RegistryScanningConfiguration":{
+      "type":"structure",
+      "members":{
+        "scanType":{
+          "shape":"ScanType",
+          "documentation":"<p>The type of scanning configured for the registry.</p>"
+        },
+        "rules":{
+          "shape":"RegistryScanningRuleList",
+          "documentation":"<p>The scanning rules associated with the registry.</p>"
+        }
+      },
+      "documentation":"<p>The scanning configuration for a private registry.</p>"
+    },
+    "RegistryScanningRule":{
+      "type":"structure",
+      "required":[
+        "scanFrequency",
+        "repositoryFilters"
+      ],
+      "members":{
+        "scanFrequency":{
+          "shape":"ScanFrequency",
+          "documentation":"<p>The frequency that scans are performed at for a private registry.</p>"
+        },
+        "repositoryFilters":{
+          "shape":"ScanningRepositoryFilterList",
+          "documentation":"<p>The repository filters associated with the scanning configuration for a private registry.</p>"
+        }
+      },
+      "documentation":"<p>The details of a scanning rule for a private registry.</p>"
+    },
+    "RegistryScanningRuleList":{
+      "type":"list",
+      "member":{"shape":"RegistryScanningRule"},
+      "max":2,
+      "min":0
+    },
+    "RelatedVulnerabilitiesList":{
+      "type":"list",
+      "member":{"shape":"RelatedVulnerability"}
+    },
+    "RelatedVulnerability":{"type":"string"},
+    "Release":{"type":"string"},
+    "Remediation":{
+      "type":"structure",
+      "members":{
+        "recommendation":{
+          "shape":"Recommendation",
+          "documentation":"<p>An object that contains information about the recommended course of action to remediate the finding.</p>"
+        }
+      },
+      "documentation":"<p>Information on how to remediate a finding.</p>"
+    },
     "ReplicationConfiguration":{
       "type":"structure",
       "required":["rules"],
@@ -2591,6 +3234,103 @@
       "max":10240,
       "min":0
     },
+    "RepositoryScanningConfiguration":{
+      "type":"structure",
+      "members":{
+        "repositoryArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the repository.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository.</p>"
+        },
+        "scanOnPush":{
+          "shape":"ScanOnPushFlag",
+          "documentation":"<p>Whether or not scan on push is configured for the repository.</p>"
+        },
+        "scanFrequency":{
+          "shape":"ScanFrequency",
+          "documentation":"<p>The scan frequency for the repository.</p>"
+        },
+        "appliedScanFilters":{
+          "shape":"ScanningRepositoryFilterList",
+          "documentation":"<p>The scan filters applied to the repository.</p>"
+        }
+      },
+      "documentation":"<p>The details of the scanning configuration for a repository.</p>"
+    },
+    "RepositoryScanningConfigurationFailure":{
+      "type":"structure",
+      "members":{
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository.</p>"
+        },
+        "failureCode":{
+          "shape":"ScanningConfigurationFailureCode",
+          "documentation":"<p>The failure code.</p>"
+        },
+        "failureReason":{
+          "shape":"ScanningConfigurationFailureReason",
+          "documentation":"<p>The reason for the failure.</p>"
+        }
+      },
+      "documentation":"<p>The details about any failures associated with the scanning configuration of a repository.</p>"
+    },
+    "RepositoryScanningConfigurationFailureList":{
+      "type":"list",
+      "member":{"shape":"RepositoryScanningConfigurationFailure"}
+    },
+    "RepositoryScanningConfigurationList":{
+      "type":"list",
+      "member":{"shape":"RepositoryScanningConfiguration"}
+    },
+    "Resource":{
+      "type":"structure",
+      "members":{
+        "details":{
+          "shape":"ResourceDetails",
+          "documentation":"<p>An object that contains details about the resource involved in a finding.</p>"
+        },
+        "id":{
+          "shape":"ResourceId",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "tags":{
+          "shape":"Tags",
+          "documentation":"<p>The tags attached to the resource.</p>"
+        },
+        "type":{
+          "shape":"Type",
+          "documentation":"<p>The type of resource.</p>"
+        }
+      },
+      "documentation":"<p>Details about the resource involved in a finding.</p>"
+    },
+    "ResourceDetails":{
+      "type":"structure",
+      "members":{
+        "awsEcrContainerImage":{
+          "shape":"AwsEcrContainerImageDetails",
+          "documentation":"<p>An object that contains details about the Amazon ECR container image involved in the finding.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about the resource involved in the finding.</p>"
+    },
+    "ResourceId":{"type":"string"},
+    "ResourceList":{
+      "type":"list",
+      "member":{"shape":"Resource"}
+    },
+    "ScanFrequency":{
+      "type":"string",
+      "enum":[
+        "SCAN_ON_PUSH",
+        "CONTINUOUS_SCAN",
+        "MANUAL"
+      ]
+    },
     "ScanNotFoundException":{
       "type":"structure",
       "members":{
@@ -2605,11 +3345,80 @@
       "enum":[
         "IN_PROGRESS",
         "COMPLETE",
-        "FAILED"
+        "FAILED",
+        "UNSUPPORTED_IMAGE",
+        "ACTIVE",
+        "PENDING",
+        "SCAN_ELIGIBILITY_EXPIRED",
+        "FINDINGS_UNAVAILABLE"
       ]
     },
     "ScanStatusDescription":{"type":"string"},
     "ScanTimestamp":{"type":"timestamp"},
+    "ScanType":{
+      "type":"string",
+      "enum":[
+        "BASIC",
+        "ENHANCED"
+      ]
+    },
+    "ScanningConfigurationFailureCode":{
+      "type":"string",
+      "enum":["REPOSITORY_NOT_FOUND"]
+    },
+    "ScanningConfigurationFailureReason":{"type":"string"},
+    "ScanningConfigurationRepositoryNameList":{
+      "type":"list",
+      "member":{"shape":"RepositoryName"},
+      "max":25,
+      "min":1
+    },
+    "ScanningRepositoryFilter":{
+      "type":"structure",
+      "required":[
+        "filter",
+        "filterType"
+      ],
+      "members":{
+        "filter":{
+          "shape":"ScanningRepositoryFilterValue",
+          "documentation":"<p>The filter to use when scanning.</p>"
+        },
+        "filterType":{
+          "shape":"ScanningRepositoryFilterType",
+          "documentation":"<p>The type associated with the filter.</p>"
+        }
+      },
+      "documentation":"<p>The details of a scanning repository filter.</p>"
+    },
+    "ScanningRepositoryFilterList":{
+      "type":"list",
+      "member":{"shape":"ScanningRepositoryFilter"},
+      "max":100,
+      "min":0
+    },
+    "ScanningRepositoryFilterType":{
+      "type":"string",
+      "enum":["WILDCARD"]
+    },
+    "ScanningRepositoryFilterValue":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^[a-z0-9*](?:[._\\-/a-z0-9*]?[a-z0-9*]+)*$"
+    },
+    "Score":{"type":"double"},
+    "ScoreDetails":{
+      "type":"structure",
+      "members":{
+        "cvss":{
+          "shape":"CvssScoreDetails",
+          "documentation":"<p>An object that contains details about the CVSS score given to a finding.</p>"
+        }
+      },
+      "documentation":"<p>Information about the Amazon Inspector score given to a finding.</p>"
+    },
+    "ScoringVector":{"type":"string"},
     "ServerException":{
       "type":"structure",
       "members":{
@@ -2664,10 +3473,13 @@
         }
       }
     },
+    "Severity":{"type":"string"},
     "SeverityCount":{
       "type":"integer",
       "min":0
     },
+    "Source":{"type":"string"},
+    "SourceLayerHash":{"type":"string"},
     "StartImageScanRequest":{
       "type":"structure",
       "required":[
@@ -2743,6 +3555,7 @@
         }
       }
     },
+    "Status":{"type":"string"},
     "Tag":{
       "type":"structure",
       "members":{
@@ -2797,6 +3610,12 @@
       ]
     },
     "TagValue":{"type":"string"},
+    "Tags":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"}
+    },
+    "Title":{"type":"string"},
     "TooManyTagsException":{
       "type":"structure",
       "members":{
@@ -2805,6 +3624,7 @@
       "documentation":"<p>The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.</p>",
       "exception":true
     },
+    "Type":{"type":"string"},
     "UnsupportedImageTypeException":{
       "type":"structure",
       "members":{
@@ -2813,6 +3633,14 @@
       "documentation":"<p>The image is of a type that cannot be scanned.</p>",
       "exception":true
     },
+    "UnsupportedUpstreamRegistryException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"}
+      },
+      "documentation":"<p>The specified upstream registry isn't supported.</p>",
+      "exception":true
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -2916,7 +3744,52 @@
       "documentation":"<p>There was an exception validating this request.</p>",
       "exception":true
     },
-    "VulnerabilitySourceUpdateTimestamp":{"type":"timestamp"}
+    "Version":{"type":"string"},
+    "VulnerabilityId":{"type":"string"},
+    "VulnerabilitySourceUpdateTimestamp":{"type":"timestamp"},
+    "VulnerablePackage":{
+      "type":"structure",
+      "members":{
+        "arch":{
+          "shape":"Arch",
+          "documentation":"<p>The architecture of the vulnerable package.</p>"
+        },
+        "epoch":{
+          "shape":"Epoch",
+          "documentation":"<p>The epoch of the vulnerable package.</p>"
+        },
+        "filePath":{
+          "shape":"FilePath",
+          "documentation":"<p>The file path of the vulnerable package.</p>"
+        },
+        "name":{
+          "shape":"VulnerablePackageName",
+          "documentation":"<p>The name of the vulnerable package.</p>"
+        },
+        "packageManager":{
+          "shape":"PackageManager",
+          "documentation":"<p>The package manager of the vulnerable package.</p>"
+        },
+        "release":{
+          "shape":"Release",
+          "documentation":"<p>The release of the vulnerable package.</p>"
+        },
+        "sourceLayerHash":{
+          "shape":"SourceLayerHash",
+          "documentation":"<p>The source layer hash of the vulnerable package.</p>"
+        },
+        "version":{
+          "shape":"Version",
+          "documentation":"<p>The version of the vulnerable package.</p>"
+        }
+      },
+      "documentation":"<p>Information on the vulnerable package identified by a finding.</p>"
+    },
+    "VulnerablePackageName":{"type":"string"},
+    "VulnerablePackagesList":{
+      "type":"list",
+      "member":{"shape":"VulnerablePackage"}
+    }
   },
   "documentation":"<fullname>Amazon Elastic Container Registry</fullname> <p>Amazon Elastic Container Registry (Amazon ECR) is a managed container image registry service. Customers can use the familiar Docker CLI, or their preferred client, to push, pull, and manage images. Amazon ECR provides a secure, scalable, and reliable registry for your Docker or Open Container Initiative (OCI) images. Amazon ECR supports private repositories with resource-based permissions using IAM so that specific users or Amazon EC2 instances can access repositories and images.</p> <p>Amazon ECR has service endpoints in each supported Region. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/ecr.html\">Amazon ECR endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ecs/2014-11-13/service-2.json b/contrib/python/botocore/py3/botocore/data/ecs/2014-11-13/service-2.json
index 45d5dc6cce7..c1285d3e205 100644
--- a/contrib/python/botocore/py3/botocore/data/ecs/2014-11-13/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ecs/2014-11-13/service-2.json
@@ -28,7 +28,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"UpdateInProgressException"}
       ],
-      "documentation":"<p>Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.</p> <p>Only capacity providers using an Auto Scaling group can be created. Amazon ECS tasks on Fargate use the <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers which are already created and available to all accounts in Regions supported by Fargate.</p>"
+      "documentation":"<p>Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.</p> <p>Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on Fargate use the <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers. These providers are available to all accounts in the Amazon Web Services Regions that Fargate supports.</p>"
     },
     "CreateCluster":{
       "name":"CreateCluster",
@@ -43,7 +43,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Creates a new Amazon ECS cluster. By default, your account receives a <code>default</code> cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the <code>CreateCluster</code> action.</p> <note> <p>When you call the <a>CreateCluster</a> API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account so that required resources in other Amazon Web Services services can be managed on your behalf. However, if the IAM user that makes the call does not have permissions to create the service-linked role, it is not created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using Service-Linked Roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note>"
+      "documentation":"<p>Creates a new Amazon ECS cluster. By default, your account receives a <code>default</code> cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the <code>CreateCluster</code> action.</p> <note> <p>When you call the <a>CreateCluster</a> API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account. This is so that it can manage required resources in other Amazon Web Services services on your behalf. However, if the IAM user that makes the call doesn't have permissions to create the service-linked role, it isn't created. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using Service-Linked Roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note>"
     },
     "CreateService":{
       "name":"CreateService",
@@ -63,7 +63,7 @@
         {"shape":"PlatformTaskDefinitionIncompatibilityException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Runs and maintains a desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the <code>desiredCount</code>, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, see the UpdateService action.</p> <p>In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html\">Service Load Balancing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>Tasks for services that <i>do not</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state. Tasks for services that <i>do</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and the container instance that they're hosted on is reported as healthy by the load balancer.</p> <p>There are two service scheduler strategies available:</p> <ul> <li> <p> <code>REPLICA</code> - The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Service Scheduler Concepts</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> <li> <p> <code>DAEMON</code> - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that do not meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Service Scheduler Concepts</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> </ul> <p>You can optionally specify a deployment configuration for your service. The deployment is triggered by changing properties, such as the task definition or the desired count of a service, with an <a>UpdateService</a> operation. The default value for a replica service for <code>minimumHealthyPercent</code> is 100%. The default value for a daemon service for <code>minimumHealthyPercent</code> is 0%.</p> <p>If a service is using the <code>ECS</code> deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the <code>RUNNING</code> state during a deployment, as a percentage of the desired number of tasks (rounded up to the nearest integer), and while any container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. Tasks for services that <i>do not</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state. Tasks for services that <i>do</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and they're reported as healthy by the load balancer. The default value for minimum healthy percent is 100%.</p> <p>If a service is using the <code>ECS</code> deployment controller, the <b>maximum percent</b> parameter represents an upper limit on the number of tasks in a service that are allowed in the <code>RUNNING</code> or <code>PENDING</code> state during a deployment, as a percentage of the desired number of tasks (rounded down to the nearest integer), and while any container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. This parameter enables you to define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.</p> <p>If a service is using either the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types and tasks that use the EC2 launch type, the <b>minimum healthy percent</b> and <b>maximum percent</b> values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the <code>RUNNING</code> state while the container instances are in the <code>DRAINING</code> state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used, although they're currently visible when describing your service.</p> <p>When creating a service that uses the <code>EXTERNAL</code> deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the <a>CreateTaskSet</a> operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html\">Amazon ECS Deployment Types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When the service scheduler launches new tasks, it determines task placement in your cluster using the following logic:</p> <ul> <li> <p>Determine which of the container instances in your cluster can support your service's task definition (for example, they have the required CPU, memory, ports, and container instance attributes).</p> </li> <li> <p>By default, the service scheduler attempts to balance tasks across Availability Zones in this manner (although you can choose a different placement strategy) with the <code>placementStrategy</code> parameter):</p> <ul> <li> <p>Sort the valid container instances, giving priority to instances that have the fewest number of running tasks for this service in their respective Availability Zone. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.</p> </li> <li> <p>Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.</p> </li> </ul> </li> </ul>"
+      "documentation":"<p>Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the <code>desiredCount</code>, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, see the UpdateService action.</p> <p>In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html\">Service Load Balancing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>Tasks for services that don't use a load balancer are considered healthy if they're in the <code>RUNNING</code> state. Tasks for services that use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and the container instance that they're hosted on is reported as healthy by the load balancer.</p> <p>There are two service scheduler strategies available:</p> <ul> <li> <p> <code>REPLICA</code> - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Service Scheduler Concepts</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> <li> <p> <code>DAEMON</code> - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Service Scheduler Concepts</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> </ul> <p>You can optionally specify a deployment configuration for your service. The deployment is initiated by changing properties. For example, the deployment might be initiated by the task definition or by your desired count of a service. This is done with an <a>UpdateService</a> operation. The default value for a replica service for <code>minimumHealthyPercent</code> is 100%. The default value for a daemon service for <code>minimumHealthyPercent</code> is 0%.</p> <p>If a service uses the <code>ECS</code> deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the <code>RUNNING</code> state during a deployment. Specifically, it represents it as a percentage of your desired number of tasks (rounded up to the nearest integer). This happens when any of your container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. Using this parameter, you can deploy without using additional cluster capacity. For example, if you set your service to have desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. If they're in the <code>RUNNING</code> state, tasks for services that don't use a load balancer are considered healthy . If they're in the <code>RUNNING</code> state and reported as healthy by the load balancer, tasks for services that <i>do</i> use a load balancer are considered healthy . The default value for minimum healthy percent is 100%.</p> <p>If a service uses the <code>ECS</code> deployment controller, the <b>maximum percent</b> parameter represents an upper limit on the number of tasks in a service that are allowed in the <code>RUNNING</code> or <code>PENDING</code> state during a deployment. Specifically, it represents it as a percentage of the desired number of tasks (rounded down to the nearest integer). This happens when any of your container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. Using this parameter, you can define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.</p> <p>If a service uses either the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types and tasks that use the EC2 launch type, the <b>minimum healthy percent</b> and <b>maximum percent</b> values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the <code>RUNNING</code> state. This is while the container instances are in the <code>DRAINING</code> state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used. This is the case even if they're currently visible when describing your service.</p> <p>When creating a service that uses the <code>EXTERNAL</code> deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the <a>CreateTaskSet</a> operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html\">Amazon ECS Deployment Types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When the service scheduler launches new tasks, it determines task placement in your cluster using the following logic:</p> <ul> <li> <p>Determine which of the container instances in your cluster can support the task definition of your service. For example, they have the required CPU, memory, ports, and container instance attributes.</p> </li> <li> <p>By default, the service scheduler attempts to balance tasks across Availability Zones in this manner. This is the case even if you can choose a different placement strategy with the <code>placementStrategy</code> parameter.</p> <ul> <li> <p>Sort the valid container instances, giving priority to instances that have the fewest number of running tasks for this service in their respective Availability Zone. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.</p> </li> <li> <p>Place the new service task on a valid container instance in an optimal Availability Zone based on the previous steps, favoring container instances with the fewest number of running tasks for this service.</p> </li> </ul> </li> </ul>"
     },
     "CreateTaskSet":{
       "name":"CreateTaskSet",
@@ -130,7 +130,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Deletes the specified capacity provider.</p> <note> <p>The <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers are reserved and cannot be deleted. You can disassociate them from a cluster using either the <a>PutClusterCapacityProviders</a> API or by deleting the cluster.</p> </note> <p>Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The <a>UpdateService</a> API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the <code>forceNewDeployment</code> option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that are not associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use <a>PutClusterCapacityProviders</a> or delete the cluster.</p>"
+      "documentation":"<p>Deletes the specified capacity provider.</p> <note> <p>The <code>FARGATE</code> and <code>FARGATE_SPOT</code> capacity providers are reserved and can't be deleted. You can disassociate them from a cluster using either the <a>PutClusterCapacityProviders</a> API or by deleting the cluster.</p> </note> <p>Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The <a>UpdateService</a> API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the <code>forceNewDeployment</code> option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that aren't associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use <a>PutClusterCapacityProviders</a> or delete the cluster.</p>"
     },
     "DeleteCluster":{
       "name":"DeleteCluster",
@@ -150,7 +150,7 @@
         {"shape":"ClusterContainsTasksException"},
         {"shape":"UpdateInProgressException"}
       ],
-      "documentation":"<p>Deletes the specified cluster. The cluster will transition to the <code>INACTIVE</code> state. Clusters with an <code>INACTIVE</code> status may remain discoverable in your account for a period of time. However, this behavior is subject to change in the future, so you should not rely on <code>INACTIVE</code> clusters persisting.</p> <p>You must deregister all container instances from this cluster before you may delete it. You can list the container instances in a cluster with <a>ListContainerInstances</a> and deregister them with <a>DeregisterContainerInstance</a>.</p>"
+      "documentation":"<p>Deletes the specified cluster. The cluster transitions to the <code>INACTIVE</code> state. Clusters with an <code>INACTIVE</code> status might remain discoverable in your account for a period of time. However, this behavior is subject to change in the future. We don't recommend that you rely on <code>INACTIVE</code> clusters persisting.</p> <p>You must deregister all container instances from this cluster before you may delete it. You can list the container instances in a cluster with <a>ListContainerInstances</a> and deregister them with <a>DeregisterContainerInstance</a>.</p>"
     },
     "DeleteService":{
       "name":"DeleteService",
@@ -167,7 +167,7 @@
         {"shape":"ClusterNotFoundException"},
         {"shape":"ServiceNotFoundException"}
       ],
-      "documentation":"<p>Deletes a specified service within a cluster. You can delete a service if you have no running tasks in it and the desired task count is zero. If the service is actively maintaining tasks, you cannot delete it, and you must update the service to a desired task count of zero. For more information, see <a>UpdateService</a>.</p> <note> <p>When you delete a service, if there are still running tasks that require cleanup, the service status moves from <code>ACTIVE</code> to <code>DRAINING</code>, and the service is no longer visible in the console or in the <a>ListServices</a> API operation. After all tasks have transitioned to either <code>STOPPING</code> or <code>STOPPED</code> status, the service status moves from <code>DRAINING</code> to <code>INACTIVE</code>. Services in the <code>DRAINING</code> or <code>INACTIVE</code> status can still be viewed with the <a>DescribeServices</a> API operation. However, in the future, <code>INACTIVE</code> services may be cleaned up and purged from Amazon ECS record keeping, and <a>DescribeServices</a> calls on those services return a <code>ServiceNotFoundException</code> error.</p> </note> <important> <p>If you attempt to create a new service with the same name as an existing service in either <code>ACTIVE</code> or <code>DRAINING</code> status, you receive an error.</p> </important>"
+      "documentation":"<p>Deletes a specified service within a cluster. You can delete a service if you have no running tasks in it and the desired task count is zero. If the service is actively maintaining tasks, you can't delete it, and you must update the service to a desired task count of zero. For more information, see <a>UpdateService</a>.</p> <note> <p>When you delete a service, if there are still running tasks that require cleanup, the service status moves from <code>ACTIVE</code> to <code>DRAINING</code>, and the service is no longer visible in the console or in the <a>ListServices</a> API operation. After all tasks have transitioned to either <code>STOPPING</code> or <code>STOPPED</code> status, the service status moves from <code>DRAINING</code> to <code>INACTIVE</code>. Services in the <code>DRAINING</code> or <code>INACTIVE</code> status can still be viewed with the <a>DescribeServices</a> API operation. However, in the future, <code>INACTIVE</code> services may be cleaned up and purged from Amazon ECS record keeping, and <a>DescribeServices</a> calls on those services return a <code>ServiceNotFoundException</code> error.</p> </note> <important> <p>If you attempt to create a new service with the same name as an existing service in either <code>ACTIVE</code> or <code>DRAINING</code> status, you receive an error.</p> </important>"
     },
     "DeleteTaskSet":{
       "name":"DeleteTaskSet",
@@ -204,7 +204,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"ClusterNotFoundException"}
       ],
-      "documentation":"<p>Deregisters an Amazon ECS container instance from the specified cluster. This instance is no longer available to run tasks.</p> <p>If you intend to use the container instance for some other purpose after deregistration, you should stop all of the tasks running on the container instance before deregistration. That prevents any orphaned tasks from consuming resources.</p> <p>Deregistering a container instance removes the instance from a cluster, but it does not terminate the EC2 instance. If you are finished using the instance, be sure to terminate it in the Amazon EC2 console to stop billing.</p> <note> <p>If you terminate a running container instance, Amazon ECS automatically deregisters the instance from your cluster (stopped container instances or instances with disconnected agents are not automatically deregistered when terminated).</p> </note>"
+      "documentation":"<p>Deregisters an Amazon ECS container instance from the specified cluster. This instance is no longer available to run tasks.</p> <p>If you intend to use the container instance for some other purpose after deregistration, we recommend that you stop all of the tasks running on the container instance before deregistration. That prevents any orphaned tasks from consuming resources.</p> <p>Deregistering a container instance removes the instance from a cluster, but it doesn't terminate the EC2 instance. If you are finished using the instance, be sure to terminate it in the Amazon EC2 console to stop billing.</p> <note> <p>If you terminate a running container instance, Amazon ECS automatically deregisters the instance from your cluster (stopped container instances or instances with disconnected agents aren't automatically deregistered when terminated).</p> </note>"
     },
     "DeregisterTaskDefinition":{
       "name":"DeregisterTaskDefinition",
@@ -219,7 +219,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Deregisters the specified task definition by family and revision. Upon deregistration, the task definition is marked as <code>INACTIVE</code>. Existing tasks and services that reference an <code>INACTIVE</code> task definition continue to run without disruption. Existing services that reference an <code>INACTIVE</code> task definition can still scale up or down by modifying the service's desired count.</p> <p>You cannot use an <code>INACTIVE</code> task definition to run new tasks or create new services, and you cannot update an existing service to reference an <code>INACTIVE</code> task definition. However, there may be up to a 10-minute window following deregistration where these restrictions have not yet taken effect.</p> <note> <p>At this time, <code>INACTIVE</code> task definitions remain discoverable in your account indefinitely. However, this behavior is subject to change in the future, so you should not rely on <code>INACTIVE</code> task definitions persisting beyond the lifecycle of any associated tasks and services.</p> </note>"
+      "documentation":"<p>Deregisters the specified task definition by family and revision. Upon deregistration, the task definition is marked as <code>INACTIVE</code>. Existing tasks and services that reference an <code>INACTIVE</code> task definition continue to run without disruption. Existing services that reference an <code>INACTIVE</code> task definition can still scale up or down by modifying the service's desired count.</p> <p>You can't use an <code>INACTIVE</code> task definition to run new tasks or create new services, and you can't update an existing service to reference an <code>INACTIVE</code> task definition. However, there may be up to a 10-minute window following deregistration where these restrictions have not yet taken effect.</p> <note> <p>At this time, <code>INACTIVE</code> task definitions remain discoverable in your account indefinitely. However, this behavior is subject to change in the future. We don't recommend that you rely on <code>INACTIVE</code> task definitions persisting beyond the lifecycle of any associated tasks and services.</p> </note>"
     },
     "DescribeCapacityProviders":{
       "name":"DescribeCapacityProviders",
@@ -393,7 +393,7 @@
         {"shape":"ClusterNotFoundException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Lists the attributes for Amazon ECS resources within a specified target type and cluster. When you specify a target type and cluster, <code>ListAttributes</code> returns a list of attribute objects, one for each attribute on each resource. You can filter the list of results to a single attribute name to only return results that have that name. You can also filter the results by attribute name and value, for example, to see which container instances in a cluster are running a Linux AMI (<code>ecs.os-type=linux</code>). </p>"
+      "documentation":"<p>Lists the attributes for Amazon ECS resources within a specified target type and cluster. When you specify a target type and cluster, <code>ListAttributes</code> returns a list of attribute objects, one for each attribute on each resource. You can filter the list of results to a single attribute name to only return results that have that name. You can also filter the results by attribute name and value. You can do this, for example, to see which container instances in a cluster are running a Linux AMI (<code>ecs.os-type=linux</code>). </p>"
     },
     "ListClusters":{
       "name":"ListClusters",
@@ -471,7 +471,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Returns a list of task definition families that are registered to your account (which may include task definition families that no longer have any <code>ACTIVE</code> task definition revisions).</p> <p>You can filter out task definition families that do not contain any <code>ACTIVE</code> task definition revisions by setting the <code>status</code> parameter to <code>ACTIVE</code>. You can also filter the results with the <code>familyPrefix</code> parameter.</p>"
+      "documentation":"<p>Returns a list of task definition families that are registered to your account. This list includes task definition families that no longer have any <code>ACTIVE</code> task definition revisions.</p> <p>You can filter out task definition families that don't contain any <code>ACTIVE</code> task definition revisions by setting the <code>status</code> parameter to <code>ACTIVE</code>. You can also filter the results with the <code>familyPrefix</code> parameter.</p>"
     },
     "ListTaskDefinitions":{
       "name":"ListTaskDefinitions",
@@ -518,7 +518,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Modifies an account setting. Account settings are set on a per-Region basis.</p> <p>If you change the account setting for the root user, the default settings for all of the IAM users and roles for which no individual account setting has been specified are reset. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html\">Account Settings</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When <code>serviceLongArnFormat</code>, <code>taskLongArnFormat</code>, or <code>containerInstanceLongArnFormat</code> are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified IAM user, IAM role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource will be defined by the opt-in status of the IAM user or role that created the resource. You must enable this setting to use Amazon ECS features such as resource tagging.</p> <p>When <code>awsvpcTrunking</code> is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If <code>awsvpcTrunking</code> is enabled, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html\">Elastic Network Interface Trunking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When <code>containerInsights</code> is specified, the default setting indicating whether CloudWatch Container Insights is enabled for your clusters is changed. If <code>containerInsights</code> is enabled, any new clusters that are created will have Container Insights enabled unless you disable it during cluster creation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html\">CloudWatch Container Insights</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>Modifies an account setting. Account settings are set on a per-Region basis.</p> <p>If you change the account setting for the root user, the default settings for all of the IAM users and roles that no individual account setting was specified are reset for. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html\">Account Settings</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When <code>serviceLongArnFormat</code>, <code>taskLongArnFormat</code>, or <code>containerInstanceLongArnFormat</code> are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified IAM user, IAM role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the IAM user or role that created the resource. You must enable this setting to use Amazon ECS features such as resource tagging.</p> <p>When <code>awsvpcTrunking</code> is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If <code>awsvpcTrunking</code> is enabled, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-eni.html\">Elastic Network Interface Trunking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>When <code>containerInsights</code> is specified, the default setting indicating whether CloudWatch Container Insights is enabled for your clusters is changed. If <code>containerInsights</code> is enabled, any new clusters that are created will have Container Insights enabled unless you disable it during cluster creation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html\">CloudWatch Container Insights</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "PutAccountSettingDefault":{
       "name":"PutAccountSettingDefault",
@@ -549,7 +549,7 @@
         {"shape":"AttributeLimitExceededException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Create or update an attribute on an Amazon ECS resource. If the attribute does not exist, it is created. If the attribute exists, its value is replaced with the specified value. To delete an attribute, use <a>DeleteAttributes</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>Create or update an attribute on an Amazon ECS resource. If the attribute doesn't exist, it's created. If the attribute exists, its value is replaced with the specified value. To delete an attribute, use <a>DeleteAttributes</a>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "PutClusterCapacityProviders":{
       "name":"PutClusterCapacityProviders",
@@ -567,7 +567,7 @@
         {"shape":"ResourceInUseException"},
         {"shape":"UpdateInProgressException"}
       ],
-      "documentation":"<p>Modifies the available capacity providers and the default capacity provider strategy for a cluster.</p> <p>You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers associated with a cluster that are omitted from a <a>PutClusterCapacityProviders</a> API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.</p> <p>When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. It is recommended to define a default capacity provider strategy for your cluster, however you may specify an empty array (<code>[]</code>) to bypass defining a default strategy.</p>"
+      "documentation":"<p>Modifies the available capacity providers and the default capacity provider strategy for a cluster.</p> <p>You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a <a>PutClusterCapacityProviders</a> API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.</p> <p>When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array (<code>[]</code>) to bypass defining a default strategy.</p>"
     },
     "RegisterContainerInstance":{
       "name":"RegisterContainerInstance",
@@ -597,7 +597,7 @@
         {"shape":"ClientException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Registers a new task definition from the supplied <code>family</code> and <code>containerDefinitions</code>. Optionally, you can add data volumes to your containers with the <code>volumes</code> parameter. For more information about task definition parameters and defaults, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html\">Amazon ECS Task Definitions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>You can specify an IAM role for your task with the <code>taskRoleArn</code> parameter. When you specify an IAM role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in the IAM policy associated with the role. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html\">IAM Roles for Tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>You can specify a Docker networking mode for the containers in your task definition with the <code>networkMode</code> parameter. The available network modes correspond to those described in <a href=\"https://docs.docker.com/engine/reference/run/#/network-settings\">Network settings</a> in the Docker run reference. If you specify the <code>awsvpc</code> network mode, the task is allocated an elastic network interface, and you must specify a <a>NetworkConfiguration</a> when you create a service or run a task with the task definition. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task Networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>Registers a new task definition from the supplied <code>family</code> and <code>containerDefinitions</code>. Optionally, you can add data volumes to your containers with the <code>volumes</code> parameter. For more information about task definition parameters and defaults, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html\">Amazon ECS Task Definitions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>You can specify an IAM role for your task with the <code>taskRoleArn</code> parameter. When you specify an IAM role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in the IAM policy that's associated with the role. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html\">IAM Roles for Tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>You can specify a Docker networking mode for the containers in your task definition with the <code>networkMode</code> parameter. The available network modes correspond to those described in <a href=\"https://docs.docker.com/engine/reference/run/#/network-settings\">Network settings</a> in the Docker run reference. If you specify the <code>awsvpc</code> network mode, the task is allocated an elastic network interface, and you must specify a <a>NetworkConfiguration</a> when you create a service or run a task with the task definition. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task Networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "RunTask":{
       "name":"RunTask",
@@ -618,7 +618,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"BlockedException"}
       ],
-      "documentation":"<p>Starts a new task using the specified task definition.</p> <p>You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/scheduling_tasks.html\">Scheduling Tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>Alternatively, you can use <a>StartTask</a> to use your own scheduler or place tasks manually on specific container instances.</p> <p>The Amazon ECS API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.</p> <p>To manage eventual consistency, you can do the following:</p> <ul> <li> <p>Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.</p> </li> <li> <p>Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.</p> </li> </ul>"
+      "documentation":"<p>Starts a new task using the specified task definition.</p> <p>You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/scheduling_tasks.html\">Scheduling Tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>Alternatively, you can use <a>StartTask</a> to use your own scheduler or place tasks manually on specific container instances.</p> <p>The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.</p> <p>To manage eventual consistency, you can do the following:</p> <ul> <li> <p>Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.</p> </li> <li> <p>Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.</p> </li> </ul>"
     },
     "StartTask":{
       "name":"StartTask",
@@ -714,7 +714,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Associates the specified tags to a resource with the specified <code>resourceArn</code>. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well.</p>"
+      "documentation":"<p>Associates the specified tags to a resource with the specified <code>resourceArn</code>. If existing tags on a resource aren't specified in the request parameters, they aren't changed. When a resource is deleted, the tags that are associated with that resource are deleted as well.</p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -797,7 +797,7 @@
         {"shape":"NoUpdateAvailableException"},
         {"shape":"MissingVersionException"}
       ],
-      "documentation":"<p>Updates the Amazon ECS container agent on a specified container instance. Updating the Amazon ECS container agent does not interrupt running tasks or services on the container instance. The process for updating the agent differs depending on whether your container instance was launched with the Amazon ECS-optimized AMI or another operating system.</p> <note> <p>The <code>UpdateContainerAgent</code> API isn't supported for container instances using the Amazon ECS-optimized Amazon Linux 2 (arm64) AMI. To update the container agent, you can update the <code>ecs-init</code> package which will update the agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/agent-update-ecs-ami.html\">Updating the Amazon ECS container agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note> <p>The <code>UpdateContainerAgent</code> API requires an Amazon ECS-optimized AMI or Amazon Linux AMI with the <code>ecs-init</code> service installed and running. For help updating the Amazon ECS container agent on other operating systems, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html#manually_update_agent\">Manually updating the Amazon ECS container agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>Updates the Amazon ECS container agent on a specified container instance. Updating the Amazon ECS container agent doesn't interrupt running tasks or services on the container instance. The process for updating the agent differs depending on whether your container instance was launched with the Amazon ECS-optimized AMI or another operating system.</p> <note> <p>The <code>UpdateContainerAgent</code> API isn't supported for container instances using the Amazon ECS-optimized Amazon Linux 2 (arm64) AMI. To update the container agent, you can update the <code>ecs-init</code> package. This updates the agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/agent-update-ecs-ami.html\">Updating the Amazon ECS container agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note> <p>The <code>UpdateContainerAgent</code> API requires an Amazon ECS-optimized AMI or Amazon Linux AMI with the <code>ecs-init</code> service installed and running. For help updating the Amazon ECS container agent on other operating systems, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html#manually_update_agent\">Manually updating the Amazon ECS container agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "UpdateContainerInstancesState":{
       "name":"UpdateContainerInstancesState",
@@ -813,7 +813,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"ClusterNotFoundException"}
       ],
-      "documentation":"<p>Modifies the status of an Amazon ECS container instance.</p> <p>Once a container instance has reached an <code>ACTIVE</code> state, you can change the status of a container instance to <code>DRAINING</code> to manually remove an instance from a cluster, for example to perform system updates, update the Docker daemon, or scale down the cluster size.</p> <important> <p>A container instance cannot be changed to <code>DRAINING</code> until it has reached an <code>ACTIVE</code> status. If the instance is in any other status, an error will be received.</p> </important> <p>When you set a container instance to <code>DRAINING</code>, Amazon ECS prevents new tasks from being scheduled for placement on the container instance and replacement service tasks are started on other container instances in the cluster if the resources are available. Service tasks on the container instance that are in the <code>PENDING</code> state are stopped immediately.</p> <p>Service tasks on the container instance that are in the <code>RUNNING</code> state are stopped and replaced according to the service's deployment configuration parameters, <code>minimumHealthyPercent</code> and <code>maximumPercent</code>. You can change the deployment configuration of your service using <a>UpdateService</a>.</p> <ul> <li> <p>If <code>minimumHealthyPercent</code> is below 100%, the scheduler can ignore <code>desiredCount</code> temporarily during task replacement. For example, <code>desiredCount</code> is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. If the minimum is 100%, the service scheduler can't remove existing tasks until the replacement tasks are considered healthy. Tasks for services that do not use a load balancer are considered healthy if they are in the <code>RUNNING</code> state. Tasks for services that use a load balancer are considered healthy if they are in the <code>RUNNING</code> state and the container instance they are hosted on is reported as healthy by the load balancer.</p> </li> <li> <p>The <code>maximumPercent</code> parameter represents an upper limit on the number of running tasks during task replacement, which enables you to define the replacement batch size. For example, if <code>desiredCount</code> is four tasks, a maximum of 200% starts four new tasks before stopping the four tasks to be drained, provided that the cluster resources required to do this are available. If the maximum is 100%, then replacement tasks can't start until the draining tasks have stopped.</p> </li> </ul> <p>Any <code>PENDING</code> or <code>RUNNING</code> tasks that do not belong to a service are not affected. You must wait for them to finish or stop them manually.</p> <p>A container instance has completed draining when it has no more <code>RUNNING</code> tasks. You can verify this using <a>ListTasks</a>.</p> <p>When a container instance has been drained, you can set a container instance to <code>ACTIVE</code> status and once it has reached that status the Amazon ECS scheduler can begin scheduling tasks on the instance again.</p>"
+      "documentation":"<p>Modifies the status of an Amazon ECS container instance.</p> <p>Once a container instance has reached an <code>ACTIVE</code> state, you can change the status of a container instance to <code>DRAINING</code> to manually remove an instance from a cluster, for example to perform system updates, update the Docker daemon, or scale down the cluster size.</p> <important> <p>A container instance can't be changed to <code>DRAINING</code> until it has reached an <code>ACTIVE</code> status. If the instance is in any other status, an error will be received.</p> </important> <p>When you set a container instance to <code>DRAINING</code>, Amazon ECS prevents new tasks from being scheduled for placement on the container instance and replacement service tasks are started on other container instances in the cluster if the resources are available. Service tasks on the container instance that are in the <code>PENDING</code> state are stopped immediately.</p> <p>Service tasks on the container instance that are in the <code>RUNNING</code> state are stopped and replaced according to the service's deployment configuration parameters, <code>minimumHealthyPercent</code> and <code>maximumPercent</code>. You can change the deployment configuration of your service using <a>UpdateService</a>.</p> <ul> <li> <p>If <code>minimumHealthyPercent</code> is below 100%, the scheduler can ignore <code>desiredCount</code> temporarily during task replacement. For example, <code>desiredCount</code> is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. If the minimum is 100%, the service scheduler can't remove existing tasks until the replacement tasks are considered healthy. Tasks for services that do not use a load balancer are considered healthy if they're in the <code>RUNNING</code> state. Tasks for services that use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and the container instance they're hosted on is reported as healthy by the load balancer.</p> </li> <li> <p>The <code>maximumPercent</code> parameter represents an upper limit on the number of running tasks during task replacement. You can use this to define the replacement batch size. For example, if <code>desiredCount</code> is four tasks, a maximum of 200% starts four new tasks before stopping the four tasks to be drained, provided that the cluster resources required to do this are available. If the maximum is 100%, then replacement tasks can't start until the draining tasks have stopped.</p> </li> </ul> <p>Any <code>PENDING</code> or <code>RUNNING</code> tasks that do not belong to a service aren't affected. You must wait for them to finish or stop them manually.</p> <p>A container instance has completed draining when it has no more <code>RUNNING</code> tasks. You can verify this using <a>ListTasks</a>.</p> <p>When a container instance has been drained, you can set a container instance to <code>ACTIVE</code> status and once it has reached that status the Amazon ECS scheduler can begin scheduling tasks on the instance again.</p>"
     },
     "UpdateService":{
       "name":"UpdateService",
@@ -834,7 +834,7 @@
         {"shape":"PlatformTaskDefinitionIncompatibilityException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<important> <p>Updating the task placement strategies and constraints on an Amazon ECS service remains in preview and is a Beta Service as defined by and subject to the Beta Service Participation Service Terms located at <a href=\"https://aws.amazon.com/service-terms\">https://aws.amazon.com/service-terms</a> (\"Beta Terms\"). These Beta Terms apply to your participation in this preview.</p> </important> <p>Modifies the parameters of a service.</p> <p>For services using the rolling update (<code>ECS</code>) deployment controller, the desired count, deployment configuration, network configuration, task placement constraints and strategies, or task definition used can be updated.</p> <p>For services using the blue/green (<code>CODE_DEPLOY</code>) deployment controller, only the desired count, deployment configuration, task placement constraints and strategies, and health check grace period can be updated using this API. If the network configuration, platform version, or task definition need to be updated, a new CodeDeploy deployment should be created. For more information, see <a href=\"https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_CreateDeployment.html\">CreateDeployment</a> in the <i>CodeDeploy API Reference</i>.</p> <p>For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, and health check grace period using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, you should create a new task set. For more information, see <a>CreateTaskSet</a>.</p> <p>You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new <code>desiredCount</code> parameter.</p> <p>If you have updated the Docker image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.</p> <note> <p>If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, <code>my_image:latest</code>), you do not need to create a new revision of your task definition. You can update the service using the <code>forceNewDeployment</code> option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.</p> </note> <p>You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, <code>minimumHealthyPercent</code> and <code>maximumPercent</code>, to determine the deployment strategy.</p> <ul> <li> <p>If <code>minimumHealthyPercent</code> is below 100%, the scheduler can ignore <code>desiredCount</code> temporarily during a deployment. For example, if <code>desiredCount</code> is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that do not use a load balancer are considered healthy if they are in the <code>RUNNING</code> state. Tasks for services that use a load balancer are considered healthy if they are in the <code>RUNNING</code> state and the container instance they are hosted on is reported as healthy by the load balancer.</p> </li> <li> <p>The <code>maximumPercent</code> parameter represents an upper limit on the number of running tasks during a deployment, which enables you to define the deployment batch size. For example, if <code>desiredCount</code> is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).</p> </li> </ul> <p>When <a>UpdateService</a> stops a task during a deployment, the equivalent of <code>docker stop</code> is issued to the containers running in the task. This results in a <code>SIGTERM</code> and a 30-second timeout, after which <code>SIGKILL</code> is sent and the containers are forcibly stopped. If the container handles the <code>SIGTERM</code> gracefully and exits within 30 seconds from receiving it, no <code>SIGKILL</code> is sent.</p> <p>When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic:</p> <ul> <li> <p>Determine which of the container instances in your cluster can support your service's task definition (for example, they have the required CPU, memory, ports, and container instance attributes).</p> </li> <li> <p>By default, the service scheduler attempts to balance tasks across Availability Zones in this manner (although you can choose a different placement strategy):</p> <ul> <li> <p>Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.</p> </li> <li> <p>Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.</p> </li> </ul> </li> </ul> <p>When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic: </p> <ul> <li> <p>Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.</p> </li> <li> <p>Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.</p> </li> </ul>"
+      "documentation":"<important> <p>Updating the task placement strategies and constraints on an Amazon ECS service remains in preview and is a Beta Service as defined by and subject to the Beta Service Participation Service Terms located at <a href=\"https://aws.amazon.com/service-terms\">https://aws.amazon.com/service-terms</a> (\"Beta Terms\"). These Beta Terms apply to your participation in this preview.</p> </important> <p>Modifies the parameters of a service.</p> <p>For services using the rolling update (<code>ECS</code>) deployment controller, the desired count, deployment configuration, network configuration, task placement constraints and strategies, or task definition used can be updated.</p> <p>For services using the blue/green (<code>CODE_DEPLOY</code>) deployment controller, only the desired count, deployment configuration, task placement constraints and strategies, and health check grace period can be updated using this API. If the network configuration, platform version, or task definition need to be updated, a new CodeDeploy deployment is created. For more information, see <a href=\"https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_CreateDeployment.html\">CreateDeployment</a> in the <i>CodeDeploy API Reference</i>.</p> <p>For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, and health check grace period using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, create a new task set. For more information, see <a>CreateTaskSet</a>.</p> <p>You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new <code>desiredCount</code> parameter.</p> <p>If you have updated the Docker image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.</p> <note> <p>If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, <code>my_image:latest</code>), you don't need to create a new revision of your task definition. You can update the service using the <code>forceNewDeployment</code> option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.</p> </note> <p>You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, <code>minimumHealthyPercent</code> and <code>maximumPercent</code>, to determine the deployment strategy.</p> <ul> <li> <p>If <code>minimumHealthyPercent</code> is below 100%, the scheduler can ignore <code>desiredCount</code> temporarily during a deployment. For example, if <code>desiredCount</code> is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that don't use a load balancer are considered healthy if they're in the <code>RUNNING</code> state. Tasks for services that use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and the container instance they're hosted on is reported as healthy by the load balancer.</p> </li> <li> <p>The <code>maximumPercent</code> parameter represents an upper limit on the number of running tasks during a deployment. You can use it to define the deployment batch size. For example, if <code>desiredCount</code> is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).</p> </li> </ul> <p>When <a>UpdateService</a> stops a task during a deployment, the equivalent of <code>docker stop</code> is issued to the containers running in the task. This results in a <code>SIGTERM</code> and a 30-second timeout. After this, <code>SIGKILL</code> is sent and the containers are forcibly stopped. If the container handles the <code>SIGTERM</code> gracefully and exits within 30 seconds from receiving it, no <code>SIGKILL</code> is sent.</p> <p>When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic.</p> <ul> <li> <p>Determine which of the container instances in your cluster can support your service's task definition. For example, they have the required CPU, memory, ports, and container instance attributes.</p> </li> <li> <p>By default, the service scheduler attempts to balance tasks across Availability Zones in this manner even though you can choose a different placement strategy.</p> <ul> <li> <p>Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.</p> </li> <li> <p>Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.</p> </li> </ul> </li> </ul> <p>When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic: </p> <ul> <li> <p>Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.</p> </li> <li> <p>Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.</p> </li> </ul>"
     },
     "UpdateServicePrimaryTaskSet":{
       "name":"UpdateServicePrimaryTaskSet",
@@ -884,7 +884,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You do not have authorization to perform the requested action.</p>",
+      "documentation":"<p>You don't have authorization to perform the requested action.</p>",
       "exception":true
     },
     "AgentUpdateStatus":{
@@ -918,7 +918,7 @@
         },
         "status":{
           "shape":"String",
-          "documentation":"<p> The status of the attachment. Valid values are <code>PRECREATED</code>, <code>CREATED</code>, <code>ATTACHING</code>, <code>ATTACHED</code>, <code>DETACHING</code>, <code>DETACHED</code>, and <code>DELETED</code>.</p>"
+          "documentation":"<p> The status of the attachment. Valid values are <code>PRECREATED</code>, <code>CREATED</code>, <code>ATTACHING</code>, <code>ATTACHED</code>, <code>DETACHING</code>, <code>DETACHED</code>, <code>DELETED</code>, and <code>FAILED</code>.</p>"
         },
         "details":{
           "shape":"AttachmentDetails",
@@ -963,28 +963,28 @@
       "members":{
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the attribute. The <code>name</code> must contain between 1 and 128 characters and name may contain letters (uppercase and lowercase), numbers, hyphens, underscores, forward slashes, back slashes, or periods.</p>"
+          "documentation":"<p>The name of the attribute. The <code>name</code> must contain between 1 and 128 characters. The name may contain letters (uppercase and lowercase), numbers, hyphens (-), underscores (_), forward slashes (/), back slashes (\\), or periods (.).</p>"
         },
         "value":{
           "shape":"String",
-          "documentation":"<p>The value of the attribute. The <code>value</code> must contain between 1 and 128 characters and may contain letters (uppercase and lowercase), numbers, hyphens, underscores, periods, at signs (@), forward slashes, back slashes, colons, or spaces. The value cannot contain any leading or trailing whitespace.</p>"
+          "documentation":"<p>The value of the attribute. The <code>value</code> must contain between 1 and 128 characters. It can contain letters (uppercase and lowercase), numbers, hyphens (-), underscores (_), periods (.), at signs (@), forward slashes (/), back slashes (\\), colons (:), or spaces. The value can't can't start or end with a space.</p>"
         },
         "targetType":{
           "shape":"TargetType",
-          "documentation":"<p>The type of the target with which to attach the attribute. This parameter is required if you use the short form ID for a resource instead of the full ARN.</p>"
+          "documentation":"<p>The type of the target to attach the attribute with. This parameter is required if you use the short form ID for a resource instead of the full ARN.</p>"
         },
         "targetId":{
           "shape":"String",
           "documentation":"<p>The ID of the target. You can specify the short form ID for a resource or the full Amazon Resource Name (ARN).</p>"
         }
       },
-      "documentation":"<p>An attribute is a name-value pair associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>An attribute is a name-value pair that's associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "AttributeLimitExceededException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You can apply up to 10 custom attributes per resource. You can view the attributes of a resource with <a>ListAttributes</a>. You can remove existing attributes on a resource with <a>DeleteAttributes</a>.</p>",
+      "documentation":"<p>You can apply up to 10 custom attributes for each resource. You can view the attributes of a resource with <a>ListAttributes</a>. You can remove existing attributes on a resource with <a>DeleteAttributes</a>.</p>",
       "exception":true
     },
     "Attributes":{
@@ -1005,7 +1005,7 @@
         },
         "managedTerminationProtection":{
           "shape":"ManagedTerminationProtection",
-          "documentation":"<p>The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection.</p> <important> <p>When using managed termination protection, managed scaling must also be used otherwise managed termination protection will not work.</p> </important> <p>When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled as well. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance Protection</a> in the <i>Auto Scaling User Guide</i>.</p> <p>When managed termination protection is disabled, your Amazon EC2 instances are not protected from termination when the Auto Scaling group scales in.</p>"
+          "documentation":"<p>The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is disabled.</p> <important> <p>When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.</p> </important> <p>When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled as well. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance Protection</a> in the <i>Auto Scaling User Guide</i>.</p> <p>When managed termination protection is disabled, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.</p>"
         }
       },
       "documentation":"<p>The details of the Auto Scaling group for the capacity provider.</p>"
@@ -1019,7 +1019,7 @@
         },
         "managedTerminationProtection":{
           "shape":"ManagedTerminationProtection",
-          "documentation":"<p>The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection.</p> <important> <p>When using managed termination protection, managed scaling must also be used otherwise managed termination protection will not work.</p> </important> <p>When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled as well. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance Protection</a> in the <i>Auto Scaling User Guide</i>.</p> <p>When managed termination protection is disabled, your Amazon EC2 instances are not protected from termination when the Auto Scaling group scales in.</p>"
+          "documentation":"<p>The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection.</p> <important> <p>When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.</p> </important> <p>When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled. For more information, see <a href=\"https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection\">Instance Protection</a> in the <i>Auto Scaling User Guide</i>.</p> <p>When managed termination protection is disabled, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.</p>"
         }
       },
       "documentation":"<p>The details of the Auto Scaling group capacity provider to update.</p>"
@@ -1030,11 +1030,11 @@
       "members":{
         "subnets":{
           "shape":"StringList",
-          "documentation":"<p>The IDs of the subnets associated with the task or service. There is a limit of 16 subnets that can be specified per <code>AwsVpcConfiguration</code>.</p> <note> <p>All specified subnets must be from the same VPC.</p> </note>"
+          "documentation":"<p>The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per <code>AwsVpcConfiguration</code>.</p> <note> <p>All specified subnets must be from the same VPC.</p> </note>"
         },
         "securityGroups":{
           "shape":"StringList",
-          "documentation":"<p>The IDs of the security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. There is a limit of 5 security groups that can be specified per <code>AwsVpcConfiguration</code>.</p> <note> <p>All specified security groups must be from the same VPC.</p> </note>"
+          "documentation":"<p>The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per <code>AwsVpcConfiguration</code>.</p> <note> <p>All specified security groups must be from the same VPC.</p> </note>"
         },
         "assignPublicIp":{
           "shape":"AssignPublicIp",
@@ -1047,7 +1047,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Your Amazon Web Services account has been blocked. For more information, contact <a href=\"http://aws.amazon.com/contact-us/\"> Amazon Web Services Support</a>.</p>",
+      "documentation":"<p>Your Amazon Web Services account was blocked. For more information, contact <a href=\"http://aws.amazon.com/contact-us/\"> Amazon Web Services Support</a>.</p>",
       "exception":true
     },
     "Boolean":{"type":"boolean"},
@@ -1079,7 +1079,7 @@
         },
         "status":{
           "shape":"CapacityProviderStatus",
-          "documentation":"<p>The current status of the capacity provider. Only capacity providers in an <code>ACTIVE</code> state can be used in a cluster. When a capacity provider is successfully deleted, it will have an <code>INACTIVE</code> status.</p>"
+          "documentation":"<p>The current status of the capacity provider. Only capacity providers in an <code>ACTIVE</code> state can be used in a cluster. When a capacity provider is successfully deleted, it has an <code>INACTIVE</code> status.</p>"
         },
         "autoScalingGroupProvider":{
           "shape":"AutoScalingGroupProvider",
@@ -1087,7 +1087,7 @@
         },
         "updateStatus":{
           "shape":"CapacityProviderUpdateStatus",
-          "documentation":"<p>The update status of the capacity provider. The following are the possible states that will be returned.</p> <dl> <dt>DELETE_IN_PROGRESS</dt> <dd> <p>The capacity provider is in the process of being deleted.</p> </dd> <dt>DELETE_COMPLETE</dt> <dd> <p>The capacity provider has been successfully deleted and will have an <code>INACTIVE</code> status.</p> </dd> <dt>DELETE_FAILED</dt> <dd> <p>The capacity provider was unable to be deleted. The update status reason will provide further details about why the delete failed.</p> </dd> </dl>"
+          "documentation":"<p>The update status of the capacity provider. The following are the possible states that is returned.</p> <dl> <dt>DELETE_IN_PROGRESS</dt> <dd> <p>The capacity provider is in the process of being deleted.</p> </dd> <dt>DELETE_COMPLETE</dt> <dd> <p>The capacity provider was successfully deleted and has an <code>INACTIVE</code> status.</p> </dd> <dt>DELETE_FAILED</dt> <dd> <p>The capacity provider can't be deleted. The update status reason provides further details about why the delete failed.</p> </dd> </dl>"
         },
         "updateStatusReason":{
           "shape":"String",
@@ -1095,10 +1095,10 @@
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>The details of a capacity provider.</p>"
+      "documentation":"<p>The details for a capacity provider.</p>"
     },
     "CapacityProviderField":{
       "type":"string",
@@ -1129,7 +1129,7 @@
         },
         "weight":{
           "shape":"CapacityProviderStrategyItemWeight",
-          "documentation":"<p>The <i>weight</i> value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The <code>weight</code> value is taken into consideration after the <code>base</code> value, if defined, is satisfied.</p> <p>If no <code>weight</code> value is specified, the default value of <code>0</code> is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of <code>0</code> will not be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of <code>0</code>, any <code>RunTask</code> or <code>CreateService</code> actions using the capacity provider strategy will fail.</p> <p>An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of <code>1</code>, then when the <code>base</code> is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of <code>1</code> for <i>capacityProviderA</i> and a weight of <code>4</code> for <i>capacityProviderB</i>, then for every one task that is run using <i>capacityProviderA</i>, four tasks would use <i>capacityProviderB</i>.</p>"
+          "documentation":"<p>The <i>weight</i> value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The <code>weight</code> value is taken into consideration after the <code>base</code> value, if defined, is satisfied.</p> <p>If no <code>weight</code> value is specified, the default value of <code>0</code> is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of <code>0</code> can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of <code>0</code>, any <code>RunTask</code> or <code>CreateService</code> actions using the capacity provider strategy will fail.</p> <p>An example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of <code>1</code>, then when the <code>base</code> is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of <code>1</code> for <i>capacityProviderA</i> and a weight of <code>4</code> for <i>capacityProviderB</i>, then for every one task that's run using <i>capacityProviderA</i>, four tasks would use <i>capacityProviderB</i>.</p>"
         },
         "base":{
           "shape":"CapacityProviderStrategyItemBase",
@@ -1168,7 +1168,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>These errors are usually caused by a client action, such as using an action or resource on behalf of a user that doesn't have permissions to use the action or resource, or specifying an identifier that is not valid.</p>",
+      "documentation":"<p>These errors are usually caused by a client action. This client action might be using an action or resource on behalf of a user that doesn't have permissions to use the action or resource,. Or, it might be specifying an identifier that isn't valid.</p>",
       "exception":true
     },
     "Cluster":{
@@ -1188,7 +1188,7 @@
         },
         "status":{
           "shape":"String",
-          "documentation":"<p>The status of the cluster. The following are the possible states that will be returned.</p> <dl> <dt>ACTIVE</dt> <dd> <p>The cluster is ready to accept tasks and if applicable you can register container instances with the cluster.</p> </dd> <dt>PROVISIONING</dt> <dd> <p>The cluster has capacity providers associated with it and the resources needed for the capacity provider are being created.</p> </dd> <dt>DEPROVISIONING</dt> <dd> <p>The cluster has capacity providers associated with it and the resources needed for the capacity provider are being deleted.</p> </dd> <dt>FAILED</dt> <dd> <p>The cluster has capacity providers associated with it and the resources needed for the capacity provider have failed to create.</p> </dd> <dt>INACTIVE</dt> <dd> <p>The cluster has been deleted. Clusters with an <code>INACTIVE</code> status may remain discoverable in your account for a period of time. However, this behavior is subject to change in the future, so you should not rely on <code>INACTIVE</code> clusters persisting.</p> </dd> </dl>"
+          "documentation":"<p>The status of the cluster. The following are the possible states that are returned.</p> <dl> <dt>ACTIVE</dt> <dd> <p>The cluster is ready to accept tasks and if applicable you can register container instances with the cluster.</p> </dd> <dt>PROVISIONING</dt> <dd> <p>The cluster has capacity providers that are associated with it and the resources needed for the capacity provider are being created.</p> </dd> <dt>DEPROVISIONING</dt> <dd> <p>The cluster has capacity providers that are associated with it and the resources needed for the capacity provider are being deleted.</p> </dd> <dt>FAILED</dt> <dd> <p>The cluster has capacity providers that are associated with it and the resources needed for the capacity provider have failed to create.</p> </dd> <dt>INACTIVE</dt> <dd> <p>The cluster has been deleted. Clusters with an <code>INACTIVE</code> status may remain discoverable in your account for a period of time. However, this behavior is subject to change in the future. We don't recommend that you rely on <code>INACTIVE</code> clusters persisting.</p> </dd> </dl>"
         },
         "registeredContainerInstancesCount":{
           "shape":"Integer",
@@ -1208,11 +1208,11 @@
         },
         "statistics":{
           "shape":"Statistics",
-          "documentation":"<p>Additional information about your clusters that are separated by launch type, including:</p> <ul> <li> <p>runningEC2TasksCount</p> </li> <li> <p>RunningFargateTasksCount</p> </li> <li> <p>pendingEC2TasksCount</p> </li> <li> <p>pendingFargateTasksCount</p> </li> <li> <p>activeEC2ServiceCount</p> </li> <li> <p>activeFargateServiceCount</p> </li> <li> <p>drainingEC2ServiceCount</p> </li> <li> <p>drainingFargateServiceCount</p> </li> </ul>"
+          "documentation":"<p>Additional information about your clusters that are separated by launch type. They include the following:</p> <ul> <li> <p>runningEC2TasksCount</p> </li> <li> <p>RunningFargateTasksCount</p> </li> <li> <p>pendingEC2TasksCount</p> </li> <li> <p>pendingFargateTasksCount</p> </li> <li> <p>activeEC2ServiceCount</p> </li> <li> <p>activeFargateServiceCount</p> </li> <li> <p>drainingEC2ServiceCount</p> </li> <li> <p>drainingFargateServiceCount</p> </li> </ul>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         },
         "settings":{
           "shape":"ClusterSettings",
@@ -1228,14 +1228,14 @@
         },
         "attachments":{
           "shape":"Attachments",
-          "documentation":"<p>The resources attached to a cluster. When using a capacity provider with a cluster, the Auto Scaling plan that is created will be returned as a cluster attachment.</p>"
+          "documentation":"<p>The resources attached to a cluster. When using a capacity provider with a cluster, the Auto Scaling plan that's created is returned as a cluster attachment.</p>"
         },
         "attachmentsStatus":{
           "shape":"String",
-          "documentation":"<p>The status of the capacity providers associated with the cluster. The following are the states that will be returned:</p> <dl> <dt>UPDATE_IN_PROGRESS</dt> <dd> <p>The available capacity providers for the cluster are updating. This occurs when the Auto Scaling plan is provisioning or deprovisioning.</p> </dd> <dt>UPDATE_COMPLETE</dt> <dd> <p>The capacity providers have successfully updated.</p> </dd> <dt>UPDATE_FAILED</dt> <dd> <p>The capacity provider updates failed.</p> </dd> </dl>"
+          "documentation":"<p>The status of the capacity providers associated with the cluster. The following are the states that are returned.</p> <dl> <dt>UPDATE_IN_PROGRESS</dt> <dd> <p>The available capacity providers for the cluster are updating. This occurs when the Auto Scaling plan is provisioning or deprovisioning.</p> </dd> <dt>UPDATE_COMPLETE</dt> <dd> <p>The capacity providers have successfully updated.</p> </dd> <dt>UPDATE_FAILED</dt> <dd> <p>The capacity provider updates failed.</p> </dd> </dl>"
         }
       },
-      "documentation":"<p>A regional grouping of one or more container instances on which you can run task requests. Each account receives a default cluster the first time you use the Amazon ECS service, but you may also create other clusters. Clusters may contain more than one instance type simultaneously.</p>"
+      "documentation":"<p>A regional grouping of one or more container instances where you can run task requests. Each account receives a default cluster the first time you use the Amazon ECS service, but you may also create other clusters. Clusters may contain more than one instance type simultaneously.</p>"
     },
     "ClusterConfiguration":{
       "type":"structure",
@@ -1251,21 +1251,21 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You cannot delete a cluster that has registered container instances. First, deregister the container instances before you can delete the cluster. For more information, see <a>DeregisterContainerInstance</a>.</p>",
+      "documentation":"<p>You can't delete a cluster that has registered container instances. First, deregister the container instances before you can delete the cluster. For more information, see <a>DeregisterContainerInstance</a>.</p>",
       "exception":true
     },
     "ClusterContainsServicesException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You cannot delete a cluster that contains services. First, update the service to reduce its desired task count to 0 and then delete the service. For more information, see <a>UpdateService</a> and <a>DeleteService</a>.</p>",
+      "documentation":"<p>You can't delete a cluster that contains services. First, update the service to reduce its desired task count to 0, and then delete the service. For more information, see <a>UpdateService</a> and <a>DeleteService</a>.</p>",
       "exception":true
     },
     "ClusterContainsTasksException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You cannot delete a cluster that has active tasks.</p>",
+      "documentation":"<p>You can't delete a cluster that has active tasks.</p>",
       "exception":true
     },
     "ClusterField":{
@@ -1286,7 +1286,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified cluster could not be found. You can view your available clusters with <a>ListClusters</a>. Amazon ECS clusters are Region-specific.</p>",
+      "documentation":"<p>The specified cluster wasn't found. You can view your available clusters with <a>ListClusters</a>. Amazon ECS clusters are Region specific.</p>",
       "exception":true
     },
     "ClusterSetting":{
@@ -1383,7 +1383,7 @@
         },
         "healthStatus":{
           "shape":"HealthStatus",
-          "documentation":"<p>The health status of the container. If health checks are not configured for this container in its task definition, then it reports the health status as <code>UNKNOWN</code>.</p>"
+          "documentation":"<p>The health status of the container. If health checks aren't configured for this container in its task definition, then it reports the health status as <code>UNKNOWN</code>.</p>"
         },
         "managedAgents":{
           "shape":"ManagedAgents",
@@ -1391,7 +1391,7 @@
         },
         "cpu":{
           "shape":"String",
-          "documentation":"<p>The number of CPU units set for the container. The value will be <code>0</code> if no value was specified in the container definition when the task definition was registered.</p>"
+          "documentation":"<p>The number of CPU units set for the container. The value is <code>0</code> if no value was specified in the container definition when the task definition was registered.</p>"
         },
         "memory":{
           "shape":"String",
@@ -1406,7 +1406,7 @@
           "documentation":"<p>The IDs of each GPU assigned to the container.</p>"
         }
       },
-      "documentation":"<p>A Docker container that is part of a task.</p>"
+      "documentation":"<p>A Docker container that's part of a task.</p>"
     },
     "ContainerCondition":{
       "type":"string",
@@ -1422,11 +1422,11 @@
       "members":{
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of a container. If you are linking multiple containers together in a task definition, the <code>name</code> of one container can be entered in the <code>links</code> of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to <code>name</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--name</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. </p>"
+          "documentation":"<p>The name of a container. If you're linking multiple containers together in a task definition, the <code>name</code> of one container can be entered in the <code>links</code> of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to <code>name</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--name</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. </p>"
         },
         "image":{
           "shape":"String",
-          "documentation":"<p>The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either <code> <i>repository-url</i>/<i>image</i>:<i>tag</i> </code> or <code> <i>repository-url</i>/<i>image</i>@<i>digest</i> </code>. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to <code>Image</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>IMAGE</code> parameter of <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <ul> <li> <p>When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image are not propagated to already running tasks.</p> </li> <li> <p>Images in Amazon ECR repositories can be specified by either using the full <code>registry/repository:tag</code> or <code>registry/repository@digest</code>. For example, <code>012345678910.dkr.ecr.&lt;region-name&gt;.amazonaws.com/&lt;repository-name&gt;:latest</code> or <code>012345678910.dkr.ecr.&lt;region-name&gt;.amazonaws.com/&lt;repository-name&gt;@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE</code>. </p> </li> <li> <p>Images in official repositories on Docker Hub use a single name (for example, <code>ubuntu</code> or <code>mongo</code>).</p> </li> <li> <p>Images in other repositories on Docker Hub are qualified with an organization name (for example, <code>amazon/amazon-ecs-agent</code>).</p> </li> <li> <p>Images in other online repositories are qualified further by a domain name (for example, <code>quay.io/assemblyline/ubuntu</code>).</p> </li> </ul>"
+          "documentation":"<p>The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either <code> <i>repository-url</i>/<i>image</i>:<i>tag</i> </code> or <code> <i>repository-url</i>/<i>image</i>@<i>digest</i> </code>. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to <code>Image</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>IMAGE</code> parameter of <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <ul> <li> <p>When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.</p> </li> <li> <p>Images in Amazon ECR repositories can be specified by either using the full <code>registry/repository:tag</code> or <code>registry/repository@digest</code>. For example, <code>012345678910.dkr.ecr.&lt;region-name&gt;.amazonaws.com/&lt;repository-name&gt;:latest</code> or <code>012345678910.dkr.ecr.&lt;region-name&gt;.amazonaws.com/&lt;repository-name&gt;@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE</code>. </p> </li> <li> <p>Images in official repositories on Docker Hub use a single name (for example, <code>ubuntu</code> or <code>mongo</code>).</p> </li> <li> <p>Images in other repositories on Docker Hub are qualified with an organization name (for example, <code>amazon/amazon-ecs-agent</code>).</p> </li> <li> <p>Images in other online repositories are qualified further by a domain name (for example, <code>quay.io/assemblyline/ubuntu</code>).</p> </li> </ul>"
         },
         "repositoryCredentials":{
           "shape":"RepositoryCredentials",
@@ -1434,15 +1434,15 @@
         },
         "cpu":{
           "shape":"Integer",
-          "documentation":"<p>The number of <code>cpu</code> units reserved for the container. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level <code>cpu</code> value.</p> <note> <p>You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the <a href=\"http://aws.amazon.com/ec2/instance-types/\">Amazon EC2 Instances</a> detail page by 1,024.</p> </note> <p>Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that is the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task would be guaranteed a minimum of 512 CPU units when needed, and each container could float to higher CPU usage if the other container was not using it, but if both tasks were 100% active all of the time, they would be limited to 512 CPU units.</p> <p>On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see <a href=\"https://docs.docker.com/engine/reference/run/#cpu-share-constraint\">CPU share constraint</a> in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter is not required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version:</p> <ul> <li> <p> <b>Agent versions less than or equal to 1.1.0:</b> Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.</p> </li> <li> <p> <b>Agent versions greater than or equal to 1.2.0:</b> Null, zero, and CPU values of 1 are passed to Docker as 2.</p> </li> </ul> <p>On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that is described in the task definition. A null or zero CPU value is passed to Docker as <code>0</code>, which Windows interprets as 1% of one CPU.</p>"
+          "documentation":"<p>The number of <code>cpu</code> units reserved for the container. This parameter maps to <code>CpuShares</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--cpu-shares</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level <code>cpu</code> value.</p> <note> <p>You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the <a href=\"http://aws.amazon.com/ec2/instance-types/\">Amazon EC2 Instances</a> detail page by 1,024.</p> </note> <p>Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.</p> <p>On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. For more information, see <a href=\"https://docs.docker.com/engine/reference/run/#cpu-share-constraint\">CPU share constraint</a> in the Docker documentation. The minimum valid CPU share value that the Linux kernel allows is 2. However, the CPU parameter isn't required, and you can use CPU values below 2 in your container definitions. For CPU values below 2 (including null), the behavior varies based on your Amazon ECS container agent version:</p> <ul> <li> <p> <b>Agent versions less than or equal to 1.1.0:</b> Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.</p> </li> <li> <p> <b>Agent versions greater than or equal to 1.2.0:</b> Null, zero, and CPU values of 1 are passed to Docker as 2.</p> </li> </ul> <p>On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as <code>0</code>, which Windows interprets as 1% of one CPU.</p>"
         },
         "memory":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task <code>memory</code> value, if one is specified. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>If using the Fargate launch type, this parameter is optional.</p> <p>If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level <code>memory</code> and <code>memoryReservation</code> value, <code>memory</code> must be greater than <code>memoryReservation</code>. If you specify <code>memoryReservation</code>, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of <code>memory</code> is used.</p> <p>The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.</p>"
+          "documentation":"<p>The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task <code>memory</code> value, if one is specified. This parameter maps to <code>Memory</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--memory</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>If using the Fargate launch type, this parameter is optional.</p> <p>If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level <code>memory</code> and <code>memoryReservation</code> value, <code>memory</code> must be greater than <code>memoryReservation</code>. If you specify <code>memoryReservation</code>, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of <code>memory</code> is used.</p> <p>The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container, so you should not specify fewer than 6 MiB of memory for your containers.</p> <p>The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers.</p>"
         },
         "memoryReservation":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the <code>memory</code> parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to <code>MemoryReservation</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--memory-reservation</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>If a task-level memory value is not specified, you must specify a non-zero integer for one or both of <code>memory</code> or <code>memoryReservation</code> in a container definition. If you specify both, <code>memory</code> must be greater than <code>memoryReservation</code>. If you specify <code>memoryReservation</code>, then that value is subtracted from the available memory resources for the container instance on which the container is placed. Otherwise, the value of <code>memory</code> is used.</p> <p>For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a <code>memoryReservation</code> of 128 MiB, and a <code>memory</code> hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.</p> <p>The Docker daemon reserves a minimum of 4 MiB of memory for a container, so you should not specify fewer than 4 MiB of memory for your containers. </p>"
+          "documentation":"<p>The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the <code>memory</code> parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to <code>MemoryReservation</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--memory-reservation</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>If a task-level memory value is not specified, you must specify a non-zero integer for one or both of <code>memory</code> or <code>memoryReservation</code> in a container definition. If you specify both, <code>memory</code> must be greater than <code>memoryReservation</code>. If you specify <code>memoryReservation</code>, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of <code>memory</code> is used.</p> <p>For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a <code>memoryReservation</code> of 128 MiB, and a <code>memory</code> hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.</p> <p>The Docker daemon reserves a minimum of 4 MiB of memory for a container. Therefore, we recommend that you specify fewer than 4 MiB of memory for your containers. </p>"
         },
         "links":{
           "shape":"StringList",
@@ -1450,31 +1450,31 @@
         },
         "portMappings":{
           "shape":"PortMappingList",
-          "documentation":"<p>The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.</p> <p>For task definitions that use the <code>awsvpc</code> network mode, you should only specify the <code>containerPort</code>. The <code>hostPort</code> can be left blank or it must be the same value as the <code>containerPort</code>.</p> <p>Port mappings on Windows use the <code>NetNAT</code> gateway address rather than <code>localhost</code>. There is no loopback for port mappings on Windows, so you cannot access a container's mapped port from the host itself. </p> <p>This parameter maps to <code>PortBindings</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--publish</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. If the network mode of a task definition is set to <code>none</code>, then you can't specify port mappings. If the network mode of a task definition is set to <code>host</code>, then host ports must either be undefined or they must match the container port in the port mapping.</p> <note> <p>After a task reaches the <code>RUNNING</code> status, manual and automatic host and container port assignments are visible in the <b>Network Bindings</b> section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the <code>networkBindings</code> section <a>DescribeTasks</a> responses.</p> </note>"
+          "documentation":"<p>The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.</p> <p>For task definitions that use the <code>awsvpc</code> network mode, only specify the <code>containerPort</code>. The <code>hostPort</code> can be left blank or it must be the same value as the <code>containerPort</code>.</p> <p>Port mappings on Windows use the <code>NetNAT</code> gateway address rather than <code>localhost</code>. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself. </p> <p>This parameter maps to <code>PortBindings</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--publish</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. If the network mode of a task definition is set to <code>none</code>, then you can't specify port mappings. If the network mode of a task definition is set to <code>host</code>, then host ports must either be undefined or they must match the container port in the port mapping.</p> <note> <p>After a task reaches the <code>RUNNING</code> status, manual and automatic host and container port assignments are visible in the <b>Network Bindings</b> section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the <code>networkBindings</code> section <a>DescribeTasks</a> responses.</p> </note>"
         },
         "essential":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If the <code>essential</code> parameter of a container is marked as <code>true</code>, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the <code>essential</code> parameter of a container is marked as <code>false</code>, then its failure does not affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.</p> <p>All tasks must have at least one essential container. If you have an application that is composed of multiple containers, you should group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html\">Application Architecture</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>If the <code>essential</code> parameter of a container is marked as <code>true</code>, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the <code>essential</code> parameter of a container is marked as <code>false</code>, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.</p> <p>All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/application_architecture.html\">Application Architecture</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "entryPoint":{
           "shape":"StringList",
-          "documentation":"<important> <p>Early versions of the Amazon ECS container agent do not properly handle <code>entryPoint</code> parameters. If you have problems using <code>entryPoint</code>, update your container agent or enter your commands and arguments as <code>command</code> array items instead.</p> </important> <p>The entry point that is passed to the container. This parameter maps to <code>Entrypoint</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--entrypoint</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. For more information, see <a href=\"https://docs.docker.com/engine/reference/builder/#entrypoint\">https://docs.docker.com/engine/reference/builder/#entrypoint</a>.</p>"
+          "documentation":"<important> <p>Early versions of the Amazon ECS container agent don't properly handle <code>entryPoint</code> parameters. If you have problems using <code>entryPoint</code>, update your container agent or enter your commands and arguments as <code>command</code> array items instead.</p> </important> <p>The entry point that's passed to the container. This parameter maps to <code>Entrypoint</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--entrypoint</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. For more information, see <a href=\"https://docs.docker.com/engine/reference/builder/#entrypoint\">https://docs.docker.com/engine/reference/builder/#entrypoint</a>.</p>"
         },
         "command":{
           "shape":"StringList",
-          "documentation":"<p>The command that is passed to the container. This parameter maps to <code>Cmd</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>COMMAND</code> parameter to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. For more information, see <a href=\"https://docs.docker.com/engine/reference/builder/#cmd\">https://docs.docker.com/engine/reference/builder/#cmd</a>. If there are multiple arguments, each argument should be a separated string in the array.</p>"
+          "documentation":"<p>The command that's passed to the container. This parameter maps to <code>Cmd</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>COMMAND</code> parameter to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. For more information, see <a href=\"https://docs.docker.com/engine/reference/builder/#cmd\">https://docs.docker.com/engine/reference/builder/#cmd</a>. If there are multiple arguments, each argument is a separated string in the array.</p>"
         },
         "environment":{
           "shape":"EnvironmentVariables",
-          "documentation":"<p>The environment variables to pass to a container. This parameter maps to <code>Env</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--env</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <important> <p>We do not recommend using plaintext environment variables for sensitive information, such as credential data.</p> </important>"
+          "documentation":"<p>The environment variables to pass to a container. This parameter maps to <code>Env</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--env</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <important> <p>We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.</p> </important>"
         },
         "environmentFiles":{
           "shape":"EnvironmentFiles",
-          "documentation":"<p>A list of files containing the environment variables to pass to a container. This parameter maps to the <code>--env-file</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>You can specify up to ten environment files. The file must have a <code>.env</code> file extension. Each line in an environment file should contain an environment variable in <code>VARIABLE=VALUE</code> format. Lines beginning with <code>#</code> are treated as comments and are ignored. For more information on the environment variable file syntax, see <a href=\"https://docs.docker.com/compose/env-file/\">Declare default environment variables in file</a>.</p> <p>If there are environment variables specified using the <code>environment</code> parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they are processed from the top down. It is recommended to use unique variable names. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html\">Specifying Environment Variables</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>A list of files containing the environment variables to pass to a container. This parameter maps to the <code>--env-file</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>You can specify up to ten environment files. The file must have a <code>.env</code> file extension. Each line in an environment file contains an environment variable in <code>VARIABLE=VALUE</code> format. Lines beginning with <code>#</code> are treated as comments and are ignored. For more information about the environment variable file syntax, see <a href=\"https://docs.docker.com/compose/env-file/\">Declare default environment variables in file</a>.</p> <p>If there are environment variables specified using the <code>environment</code> parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html\">Specifying Environment Variables</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "mountPoints":{
           "shape":"MountPointList",
-          "documentation":"<p>The mount points for data volumes in your container.</p> <p>This parameter maps to <code>Volumes</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--volume</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers cannot mount directories on a different drive, and mount point cannot be across drives.</p>"
+          "documentation":"<p>The mount points for data volumes in your container.</p> <p>This parameter maps to <code>Volumes</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--volume</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers can't mount directories on a different drive, and mount point can't be across drives.</p>"
         },
         "volumesFrom":{
           "shape":"VolumeFromList",
@@ -1490,27 +1490,27 @@
         },
         "dependsOn":{
           "shape":"ContainerDependencies",
-          "documentation":"<p>The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.</p> <p>For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For tasks using the Fargate launch type, the task or service requires the followiwng platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul>"
+          "documentation":"<p>The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.</p> <p>For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For tasks using the Fargate launch type, the task or service requires the following platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul>"
         },
         "startTimeout":{
           "shape":"BoxedInteger",
-          "documentation":"<p>Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a <code>COMPLETE</code>, <code>SUCCESS</code>, or <code>HEALTHY</code> status. If a <code>startTimeout</code> value is specified for containerB and it does not reach the desired status within that time then containerA will give up and not start. This results in the task transitioning to a <code>STOPPED</code> state.</p> <note> <p>When the <code>ECS_CONTAINER_START_TIMEOUT</code> container agent configuration variable is used, it is enforced indendently from this start timeout value.</p> </note> <p>For tasks using the Fargate launch type, the task or service requires the followiwng platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> <p>For tasks using the EC2 launch type, your container instances require at least version <code>1.26.0</code> of the container agent to enable a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version <code>1.26.0-1</code> of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>Time duration (in seconds) to wait before giving up on resolving dependencies for a container. For example, you specify two containers in a task definition with containerA having a dependency on containerB reaching a <code>COMPLETE</code>, <code>SUCCESS</code>, or <code>HEALTHY</code> status. If a <code>startTimeout</code> value is specified for containerB and it doesn't reach the desired status within that time then containerA gives up and not start. This results in the task transitioning to a <code>STOPPED</code> state.</p> <note> <p>When the <code>ECS_CONTAINER_START_TIMEOUT</code> container agent configuration variable is used, it's enforced independently from this start timeout value.</p> </note> <p>For tasks using the Fargate launch type, the task or service requires the following platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> <p>For tasks using the EC2 launch type, your container instances require at least version <code>1.26.0</code> of the container agent to enable a container start timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version <code>1.26.0-1</code> of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "stopTimeout":{
           "shape":"BoxedInteger",
-          "documentation":"<p>Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.</p> <p>For tasks using the Fargate launch type, the task or service requires the followiwng platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> <p>The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.</p> <p>For tasks using the EC2 launch type, if the <code>stopTimeout</code> parameter is not specified, the value set for the Amazon ECS container agent configuration variable <code>ECS_CONTAINER_STOP_TIMEOUT</code> is used by default. If neither the <code>stopTimeout</code> parameter or the <code>ECS_CONTAINER_STOP_TIMEOUT</code> agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to enable a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.</p> <p>For tasks using the Fargate launch type, the task or service requires the following platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> <p>The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.</p> <p>For tasks that use the EC2 launch type, if the <code>stopTimeout</code> parameter isn't specified, the value set for the Amazon ECS container agent configuration variable <code>ECS_CONTAINER_STOP_TIMEOUT</code> is used. If neither the <code>stopTimeout</code> parameter or the <code>ECS_CONTAINER_STOP_TIMEOUT</code> agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to enable a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "hostname":{
           "shape":"String",
-          "documentation":"<p>The hostname to use for your container. This parameter maps to <code>Hostname</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--hostname</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>The <code>hostname</code> parameter is not supported if you are using the <code>awsvpc</code> network mode.</p> </note>"
+          "documentation":"<p>The hostname to use for your container. This parameter maps to <code>Hostname</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--hostname</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>The <code>hostname</code> parameter is not supported if you're using the <code>awsvpc</code> network mode.</p> </note>"
         },
         "user":{
           "shape":"String",
-          "documentation":"<p>The user to use inside the container. This parameter maps to <code>User</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--user</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <important> <p>When running tasks using the <code>host</code> network mode, you should not run containers using the root user (UID 0). It is considered best practice to use a non-root user.</p> </important> <p>You can specify the <code>user</code> using the following formats. If specifying a UID or GID, you must specify it as a positive integer.</p> <ul> <li> <p> <code>user</code> </p> </li> <li> <p> <code>user:group</code> </p> </li> <li> <p> <code>uid</code> </p> </li> <li> <p> <code>uid:gid</code> </p> </li> <li> <p> <code>user:gid</code> </p> </li> <li> <p> <code>uid:group</code> </p> </li> </ul> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
+          "documentation":"<p>The user to use inside the container. This parameter maps to <code>User</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--user</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <important> <p>When running tasks using the <code>host</code> network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.</p> </important> <p>You can specify the <code>user</code> using the following formats. If specifying a UID or GID, you must specify it as a positive integer.</p> <ul> <li> <p> <code>user</code> </p> </li> <li> <p> <code>user:group</code> </p> </li> <li> <p> <code>uid</code> </p> </li> <li> <p> <code>uid:gid</code> </p> </li> <li> <p> <code>user:gid</code> </p> </li> <li> <p> <code>uid:group</code> </p> </li> </ul> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
         },
         "workingDirectory":{
           "shape":"String",
-          "documentation":"<p>The working directory in which to run commands inside the container. This parameter maps to <code>WorkingDir</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--workdir</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p>"
+          "documentation":"<p>The working directory to run commands inside the container in. This parameter maps to <code>WorkingDir</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--workdir</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p>"
         },
         "disableNetworking":{
           "shape":"BoxedBoolean",
@@ -1534,15 +1534,15 @@
         },
         "extraHosts":{
           "shape":"HostEntryList",
-          "documentation":"<p>A list of hostnames and IP address mappings to append to the <code>/etc/hosts</code> file on the container. This parameter maps to <code>ExtraHosts</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--add-host</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>This parameter is not supported for Windows containers or tasks that use the <code>awsvpc</code> network mode.</p> </note>"
+          "documentation":"<p>A list of hostnames and IP address mappings to append to the <code>/etc/hosts</code> file on the container. This parameter maps to <code>ExtraHosts</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--add-host</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>This parameter isn't supported for Windows containers or tasks that use the <code>awsvpc</code> network mode.</p> </note>"
         },
         "dockerSecurityOptions":{
           "shape":"StringList",
-          "documentation":"<p>A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field is not valid for containers in tasks using the Fargate launch type.</p> <p>With Windows containers, this parameter can be used to reference a credential spec file when configuring a container for Active Directory authentication. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html\">Using gMSAs for Windows Containers</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>This parameter maps to <code>SecurityOpt</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--security-opt</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>The Amazon ECS container agent running on a container instance must register with the <code>ECS_SELINUX_CAPABLE=true</code> or <code>ECS_APPARMOR_CAPABLE=true</code> environment variables before containers placed on that instance can use these security options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS Container Agent Configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note> <p>For more information about valid values, see <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">Docker Run Security Configuration</a>. </p> <p>Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"</p>"
+          "documentation":"<p>A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field isn't valid for containers in tasks using the Fargate launch type.</p> <p>With Windows containers, this parameter can be used to reference a credential spec file when configuring a container for Active Directory authentication. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html\">Using gMSAs for Windows Containers</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>This parameter maps to <code>SecurityOpt</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--security-opt</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>The Amazon ECS container agent running on a container instance must register with the <code>ECS_SELINUX_CAPABLE=true</code> or <code>ECS_APPARMOR_CAPABLE=true</code> environment variables before containers placed on that instance can use these security options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS Container Agent Configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note> <p>For more information about valid values, see <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">Docker Run Security Configuration</a>. </p> <p>Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"</p>"
         },
         "interactive":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>When this parameter is <code>true</code>, this allows you to deploy containerized applications that require <code>stdin</code> or a <code>tty</code> to be allocated. This parameter maps to <code>OpenStdin</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--interactive</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p>"
+          "documentation":"<p>When this parameter is <code>true</code>, you can deploy containerized applications that require <code>stdin</code> or a <code>tty</code> to be allocated. This parameter maps to <code>OpenStdin</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--interactive</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p>"
         },
         "pseudoTerminal":{
           "shape":"BoxedBoolean",
@@ -1554,11 +1554,11 @@
         },
         "ulimits":{
           "shape":"UlimitList",
-          "documentation":"<p>A list of <code>ulimits</code> to set in the container. If a ulimit value is specified in a task definition, it will override the default values set by Docker. This parameter maps to <code>Ulimits</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--ulimit</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. Valid naming values are displayed in the <a>Ulimit</a> data type.</p> <p>Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the <code>nofile</code> resource limit parameter which Fargate overrides. The <code>nofile</code> resource limit sets a restriction on the number of open files that a container can use. The default <code>nofile</code> soft limit is <code>1024</code> and hard limit is <code>4096</code>.</p> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
+          "documentation":"<p>A list of <code>ulimits</code> to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to <code>Ulimits</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--ulimit</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. Valid naming values are displayed in the <a>Ulimit</a> data type.</p> <p>Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the <code>nofile</code> resource limit parameter which Fargate overrides. The <code>nofile</code> resource limit sets a restriction on the number of open files that a container can use. The default <code>nofile</code> soft limit is <code>1024</code> and hard limit is <code>4096</code>.</p> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>This parameter is not supported for Windows containers.</p> </note>"
         },
         "logConfiguration":{
           "shape":"LogConfiguration",
-          "documentation":"<p>The log configuration specification for the container.</p> <p>This parameter maps to <code>LogConfig</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--log-driver</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. By default, containers use the same logging driver that the Docker daemon uses. However the container may use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information on the options for different supported log drivers, see <a href=\"https://docs.docker.com/engine/admin/logging/overview/\">Configure logging drivers</a> in the Docker documentation.</p> <note> <p>Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the <a>LogConfiguration</a> data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.</p> </note> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the <code>ECS_AVAILABLE_LOGGING_DRIVERS</code> environment variable before containers placed on that instance can use these log configuration options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS Container Agent Configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note>"
+          "documentation":"<p>The log configuration specification for the container.</p> <p>This parameter maps to <code>LogConfig</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--log-driver</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options). For more information about the options for different supported log drivers, see <a href=\"https://docs.docker.com/engine/admin/logging/overview/\">Configure logging drivers</a> in the Docker documentation.</p> <note> <p>Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the <a>LogConfiguration</a> data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.</p> </note> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: <code>sudo docker version --format '{{.Server.APIVersion}}'</code> </p> <note> <p>The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the <code>ECS_AVAILABLE_LOGGING_DRIVERS</code> environment variable before containers placed on that instance can use these log configuration options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS Container Agent Configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </note>"
         },
         "healthCheck":{
           "shape":"HealthCheck",
@@ -1566,7 +1566,7 @@
         },
         "systemControls":{
           "shape":"SystemControls",
-          "documentation":"<p>A list of namespaced kernel parameters to set in the container. This parameter maps to <code>Sysctls</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--sysctl</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>It is not recommended that you specify network-related <code>systemControls</code> parameters for multiple containers in a single task that also uses either the <code>awsvpc</code> or <code>host</code> network modes. For tasks that use the <code>awsvpc</code> network mode, the container that is started last determines which <code>systemControls</code> parameters take effect. For tasks that use the <code>host</code> network mode, it changes the container instance's namespaced kernel parameters as well as the containers.</p> </note>"
+          "documentation":"<p>A list of namespaced kernel parameters to set in the container. This parameter maps to <code>Sysctls</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--sysctl</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>We don't recommended that you specify network-related <code>systemControls</code> parameters for multiple containers in a single task that also uses either the <code>awsvpc</code> or <code>host</code> network modes. For tasks that use the <code>awsvpc</code> network mode, the container that's started last determines which <code>systemControls</code> parameters take effect. For tasks that use the <code>host</code> network mode, it changes the container instance's namespaced kernel parameters as well as the containers.</p> </note>"
         },
         "resourceRequirements":{
           "shape":"ResourceRequirements",
@@ -1600,10 +1600,10 @@
         },
         "condition":{
           "shape":"ContainerCondition",
-          "documentation":"<p>The dependency condition of the container. The following are the available conditions and their behavior:</p> <ul> <li> <p> <code>START</code> - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.</p> </li> <li> <p> <code>COMPLETE</code> - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition cannot be set on an essential container.</p> </li> <li> <p> <code>SUCCESS</code> - This condition is the same as <code>COMPLETE</code>, but it also requires that the container exits with a <code>zero</code> status. This condition cannot be set on an essential container.</p> </li> <li> <p> <code>HEALTHY</code> - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.</p> </li> </ul>"
+          "documentation":"<p>The dependency condition of the container. The following are the available conditions and their behavior:</p> <ul> <li> <p> <code>START</code> - This condition emulates the behavior of links and volumes today. It validates that a dependent container is started before permitting other containers to start.</p> </li> <li> <p> <code>COMPLETE</code> - This condition validates that a dependent container runs to completion (exits) before permitting other containers to start. This can be useful for nonessential containers that run a script and then exit. This condition can't be set on an essential container.</p> </li> <li> <p> <code>SUCCESS</code> - This condition is the same as <code>COMPLETE</code>, but it also requires that the container exits with a <code>zero</code> status. This condition can't be set on an essential container.</p> </li> <li> <p> <code>HEALTHY</code> - This condition validates that the dependent container passes its Docker health check before permitting other containers to start. This requires that the dependent container has health checks configured. This condition is confirmed only at task startup.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.</p> <p>Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you are using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>For tasks using the Fargate launch type, the task or service requires the followiwng platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> </note>"
+      "documentation":"<p>The dependencies defined for container startup and shutdown. A container can contain multiple dependencies. When a dependency is defined for container startup, for container shutdown it is reversed.</p> <p>Your Amazon ECS container instances require at least version 1.26.0 of the container agent to enable container dependencies. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a> in the <i>Amazon Elastic Container Service Developer Guide</i>. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the <code>ecs-init</code> package. If your container instances are launched from version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>For tasks that use the Fargate launch type, the task or service requires the following platforms:</p> <ul> <li> <p>Linux platform version <code>1.3.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> </note>"
     },
     "ContainerInstance":{
       "type":"structure",
@@ -1618,11 +1618,11 @@
         },
         "capacityProviderName":{
           "shape":"String",
-          "documentation":"<p>The capacity provider associated with the container instance.</p>"
+          "documentation":"<p>The capacity provider that's associated with the container instance.</p>"
         },
         "version":{
           "shape":"Long",
-          "documentation":"<p>The version counter for the container instance. Every time a container instance experiences a change that triggers a CloudWatch event, the version counter is incremented. If you are replicating your Amazon ECS container instance state with CloudWatch Events, you can compare the version of a container instance reported by the Amazon ECS APIs with the version reported in CloudWatch Events for the container instance (inside the <code>detail</code> object) to verify that the version in your event stream is current.</p>"
+          "documentation":"<p>The version counter for the container instance. Every time a container instance experiences a change that triggers a CloudWatch event, the version counter is incremented. If you're replicating your Amazon ECS container instance state with CloudWatch Events, you can compare the version of a container instance reported by the Amazon ECS APIs with the version reported in CloudWatch Events for the container instance (inside the <code>detail</code> object) to verify that the version in your event stream is current.</p>"
         },
         "versionInfo":{
           "shape":"VersionInfo",
@@ -1630,7 +1630,7 @@
         },
         "remainingResources":{
           "shape":"Resources",
-          "documentation":"<p>For CPU and memory resource types, this parameter describes the remaining CPU and memory that has not already been allocated to tasks and is therefore available for new tasks. For port resource types, this parameter describes the ports that were reserved by the Amazon ECS container agent (at instance registration time) and any task containers that have reserved port mappings on the host (with the <code>host</code> or <code>bridge</code> network mode). Any port that is not specified here is available for new tasks.</p>"
+          "documentation":"<p>For CPU and memory resource types, this parameter describes the remaining CPU and memory that wasn't already allocated to tasks and is therefore available for new tasks. For port resource types, this parameter describes the ports that were reserved by the Amazon ECS container agent (at instance registration time) and any task containers that have reserved port mappings on the host (with the <code>host</code> or <code>bridge</code> network mode). Any port that's not specified here is available for new tasks.</p>"
         },
         "registeredResources":{
           "shape":"Resources",
@@ -1638,7 +1638,7 @@
         },
         "status":{
           "shape":"String",
-          "documentation":"<p>The status of the container instance. The valid values are <code>REGISTERING</code>, <code>REGISTRATION_FAILED</code>, <code>ACTIVE</code>, <code>INACTIVE</code>, <code>DEREGISTERING</code>, or <code>DRAINING</code>.</p> <p>If your account has opted in to the <code>awsvpcTrunking</code> account setting, then any newly registered container instance will transition to a <code>REGISTERING</code> status while the trunk elastic network interface is provisioned for the instance. If the registration fails, the instance will transition to a <code>REGISTRATION_FAILED</code> status. You can describe the container instance and see the reason for failure in the <code>statusReason</code> parameter. Once the container instance is terminated, the instance transitions to a <code>DEREGISTERING</code> status while the trunk elastic network interface is deprovisioned. The instance then transitions to an <code>INACTIVE</code> status.</p> <p>The <code>ACTIVE</code> status indicates that the container instance can accept tasks. The <code>DRAINING</code> indicates that new tasks are not placed on the container instance and any service tasks running on the container instance are removed if possible. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-draining.html\">Container Instance Draining</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The status of the container instance. The valid values are <code>REGISTERING</code>, <code>REGISTRATION_FAILED</code>, <code>ACTIVE</code>, <code>INACTIVE</code>, <code>DEREGISTERING</code>, or <code>DRAINING</code>.</p> <p>If your account has opted in to the <code>awsvpcTrunking</code> account setting, then any newly registered container instance will transition to a <code>REGISTERING</code> status while the trunk elastic network interface is provisioned for the instance. If the registration fails, the instance will transition to a <code>REGISTRATION_FAILED</code> status. You can describe the container instance and see the reason for failure in the <code>statusReason</code> parameter. Once the container instance is terminated, the instance transitions to a <code>DEREGISTERING</code> status while the trunk elastic network interface is deprovisioned. The instance then transitions to an <code>INACTIVE</code> status.</p> <p>The <code>ACTIVE</code> status indicates that the container instance can accept tasks. The <code>DRAINING</code> indicates that new tasks aren't placed on the container instance and any service tasks running on the container instance are removed if possible. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-instance-draining.html\">Container Instance Draining</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "statusReason":{
           "shape":"String",
@@ -1658,7 +1658,7 @@
         },
         "agentUpdateStatus":{
           "shape":"AgentUpdateStatus",
-          "documentation":"<p>The status of the most recent agent update. If an update has never been requested, this value is <code>NULL</code>.</p>"
+          "documentation":"<p>The status of the most recent agent update. If an update wasn't ever requested, this value is <code>NULL</code>.</p>"
         },
         "attributes":{
           "shape":"Attributes",
@@ -1666,7 +1666,7 @@
         },
         "registeredAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the container instance was registered.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the container instance was registered.</p>"
         },
         "attachments":{
           "shape":"Attachments",
@@ -1674,19 +1674,40 @@
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the container instance to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the container instance to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+        },
+        "healthStatus":{
+          "shape":"ContainerInstanceHealthStatus",
+          "documentation":"<p>An object representing the health status of the container instance.</p>"
         }
       },
-      "documentation":"<p>An EC2 instance that is running the Amazon ECS agent and has been registered with a cluster.</p>"
+      "documentation":"<p>An EC2 instance that's running the Amazon ECS agent and has been registered with a cluster.</p>"
     },
     "ContainerInstanceField":{
       "type":"string",
-      "enum":["TAGS"]
+      "enum":[
+        "TAGS",
+        "CONTAINER_INSTANCE_HEALTH"
+      ]
     },
     "ContainerInstanceFieldList":{
       "type":"list",
       "member":{"shape":"ContainerInstanceField"}
     },
+    "ContainerInstanceHealthStatus":{
+      "type":"structure",
+      "members":{
+        "overallStatus":{
+          "shape":"InstanceHealthCheckState",
+          "documentation":"<p>The overall health status of the container instance. This is an aggregate status of all container instance health checks.</p>"
+        },
+        "details":{
+          "shape":"InstanceHealthCheckResultList",
+          "documentation":"<p>An array of objects representing the details of the container instance health status.</p>"
+        }
+      },
+      "documentation":"<p>An object representing the health status of the container instance.</p>"
+    },
     "ContainerInstanceStatus":{
       "type":"string",
       "enum":[
@@ -1737,7 +1758,7 @@
           "documentation":"<p>The type and amount of a resource to assign to a container, instead of the default value from the task definition. The only supported resource is a GPU.</p>"
         }
       },
-      "documentation":"<p>The overrides that should be sent to a container. An empty container override can be passed in. An example of an empty container override would be <code>{\"containerOverrides\": [ ] }</code>. If a non-empty container override is specified, the <code>name</code> parameter must be included.</p>"
+      "documentation":"<p>The overrides that are sent to a container. An empty container override can be passed in. An example of an empty container override is <code>{\"containerOverrides\": [ ] }</code>. If a non-empty container override is specified, the <code>name</code> parameter must be included.</p>"
     },
     "ContainerOverrides":{
       "type":"list",
@@ -1764,7 +1785,7 @@
         },
         "networkBindings":{
           "shape":"NetworkBindings",
-          "documentation":"<p>Any network bindings associated with the container.</p>"
+          "documentation":"<p>Any network bindings that are associated with the container.</p>"
         },
         "reason":{
           "shape":"String",
@@ -1775,7 +1796,7 @@
           "documentation":"<p>The status of the container.</p>"
         }
       },
-      "documentation":"<p>An object representing a change in state for a container.</p>"
+      "documentation":"<p>An object that represents a change in state for a container.</p>"
     },
     "ContainerStateChanges":{
       "type":"list",
@@ -1794,7 +1815,7 @@
       "members":{
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the capacity provider. Up to 255 characters are allowed, including letters (upper and lowercase), numbers, underscores, and hyphens. The name cannot be prefixed with \"<code>aws</code>\", \"<code>ecs</code>\", or \"<code>fargate</code>\".</p>"
+          "documentation":"<p>The name of the capacity provider. Up to 255 characters are allowed. They include letters (both upper and lowercase letters), numbers, underscores (_), and hyphens (-). The name can't be prefixed with \"<code>aws</code>\", \"<code>ecs</code>\", or \"<code>fargate</code>\".</p>"
         },
         "autoScalingGroupProvider":{
           "shape":"AutoScalingGroupProvider",
@@ -1802,7 +1823,7 @@
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the capacity provider to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the capacity provider to categorize and organize them more conveniently. Each tag consists of a key and an optional value. You define both of them.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       }
     },
@@ -1820,15 +1841,15 @@
       "members":{
         "clusterName":{
           "shape":"String",
-          "documentation":"<p>The name of your cluster. If you do not specify a name for your cluster, you create a cluster named <code>default</code>. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. </p>"
+          "documentation":"<p>The name of your cluster. If you don't specify a name for your cluster, you create a cluster that's named <code>default</code>. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. </p>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         },
         "settings":{
           "shape":"ClusterSettings",
-          "documentation":"<p>The setting to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. If this value is specified, it will override the <code>containerInsights</code> value set with <a>PutAccountSetting</a> or <a>PutAccountSettingDefault</a>.</p>"
+          "documentation":"<p>The setting to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. If this value is specified, it overrides the <code>containerInsights</code> value set with <a>PutAccountSetting</a> or <a>PutAccountSettingDefault</a>.</p>"
         },
         "configuration":{
           "shape":"ClusterConfiguration",
@@ -1836,11 +1857,11 @@
         },
         "capacityProviders":{
           "shape":"StringList",
-          "documentation":"<p>The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the <a>CreateService</a> or <a>RunTask</a> actions.</p> <p>If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created and not already associated with another cluster. New Auto Scaling group capacity providers can be created with the <a>CreateCapacityProvider</a> API operation.</p> <p>To use a Fargate capacity provider, specify either the <code>FARGATE</code> or <code>FARGATE_SPOT</code> capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.</p> <p>The <a>PutClusterCapacityProviders</a> API operation is used to update the list of available capacity providers for a cluster after the cluster is created.</p>"
+          "documentation":"<p>The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the <a>CreateService</a> or <a>RunTask</a> actions.</p> <p>If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the <a>CreateCapacityProvider</a> API operation.</p> <p>To use a Fargate capacity provider, specify either the <code>FARGATE</code> or <code>FARGATE_SPOT</code> capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.</p> <p>The <a>PutClusterCapacityProviders</a> API operation is used to update the list of available capacity providers for a cluster after the cluster is created.</p>"
         },
         "defaultCapacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
-          "documentation":"<p>The capacity provider strategy to set as the default for the cluster. When a default capacity provider strategy is set for a cluster, when calling the <a>RunTask</a> or <a>CreateService</a> APIs with no capacity provider strategy or launch type specified, the default capacity provider strategy for the cluster is used.</p> <p>If a default capacity provider strategy is not defined for a cluster during creation, it can be defined later with the <a>PutClusterCapacityProviders</a> API operation.</p>"
+          "documentation":"<p>The capacity provider strategy to set as the default for the cluster. After a default capacity provider strategy is set for a cluster, when you call the <a>RunTask</a> or <a>CreateService</a> APIs with no capacity provider strategy or launch type specified, the default capacity provider strategy for the cluster is used.</p> <p>If a default capacity provider strategy isn't defined for a cluster when it was created, it can be defined later with the <a>PutClusterCapacityProviders</a> API operation.</p>"
         }
       }
     },
@@ -1859,7 +1880,7 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster on which to run your service. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.</p>"
         },
         "serviceName":{
           "shape":"String",
@@ -1867,27 +1888,27 @@
         },
         "taskDefinition":{
           "shape":"String",
-          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to run in your service. If a <code>revision</code> is not specified, the latest <code>ACTIVE</code> revision is used.</p> <p>A task definition must be specified if the service is using either the <code>ECS</code> or <code>CODE_DEPLOY</code> deployment controllers.</p>"
+          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to run in your service. If a <code>revision</code> isn't specified, the latest <code>ACTIVE</code> revision is used.</p> <p>A task definition must be specified if the service uses either the <code>ECS</code> or <code>CODE_DEPLOY</code> deployment controllers.</p>"
         },
         "loadBalancers":{
           "shape":"LoadBalancers",
-          "documentation":"<p>A load balancer object representing the load balancers to use with your service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html\">Service Load Balancing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If the service is using the rolling update (<code>ECS</code>) deployment controller and using either an Application Load Balancer or Network Load Balancer, you must specify one or more target group ARNs to attach to the service. The service-linked role is required for services that make use of multiple target groups. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If the service is using the <code>CODE_DEPLOY</code> deployment controller, the service is required to use either an Application Load Balancer or Network Load Balancer. When creating an CodeDeploy deployment group, you specify two target groups (referred to as a <code>targetGroupPair</code>). During a deployment, CodeDeploy determines which task set in your service has the status <code>PRIMARY</code> and associates one target group with it, and then associates the other target group with the replacement task set. The load balancer can also have up to two listeners: a required listener for production traffic and an optional listener that allows you perform validation tests with Lambda functions before routing production traffic to it.</p> <p>After you create a service using the <code>ECS</code> deployment controller, the load balancer name or target group ARN, container name, and container port specified in the service definition are immutable. If you are using the <code>CODE_DEPLOY</code> deployment controller, these values can be changed when updating the service.</p> <p>For Application Load Balancers and Network Load Balancers, this object must contain the load balancer target group ARN, the container name (as it appears in a container definition), and the container port to access from the load balancer. The load balancer name parameter must be omitted. When a task from this service is placed on a container instance, the container instance and port combination is registered as a target in the target group specified here.</p> <p>For Classic Load Balancers, this object must contain the load balancer name, the container name (as it appears in a container definition), and the container port to access from the load balancer. The target group ARN parameter must be omitted. When a task from this service is placed on a container instance, the container instance is registered with the load balancer specified here.</p> <p>Services with tasks that use the <code>awsvpc</code> network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers are not supported. Also, when you create any target groups for these services, you must choose <code>ip</code> as the target type, not <code>instance</code>, because tasks that use the <code>awsvpc</code> network mode are associated with an elastic network interface, not an Amazon EC2 instance.</p>"
+          "documentation":"<p>A load balancer object representing the load balancers to use with your service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html\">Service Load Balancing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If the service uses the rolling update (<code>ECS</code>) deployment controller and using either an Application Load Balancer or Network Load Balancer, you must specify one or more target group ARNs to attach to the service. The service-linked role is required for services that use multiple target groups. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If the service uses the <code>CODE_DEPLOY</code> deployment controller, the service is required to use either an Application Load Balancer or Network Load Balancer. When creating an CodeDeploy deployment group, you specify two target groups (referred to as a <code>targetGroupPair</code>). During a deployment, CodeDeploy determines which task set in your service has the status <code>PRIMARY</code>, and it associates one target group with it. Then, it also associates the other target group with the replacement task set. The load balancer can also have up to two listeners: a required listener for production traffic and an optional listener that you can use to perform validation tests with Lambda functions before routing production traffic to it.</p> <p>After you create a service using the <code>ECS</code> deployment controller, the load balancer name or target group ARN, container name, and container port that's specified in the service definition are immutable. If you use the <code>CODE_DEPLOY</code> deployment controller, these values can be changed when updating the service.</p> <p>For Application Load Balancers and Network Load Balancers, this object must contain the load balancer target group ARN, the container name, and the container port to access from the load balancer. The container name must be as it appears in a container definition. The load balancer name parameter must be omitted. When a task from this service is placed on a container instance, the container instance and port combination is registered as a target in the target group that's specified here.</p> <p>For Classic Load Balancers, this object must contain the load balancer name, the container name , and the container port to access from the load balancer. The container name must be as it appears in a container definition. The target group ARN parameter must be omitted. When a task from this service is placed on a container instance, the container instance is registered with the load balancer that's specified here.</p> <p>Services with tasks that use the <code>awsvpc</code> network mode (for example, those with the Fargate launch type) only support Application Load Balancers and Network Load Balancers. Classic Load Balancers aren't supported. Also, when you create any target groups for these services, you must choose <code>ip</code> as the target type, not <code>instance</code>. This is because tasks that use the <code>awsvpc</code> network mode are associated with an elastic network interface, not an Amazon EC2 instance.</p>"
         },
         "serviceRegistries":{
           "shape":"ServiceRegistries",
-          "documentation":"<p>The details of the service discovery registry to associate with this service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service discovery</a>.</p> <note> <p>Each service may be associated with one service registry. Multiple service registries per service isn't supported.</p> </note>"
+          "documentation":"<p>The details of the service discovery registry to associate with this service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service discovery</a>.</p> <note> <p>Each service may be associated with one service registry. Multiple service registries for each service isn't supported.</p> </note>"
         },
         "desiredCount":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The number of instantiations of the specified task definition to place and keep running on your cluster.</p> <p>This is required if <code>schedulingStrategy</code> is <code>REPLICA</code> or is not specified. If <code>schedulingStrategy</code> is <code>DAEMON</code> then this is not required.</p>"
+          "documentation":"<p>The number of instantiations of the specified task definition to place and keep running on your cluster.</p> <p>This is required if <code>schedulingStrategy</code> is <code>REPLICA</code> or isn't specified. If <code>schedulingStrategy</code> is <code>DAEMON</code> then this isn't required.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Up to 32 ASCII characters are allowed.</p>"
+          "documentation":"<p>An identifier that you provide to ensure the idempotency of the request. It must be unique and is case sensitive. Up to 32 ASCII characters are allowed.</p>"
         },
         "launchType":{
           "shape":"LaunchType",
-          "documentation":"<p>The infrastructure on which to run your service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>The <code>FARGATE</code> launch type runs your tasks on Fargate On-Demand infrastructure.</p> <note> <p>Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-capacity-providers.html\">Fargate capacity providers</a> in the <i>Amazon ECS User Guide for Fargate</i>.</p> </note> <p>The <code>EC2</code> launch type runs your tasks on Amazon EC2 instances registered to your cluster.</p> <p>The <code>EXTERNAL</code> launch type runs your tasks on your on-premise server or virtual machine (VM) capacity registered to your cluster.</p> <p>A service can use either a launch type or a capacity provider strategy. If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p>"
+          "documentation":"<p>The infrastructure that you run your service on. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>The <code>FARGATE</code> launch type runs your tasks on Fargate On-Demand infrastructure.</p> <note> <p>Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-capacity-providers.html\">Fargate capacity providers</a> in the <i>Amazon ECS User Guide for Fargate</i>.</p> </note> <p>The <code>EC2</code> launch type runs your tasks on Amazon EC2 instances registered to your cluster.</p> <p>The <code>EXTERNAL</code> launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.</p> <p>A service can use either a launch type or a capacity provider strategy. If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p>"
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
@@ -1895,11 +1916,11 @@
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version that your tasks in the service are running on. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "role":{
           "shape":"String",
-          "documentation":"<p>The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition does not use the <code>awsvpc</code> network mode. If you specify the <code>role</code> parameter, you must also specify a load balancer object with the <code>loadBalancers</code> parameter.</p> <important> <p>If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here. The service-linked role is required if your task definition uses the <code>awsvpc</code> network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you should not specify a role here. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </important> <p>If your specified role has a path other than <code>/</code>, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name <code>bar</code> has a path of <code>/foo/</code> then you would specify <code>/foo/bar</code> as the role name. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names\">Friendly names and paths</a> in the <i>IAM User Guide</i>.</p>"
+          "documentation":"<p>The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is only permitted if you are using a load balancer with your service and your task definition doesn't use the <code>awsvpc</code> network mode. If you specify the <code>role</code> parameter, you must also specify a load balancer object with the <code>loadBalancers</code> parameter.</p> <important> <p>If your account has already created the Amazon ECS service-linked role, that role is used for your service unless you specify a role here. The service-linked role is required if your task definition uses the <code>awsvpc</code> network mode or if the service is configured to use service discovery, an external deployment controller, multiple target groups, or Elastic Inference accelerators in which case you don't specify a role here. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html\">Using service-linked roles for Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </important> <p>If your specified role has a path other than <code>/</code>, then you must either specify the full role ARN (this is recommended) or prefix the role name with the path. For example, if a role with the name <code>bar</code> has a path of <code>/foo/</code> then you would specify <code>/foo/bar</code> as the role name. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-friendly-names\">Friendly names and paths</a> in the <i>IAM User Guide</i>.</p>"
         },
         "deploymentConfiguration":{
           "shape":"DeploymentConfiguration",
@@ -1907,23 +1928,23 @@
         },
         "placementConstraints":{
           "shape":"PlacementConstraints",
-          "documentation":"<p>An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at runtime).</p>"
+          "documentation":"<p>An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.</p>"
         },
         "placementStrategy":{
           "shape":"PlacementStrategies",
-          "documentation":"<p>The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules per service.</p>"
+          "documentation":"<p>The placement strategy objects to use for tasks in your service. You can specify a maximum of 5 strategy rules for each service.</p>"
         },
         "networkConfiguration":{
           "shape":"NetworkConfiguration",
-          "documentation":"<p>The network configuration for the service. This parameter is required for task definitions that use the <code>awsvpc</code> network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The network configuration for the service. This parameter is required for task definitions that use the <code>awsvpc</code> network mode to receive their own elastic network interface, and it isn't supported for other network modes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "healthCheckGracePeriodSeconds":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The period of time, in seconds, that the Amazon ECS service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of <code>0</code> is used.</p> <p>If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds. During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.</p>"
+          "documentation":"<p>The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only used when your service is configured to use a load balancer. If your service has a load balancer defined and you don't specify a health check grace period value, the default value of <code>0</code> is used.</p> <p>If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.</p>"
         },
         "schedulingStrategy":{
           "shape":"SchedulingStrategy",
-          "documentation":"<p>The scheduling strategy to use for the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Services</a>.</p> <p>There are two service scheduler strategies available:</p> <ul> <li> <p> <code>REPLICA</code>-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service is using the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types.</p> </li> <li> <p> <code>DAEMON</code>-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that do not meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.</p> <note> <p>Tasks using the Fargate launch type or the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types don't support the <code>DAEMON</code> scheduling strategy.</p> </note> </li> </ul>"
+          "documentation":"<p>The scheduling strategy to use for the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Services</a>.</p> <p>There are two service scheduler strategies available:</p> <ul> <li> <p> <code>REPLICA</code>-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. This scheduler strategy is required if the service uses the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types.</p> </li> <li> <p> <code>DAEMON</code>-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that don't meet the placement constraints. When you're using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies.</p> <note> <p>Tasks using the Fargate launch type or the <code>CODE_DEPLOY</code> or <code>EXTERNAL</code> deployment controller types don't support the <code>DAEMON</code> scheduling strategy.</p> </note> </li> </ul>"
         },
         "deploymentController":{
           "shape":"DeploymentController",
@@ -1939,11 +1960,11 @@
         },
         "propagateTags":{
           "shape":"PropagateTags",
-          "documentation":"<p>Specifies whether to propagate the tags from the task definition or the service to the tasks in the service. If no value is specified, the tags are not propagated. Tags can only be propagated to the tasks within the service during service creation. To add tags to a task after service creation or task creation, use the <a>TagResource</a> API action.</p>"
+          "documentation":"<p>Specifies whether to propagate the tags from the task definition or the service to the tasks in the service. If no value is specified, the tags aren't propagated. Tags can only be propagated to the tasks within the service during service creation. To add tags to a task after service creation or task creation, use the <a>TagResource</a> API action.</p>"
         },
         "enableExecuteCommand":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not the execute command functionality is enabled for the service. If <code>true</code>, this enables execute command functionality on all containers in the service tasks.</p>"
+          "documentation":"<p>Determines whether the execute command functionality is enabled for the service. If <code>true</code>, this enables execute command functionality on all containers in the service tasks.</p>"
         }
       }
     },
@@ -1952,7 +1973,7 @@
       "members":{
         "service":{
           "shape":"Service",
-          "documentation":"<p>The full description of your service following the create call.</p> <p>A service will return either a <code>capacityProviderStrategy</code> or <code>launchType</code> parameter, but not both, depending on which one was specified during creation.</p> <p>If a service is using the <code>ECS</code> deployment controller, the <code>deploymentController</code> and <code>taskSets</code> parameters will not be returned.</p> <p>If the service is using the <code>CODE_DEPLOY</code> deployment controller, the <code>deploymentController</code>, <code>taskSets</code> and <code>deployments</code> parameters will be returned, however the <code>deployments</code> parameter will be an empty list.</p>"
+          "documentation":"<p>The full description of your service following the create call.</p> <p>A service will return either a <code>capacityProviderStrategy</code> or <code>launchType</code> parameter, but not both, depending where one was specified when it was created.</p> <p>If a service is using the <code>ECS</code> deployment controller, the <code>deploymentController</code> and <code>taskSets</code> parameters will not be returned.</p> <p>if the service uses the <code>CODE_DEPLOY</code> deployment controller, the <code>deploymentController</code>, <code>taskSets</code> and <code>deployments</code> parameters will be returned, however the <code>deployments</code> parameter will be an empty list.</p>"
         }
       }
     },
@@ -1994,7 +2015,7 @@
         },
         "launchType":{
           "shape":"LaunchType",
-          "documentation":"<p>The launch type that new tasks in the task set will use. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS Launch Types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p>"
+          "documentation":"<p>The launch type that new tasks in the task set uses. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS Launch Types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p>"
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
@@ -2002,7 +2023,7 @@
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version that the tasks in the task set should use. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the <code>LATEST</code> platform version is used by default.</p>"
+          "documentation":"<p>The platform version that the tasks in the task set uses. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the <code>LATEST</code> platform version is used.</p>"
         },
         "scale":{
           "shape":"Scale",
@@ -2010,11 +2031,11 @@
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Up to 32 ASCII characters are allowed.</p>"
+          "documentation":"<p>The identifier that you provide to ensure the idempotency of the request. It's case sensitive and must be unique. It can be up to 32 ASCII characters are allowed.</p>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. When a service is deleted, the tags are deleted as well.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value. You define both. When a service is deleted, the tags are deleted.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       }
     },
@@ -2033,11 +2054,11 @@
       "members":{
         "name":{
           "shape":"SettingName",
-          "documentation":"<p>The resource name for which to disable the account setting. If <code>serviceLongArnFormat</code> is specified, the ARN for your Amazon ECS services is affected. If <code>taskLongArnFormat</code> is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If <code>containerInstanceLongArnFormat</code> is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If <code>awsvpcTrunking</code> is specified, the ENI limit for your Amazon ECS container instances is affected.</p>"
+          "documentation":"<p>The resource name to disable the account setting for. If <code>serviceLongArnFormat</code> is specified, the ARN for your Amazon ECS services is affected. If <code>taskLongArnFormat</code> is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If <code>containerInstanceLongArnFormat</code> is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If <code>awsvpcTrunking</code> is specified, the ENI limit for your Amazon ECS container instances is affected.</p>"
         },
         "principalArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the principal, which can be an IAM user, IAM role, or the root user. If you specify the root user, it disables the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the principal. It can be an IAM user, IAM role, or the root user. If you specify the root user, it disables the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.</p>"
         }
       }
     },
@@ -2060,7 +2081,7 @@
         },
         "attributes":{
           "shape":"Attributes",
-          "documentation":"<p>The attributes to delete from your resource. You can specify up to 10 attributes per request. For custom attributes, specify the attribute name and target ID, but do not specify the value. If you specify the target ID using the short form, you must also specify the target type.</p>"
+          "documentation":"<p>The attributes to delete from your resource. You can specify up to 10 attributes for each request. For custom attributes, specify the attribute name and target ID, but don't specify the value. If you specify the target ID using the short form, you must also specify the target type.</p>"
         }
       }
     },
@@ -2125,7 +2146,7 @@
         },
         "force":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If <code>true</code>, allows you to delete a service even if it has not been scaled down to zero tasks. It is only necessary to use this if the service is using the <code>REPLICA</code> scheduling strategy.</p>"
+          "documentation":"<p>If <code>true</code>, allows you to delete a service even if it wasn't scaled down to zero tasks. It's only necessary to use this if the service uses the <code>REPLICA</code> scheduling strategy.</p>"
         }
       }
     },
@@ -2148,7 +2169,7 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set exists in to delete.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set found in to delete.</p>"
         },
         "service":{
           "shape":"String",
@@ -2160,7 +2181,7 @@
         },
         "force":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If <code>true</code>, this allows you to delete a task set even if it hasn't been scaled down to zero.</p>"
+          "documentation":"<p>If <code>true</code>, you can delete a task set even if it hasn't been scaled down to zero.</p>"
         }
       }
     },
@@ -2182,7 +2203,7 @@
         },
         "status":{
           "shape":"String",
-          "documentation":"<p>The status of the deployment. The following describes each state:</p> <dl> <dt>PRIMARY</dt> <dd> <p>The most recent deployment of a service.</p> </dd> <dt>ACTIVE</dt> <dd> <p>A service deployment that still has running tasks, but are in the process of being replaced with a new <code>PRIMARY</code> deployment.</p> </dd> <dt>INACTIVE</dt> <dd> <p>A deployment that has been completely replaced.</p> </dd> </dl>"
+          "documentation":"<p>The status of the deployment. The following describes each state.</p> <dl> <dt>PRIMARY</dt> <dd> <p>The most recent deployment of a service.</p> </dd> <dt>ACTIVE</dt> <dd> <p>A service deployment that still has running tasks, but are in the process of being replaced with a new <code>PRIMARY</code> deployment.</p> </dd> <dt>INACTIVE</dt> <dd> <p>A deployment that has been completely replaced.</p> </dd> </dl>"
         },
         "taskDefinition":{
           "shape":"String",
@@ -2206,11 +2227,11 @@
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the service deployment was created.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the service deployment was created.</p>"
         },
         "updatedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the service deployment was last updated.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the service deployment was last updated.</p>"
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
@@ -2222,7 +2243,7 @@
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version on which your tasks in the service are running. A platform version is only specified for tasks using the Fargate launch type. If one is not specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version that your tasks in the service run on. A platform version is only specified for tasks using the Fargate launch type. If one isn't specified, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "platformFamily":{
           "shape":"String",
@@ -2234,7 +2255,7 @@
         },
         "rolloutState":{
           "shape":"DeploymentRolloutState",
-          "documentation":"<note> <p>The <code>rolloutState</code> of a service is only returned for services that use the rolling update (<code>ECS</code>) deployment type that are not behind a Classic Load Balancer.</p> </note> <p>The rollout state of the deployment. When a service deployment is started, it begins in an <code>IN_PROGRESS</code> state. When the service reaches a steady state, the deployment will transition to a <code>COMPLETED</code> state. If the service fails to reach a steady state and circuit breaker is enabled, the deployment will transition to a <code>FAILED</code> state. A deployment in <code>FAILED</code> state will launch no new tasks. For more information, see <a>DeploymentCircuitBreaker</a>.</p>"
+          "documentation":"<note> <p>The <code>rolloutState</code> of a service is only returned for services that use the rolling update (<code>ECS</code>) deployment type that aren't behind a Classic Load Balancer.</p> </note> <p>The rollout state of the deployment. When a service deployment is started, it begins in an <code>IN_PROGRESS</code> state. When the service reaches a steady state, the deployment transitions to a <code>COMPLETED</code> state. If the service fails to reach a steady state and circuit breaker is enabled, the deployment transitions to a <code>FAILED</code> state. A deployment in <code>FAILED</code> state doesn't launch any new tasks. For more information, see <a>DeploymentCircuitBreaker</a>.</p>"
         },
         "rolloutStateReason":{
           "shape":"String",
@@ -2252,14 +2273,14 @@
       "members":{
         "enable":{
           "shape":"Boolean",
-          "documentation":"<p>Whether to enable the deployment circuit breaker logic for the service.</p>"
+          "documentation":"<p>Determines whether to enable the deployment circuit breaker logic for the service.</p>"
         },
         "rollback":{
           "shape":"Boolean",
-          "documentation":"<p>Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.</p>"
+          "documentation":"<p>Determines whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.</p>"
         }
       },
-      "documentation":"<note> <p>The deployment circuit breaker can only be used for services using the rolling update (<code>ECS</code>) deployment type that are not behind a Classic Load Balancer.</p> </note> <p>The <b>deployment circuit breaker</b> determines whether a service deployment will fail if the service can't reach a steady state. If enabled, a service deployment will transition to a failed state and stop launching new tasks. You can also enable Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html\">Rolling update</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<note> <p>The deployment circuit breaker can only be used for services using the rolling update (<code>ECS</code>) deployment type that aren't behind a Classic Load Balancer.</p> </note> <p>The <b>deployment circuit breaker</b> determines whether a service deployment will fail if the service can't reach a steady state. If enabled, a service deployment will transition to a failed state and stop launching new tasks. You can also enable Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html\">Rolling update</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "DeploymentConfiguration":{
       "type":"structure",
@@ -2274,7 +2295,7 @@
         },
         "minimumHealthyPercent":{
           "shape":"BoxedInteger",
-          "documentation":"<p>If a service is using the rolling update (<code>ECS</code>) deployment type, the <b>minimum healthy percent</b> represents a lower limit on the number of tasks in a service that must remain in the <code>RUNNING</code> state during a deployment, as a percentage of the desired number of tasks (rounded up to the nearest integer), and while any container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desired number of four tasks and a minimum healthy percent of 50%, the scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. Tasks for services that <i>do not</i> use a load balancer are considered healthy if they are in the <code>RUNNING</code> state; tasks for services that <i>do</i> use a load balancer are considered healthy if they are in the <code>RUNNING</code> state and they are reported as healthy by the load balancer. The default value for minimum healthy percent is 100%.</p> <p>If a service is using the blue/green (<code>CODE_DEPLOY</code>) or <code>EXTERNAL</code> deployment types and tasks that use the EC2 launch type, the <b>minimum healthy percent</b> value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the <code>RUNNING</code> state while the container instances are in the <code>DRAINING</code> state. If the tasks in the service use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.</p>"
+          "documentation":"<p>If a service is using the rolling update (<code>ECS</code>) deployment type, the <b>minimum healthy percent</b> represents a lower limit on the number of tasks in a service that must remain in the <code>RUNNING</code> state during a deployment, as a percentage of the desired number of tasks (rounded up to the nearest integer), and while any container instances are in the <code>DRAINING</code> state if the service contains tasks using the EC2 launch type. This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desired number of four tasks and a minimum healthy percent of 50%, the scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. Tasks for services that <i>do not</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state; tasks for services that <i>do</i> use a load balancer are considered healthy if they're in the <code>RUNNING</code> state and they're reported as healthy by the load balancer. The default value for minimum healthy percent is 100%.</p> <p>If a service is using the blue/green (<code>CODE_DEPLOY</code>) or <code>EXTERNAL</code> deployment types and tasks that use the EC2 launch type, the <b>minimum healthy percent</b> value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the <code>RUNNING</code> state while the container instances are in the <code>DRAINING</code> state. If the tasks in the service use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.</p>"
         }
       },
       "documentation":"<p>Optional deployment parameters that control how many tasks run during a deployment and the ordering of stopping and starting tasks.</p>"
@@ -2324,7 +2345,7 @@
         },
         "force":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>Forces the deregistration of the container instance. If you have tasks running on the container instance when you deregister it with the <code>force</code> option, these tasks remain running until you terminate the instance or the tasks stop through some other means, but they are orphaned (no longer monitored or accounted for by Amazon ECS). If an orphaned task on your container instance is part of an Amazon ECS service, then the service scheduler starts another copy of that task, on a different container instance if possible. </p> <p>Any containers in orphaned service tasks that are registered with a Classic Load Balancer or an Application Load Balancer target group are deregistered. They begin connection draining according to the settings on the load balancer or target group.</p>"
+          "documentation":"<p>Forces the container instance to be deregistered. If you have tasks running on the container instance when you deregister it with the <code>force</code> option, these tasks remain running until you terminate the instance or the tasks stop through some other means, but they're orphaned (no longer monitored or accounted for by Amazon ECS). If an orphaned task on your container instance is part of an Amazon ECS service, then the service scheduler starts another copy of that task, on a different container instance if possible. </p> <p>Any containers in orphaned service tasks that are registered with a Classic Load Balancer or an Application Load Balancer target group are deregistered. They begin connection draining according to the settings on the load balancer or target group.</p>"
         }
       }
     },
@@ -2365,7 +2386,7 @@
         },
         "include":{
           "shape":"CapacityProviderFieldList",
-          "documentation":"<p>Specifies whether or not you want to see the resource tags for the capacity provider. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Specifies whether or not you want to see the resource tags for the capacity provider. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.</p>"
         },
         "maxResults":{
           "shape":"BoxedInteger",
@@ -2403,7 +2424,7 @@
         },
         "include":{
           "shape":"ClusterFieldList",
-          "documentation":"<p>Whether to include additional information about the clusters in the response. If this field is omitted, this information isn't included.</p> <p>If <code>ATTACHMENTS</code> is specified, the attachments for the container instances or tasks within the cluster are included.</p> <p>If <code>SETTINGS</code> is specified, the settings for the cluster are included.</p> <p>If <code>CONFIGURATIONS</code> is specified, the configuration for the cluster is included.</p> <p>If <code>STATISTICS</code> is specified, the task and service count is included, separated by launch type.</p> <p>If <code>TAGS</code> is specified, the metadata tags associated with the cluster are included.</p>"
+          "documentation":"<p>Determines whether to include additional information about the clusters in the response. If this field is omitted, this information isn't included.</p> <p>If <code>ATTACHMENTS</code> is specified, the attachments for the container instances or tasks within the cluster are included.</p> <p>If <code>SETTINGS</code> is specified, the settings for the cluster are included.</p> <p>If <code>CONFIGURATIONS</code> is specified, the configuration for the cluster is included.</p> <p>If <code>STATISTICS</code> is specified, the task and service count is included, separated by launch type.</p> <p>If <code>TAGS</code> is specified, the metadata tags associated with the cluster are included.</p>"
         }
       }
     },
@@ -2434,7 +2455,7 @@
         },
         "include":{
           "shape":"ContainerInstanceFieldList",
-          "documentation":"<p>Specifies whether you want to see the resource tags for the container instance. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Specifies whether you want to see the resource tags for the container instance. If <code>TAGS</code> is specified, the tags are included in the response. If <code>CONTAINER_INSTANCE_HEALTH</code> is specified, the container instance health is included in the response. If this field is omitted, tags and container instance health status aren't included in the response.</p>"
         }
       }
     },
@@ -2465,7 +2486,7 @@
         },
         "include":{
           "shape":"ServiceFieldList",
-          "documentation":"<p>Specifies whether you want to see the resource tags for the service. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Determines whether you want to see the resource tags for the service. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.</p>"
         }
       }
     },
@@ -2492,7 +2513,7 @@
         },
         "include":{
           "shape":"TaskDefinitionFieldList",
-          "documentation":"<p>Specifies whether to see the resource tags for the task definition. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Determines whether to see the resource tags for the task definition. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.</p>"
         }
       }
     },
@@ -2505,7 +2526,7 @@
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that is applied to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that's applied to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       }
     },
@@ -2530,7 +2551,7 @@
         },
         "include":{
           "shape":"TaskSetFieldList",
-          "documentation":"<p>Specifies whether to see the resource tags for the task set. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Specifies whether to see the resource tags for the task set. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.</p>"
         }
       }
     },
@@ -2561,7 +2582,7 @@
         },
         "include":{
           "shape":"TaskFieldList",
-          "documentation":"<p>Specifies whether you want to see the resource tags for the task. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags are not included in the response.</p>"
+          "documentation":"<p>Specifies whether you want to see the resource tags for the task. If <code>TAGS</code> is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.</p>"
         }
       }
     },
@@ -2630,7 +2651,7 @@
         },
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster to which the container instance belongs.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that the container instance belongs to.</p>"
         }
       }
     },
@@ -2661,7 +2682,7 @@
         },
         "autoprovision":{
           "shape":"BoxedBoolean",
-          "documentation":"<p>If this value is <code>true</code>, the Docker volume is created if it does not already exist.</p> <note> <p>This field is only used if the <code>scope</code> is <code>shared</code>.</p> </note>"
+          "documentation":"<p>If this value is <code>true</code>, the Docker volume is created if it doesn't already exist.</p> <note> <p>This field is only used if the <code>scope</code> is <code>shared</code>.</p> </note>"
         },
         "driver":{
           "shape":"String",
@@ -2676,7 +2697,7 @@
           "documentation":"<p>Custom metadata to add to your Docker volume. This parameter maps to <code>Labels</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/VolumeCreate\">Create a volume</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>xxlabel</code> option to <a href=\"https://docs.docker.com/engine/reference/commandline/volume_create/\">docker volume create</a>.</p>"
         }
       },
-      "documentation":"<p>This parameter is specified when you are using Docker volumes. Docker volumes are only supported when you are using the EC2 launch type. Windows containers only support the use of the <code>local</code> driver. To use bind mounts, specify a <code>host</code> instead.</p>"
+      "documentation":"<p>This parameter is specified when you're using Docker volumes. Docker volumes are only supported when you're using the EC2 launch type. Windows containers only support the use of the <code>local</code> driver. To use bind mounts, specify a <code>host</code> instead.</p>"
     },
     "Double":{"type":"double"},
     "EFSAuthorizationConfig":{
@@ -2688,7 +2709,7 @@
         },
         "iam":{
           "shape":"EFSAuthorizationConfigIAM",
-          "documentation":"<p>Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the <code>EFSVolumeConfiguration</code>. If this parameter is omitted, the default value of <code>DISABLED</code> is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints\">Using Amazon EFS Access Points</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>Determines whether to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the <code>EFSVolumeConfiguration</code>. If this parameter is omitted, the default value of <code>DISABLED</code> is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints\">Using Amazon EFS Access Points</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         }
       },
       "documentation":"<p>The authorization configuration details for the Amazon EFS file system.</p>"
@@ -2721,7 +2742,7 @@
         },
         "transitEncryption":{
           "shape":"EFSTransitEncryption",
-          "documentation":"<p>Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of <code>DISABLED</code> is used. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html\">Encrypting Data in Transit</a> in the <i>Amazon Elastic File System User Guide</i>.</p>"
+          "documentation":"<p>Determines whether to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. If this parameter is omitted, the default value of <code>DISABLED</code> is used. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html\">Encrypting Data in Transit</a> in the <i>Amazon Elastic File System User Guide</i>.</p>"
         },
         "transitEncryptionPort":{
           "shape":"BoxedInteger",
@@ -2732,7 +2753,7 @@
           "documentation":"<p>The authorization configuration details for the Amazon EFS file system.</p>"
         }
       },
-      "documentation":"<p>This parameter is specified when you are using an Amazon Elastic File System file system for task storage. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html\">Amazon EFS Volumes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>This parameter is specified when you're using an Amazon Elastic File System file system for task storage. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html\">Amazon EFS Volumes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "EnvironmentFile":{
       "type":"structure",
@@ -2750,7 +2771,7 @@
           "documentation":"<p>The file type to use. The only supported value is <code>s3</code>.</p>"
         }
       },
-      "documentation":"<p>A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a <code>.env</code> file extension. Each line in an environment file should contain an environment variable in <code>VARIABLE=VALUE</code> format. Lines beginning with <code>#</code> are treated as comments and are ignored. For more information on the environment variable file syntax, see <a href=\"https://docs.docker.com/compose/env-file/\">Declare default environment variables in file</a>.</p> <p>If there are environment variables specified using the <code>environment</code> parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they are processed from the top down. It is recommended to use unique variable names. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html\">Specifying environment variables</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>This parameter is only supported for tasks hosted on Fargate using the following platform versions:</p> <ul> <li> <p>Linux platform version <code>1.4.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul>"
+      "documentation":"<p>A list of files containing the environment variables to pass to a container. You can specify up to ten environment files. The file must have a <code>.env</code> file extension. Each line in an environment file should contain an environment variable in <code>VARIABLE=VALUE</code> format. Lines beginning with <code>#</code> are treated as comments and are ignored. For more information about the environment variable file syntax, see <a href=\"https://docs.docker.com/compose/env-file/\">Declare default environment variables in file</a>.</p> <p>If there are environment variables specified using the <code>environment</code> parameter in a container definition, they take precedence over the variables contained within an environment file. If multiple environment files are specified that contain the same variable, they're processed from the top down. We recommend that you use unique variable names. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/taskdef-envfiles.html\">Specifying environment variables</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>This parameter is only supported for tasks hosted on Fargate using the following platform versions:</p> <ul> <li> <p>Linux platform version <code>1.4.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul>"
     },
     "EnvironmentFileType":{
       "type":"string",
@@ -2802,7 +2823,7 @@
         },
         "cloudWatchEncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.</p>"
+          "documentation":"<p>Determines whether to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.</p>"
         },
         "s3BucketName":{
           "shape":"String",
@@ -2810,7 +2831,7 @@
         },
         "s3EncryptionEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not to use encryption on the S3 logs. If not specified, encryption is not used.</p>"
+          "documentation":"<p>Determines whether to use encryption on the S3 logs. If not specified, encryption is not used.</p>"
         },
         "s3KeyPrefix":{
           "shape":"String",
@@ -2874,7 +2895,7 @@
         },
         "interactive":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not the execute command session is running in interactive mode. Amazon ECS only supports initiating interactive sessions, so you must specify <code>true</code> for this value.</p>"
+          "documentation":"<p>Determines whether the execute command session is running in interactive mode. Amazon ECS only supports initiating interactive sessions, so you must specify <code>true</code> for this value.</p>"
         },
         "session":{
           "shape":"Session",
@@ -2925,7 +2946,7 @@
           "documentation":"<p>The authorization configuration details for the Amazon FSx for Windows File Server file system.</p>"
         }
       },
-      "documentation":"<p>This parameter is specified when you are using <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html\">Amazon FSx for Windows File Server</a> file system for task storage.</p> <p>For more information and the input format, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html\">Amazon FSx for Windows File Server Volumes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>This parameter is specified when you're using <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html\">Amazon FSx for Windows File Server</a> file system for task storage.</p> <p>For more information and the input format, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/wfsx-volumes.html\">Amazon FSx for Windows File Server Volumes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "Failure":{
       "type":"structure",
@@ -2986,7 +3007,7 @@
       "members":{
         "command":{
           "shape":"StringList",
-          "documentation":"<p>A string array representing the command that the container runs to determine if it is healthy. The string array must start with <code>CMD</code> to execute the command arguments directly, or <code>CMD-SHELL</code> to run the command with the container's default shell. </p> <p> When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, you should enclose the list of commands in brackets, as shown below.</p> <p> <code>[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]</code> </p> <p>You do not need to include the brackets when you use the Amazon Web Services Management Consoleas shown below.</p> <p> <code> \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" </code> </p> <p>An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see <code>HealthCheck</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a>.</p>"
+          "documentation":"<p>A string array representing the command that the container runs to determine if it is healthy. The string array must start with <code>CMD</code> to execute the command arguments directly, or <code>CMD-SHELL</code> to run the command with the container's default shell. </p> <p> When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in brackets.</p> <p> <code>[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]</code> </p> <p>You don't need to include the brackets when you use the Amazon Web Services Management Console.</p> <p> <code> \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" </code> </p> <p>An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see <code>HealthCheck</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a>.</p>"
         },
         "interval":{
           "shape":"BoxedInteger",
@@ -3002,10 +3023,10 @@
         },
         "startPeriod":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You may specify between 0 and 300 seconds. The <code>startPeriod</code> is disabled by default.</p> <note> <p>If a health check succeeds within the <code>startPeriod</code>, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.</p> </note>"
+          "documentation":"<p>The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the <code>startPeriod</code> is disabled.</p> <note> <p>If a health check succeeds within the <code>startPeriod</code>, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.</p> </note>"
         }
       },
-      "documentation":"<p>An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile).</p> <p>You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.</p> <p>The following describes the possible <code>healthStatus</code> values for a container:</p> <ul> <li> <p> <code>HEALTHY</code>-The container health check has passed successfully.</p> </li> <li> <p> <code>UNHEALTHY</code>-The container health check has failed.</p> </li> <li> <p> <code>UNKNOWN</code>-The container health check is being evaluated or there is no container health check defined.</p> </li> </ul> <p>The following describes the possible <code>healthStatus</code> values for a task. The container health check status of nonessential containers do not have an effect on the health status of a task.</p> <ul> <li> <p> <code>HEALTHY</code>-All essential containers within the task have passed their health checks.</p> </li> <li> <p> <code>UNHEALTHY</code>-One or more essential containers have failed their health check.</p> </li> <li> <p> <code>UNKNOWN</code>-The essential containers within the task are still having their health checks evaluated or there are no container health checks defined.</p> </li> </ul> <p>If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.</p> <p>The following are notes about container health check support:</p> <ul> <li> <p>Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a>.</p> </li> <li> <p>Container health checks are supported for Fargate tasks if you are using platform version 1.1.0 or greater. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a>.</p> </li> <li> <p>Container health checks are not supported for tasks that are part of a service that is configured to use a Classic Load Balancer.</p> </li> </ul>"
+      "documentation":"<p>An object representing a container health check. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image (such as those specified in a parent image or from the image's Dockerfile).</p> <p>You can view the health status of both individual containers and a task with the DescribeTasks API operation or when viewing the task details in the console.</p> <p>The following describes the possible <code>healthStatus</code> values for a container:</p> <ul> <li> <p> <code>HEALTHY</code>-The container health check has passed successfully.</p> </li> <li> <p> <code>UNHEALTHY</code>-The container health check has failed.</p> </li> <li> <p> <code>UNKNOWN</code>-The container health check is being evaluated or there's no container health check defined.</p> </li> </ul> <p>The following describes the possible <code>healthStatus</code> values for a task. The container health check status of nonessential containers do not have an effect on the health status of a task.</p> <ul> <li> <p> <code>HEALTHY</code>-All essential containers within the task have passed their health checks.</p> </li> <li> <p> <code>UNHEALTHY</code>-One or more essential containers have failed their health check.</p> </li> <li> <p> <code>UNKNOWN</code>-The essential containers within the task are still having their health checks evaluated or there are no container health checks defined.</p> </li> </ul> <p>If a task is run manually, and not as part of a service, the task will continue its lifecycle regardless of its health status. For tasks that are part of a service, if the task reports as unhealthy then the task will be stopped and the service scheduler will replace it.</p> <p>The following are notes about container health check support:</p> <ul> <li> <p>Container health checks require version 1.17.0 or greater of the Amazon ECS container agent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-update.html\">Updating the Amazon ECS Container Agent</a>.</p> </li> <li> <p>Container health checks are supported for Fargate tasks if you're using platform version 1.1.0 or greater. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a>.</p> </li> <li> <p>Container health checks aren't supported for tasks that are part of a service that's configured to use a Classic Load Balancer.</p> </li> </ul>"
     },
     "HealthStatus":{
       "type":"string",
@@ -3042,7 +3063,7 @@
       "members":{
         "sourcePath":{
           "shape":"String",
-          "documentation":"<p>When the <code>host</code> parameter is used, specify a <code>sourcePath</code> to declare the path on the host container instance that is presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the <code>host</code> parameter contains a <code>sourcePath</code> file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the <code>sourcePath</code> value does not exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.</p> <p>If you are using the Fargate launch type, the <code>sourcePath</code> parameter is not supported.</p>"
+          "documentation":"<p>When the <code>host</code> parameter is used, specify a <code>sourcePath</code> to declare the path on the host container instance that's presented to the container. If this parameter is empty, then the Docker daemon has assigned a host path for you. If the <code>host</code> parameter contains a <code>sourcePath</code> file location, then the data volume persists at the specified location on the host container instance until you delete it manually. If the <code>sourcePath</code> value doesn't exist on the host container instance, the Docker daemon creates it. If the location does exist, the contents of the source path folder are exported.</p> <p>If you're using the Fargate launch type, the <code>sourcePath</code> parameter is not supported.</p>"
         }
       },
       "documentation":"<p>Details on a container instance bind mount host volume.</p>"
@@ -3063,7 +3084,7 @@
           "documentation":"<p>The Elastic Inference accelerator type to use.</p>"
         }
       },
-      "documentation":"<p>Details on a Elastic Inference accelerator. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html\">Working with Amazon Elastic Inference on Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+      "documentation":"<p>Details on an Elastic Inference accelerator. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-inference.html\">Working with Amazon Elastic Inference on Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "InferenceAcceleratorOverride":{
       "type":"structure",
@@ -3087,12 +3108,51 @@
       "type":"list",
       "member":{"shape":"InferenceAccelerator"}
     },
+    "InstanceHealthCheckResult":{
+      "type":"structure",
+      "members":{
+        "type":{
+          "shape":"InstanceHealthCheckType",
+          "documentation":"<p>The type of container instance health status that was verified.</p>"
+        },
+        "status":{
+          "shape":"InstanceHealthCheckState",
+          "documentation":"<p>The container instance health status.</p>"
+        },
+        "lastUpdated":{
+          "shape":"Timestamp",
+          "documentation":"<p>The Unix timestamp for when the container instance health status was last updated.</p>"
+        },
+        "lastStatusChange":{
+          "shape":"Timestamp",
+          "documentation":"<p>The Unix timestamp for when the container instance health status last changed.</p>"
+        }
+      },
+      "documentation":"<p>An object representing the result of a container instance health status check.</p>"
+    },
+    "InstanceHealthCheckResultList":{
+      "type":"list",
+      "member":{"shape":"InstanceHealthCheckResult"}
+    },
+    "InstanceHealthCheckState":{
+      "type":"string",
+      "enum":[
+        "OK",
+        "IMPAIRED",
+        "INSUFFICIENT_DATA",
+        "INITIALIZING"
+      ]
+    },
+    "InstanceHealthCheckType":{
+      "type":"string",
+      "enum":["CONTAINER_RUNTIME"]
+    },
     "Integer":{"type":"integer"},
     "InvalidParameterException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified parameter is invalid. Review the available parameters for the API request.</p>",
+      "documentation":"<p>The specified parameter isn't valid. Review the available parameters for the API request.</p>",
       "exception":true
     },
     "IpcMode":{
@@ -3115,7 +3175,7 @@
           "documentation":"<p>The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to <code>CapDrop</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--cap-drop</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>Valid values: <code>\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"</code> </p>"
         }
       },
-      "documentation":"<p>The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For more information on the default capabilities and the non-default available capabilities, see <a href=\"https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities\">Runtime privilege and Linux capabilities</a> in the <i>Docker run reference</i>. For more detailed information on these Linux capabilities, see the <a href=\"http://man7.org/linux/man-pages/man7/capabilities.7.html\">capabilities(7)</a> Linux manual page.</p>"
+      "documentation":"<p>The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker. For more information about the default capabilities and the non-default available capabilities, see <a href=\"https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities\">Runtime privilege and Linux capabilities</a> in the <i>Docker run reference</i>. For more detailed information about these Linux capabilities, see the <a href=\"http://man7.org/linux/man-pages/man7/capabilities.7.html\">capabilities(7)</a> Linux manual page.</p>"
     },
     "KeyValuePair":{
       "type":"structure",
@@ -3143,7 +3203,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The limit for the resource has been exceeded.</p>",
+      "documentation":"<p>The limit for the resource was exceeded.</p>",
       "exception":true
     },
     "LinuxParameters":{
@@ -3155,7 +3215,7 @@
         },
         "devices":{
           "shape":"DevicesList",
-          "documentation":"<p>Any host devices to expose to the container. This parameter maps to <code>Devices</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--device</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you are using tasks that use the Fargate launch type, the <code>devices</code> parameter is not supported.</p> </note>"
+          "documentation":"<p>Any host devices to expose to the container. This parameter maps to <code>Devices</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--device</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you're using tasks that use the Fargate launch type, the <code>devices</code> parameter isn't supported.</p> </note>"
         },
         "initProcessEnabled":{
           "shape":"BoxedBoolean",
@@ -3167,15 +3227,15 @@
         },
         "tmpfs":{
           "shape":"TmpfsList",
-          "documentation":"<p>The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the <code>--tmpfs</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you are using tasks that use the Fargate launch type, the <code>tmpfs</code> parameter is not supported.</p> </note>"
+          "documentation":"<p>The container path, mount options, and size (in MiB) of the tmpfs mount. This parameter maps to the <code>--tmpfs</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you're using tasks that use the Fargate launch type, the <code>tmpfs</code> parameter isn't supported.</p> </note>"
         },
         "maxSwap":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the <code>--memory-swap</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a> where the value would be the sum of the container memory plus the <code>maxSwap</code> value.</p> <p>If a <code>maxSwap</code> value of <code>0</code> is specified, the container will not use swap. Accepted values are <code>0</code> or any positive integer. If the <code>maxSwap</code> parameter is omitted, the container will use the swap configuration for the container instance it is running on. A <code>maxSwap</code> value must be set for the <code>swappiness</code> parameter to be used.</p> <note> <p>If you are using tasks that use the Fargate launch type, the <code>maxSwap</code> parameter is not supported.</p> </note>"
+          "documentation":"<p>The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the <code>--memory-swap</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a> where the value would be the sum of the container memory plus the <code>maxSwap</code> value.</p> <p>If a <code>maxSwap</code> value of <code>0</code> is specified, the container will not use swap. Accepted values are <code>0</code> or any positive integer. If the <code>maxSwap</code> parameter is omitted, the container will use the swap configuration for the container instance it is running on. A <code>maxSwap</code> value must be set for the <code>swappiness</code> parameter to be used.</p> <note> <p>If you're using tasks that use the Fargate launch type, the <code>maxSwap</code> parameter isn't supported.</p> </note>"
         },
         "swappiness":{
           "shape":"BoxedInteger",
-          "documentation":"<p>This allows you to tune a container's memory swappiness behavior. A <code>swappiness</code> value of <code>0</code> will cause swapping to not happen unless absolutely necessary. A <code>swappiness</code> value of <code>100</code> will cause pages to be swapped very aggressively. Accepted values are whole numbers between <code>0</code> and <code>100</code>. If the <code>swappiness</code> parameter is not specified, a default value of <code>60</code> is used. If a value is not specified for <code>maxSwap</code> then this parameter is ignored. This parameter maps to the <code>--memory-swappiness</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you are using tasks that use the Fargate launch type, the <code>swappiness</code> parameter is not supported.</p> </note>"
+          "documentation":"<p>This allows you to tune a container's memory swappiness behavior. A <code>swappiness</code> value of <code>0</code> will cause swapping to not happen unless absolutely necessary. A <code>swappiness</code> value of <code>100</code> will cause pages to be swapped very aggressively. Accepted values are whole numbers between <code>0</code> and <code>100</code>. If the <code>swappiness</code> parameter is not specified, a default value of <code>60</code> is used. If a value is not specified for <code>maxSwap</code> then this parameter is ignored. This parameter maps to the <code>--memory-swappiness</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <note> <p>If you're using tasks that use the Fargate launch type, the <code>swappiness</code> parameter isn't supported.</p> </note>"
         }
       },
       "documentation":"<p>Linux-specific options that are applied to the container, such as Linux <a>KernelCapabilities</a>.</p>"
@@ -3189,7 +3249,7 @@
         },
         "value":{
           "shape":"String",
-          "documentation":"<p>The value of the account settings with which to filter results. You must also specify an account setting name to use this parameter.</p>"
+          "documentation":"<p>The value of the account settings to filter results with. You must also specify an account setting name to use this parameter.</p>"
         },
         "principalArn":{
           "shape":"String",
@@ -3197,15 +3257,15 @@
         },
         "effectiveSettings":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether to return the effective settings. If <code>true</code>, the account settings for the root user or the default setting for the <code>principalArn</code> are returned. If <code>false</code>, the account settings for the <code>principalArn</code> are returned if they are set. Otherwise, no account settings are returned.</p>"
+          "documentation":"<p>Determines whether to return the effective settings. If <code>true</code>, the account settings for the root user or the default setting for the <code>principalArn</code> are returned. If <code>false</code>, the account settings for the <code>principalArn</code> are returned if they're set. Otherwise, no account settings are returned.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListAccountSettings</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it is possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListAccountSettings</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it's possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
         },
         "maxResults":{
           "shape":"Integer",
-          "documentation":"<p>The maximum number of account setting results returned by <code>ListAccountSettings</code> in paginated output. When this parameter is used, <code>ListAccountSettings</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListAccountSettings</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 10. If this parameter is not used, then <code>ListAccountSettings</code> returns up to 10 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of account setting results returned by <code>ListAccountSettings</code> in paginated output. When this parameter is used, <code>ListAccountSettings</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListAccountSettings</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 10. If this parameter isn't used, then <code>ListAccountSettings</code> returns up to 10 results and a <code>nextToken</code> value if applicable.</p>"
         }
       }
     },
@@ -3232,23 +3292,23 @@
         },
         "targetType":{
           "shape":"TargetType",
-          "documentation":"<p>The type of the target with which to list attributes.</p>"
+          "documentation":"<p>The type of the target to list attributes with.</p>"
         },
         "attributeName":{
           "shape":"String",
-          "documentation":"<p>The name of the attribute with which to filter the results. </p>"
+          "documentation":"<p>The name of the attribute to filter the results with. </p>"
         },
         "attributeValue":{
           "shape":"String",
-          "documentation":"<p>The value of the attribute with which to filter results. You must also specify an attribute name to use this parameter.</p>"
+          "documentation":"<p>The value of the attribute to filter results with. You must also specify an attribute name to use this parameter.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListAttributes</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it is possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListAttributes</code> request indicating that more results are available to fulfill the request and further calls are needed. If <code>maxResults</code> was provided, it's possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of cluster results returned by <code>ListAttributes</code> in paginated output. When this parameter is used, <code>ListAttributes</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListAttributes</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListAttributes</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of cluster results that <code>ListAttributes</code> returned in paginated output. When this parameter is used, <code>ListAttributes</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListAttributes</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListAttributes</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         }
       }
     },
@@ -3270,11 +3330,11 @@
       "members":{
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListClusters</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it is possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListClusters</code> request indicating that more results are available to fulfill the request and further calls are needed. If <code>maxResults</code> was provided, it's possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of cluster results returned by <code>ListClusters</code> in paginated output. When this parameter is used, <code>ListClusters</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListClusters</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListClusters</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of cluster results that <code>ListClusters</code> returned in paginated output. When this parameter is used, <code>ListClusters</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListClusters</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListClusters</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         }
       }
     },
@@ -3283,7 +3343,7 @@
       "members":{
         "clusterArns":{
           "shape":"StringList",
-          "documentation":"<p>The list of full Amazon Resource Name (ARN) entries for each cluster associated with your account.</p>"
+          "documentation":"<p>The list of full Amazon Resource Name (ARN) entries for each cluster that's associated with your account.</p>"
         },
         "nextToken":{
           "shape":"String",
@@ -3304,15 +3364,15 @@
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListContainerInstances</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it is possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListContainerInstances</code> request indicating that more results are available to fulfill the request and further calls are needed. If <code>maxResults</code> was provided, it's possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of container instance results returned by <code>ListContainerInstances</code> in paginated output. When this parameter is used, <code>ListContainerInstances</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListContainerInstances</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListContainerInstances</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of container instance results that <code>ListContainerInstances</code> returned in paginated output. When this parameter is used, <code>ListContainerInstances</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListContainerInstances</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListContainerInstances</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         },
         "status":{
           "shape":"ContainerInstanceStatus",
-          "documentation":"<p>Filters the container instances by status. For example, if you specify the <code>DRAINING</code> status, the results include only container instances that have been set to <code>DRAINING</code> using <a>UpdateContainerInstancesState</a>. If you do not specify this parameter, the default is to include container instances set to all states other than <code>INACTIVE</code>.</p>"
+          "documentation":"<p>Filters the container instances by status. For example, if you specify the <code>DRAINING</code> status, the results include only container instances that have been set to <code>DRAINING</code> using <a>UpdateContainerInstancesState</a>. If you don't specify this parameter, the default is to include container instances set to all states other than <code>INACTIVE</code>.</p>"
         }
       }
     },
@@ -3342,7 +3402,7 @@
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of service results returned by <code>ListServices</code> in paginated output. When this parameter is used, <code>ListServices</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListServices</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListServices</code> returns up to 10 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of service results that <code>ListServices</code> returned in paginated output. When this parameter is used, <code>ListServices</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListServices</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListServices</code> returns up to 10 results and a <code>nextToken</code> value if applicable.</p>"
         },
         "launchType":{
           "shape":"LaunchType",
@@ -3359,7 +3419,7 @@
       "members":{
         "serviceArns":{
           "shape":"StringList",
-          "documentation":"<p>The list of full ARN entries for each service associated with the specified cluster.</p>"
+          "documentation":"<p>The list of full ARN entries for each service that's associated with the specified cluster.</p>"
         },
         "nextToken":{
           "shape":"String",
@@ -3373,7 +3433,7 @@
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are Amazon ECS tasks, services, task definitions, clusters, and container instances.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource to list the tags for. Currently, the supported resources are Amazon ECS tasks, services, task definitions, clusters, and container instances.</p>"
         }
       }
     },
@@ -3391,11 +3451,11 @@
       "members":{
         "familyPrefix":{
           "shape":"String",
-          "documentation":"<p>The <code>familyPrefix</code> is a string that is used to filter the results of <code>ListTaskDefinitionFamilies</code>. If you specify a <code>familyPrefix</code>, only task definition family names that begin with the <code>familyPrefix</code> string are returned.</p>"
+          "documentation":"<p>The <code>familyPrefix</code> is a string that's used to filter the results of <code>ListTaskDefinitionFamilies</code>. If you specify a <code>familyPrefix</code>, only task definition family names that begin with the <code>familyPrefix</code> string are returned.</p>"
         },
         "status":{
           "shape":"TaskDefinitionFamilyStatus",
-          "documentation":"<p>The task definition family status with which to filter the <code>ListTaskDefinitionFamilies</code> results. By default, both <code>ACTIVE</code> and <code>INACTIVE</code> task definition families are listed. If this parameter is set to <code>ACTIVE</code>, only task definition families that have an <code>ACTIVE</code> task definition revision are returned. If this parameter is set to <code>INACTIVE</code>, only task definition families that do not have any <code>ACTIVE</code> task definition revisions are returned. If you paginate the resulting output, be sure to keep the <code>status</code> value constant in each subsequent request.</p>"
+          "documentation":"<p>The task definition family status to filter the <code>ListTaskDefinitionFamilies</code> results with. By default, both <code>ACTIVE</code> and <code>INACTIVE</code> task definition families are listed. If this parameter is set to <code>ACTIVE</code>, only task definition families that have an <code>ACTIVE</code> task definition revision are returned. If this parameter is set to <code>INACTIVE</code>, only task definition families that do not have any <code>ACTIVE</code> task definition revisions are returned. If you paginate the resulting output, be sure to keep the <code>status</code> value constant in each subsequent request.</p>"
         },
         "nextToken":{
           "shape":"String",
@@ -3403,7 +3463,7 @@
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of task definition family results returned by <code>ListTaskDefinitionFamilies</code> in paginated output. When this parameter is used, <code>ListTaskDefinitions</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTaskDefinitionFamilies</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListTaskDefinitionFamilies</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of task definition family results that <code>ListTaskDefinitionFamilies</code> returned in paginated output. When this parameter is used, <code>ListTaskDefinitions</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTaskDefinitionFamilies</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListTaskDefinitionFamilies</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         }
       }
     },
@@ -3425,15 +3485,15 @@
       "members":{
         "familyPrefix":{
           "shape":"String",
-          "documentation":"<p>The full family name with which to filter the <code>ListTaskDefinitions</code> results. Specifying a <code>familyPrefix</code> limits the listed task definitions to task definition revisions that belong to that family.</p>"
+          "documentation":"<p>The full family name to filter the <code>ListTaskDefinitions</code> results with. Specifying a <code>familyPrefix</code> limits the listed task definitions to task definition revisions that belong to that family.</p>"
         },
         "status":{
           "shape":"TaskDefinitionStatus",
-          "documentation":"<p>The task definition status with which to filter the <code>ListTaskDefinitions</code> results. By default, only <code>ACTIVE</code> task definitions are listed. By setting this parameter to <code>INACTIVE</code>, you can view task definitions that are <code>INACTIVE</code> as long as an active task or service still references them. If you paginate the resulting output, be sure to keep the <code>status</code> value constant in each subsequent request.</p>"
+          "documentation":"<p>The task definition status to filter the <code>ListTaskDefinitions</code> results with. By default, only <code>ACTIVE</code> task definitions are listed. By setting this parameter to <code>INACTIVE</code>, you can view task definitions that are <code>INACTIVE</code> as long as an active task or service still references them. If you paginate the resulting output, be sure to keep the <code>status</code> value constant in each subsequent request.</p>"
         },
         "sort":{
           "shape":"SortOrder",
-          "documentation":"<p>The order in which to sort the results. Valid values are <code>ASC</code> and <code>DESC</code>. By default (<code>ASC</code>), task definitions are listed lexicographically by family name and in ascending numerical order by revision so that the newest task definitions in a family are listed last. Setting this parameter to <code>DESC</code> reverses the sort order on family name and revision so that the newest task definitions in a family are listed first.</p>"
+          "documentation":"<p>The order to sort the results in. Valid values are <code>ASC</code> and <code>DESC</code>. By default, (<code>ASC</code>) task definitions are listed lexicographically by family name and in ascending numerical order by revision so that the newest task definitions in a family are listed last. Setting this parameter to <code>DESC</code> reverses the sort order on family name and revision. This is so that the newest task definitions in a family are listed first.</p>"
         },
         "nextToken":{
           "shape":"String",
@@ -3441,7 +3501,7 @@
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of task definition results returned by <code>ListTaskDefinitions</code> in paginated output. When this parameter is used, <code>ListTaskDefinitions</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTaskDefinitions</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListTaskDefinitions</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of task definition results that <code>ListTaskDefinitions</code> returned in paginated output. When this parameter is used, <code>ListTaskDefinitions</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTaskDefinitions</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListTaskDefinitions</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         }
       }
     },
@@ -3475,15 +3535,15 @@
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListTasks</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it is possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
+          "documentation":"<p>The <code>nextToken</code> value returned from a <code>ListTasks</code> request indicating that more results are available to fulfill the request and further calls will be needed. If <code>maxResults</code> was provided, it's possible the number of results to be fewer than <code>maxResults</code>.</p> <note> <p>This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.</p> </note>"
         },
         "maxResults":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The maximum number of task results returned by <code>ListTasks</code> in paginated output. When this parameter is used, <code>ListTasks</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTasks</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter is not used, then <code>ListTasks</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
+          "documentation":"<p>The maximum number of task results that <code>ListTasks</code> returned in paginated output. When this parameter is used, <code>ListTasks</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListTasks</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 100. If this parameter isn't used, then <code>ListTasks</code> returns up to 100 results and a <code>nextToken</code> value if applicable.</p>"
         },
         "startedBy":{
           "shape":"String",
-          "documentation":"<p>The <code>startedBy</code> value with which to filter the task results. Specifying a <code>startedBy</code> value limits the results to tasks that were started with that value.</p>"
+          "documentation":"<p>The <code>startedBy</code> value to filter the task results with. Specifying a <code>startedBy</code> value limits the results to tasks that were started with that value.</p>"
         },
         "serviceName":{
           "shape":"String",
@@ -3491,7 +3551,7 @@
         },
         "desiredStatus":{
           "shape":"DesiredStatus",
-          "documentation":"<p>The task desired status to use when filtering the <code>ListTasks</code> results. Specifying a <code>desiredStatus</code> of <code>STOPPED</code> limits the results to tasks that Amazon ECS has set the desired status to <code>STOPPED</code>. This can be useful for debugging tasks that are not starting properly or have died or finished. The default status filter is <code>RUNNING</code>, which shows tasks that Amazon ECS has set the desired status to <code>RUNNING</code>.</p> <note> <p>Although you can filter results based on a desired status of <code>PENDING</code>, this does not return any results. Amazon ECS never sets the desired status of a task to that value (only a task's <code>lastStatus</code> may have a value of <code>PENDING</code>).</p> </note>"
+          "documentation":"<p>The task desired status to use when filtering the <code>ListTasks</code> results. Specifying a <code>desiredStatus</code> of <code>STOPPED</code> limits the results to tasks that Amazon ECS has set the desired status to <code>STOPPED</code>. This can be useful for debugging tasks that aren't starting properly or have died or finished. The default status filter is <code>RUNNING</code>, which shows tasks that Amazon ECS has set the desired status to <code>RUNNING</code>.</p> <note> <p>Although you can filter results based on a desired status of <code>PENDING</code>, this doesn't return any results. Amazon ECS never sets the desired status of a task to that value (only a task's <code>lastStatus</code> may have a value of <code>PENDING</code>).</p> </note>"
         },
         "launchType":{
           "shape":"LaunchType",
@@ -3517,7 +3577,7 @@
       "members":{
         "targetGroupArn":{
           "shape":"String",
-          "documentation":"<p>The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set.</p> <p>A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you are using a Classic Load Balancer the target group ARN should be omitted.</p> <p>For services using the <code>ECS</code> deployment controller, you can specify one or multiple target groups. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html\">Registering Multiple Target Groups with a Service</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For services using the <code>CODE_DEPLOY</code> deployment controller, you are required to define two target groups for the load balancer. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html\">Blue/Green Deployment with CodeDeploy</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <important> <p>If your service's task definition uses the <code>awsvpc</code> network mode (which is required for the Fargate launch type), you must choose <code>ip</code> as the target type, not <code>instance</code>, when creating your target groups because tasks that use the <code>awsvpc</code> network mode are associated with an elastic network interface, not an Amazon EC2 instance.</p> </important>"
+          "documentation":"<p>The full Amazon Resource Name (ARN) of the Elastic Load Balancing target group or groups associated with a service or task set.</p> <p>A target group ARN is only specified when using an Application Load Balancer or Network Load Balancer. If you're using a Classic Load Balancer, omit the target group ARN.</p> <p>For services using the <code>ECS</code> deployment controller, you can specify one or multiple target groups. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/register-multiple-targetgroups.html\">Registering Multiple Target Groups with a Service</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For services using the <code>CODE_DEPLOY</code> deployment controller, you're required to define two target groups for the load balancer. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-bluegreen.html\">Blue/Green Deployment with CodeDeploy</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <important> <p>If your service's task definition uses the <code>awsvpc</code> network mode, you must choose <code>ip</code> as the target type, not <code>instance</code>. Do this when creating your target groups because tasks that use the <code>awsvpc</code> network mode are associated with an elastic network interface, not an Amazon EC2 instance. This network mode is required for the Fargate launch type.</p> </important>"
         },
         "loadBalancerName":{
           "shape":"String",
@@ -3529,7 +3589,7 @@
         },
         "containerPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port on the container to associate with the load balancer. This port must correspond to a <code>containerPort</code> in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the <code>hostPort</code> of the port mapping.</p>"
+          "documentation":"<p>The port on the container to associate with the load balancer. This port must correspond to a <code>containerPort</code> in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they're launched on must allow ingress traffic on the <code>hostPort</code> of the port mapping.</p>"
         }
       },
       "documentation":"<p>The load balancer configuration to use with a service or task set.</p> <p>For specific notes and restrictions regarding the use of load balancers with services and task sets, see the CreateService and CreateTaskSet actions.</p>"
@@ -3544,7 +3604,7 @@
       "members":{
         "logDriver":{
           "shape":"LogDriver",
-          "documentation":"<p>The log driver to use for the container.</p> <p>For tasks on Fargate, the supported log drivers are <code>awslogs</code>, <code>splunk</code>, and <code>awsfirelens</code>.</p> <p>For tasks hosted on Amazon EC2 instances, the supported log drivers are <code>awslogs</code>, <code>fluentd</code>, <code>gelf</code>, <code>json-file</code>, <code>journald</code>, <code>logentries</code>,<code>syslog</code>, <code>splunk</code>, and <code>awsfirelens</code>.</p> <p>For more information about using the <code>awslogs</code> log driver, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html\">Using the awslogs log driver</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For more information about using the <code>awsfirelens</code> log driver, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html\">Custom log routing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>If you have a custom driver that is not listed, you can fork the Amazon ECS container agent project that is <a href=\"https://github.com/aws/amazon-ecs-agent\">available on GitHub</a> and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we do not currently provide support for running modified copies of this software.</p> </note>"
+          "documentation":"<p>The log driver to use for the container.</p> <p>For tasks on Fargate, the supported log drivers are <code>awslogs</code>, <code>splunk</code>, and <code>awsfirelens</code>.</p> <p>For tasks hosted on Amazon EC2 instances, the supported log drivers are <code>awslogs</code>, <code>fluentd</code>, <code>gelf</code>, <code>json-file</code>, <code>journald</code>, <code>logentries</code>,<code>syslog</code>, <code>splunk</code>, and <code>awsfirelens</code>.</p> <p>For more information about using the <code>awslogs</code> log driver, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html\">Using the awslogs log driver</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>For more information about using the <code>awsfirelens</code> log driver, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html\">Custom log routing</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's <a href=\"https://github.com/aws/amazon-ecs-agent\">available on GitHub</a> and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software.</p> </note>"
         },
         "options":{
           "shape":"LogConfigurationOptionsMap",
@@ -3555,7 +3615,7 @@
           "documentation":"<p>The secrets to pass to the log configuration. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html\">Specifying Sensitive Data</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         }
       },
-      "documentation":"<p>The log configuration for the container. This parameter maps to <code>LogConfig</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--log-driver</code> option to <a href=\"https://docs.docker.com/engine/reference/commandline/run/\"> <code>docker run</code> </a>.</p> <p>By default, containers use the same logging driver that the Docker daemon uses; however the container may use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information on the options for different supported log drivers, see <a href=\"https://docs.docker.com/engine/admin/logging/overview/\">Configure logging drivers</a> in the Docker documentation.</p> <p>The following should be noted when specifying a log configuration for your containers:</p> <ul> <li> <p>Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent.</p> </li> <li> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.</p> </li> <li> <p>For tasks hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the <code>ECS_AVAILABLE_LOGGING_DRIVERS</code> environment variable before containers placed on that instance can use these log configuration options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS container agent configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> <li> <p>For tasks on Fargate, because you do not have access to the underlying infrastructure your tasks are hosted on, any additional software needed will have to be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.</p> </li> </ul>"
+      "documentation":"<p>The log configuration for the container. This parameter maps to <code>LogConfig</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--log-driver</code> option to <a href=\"https://docs.docker.com/engine/reference/commandline/run/\"> <code>docker run</code> </a>.</p> <p>By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see <a href=\"https://docs.docker.com/engine/admin/logging/overview/\">Configure logging drivers</a> in the Docker documentation.</p> <p>Understand the following when specifying a log configuration for your containers.</p> <ul> <li> <p>Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the valid values below). Additional log drivers may be available in future releases of the Amazon ECS container agent.</p> </li> <li> <p>This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.</p> </li> <li> <p>For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the <code>ECS_AVAILABLE_LOGGING_DRIVERS</code> environment variable before containers placed on that instance can use these log configuration options. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html\">Amazon ECS container agent configuration</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> </li> <li> <p>For tasks that are on Fargate, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.</p> </li> </ul>"
     },
     "LogConfigurationOptionsMap":{
       "type":"map",
@@ -3581,7 +3641,7 @@
       "members":{
         "lastStartedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the managed agent was last started.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the managed agent was last started.</p>"
         },
         "name":{
           "shape":"ManagedAgentName",
@@ -3612,7 +3672,7 @@
       "members":{
         "containerName":{
           "shape":"String",
-          "documentation":"<p>The name of the container associated with the managed agent.</p>"
+          "documentation":"<p>The name of the container that's associated with the managed agent.</p>"
         },
         "managedAgentName":{
           "shape":"ManagedAgentName",
@@ -3642,26 +3702,26 @@
       "members":{
         "status":{
           "shape":"ManagedScalingStatus",
-          "documentation":"<p>Whether or not to enable managed scaling for the capacity provider.</p>"
+          "documentation":"<p>Determines whether to enable managed scaling for the capacity provider.</p>"
         },
         "targetCapacity":{
           "shape":"ManagedScalingTargetCapacity",
-          "documentation":"<p>The target capacity value for the capacity provider. The specified value must be greater than <code>0</code> and less than or equal to <code>100</code>. A value of <code>100</code> will result in the Amazon EC2 instances in your Auto Scaling group being completely utilized.</p>"
+          "documentation":"<p>The target capacity value for the capacity provider. The specified value must be greater than <code>0</code> and less than or equal to <code>100</code>. A value of <code>100</code> results in the Amazon EC2 instances in your Auto Scaling group being completely used.</p>"
         },
         "minimumScalingStepSize":{
           "shape":"ManagedScalingStepSize",
-          "documentation":"<p>The minimum number of container instances that Amazon ECS will scale in or scale out at one time. If this parameter is omitted, the default value of <code>1</code> is used.</p>"
+          "documentation":"<p>The minimum number of container instances that Amazon ECS scales in or scales out at one time. If this parameter is omitted, the default value of <code>1</code> is used.</p>"
         },
         "maximumScalingStepSize":{
           "shape":"ManagedScalingStepSize",
-          "documentation":"<p>The maximum number of container instances that Amazon ECS will scale in or scale out at one time. If this parameter is omitted, the default value of <code>10000</code> is used.</p>"
+          "documentation":"<p>The maximum number of container instances that Amazon ECS scales in or scales out at one time. If this parameter is omitted, the default value of <code>10000</code> is used.</p>"
         },
         "instanceWarmupPeriod":{
           "shape":"ManagedScalingInstanceWarmupPeriod",
           "documentation":"<p>The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of <code>300</code> seconds is used.</p>"
         }
       },
-      "documentation":"<p>The managed scaling settings for the Auto Scaling group capacity provider.</p> <p>When managed scaling is enabled, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS-managed CloudWatch metric with the specified <code>targetCapacity</code> value as the target value for the metric. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling\">Using Managed Scaling</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If managed scaling is disabled, the user must manage the scaling of the Auto Scaling group.</p>"
+      "documentation":"<p>The managed scaling settings for the Auto Scaling group capacity provider.</p> <p>When managed scaling is enabled, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS managed CloudWatch metric with the specified <code>targetCapacity</code> value as the target value for the metric. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling\">Using Managed Scaling</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>If managed scaling is disabled, the user must manage the scaling of the Auto Scaling group.</p>"
     },
     "ManagedScalingInstanceWarmupPeriod":{
       "type":"integer",
@@ -3696,7 +3756,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Amazon ECS is unable to determine the current version of the Amazon ECS container agent on the container instance and does not have enough information to proceed with an update. This could be because the agent running on the container instance is an older or custom version that does not use our version information.</p>",
+      "documentation":"<p>Amazon ECS can't determine the current version of the Amazon ECS container agent on the container instance and doesn't have enough information to proceed with an update. This could be because the agent running on the container instance is a previous or custom version that doesn't use our version information.</p>",
       "exception":true
     },
     "MountPoint":{
@@ -3715,7 +3775,7 @@
           "documentation":"<p>If this value is <code>true</code>, the container has read-only access to the volume. If this value is <code>false</code>, then the container can write to the volume. The default value is <code>false</code>.</p>"
         }
       },
-      "documentation":"<p>Details on a volume mount point that is used in a container definition.</p>"
+      "documentation":"<p>Details for a volume mount point that's used in a container definition.</p>"
     },
     "MountPointList":{
       "type":"list",
@@ -3730,11 +3790,11 @@
         },
         "containerPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port number on the container that is used with the network binding.</p>"
+          "documentation":"<p>The port number on the container that's used with the network binding.</p>"
         },
         "hostPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port number on the host that is used with the network binding.</p>"
+          "documentation":"<p>The port number on the host that's used with the network binding.</p>"
         },
         "protocol":{
           "shape":"TransportProtocol",
@@ -3752,7 +3812,7 @@
       "members":{
         "awsvpcConfiguration":{
           "shape":"AwsVpcConfiguration",
-          "documentation":"<p>The VPC subnets and security groups associated with a task.</p> <note> <p>All specified subnets and security groups must be from the same VPC.</p> </note>"
+          "documentation":"<p>The VPC subnets and security groups that are associated with a task.</p> <note> <p>All specified subnets and security groups must be from the same VPC.</p> </note>"
         }
       },
       "documentation":"<p>An object representing the network configuration for a task or service.</p>"
@@ -3792,7 +3852,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>There is no update available for this Amazon ECS container agent. This could be because the agent is already running the latest version, or it is so old that there is no update path to the current version.</p>",
+      "documentation":"<p>There's no update available for this Amazon ECS container agent. This might be because the agent is already running the latest version or because it's so old that there's no update path to the current version.</p>",
       "exception":true
     },
     "OSFamily":{
@@ -3827,7 +3887,7 @@
           "documentation":"<p>A cluster query language expression to apply to the constraint. The expression can have a maximum length of 2000 characters. You can't specify an expression if the constraint type is <code>distinctInstance</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html\">Cluster query language</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         }
       },
-      "documentation":"<p>An object representing a constraint on task placement. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html\">Task Placement Constraints</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>If you are using the Fargate launch type, task placement constraints are not supported.</p> </note>"
+      "documentation":"<p>An object representing a constraint on task placement. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html\">Task Placement Constraints</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>If you're using the Fargate launch type, task placement constraints aren't supported.</p> </note>"
     },
     "PlacementConstraintType":{
       "type":"string",
@@ -3849,11 +3909,11 @@
       "members":{
         "type":{
           "shape":"PlacementStrategyType",
-          "documentation":"<p>The type of placement strategy. The <code>random</code> placement strategy randomly places tasks on available candidates. The <code>spread</code> placement strategy spreads placement across available candidates evenly based on the <code>field</code> parameter. The <code>binpack</code> strategy places tasks on available candidates that have the least available amount of the resource that is specified with the <code>field</code> parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory (but still enough to run the task).</p>"
+          "documentation":"<p>The type of placement strategy. The <code>random</code> placement strategy randomly places tasks on available candidates. The <code>spread</code> placement strategy spreads placement across available candidates evenly based on the <code>field</code> parameter. The <code>binpack</code> strategy places tasks on available candidates that have the least available amount of the resource that's specified with the <code>field</code> parameter. For example, if you binpack on memory, a task is placed on the instance with the least amount of remaining memory but still enough to run the task.</p>"
         },
         "field":{
           "shape":"String",
-          "documentation":"<p>The field to apply the placement strategy against. For the <code>spread</code> placement strategy, valid values are <code>instanceId</code> (or <code>host</code>, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as <code>attribute:ecs.availability-zone</code>. For the <code>binpack</code> placement strategy, valid values are <code>cpu</code> and <code>memory</code>. For the <code>random</code> placement strategy, this field is not used.</p>"
+          "documentation":"<p>The field to apply the placement strategy against. For the <code>spread</code> placement strategy, valid values are <code>instanceId</code> (or <code>host</code>, which has the same effect), or any platform or custom attribute that's applied to a container instance, such as <code>attribute:ecs.availability-zone</code>. For the <code>binpack</code> placement strategy, valid values are <code>cpu</code> and <code>memory</code>. For the <code>random</code> placement strategy, this field is not used.</p>"
         }
       },
       "documentation":"<p>The task placement strategy for a task or service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html\">Task Placement Strategies</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
@@ -3875,11 +3935,11 @@
       "members":{
         "id":{
           "shape":"String",
-          "documentation":"<p>The ID for the GPU(s) on the container instance. The available GPU IDs can also be obtained on the container instance in the <code>/var/lib/ecs/gpu/nvidia_gpu_info.json</code> file.</p>"
+          "documentation":"<p>The ID for the GPUs on the container instance. The available GPU IDs can also be obtained on the container instance in the <code>/var/lib/ecs/gpu/nvidia_gpu_info.json</code> file.</p>"
         },
         "type":{
           "shape":"PlatformDeviceType",
-          "documentation":"<p>The type of device that is available on the container instance. The only supported value is <code>GPU</code>.</p>"
+          "documentation":"<p>The type of device that's available on the container instance. The only supported value is <code>GPU</code>.</p>"
         }
       },
       "documentation":"<p>The devices that are available on the container instance. The only supported device type is a GPU.</p>"
@@ -3896,14 +3956,14 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified platform version does not satisfy the task definition's required capabilities.</p>",
+      "documentation":"<p>The specified platform version doesn't satisfy the required capabilities of the task definition.</p>",
       "exception":true
     },
     "PlatformUnknownException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified platform version does not exist.</p>",
+      "documentation":"<p>The specified platform version doesn't exist.</p>",
       "exception":true
     },
     "PortMapping":{
@@ -3911,18 +3971,18 @@
       "members":{
         "containerPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port number on the container that is bound to the user-specified or automatically assigned host port.</p> <p>If you are using containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, exposed ports should be specified using <code>containerPort</code>.</p> <p>If you are using containers in a task with the <code>bridge</code> network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see <code>hostPort</code>. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.</p>"
+          "documentation":"<p>The port number on the container that's bound to the user-specified or automatically assigned host port.</p> <p>If you use containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, specify the exposed ports using <code>containerPort</code>.</p> <p>If you use containers in a task with the <code>bridge</code> network mode and you specify a container port and not a host port, your container automatically receives a host port in the ephemeral port range. For more information, see <code>hostPort</code>. Port mappings that are automatically assigned in this way do not count toward the 100 reserved ports limit of a container instance.</p>"
         },
         "hostPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port number on the container instance to reserve for your container.</p> <p>If you are using containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, the <code>hostPort</code> can either be left blank or set to the same value as the <code>containerPort</code>.</p> <p>If you are using containers in a task with the <code>bridge</code> network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the <code>hostPort</code> (or set it to <code>0</code>) while specifying a <code>containerPort</code> and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.</p> <p>The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under <code>/proc/sys/net/ipv4/ip_local_port_range</code>. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.</p> <note> <p>The default ephemeral port range from 49153 through 65535 is always used for Docker versions before 1.6.0.</p> </note> <p>The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running (after a task stops, the host port is released). The current reserved ports are displayed in the <code>remainingResources</code> of <a>DescribeContainerInstances</a> output. A container instance can have up to 100 reserved ports at a time, including the default reserved ports. Automatically assigned ports don't count toward the 100 reserved ports limit.</p>"
+          "documentation":"<p>The port number on the container instance to reserve for your container.</p> <p>If you use containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, the <code>hostPort</code> can either be left blank or set to the same value as the <code>containerPort</code>.</p> <p>If you use containers in a task with the <code>bridge</code> network mode, you can specify a non-reserved host port for your container port mapping, or you can omit the <code>hostPort</code> (or set it to <code>0</code>) while specifying a <code>containerPort</code> and your container automatically receives a port in the ephemeral port range for your container instance operating system and Docker version.</p> <p>The default ephemeral port range for Docker version 1.6.0 and later is listed on the instance under <code>/proc/sys/net/ipv4/ip_local_port_range</code>. If this kernel parameter is unavailable, the default ephemeral port range from 49153 through 65535 is used. Do not attempt to specify a host port in the ephemeral port range as these are reserved for automatic assignment. In general, ports below 32768 are outside of the ephemeral port range.</p> <note> <p>The default ephemeral port range from 49153 through 65535 is always used for Docker versions before 1.6.0.</p> </note> <p>The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the Amazon ECS container agent ports 51678-51680. Any host port that was previously specified in a running task is also reserved while the task is running. That is, after a task stops, the host port is released. The current reserved ports are displayed in the <code>remainingResources</code> of <a>DescribeContainerInstances</a> output. A container instance can have up to 100 reserved ports at a time. This number includes the default reserved ports. Automatically assigned ports aren't included in the 100 reserved ports quota.</p>"
         },
         "protocol":{
           "shape":"TransportProtocol",
           "documentation":"<p>The protocol used for the port mapping. Valid values are <code>tcp</code> and <code>udp</code>. The default is <code>tcp</code>.</p>"
         }
       },
-      "documentation":"<p>Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.</p> <p>If you are using containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, exposed ports should be specified using <code>containerPort</code>. The <code>hostPort</code> can be left blank or it must be the same value as the <code>containerPort</code>.</p> <note> <p>You cannot expose the same container port for multiple protocols. An error will be returned if this is attempted</p> </note> <p>After a task reaches the <code>RUNNING</code> status, manual and automatic host and container port assignments are visible in the <code>networkBindings</code> section of <a>DescribeTasks</a> API responses.</p>"
+      "documentation":"<p>Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.</p> <p>If you use containers in a task with the <code>awsvpc</code> or <code>host</code> network mode, specify the exposed ports using <code>containerPort</code>. The <code>hostPort</code> can be left blank or it must be the same value as the <code>containerPort</code>.</p> <note> <p>You can't expose the same container port for multiple protocols. If you attempt this, an error is returned.</p> </note> <p>After a task reaches the <code>RUNNING</code> status, manual and automatic host and container port assignments are visible in the <code>networkBindings</code> section of <a>DescribeTasks</a> API responses.</p>"
     },
     "PortMappingList":{
       "type":"list",
@@ -3952,7 +4012,7 @@
           "documentation":"<p>The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs.</p> <ul> <li> <p> <code>IgnoredUID</code> - (Required) The user ID (UID) of the proxy container as defined by the <code>user</code> parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If <code>IgnoredGID</code> is specified, this field can be empty.</p> </li> <li> <p> <code>IgnoredGID</code> - (Required) The group ID (GID) of the proxy container as defined by the <code>user</code> parameter in a container definition. This is used to ensure the proxy ignores its own traffic. If <code>IgnoredUID</code> is specified, this field can be empty.</p> </li> <li> <p> <code>AppPorts</code> - (Required) The list of ports that the application uses. Network traffic to these ports is forwarded to the <code>ProxyIngressPort</code> and <code>ProxyEgressPort</code>.</p> </li> <li> <p> <code>ProxyIngressPort</code> - (Required) Specifies the port that incoming traffic to the <code>AppPorts</code> is directed to.</p> </li> <li> <p> <code>ProxyEgressPort</code> - (Required) Specifies the port that outgoing traffic from the <code>AppPorts</code> is directed to.</p> </li> <li> <p> <code>EgressIgnoredPorts</code> - (Required) The egress traffic going to the specified ports is ignored and not redirected to the <code>ProxyEgressPort</code>. It can be an empty list.</p> </li> <li> <p> <code>EgressIgnoredIPs</code> - (Required) The egress traffic going to the specified IP addresses is ignored and not redirected to the <code>ProxyEgressPort</code>. It can be an empty list.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>The configuration details for the App Mesh proxy.</p> <p>For tasks using the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the <code>ecs-init</code> package to enable a proxy configuration. If your container instances are launched from the Amazon ECS-optimized AMI version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> </p>"
+      "documentation":"<p>The configuration details for the App Mesh proxy.</p> <p>For tasks that use the EC2 launch type, the container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the <code>ecs-init</code> package to enable a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> </p>"
     },
     "ProxyConfigurationProperties":{
       "type":"list",
@@ -4028,7 +4088,7 @@
         },
         "attributes":{
           "shape":"Attributes",
-          "documentation":"<p>The attributes to apply to your resource. You can specify up to 10 custom attributes per resource. You can specify up to 10 attributes in a single call.</p>"
+          "documentation":"<p>The attributes to apply to your resource. You can specify up to 10 custom attributes for each resource. You can specify up to 10 attributes in a single call.</p>"
         }
       }
     },
@@ -4051,7 +4111,7 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster to modify the capacity provider settings for. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster to modify the capacity provider settings for. If you don't specify a cluster, the default cluster is assumed.</p>"
         },
         "capacityProviders":{
           "shape":"StringList",
@@ -4077,7 +4137,7 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster with which to register your container instance. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster to register your container instance with. If you do not specify a cluster, the default cluster is assumed.</p>"
         },
         "instanceIdentityDocument":{
           "shape":"String",
@@ -4093,7 +4153,7 @@
         },
         "versionInfo":{
           "shape":"VersionInfo",
-          "documentation":"<p>The version information for the Amazon ECS container agent and Docker daemon running on the container instance.</p>"
+          "documentation":"<p>The version information for the Amazon ECS container agent and Docker daemon that runs on the container instance.</p>"
         },
         "containerInstanceArn":{
           "shape":"String",
@@ -4109,7 +4169,7 @@
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the container instance to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the container instance to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       }
     },
@@ -4131,7 +4191,7 @@
       "members":{
         "family":{
           "shape":"String",
-          "documentation":"<p>You must specify a <code>family</code> for a task definition, which allows you to track multiple versions of the same task definition. The <code>family</code> is used as a name for your task definition. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.</p>"
+          "documentation":"<p>You must specify a <code>family</code> for a task definition. You can use it track multiple versions of the same task definition. The <code>family</code> is used as a name for your task definition. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.</p>"
         },
         "taskRoleArn":{
           "shape":"String",
@@ -4151,27 +4211,27 @@
         },
         "volumes":{
           "shape":"VolumeList",
-          "documentation":"<p>A list of volume definitions in JSON format that containers in your task may use.</p>"
+          "documentation":"<p>A list of volume definitions in JSON format that containers in your task might use.</p>"
         },
         "placementConstraints":{
           "shape":"TaskDefinitionPlacementConstraints",
-          "documentation":"<p>An array of placement constraint objects to use for the task. You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at runtime).</p>"
+          "documentation":"<p>An array of placement constraint objects to use for the task. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.</p>"
         },
         "requiresCompatibilities":{
           "shape":"CompatibilityList",
-          "documentation":"<p>The task launch type that Amazon ECS should validate the task definition against. A client exception is returned if the task definition doesn't validate against the compatibilities specified. If no value is specified, the parameter is omitted from the response.</p>"
+          "documentation":"<p>The task launch type that Amazon ECS validates the task definition against. A client exception is returned if the task definition doesn't validate against the compatibilities specified. If no value is specified, the parameter is omitted from the response.</p>"
         },
         "cpu":{
           "shape":"String",
-          "documentation":"<p>The number of CPU units used by the task. It can be expressed as an integer using CPU units, for example <code>1024</code>, or as a string using vCPUs, for example <code>1 vCPU</code> or <code>1 vcpu</code>, in a task definition. String values are converted to an integer indicating the CPU units when the task definition is registered.</p> <note> <p>Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.</p> </note> <p>If you are using the EC2 launch type, this field is optional. Supported values are between <code>128</code> CPU units (<code>0.125</code> vCPUs) and <code>10240</code> CPU units (<code>10</code> vCPUs).</p> <p>If you are using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the <code>memory</code> parameter:</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
+          "documentation":"<p>The number of CPU units used by the task. It can be expressed as an integer using CPU units (for example, <code>1024</code>) or as a string using vCPUs (for example, <code>1 vCPU</code> or <code>1 vcpu</code>) in a task definition. String values are converted to an integer indicating the CPU units when the task definition is registered.</p> <note> <p>Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.</p> </note> <p>If you're using the EC2 launch type, this field is optional. Supported values are between <code>128</code> CPU units (<code>0.125</code> vCPUs) and <code>10240</code> CPU units (<code>10</code> vCPUs).</p> <p>If you're using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the <code>memory</code> parameter:</p> <p>The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
         },
         "memory":{
           "shape":"String",
-          "documentation":"<p>The amount of memory (in MiB) used by the task. It can be expressed as an integer using MiB, for example <code>1024</code>, or as a string using GB, for example <code>1GB</code> or <code>1 GB</code>, in a task definition. String values are converted to an integer indicating the MiB when the task definition is registered.</p> <note> <p>Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.</p> </note> <p>If using the EC2 launch type, this field is optional.</p> <p>If using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the <code>cpu</code> parameter:</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
+          "documentation":"<p>The amount of memory (in MiB) used by the task. It can be expressed as an integer using MiB (for example ,<code>1024</code>) or as a string using GB (for example, <code>1GB</code> or <code>1 GB</code>) in a task definition. String values are converted to an integer indicating the MiB when the task definition is registered.</p> <note> <p>Task-level CPU and memory parameters are ignored for Windows containers. We recommend specifying container-level resources for Windows containers.</p> </note> <p>If using the EC2 launch type, this field is optional.</p> <p>If using the Fargate launch type, this field is required and you must use one of the following values. This determines your range of supported values for the <code>cpu</code> parameter.</p> <p>The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         },
         "pidMode":{
           "shape":"PidMode",
@@ -4218,7 +4278,7 @@
       "members":{
         "credentialsParameter":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the secret containing the private repository credentials.</p> <note> <p>When you are using the Amazon ECS API, CLI, or Amazon Web Services SDK, if the secret exists in the same Region as the task that you are launching then you can use either the full ARN or the name of the secret. When you are using the Amazon Web Services Management Console, you must specify the full ARN of the secret.</p> </note>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the secret containing the private repository credentials.</p> <note> <p>When you use the Amazon ECS API, CLI, or Amazon Web Services SDK, if the secret exists in the same Region as the task that you're launching then you can use either the full ARN or the name of the secret. When you use the Amazon Web Services Management Console, you must specify the full ARN of the secret.</p> </note>"
         }
       },
       "documentation":"<p>The repository credentials for private registry authentication.</p>"
@@ -4236,7 +4296,7 @@
         },
         "type":{
           "shape":"String",
-          "documentation":"<p>The type of the resource, such as <code>INTEGER</code>, <code>DOUBLE</code>, <code>LONG</code>, or <code>STRINGSET</code>.</p>"
+          "documentation":"<p>The type of the resource. Valid values: <code>INTEGER</code>, <code>DOUBLE</code>, <code>LONG</code>, or <code>STRINGSET</code>.</p>"
         },
         "doubleValue":{
           "shape":"Double",
@@ -4261,14 +4321,14 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified resource is in-use and cannot be removed.</p>",
+      "documentation":"<p>The specified resource is in-use and can't be removed.</p>",
       "exception":true
     },
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified resource could not be found.</p>",
+      "documentation":"<p>The specified resource wasn't found.</p>",
       "exception":true
     },
     "ResourceRequirement":{
@@ -4280,7 +4340,7 @@
       "members":{
         "value":{
           "shape":"String",
-          "documentation":"<p>The value for the specified resource type.</p> <p>If the <code>GPU</code> type is used, the value is the number of physical <code>GPUs</code> the Amazon ECS container agent will reserve for the container. The number of GPUs reserved for all containers in a task should not exceed the number of available GPUs on the container instance the task is launched on.</p> <p>If the <code>InferenceAccelerator</code> type is used, the <code>value</code> should match the <code>deviceName</code> for an <a>InferenceAccelerator</a> specified in a task definition.</p>"
+          "documentation":"<p>The value for the specified resource type.</p> <p>If the <code>GPU</code> type is used, the value is the number of physical <code>GPUs</code> the Amazon ECS container agent reserves for the container. The number of GPUs that's reserved for all containers in a task can't exceed the number of available GPUs on the container instance that the task is launched on.</p> <p>If the <code>InferenceAccelerator</code> type is used, the <code>value</code> matches the <code>deviceName</code> for an <a>InferenceAccelerator</a> specified in a task definition.</p>"
         },
         "type":{
           "shape":"ResourceType",
@@ -4314,11 +4374,11 @@
         },
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster on which to run your task. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster to run your task on. If you do not specify a cluster, the default cluster is assumed.</p>"
         },
         "count":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The number of instantiations of the specified task to place on your cluster. You can specify up to 10 tasks per call.</p>"
+          "documentation":"<p>The number of instantiations of the specified task to place on your cluster. You can specify up to 10 tasks for each call.</p>"
         },
         "enableECSManagedTags":{
           "shape":"Boolean",
@@ -4326,7 +4386,7 @@
         },
         "enableExecuteCommand":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not to enable the execute command functionality for the containers in this task. If <code>true</code>, this enables execute command functionality on all containers in the task.</p>"
+          "documentation":"<p>Determines whether to enable the execute command functionality for the containers in this task. If <code>true</code>, this enables execute command functionality on all containers in the task.</p>"
         },
         "group":{
           "shape":"String",
@@ -4334,31 +4394,31 @@
         },
         "launchType":{
           "shape":"LaunchType",
-          "documentation":"<p>The infrastructure on which to run your standalone task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>The <code>FARGATE</code> launch type runs your tasks on Fargate On-Demand infrastructure.</p> <note> <p>Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-capacity-providers.html\">Fargate capacity providers</a> in the <i>Amazon ECS User Guide for Fargate</i>.</p> </note> <p>The <code>EC2</code> launch type runs your tasks on Amazon EC2 instances registered to your cluster.</p> <p>The <code>EXTERNAL</code> launch type runs your tasks on your on-premise server or virtual machine (VM) capacity registered to your cluster.</p> <p>A task can use either a launch type or a capacity provider strategy. If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p> <p>When you use cluster auto scaling, you must specify <code>capacityProviderStrategy</code> and not <code>launchType</code>. </p>"
+          "documentation":"<p>The infrastructure to run your standalone task on. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>The <code>FARGATE</code> launch type runs your tasks on Fargate On-Demand infrastructure.</p> <note> <p>Fargate Spot infrastructure is available for use but a capacity provider strategy must be used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-capacity-providers.html\">Fargate capacity providers</a> in the <i>Amazon ECS User Guide for Fargate</i>.</p> </note> <p>The <code>EC2</code> launch type runs your tasks on Amazon EC2 instances registered to your cluster.</p> <p>The <code>EXTERNAL</code> launch type runs your tasks on your on-premises server or virtual machine (VM) capacity registered to your cluster.</p> <p>A task can use either a launch type or a capacity provider strategy. If a <code>launchType</code> is specified, the <code>capacityProviderStrategy</code> parameter must be omitted.</p> <p>When you use cluster auto scaling, you must specify <code>capacityProviderStrategy</code> and not <code>launchType</code>. </p>"
         },
         "networkConfiguration":{
           "shape":"NetworkConfiguration",
-          "documentation":"<p>The network configuration for the task. This parameter is required for task definitions that use the <code>awsvpc</code> network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The network configuration for the task. This parameter is required for task definitions that use the <code>awsvpc</code> network mode to receive their own elastic network interface, and it isn't supported for other network modes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html\">Task networking</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "overrides":{
           "shape":"TaskOverride",
-          "documentation":"<p>A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it should receive. You can override the default command for a container (that is specified in the task definition or Docker image) with a <code>command</code> override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an <code>environment</code> override.</p> <p>A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.</p>"
+          "documentation":"<p>A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it should receive. You can override the default command for a container (that's specified in the task definition or Docker image) with a <code>command</code> override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an <code>environment</code> override.</p> <p>A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.</p>"
         },
         "placementConstraints":{
           "shape":"PlacementConstraints",
-          "documentation":"<p>An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime).</p>"
+          "documentation":"<p>An array of placement constraint objects to use for the task. You can specify up to 10 constraints for each task (including constraints in the task definition and those specified at runtime).</p>"
         },
         "placementStrategy":{
           "shape":"PlacementStrategies",
-          "documentation":"<p>The placement strategy objects to use for the task. You can specify a maximum of 5 strategy rules per task.</p>"
+          "documentation":"<p>The placement strategy objects to use for the task. You can specify a maximum of 5 strategy rules for each task.</p>"
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version the task should use. A platform version is only specified for tasks hosted on Fargate. If one is not specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version the task uses. A platform version is only specified for tasks hosted on Fargate. If one isn't specified, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "propagateTags":{
           "shape":"PropagateTags",
-          "documentation":"<p>Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the <a>TagResource</a> API action.</p> <note> <p>An error will be received if you specify the <code>SERVICE</code> option when running a task.</p> </note>"
+          "documentation":"<p>Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the <a>TagResource</a> API action.</p> <note> <p>An error will be received if you specify the <code>SERVICE</code> option when running a task.</p> </note>"
         },
         "referenceId":{
           "shape":"String",
@@ -4366,7 +4426,7 @@
         },
         "startedBy":{
           "shape":"String",
-          "documentation":"<p>An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the <code>startedBy</code> parameter. You can then identify which tasks belong to that job by filtering the results of a <a>ListTasks</a> call with the <code>startedBy</code> value. Up to 36 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p> <p>If a task is started by an Amazon ECS service, then the <code>startedBy</code> parameter contains the deployment ID of the service that starts it.</p>"
+          "documentation":"<p>An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the <code>startedBy</code> parameter. You can then identify which tasks belong to that job by filtering the results of a <a>ListTasks</a> call with the <code>startedBy</code> value. Up to 36 letters (uppercase and lowercase), numbers, hyphens (-), and underscores (_) are allowed.</p> <p>If a task is started by an Amazon ECS service, then the <code>startedBy</code> parameter contains the deployment ID of the service that starts it.</p>"
         },
         "tags":{
           "shape":"Tags",
@@ -4374,7 +4434,7 @@
         },
         "taskDefinition":{
           "shape":"String",
-          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to run. If a <code>revision</code> is not specified, the latest <code>ACTIVE</code> revision is used.</p> <p>The full ARN value must match the value that you specified ias the <code>Resource</code> of the IAM principal's permissions policy. For example, if the <code>Resource</code> is arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*, the <code>taskDefinition</code> ARN value must be <code>arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName</code>.</p>"
+          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to run. If a <code>revision</code> isn't specified, the latest <code>ACTIVE</code> revision is used.</p> <p>The full ARN value must match the value that you specified as the <code>Resource</code> of the IAM principal's permissions policy. For example, if the <code>Resource</code> is arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*, the <code>taskDefinition</code> ARN value must be <code>arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName</code>.</p>"
         }
       }
     },
@@ -4396,14 +4456,14 @@
       "members":{
         "cpuArchitecture":{
           "shape":"CPUArchitecture",
-          "documentation":"<p>The CPU architecture.</p>"
+          "documentation":"<p>The CPU architecture.</p> <p>You can run your Linux tasks on an ARM-based platform by setting the value to <code>ARM64</code>. This option is avaiable for tasks that run on Linuc Amazon EC2 instance or Linux containers on Fargate.</p>"
         },
         "operatingSystemFamily":{
           "shape":"OSFamily",
           "documentation":"<p>The operating system.</p>"
         }
       },
-      "documentation":"<p>Information about the platform for the Amazon ECS service or task.</p>"
+      "documentation":"<p>Information about the platform for the Amazon ECS service or task.</p> <p>For more informataion about <code>RuntimePlatform</code>, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#runtime-platform\">RuntimePlatform</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
     },
     "Scale":{
       "type":"structure",
@@ -4450,7 +4510,7 @@
         },
         "valueFrom":{
           "shape":"String",
-          "documentation":"<p>The secret to expose to the container. The supported values are either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.</p> <note> <p>If the SSM Parameter Store parameter exists in the same Region as the task you are launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.</p> </note>"
+          "documentation":"<p>The secret to expose to the container. The supported values are either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.</p> <note> <p>If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.</p> </note>"
         }
       },
       "documentation":"<p>An object representing the secret to expose to your container. Secrets can be exposed to a container in the following ways:</p> <ul> <li> <p>To inject sensitive data into your containers as environment variables, use the <code>secrets</code> container definition parameter.</p> </li> <li> <p>To reference sensitive information in the log configuration of a container, use the <code>secretOptions</code> container definition parameter.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html\">Specifying Sensitive Data</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
@@ -4481,7 +4541,7 @@
         },
         "serviceName":{
           "shape":"String",
-          "documentation":"<p>The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.</p>"
+          "documentation":"<p>The name of your service. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. Service names must be unique within a cluster. However, you can have similarly named services in multiple clusters within a Region or across multiple Regions.</p>"
         },
         "clusterArn":{
           "shape":"String",
@@ -4489,11 +4549,11 @@
         },
         "loadBalancers":{
           "shape":"LoadBalancers",
-          "documentation":"<p>A list of Elastic Load Balancing load balancer objects, containing the load balancer name, the container name (as it appears in a container definition), and the container port to access from the load balancer.</p>"
+          "documentation":"<p>A list of Elastic Load Balancing load balancer objects. It contains the load balancer name, the container name, and the container port to access from the load balancer. The container name is as it appears in a container definition.</p>"
         },
         "serviceRegistries":{
           "shape":"ServiceRegistries",
-          "documentation":"<p>The details of the service discovery registries to assign to this service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service Discovery</a>.</p>"
+          "documentation":"<p>The details for the service discovery registries to assign to this service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service Discovery</a>.</p>"
         },
         "status":{
           "shape":"String",
@@ -4517,15 +4577,15 @@
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
-          "documentation":"<p>The capacity provider strategy the service is using. When using the DescribeServices API, this field is omitted if the service was created using a launch type.</p>"
+          "documentation":"<p>The capacity provider strategy the service uses. When using the DescribeServices API, this field is omitted if the service was created using a launch type.</p>"
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version on which to run your service. A platform version is only specified for tasks hosted on Fargate. If one is not specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version to run your service on. A platform version is only specified for tasks that are hosted on Fargate. If one isn't specified, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "platformFamily":{
           "shape":"String",
-          "documentation":"<p>The operating system that your tasks in the service are running on. A platform family is specified only for tasks using the Fargate launch type. </p> <p> All tasks that run as part of this service must use the same <code>platformFamily</code> value as the service, for example, <code>LINUX</code>.</p>"
+          "documentation":"<p>The operating system that your tasks in the service run on. A platform family is specified only for tasks using the Fargate launch type. </p> <p> All tasks that run as part of this service must use the same <code>platformFamily</code> value as the service (for example, <code>LINUX</code>).</p>"
         },
         "taskDefinition":{
           "shape":"String",
@@ -4545,7 +4605,7 @@
         },
         "roleArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the IAM role associated with the service that allows the Amazon ECS container agent to register container instances with an Elastic Load Balancing load balancer.</p>"
+          "documentation":"<p>The ARN of the IAM role that's associated with the service. It allows the Amazon ECS container agent to register container instances with an Elastic Load Balancing load balancer.</p>"
         },
         "events":{
           "shape":"ServiceEvents",
@@ -4553,7 +4613,7 @@
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the service was created.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the service was created.</p>"
         },
         "placementConstraints":{
           "shape":"PlacementConstraints",
@@ -4573,15 +4633,15 @@
         },
         "schedulingStrategy":{
           "shape":"SchedulingStrategy",
-          "documentation":"<p>The scheduling strategy to use for the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Services</a>.</p> <p>There are two service scheduler strategies available:</p> <ul> <li> <p> <code>REPLICA</code>-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions.</p> </li> <li> <p> <code>DAEMON</code>-The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks and will stop tasks that do not meet the placement constraints.</p> <note> <p>Fargate tasks do not support the <code>DAEMON</code> scheduling strategy.</p> </note> </li> </ul>"
+          "documentation":"<p>The scheduling strategy to use for the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html\">Services</a>.</p> <p>There are two service scheduler strategies available.</p> <ul> <li> <p> <code>REPLICA</code>-The replica scheduling strategy places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions.</p> </li> <li> <p> <code>DAEMON</code>-The daemon scheduling strategy deploys exactly one task on each active container instance. This taskmeets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It stop tasks that don't meet the placement constraints.</p> <note> <p>Fargate tasks don't support the <code>DAEMON</code> scheduling strategy.</p> </note> </li> </ul>"
         },
         "deploymentController":{
           "shape":"DeploymentController",
-          "documentation":"<p>The deployment controller type the service is using. When using the DescribeServices API, this field is omitted if the service is using the <code>ECS</code> deployment controller type.</p>"
+          "documentation":"<p>The deployment controller type the service is using. When using the DescribeServices API, this field is omitted if the service uses the <code>ECS</code> deployment controller type.</p>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the service to help you categorize and organize them. Each tag consists of a key and an optional value. You define bot the key and value.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         },
         "createdBy":{
           "shape":"String",
@@ -4589,15 +4649,15 @@
         },
         "enableECSManagedTags":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether to enable Amazon ECS managed tags for the tasks in the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html\">Tagging Your Amazon ECS Resources</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>Determines whether to enable Amazon ECS managed tags for the tasks in the service. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html\">Tagging Your Amazon ECS Resources</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "propagateTags":{
           "shape":"PropagateTags",
-          "documentation":"<p>Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags are not propagated.</p>"
+          "documentation":"<p>Determines whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.</p>"
         },
         "enableExecuteCommand":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not the execute command functionality is enabled for the service. If <code>true</code>, the execute command functionality is enabled for all containers in tasks as part of the service.</p>"
+          "documentation":"<p>Determines whether the execute command functionality is enabled for the service. If <code>true</code>, the execute command functionality is enabled for all containers in tasks as part of the service.</p>"
         }
       },
       "documentation":"<p>Details on a service within a cluster</p>"
@@ -4607,18 +4667,18 @@
       "members":{
         "id":{
           "shape":"String",
-          "documentation":"<p>The ID string of the event.</p>"
+          "documentation":"<p>The ID string for the event.</p>"
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the event was triggered.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the event was triggered.</p>"
         },
         "message":{
           "shape":"String",
           "documentation":"<p>The event message.</p>"
         }
       },
-      "documentation":"<p>Details on an event associated with a service.</p>"
+      "documentation":"<p>The details for an event that's associated with a service.</p>"
     },
     "ServiceEvents":{
       "type":"list",
@@ -4636,14 +4696,14 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified service is not active. You can't update a service that is inactive. If you have previously deleted a service, you can re-create it with <a>CreateService</a>.</p>",
+      "documentation":"<p>The specified service isn't active. You can't update a service that's inactive. If you have previously deleted a service, you can re-create it with <a>CreateService</a>.</p>",
       "exception":true
     },
     "ServiceNotFoundException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified service could not be found. You can view your available services with <a>ListServices</a>. Amazon ECS services are cluster-specific and Region-specific.</p>",
+      "documentation":"<p>The specified service wasn't found. You can view your available services with <a>ListServices</a>. Amazon ECS services are cluster specific and Region specific.</p>",
       "exception":true
     },
     "ServiceRegistries":{
@@ -4659,18 +4719,18 @@
         },
         "port":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port value used if your service discovery service specified an SRV record. This field may be used if both the <code>awsvpc</code> network mode and SRV records are used.</p>"
+          "documentation":"<p>The port value used if your service discovery service specified an SRV record. This field might be used if both the <code>awsvpc</code> network mode and SRV records are used.</p>"
         },
         "containerName":{
           "shape":"String",
-          "documentation":"<p>The container name value, already specified in the task definition, to be used for your service discovery service. If the task definition that your service task specifies uses the <code>bridge</code> or <code>host</code> network mode, you must specify a <code>containerName</code> and <code>containerPort</code> combination from the task definition. If the task definition that your service task specifies uses the <code>awsvpc</code> network mode and a type SRV DNS record is used, you must specify either a <code>containerName</code> and <code>containerPort</code> combination or a <code>port</code> value, but not both.</p>"
+          "documentation":"<p>The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the <code>bridge</code> or <code>host</code> network mode, you must specify a <code>containerName</code> and <code>containerPort</code> combination from the task definition. If the task definition that your service task specifies uses the <code>awsvpc</code> network mode and a type SRV DNS record is used, you must specify either a <code>containerName</code> and <code>containerPort</code> combination or a <code>port</code> value. However, you can't specify both.</p>"
         },
         "containerPort":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The port value, already specified in the task definition, to be used for your service discovery service. If the task definition your service task specifies uses the <code>bridge</code> or <code>host</code> network mode, you must specify a <code>containerName</code> and <code>containerPort</code> combination from the task definition. If the task definition your service task specifies uses the <code>awsvpc</code> network mode and a type SRV DNS record is used, you must specify either a <code>containerName</code> and <code>containerPort</code> combination or a <code>port</code> value, but not both.</p>"
+          "documentation":"<p>The port value to be used for your service discovery service. It's already specified in the task definition. If the task definition your service task specifies uses the <code>bridge</code> or <code>host</code> network mode, you must specify a <code>containerName</code> and <code>containerPort</code> combination from the task definition. If the task definition your service task specifies uses the <code>awsvpc</code> network mode and a type SRV DNS record is used, you must specify either a <code>containerName</code> and <code>containerPort</code> combination or a <code>port</code> value. However, you can't specify both.</p>"
         }
       },
-      "documentation":"<p>Details of the service registry.</p>"
+      "documentation":"<p>The details for the service registry.</p>"
     },
     "Services":{
       "type":"list",
@@ -4689,10 +4749,10 @@
         },
         "tokenValue":{
           "shape":"SensitiveString",
-          "documentation":"<p>An encrypted token value containing session and caller information. Used to authenticate the connection to the container.</p>"
+          "documentation":"<p>An encrypted token value containing session and caller information. It's used to authenticate the connection to the container.</p>"
         }
       },
-      "documentation":"<p>The details of the execute command session.</p>"
+      "documentation":"<p>The details for the execute command session.</p>"
     },
     "Setting":{
       "type":"structure",
@@ -4703,11 +4763,11 @@
         },
         "value":{
           "shape":"String",
-          "documentation":"<p>Whether the account setting is enabled or disabled for the specified resource.</p>"
+          "documentation":"<p>Determines whether the account setting is enabled or disabled for the specified resource.</p>"
         },
         "principalArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.</p>"
+          "documentation":"<p>The ARN of the principal. It can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.</p>"
         }
       },
       "documentation":"<p>The current account setting for a resource.</p>"
@@ -4749,11 +4809,11 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster on which to start your task. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster where to start your task. If you do not specify a cluster, the default cluster is assumed.</p>"
         },
         "containerInstances":{
           "shape":"StringList",
-          "documentation":"<p>The container instance IDs or full ARN entries for the container instances on which you would like to place your task. You can specify up to 10 container instances.</p>"
+          "documentation":"<p>The container instance IDs or full ARN entries for the container instances where you would like to place your task. You can specify up to 10 container instances.</p>"
         },
         "enableECSManagedTags":{
           "shape":"Boolean",
@@ -4773,11 +4833,11 @@
         },
         "overrides":{
           "shape":"TaskOverride",
-          "documentation":"<p>A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it should receive. You can override the default command for a container (that is specified in the task definition or Docker image) with a <code>command</code> override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an <code>environment</code> override.</p> <note> <p>A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.</p> </note>"
+          "documentation":"<p>A list of container overrides in JSON format that specify the name of a container in the specified task definition and the overrides it receives. You can override the default command for a container (that's specified in the task definition or Docker image) with a <code>command</code> override. You can also override existing environment variables (that are specified in the task definition or Docker image) on a container or add new environment variables to it with an <code>environment</code> override.</p> <note> <p>A total of 8192 characters are allowed for overrides. This limit includes the JSON formatting characters of the override structure.</p> </note>"
         },
         "propagateTags":{
           "shape":"PropagateTags",
-          "documentation":"<p>Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags are not propagated.</p>"
+          "documentation":"<p>Specifies whether to propagate the tags from the task definition or the service to the task. If no value is specified, the tags aren't propagated.</p>"
         },
         "referenceId":{
           "shape":"String",
@@ -4785,7 +4845,7 @@
         },
         "startedBy":{
           "shape":"String",
-          "documentation":"<p>An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the <code>startedBy</code> parameter. You can then identify which tasks belong to that job by filtering the results of a <a>ListTasks</a> call with the <code>startedBy</code> value. Up to 36 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p> <p>If a task is started by an Amazon ECS service, then the <code>startedBy</code> parameter contains the deployment ID of the service that starts it.</p>"
+          "documentation":"<p>An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the <code>startedBy</code> parameter. You can then identify which tasks belong to that job by filtering the results of a <a>ListTasks</a> call with the <code>startedBy</code> value. Up to 36 letters (uppercase and lowercase), numbers, hyphens (-), and underscores (_) are allowed.</p> <p>If a task is started by an Amazon ECS service, the <code>startedBy</code> parameter contains the deployment ID of the service that starts it.</p>"
         },
         "tags":{
           "shape":"Tags",
@@ -4793,7 +4853,7 @@
         },
         "taskDefinition":{
           "shape":"String",
-          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to start. If a <code>revision</code> is not specified, the latest <code>ACTIVE</code> revision is used.</p>"
+          "documentation":"<p>The <code>family</code> and <code>revision</code> (<code>family:revision</code>) or full ARN of the task definition to start. If a <code>revision</code> isn't specified, the latest <code>ACTIVE</code> revision is used.</p>"
         }
       }
     },
@@ -4828,7 +4888,7 @@
         },
         "reason":{
           "shape":"String",
-          "documentation":"<p>An optional message specified when a task is stopped. For example, if you are using a custom scheduler, you can use this parameter to specify the reason for stopping the task here, and the message appears in subsequent <a>DescribeTasks</a> API operations on this task. Up to 255 characters are allowed in this message.</p>"
+          "documentation":"<p>An optional message specified when a task is stopped. For example, if you're using a custom scheduler, you can use this parameter to specify the reason for stopping the task here, and the message appears in subsequent <a>DescribeTasks</a> API operations on this task. Up to 255 characters are allowed in this message.</p>"
         }
       }
     },
@@ -4899,7 +4959,7 @@
         },
         "exitCode":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The exit code returned for the state change request.</p>"
+          "documentation":"<p>The exit code that's returned for the state change request.</p>"
         },
         "reason":{
           "shape":"String",
@@ -4941,7 +5001,7 @@
         },
         "containers":{
           "shape":"ContainerStateChanges",
-          "documentation":"<p>Any containers associated with the state change request.</p>"
+          "documentation":"<p>Any containers that's associated with the state change request.</p>"
         },
         "attachments":{
           "shape":"AttachmentStateChanges",
@@ -4949,19 +5009,19 @@
         },
         "managedAgents":{
           "shape":"ManagedAgentStateChanges",
-          "documentation":"<p>The details for the managed agent associated with the task.</p>"
+          "documentation":"<p>The details for the managed agent that's associated with the task.</p>"
         },
         "pullStartedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the container image pull began.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the container image pull started.</p>"
         },
         "pullStoppedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the container image pull completed.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the container image pull completed.</p>"
         },
         "executionStoppedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task execution stopped.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task execution stopped.</p>"
         }
       }
     },
@@ -4979,14 +5039,14 @@
       "members":{
         "namespace":{
           "shape":"String",
-          "documentation":"<p>The namespaced kernel parameter for which to set a <code>value</code>.</p>"
+          "documentation":"<p>The namespaced kernel parameter to set a <code>value</code> for.</p>"
         },
         "value":{
           "shape":"String",
-          "documentation":"<p>The value for the namespaced kernel parameter specified in <code>namespace</code>.</p>"
+          "documentation":"<p>The value for the namespaced kernel parameter that's specified in <code>namespace</code>.</p>"
         }
       },
-      "documentation":"<p>A list of namespaced kernel parameters to set in the container. This parameter maps to <code>Sysctls</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--sysctl</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>It is not recommended that you specify network-related <code>systemControls</code> parameters for multiple containers in a single task that also uses either the <code>awsvpc</code> or <code>host</code> network mode for the following reasons:</p> <ul> <li> <p>For tasks that use the <code>awsvpc</code> network mode, if you set <code>systemControls</code> for any container, it applies to all containers in the task. If you set different <code>systemControls</code> for multiple containers in a single task, the container that is started last determines which <code>systemControls</code> take effect.</p> </li> <li> <p>For tasks that use the <code>host</code> network mode, the <code>systemControls</code> parameter applies to the container instance's kernel parameter as well as that of all containers of any tasks running on that container instance.</p> </li> </ul>"
+      "documentation":"<p>A list of namespaced kernel parameters to set in the container. This parameter maps to <code>Sysctls</code> in the <a href=\"https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate\">Create a container</a> section of the <a href=\"https://docs.docker.com/engine/api/v1.35/\">Docker Remote API</a> and the <code>--sysctl</code> option to <a href=\"https://docs.docker.com/engine/reference/run/#security-configuration\">docker run</a>.</p> <p>We don't recommend that you specify network-related <code>systemControls</code> parameters for multiple containers in a single task. This task also uses either the <code>awsvpc</code> or <code>host</code> network mode. It does it for the following reasons.</p> <ul> <li> <p>For tasks that use the <code>awsvpc</code> network mode, if you set <code>systemControls</code> for any container, it applies to all containers in the task. If you set different <code>systemControls</code> for multiple containers in a single task, the container that's started last determines which <code>systemControls</code> take effect.</p> </li> <li> <p>For tasks that use the <code>host</code> network mode, the <code>systemControls</code> parameter applies to the container instance's kernel parameter and that of all containers of any tasks running on that container instance.</p> </li> </ul>"
     },
     "SystemControls":{
       "type":"list",
@@ -5004,7 +5064,7 @@
           "documentation":"<p>The optional part of a key-value pair that make up a tag. A <code>value</code> acts as a descriptor within a tag category (key).</p>"
         }
       },
-      "documentation":"<p>The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+      "documentation":"<p>The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value. You define them.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
     },
     "TagKey":{
       "type":"string",
@@ -5025,7 +5085,7 @@
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to which to add tags. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to add tags to. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.</p>"
         },
         "tags":{
           "shape":"Tags",
@@ -5054,14 +5114,14 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The target container is not properly configured with the execute command agent or the container is no longer active or running.</p>",
+      "documentation":"<p>The target container isn't properly configured with the execute command agent or the container is no longer active or running.</p>",
       "exception":true
     },
     "TargetNotFoundException":{
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified target could not be found. You can view your available container instances with <a>ListContainerInstances</a>. Amazon ECS container instances are cluster-specific and Region-specific.</p>",
+      "documentation":"<p>The specified target wasn't found. You can view your available container instances with <a>ListContainerInstances</a>. Amazon ECS container instances are cluster-specific and Region-specific.</p>",
       "exception":true
     },
     "TargetType":{
@@ -5073,7 +5133,7 @@
       "members":{
         "attachments":{
           "shape":"Attachments",
-          "documentation":"<p>The Elastic Network Adapter associated with the task if the task uses the <code>awsvpc</code> network mode.</p>"
+          "documentation":"<p>The Elastic Network Adapter that's associated with the task if the task uses the <code>awsvpc</code> network mode.</p>"
         },
         "attributes":{
           "shape":"Attributes",
@@ -5081,11 +5141,11 @@
         },
         "availabilityZone":{
           "shape":"String",
-          "documentation":"<p>The availability zone of the task.</p>"
+          "documentation":"<p>The Availability Zone for the task.</p>"
         },
         "capacityProviderName":{
           "shape":"String",
-          "documentation":"<p>The capacity provider associated with the task.</p>"
+          "documentation":"<p>The capacity provider that's associated with the task.</p>"
         },
         "clusterArn":{
           "shape":"String",
@@ -5097,7 +5157,7 @@
         },
         "connectivityAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task last went into <code>CONNECTED</code> status.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task last went into <code>CONNECTED</code> status.</p>"
         },
         "containerInstanceArn":{
           "shape":"String",
@@ -5105,15 +5165,15 @@
         },
         "containers":{
           "shape":"Containers",
-          "documentation":"<p>The containers associated with the task.</p>"
+          "documentation":"<p>The containers that's associated with the task.</p>"
         },
         "cpu":{
           "shape":"String",
-          "documentation":"<p>The number of CPU units used by the task as expressed in a task definition. It can be expressed as an integer using CPU units, for example <code>1024</code>. It can also be expressed as a string using vCPUs, for example <code>1 vCPU</code> or <code>1 vcpu</code>. String values are converted to an integer indicating the CPU units when the task definition is registered.</p> <p>If you are using the EC2 launch type, this field is optional. Supported values are between <code>128</code> CPU units (<code>0.125</code> vCPUs) and <code>10240</code> CPU units (<code>10</code> vCPUs).</p> <p>If you are using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the <code>memory</code> parameter:</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
+          "documentation":"<p>The number of CPU units used by the task as expressed in a task definition. It can be expressed as an integer using CPU units (for example, <code>1024</code>). It can also be expressed as a string using vCPUs (for example, <code>1 vCPU</code> or <code>1 vcpu</code>). String values are converted to an integer that indicates the CPU units when the task definition is registered.</p> <p>If you use the EC2 launch type, this field is optional. Supported values are between <code>128</code> CPU units (<code>0.125</code> vCPUs) and <code>10240</code> CPU units (<code>10</code> vCPUs).</p> <p>If you use the Fargate launch type, this field is required. You must use one of the following values. These values determine the range of supported values for the <code>memory</code> parameter:</p> <p>The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task was created (the task entered the <code>PENDING</code> state).</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task was created. More specifically, it's for the time when the task entered the <code>PENDING</code> state.</p>"
         },
         "desiredStatus":{
           "shape":"String",
@@ -5121,35 +5181,35 @@
         },
         "enableExecuteCommand":{
           "shape":"Boolean",
-          "documentation":"<p>Whether or not execute command functionality is enabled for this task. If <code>true</code>, this enables execute command functionality on all containers in the task.</p>"
+          "documentation":"<p>Determines whether execute command functionality is enabled for this task. If <code>true</code>, execute command functionality is enabled on all the containers in the task.</p>"
         },
         "executionStoppedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task execution stopped.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task execution stopped.</p>"
         },
         "group":{
           "shape":"String",
-          "documentation":"<p>The name of the task group associated with the task.</p>"
+          "documentation":"<p>The name of the task group that's associated with the task.</p>"
         },
         "healthStatus":{
           "shape":"HealthStatus",
-          "documentation":"<p>The health status for the task, which is determined by the health of the essential containers in the task. If all essential containers in the task are reporting as <code>HEALTHY</code>, then the task status also reports as <code>HEALTHY</code>. If any essential containers in the task are reporting as <code>UNHEALTHY</code> or <code>UNKNOWN</code>, then the task status also reports as <code>UNHEALTHY</code> or <code>UNKNOWN</code>, accordingly.</p> <note> <p>The Amazon ECS container agent does not monitor or report on Docker health checks that are embedded in a container image (such as those specified in a parent image or from the image's Dockerfile) and not specified in the container definition. Health check parameters that are specified in a container definition override any Docker health checks that exist in the container image.</p> </note>"
+          "documentation":"<p>The health status for the task. It's determined by the health of the essential containers in the task. If all essential containers in the task are reporting as <code>HEALTHY</code>, the task status also reports as <code>HEALTHY</code>. If any essential containers in the task are reporting as <code>UNHEALTHY</code> or <code>UNKNOWN</code>, the task status also reports as <code>UNHEALTHY</code> or <code>UNKNOWN</code>.</p> <note> <p>The Amazon ECS container agent doesn't monitor or report on Docker health checks that are embedded in a container image and not specified in the container definition. For example, this includes those specified in a parent image or from the image's Dockerfile. Health check parameters that are specified in a container definition override any Docker health checks that are found in the container image.</p> </note>"
         },
         "inferenceAccelerators":{
           "shape":"InferenceAccelerators",
-          "documentation":"<p>The Elastic Inference accelerator associated with the task.</p>"
+          "documentation":"<p>The Elastic Inference accelerator that's associated with the task.</p>"
         },
         "lastStatus":{
           "shape":"String",
-          "documentation":"<p>The last known status of the task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-lifecycle.html\">Task Lifecycle</a>.</p>"
+          "documentation":"<p>The last known status for the task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-lifecycle.html\">Task Lifecycle</a>.</p>"
         },
         "launchType":{
           "shape":"LaunchType",
-          "documentation":"<p>The infrastructure on which your task is running. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The infrastructure where your task runs on. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html\">Amazon ECS launch types</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "memory":{
           "shape":"String",
-          "documentation":"<p>The amount of memory (in MiB) used by the task as expressed in a task definition. It can be expressed as an integer using MiB, for example <code>1024</code>. It can also be expressed as a string using GB, for example <code>1GB</code> or <code>1 GB</code>. String values are converted to an integer indicating the MiB when the task definition is registered.</p> <p>If you are using the EC2 launch type, this field is optional.</p> <p>If you are using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of supported values for the <code>cpu</code> parameter:</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
+          "documentation":"<p>The amount of memory (in MiB) that the task uses as expressed in a task definition. It can be expressed as an integer using MiB (for example, <code>1024</code>). If it's expressed as a string using GB (for example, <code>1GB</code> or <code>1 GB</code>), it's converted to an integer indicating the MiB when the task definition is registered.</p> <p>If you use the EC2 launch type, this field is optional.</p> <p>If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines the range of supported values for the <code>cpu</code> parameter.</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
         },
         "overrides":{
           "shape":"TaskOverride",
@@ -5157,35 +5217,35 @@
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version on which your task is running. A platform version is only specified for tasks using the Fargate launch type. If one is not specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version where your task runs on. A platform version is only specified for tasks that use the Fargate launch type. If you didn't specify one, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "platformFamily":{
           "shape":"String",
-          "documentation":"<p>The operating system that your tasks are running on. A platform family is specified only for tasks using the Fargate launch type. </p> <p> All tasks that run as part of this service must use the same <code>platformFamily</code> value as the service, for example, <code>LINUX.</code>.</p>"
+          "documentation":"<p>The operating system that your tasks are running on. A platform family is specified only for tasks that use the Fargate launch type. </p> <p> All tasks that run as part of this service must use the same <code>platformFamily</code> value as the service (for example, <code>LINUX.</code>).</p>"
         },
         "pullStartedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the container image pull began.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the container image pull began.</p>"
         },
         "pullStoppedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the container image pull completed.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the container image pull completed.</p>"
         },
         "startedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task started (the task transitioned from the <code>PENDING</code> state to the <code>RUNNING</code> state).</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task started. More specifically, it's for the time when the task transitioned from the <code>PENDING</code> state to the <code>RUNNING</code> state.</p>"
         },
         "startedBy":{
           "shape":"String",
-          "documentation":"<p>The tag specified when a task is started. If the task is started by an Amazon ECS service, then the <code>startedBy</code> parameter contains the deployment ID of the service that starts it.</p>"
+          "documentation":"<p>The tag specified when a task is started. If an Amazon ECS service started the task, the <code>startedBy</code> parameter contains the deployment ID of that service.</p>"
         },
         "stopCode":{
           "shape":"TaskStopCode",
-          "documentation":"<p>The stop code indicating why a task was stopped. The <code>stoppedReason</code> may contain additional details.</p>"
+          "documentation":"<p>The stop code indicating why a task was stopped. The <code>stoppedReason</code> might contain additional details.</p>"
         },
         "stoppedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task was stopped (the task transitioned from the <code>RUNNING</code> state to the <code>STOPPED</code> state).</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task was stopped. More specifically, it's for the time when the task transitioned from the <code>RUNNING</code> state to the <code>STOPPED</code> state.</p>"
         },
         "stoppedReason":{
           "shape":"String",
@@ -5193,11 +5253,11 @@
         },
         "stoppingAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task stops (transitions from the <code>RUNNING</code> state to <code>STOPPED</code>).</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task stops. More specifically, it's for the time when the task transitions from the <code>RUNNING</code> state to <code>STOPPED</code>.</p>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the task to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the task to help you categorize and organize the task. Each tag consists of a key and an optional value. You define both the key and value.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         },
         "taskArn":{
           "shape":"String",
@@ -5209,7 +5269,7 @@
         },
         "version":{
           "shape":"Long",
-          "documentation":"<p>The version counter for the task. Every time a task experiences a change that triggers a CloudWatch event, the version counter is incremented. If you are replicating your Amazon ECS task state with CloudWatch Events, you can compare the version of a task reported by the Amazon ECS API actions with the version reported in CloudWatch Events for the task (inside the <code>detail</code> object) to verify that the version in your event stream is current.</p>"
+          "documentation":"<p>The version counter for the task. Every time a task experiences a change that starts a CloudWatch event, the version counter is incremented. If you replicate your Amazon ECS task state with CloudWatch Events, you can compare the version of a task reported by the Amazon ECS API actions with the version reported in CloudWatch Events for the task (inside the <code>detail</code> object) to verify that the version in your event stream is current.</p>"
         },
         "ephemeralStorage":{
           "shape":"EphemeralStorage",
@@ -5231,11 +5291,11 @@
         },
         "family":{
           "shape":"String",
-          "documentation":"<p>The name of a family that this task definition is registered to. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed.</p> <p>A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.</p>"
+          "documentation":"<p>The name of a family that this task definition is registered to. Up to 255 characters are allowed. Letters (both uppercase and lowercase letters), numbers, hyphens (-), and underscores (_) are allowed.</p> <p>A family groups multiple versions of a task definition. Amazon ECS gives the first task definition that you registered to a family a revision number of 1. Amazon ECS gives sequential revision numbers to each task definition that you add.</p>"
         },
         "taskRoleArn":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the task permission to call Amazon Web Services APIs on your behalf. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html\">Amazon ECS Task Role</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>IAM roles for tasks on Windows require that the <code>-EnableTaskIAMRole</code> option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code in order to take advantage of the feature. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html\">Windows IAM roles for tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the task permission to call Amazon Web Services APIs on your behalf. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html\">Amazon ECS Task Role</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <p>IAM roles for tasks on Windows require that the <code>-EnableTaskIAMRole</code> option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html\">Windows IAM roles for tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "executionRoleArn":{
           "shape":"String",
@@ -5247,11 +5307,11 @@
         },
         "revision":{
           "shape":"Integer",
-          "documentation":"<p>The revision of the task in a particular family. The revision is a version number of a task definition in a family. When you register a task definition for the first time, the revision is <code>1</code>. Each time that you register a new revision of a task definition in the same family, the revision value always increases by one, even if you have deregistered previous revisions in this family.</p>"
+          "documentation":"<p>The revision of the task in a particular family. The revision is a version number of a task definition in a family. When you register a task definition for the first time, the revision is <code>1</code>. Each time that you register a new revision of a task definition in the same family, the revision value always increases by one. This is even if you deregistered previous revisions in this family.</p>"
         },
         "volumes":{
           "shape":"VolumeList",
-          "documentation":"<p>The list of data volume definitions for the task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using data volumes in tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>The <code>host</code> and <code>sourcePath</code> parameters are not supported for tasks run on Fargate.</p> </note>"
+          "documentation":"<p>The list of data volume definitions for the task. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using data volumes in tasks</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>The <code>host</code> and <code>sourcePath</code> parameters aren't supported for tasks run on Fargate.</p> </note>"
         },
         "status":{
           "shape":"TaskDefinitionStatus",
@@ -5259,11 +5319,11 @@
         },
         "requiresAttributes":{
           "shape":"RequiresAttributes",
-          "documentation":"<p>The container instance attributes required by your task. When an Amazon EC2 instance is registered to your cluster, the Amazon ECS container agent assigns some standard attributes to the instance. You can apply custom attributes, specified as key-value pairs using the Amazon ECS console or the <a>PutAttributes</a> API. These attributes are used when considering task placement for tasks hosted on Amazon EC2 instances. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>This parameter is not supported for tasks run on Fargate.</p> </note>"
+          "documentation":"<p>The container instance attributes required by your task. When an Amazon EC2 instance is registered to your cluster, the Amazon ECS container agent assigns some standard attributes to the instance. You can apply custom attributes. These are specified as key-value pairs using the Amazon ECS console or the <a>PutAttributes</a> API. These attributes are used when determining task placement for tasks hosted on Amazon EC2 instances. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html#attributes\">Attributes</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>This parameter isn't supported for tasks run on Fargate.</p> </note>"
         },
         "placementConstraints":{
           "shape":"TaskDefinitionPlacementConstraints",
-          "documentation":"<p>An array of placement constraint objects to use for tasks.</p> <note> <p>This parameter is not supported for tasks run on Fargate.</p> </note>"
+          "documentation":"<p>An array of placement constraint objects to use for tasks.</p> <note> <p>This parameter isn't supported for tasks run on Fargate.</p> </note>"
         },
         "compatibilities":{
           "shape":"CompatibilityList",
@@ -5279,15 +5339,15 @@
         },
         "cpu":{
           "shape":"String",
-          "documentation":"<p>The number of <code>cpu</code> units used by the task. If you are using the EC2 launch type, this field is optional and any value can be used. If you are using the Fargate launch type, this field is required and you must use one of the following values, which determines your range of valid values for the <code>memory</code> parameter:</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
+          "documentation":"<p>The number of <code>cpu</code> units used by the task. If you use the EC2 launch type, this field is optional. Any value can be used. If you use the Fargate launch type, this field is required. You must use one of the following values. The value that you choose determines your range of valid values for the <code>memory</code> parameter.</p> <p>The CPU units cannot be less than 1 vCPU when you use Windows containers on Fargate.</p> <ul> <li> <p>256 (.25 vCPU) - Available <code>memory</code> values: 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB)</p> </li> <li> <p>512 (.5 vCPU) - Available <code>memory</code> values: 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB)</p> </li> <li> <p>1024 (1 vCPU) - Available <code>memory</code> values: 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB)</p> </li> <li> <p>2048 (2 vCPU) - Available <code>memory</code> values: Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB)</p> </li> <li> <p>4096 (4 vCPU) - Available <code>memory</code> values: Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB)</p> </li> </ul>"
         },
         "memory":{
           "shape":"String",
-          "documentation":"<p>The amount (in MiB) of memory used by the task.</p> <p>If your tasks will be run on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified then the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html\">ContainerDefinition</a>.</p> <p>If your tasks will be run on Fargate, this field is required and you must use one of the following values, which determines your range of valid values for the <code>cpu</code> parameter:</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
+          "documentation":"<p>The amount (in MiB) of memory used by the task.</p> <p>If your tasks runs on Amazon EC2 instances, you must specify either a task-level memory value or a container-level memory value. This field is optional and any value can be used. If a task-level memory value is specified, the container-level memory value is optional. For more information regarding container-level memory and memory reservation, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html\">ContainerDefinition</a>.</p> <p>If your tasks runs on Fargate, this field is required. You must use one of the following values. The value you choose determines your range of valid values for the <code>cpu</code> parameter.</p> <ul> <li> <p>512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available <code>cpu</code> values: 256 (.25 vCPU)</p> </li> <li> <p>1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available <code>cpu</code> values: 512 (.5 vCPU)</p> </li> <li> <p>2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available <code>cpu</code> values: 1024 (1 vCPU)</p> </li> <li> <p>Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 2048 (2 vCPU)</p> </li> <li> <p>Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available <code>cpu</code> values: 4096 (4 vCPU)</p> </li> </ul>"
         },
         "inferenceAccelerators":{
           "shape":"InferenceAccelerators",
-          "documentation":"<p>The Elastic Inference accelerator associated with the task.</p>"
+          "documentation":"<p>The Elastic Inference accelerator that's associated with the task.</p>"
         },
         "pidMode":{
           "shape":"PidMode",
@@ -5299,15 +5359,15 @@
         },
         "proxyConfiguration":{
           "shape":"ProxyConfiguration",
-          "documentation":"<p>The configuration details for the App Mesh proxy.</p> <p>Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the <code>ecs-init</code> package to enable a proxy configuration. If your container instances are launched from the Amazon ECS-optimized AMI version <code>20190301</code> or later, then they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The configuration details for the App Mesh proxy.</p> <p>Your Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the <code>ecs-init</code> package to enable a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version <code>20190301</code> or later, they contain the required versions of the container agent and <code>ecs-init</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html\">Amazon ECS-optimized Linux AMI</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "registeredAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task definition was registered.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task definition was registered.</p>"
         },
         "deregisteredAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task definition was deregistered.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task definition was deregistered.</p>"
         },
         "registeredBy":{
           "shape":"String",
@@ -5348,7 +5408,7 @@
           "documentation":"<p>A cluster query language expression to apply to the constraint. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html\">Cluster query language</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         }
       },
-      "documentation":"<p>An object representing a constraint on task placement in the task definition. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html\">Task placement constraints</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>Task placement constraints are not supported for tasks run on Fargate.</p> </note>"
+      "documentation":"<p>An object representing a constraint on task placement in the task definition. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-constraints.html\">Task placement constraints</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p> <note> <p>Task placement constraints aren't supported for tasks run on Fargate.</p> </note>"
     },
     "TaskDefinitionPlacementConstraintType":{
       "type":"string",
@@ -5378,7 +5438,7 @@
       "members":{
         "containerOverrides":{
           "shape":"ContainerOverrides",
-          "documentation":"<p>One or more container overrides sent to a task.</p>"
+          "documentation":"<p>One or more container overrides that are sent to a task.</p>"
         },
         "cpu":{
           "shape":"String",
@@ -5402,10 +5462,10 @@
         },
         "ephemeralStorage":{
           "shape":"EphemeralStorage",
-          "documentation":"<p>The ephemeral storage setting override for the task.</p> <note> <p>This parameter is only supported for tasks hosted on Fargate using the following platform versions:</p> <ul> <li> <p>Linux platform version <code>1.4.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> </note>"
+          "documentation":"<p>The ephemeral storage setting override for the task.</p> <note> <p>This parameter is only supported for tasks hosted on Fargate that use the following platform versions:</p> <ul> <li> <p>Linux platform version <code>1.4.0</code> or later.</p> </li> <li> <p>Windows platform version <code>1.0.0</code> or later.</p> </li> </ul> </note>"
         }
       },
-      "documentation":"<p>The overrides associated with a task.</p>"
+      "documentation":"<p>The overrides that are associated with a task.</p>"
     },
     "TaskSet":{
       "type":"structure",
@@ -5428,19 +5488,19 @@
         },
         "startedBy":{
           "shape":"String",
-          "documentation":"<p>The tag specified when a task set is started. If the task set is created by an CodeDeploy deployment, the <code>startedBy</code> parameter is <code>CODE_DEPLOY</code>. For a task set created for an external deployment, the startedBy field isn't used.</p>"
+          "documentation":"<p>The tag specified when a task set is started. If an CodeDeploy deployment created the task set, the <code>startedBy</code> parameter is <code>CODE_DEPLOY</code>. If an external deployment created the task set, the startedBy field isn't used.</p>"
         },
         "externalId":{
           "shape":"String",
-          "documentation":"<p>The external ID associated with the task set.</p> <p>If a task set is created by an CodeDeploy deployment, the <code>externalId</code> parameter contains the CodeDeploy deployment ID.</p> <p>If a task set is created for an external deployment and is associated with a service discovery registry, the <code>externalId</code> parameter contains the <code>ECS_TASK_SET_EXTERNAL_ID</code> Cloud Map attribute.</p>"
+          "documentation":"<p>The external ID associated with the task set.</p> <p>If an CodeDeploy deployment created a task set, the <code>externalId</code> parameter contains the CodeDeploy deployment ID.</p> <p>If a task set is created for an external deployment and is associated with a service discovery registry, the <code>externalId</code> parameter contains the <code>ECS_TASK_SET_EXTERNAL_ID</code> Cloud Map attribute.</p>"
         },
         "status":{
           "shape":"String",
-          "documentation":"<p>The status of the task set. The following describes each state:</p> <dl> <dt>PRIMARY</dt> <dd> <p>The task set is serving production traffic.</p> </dd> <dt>ACTIVE</dt> <dd> <p>The task set is not serving production traffic.</p> </dd> <dt>DRAINING</dt> <dd> <p>The tasks in the task set are being stopped and their corresponding targets are being deregistered from their target group.</p> </dd> </dl>"
+          "documentation":"<p>The status of the task set. The following describes each state.</p> <dl> <dt>PRIMARY</dt> <dd> <p>The task set is serving production traffic.</p> </dd> <dt>ACTIVE</dt> <dd> <p>The task set isn't serving production traffic.</p> </dd> <dt>DRAINING</dt> <dd> <p>The tasks in the task set are being stopped, and their corresponding targets are being deregistered from their target group.</p> </dd> </dl>"
         },
         "taskDefinition":{
           "shape":"String",
-          "documentation":"<p>The task definition the task set is using.</p>"
+          "documentation":"<p>The task definition that the task set is using.</p>"
         },
         "computedDesiredCount":{
           "shape":"Integer",
@@ -5448,7 +5508,7 @@
         },
         "pendingCount":{
           "shape":"Integer",
-          "documentation":"<p>The number of tasks in the task set that are in the <code>PENDING</code> status during a deployment. A task in the <code>PENDING</code> state is preparing to enter the <code>RUNNING</code> state. A task set enters the <code>PENDING</code> status when it launches for the first time or when it is restarted after being in the <code>STOPPED</code> state.</p>"
+          "documentation":"<p>The number of tasks in the task set that are in the <code>PENDING</code> status during a deployment. A task in the <code>PENDING</code> state is preparing to enter the <code>RUNNING</code> state. A task set enters the <code>PENDING</code> status when it launches for the first time or when it's restarted after being in the <code>STOPPED</code> state.</p>"
         },
         "runningCount":{
           "shape":"Integer",
@@ -5456,11 +5516,11 @@
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task set was created.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task set was created.</p>"
         },
         "updatedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task set was last updated.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task set was last updated.</p>"
         },
         "launchType":{
           "shape":"LaunchType",
@@ -5468,15 +5528,15 @@
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
-          "documentation":"<p>The capacity provider strategy associated with the task set.</p>"
+          "documentation":"<p>The capacity provider strategy that are associated with the task set.</p>"
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The Fargate platform version on which the tasks in the task set are running. A platform version is only specified for tasks run on Fargate. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The Fargate platform version where the tasks in the task set are running. A platform version is only specified for tasks run on Fargate. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate platform versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "platformFamily":{
           "shape":"String",
-          "documentation":"<p>The operating system that your tasks in the set are running on. A platform family is specified only for tasks using the Fargate launch type. </p> <p> All tasks in the set must have the same value.</p>"
+          "documentation":"<p>The operating system that your tasks in the set are running on. A platform family is specified only for tasks that use the Fargate launch type. </p> <p> All tasks in the set must have the same value.</p>"
         },
         "networkConfiguration":{
           "shape":"NetworkConfiguration",
@@ -5484,27 +5544,27 @@
         },
         "loadBalancers":{
           "shape":"LoadBalancers",
-          "documentation":"<p>Details on a load balancer that is used with a task set.</p>"
+          "documentation":"<p>Details on a load balancer that are used with a task set.</p>"
         },
         "serviceRegistries":{
           "shape":"ServiceRegistries",
-          "documentation":"<p>The details of the service discovery registries to assign to this task set. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service discovery</a>.</p>"
+          "documentation":"<p>The details for the service discovery registries to assign to this task set. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-discovery.html\">Service discovery</a>.</p>"
         },
         "scale":{
           "shape":"Scale",
-          "documentation":"<p>A floating-point percentage of the desired number of tasks to place and keep running in the task set.</p>"
+          "documentation":"<p>A floating-point percentage of your desired number of tasks to place and keep running in the task set.</p>"
         },
         "stabilityStatus":{
           "shape":"StabilityStatus",
-          "documentation":"<p>The stability status, which indicates whether the task set has reached a steady state. If the following conditions are met, the task set will be in <code>STEADY_STATE</code>:</p> <ul> <li> <p>The task <code>runningCount</code> is equal to the <code>computedDesiredCount</code>.</p> </li> <li> <p>The <code>pendingCount</code> is <code>0</code>.</p> </li> <li> <p>There are no tasks running on container instances in the <code>DRAINING</code> status.</p> </li> <li> <p>All tasks are reporting a healthy status from the load balancers, service discovery, and container health checks.</p> </li> </ul> <p>If any of those conditions are not met, the stability status returns <code>STABILIZING</code>.</p>"
+          "documentation":"<p>The stability status. This indicates whether the task set has reached a steady state. If the following conditions are met, the task set sre in <code>STEADY_STATE</code>:</p> <ul> <li> <p>The task <code>runningCount</code> is equal to the <code>computedDesiredCount</code>.</p> </li> <li> <p>The <code>pendingCount</code> is <code>0</code>.</p> </li> <li> <p>There are no tasks that are running on container instances in the <code>DRAINING</code> status.</p> </li> <li> <p>All tasks are reporting a healthy status from the load balancers, service discovery, and container health checks.</p> </li> </ul> <p>If any of those conditions aren't met, the stability status returns <code>STABILIZING</code>.</p>"
         },
         "stabilityStatusAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp for when the task set stability status was retrieved.</p>"
+          "documentation":"<p>The Unix timestamp for the time when the task set stability status was retrieved.</p>"
         },
         "tags":{
           "shape":"Tags",
-          "documentation":"<p>The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
+          "documentation":"<p>The metadata that you apply to the task set to help you categorize and organize them. Each tag consists of a key and an optional value. You define both.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per resource - 50</p> </li> <li> <p>For each resource, each tag key must be unique, and each tag key can have only one value.</p> </li> <li> <p>Maximum key length - 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length - 256 Unicode characters in UTF-8</p> </li> <li> <p>If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.</p> </li> <li> <p>Tag keys and values are case-sensitive.</p> </li> <li> <p>Do not use <code>aws:</code>, <code>AWS:</code>, or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Information about a set of Amazon ECS tasks in either an CodeDeploy or an <code>EXTERNAL</code> deployment. An Amazon ECS task set includes details such as the desired number of tasks, how many tasks are running, and whether the task set serves production traffic.</p>"
@@ -5521,7 +5581,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified task set could not be found. You can view your available task sets with <a>DescribeTaskSets</a>. Task sets are specific to each cluster, service and Region.</p>",
+      "documentation":"<p>The specified task set wasn't found. You can view your available task sets with <a>DescribeTaskSets</a>. Task sets are specific to each cluster, service and Region.</p>",
       "exception":true
     },
     "TaskSets":{
@@ -5625,7 +5685,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The specified task is not supported in this Region.</p>",
+      "documentation":"<p>The specified task isn't supported in this Region.</p>",
       "exception":true
     },
     "UntagResourceRequest":{
@@ -5637,7 +5697,7 @@
       "members":{
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource from which to delete tags. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to delete tags from. Currently, the supported resources are Amazon ECS capacity providers, tasks, services, task definitions, clusters, and container instances.</p>"
         },
         "tagKeys":{
           "shape":"TagKeys",
@@ -5663,7 +5723,7 @@
         },
         "autoScalingGroupProvider":{
           "shape":"AutoScalingGroupProviderUpdate",
-          "documentation":"<p>An object representing the parameters to update for the Auto Scaling group capacity provider.</p>"
+          "documentation":"<p>An object that represent the parameters to update for the Auto Scaling group capacity provider.</p>"
         }
       }
     },
@@ -5716,7 +5776,7 @@
         },
         "settings":{
           "shape":"ClusterSettings",
-          "documentation":"<p>The setting to use by default for a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. If this value is specified, it will override the <code>containerInsights</code> value set with <a>PutAccountSetting</a> or <a>PutAccountSettingDefault</a>.</p>"
+          "documentation":"<p>The setting to use by default for a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. If this value is specified, it overrides the <code>containerInsights</code> value set with <a>PutAccountSetting</a> or <a>PutAccountSettingDefault</a>.</p>"
         }
       }
     },
@@ -5739,7 +5799,7 @@
         },
         "containerInstance":{
           "shape":"String",
-          "documentation":"<p>The container instance ID or full ARN entries for the container instance on which you would like to update the Amazon ECS container agent.</p>"
+          "documentation":"<p>The container instance ID or full ARN entries for the container instance where you would like to update the Amazon ECS container agent.</p>"
         }
       }
     },
@@ -5748,7 +5808,7 @@
       "members":{
         "containerInstance":{
           "shape":"ContainerInstance",
-          "documentation":"<p>The container instance for which the container agent was updated.</p>"
+          "documentation":"<p>The container instance that the container agent was updated for.</p>"
         }
       }
     },
@@ -5765,11 +5825,11 @@
         },
         "containerInstances":{
           "shape":"StringList",
-          "documentation":"<p>A list of container instance IDs or full ARN entries.</p>"
+          "documentation":"<p>A list of up to 10 container instance IDs or full ARN entries.</p>"
         },
         "status":{
           "shape":"ContainerInstanceStatus",
-          "documentation":"<p>The container instance state with which to update the container instance. The only valid values for this action are <code>ACTIVE</code> and <code>DRAINING</code>. A container instance can only be updated to <code>DRAINING</code> status once it has reached an <code>ACTIVE</code> state. If a container instance is in <code>REGISTERING</code>, <code>DEREGISTERING</code>, or <code>REGISTRATION_FAILED</code> state you can describe the container instance but will be unable to update the container instance state.</p>"
+          "documentation":"<p>The container instance state to update the container instance with. The only valid values for this action are <code>ACTIVE</code> and <code>DRAINING</code>. A container instance can only be updated to <code>DRAINING</code> status once it has reached an <code>ACTIVE</code> state. If a container instance is in <code>REGISTERING</code>, <code>DEREGISTERING</code>, or <code>REGISTRATION_FAILED</code> state you can describe the container instance but can't update the container instance state.</p>"
         }
       }
     },
@@ -5790,7 +5850,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>There is already a current Amazon ECS container agent update in progress on the specified container instance. If the container agent becomes disconnected while it is in a transitional stage, such as <code>PENDING</code> or <code>STAGING</code>, the update process can get stuck in that state. However, when the agent reconnects, it resumes where it stopped previously.</p>",
+      "documentation":"<p>There's already a current Amazon ECS container agent update in progress on the container instance that's specified. If the container agent becomes disconnected while it's in a transitional stage, such as <code>PENDING</code> or <code>STAGING</code>, the update process can get stuck in that state. However, when the agent reconnects, it resumes where it stopped previously.</p>",
       "exception":true
     },
     "UpdateServicePrimaryTaskSetRequest":{
@@ -5830,7 +5890,7 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that your service is running on. If you do not specify a cluster, the default cluster is assumed.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that your service runs on. If you do not specify a cluster, the default cluster is assumed.</p>"
         },
         "service":{
           "shape":"String",
@@ -5846,7 +5906,7 @@
         },
         "capacityProviderStrategy":{
           "shape":"CapacityProviderStrategy",
-          "documentation":"<p>The capacity provider strategy to update the service to use.</p> <p>If the service is using the default capacity provider strategy for the cluster, the service can be updated to use one or more capacity providers as opposed to the default capacity provider strategy. However, when a service is using a capacity provider strategy that is not the default capacity provider strategy, the service cannot be updated to use the cluster's default capacity provider strategy.</p> <p>A capacity provider strategy consists of one or more capacity providers along with the <code>base</code> and <code>weight</code> to assign to them. A capacity provider must be associated with the cluster to be used in a capacity provider strategy. The <a>PutClusterCapacityProviders</a> API is used to associate a capacity provider with a cluster. Only capacity providers with an <code>ACTIVE</code> or <code>UPDATING</code> status can be used.</p> <p>If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New capacity providers can be created with the <a>CreateCapacityProvider</a> API operation.</p> <p>To use a Fargate capacity provider, specify either the <code>FARGATE</code> or <code>FARGATE_SPOT</code> capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.</p> <p>The <a>PutClusterCapacityProviders</a> API operation is used to update the list of available capacity providers for a cluster after the cluster is created.</p> <p/>"
+          "documentation":"<p>The capacity provider strategy to update the service to use.</p> <p>if the service uses the default capacity provider strategy for the cluster, the service can be updated to use one or more capacity providers as opposed to the default capacity provider strategy. However, when a service is using a capacity provider strategy that's not the default capacity provider strategy, the service can't be updated to use the cluster's default capacity provider strategy.</p> <p>A capacity provider strategy consists of one or more capacity providers along with the <code>base</code> and <code>weight</code> to assign to them. A capacity provider must be associated with the cluster to be used in a capacity provider strategy. The <a>PutClusterCapacityProviders</a> API is used to associate a capacity provider with a cluster. Only capacity providers with an <code>ACTIVE</code> or <code>UPDATING</code> status can be used.</p> <p>If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New capacity providers can be created with the <a>CreateCapacityProvider</a> API operation.</p> <p>To use a Fargate capacity provider, specify either the <code>FARGATE</code> or <code>FARGATE_SPOT</code> capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.</p> <p>The <a>PutClusterCapacityProviders</a> API operation is used to update the list of available capacity providers for a cluster after the cluster is created.</p> <p/>"
         },
         "deploymentConfiguration":{
           "shape":"DeploymentConfiguration",
@@ -5858,23 +5918,23 @@
         },
         "placementConstraints":{
           "shape":"PlacementConstraints",
-          "documentation":"<p>An array of task placement constraint objects to update the service to use. If no value is specified, the existing placement constraints for the service will remain unchanged. If this value is specified, it will override any existing placement constraints defined for the service. To remove all existing placement constraints, specify an empty array.</p> <p>You can specify a maximum of 10 constraints per task (this limit includes constraints in the task definition and those specified at runtime).</p>"
+          "documentation":"<p>An array of task placement constraint objects to update the service to use. If no value is specified, the existing placement constraints for the service will remain unchanged. If this value is specified, it will override any existing placement constraints defined for the service. To remove all existing placement constraints, specify an empty array.</p> <p>You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.</p>"
         },
         "placementStrategy":{
           "shape":"PlacementStrategies",
-          "documentation":"<p>The task placement strategy objects to update the service to use. If no value is specified, the existing placement strategy for the service will remain unchanged. If this value is specified, it will override the existing placement strategy defined for the service. To remove an existing placement strategy, specify an empty object.</p> <p>You can specify a maximum of five strategy rules per service.</p>"
+          "documentation":"<p>The task placement strategy objects to update the service to use. If no value is specified, the existing placement strategy for the service will remain unchanged. If this value is specified, it will override the existing placement strategy defined for the service. To remove an existing placement strategy, specify an empty object.</p> <p>You can specify a maximum of five strategy rules for each service.</p>"
         },
         "platformVersion":{
           "shape":"String",
-          "documentation":"<p>The platform version on which your tasks in the service are running. A platform version is only specified for tasks using the Fargate launch type. If a platform version is not specified, the <code>LATEST</code> platform version is used by default. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>The platform version that your tasks in the service run on. A platform version is only specified for tasks using the Fargate launch type. If a platform version is not specified, the <code>LATEST</code> platform version is used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html\">Fargate Platform Versions</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "forceNewDeployment":{
           "shape":"Boolean",
-          "documentation":"<p>Whether to force a new deployment of the service. Deployments are not forced by default. You can use this option to trigger a new deployment with no service definition changes. For example, you can update a service's tasks to use a newer Docker image with the same image/tag combination (<code>my_image:latest</code>) or to roll Fargate tasks onto a newer platform version.</p>"
+          "documentation":"<p>Determines whether to force a new deployment of the service. By default, deployments aren't forced. You can use this option to start a new deployment with no service definition changes. For example, you can update a service's tasks to use a newer Docker image with the same image/tag combination (<code>my_image:latest</code>) or to roll Fargate tasks onto a newer platform version.</p>"
         },
         "healthCheckGracePeriodSeconds":{
           "shape":"BoxedInteger",
-          "documentation":"<p>The period of time, in seconds, that the Amazon ECS service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started. This is only valid if your service is configured to use a load balancer. If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds. During that time, the Amazon ECS service scheduler ignores the Elastic Load Balancing health check status. This grace period can prevent the ECS service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.</p>"
+          "documentation":"<p>The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. This is only valid if your service is configured to use a load balancer. If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can specify a health check grace period of up to 2,147,483,647 seconds. During that time, the Amazon ECS service scheduler ignores the Elastic Load Balancing health check status. This grace period can prevent the ECS service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.</p>"
         },
         "enableExecuteCommand":{
           "shape":"BoxedBoolean",
@@ -5902,11 +5962,11 @@
       "members":{
         "cluster":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set exists in.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service that the task set is found in.</p>"
         },
         "service":{
           "shape":"String",
-          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the service that the task set exists in.</p>"
+          "documentation":"<p>The short name or full Amazon Resource Name (ARN) of the service that the task set is found in.</p>"
         },
         "taskSet":{
           "shape":"String",
@@ -5940,7 +6000,7 @@
         },
         "dockerVersion":{
           "shape":"String",
-          "documentation":"<p>The Docker version running on the container instance.</p>"
+          "documentation":"<p>The Docker version that's running on the container instance.</p>"
         }
       },
       "documentation":"<p>The Docker and Amazon ECS container agent version information about a container instance.</p>"
@@ -5954,29 +6014,29 @@
         },
         "host":{
           "shape":"HostVolumeProperties",
-          "documentation":"<p>This parameter is specified when you are using bind mount host volumes. The contents of the <code>host</code> parameter determine whether your bind mount host volume persists on the host container instance and where it is stored. If the <code>host</code> parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data is not guaranteed to persist after the containers associated with it stop running.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers cannot mount directories on a different drive, and mount point cannot be across drives. For example, you can mount <code>C:\\my\\path:C:\\my\\path</code> and <code>D:\\:D:\\</code>, but not <code>D:\\my\\path:C:\\my\\path</code> or <code>D:\\:C:\\my\\path</code>.</p>"
+          "documentation":"<p>This parameter is specified when you use bind mount host volumes. The contents of the <code>host</code> parameter determine whether your bind mount host volume persists on the host container instance and where it's stored. If the <code>host</code> parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running.</p> <p>Windows containers can mount whole directories on the same drive as <code>$env:ProgramData</code>. Windows containers can't mount directories on a different drive, and mount point can't be across drives. For example, you can mount <code>C:\\my\\path:C:\\my\\path</code> and <code>D:\\:D:\\</code>, but not <code>D:\\my\\path:C:\\my\\path</code> or <code>D:\\:C:\\my\\path</code>.</p>"
         },
         "dockerVolumeConfiguration":{
           "shape":"DockerVolumeConfiguration",
-          "documentation":"<p>This parameter is specified when you are using Docker volumes.</p> <p>Windows containers only support the use of the <code>local</code> driver. To use bind mounts, specify the <code>host</code> parameter instead.</p> <note> <p>Docker volumes are not supported by tasks run on Fargate.</p> </note>"
+          "documentation":"<p>This parameter is specified when you use Docker volumes.</p> <p>Windows containers only support the use of the <code>local</code> driver. To use bind mounts, specify the <code>host</code> parameter instead.</p> <note> <p>Docker volumes aren't supported by tasks run on Fargate.</p> </note>"
         },
         "efsVolumeConfiguration":{
           "shape":"EFSVolumeConfiguration",
-          "documentation":"<p>This parameter is specified when you are using an Amazon Elastic File System file system for task storage.</p>"
+          "documentation":"<p>This parameter is specified when you use an Amazon Elastic File System file system for task storage.</p>"
         },
         "fsxWindowsFileServerVolumeConfiguration":{
           "shape":"FSxWindowsFileServerVolumeConfiguration",
-          "documentation":"<p>This parameter is specified when you are using Amazon FSx for Windows File Server file system for task storage.</p>"
+          "documentation":"<p>This parameter is specified when you use Amazon FSx for Windows File Server file system for task storage.</p>"
         }
       },
-      "documentation":"<p>A data volume used in a task definition. For tasks that use the Amazon Elastic File System (Amazon EFS), specify an <code>efsVolumeConfiguration</code>. For Windows tasks that use Amazon FSx for Windows File Server file system, specify a <code>fsxWindowsFileServerVolumeConfiguration</code>. For tasks that use a Docker volume, specify a <code>DockerVolumeConfiguration</code>. For tasks that use a bind mount host volume, specify a <code>host</code> and optional <code>sourcePath</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using Data Volumes in Tasks</a>.</p>"
+      "documentation":"<p>A data volume that's used in a task definition. For tasks that use the Amazon Elastic File System (Amazon EFS), specify an <code>efsVolumeConfiguration</code>. For Windows tasks that use Amazon FSx for Windows File Server file system, specify a <code>fsxWindowsFileServerVolumeConfiguration</code>. For tasks that use a Docker volume, specify a <code>DockerVolumeConfiguration</code>. For tasks that use a bind mount host volume, specify a <code>host</code> and optional <code>sourcePath</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_data_volumes.html\">Using Data Volumes in Tasks</a>.</p>"
     },
     "VolumeFrom":{
       "type":"structure",
       "members":{
         "sourceContainer":{
           "shape":"String",
-          "documentation":"<p>The name of another container within the same task definition from which to mount volumes.</p>"
+          "documentation":"<p>The name of another container within the same task definition to mount volumes from.</p>"
         },
         "readOnly":{
           "shape":"BoxedBoolean",
@@ -5994,5 +6054,5 @@
       "member":{"shape":"Volume"}
     }
   },
-  "documentation":"<fullname>Amazon Elastic Container Service</fullname> <p>Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster. You can host your cluster on a serverless infrastructure that is managed by Amazon ECS by launching your services or tasks on Fargate. For more control, you can host your tasks on a cluster of Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage.</p> <p>Amazon ECS makes it easy to launch and stop container-based applications with simple API calls, allows you to get the state of your cluster from a centralized service, and gives you access to many familiar Amazon EC2 features.</p> <p>You can use Amazon ECS to schedule the placement of containers across your cluster based on your resource needs, isolation policies, and availability requirements. Amazon ECS eliminates the need for you to operate your own cluster management and configuration management systems or worry about scaling your management infrastructure.</p>"
+  "documentation":"<fullname>Amazon Elastic Container Service</fullname> <p>Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service. It makes it easy to run, stop, and manage Docker containers on a cluster. You can host your cluster on a serverless infrastructure that's managed by Amazon ECS by launching your services or tasks on Fargate. For more control, you can host your tasks on a cluster of Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage.</p> <p>Amazon ECS makes it easy to launch and stop container-based applications with simple API calls. This makes it easy to get the state of your cluster from a centralized service, and gives you access to many familiar Amazon EC2 features.</p> <p>You can use Amazon ECS to schedule the placement of containers across your cluster based on your resource needs, isolation policies, and availability requirements. With Amazon ECS, you don't need to operate your own cluster management and configuration management systems. You also don't need to worry about scaling your management infrastructure.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/efs/2015-02-01/service-2.json b/contrib/python/botocore/py3/botocore/data/efs/2015-02-01/service-2.json
index 0e118ae7813..14287036a7b 100644
--- a/contrib/python/botocore/py3/botocore/data/efs/2015-02-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/efs/2015-02-01/service-2.json
@@ -76,6 +76,29 @@
       ],
       "documentation":"<p>Creates a mount target for a file system. You can then mount the file system on EC2 instances by using the mount target.</p> <p>You can create one mount target in each Availability Zone in your VPC. All EC2 instances in a VPC within a given Availability Zone share a single mount target for a given file system. If you have multiple subnets in an Availability Zone, you create a mount target in one of the subnets. EC2 instances do not need to be in the same subnet as the mount target in order to access their file system.</p> <p>You can create only one mount target for an EFS file system using One Zone storage classes. You must create that mount target in the same Availability Zone in which the file system is located. Use the <code>AvailabilityZoneName</code> and <code>AvailabiltyZoneId</code> properties in the <a>DescribeFileSystems</a> response object to get this information. Use the <code>subnetId</code> associated with the file system's Availability Zone when creating the mount target.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html\">Amazon EFS: How it Works</a>. </p> <p>To create a mount target for a file system, the file system's lifecycle state must be <code>available</code>. For more information, see <a>DescribeFileSystems</a>.</p> <p>In the request, provide the following:</p> <ul> <li> <p>The file system ID for which you are creating the mount target.</p> </li> <li> <p>A subnet ID, which determines the following:</p> <ul> <li> <p>The VPC in which Amazon EFS creates the mount target</p> </li> <li> <p>The Availability Zone in which Amazon EFS creates the mount target</p> </li> <li> <p>The IP address range from which Amazon EFS selects the IP address of the mount target (if you don't specify an IP address in the request)</p> </li> </ul> </li> </ul> <p>After creating the mount target, Amazon EFS returns a response that includes, a <code>MountTargetId</code> and an <code>IpAddress</code>. You use this IP address when mounting the file system in an EC2 instance. You can also use the mount target's DNS name when mounting the file system. The EC2 instance on which you mount the file system by using the mount target can resolve the mount target's DNS name to its IP address. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-implementation\">How it Works: Implementation Overview</a>. </p> <p>Note that you can create mount targets for a file system in only one VPC, and there can be only one mount target per Availability Zone. That is, if the file system already has one or more mount targets created for it, the subnet specified in the request to add another mount target must meet the following requirements:</p> <ul> <li> <p>Must belong to the same VPC as the subnets of the existing mount targets</p> </li> <li> <p>Must not be in the same Availability Zone as any of the subnets of the existing mount targets</p> </li> </ul> <p>If the request satisfies the requirements, Amazon EFS does the following:</p> <ul> <li> <p>Creates a new mount target in the specified subnet.</p> </li> <li> <p>Also creates a new network interface in the subnet as follows:</p> <ul> <li> <p>If the request provides an <code>IpAddress</code>, Amazon EFS assigns that IP address to the network interface. Otherwise, Amazon EFS assigns a free address in the subnet (in the same way that the Amazon EC2 <code>CreateNetworkInterface</code> call does when a request does not specify a primary private IP address).</p> </li> <li> <p>If the request provides <code>SecurityGroups</code>, this network interface is associated with those security groups. Otherwise, it belongs to the default security group for the subnet's VPC.</p> </li> <li> <p>Assigns the description <code>Mount target <i>fsmt-id</i> for file system <i>fs-id</i> </code> where <code> <i>fsmt-id</i> </code> is the mount target ID, and <code> <i>fs-id</i> </code> is the <code>FileSystemId</code>.</p> </li> <li> <p>Sets the <code>requesterManaged</code> property of the network interface to <code>true</code>, and the <code>requesterId</code> value to <code>EFS</code>.</p> </li> </ul> <p>Each Amazon EFS mount target has one corresponding requester-managed EC2 network interface. After the network interface is created, Amazon EFS sets the <code>NetworkInterfaceId</code> field in the mount target's description to the network interface ID, and the <code>IpAddress</code> field to its address. If network interface creation fails, the entire <code>CreateMountTarget</code> operation fails.</p> </li> </ul> <note> <p>The <code>CreateMountTarget</code> call returns only after creating the network interface, but while the mount target state is still <code>creating</code>, you can check the mount target creation status by calling the <a>DescribeMountTargets</a> operation, which among other things returns the mount target state.</p> </note> <p>We recommend that you create a mount target in each of the Availability Zones. There are cost considerations for using a file system in an Availability Zone through a mount target created in another Availability Zone. For more information, see <a href=\"http://aws.amazon.com/efs/\">Amazon EFS</a>. In addition, by always using a mount target local to the instance's Availability Zone, you eliminate a partial failure scenario. If the Availability Zone in which your mount target is created goes down, then you can't access your file system through that mount target. </p> <p>This operation requires permissions for the following action on the file system:</p> <ul> <li> <p> <code>elasticfilesystem:CreateMountTarget</code> </p> </li> </ul> <p>This operation also requires permissions for the following Amazon EC2 actions:</p> <ul> <li> <p> <code>ec2:DescribeSubnets</code> </p> </li> <li> <p> <code>ec2:DescribeNetworkInterfaces</code> </p> </li> <li> <p> <code>ec2:CreateNetworkInterface</code> </p> </li> </ul>"
     },
+    "CreateReplicationConfiguration":{
+      "name":"CreateReplicationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/2015-02-01/file-systems/{SourceFileSystemId}/replication-configuration",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateReplicationConfigurationRequest"},
+      "output":{"shape":"ReplicationConfigurationDescription"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"IncorrectFileSystemLifeCycleState"},
+        {"shape":"ValidationException"},
+        {"shape":"ReplicationNotFound"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"UnsupportedAvailabilityZone"},
+        {"shape":"FileSystemLimitExceeded"},
+        {"shape":"InsufficientThroughputCapacity"},
+        {"shape":"ThroughputLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Creates a replication configuration that replicates an existing EFS file system to a new, read-only file system. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html\">Amazon EFS replication</a>. The replication configuration specifies the following:</p> <ul> <li> <p> <b>Source file system</b> - an existing EFS file system that you want replicated. The source file system cannot be a destination file system in an existing replication configuration.</p> </li> <li> <p> <b>Destination file system configuration</b> - the configuration of the destination file system to which the source file system will be replicated. There can only be one destination file system in a replication configuration.</p> <ul> <li> <p> <b>Amazon Web Services Region</b> - The Amazon Web Services Region in which the destination file system is created. EFS Replication is available in all Amazon Web Services Region that Amazon EFS is available in, except the following regions: Asia Pacific (Hong Kong) Europe (Milan), Middle East (Bahrain), Africa (Cape Town), and Asia Pacific (Jakarta).</p> </li> <li> <p> <b>Availability zone</b> - If you want the destination file system to use One Zone availability and durability, you must specify the Availability Zone to create the file system in. For more information about EFS storage classes, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html\"> Amazon EFS storage classes</a> in the <i>Amazon EFS User Guide</i>.</p> </li> <li> <p> <b>Encryption</b> - All destination file systems are created with encryption at rest enabled. You can specify the KMS key that is used to encrypt the destination file system. Your service-managed KMS key for Amazon EFS is used if you don't specify a KMS key. You cannot change this after the file system is created.</p> </li> </ul> </li> </ul> <p>The following properties are set by default:</p> <ul> <li> <p> <b>Performance mode</b> - The destination file system's performance mode will match that of the source file system, unless the destination file system uses One Zone storage. In that case, the <i>General Purpose</i> performance mode is used. The Performance mode cannot be changed.</p> </li> <li> <p> <b>Throughput mode</b> - The destination file system use the Bursting throughput mode by default. You can modify the throughput mode once the file system is created.</p> </li> </ul> <p>The following properties are turned off by default:</p> <ul> <li> <p> <b>Lifecycle management</b> - EFS lifecycle management and intelligent tiering are not enabled on the destination file system. You can enable EFS lifecycle management and intelligent tiering after the destination file system is created.</p> </li> <li> <p> <b>Automatic backups</b> - Automatic daily backups not enabled on the destination file system. You can change this setting after the file system is created.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/efs-replication.html\">Amazon EFS replication</a>.</p>"
+    },
     "CreateTags":{
       "name":"CreateTags",
       "http":{
@@ -133,6 +156,7 @@
       },
       "input":{"shape":"DeleteFileSystemPolicyRequest"},
       "errors":[
+        {"shape":"BadRequest"},
         {"shape":"InternalServerError"},
         {"shape":"FileSystemNotFound"},
         {"shape":"IncorrectFileSystemLifeCycleState"}
@@ -155,6 +179,22 @@
       ],
       "documentation":"<p>Deletes the specified mount target.</p> <p>This operation forcibly breaks any mounts of the file system by using the mount target that is being deleted, which might disrupt instances or applications using those mounts. To avoid applications getting cut off abruptly, you might consider unmounting any mounts of the mount target, if feasible. The operation also deletes the associated network interface. Uncommitted writes might be lost, but breaking a mount target using this operation does not corrupt the file system itself. The file system you created remains. You can mount an EC2 instance in your VPC by using another mount target.</p> <p>This operation requires permissions for the following action on the file system:</p> <ul> <li> <p> <code>elasticfilesystem:DeleteMountTarget</code> </p> </li> </ul> <note> <p>The <code>DeleteMountTarget</code> call returns while the mount target state is still <code>deleting</code>. You can check the mount target deletion by calling the <a>DescribeMountTargets</a> operation, which returns a list of mount target descriptions for the given file system. </p> </note> <p>The operation also requires permissions for the following Amazon EC2 action on the mount target's network interface:</p> <ul> <li> <p> <code>ec2:DeleteNetworkInterface</code> </p> </li> </ul>"
     },
+    "DeleteReplicationConfiguration":{
+      "name":"DeleteReplicationConfiguration",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/2015-02-01/file-systems/{SourceFileSystemId}/replication-configuration",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteReplicationConfigurationRequest"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"InternalServerError"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"ReplicationNotFound"}
+      ],
+      "documentation":"<p>Deletes an existing replication configuration. To delete a replication configuration, you must make the request from the Amazon Web Services Region in which the destination file system is located. Deleting a replication configuration ends the replication process. You can write to the destination file system once it's status becomes <code>Writeable</code>.</p>"
+    },
     "DeleteTags":{
       "name":"DeleteTags",
       "http":{
@@ -231,6 +271,7 @@
       "input":{"shape":"DescribeFileSystemPolicyRequest"},
       "output":{"shape":"FileSystemPolicyDescription"},
       "errors":[
+        {"shape":"BadRequest"},
         {"shape":"InternalServerError"},
         {"shape":"FileSystemNotFound"},
         {"shape":"PolicyNotFound"}
@@ -304,6 +345,24 @@
       ],
       "documentation":"<p>Returns the descriptions of all the current mount targets, or a specific mount target, for a file system. When requesting all of the current mount targets, the order of mount targets returned in the response is unspecified.</p> <p>This operation requires permissions for the <code>elasticfilesystem:DescribeMountTargets</code> action, on either the file system ID that you specify in <code>FileSystemId</code>, or on the file system of the mount target that you specify in <code>MountTargetId</code>.</p>"
     },
+    "DescribeReplicationConfigurations":{
+      "name":"DescribeReplicationConfigurations",
+      "http":{
+        "method":"GET",
+        "requestUri":"/2015-02-01/file-systems/replication-configurations",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeReplicationConfigurationsRequest"},
+      "output":{"shape":"DescribeReplicationConfigurationsResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"InternalServerError"},
+        {"shape":"ReplicationNotFound"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves the replication configurations for either a specific file system, or all configurations for the Amazon Web Services account in an Amazon Web Services Region if a file system is not specified.</p>"
+    },
     "DescribeTags":{
       "name":"DescribeTags",
       "http":{
@@ -400,6 +459,7 @@
       "input":{"shape":"PutFileSystemPolicyRequest"},
       "output":{"shape":"FileSystemPolicyDescription"},
       "errors":[
+        {"shape":"BadRequest"},
         {"shape":"InternalServerError"},
         {"shape":"FileSystemNotFound"},
         {"shape":"InvalidPolicyException"},
@@ -681,11 +741,11 @@
         },
         "Encrypted":{
           "shape":"Encrypted",
-          "documentation":"<p>A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying <a>CreateFileSystemRequest$KmsKeyId</a> for an existing Key Management Service (KMS customer master key (CMK). If you don't specify a CMK, then the default CMK for Amazon EFS, <code>/aws/elasticfilesystem</code>, is used to protect the encrypted file system. </p>"
+          "documentation":"<p>A Boolean value that, if true, creates an encrypted file system. When creating an encrypted file system, you have the option of specifying an existing Key Management Service key (KMS key). If you don't specify a KMS key, then the default KMS key for Amazon EFS, <code>/aws/elasticfilesystem</code>, is used to protect the encrypted file system. </p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>The ID of the KMS CMK that you want to use to protect the encrypted file system. This parameter is only required if you want to use a non-default KMS key. If this parameter is not specified, the default CMK for Amazon EFS is used. This ID can be in one of the following formats:</p> <ul> <li> <p>Key ID - A unique identifier of the key, for example <code>1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>ARN - An Amazon Resource Name (ARN) for the key, for example <code>arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>Key alias - A previously created display name for a key, for example <code>alias/projectKey1</code>.</p> </li> <li> <p>Key alias ARN - An ARN for a key alias, for example <code>arn:aws:kms:us-west-2:444455556666:alias/projectKey1</code>.</p> </li> </ul> <p>If <code>KmsKeyId</code> is specified, the <a>CreateFileSystemRequest$Encrypted</a> parameter must be set to true.</p> <important> <p>EFS accepts only symmetric KMS keys. You cannot use asymmetric KMS keys with EFS file systems.</p> </important>"
+          "documentation":"<p>The ID of the KMS key that you want to use to protect the encrypted file system. This parameter is only required if you want to use a non-default KMS key. If this parameter is not specified, the default KMS key for Amazon EFS is used. You can specify a KMS key ID using the following formats:</p> <ul> <li> <p>Key ID - A unique identifier of the key, for example <code>1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>ARN - An Amazon Resource Name (ARN) for the key, for example <code>arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>Key alias - A previously created display name for a key, for example <code>alias/projectKey1</code>.</p> </li> <li> <p>Key alias ARN - An ARN for a key alias, for example <code>arn:aws:kms:us-west-2:444455556666:alias/projectKey1</code>.</p> </li> </ul> <p>If you use <code>KmsKeyId</code>, you must set the <a>CreateFileSystemRequest$Encrypted</a> parameter to true.</p> <important> <p>EFS accepts only symmetric KMS keys. You cannot use asymmetric KMS keys with Amazon EFS file systems.</p> </important>"
         },
         "ThroughputMode":{
           "shape":"ThroughputMode",
@@ -701,7 +761,7 @@
         },
         "Backup":{
           "shape":"Backup",
-          "documentation":"<p>Specifies whether automatic backups are enabled on the file system that you are creating. Set the value to <code>true</code> to enable automatic backups. If you are creating a file system that uses One Zone storage classes, automatic backups are enabled by default. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#automatic-backups\">Automatic backups</a> in the <i>Amazon EFS User Guide</i>.</p> <p>Default is <code>false</code>. However, if you specify an <code>AvailabilityZoneName</code>, the default is <code>true</code>.</p> <note> <p>Backup is not available in all Amazon Web Services Regionswhere Amazon EFS is available.</p> </note>"
+          "documentation":"<p>Specifies whether automatic backups are enabled on the file system that you are creating. Set the value to <code>true</code> to enable automatic backups. If you are creating a file system that uses One Zone storage classes, automatic backups are enabled by default. For more information, see <a href=\"https://docs.aws.amazon.com/efs/latest/ug/awsbackup.html#automatic-backups\">Automatic backups</a> in the <i>Amazon EFS User Guide</i>.</p> <p>Default is <code>false</code>. However, if you specify an <code>AvailabilityZoneName</code>, the default is <code>true</code>.</p> <note> <p>Backup is not available in all Amazon Web Services Regions where Amazon EFS is available.</p> </note>"
         },
         "Tags":{
           "shape":"Tags",
@@ -735,6 +795,25 @@
       },
       "documentation":"<p/>"
     },
+    "CreateReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":[
+        "SourceFileSystemId",
+        "Destinations"
+      ],
+      "members":{
+        "SourceFileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>Specifies the Amazon EFS file system that you want to replicate. This file system cannot already be a source or destination file system in another replication configuration.</p>",
+          "location":"uri",
+          "locationName":"SourceFileSystemId"
+        },
+        "Destinations":{
+          "shape":"DestinationsToCreate",
+          "documentation":"<p>An array of destination configuration objects. Only one destination configuration object is supported.</p>"
+        }
+      }
+    },
     "CreateTagsRequest":{
       "type":"structure",
       "required":[
@@ -834,6 +913,18 @@
       },
       "documentation":"<p/>"
     },
+    "DeleteReplicationConfigurationRequest":{
+      "type":"structure",
+      "required":["SourceFileSystemId"],
+      "members":{
+        "SourceFileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>The ID of the source file system in the replication configuration.</p>",
+          "location":"uri",
+          "locationName":"SourceFileSystemId"
+        }
+      }
+    },
     "DeleteTagsRequest":{
       "type":"structure",
       "required":[
@@ -1093,6 +1184,42 @@
       },
       "documentation":"<p/>"
     },
+    "DescribeReplicationConfigurationsRequest":{
+      "type":"structure",
+      "members":{
+        "FileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>You can retrieve replication configurations for a specific file system by providing a file system ID.</p>",
+          "location":"querystring",
+          "locationName":"FileSystemId"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p> <code>NextToken</code> is present if the response is paginated. You can use <code>NextMarker</code> in a subsequent request to fetch the next page of output.</p>",
+          "location":"querystring",
+          "locationName":"NextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>(Optional) You can optionally specify the <code>MaxItems</code> parameter to limit the number of objects returned in a response. The default value is 100. </p>",
+          "location":"querystring",
+          "locationName":"MaxResults"
+        }
+      }
+    },
+    "DescribeReplicationConfigurationsResponse":{
+      "type":"structure",
+      "members":{
+        "Replications":{
+          "shape":"ReplicationConfigurationDescriptions",
+          "documentation":"<p>The collection of replication configurations returned.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>You can use the <code>NextToken</code> from the previous response in a subsequent request to fetch the additional descriptions.</p>"
+        }
+      }
+    },
     "DescribeTagsRequest":{
       "type":"structure",
       "required":["FileSystemId"],
@@ -1137,12 +1264,69 @@
       },
       "documentation":"<p/>"
     },
+    "Destination":{
+      "type":"structure",
+      "required":[
+        "Status",
+        "FileSystemId",
+        "Region"
+      ],
+      "members":{
+        "Status":{
+          "shape":"ReplicationStatus",
+          "documentation":"<p>Describes the status of the destination Amazon EFS file system.</p>"
+        },
+        "FileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>The ID of the destination Amazon EFS file system.</p>"
+        },
+        "Region":{
+          "shape":"RegionName",
+          "documentation":"<p>The Amazon Web Services Region in which the destination file system is located.</p>"
+        },
+        "LastReplicatedTimestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the most recent sync successfully completed on the destination file system. Any changes to data on the source file system that occurred prior to this time were successfully replicated to the destination file system. Any changes that occurred after this time might not be fully replicated.</p>"
+        }
+      },
+      "documentation":"<p>Describes the destination file system in the replication configuration.</p>"
+    },
+    "DestinationToCreate":{
+      "type":"structure",
+      "members":{
+        "Region":{
+          "shape":"RegionName",
+          "documentation":"<p>To create a file system that uses regional storage, specify the Amazon Web Services Region in which to create the destination file system.</p>"
+        },
+        "AvailabilityZoneName":{
+          "shape":"AvailabilityZoneName",
+          "documentation":"<p>To create a file system that uses One Zone storage, specify the name of the Availability Zone in which to create the destination file system.</p>"
+        },
+        "KmsKeyId":{
+          "shape":"KmsKeyId",
+          "documentation":"<p>Specifies the KMS key you want to use to encrypt the destination file system. If you do not specify a KMS key, EFS uses your default KMS key for Amazon EFS, <code>/aws/elasticfilesystem</code>. This ID can be in one of the following formats:</p> <ul> <li> <p>Key ID - A unique identifier of the key, for example <code>1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>ARN - An Amazon Resource Name (ARN) for the key, for example <code>arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>.</p> </li> <li> <p>Key alias - A previously created display name for a key, for example <code>alias/projectKey1</code>.</p> </li> <li> <p>Key alias ARN - An ARN for a key alias, for example <code>arn:aws:kms:us-west-2:444455556666:alias/projectKey1</code>.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Describes the destination file system to create in the replication configuration.</p>"
+    },
+    "Destinations":{
+      "type":"list",
+      "member":{"shape":"Destination"}
+    },
+    "DestinationsToCreate":{
+      "type":"list",
+      "member":{"shape":"DestinationToCreate"}
+    },
     "Encrypted":{"type":"boolean"},
     "ErrorCode":{
       "type":"string",
+      "documentation":"<p>The error code is a string that uniquely identifies an error condition. It is meant to be read and understood by programs that detect and handle errors by type. </p>",
       "min":1
     },
-    "ErrorMessage":{"type":"string"},
+    "ErrorMessage":{
+      "type":"string",
+      "documentation":"<p>The error message contains a generic description of the error condition in English. It is intended for a human audience. Simple programs display the message directly to the end user if they encounter an error condition they don't know how or don't care to handle. Sophisticated programs with more exhaustive error handling and proper internationalization are more likely to ignore the error message.</p>"
+    },
     "FileSystemAlreadyExists":{
       "type":"structure",
       "required":[
@@ -1219,7 +1403,7 @@
         },
         "KmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>The ID of an Key Management Service customer master key (CMK) that was used to protect the encrypted file system.</p>"
+          "documentation":"<p>The ID of an KMS key used to protect the encrypted file system.</p>"
         },
         "ThroughputMode":{
           "shape":"ThroughputMode",
@@ -1779,6 +1963,75 @@
         }
       }
     },
+    "RegionName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-{0,1}[0-9]{0,1}$"
+    },
+    "ReplicationConfigurationDescription":{
+      "type":"structure",
+      "required":[
+        "SourceFileSystemId",
+        "SourceFileSystemRegion",
+        "SourceFileSystemArn",
+        "OriginalSourceFileSystemArn",
+        "CreationTime",
+        "Destinations"
+      ],
+      "members":{
+        "SourceFileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>The ID of the source Amazon EFS file system that is being replicated.</p>"
+        },
+        "SourceFileSystemRegion":{
+          "shape":"RegionName",
+          "documentation":"<p>The Amazon Web Services Region in which the source Amazon EFS file system is located.</p>"
+        },
+        "SourceFileSystemArn":{
+          "shape":"FileSystemArn",
+          "documentation":"<p>The ARN of the current source file system in the replication configuration.</p>"
+        },
+        "OriginalSourceFileSystemArn":{
+          "shape":"FileSystemArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the original source Amazon EFS file system in the replication configuration.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>Describes when the replication configuration was created.</p>"
+        },
+        "Destinations":{
+          "shape":"Destinations",
+          "documentation":"<p>Array of destination objects. Only one destination object is supported.</p>"
+        }
+      }
+    },
+    "ReplicationConfigurationDescriptions":{
+      "type":"list",
+      "member":{"shape":"ReplicationConfigurationDescription"}
+    },
+    "ReplicationNotFound":{
+      "type":"structure",
+      "members":{
+        "ErrorCode":{
+          "shape":"ErrorCode",
+          "documentation":"<p>ReplicationNotFound</p>"
+        },
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>Returned if the specified file system did not have a replication configuration.</p>",
+      "error":{"httpStatusCode":404},
+      "exception":true
+    },
+    "ReplicationStatus":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "ENABLING",
+        "DELETING",
+        "ERROR"
+      ]
+    },
     "Resource":{
       "type":"string",
       "documentation":"An EFS resource, for example a file system or a mount target.",
@@ -2077,5 +2330,5 @@
     },
     "VpcId":{"type":"string"}
   },
-  "documentation":"<fullname>Amazon Elastic File System</fullname> <p>Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 instances in the Amazon Web Services Cloud. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. For more information, see the <a href=\"https://docs.aws.amazon.com/efs/latest/ug/api-reference.html\">Amazon Elastic File System API Reference</a> and the <a href=\"https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html\">Amazon Elastic File System User Guide</a>.</p>"
+  "documentation":"<fullname>Amazon Elastic File System</fullname> <p>Amazon Elastic File System (Amazon EFS) provides simple, scalable file storage for use with Amazon EC2 Linux and Mac instances in the Amazon Web Services Cloud. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. For more information, see the <a href=\"https://docs.aws.amazon.com/efs/latest/ug/api-reference.html\">Amazon Elastic File System API Reference</a> and the <a href=\"https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html\">Amazon Elastic File System User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/eks/2017-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/eks/2017-11-01/service-2.json
index 39c327a2bb0..9de329d4823 100644
--- a/contrib/python/botocore/py3/botocore/data/eks/2017-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/eks/2017-11-01/service-2.json
@@ -65,7 +65,7 @@
         {"shape":"ClientException"},
         {"shape":"ServerException"}
       ],
-      "documentation":"<p>Creates an Amazon EKS add-on.</p> <p>Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons can only be used with Amazon EKS clusters running version 1.18 with platform version <code>eks.3</code> or later because add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later.</p>"
+      "documentation":"<p>Creates an Amazon EKS add-on.</p> <p>Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. Amazon EKS add-ons require clusters running version 1.18 or later because Amazon EKS add-ons rely on the Server-side Apply Kubernetes feature, which is only available in Kubernetes 1.18 and later. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html\">Amazon EKS add-ons</a> in the <i>Amazon EKS User Guide</i>.</p>"
     },
     "CreateCluster":{
       "name":"CreateCluster",
@@ -84,7 +84,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"UnsupportedAvailabilityZoneException"}
       ],
-      "documentation":"<p>Creates an Amazon EKS control plane. </p> <p>The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as <code>etcd</code> and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed via the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single-tenant and unique and runs on its own set of Amazon EC2 instances.</p> <p>The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support <code>kubectl exec</code>, <code>logs</code>, and <code>proxy</code> data flows).</p> <p>Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane via the Kubernetes API server endpoint and a certificate file that is created for your cluster.</p> <p>Cluster creation typically takes several minutes. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html\">Managing Cluster Authentication</a> and <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html\">Launching Amazon EKS nodes</a> in the <i>Amazon EKS User Guide</i>.</p>"
+      "documentation":"<p>Creates an Amazon EKS control plane. </p> <p>The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as <code>etcd</code> and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.</p> <p>The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support <code>kubectl exec</code>, <code>logs</code>, and <code>proxy</code> data flows).</p> <p>Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.</p> <p>In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html\">Managing Cluster Authentication</a> and <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html\">Launching Amazon EKS nodes</a> in the <i>Amazon EKS User Guide</i>.</p>"
     },
     "CreateFargateProfile":{
       "name":"CreateFargateProfile",
@@ -204,7 +204,8 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ClientException"},
         {"shape":"ServerException"},
-        {"shape":"ServiceUnavailableException"}
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"}
       ],
       "documentation":"<p>Deregisters a connected cluster to remove it from the Amazon EKS control plane.</p>"
     },
@@ -466,9 +467,12 @@
         {"shape":"InvalidParameterException"},
         {"shape":"ClientException"},
         {"shape":"ServerException"},
-        {"shape":"ServiceUnavailableException"}
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"ResourcePropagationDelayException"}
       ],
-      "documentation":"<p>Connects a Kubernetes cluster to the Amazon EKS control plane. </p> <p>Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes. </p> <p>Cluster connection requires two steps. First, send a <code> <a>RegisterClusterRequest</a> </code> to add it to the Amazon EKS control plane.</p> <p>Second, a <a href=\"https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml\">Manifest</a> containing the <code>activationID</code> and <code>activationCode</code> must be applied to the Kubernetes cluster through it's native provider to provide visibility.</p> <p>After the Manifest is updated and applied, then the connected cluster is visible to the Amazon EKS control plane. If the Manifest is not applied within a set amount of time, then the connected cluster will no longer be visible and must be deregistered. See <a>DeregisterCluster</a>.</p>"
+      "documentation":"<p>Connects a Kubernetes cluster to the Amazon EKS control plane. </p> <p>Any Kubernetes cluster can be connected to the Amazon EKS control plane to view current information about the cluster and its nodes. </p> <p>Cluster connection requires two steps. First, send a <code> <a>RegisterClusterRequest</a> </code> to add it to the Amazon EKS control plane.</p> <p>Second, a <a href=\"https://amazon-eks.s3.us-west-2.amazonaws.com/eks-connector/manifests/eks-connector/latest/eks-connector.yaml\">Manifest</a> containing the <code>activationID</code> and <code>activationCode</code> must be applied to the Kubernetes cluster through it's native provider to provide visibility.</p> <p>After the Manifest is updated and applied, then the connected cluster is visible to the Amazon EKS control plane. If the Manifest is not applied within three days, then the connected cluster will no longer be visible and must be deregistered. See <a>DeregisterCluster</a>.</p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -601,6 +605,15 @@
         "BOTTLEROCKET_x86_64"
       ]
     },
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html\">Access Management</a> in the <i>IAM User Guide</i>. </p>",
+      "error":{"httpStatusCode":403},
+      "exception":true
+    },
     "Addon":{
       "type":"structure",
       "members":{
@@ -642,10 +655,10 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. </p>"
+          "documentation":"<p>The metadata that you apply to the add-on to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Add-on tags do not propagate to any other resources associated with the cluster. </p>"
         }
       },
-      "documentation":"<p>An Amazon EKS add-on.</p>"
+      "documentation":"<p>An Amazon EKS add-on. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html\">Amazon EKS add-ons</a> in the <i>Amazon EKS User Guide</i>.</p>"
     },
     "AddonHealth":{
       "type":"structure",
@@ -797,7 +810,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the configuration to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define.</p>"
+          "documentation":"<p>The metadata to apply to the configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.</p>"
         },
         "clientRequestToken":{
           "shape":"String",
@@ -949,7 +962,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags do not propagate to any other resources associated with the cluster.</p>"
+          "documentation":"<p>The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Cluster tags do not propagate to any other resources associated with the cluster.</p>"
         },
         "encryptionConfig":{
           "shape":"EncryptionConfigList",
@@ -1054,7 +1067,7 @@
         },
         "roleArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the role that is used by the EKS connector to communicate with AWS services from the connected Kubernetes cluster.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the role to communicate with services from the connected Kubernetes cluster.</p>"
         }
       },
       "documentation":"<p>The full description of your connected cluster.</p>"
@@ -1095,7 +1108,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. </p>"
+          "documentation":"<p>The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.</p>"
         }
       }
     },
@@ -1127,7 +1140,7 @@
         },
         "resourcesVpcConfig":{
           "shape":"VpcConfigRequest",
-          "documentation":"<p>The VPC configuration used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html\">Cluster VPC Considerations</a> and <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html\">Cluster Security Group Considerations</a> in the <i>Amazon EKS User Guide</i>. You must specify at least two subnets. You can specify up to five security groups, but we recommend that you use a dedicated security group for your cluster control plane.</p>"
+          "documentation":"<p>The VPC configuration that's used by the cluster control plane. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html\">Cluster VPC Considerations</a> and <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html\">Cluster Security Group Considerations</a> in the <i>Amazon EKS User Guide</i>. You must specify at least two subnets. You can specify up to five security groups. However, we recommend that you use a dedicated security group for your cluster control plane.</p>"
         },
         "kubernetesNetworkConfig":{
           "shape":"KubernetesNetworkConfigRequest",
@@ -1144,7 +1157,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define.</p>"
+          "documentation":"<p>The metadata to apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.</p>"
         },
         "encryptionConfig":{
           "shape":"EncryptionConfigList",
@@ -1198,7 +1211,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.</p>"
+          "documentation":"<p>The metadata to apply to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.</p>"
         }
       }
     },
@@ -1268,7 +1281,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets.</p>"
+          "documentation":"<p>The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets.</p>"
         },
         "clientRequestToken":{
           "shape":"String",
@@ -1794,7 +1807,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata applied to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.</p>"
+          "documentation":"<p>The metadata applied to the Fargate profile to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Fargate profile tags do not propagate to any other resources associated with the Fargate profile, such as the pods that are scheduled with it.</p>"
         }
       },
       "documentation":"<p>An object representing an Fargate profile.</p>"
@@ -1924,12 +1937,19 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "IpFamily":{
+      "type":"string",
+      "enum":[
+        "ipv4",
+        "ipv6"
+      ]
+    },
     "Issue":{
       "type":"structure",
       "members":{
         "code":{
           "shape":"NodegroupIssueCode",
-          "documentation":"<p>A brief description of the error.</p> <ul> <li> <p> <b>AccessDenied</b>: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.</p> </li> <li> <p> <b>AsgInstanceLaunchFailures</b>: Your Auto Scaling group is experiencing failures while attempting to launch instances.</p> </li> <li> <p> <b>AutoScalingGroupNotFound</b>: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.</p> </li> <li> <p> <b>ClusterUnreachable</b>: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests. </p> </li> <li> <p> <b>Ec2LaunchTemplateNotFound</b>: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.</p> </li> <li> <p> <b>Ec2LaunchTemplateVersionMismatch</b>: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.</p> </li> <li> <p> <b>Ec2SecurityGroupDeletionFailure</b>: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.</p> </li> <li> <p> <b>Ec2SecurityGroupNotFound</b>: We couldn't find the cluster security group for the cluster. You must recreate your cluster.</p> </li> <li> <p> <b>Ec2SubnetInvalidConfiguration</b>: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the <code>auto-assign public IP address</code> setting for the subnet. See <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip\">Modifying the public IPv4 addressing attribute for your subnet</a> in the Amazon VPC User Guide.</p> </li> <li> <p> <b>IamInstanceProfileNotFound</b>: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.</p> </li> <li> <p> <b>IamNodeRoleNotFound</b>: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.</p> </li> <li> <p> <b>InstanceLimitExceeded</b>: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.</p> </li> <li> <p> <b>InsufficientFreeAddresses</b>: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.</p> </li> <li> <p> <b>InternalFailure</b>: These errors are usually caused by an Amazon EKS server-side issue.</p> </li> <li> <p> <b>NodeCreationFailure</b>: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/worker_node_IAM_role.html\">node IAM role</a> permissions or lack of outbound internet access for the nodes. </p> </li> </ul>"
+          "documentation":"<p>A brief description of the error.</p> <ul> <li> <p> <b>AccessDenied</b>: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.</p> </li> <li> <p> <b>AsgInstanceLaunchFailures</b>: Your Auto Scaling group is experiencing failures while attempting to launch instances.</p> </li> <li> <p> <b>AutoScalingGroupNotFound</b>: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.</p> </li> <li> <p> <b>ClusterUnreachable</b>: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests. </p> </li> <li> <p> <b>Ec2LaunchTemplateNotFound</b>: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.</p> </li> <li> <p> <b>Ec2LaunchTemplateVersionMismatch</b>: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.</p> </li> <li> <p> <b>Ec2SecurityGroupDeletionFailure</b>: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.</p> </li> <li> <p> <b>Ec2SecurityGroupNotFound</b>: We couldn't find the cluster security group for the cluster. You must recreate your cluster.</p> </li> <li> <p> <b>Ec2SubnetInvalidConfiguration</b>: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the <code>auto-assign public IP address</code> setting for the subnet. See <a href=\"https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip\">Modifying the public IPv4 addressing attribute for your subnet</a> in the Amazon VPC User Guide.</p> </li> <li> <p> <b>IamInstanceProfileNotFound</b>: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.</p> </li> <li> <p> <b>IamNodeRoleNotFound</b>: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.</p> </li> <li> <p> <b>InstanceLimitExceeded</b>: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.</p> </li> <li> <p> <b>InsufficientFreeAddresses</b>: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.</p> </li> <li> <p> <b>InternalFailure</b>: These errors are usually caused by an Amazon EKS server-side issue.</p> </li> <li> <p> <b>NodeCreationFailure</b>: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html\">node IAM role</a> permissions or lack of outbound internet access for the nodes. </p> </li> </ul>"
         },
         "message":{
           "shape":"String",
@@ -1951,7 +1971,11 @@
       "members":{
         "serviceIpv4Cidr":{
           "shape":"String",
-          "documentation":"<p>The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:</p> <ul> <li> <p>Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0/16.</p> </li> <li> <p>Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.</p> </li> <li> <p>Between /24 and /12.</p> </li> </ul> <important> <p>You can only specify a custom CIDR block when you create a cluster and can't change this value once the cluster is created.</p> </important>"
+          "documentation":"<p>Don't specify a value if you select <code>ipv6</code> for <b>ipFamily</b>. The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements:</p> <ul> <li> <p>Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.</p> </li> <li> <p>Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.</p> </li> <li> <p>Between /24 and /12.</p> </li> </ul> <important> <p>You can only specify a custom CIDR block when you create a cluster and can't change this value once the cluster is created.</p> </important>"
+        },
+        "ipFamily":{
+          "shape":"IpFamily",
+          "documentation":"<p>Specify which IP version is used to assign Kubernetes Pod and Service IP addresses. If you don't specify a value, <code>ipv4</code> is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify <code>ipv6</code>, the VPC and subnets that you specify for cluster creation must have both IPv4 and IPv6 CIDR blocks assigned to them. </p> <p>You can only specify <code>ipv6</code> for 1.21 and later clusters that use version 1.10.0 or later of the Amazon VPC CNI add-on. If you specify <code>ipv6</code>, then ensure that your VPC meets the requirements and that you're familiar with the considerations listed in <a href=\"https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html\">Assigning IPv6 addresses to Pods and Services</a> in the Amazon EKS User Guide. If you specify <code>ipv6</code>, Kubernetes assigns Service and Pod addresses from the unique local address range (fc00::/7). You can't specify a custom IPv6 CIDR block.</p>"
         }
       },
       "documentation":"<p>The Kubernetes network configuration for the cluster.</p>"
@@ -1961,10 +1985,18 @@
       "members":{
         "serviceIpv4Cidr":{
           "shape":"String",
-          "documentation":"<p>The CIDR block that Kubernetes service IP addresses are assigned from. If you didn't specify a CIDR block when you created the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified when the cluster was created and it cannot be changed.</p>"
+          "documentation":"<p>The CIDR block that Kubernetes Pod and Service IP addresses are assigned from. Kubernetes assigns addresses from an IPv4 CIDR block assigned to a subnet that the node is in. If you didn't specify a CIDR block when you created the cluster, then Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. If this was specified, then it was specified when the cluster was created and it can't be changed.</p>"
+        },
+        "serviceIpv6Cidr":{
+          "shape":"String",
+          "documentation":"<p>The CIDR block that Kubernetes Pod and Service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.0 or later of the Amazon VPC CNI add-on and specified <code>ipv6</code> for <b>ipFamily</b> when you created the cluster. Kubernetes assigns addresses from the unique local address range (fc00::/7).</p>"
+        },
+        "ipFamily":{
+          "shape":"IpFamily",
+          "documentation":"<p>The IP family used to assign Kubernetes Pod and Service IP addresses. The IP family is always <code>ipv4</code>, unless you have a <code>1.21</code> or later cluster running version 1.10.0 or later of the Amazon VPC CNI add-on and specified <code>ipv6</code> when you created the cluster. </p>"
         }
       },
-      "documentation":"<p>The Kubernetes network configuration for the cluster.</p>"
+      "documentation":"<p>The Kubernetes network configuration for the cluster. The response contains a value for <b>serviceIpv6Cidr</b> or <b>serviceIpv4Cidr</b>, but not both. </p>"
     },
     "LaunchTemplateSpecification":{
       "type":"structure",
@@ -2044,7 +2076,7 @@
         },
         "include":{
           "shape":"IncludeClustersList",
-          "documentation":"<p>Indicates whether connected clusters are included in the returned list. Default value is 'ALL'.</p>",
+          "documentation":"<p>Indicates whether external clusters are included in the returned list. Use '<code>all</code>' to return connected clusters, or blank to return only Amazon EKS clusters. '<code>all</code>' must be in lowercase otherwise an error occurs.</p>",
           "location":"querystring",
           "locationName":"include"
         }
@@ -2403,7 +2435,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata applied to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. </p>"
+          "documentation":"<p>The metadata applied to the node group to assist with categorization and organization. Each tag consists of a key and an optional value. You define both. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. </p>"
         }
       },
       "documentation":"<p>An object representing an Amazon EKS managed node group.</p>"
@@ -2468,7 +2500,7 @@
         },
         "desiredSize":{
           "shape":"ZeroCapacity",
-          "documentation":"<p>The current number of nodes that the managed node group should maintain.</p>"
+          "documentation":"<p>The current number of nodes that the managed node group should maintain.</p> <important> <p>If you use Cluster Autoscaler, you shouldn't change the desiredSize value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down.</p> </important> <p>Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template.</p> <p>This parameter can be different from minSize in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let Cluster Autoscaler reduce the number if there are too many. When Cluster Autoscaler is used, the desiredSize parameter is altered by Cluster Autoscaler (but can be out-of-date for short periods of time). Cluster Autoscaler doesn't scale a managed node group lower than minSize or higher than maxSize.</p>"
         }
       },
       "documentation":"<p>An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group. When creating a node group, you must specify all or none of the properties. When updating a node group, you can specify any or none of the properties.</p>"
@@ -2568,7 +2600,7 @@
         },
         "tags":{
           "shape":"TagMap",
-          "documentation":"<p>The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you defined.</p>"
+          "documentation":"<p>The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.</p>"
         },
         "status":{
           "shape":"configStatus",
@@ -2645,7 +2677,7 @@
       "members":{
         "name":{
           "shape":"ClusterName",
-          "documentation":"<p>Define a unique name for this cluster within your AWS account.</p>"
+          "documentation":"<p>Define a unique name for this cluster for your Region.</p>"
         },
         "connectorConfig":{
           "shape":"ConnectorConfigRequest",
@@ -2655,6 +2687,10 @@
           "shape":"String",
           "documentation":"<p>Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
           "idempotencyToken":true
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The metadata that you apply to the cluster to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Cluster tags do not propagate to any other resources associated with the cluster.</p>"
         }
       }
     },
@@ -2742,6 +2778,15 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "ResourcePropagationDelayException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>Required resources (such as Service Linked Roles) were created and are still propagating. Retry later.</p>",
+      "error":{"httpStatusCode":428},
+      "exception":true
+    },
     "RoleArn":{
       "type":"string",
       "max":255,
diff --git a/contrib/python/botocore/py3/botocore/data/elasticache/2015-02-02/service-2.json b/contrib/python/botocore/py3/botocore/data/elasticache/2015-02-02/service-2.json
index b5cd599c676..dd1de85bea4 100644
--- a/contrib/python/botocore/py3/botocore/data/elasticache/2015-02-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/elasticache/2015-02-02/service-2.json
@@ -317,11 +317,12 @@
         {"shape":"UserAlreadyExistsFault"},
         {"shape":"UserQuotaExceededFault"},
         {"shape":"DuplicateUserNameFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"InvalidParameterCombinationException"},
         {"shape":"TagQuotaPerResourceExceeded"}
       ],
-      "documentation":"<p>For Redis engine version 6.x onwards: Creates a Redis user. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>.</p>"
+      "documentation":"<p>For Redis engine version 6.0 onwards: Creates a Redis user. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>.</p>"
     },
     "CreateUserGroup":{
       "name":"CreateUserGroup",
@@ -338,12 +339,13 @@
         {"shape":"UserNotFoundFault"},
         {"shape":"DuplicateUserNameFault"},
         {"shape":"UserGroupAlreadyExistsFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"DefaultUserRequired"},
         {"shape":"UserGroupQuotaExceededFault"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"TagQuotaPerResourceExceeded"}
       ],
-      "documentation":"<p>For Redis engine version 6.x onwards: Creates a Redis user group. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a> </p>"
+      "documentation":"<p>For Redis engine version 6.0 onwards: Creates a Redis user group. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a> </p>"
     },
     "DecreaseNodeGroupsInGlobalReplicationGroup":{
       "name":"DecreaseNodeGroupsInGlobalReplicationGroup",
@@ -529,10 +531,11 @@
       "errors":[
         {"shape":"InvalidUserStateFault"},
         {"shape":"UserNotFoundFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"DefaultUserAssociatedToUserGroupFault"}
       ],
-      "documentation":"<p>For Redis engine version 6.x onwards: Deletes a user. The user will be removed from all user groups and in turn removed from all replication groups. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>. </p>"
+      "documentation":"<p>For Redis engine version 6.0 onwards: Deletes a user. The user will be removed from all user groups and in turn removed from all replication groups. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>. </p>"
     },
     "DeleteUserGroup":{
       "name":"DeleteUserGroup",
@@ -548,9 +551,10 @@
       "errors":[
         {"shape":"UserGroupNotFoundFault"},
         {"shape":"InvalidUserGroupStateFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterValueException"}
       ],
-      "documentation":"<p>For Redis engine version 6.x onwards: Deletes a user group. The user group must first be disassociated from the replication group before it can be deleted. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>. </p>"
+      "documentation":"<p>For Redis engine version 6.0 onwards: Deletes a user group. The user group must first be disassociated from the replication group before it can be deleted. For more information, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html\">Using Role Based Access Control (RBAC)</a>. </p>"
     },
     "DescribeCacheClusters":{
       "name":"DescribeCacheClusters",
@@ -826,6 +830,7 @@
       },
       "errors":[
         {"shape":"UserGroupNotFoundFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterCombinationException"}
       ],
       "documentation":"<p>Returns a list of user groups.</p>"
@@ -843,6 +848,7 @@
       },
       "errors":[
         {"shape":"UserNotFoundFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterCombinationException"}
       ],
       "documentation":"<p>Returns a list of users.</p>"
@@ -1129,6 +1135,7 @@
       "errors":[
         {"shape":"UserNotFoundFault"},
         {"shape":"InvalidUserStateFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"InvalidParameterCombinationException"}
       ],
@@ -1149,6 +1156,7 @@
         {"shape":"UserGroupNotFoundFault"},
         {"shape":"UserNotFoundFault"},
         {"shape":"DuplicateUserNameFault"},
+        {"shape":"ServiceLinkedRoleNotFoundFault"},
         {"shape":"DefaultUserRequired"},
         {"shape":"InvalidUserGroupStateFault"},
         {"shape":"InvalidParameterValueException"},
@@ -1210,7 +1218,7 @@
         {"shape":"InvalidCacheClusterStateFault"},
         {"shape":"CacheClusterNotFoundFault"}
       ],
-      "documentation":"<p>Reboots some, or all, of the cache nodes within a provisioned cluster. This operation applies any modified cache parameter groups to the cluster. The reboot operation takes place as soon as possible, and results in a momentary outage to the cluster. During the reboot, the cluster status is set to REBOOTING.</p> <p>The reboot causes the contents of the cache (for each cache node being rebooted) to be lost.</p> <p>When the reboot is complete, a cluster event is created.</p> <p>Rebooting a cluster is currently supported on Memcached and Redis (cluster mode disabled) clusters. Rebooting is not supported on Redis (cluster mode enabled) clusters.</p> <p>If you make changes to parameters that require a Redis (cluster mode enabled) cluster reboot for the changes to be applied, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Rebooting.html\">Rebooting a Cluster</a> for an alternate process.</p>"
+      "documentation":"<p>Reboots some, or all, of the cache nodes within a provisioned cluster. This operation applies any modified cache parameter groups to the cluster. The reboot operation takes place as soon as possible, and results in a momentary outage to the cluster. During the reboot, the cluster status is set to REBOOTING.</p> <p>The reboot causes the contents of the cache (for each cache node being rebooted) to be lost.</p> <p>When the reboot is complete, a cluster event is created.</p> <p>Rebooting a cluster is currently supported on Memcached and Redis (cluster mode disabled) clusters. Rebooting is not supported on Redis (cluster mode enabled) clusters.</p> <p>If you make changes to parameters that require a Redis (cluster mode enabled) cluster reboot for the changes to be applied, see <a href=\"http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes.rebooting.html\">Rebooting a Cluster</a> for an alternate process.</p>"
     },
     "RemoveTagsFromResource":{
       "name":"RemoveTagsFromResource",
@@ -1320,7 +1328,7 @@
         {"shape":"InvalidParameterValueException"},
         {"shape":"InvalidParameterCombinationException"}
       ],
-      "documentation":"<p>Represents the input of a <code>TestFailover</code> operation which test automatic failover on a specified node group (called shard in the console) in a replication group (called cluster in the console).</p> <p class=\"title\"> <b>Note the following</b> </p> <ul> <li> <p>A customer can use this operation to test automatic failover on up to 5 shards (called node groups in the ElastiCache API and Amazon CLI) in any rolling 24-hour period.</p> </li> <li> <p>If calling this operation on shards in different clusters (called replication groups in the API and CLI), the calls can be made concurrently.</p> <p> </p> </li> <li> <p>If calling this operation multiple times on different shards in the same Redis (cluster mode enabled) replication group, the first node replacement must complete before a subsequent call can be made.</p> </li> <li> <p>To determine whether the node replacement is complete you can check Events using the Amazon ElastiCache console, the Amazon CLI, or the ElastiCache API. Look for the following automatic failover related events, listed here in order of occurrance:</p> <ol> <li> <p>Replication group message: <code>Test Failover API called for node group &lt;node-group-id&gt;</code> </p> </li> <li> <p>Cache cluster message: <code>Failover from primary node &lt;primary-node-id&gt; to replica node &lt;node-id&gt; completed</code> </p> </li> <li> <p>Replication group message: <code>Failover from primary node &lt;primary-node-id&gt; to replica node &lt;node-id&gt; completed</code> </p> </li> <li> <p>Cache cluster message: <code>Recovering cache nodes &lt;node-id&gt;</code> </p> </li> <li> <p>Cache cluster message: <code>Finished recovery for cache nodes &lt;node-id&gt;</code> </p> </li> </ol> <p>For more information see:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ECEvents.Viewing.html\">Viewing ElastiCache Events</a> in the <i>ElastiCache User Guide</i> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeEvents.html\">DescribeEvents</a> in the ElastiCache API Reference</p> </li> </ul> </li> </ul> <p>Also see, <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html#auto-failover-test\">Testing Multi-AZ </a> in the <i>ElastiCache User Guide</i>.</p>"
+      "documentation":"<p>Represents the input of a <code>TestFailover</code> operation which test automatic failover on a specified node group (called shard in the console) in a replication group (called cluster in the console).</p> <p>This API is designed for testing the behavior of your application in case of ElastiCache failover. It is not designed to be an operational tool for initiating a failover to overcome a problem you may have with the cluster. Moreover, in certain conditions such as large-scale operational events, Amazon may block this API. </p> <p class=\"title\"> <b>Note the following</b> </p> <ul> <li> <p>A customer can use this operation to test automatic failover on up to 5 shards (called node groups in the ElastiCache API and Amazon CLI) in any rolling 24-hour period.</p> </li> <li> <p>If calling this operation on shards in different clusters (called replication groups in the API and CLI), the calls can be made concurrently.</p> <p> </p> </li> <li> <p>If calling this operation multiple times on different shards in the same Redis (cluster mode enabled) replication group, the first node replacement must complete before a subsequent call can be made.</p> </li> <li> <p>To determine whether the node replacement is complete you can check Events using the Amazon ElastiCache console, the Amazon CLI, or the ElastiCache API. Look for the following automatic failover related events, listed here in order of occurrance:</p> <ol> <li> <p>Replication group message: <code>Test Failover API called for node group &lt;node-group-id&gt;</code> </p> </li> <li> <p>Cache cluster message: <code>Failover from primary node &lt;primary-node-id&gt; to replica node &lt;node-id&gt; completed</code> </p> </li> <li> <p>Replication group message: <code>Failover from primary node &lt;primary-node-id&gt; to replica node &lt;node-id&gt; completed</code> </p> </li> <li> <p>Cache cluster message: <code>Recovering cache nodes &lt;node-id&gt;</code> </p> </li> <li> <p>Cache cluster message: <code>Finished recovery for cache nodes &lt;node-id&gt;</code> </p> </li> </ol> <p>For more information see:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ECEvents.Viewing.html\">Viewing ElastiCache Events</a> in the <i>ElastiCache User Guide</i> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_DescribeEvents.html\">DescribeEvents</a> in the ElastiCache API Reference</p> </li> </ul> </li> </ul> <p>Also see, <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html#auto-failover-test\">Testing Multi-AZ </a> in the <i>ElastiCache User Guide</i>.</p>"
     }
   },
   "shapes":{
@@ -1557,7 +1565,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The name of the compute and memory capacity node type for the cluster.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The name of the compute and memory capacity node type for the cluster.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and for Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Engine":{
           "shape":"String",
@@ -1614,7 +1622,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"Boolean",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SecurityGroups":{
           "shape":"SecurityGroupMembershipList",
@@ -1727,7 +1735,7 @@
         },
         "CacheParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The name of the cache parameter group family associated with this cache engine.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | </p>"
+          "documentation":"<p>The name of the cache parameter group family associated with this cache engine.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.0</code> | <code>redis6.2</code> </p>"
         },
         "CacheEngineDescription":{
           "shape":"String",
@@ -1797,7 +1805,7 @@
           "documentation":"<p>The customer outpost ARN of the cache node.</p>"
         }
       },
-      "documentation":"<p>Represents an individual cache node within a cluster. Each cache node runs its own instance of the cluster's protocol-compliant caching software - either Memcached or Redis.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+      "documentation":"<p>Represents an individual cache node within a cluster. Each cache node runs its own instance of the cluster's protocol-compliant caching software - either Memcached or Redis.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and for Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
     },
     "CacheNodeIdsList":{
       "type":"list",
@@ -2426,7 +2434,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the nodes in the node group (shard).</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The compute and memory capacity of the nodes in the node group (shard).</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Engine":{
           "shape":"String",
@@ -2466,7 +2474,7 @@
         },
         "PreferredMaintenanceWindow":{
           "shape":"String",
-          "documentation":"<p>Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for <code>ddd</code> are:</p>"
+          "documentation":"<p>Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. </p>"
         },
         "Port":{
           "shape":"IntegerOptional",
@@ -2478,7 +2486,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SnapshotRetentionLimit":{
           "shape":"IntegerOptional",
@@ -2531,7 +2539,7 @@
         },
         "CacheParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The name of the cache parameter group family that the cache parameter group can be used with.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | </p>"
+          "documentation":"<p>The name of the cache parameter group family that the cache parameter group can be used with.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> </p>"
         },
         "Description":{
           "shape":"String",
@@ -2691,7 +2699,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the nodes in the node group (shard).</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The compute and memory capacity of the nodes in the node group (shard).</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Engine":{
           "shape":"String",
@@ -2743,7 +2751,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SnapshotRetentionLimit":{
           "shape":"IntegerOptional",
@@ -2776,6 +2784,10 @@
         "LogDeliveryConfigurations":{
           "shape":"LogDeliveryConfigurationRequestList",
           "documentation":"<p>Specifies the destination, format and type of the logs.</p>"
+        },
+        "DataTieringEnabled":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html\">Data tiering</a>.</p>"
         }
       },
       "documentation":"<p>Represents the input of a <code>CreateReplicationGroup</code> operation.</p>"
@@ -2901,6 +2913,13 @@
       "type":"list",
       "member":{"shape":"CustomerNodeEndpoint"}
     },
+    "DataTieringStatus":{
+      "type":"string",
+      "enum":[
+        "enabled",
+        "disabled"
+      ]
+    },
     "DecreaseNodeGroupsInGlobalReplicationGroupMessage":{
       "type":"structure",
       "required":[
@@ -3174,7 +3193,7 @@
         },
         "CacheParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The name of a specific cache parameter group family to return details for.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | </p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 255 alphanumeric characters</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Cannot end with a hyphen or contain two consecutive hyphens</p> </li> </ul>"
+          "documentation":"<p>The name of a specific cache parameter group family to return details for.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | <code>redis6.2</code> </p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 255 alphanumeric characters</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Cannot end with a hyphen or contain two consecutive hyphens</p> </li> </ul>"
         },
         "MaxRecords":{
           "shape":"IntegerOptional",
@@ -3274,7 +3293,7 @@
       "members":{
         "CacheParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The name of the cache parameter group family.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | </p>"
+          "documentation":"<p>The name of the cache parameter group family.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | <code>redis6.2</code> </p>"
         },
         "MaxRecords":{
           "shape":"IntegerOptional",
@@ -3392,7 +3411,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The cache node type filter value. Use this parameter to show only those reservations matching the specified cache node type.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The cache node type filter value. Use this parameter to show only those reservations matching the specified cache node type.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and for Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Duration":{
           "shape":"String",
@@ -3426,7 +3445,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The cache node type filter value. Use this parameter to show only the available offerings matching the specified cache node type.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The cache node type filter value. Use this parameter to show only the available offerings matching the specified cache node type.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward) <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and for Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Duration":{
           "shape":"String",
@@ -3739,7 +3758,7 @@
       "members":{
         "CacheParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>Specifies the name of the cache parameter group family to which the engine default parameters apply.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.x</code> | </p>"
+          "documentation":"<p>Specifies the name of the cache parameter group family to which the engine default parameters apply.</p> <p>Valid values are: <code>memcached1.4</code> | <code>memcached1.5</code> | <code>memcached1.6</code> | <code>redis2.6</code> | <code>redis2.8</code> | <code>redis3.2</code> | <code>redis4.0</code> | <code>redis5.0</code> | <code>redis6.0</code> | <code>redis6.2</code> </p>"
         },
         "Marker":{
           "shape":"String",
@@ -4332,7 +4351,7 @@
       "members":{
         "LogType":{
           "shape":"LogType",
-          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a>.</p>"
+          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a> or engine-log.</p>"
         },
         "DestinationType":{
           "shape":"DestinationType",
@@ -4369,7 +4388,7 @@
       "members":{
         "LogType":{
           "shape":"LogType",
-          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a>.</p>"
+          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a> or engine-log..</p>"
         },
         "DestinationType":{
           "shape":"DestinationType",
@@ -4416,7 +4435,10 @@
     },
     "LogType":{
       "type":"string",
-      "enum":["slow-log"]
+      "enum":[
+        "slow-log",
+        "engine-log"
+      ]
     },
     "ModifyCacheClusterMessage":{
       "type":"structure",
@@ -4476,7 +4498,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SnapshotRetentionLimit":{
           "shape":"IntegerOptional",
@@ -4664,7 +4686,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SnapshotRetentionLimit":{
           "shape":"IntegerOptional",
@@ -5241,7 +5263,7 @@
       "members":{
         "LogType":{
           "shape":"LogType",
-          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a>.</p>"
+          "documentation":"<p>Refers to <a href=\"https://redis.io/commands/slowlog\">slow-log</a> or engine-log..</p>"
         },
         "DestinationType":{
           "shape":"DestinationType",
@@ -5595,6 +5617,10 @@
         "ReplicationGroupCreateTime":{
           "shape":"TStamp",
           "documentation":"<p>The date and time when the cluster was created.</p>"
+        },
+        "DataTiering":{
+          "shape":"DataTieringStatus",
+          "documentation":"<p>Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html\">Data tiering</a>.</p>"
         }
       },
       "documentation":"<p>Contains all of the attributes of a specific Redis replication group.</p>",
@@ -5724,7 +5750,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The cache node type for the reserved cache nodes.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The cache node type for the reserved cache nodes.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "StartTime":{
           "shape":"TStamp",
@@ -5836,7 +5862,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The cache node type for the reserved cache node.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The cache node type for the reserved cache node.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types:</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and Memcached engine version 1.5.16 onward): <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Duration":{
           "shape":"Integer",
@@ -6174,7 +6200,7 @@
         },
         "CacheNodeType":{
           "shape":"String",
-          "documentation":"<p>The name of the compute and memory capacity node type for the source cluster.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
+          "documentation":"<p>The name of the compute and memory capacity node type for the source cluster.</p> <p>The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts.</p> <ul> <li> <p>General purpose:</p> <ul> <li> <p>Current generation: </p> <p> <b>M6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.m6g.large</code>, <code>cache.m6g.xlarge</code>, <code>cache.m6g.2xlarge</code>, <code>cache.m6g.4xlarge</code>, <code>cache.m6g.8xlarge</code>, <code>cache.m6g.12xlarge</code>, <code>cache.m6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>M5 node types:</b> <code>cache.m5.large</code>, <code>cache.m5.xlarge</code>, <code>cache.m5.2xlarge</code>, <code>cache.m5.4xlarge</code>, <code>cache.m5.12xlarge</code>, <code>cache.m5.24xlarge</code> </p> <p> <b>M4 node types:</b> <code>cache.m4.large</code>, <code>cache.m4.xlarge</code>, <code>cache.m4.2xlarge</code>, <code>cache.m4.4xlarge</code>, <code>cache.m4.10xlarge</code> </p> <p> <b>T4g node types</b> (available only for Redis engine version 6.0 onward and Memcached engine version 1.5.16 onward):</p> <p> <code>cache.t4g.micro</code>, <code>cache.t4g.small</code>, <code>cache.t4g.medium</code> </p> <p> <b>T3 node types:</b> <code>cache.t3.micro</code>, <code>cache.t3.small</code>, <code>cache.t3.medium</code> </p> <p> <b>T2 node types:</b> <code>cache.t2.micro</code>, <code>cache.t2.small</code>, <code>cache.t2.medium</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>T1 node types:</b> <code>cache.t1.micro</code> </p> <p> <b>M1 node types:</b> <code>cache.m1.small</code>, <code>cache.m1.medium</code>, <code>cache.m1.large</code>, <code>cache.m1.xlarge</code> </p> <p> <b>M3 node types:</b> <code>cache.m3.medium</code>, <code>cache.m3.large</code>, <code>cache.m3.xlarge</code>, <code>cache.m3.2xlarge</code> </p> </li> </ul> </li> <li> <p>Compute optimized:</p> <ul> <li> <p>Previous generation: (not recommended)</p> <p> <b>C1 node types:</b> <code>cache.c1.xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized with data tiering:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6gd node types</b> (available only for Redis engine version 6.2 onward).</p> <p> <code>cache.r6gd.xlarge</code>, <code>cache.r6gd.2xlarge</code>, <code>cache.r6gd.4xlarge</code>, <code>cache.r6gd.8xlarge</code>, <code>cache.r6gd.12xlarge</code>, <code>cache.r6gd.16xlarge</code> </p> </li> </ul> </li> <li> <p>Memory optimized:</p> <ul> <li> <p>Current generation: </p> <p> <b>R6g node types</b> (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward).</p> <p> <code>cache.r6g.large</code>, <code>cache.r6g.xlarge</code>, <code>cache.r6g.2xlarge</code>, <code>cache.r6g.4xlarge</code>, <code>cache.r6g.8xlarge</code>, <code>cache.r6g.12xlarge</code>, <code>cache.r6g.16xlarge</code> </p> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <note> <p>For region availability, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion\">Supported Node Types</a> </p> </note> <p> <b>R5 node types:</b> <code>cache.r5.large</code>, <code>cache.r5.xlarge</code>, <code>cache.r5.2xlarge</code>, <code>cache.r5.4xlarge</code>, <code>cache.r5.12xlarge</code>, <code>cache.r5.24xlarge</code> </p> <p> <b>R4 node types:</b> <code>cache.r4.large</code>, <code>cache.r4.xlarge</code>, <code>cache.r4.2xlarge</code>, <code>cache.r4.4xlarge</code>, <code>cache.r4.8xlarge</code>, <code>cache.r4.16xlarge</code> </p> </li> <li> <p>Previous generation: (not recommended)</p> <p> <b>M2 node types:</b> <code>cache.m2.xlarge</code>, <code>cache.m2.2xlarge</code>, <code>cache.m2.4xlarge</code> </p> <p> <b>R3 node types:</b> <code>cache.r3.large</code>, <code>cache.r3.xlarge</code>, <code>cache.r3.2xlarge</code>, <code>cache.r3.4xlarge</code>, <code>cache.r3.8xlarge</code> </p> </li> </ul> </li> </ul> <p> <b>Additional node type info</b> </p> <ul> <li> <p>All current generation instance types are created in Amazon VPC by default.</p> </li> <li> <p>Redis append-only files (AOF) are not supported for T1 or T2 instances.</p> </li> <li> <p>Redis Multi-AZ with automatic failover is not supported on T1 instances.</p> </li> <li> <p>Redis configuration variables <code>appendonly</code> and <code>appendfsync</code> are not supported on Redis version 2.8.22 and later.</p> </li> </ul>"
         },
         "Engine":{
           "shape":"String",
@@ -6226,7 +6252,7 @@
         },
         "AutoMinorVersionUpgrade":{
           "shape":"Boolean",
-          "documentation":"<p>This parameter is currently disabled.</p>"
+          "documentation":"<p> If you are running Redis engine version 6.0 or later, set this parameter to yes if you want to opt-in to the next auto minor version upgrade campaign. This parameter is disabled for previous versions.  </p>"
         },
         "SnapshotRetentionLimit":{
           "shape":"IntegerOptional",
@@ -6255,6 +6281,10 @@
         "ARN":{
           "shape":"String",
           "documentation":"<p>The ARN (Amazon Resource Name) of the snapshot.</p>"
+        },
+        "DataTiering":{
+          "shape":"DataTieringStatus",
+          "documentation":"<p>Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html\">Data tiering</a>.</p>"
         }
       },
       "documentation":"<p>Represents a copy of an entire Redis cluster as of the time when the snapshot was taken.</p>",
@@ -6711,6 +6741,10 @@
           "shape":"EngineType",
           "documentation":"<p>The current supported value is Redis.</p>"
         },
+        "MinimumEngineVersion":{
+          "shape":"String",
+          "documentation":"<p>The minimum engine version required, which is Redis 6.0</p>"
+        },
         "AccessString":{
           "shape":"String",
           "documentation":"<p>Access permissions string used for this user.</p>"
@@ -6760,6 +6794,10 @@
           "shape":"UserIdList",
           "documentation":"<p>The list of user IDs that belong to the user group.</p>"
         },
+        "MinimumEngineVersion":{
+          "shape":"String",
+          "documentation":"<p>The minimum engine version required, which is Redis 6.0</p>"
+        },
         "PendingChanges":{
           "shape":"UserGroupPendingChanges",
           "documentation":"<p>A list of updates being applied to the user group.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/elbv2/2015-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/elbv2/2015-12-01/service-2.json
index 5eb59cb2aa1..52677e56002 100644
--- a/contrib/python/botocore/py3/botocore/data/elbv2/2015-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/elbv2/2015-12-01/service-2.json
@@ -1135,7 +1135,7 @@
         },
         "IpAddressType":{
           "shape":"IpAddressType",
-          "documentation":"<p>The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). Internal load balancers must use <code>ipv4</code>.</p>"
+          "documentation":"<p>The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). </p>"
         },
         "CustomerOwnedIpv4Pool":{
           "shape":"CustomerOwnedIpv4Pool",
@@ -2106,7 +2106,7 @@
       "members":{
         "Key":{
           "shape":"LoadBalancerAttributeKey",
-          "documentation":"<p>The name of the attribute.</p> <p>The following attribute is supported by all load balancers:</p> <ul> <li> <p> <code>deletion_protection.enabled</code> - Indicates whether deletion protection is enabled. The value is <code>true</code> or <code>false</code>. The default is <code>false</code>.</p> </li> </ul> <p>The following attributes are supported by both Application Load Balancers and Network Load Balancers:</p> <ul> <li> <p> <code>access_logs.s3.enabled</code> - Indicates whether access logs are enabled. The value is <code>true</code> or <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>access_logs.s3.bucket</code> - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.</p> </li> <li> <p> <code>access_logs.s3.prefix</code> - The prefix for the location in the S3 bucket for the access logs.</p> </li> </ul> <p>The following attributes are supported by only Application Load Balancers:</p> <ul> <li> <p> <code>idle_timeout.timeout_seconds</code> - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.</p> </li> <li> <p> <code>routing.http.desync_mitigation_mode</code> - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are <code>monitor</code>, <code>defensive</code>, and <code>strictest</code>. The default is <code>defensive</code>.</p> </li> <li> <p> <code>routing.http.drop_invalid_header_fields.enabled</code> - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (<code>true</code>) or routed to targets (<code>false</code>). The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http.x_amzn_tls_version_and_cipher_suite.enabled</code> - Indicates whether the two headers (<code>x-amzn-tls-version</code> and <code>x-amzn-tls-cipher-suite</code>), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The <code>x-amzn-tls-version</code> header has information about the TLS protocol version negotiated with the client, and the <code>x-amzn-tls-cipher-suite</code> header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http.xff_client_port.enabled</code> - Indicates whether the <code>X-Forwarded-For</code> header should preserve the source port that the client used to connect to the load balancer. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http2.enabled</code> - Indicates whether HTTP/2 is enabled. The possible values are <code>true</code> and <code>false</code>. The default is <code>true</code>. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.</p> </li> <li> <p> <code>waf.fail_open.enabled</code> - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> </ul> <p>The following attribute is supported by Network Load Balancers and Gateway Load Balancers:</p> <ul> <li> <p> <code>load_balancing.cross_zone.enabled</code> - Indicates whether cross-zone load balancing is enabled. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> </ul>"
+          "documentation":"<p>The name of the attribute.</p> <p>The following attribute is supported by all load balancers:</p> <ul> <li> <p> <code>deletion_protection.enabled</code> - Indicates whether deletion protection is enabled. The value is <code>true</code> or <code>false</code>. The default is <code>false</code>.</p> </li> </ul> <p>The following attributes are supported by both Application Load Balancers and Network Load Balancers:</p> <ul> <li> <p> <code>access_logs.s3.enabled</code> - Indicates whether access logs are enabled. The value is <code>true</code> or <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>access_logs.s3.bucket</code> - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.</p> </li> <li> <p> <code>access_logs.s3.prefix</code> - The prefix for the location in the S3 bucket for the access logs.</p> </li> <li> <p> <code>ipv6.deny-all-igw-traffic</code> - Blocks internet gateway (IGW) access to the load balancer. It is set to <code>false</code> for internet-facing load balancers and <code>true</code> for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.</p> </li> </ul> <p>The following attributes are supported by only Application Load Balancers:</p> <ul> <li> <p> <code>idle_timeout.timeout_seconds</code> - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.</p> </li> <li> <p> <code>routing.http.desync_mitigation_mode</code> - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are <code>monitor</code>, <code>defensive</code>, and <code>strictest</code>. The default is <code>defensive</code>.</p> </li> <li> <p> <code>routing.http.drop_invalid_header_fields.enabled</code> - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (<code>true</code>) or routed to targets (<code>false</code>). The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http.x_amzn_tls_version_and_cipher_suite.enabled</code> - Indicates whether the two headers (<code>x-amzn-tls-version</code> and <code>x-amzn-tls-cipher-suite</code>), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The <code>x-amzn-tls-version</code> header has information about the TLS protocol version negotiated with the client, and the <code>x-amzn-tls-cipher-suite</code> header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http.xff_client_port.enabled</code> - Indicates whether the <code>X-Forwarded-For</code> header should preserve the source port that the client used to connect to the load balancer. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> <li> <p> <code>routing.http2.enabled</code> - Indicates whether HTTP/2 is enabled. The possible values are <code>true</code> and <code>false</code>. The default is <code>true</code>. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.</p> </li> <li> <p> <code>waf.fail_open.enabled</code> - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> </ul> <p>The following attribute is supported by Network Load Balancers and Gateway Load Balancers:</p> <ul> <li> <p> <code>load_balancing.cross_zone.enabled</code> - Indicates whether cross-zone load balancing is enabled. The possible values are <code>true</code> and <code>false</code>. The default is <code>false</code>.</p> </li> </ul>"
         },
         "Value":{
           "shape":"LoadBalancerAttributeValue",
@@ -2757,7 +2757,7 @@
         },
         "IpAddressType":{
           "shape":"IpAddressType",
-          "documentation":"<p>The IP address type. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). Internal load balancers must use <code>ipv4</code>. You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p>"
+          "documentation":"<p>The IP address type. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener.</p>"
         }
       }
     },
@@ -2833,7 +2833,7 @@
         },
         "IpAddressType":{
           "shape":"IpAddressType",
-          "documentation":"<p>[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener. Internal load balancers must use <code>ipv4</code>.</p>"
+          "documentation":"<p>[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are <code>ipv4</code> (for IPv4 addresses) and <code>dualstack</code> (for IPv4 and IPv6 addresses). You can’t specify <code>dualstack</code> for a load balancer with a UDP or TCP_UDP listener. .</p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/emr/2009-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/emr/2009-03-31/service-2.json
index a9272dc2aea..bad076330a4 100644
--- a/contrib/python/botocore/py3/botocore/data/emr/2009-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/emr/2009-03-31/service-2.json
@@ -51,7 +51,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>AddJobFlowSteps adds new steps to a running cluster. A maximum of 256 steps are allowed in each job flow.</p> <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may require more than 256 steps to process your data. You can bypass the 256-step limitation in various ways, including using SSH to connect to the master node and submitting queries directly to the software running on the master node, such as Hive and Hadoop. For more information on how to do this, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html\">Add More than 256 Steps to a Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p> <p>A step specifies the location of a JAR file stored either on the master node of the cluster or in Amazon S3. Each step is performed by the main function of the main class of the JAR file. The main class can be specified either in the manifest of the JAR or by using the MainFunction parameter of the step.</p> <p>Amazon EMR executes each step in the order listed. For a step to be considered complete, the main function must exit with a zero exit code and all Hadoop jobs started while the step was running must have completed and run successfully.</p> <p>You can only add steps to a cluster that is in one of the following states: STARTING, BOOTSTRAPPING, RUNNING, or WAITING.</p>"
+      "documentation":"<p>AddJobFlowSteps adds new steps to a running cluster. A maximum of 256 steps are allowed in each job flow.</p> <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may require more than 256 steps to process your data. You can bypass the 256-step limitation in various ways, including using SSH to connect to the master node and submitting queries directly to the software running on the master node, such as Hive and Hadoop. For more information on how to do this, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html\">Add More than 256 Steps to a Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p> <p>A step specifies the location of a JAR file stored either on the master node of the cluster or in Amazon S3. Each step is performed by the main function of the main class of the JAR file. The main class can be specified either in the manifest of the JAR or by using the MainFunction parameter of the step.</p> <p>Amazon EMR executes each step in the order listed. For a step to be considered complete, the main function must exit with a zero exit code and all Hadoop jobs started while the step was running must have completed and run successfully.</p> <p>You can only add steps to a cluster that is in one of the following states: STARTING, BOOTSTRAPPING, RUNNING, or WAITING.</p> <note> <p>The string values passed into <code>HadoopJarStep</code> object cannot exceed a total of 10240 characters.</p> </note>"
     },
     "AddTags":{
       "name":"AddTags",
@@ -519,7 +519,7 @@
       },
       "input":{"shape":"PutAutoTerminationPolicyInput"},
       "output":{"shape":"PutAutoTerminationPolicyOutput"},
-      "documentation":"<p>Creates or updates an auto-termination policy for an Amazon EMR cluster. An auto-termination policy defines the amount of idle time in seconds after which a cluster automatically terminates. For alternative cluster termination options, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html\">Control cluster termination</a>.</p>"
+      "documentation":"<note> <p>Auto-termination is supported in Amazon EMR versions 5.30.0 and 6.1.0 and later. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-auto-termination-policy.html\">Using an auto-termination policy</a>.</p> </note> <p>Creates or updates an auto-termination policy for an Amazon EMR cluster. An auto-termination policy defines the amount of idle time in seconds after which a cluster automatically terminates. For alternative cluster termination options, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html\">Control cluster termination</a>.</p>"
     },
     "PutBlockPublicAccessConfiguration":{
       "name":"PutBlockPublicAccessConfiguration",
@@ -624,7 +624,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Sets the <a>Cluster$VisibleToAllUsers</a> value for an EMR cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions on the cluster, regardless of IAM permissions policies attached to other IAM principals.</p> <p>This action works on running clusters. When you create a cluster, use the <a>RunJobFlowInput$VisibleToAllUsers</a> parameter.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
+      "documentation":"<important> <p>The SetVisibleToAllUsers parameter is no longer supported. Your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-access-iam.html\">Identity and Access Management for EMR</a>. </p> </important> <p>Sets the <a>Cluster$VisibleToAllUsers</a> value for an EMR cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions on the cluster, regardless of IAM permissions policies attached to other IAM principals.</p> <p>This action works on running clusters. When you create a cluster, use the <a>RunJobFlowInput$VisibleToAllUsers</a> parameter.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
     },
     "StartNotebookExecution":{
       "name":"StartNotebookExecution",
@@ -1196,7 +1196,7 @@
         },
         "VisibleToAllUsers":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions on the cluster that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions, regardless of IAM permissions policies attached to other IAM principals.</p> <p>The default value is <code>true</code> if a value is not provided when creating a cluster using the EMR API <a>RunJobFlow</a> command, the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command, or the Amazon Web Services Management Console. IAM principals that are allowed to perform actions on the cluster can use the <a>SetVisibleToAllUsers</a> action to change the value on a running cluster. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
+          "documentation":"<p>Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions on the cluster that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions, regardless of IAM permissions policies attached to other IAM principals.</p> <p>The default value is <code>true</code> if a value is not provided when creating a cluster using the EMR API <a>RunJobFlow</a> command, the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command, or the Amazon Web Services Management Console.</p>"
         },
         "Applications":{
           "shape":"ApplicationList",
@@ -2608,7 +2608,7 @@
         },
         "State":{
           "shape":"InstanceGroupState",
-          "documentation":"<p>State of instance group. The following values are deprecated: STARTING, TERMINATED, and FAILED.</p>"
+          "documentation":"<p>State of instance group. The following values are no longer supported: STARTING, TERMINATED, and FAILED.</p>"
         },
         "LastStateChangeReason":{
           "shape":"XmlString",
@@ -3046,7 +3046,7 @@
         },
         "VisibleToAllUsers":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions, regardless of IAM permissions policies attached to other IAM principals.</p> <p>The default value is <code>true</code> if a value is not provided when creating a cluster using the EMR API <a>RunJobFlow</a> command, the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command, or the Amazon Web Services Management Console. IAM principals that are authorized to perform actions on the cluster can use the <a>SetVisibleToAllUsers</a> action to change the value on a running cluster. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
+          "documentation":"<p>Indicates whether the cluster is visible to IAM principals in the Amazon Web Services account associated with the cluster. When <code>true</code>, IAM principals in the Amazon Web Services account can perform EMR cluster actions that their IAM policies allow. When <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions, regardless of IAM permissions policies attached to other IAM principals.</p> <p>The default value is <code>true</code> if a value is not provided when creating a cluster using the EMR API <a>RunJobFlow</a> command, the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command, or the Amazon Web Services Management Console.</p>"
         },
         "JobFlowRole":{
           "shape":"XmlString",
@@ -4237,7 +4237,7 @@
         },
         "Applications":{
           "shape":"ApplicationList",
-          "documentation":"<p>Applies to Amazon EMR releases 4.0 and later. A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. For a list of applications available for each Amazon EMR release version, see the <a href=\"https://docs.aws.amazon.com/emr/latest/ReleaseGuide/\">Amazon EMR Release Guide</a>.</p>"
+          "documentation":"<p>Applies to Amazon EMR releases 4.0 and later. A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. For a list of applications available for each Amazon EMR release version, see the <a href=\"https://docs.aws.amazon.com/emr/latest/ReleaseGuide/\">Amazon EMRRelease Guide</a>.</p>"
         },
         "Configurations":{
           "shape":"ConfigurationList",
@@ -4245,7 +4245,7 @@
         },
         "VisibleToAllUsers":{
           "shape":"Boolean",
-          "documentation":"<p>Set this value to <code>true</code> so that IAM principals in the Amazon Web Services account associated with the cluster can perform EMR actions on the cluster that their IAM policies allow. This value defaults to <code>true</code> for clusters created using the EMR API or the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command.</p> <p>When set to <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions for the cluster, regardless of the IAM permissions policies attached to other IAM principals. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
+          "documentation":"<important> <p>The VisibleToAllUsers parameter is no longer supported. By default, the value is set to <code>true</code>. Setting it to <code>false</code> now has no effect.</p> </important> <p>Set this value to <code>true</code> so that IAM principals in the Amazon Web Services account associated with the cluster can perform EMR actions on the cluster that their IAM policies allow. This value defaults to <code>true</code> for clusters created using the EMR API or the CLI <a href=\"https://docs.aws.amazon.com/cli/latest/reference/emr/create-cluster.html\">create-cluster</a> command.</p> <p>When set to <code>false</code>, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform EMR actions for the cluster, regardless of the IAM permissions policies attached to other IAM principals. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/security_iam_emr-with-iam.html#security_set_visible_to_all_users\">Understanding the EMR Cluster VisibleToAllUsers Setting</a> in the <i>Amazon EMRManagement Guide</i>.</p>"
         },
         "JobFlowRole":{
           "shape":"XmlString",
@@ -4612,14 +4612,14 @@
         },
         "BlockDurationMinutes":{
           "shape":"WholeNumber",
-          "documentation":"<p>The defined duration for Spot Instances (also known as Spot blocks) in minutes. When specified, the Spot Instance does not terminate before the defined duration expires, and defined duration pricing for Spot Instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot Instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot Instance for termination and provides a Spot Instance termination notice, which gives the instance a two-minute warning before it terminates. </p>"
+          "documentation":"<p>The defined duration for Spot Instances (also known as Spot blocks) in minutes. When specified, the Spot Instance does not terminate before the defined duration expires, and defined duration pricing for Spot Instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot Instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot Instance for termination and provides a Spot Instance termination notice, which gives the instance a two-minute warning before it terminates. </p> <note> <p>Spot Instances with a defined duration (also known as Spot blocks) are no longer available to new customers from July 1, 2021. For customers who have previously used the feature, we will continue to support Spot Instances with a defined duration until December 31, 2022. </p> </note>"
         },
         "AllocationStrategy":{
           "shape":"SpotProvisioningAllocationStrategy",
           "documentation":"<p> Specifies the strategy to use in launching Spot Instance fleets. Currently, the only option is capacity-optimized (the default), which launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. </p>"
         }
       },
-      "documentation":"<p>The launch specification for Spot Instances in the instance fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.</p> <note> <p>The instance fleet configuration is available only in Amazon EMR versions 4.8.0 and later, excluding 5.0.x versions. Spot Instance allocation strategy is available in Amazon EMR version 5.12.1 and later.</p> </note>"
+      "documentation":"<p>The launch specification for Spot Instances in the instance fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.</p> <note> <p>The instance fleet configuration is available only in Amazon EMR versions 4.8.0 and later, excluding 5.0.x versions. Spot Instance allocation strategy is available in Amazon EMR version 5.12.1 and later.</p> </note> <note> <p>Spot Instances with a defined duration (also known as Spot blocks) are no longer available to new customers from July 1, 2021. For customers who have previously used the feature, we will continue to support Spot Instances with a defined duration until December 31, 2022. </p> </note>"
     },
     "SpotProvisioningTimeoutAction":{
       "type":"string",
@@ -5081,7 +5081,7 @@
       "members":{
         "Key":{
           "shape":"String",
-          "documentation":"<p>A user-defined key, which is the minimum required information for a valid tag. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-tags.html\">Tag </a>. </p>"
+          "documentation":"<p>A user-defined key, which is the minimum required information for a valid tag. For more information, see <a href=\"https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-tags.html\">Tag</a>. </p>"
         },
         "Value":{
           "shape":"String",
@@ -5202,7 +5202,7 @@
       "members":{
         "VolumeType":{
           "shape":"String",
-          "documentation":"<p>The volume type. Volume types supported are gp2, io1, standard.</p>"
+          "documentation":"<p>The volume type. Volume types supported are gp2, io1, and standard.</p>"
         },
         "Iops":{
           "shape":"Integer",
diff --git a/contrib/python/botocore/py3/botocore/data/endpoints.json b/contrib/python/botocore/py3/botocore/data/endpoints.json
index 05b5a100800..f91ac484eea 100644
--- a/contrib/python/botocore/py3/botocore/data/endpoints.json
+++ b/contrib/python/botocore/py3/botocore/data/endpoints.json
@@ -47,6 +47,9 @@
       "ap-southeast-2" : {
         "description" : "Asia Pacific (Sydney)"
       },
+      "ap-southeast-3" : {
+        "description" : "Asia Pacific (Jakarta)"
+      },
       "ca-central-1" : {
         "description" : "Canada (Central)"
       },
@@ -103,6 +106,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "access-analyzer-fips.ca-central-1.amazonaws.com",
@@ -200,6 +204,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "acm-fips.ca-central-1.amazonaws.com",
@@ -552,6 +557,12 @@
             },
             "hostname" : "api.ecr.ap-southeast-2.amazonaws.com"
           },
+          "ap-southeast-3" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-3"
+            },
+            "hostname" : "api.ecr.ap-southeast-3.amazonaws.com"
+          },
           "ca-central-1" : {
             "credentialScope" : {
               "region" : "ca-central-1"
@@ -831,6 +842,40 @@
           }
         }
       },
+      "api.iotwireless" : {
+        "endpoints" : {
+          "ap-northeast-1" : {
+            "credentialScope" : {
+              "region" : "ap-northeast-1"
+            },
+            "hostname" : "api.iotwireless.ap-northeast-1.amazonaws.com"
+          },
+          "ap-southeast-2" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-2"
+            },
+            "hostname" : "api.iotwireless.ap-southeast-2.amazonaws.com"
+          },
+          "eu-west-1" : {
+            "credentialScope" : {
+              "region" : "eu-west-1"
+            },
+            "hostname" : "api.iotwireless.eu-west-1.amazonaws.com"
+          },
+          "us-east-1" : {
+            "credentialScope" : {
+              "region" : "us-east-1"
+            },
+            "hostname" : "api.iotwireless.us-east-1.amazonaws.com"
+          },
+          "us-west-2" : {
+            "credentialScope" : {
+              "region" : "us-west-2"
+            },
+            "hostname" : "api.iotwireless.us-west-2.amazonaws.com"
+          }
+        }
+      },
       "api.mediatailor" : {
         "endpoints" : {
           "ap-northeast-1" : { },
@@ -969,6 +1014,31 @@
           "us-west-2" : { }
         }
       },
+      "appconfigdata" : {
+        "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ca-central-1" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "appflow" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -1002,6 +1072,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -1023,6 +1094,7 @@
           "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
@@ -1267,6 +1339,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -1295,6 +1368,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -1496,6 +1570,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com",
@@ -1594,6 +1669,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -1672,16 +1748,8 @@
       },
       "cloudhsm" : {
         "endpoints" : {
-          "ap-northeast-1" : { },
-          "ap-southeast-1" : { },
-          "ap-southeast-2" : { },
-          "ca-central-1" : { },
-          "eu-central-1" : { },
           "eu-west-1" : { },
-          "us-east-1" : { },
-          "us-east-2" : { },
-          "us-west-1" : { },
-          "us-west-2" : { }
+          "us-east-1" : { }
         }
       },
       "cloudhsmv2" : {
@@ -1992,6 +2060,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -2431,6 +2500,106 @@
           }
         }
       },
+      "compute-optimizer" : {
+        "endpoints" : {
+          "ap-northeast-1" : {
+            "credentialScope" : {
+              "region" : "ap-northeast-1"
+            },
+            "hostname" : "compute-optimizer.ap-northeast-1.amazonaws.com"
+          },
+          "ap-northeast-2" : {
+            "credentialScope" : {
+              "region" : "ap-northeast-2"
+            },
+            "hostname" : "compute-optimizer.ap-northeast-2.amazonaws.com"
+          },
+          "ap-south-1" : {
+            "credentialScope" : {
+              "region" : "ap-south-1"
+            },
+            "hostname" : "compute-optimizer.ap-south-1.amazonaws.com"
+          },
+          "ap-southeast-1" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-1"
+            },
+            "hostname" : "compute-optimizer.ap-southeast-1.amazonaws.com"
+          },
+          "ap-southeast-2" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-2"
+            },
+            "hostname" : "compute-optimizer.ap-southeast-2.amazonaws.com"
+          },
+          "ca-central-1" : {
+            "credentialScope" : {
+              "region" : "ca-central-1"
+            },
+            "hostname" : "compute-optimizer.ca-central-1.amazonaws.com"
+          },
+          "eu-central-1" : {
+            "credentialScope" : {
+              "region" : "eu-central-1"
+            },
+            "hostname" : "compute-optimizer.eu-central-1.amazonaws.com"
+          },
+          "eu-north-1" : {
+            "credentialScope" : {
+              "region" : "eu-north-1"
+            },
+            "hostname" : "compute-optimizer.eu-north-1.amazonaws.com"
+          },
+          "eu-west-1" : {
+            "credentialScope" : {
+              "region" : "eu-west-1"
+            },
+            "hostname" : "compute-optimizer.eu-west-1.amazonaws.com"
+          },
+          "eu-west-2" : {
+            "credentialScope" : {
+              "region" : "eu-west-2"
+            },
+            "hostname" : "compute-optimizer.eu-west-2.amazonaws.com"
+          },
+          "eu-west-3" : {
+            "credentialScope" : {
+              "region" : "eu-west-3"
+            },
+            "hostname" : "compute-optimizer.eu-west-3.amazonaws.com"
+          },
+          "sa-east-1" : {
+            "credentialScope" : {
+              "region" : "sa-east-1"
+            },
+            "hostname" : "compute-optimizer.sa-east-1.amazonaws.com"
+          },
+          "us-east-1" : {
+            "credentialScope" : {
+              "region" : "us-east-1"
+            },
+            "hostname" : "compute-optimizer.us-east-1.amazonaws.com"
+          },
+          "us-east-2" : {
+            "credentialScope" : {
+              "region" : "us-east-2"
+            },
+            "hostname" : "compute-optimizer.us-east-2.amazonaws.com"
+          },
+          "us-west-1" : {
+            "credentialScope" : {
+              "region" : "us-west-1"
+            },
+            "hostname" : "compute-optimizer.us-west-1.amazonaws.com"
+          },
+          "us-west-2" : {
+            "credentialScope" : {
+              "region" : "us-west-2"
+            },
+            "hostname" : "compute-optimizer.us-west-2.amazonaws.com"
+          }
+        }
+      },
       "config" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -2441,6 +2610,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -2506,6 +2676,7 @@
       },
       "connect" : {
         "endpoints" : {
+          "af-south-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
           "ap-southeast-1" : { },
@@ -2881,6 +3052,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -2965,6 +3137,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "dms" : {
             "credentialScope" : {
@@ -3133,6 +3306,19 @@
           }
         }
       },
+      "drs" : {
+        "endpoints" : {
+          "ap-northeast-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "eu-central-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-2" : { }
+        }
+      },
       "ds" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -3231,6 +3417,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "dynamodb-fips.ca-central-1.amazonaws.com",
@@ -3416,6 +3603,7 @@
           },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "ec2-fips.ca-central-1.amazonaws.com",
@@ -3520,6 +3708,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -3673,6 +3862,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -3866,6 +4056,12 @@
               "tags" : [ "fips" ]
             } ]
           },
+          "ap-southeast-3" : {
+            "variants" : [ {
+              "hostname" : "elasticfilesystem-fips.ap-southeast-3.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "elasticfilesystem-fips.ca-central-1.amazonaws.com",
@@ -3964,6 +4160,13 @@
             "deprecated" : true,
             "hostname" : "elasticfilesystem-fips.ap-southeast-2.amazonaws.com"
           },
+          "fips-ap-southeast-3" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-3"
+            },
+            "deprecated" : true,
+            "hostname" : "elasticfilesystem-fips.ap-southeast-3.amazonaws.com"
+          },
           "fips-ca-central-1" : {
             "credentialScope" : {
               "region" : "ca-central-1"
@@ -4106,6 +4309,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -4183,6 +4387,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "elasticmapreduce-fips.ca-central-1.amazonaws.com",
@@ -4383,6 +4588,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -4463,6 +4669,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -4526,6 +4733,37 @@
           }
         }
       },
+      "evidently" : {
+        "endpoints" : {
+          "ap-northeast-1" : {
+            "hostname" : "evidently.ap-northeast-1.amazonaws.com"
+          },
+          "ap-southeast-1" : {
+            "hostname" : "evidently.ap-southeast-1.amazonaws.com"
+          },
+          "ap-southeast-2" : {
+            "hostname" : "evidently.ap-southeast-2.amazonaws.com"
+          },
+          "eu-central-1" : {
+            "hostname" : "evidently.eu-central-1.amazonaws.com"
+          },
+          "eu-north-1" : {
+            "hostname" : "evidently.eu-north-1.amazonaws.com"
+          },
+          "eu-west-1" : {
+            "hostname" : "evidently.eu-west-1.amazonaws.com"
+          },
+          "us-east-1" : {
+            "hostname" : "evidently.us-east-1.amazonaws.com"
+          },
+          "us-east-2" : {
+            "hostname" : "evidently.us-east-2.amazonaws.com"
+          },
+          "us-west-2" : {
+            "hostname" : "evidently.us-west-2.amazonaws.com"
+          }
+        }
+      },
       "finspace" : {
         "endpoints" : {
           "ca-central-1" : { },
@@ -5191,6 +5429,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "glacier-fips.ca-central-1.amazonaws.com",
@@ -5413,6 +5652,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
@@ -5452,6 +5692,7 @@
             "hostname" : "groundstation-fips.us-west-2.amazonaws.com"
           },
           "me-south-1" : { },
+          "sa-east-1" : { },
           "us-east-1" : {
             "variants" : [ {
               "hostname" : "groundstation-fips.us-east-1.amazonaws.com",
@@ -5737,6 +5978,29 @@
           }
         }
       },
+      "inspector2" : {
+        "endpoints" : {
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ca-central-1" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "iot" : {
         "defaults" : {
           "credentialScope" : {
@@ -6080,9 +6344,11 @@
       },
       "kafka" : {
         "endpoints" : {
+          "af-south-1" : { },
           "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
@@ -6178,6 +6444,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -6243,9 +6510,11 @@
       },
       "kinesisanalytics" : {
         "endpoints" : {
+          "af-south-1" : { },
           "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
@@ -6389,6 +6658,19 @@
             "deprecated" : true,
             "hostname" : "kms-fips.ap-southeast-2.amazonaws.com"
           },
+          "ap-southeast-3" : {
+            "variants" : [ {
+              "hostname" : "kms-fips.ap-southeast-3.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "ap-southeast-3-fips" : {
+            "credentialScope" : {
+              "region" : "ap-southeast-3"
+            },
+            "deprecated" : true,
+            "hostname" : "kms-fips.ap-southeast-3.amazonaws.com"
+          },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "kms-fips.ca-central-1.amazonaws.com",
@@ -6635,21 +6917,102 @@
       },
       "lambda" : {
         "endpoints" : {
-          "af-south-1" : { },
-          "ap-east-1" : { },
-          "ap-northeast-1" : { },
-          "ap-northeast-2" : { },
-          "ap-northeast-3" : { },
-          "ap-south-1" : { },
-          "ap-southeast-1" : { },
-          "ap-southeast-2" : { },
-          "ca-central-1" : { },
-          "eu-central-1" : { },
-          "eu-north-1" : { },
-          "eu-south-1" : { },
-          "eu-west-1" : { },
-          "eu-west-2" : { },
-          "eu-west-3" : { },
+          "af-south-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.af-south-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-east-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-east-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-northeast-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-northeast-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-northeast-2" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-northeast-2.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-northeast-3" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-northeast-3.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-south-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-south-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-southeast-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-southeast-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-southeast-2" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-southeast-2.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ap-southeast-3" : {
+            "variants" : [ {
+              "hostname" : "lambda.ap-southeast-3.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "ca-central-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.ca-central-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-central-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-central-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-north-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-north-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-south-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-south-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-west-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-west-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-west-2" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-west-2.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "eu-west-3" : {
+            "variants" : [ {
+              "hostname" : "lambda.eu-west-3.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
           "fips-us-east-1" : {
             "credentialScope" : {
               "region" : "us-east-1"
@@ -6678,30 +7041,52 @@
             "deprecated" : true,
             "hostname" : "lambda-fips.us-west-2.amazonaws.com"
           },
-          "me-south-1" : { },
-          "sa-east-1" : { },
+          "me-south-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.me-south-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "sa-east-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.sa-east-1.api.aws",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
           "us-east-1" : {
             "variants" : [ {
               "hostname" : "lambda-fips.us-east-1.amazonaws.com",
               "tags" : [ "fips" ]
+            }, {
+              "hostname" : "lambda.us-east-1.api.aws",
+              "tags" : [ "dualstack" ]
             } ]
           },
           "us-east-2" : {
             "variants" : [ {
               "hostname" : "lambda-fips.us-east-2.amazonaws.com",
               "tags" : [ "fips" ]
+            }, {
+              "hostname" : "lambda.us-east-2.api.aws",
+              "tags" : [ "dualstack" ]
             } ]
           },
           "us-west-1" : {
             "variants" : [ {
               "hostname" : "lambda-fips.us-west-1.amazonaws.com",
               "tags" : [ "fips" ]
+            }, {
+              "hostname" : "lambda.us-west-1.api.aws",
+              "tags" : [ "dualstack" ]
             } ]
           },
           "us-west-2" : {
             "variants" : [ {
               "hostname" : "lambda-fips.us-west-2.amazonaws.com",
               "tags" : [ "fips" ]
+            }, {
+              "hostname" : "lambda.us-west-2.api.aws",
+              "tags" : [ "dualstack" ]
             } ]
           }
         }
@@ -6807,6 +7192,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -6877,6 +7263,19 @@
           "us-east-1" : { }
         }
       },
+      "lookoutmetrics" : {
+        "endpoints" : {
+          "ap-northeast-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-west-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-2" : { }
+        }
+      },
       "lookoutvision" : {
         "endpoints" : {
           "ap-northeast-1" : { },
@@ -7217,6 +7616,38 @@
           "us-west-2" : { }
         }
       },
+      "meetings-chime" : {
+        "endpoints" : {
+          "ap-southeast-1" : { },
+          "eu-central-1" : { },
+          "us-east-1" : {
+            "variants" : [ {
+              "hostname" : "meetings-chime-fips.us-east-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-east-1-fips" : {
+            "credentialScope" : {
+              "region" : "us-east-1"
+            },
+            "deprecated" : true,
+            "hostname" : "meetings-chime-fips.us-east-1.amazonaws.com"
+          },
+          "us-west-2" : {
+            "variants" : [ {
+              "hostname" : "meetings-chime-fips.us-west-2.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-west-2-fips" : {
+            "credentialScope" : {
+              "region" : "us-west-2"
+            },
+            "deprecated" : true,
+            "hostname" : "meetings-chime-fips.us-west-2.amazonaws.com"
+          }
+        }
+      },
       "messaging-chime" : {
         "endpoints" : {
           "us-east-1" : {
@@ -7249,6 +7680,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -7277,6 +7709,7 @@
       },
       "mgn" : {
         "endpoints" : {
+          "af-south-1" : { },
           "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
@@ -7287,8 +7720,11 @@
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
+          "eu-south-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
           "sa-east-1" : { },
           "us-east-1" : { },
           "us-east-2" : { },
@@ -7296,6 +7732,17 @@
           "us-west-2" : { }
         }
       },
+      "migrationhub-strategy" : {
+        "endpoints" : {
+          "ap-northeast-1" : { },
+          "ap-southeast-2" : { },
+          "eu-central-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "us-east-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "mobileanalytics" : {
         "endpoints" : {
           "us-east-1" : { }
@@ -7374,6 +7821,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -7985,6 +8433,31 @@
           "us-west-2" : { }
         }
       },
+      "pi" : {
+        "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ca-central-1" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "pinpoint" : {
         "defaults" : {
           "credentialScope" : {
@@ -8231,6 +8704,7 @@
           "ap-northeast-2" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
@@ -8378,6 +8852,31 @@
           }
         }
       },
+      "rbin" : {
+        "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ca-central-1" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "rds" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -8388,6 +8887,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "rds-fips.ca-central-1.amazonaws.com",
@@ -8559,6 +9059,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "redshift-fips.ca-central-1.amazonaws.com",
@@ -8806,6 +9307,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -8946,6 +9448,20 @@
           "us-west-2" : { }
         }
       },
+      "rum" : {
+        "endpoints" : {
+          "ap-northeast-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-2" : { }
+        }
+      },
       "runtime-v2-lex" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -9154,6 +9670,12 @@
               "tags" : [ "dualstack" ]
             } ]
           },
+          "ap-southeast-3" : {
+            "variants" : [ {
+              "hostname" : "s3.dualstack.ap-southeast-3.amazonaws.com",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
           "aws-global" : {
             "credentialScope" : {
               "region" : "us-east-1"
@@ -9599,6 +10121,66 @@
           }
         }
       },
+      "s3-outposts" : {
+        "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ca-central-1" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "fips-ca-central-1" : {
+            "deprecated" : true
+          },
+          "fips-us-east-1" : {
+            "deprecated" : true
+          },
+          "fips-us-east-2" : {
+            "deprecated" : true
+          },
+          "fips-us-west-1" : {
+            "deprecated" : true
+          },
+          "fips-us-west-2" : {
+            "deprecated" : true
+          },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-east-2" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-west-1" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-west-2" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          }
+        }
+      },
       "savingsplans" : {
         "endpoints" : {
           "aws-global" : {
@@ -9660,7 +10242,20 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
-          "ca-central-1" : { },
+          "ap-southeast-3" : { },
+          "ca-central-1" : {
+            "variants" : [ {
+              "hostname" : "secretsmanager-fips.ca-central-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "ca-central-1-fips" : {
+            "credentialScope" : {
+              "region" : "ca-central-1"
+            },
+            "deprecated" : true,
+            "hostname" : "secretsmanager-fips.ca-central-1.amazonaws.com"
+          },
           "eu-central-1" : { },
           "eu-north-1" : { },
           "eu-south-1" : { },
@@ -10149,6 +10744,7 @@
           "ap-northeast-2" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
@@ -10521,6 +11117,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -10598,6 +11195,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -10672,6 +11270,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "ssm-fips.ca-central-1.amazonaws.com",
@@ -10750,13 +11349,20 @@
       "ssm-incidents" : {
         "endpoints" : {
           "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
           "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "sa-east-1" : { },
           "us-east-1" : { },
           "us-east-2" : { },
+          "us-west-1" : { },
           "us-west-2" : { }
         }
       },
@@ -10770,6 +11376,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -10843,6 +11450,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : {
             "variants" : [ {
               "hostname" : "storagegateway-fips.ca-central-1.amazonaws.com",
@@ -10933,20 +11541,19 @@
           "protocols" : [ "http", "https" ]
         },
         "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
-          "ca-central-1-fips" : {
-            "credentialScope" : {
-              "region" : "ca-central-1"
-            },
-            "hostname" : "dynamodb-fips.ca-central-1.amazonaws.com"
-          },
           "eu-central-1" : { },
           "eu-north-1" : { },
+          "eu-south-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
           "eu-west-3" : { },
@@ -10960,33 +11567,9 @@
           "me-south-1" : { },
           "sa-east-1" : { },
           "us-east-1" : { },
-          "us-east-1-fips" : {
-            "credentialScope" : {
-              "region" : "us-east-1"
-            },
-            "hostname" : "dynamodb-fips.us-east-1.amazonaws.com"
-          },
           "us-east-2" : { },
-          "us-east-2-fips" : {
-            "credentialScope" : {
-              "region" : "us-east-2"
-            },
-            "hostname" : "dynamodb-fips.us-east-2.amazonaws.com"
-          },
           "us-west-1" : { },
-          "us-west-1-fips" : {
-            "credentialScope" : {
-              "region" : "us-west-1"
-            },
-            "hostname" : "dynamodb-fips.us-west-1.amazonaws.com"
-          },
-          "us-west-2" : { },
-          "us-west-2-fips" : {
-            "credentialScope" : {
-              "region" : "us-west-2"
-            },
-            "hostname" : "dynamodb-fips.us-west-2.amazonaws.com"
-          }
+          "us-west-2" : { }
         }
       },
       "sts" : {
@@ -10999,6 +11582,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "aws-global" : {
             "credentialScope" : {
               "region" : "us-east-1"
@@ -11090,6 +11674,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -11153,6 +11738,32 @@
           }
         }
       },
+      "synthetics" : {
+        "endpoints" : {
+          "af-south-1" : { },
+          "ap-east-1" : { },
+          "ap-northeast-1" : { },
+          "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
+          "ap-south-1" : { },
+          "ap-southeast-1" : { },
+          "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
+          "ca-central-1" : { },
+          "eu-central-1" : { },
+          "eu-north-1" : { },
+          "eu-south-1" : { },
+          "eu-west-1" : { },
+          "eu-west-2" : { },
+          "eu-west-3" : { },
+          "me-south-1" : { },
+          "sa-east-1" : { },
+          "us-east-1" : { },
+          "us-east-2" : { },
+          "us-west-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "tagging" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -11163,6 +11774,7 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
+          "ap-southeast-3" : { },
           "ca-central-1" : { },
           "eu-central-1" : { },
           "eu-north-1" : { },
@@ -11271,12 +11883,24 @@
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
-          "ca-central-1" : { },
+          "ca-central-1" : {
+            "variants" : [ {
+              "hostname" : "fips.transcribe.ca-central-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
           "eu-central-1" : { },
           "eu-north-1" : { },
           "eu-west-1" : { },
           "eu-west-2" : { },
           "eu-west-3" : { },
+          "fips-ca-central-1" : {
+            "credentialScope" : {
+              "region" : "ca-central-1"
+            },
+            "deprecated" : true,
+            "hostname" : "fips.transcribe.ca-central-1.amazonaws.com"
+          },
           "fips-us-east-1" : {
             "credentialScope" : {
               "region" : "us-east-1"
@@ -11422,6 +12046,7 @@
           "ap-east-1" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
+          "ap-northeast-3" : { },
           "ap-south-1" : { },
           "ap-southeast-1" : { },
           "ap-southeast-2" : { },
@@ -12065,6 +12690,13 @@
           }
         }
       },
+      "workspaces-web" : {
+        "endpoints" : {
+          "eu-west-1" : { },
+          "us-east-1" : { },
+          "us-west-2" : { }
+        }
+      },
       "xray" : {
         "endpoints" : {
           "af-south-1" : { },
@@ -12223,6 +12855,12 @@
           "cn-northwest-1" : { }
         }
       },
+      "appconfigdata" : {
+        "endpoints" : {
+          "cn-north-1" : { },
+          "cn-northwest-1" : { }
+        }
+      },
       "application-autoscaling" : {
         "defaults" : {
           "protocols" : [ "http", "https" ]
@@ -12353,11 +12991,33 @@
           "cn-northwest-1" : { }
         }
       },
+      "codepipeline" : {
+        "endpoints" : {
+          "cn-north-1" : { },
+          "cn-northwest-1" : { }
+        }
+      },
       "cognito-identity" : {
         "endpoints" : {
           "cn-north-1" : { }
         }
       },
+      "compute-optimizer" : {
+        "endpoints" : {
+          "cn-north-1" : {
+            "credentialScope" : {
+              "region" : "cn-north-1"
+            },
+            "hostname" : "compute-optimizer.cn-north-1.amazonaws.com.cn"
+          },
+          "cn-northwest-1" : {
+            "credentialScope" : {
+              "region" : "cn-northwest-1"
+            },
+            "hostname" : "compute-optimizer.cn-northwest-1.amazonaws.com.cn"
+          }
+        }
+      },
       "config" : {
         "endpoints" : {
           "cn-north-1" : { },
@@ -12697,8 +13357,18 @@
       },
       "lambda" : {
         "endpoints" : {
-          "cn-north-1" : { },
-          "cn-northwest-1" : { }
+          "cn-north-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.cn-north-1.api.amazonwebservices.com.cn",
+              "tags" : [ "dualstack" ]
+            } ]
+          },
+          "cn-northwest-1" : {
+            "variants" : [ {
+              "hostname" : "lambda.cn-northwest-1.api.amazonwebservices.com.cn",
+              "tags" : [ "dualstack" ]
+            } ]
+          }
         }
       },
       "license-manager" : {
@@ -12771,6 +13441,12 @@
           "cn-north-1" : { }
         }
       },
+      "pi" : {
+        "endpoints" : {
+          "cn-north-1" : { },
+          "cn-northwest-1" : { }
+        }
+      },
       "polly" : {
         "endpoints" : {
           "cn-northwest-1" : { }
@@ -13032,6 +13708,12 @@
           "cn-northwest-1" : { }
         }
       },
+      "synthetics" : {
+        "endpoints" : {
+          "cn-north-1" : { },
+          "cn-northwest-1" : { }
+        }
+      },
       "tagging" : {
         "endpoints" : {
           "cn-north-1" : { },
@@ -13377,6 +14059,12 @@
           "us-gov-west-1" : { }
         }
       },
+      "appconfigdata" : {
+        "endpoints" : {
+          "us-gov-east-1" : { },
+          "us-gov-west-1" : { }
+        }
+      },
       "application-autoscaling" : {
         "defaults" : {
           "protocols" : [ "http", "https" ]
@@ -14713,7 +15401,20 @@
         "partitionEndpoint" : "aws-us-gov-global"
       },
       "identitystore" : {
+        "defaults" : {
+          "variants" : [ {
+            "hostname" : "identitystore.{region}.{dnsSuffix}",
+            "tags" : [ "fips" ]
+          } ]
+        },
         "endpoints" : {
+          "fips-us-gov-east-1" : {
+            "credentialScope" : {
+              "region" : "us-gov-east-1"
+            },
+            "deprecated" : true,
+            "hostname" : "identitystore.us-gov-east-1.amazonaws.com"
+          },
           "fips-us-gov-west-1" : {
             "credentialScope" : {
               "region" : "us-gov-west-1"
@@ -14721,6 +15422,12 @@
             "deprecated" : true,
             "hostname" : "identitystore.us-gov-west-1.amazonaws.com"
           },
+          "us-gov-east-1" : {
+            "variants" : [ {
+              "hostname" : "identitystore.us-gov-east-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
           "us-gov-west-1" : {
             "variants" : [ {
               "hostname" : "identitystore.us-gov-west-1.amazonaws.com",
@@ -15198,6 +15905,12 @@
       },
       "oidc" : {
         "endpoints" : {
+          "us-gov-east-1" : {
+            "credentialScope" : {
+              "region" : "us-gov-east-1"
+            },
+            "hostname" : "oidc.us-gov-east-1.amazonaws.com"
+          },
           "us-gov-west-1" : {
             "credentialScope" : {
               "region" : "us-gov-west-1"
@@ -15290,6 +16003,12 @@
       },
       "portal.sso" : {
         "endpoints" : {
+          "us-gov-east-1" : {
+            "credentialScope" : {
+              "region" : "us-gov-east-1"
+            },
+            "hostname" : "portal.sso.us-gov-east-1.amazonaws.com"
+          },
           "us-gov-west-1" : {
             "credentialScope" : {
               "region" : "us-gov-west-1"
@@ -15321,6 +16040,12 @@
         }
       },
       "rds" : {
+        "defaults" : {
+          "variants" : [ {
+            "hostname" : "rds.{region}.{dnsSuffix}",
+            "tags" : [ "fips" ]
+          } ]
+        },
         "endpoints" : {
           "rds.us-gov-east-1" : {
             "credentialScope" : {
@@ -15506,6 +16231,12 @@
         }
       },
       "runtime.sagemaker" : {
+        "defaults" : {
+          "variants" : [ {
+            "hostname" : "runtime.sagemaker.{region}.{dnsSuffix}",
+            "tags" : [ "fips" ]
+          } ]
+        },
         "endpoints" : {
           "us-gov-west-1" : {
             "variants" : [ {
@@ -15641,6 +16372,26 @@
           }
         }
       },
+      "s3-outposts" : {
+        "endpoints" : {
+          "fips-us-gov-east-1" : {
+            "deprecated" : true
+          },
+          "fips-us-gov-west-1" : {
+            "deprecated" : true
+          },
+          "us-gov-east-1" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-gov-west-1" : {
+            "variants" : [ {
+              "tags" : [ "fips" ]
+            } ]
+          }
+        }
+      },
       "secretsmanager" : {
         "endpoints" : {
           "us-gov-east-1" : {
@@ -16074,22 +16825,38 @@
         "defaults" : {
           "credentialScope" : {
             "service" : "dynamodb"
-          }
+          },
+          "variants" : [ {
+            "hostname" : "streams.dynamodb.{region}.{dnsSuffix}",
+            "tags" : [ "fips" ]
+          } ]
         },
         "endpoints" : {
-          "us-gov-east-1" : { },
+          "us-gov-east-1" : {
+            "variants" : [ {
+              "hostname" : "streams.dynamodb.us-gov-east-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
+          },
           "us-gov-east-1-fips" : {
             "credentialScope" : {
               "region" : "us-gov-east-1"
             },
-            "hostname" : "dynamodb.us-gov-east-1.amazonaws.com"
+            "deprecated" : true,
+            "hostname" : "streams.dynamodb.us-gov-east-1.amazonaws.com"
+          },
+          "us-gov-west-1" : {
+            "variants" : [ {
+              "hostname" : "streams.dynamodb.us-gov-west-1.amazonaws.com",
+              "tags" : [ "fips" ]
+            } ]
           },
-          "us-gov-west-1" : { },
           "us-gov-west-1-fips" : {
             "credentialScope" : {
               "region" : "us-gov-west-1"
             },
-            "hostname" : "dynamodb.us-gov-west-1.amazonaws.com"
+            "deprecated" : true,
+            "hostname" : "streams.dynamodb.us-gov-west-1.amazonaws.com"
           }
         }
       },
@@ -16173,6 +16940,12 @@
           }
         }
       },
+      "synthetics" : {
+        "endpoints" : {
+          "us-gov-east-1" : { },
+          "us-gov-west-1" : { }
+        }
+      },
       "tagging" : {
         "endpoints" : {
           "us-gov-east-1" : { },
@@ -16529,6 +17302,19 @@
             },
             "deprecated" : true,
             "hostname" : "dms.us-iso-east-1.c2s.ic.gov"
+          },
+          "us-iso-west-1" : {
+            "variants" : [ {
+              "hostname" : "dms.us-iso-west-1.c2s.ic.gov",
+              "tags" : [ "fips" ]
+            } ]
+          },
+          "us-iso-west-1-fips" : {
+            "credentialScope" : {
+              "region" : "us-iso-west-1"
+            },
+            "deprecated" : true,
+            "hostname" : "dms.us-iso-west-1.c2s.ic.gov"
           }
         }
       },
@@ -16815,13 +17601,10 @@
         "defaults" : {
           "credentialScope" : {
             "service" : "dynamodb"
-          },
-          "protocols" : [ "http", "https" ]
+          }
         },
         "endpoints" : {
-          "us-iso-east-1" : {
-            "protocols" : [ "http", "https" ]
-          }
+          "us-iso-east-1" : { }
         }
       },
       "sts" : {
@@ -16847,6 +17630,11 @@
           "us-iso-west-1" : { }
         }
       },
+      "synthetics" : {
+        "endpoints" : {
+          "us-iso-east-1" : { }
+        }
+      },
       "transcribe" : {
         "defaults" : {
           "protocols" : [ "https" ]
@@ -17210,6 +17998,11 @@
           "us-isob-east-1" : { }
         }
       },
+      "synthetics" : {
+        "endpoints" : {
+          "us-isob-east-1" : { }
+        }
+      },
       "tagging" : {
         "endpoints" : {
           "us-isob-east-1" : { }
diff --git a/contrib/python/botocore/py3/botocore/data/es/2015-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/es/2015-01-01/service-2.json
index c2fc137feaa..94fbfbf48c2 100644
--- a/contrib/python/botocore/py3/botocore/data/es/2015-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/es/2015-01-01/service-2.json
@@ -219,6 +219,22 @@
       ],
       "documentation":"<p>Provides scheduled Auto-Tune action details for the Elasticsearch domain, such as Auto-Tune action type, description, severity, and scheduled date.</p>"
     },
+    "DescribeDomainChangeProgress":{
+      "name":"DescribeDomainChangeProgress",
+      "http":{
+        "method":"GET",
+        "requestUri":"/2015-01-01/es/domain/{DomainName}/progress"
+      },
+      "input":{"shape":"DescribeDomainChangeProgressRequest"},
+      "output":{"shape":"DescribeDomainChangeProgressResponse"},
+      "errors":[
+        {"shape":"BaseException"},
+        {"shape":"InternalException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Returns information about the current blue/green deployment happening on a domain, including a change ID, status, and progress stages.</p>"
+    },
     "DescribeElasticsearchDomain":{
       "name":"DescribeElasticsearchDomain",
       "http":{
@@ -788,6 +804,14 @@
         "SAMLOptions":{
           "shape":"SAMLOptionsOutput",
           "documentation":"<p>Describes the SAML application configured for a domain.</p>"
+        },
+        "AnonymousAuthDisableDate":{
+          "shape":"DisableTimestamp",
+          "documentation":"<p>Specifies the Anonymous Auth Disable Date when Anonymous Auth is enabled.</p>"
+        },
+        "AnonymousAuthEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.</p>"
         }
       },
       "documentation":"<p>Specifies the advanced security configuration: whether advanced security is enabled, whether the internal database option is enabled.</p>"
@@ -810,6 +834,10 @@
         "SAMLOptions":{
           "shape":"SAMLOptionsInput",
           "documentation":"<p>Specifies the SAML application configuration for the domain.</p>"
+        },
+        "AnonymousAuthEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.</p>"
         }
       },
       "documentation":"<p>Specifies the advanced security configuration: whether advanced security is enabled, whether the internal database option is enabled, master username and password (if internal database is enabled), and master user ARN (if IAM is enabled).</p>"
@@ -1077,6 +1105,91 @@
       },
       "documentation":"<p>The result of a <code>CancelElasticsearchServiceSoftwareUpdate</code> operation. Contains the status of the update.</p>"
     },
+    "ChangeProgressDetails":{
+      "type":"structure",
+      "members":{
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The unique change identifier associated with a specific domain configuration change.</p>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Contains an optional message associated with the domain configuration change.</p>"
+        }
+      },
+      "documentation":"<p>Specifies change details of the domain configuration change.</p>"
+    },
+    "ChangeProgressStage":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ChangeProgressStageName",
+          "documentation":"<p>The name of the specific progress stage.</p>"
+        },
+        "Status":{
+          "shape":"ChangeProgressStageStatus",
+          "documentation":"<p>The overall status of a specific progress stage.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the progress stage.</p>"
+        },
+        "LastUpdated":{
+          "shape":"LastUpdated",
+          "documentation":"<p>The last updated timestamp of the progress stage.</p>"
+        }
+      },
+      "documentation":"<p>A progress stage details of a specific domain configuration change.</p>"
+    },
+    "ChangeProgressStageList":{
+      "type":"list",
+      "member":{"shape":"ChangeProgressStage"},
+      "documentation":"<p>The list of progress stages of a specific domain configuration change.</p>"
+    },
+    "ChangeProgressStageName":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "ChangeProgressStageStatus":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
+    "ChangeProgressStatusDetails":{
+      "type":"structure",
+      "members":{
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The unique change identifier associated with a specific domain configuration change.</p>"
+        },
+        "StartTime":{
+          "shape":"UpdateTimestamp",
+          "documentation":"<p>The time at which the configuration change is made on the domain.</p>"
+        },
+        "Status":{
+          "shape":"OverallChangeStatus",
+          "documentation":"<p>The overall status of the domain configuration change. This field can take the following values: <code>PENDING</code>, <code>PROCESSING</code>, <code>COMPLETED</code> and <code>FAILED</code></p>"
+        },
+        "PendingProperties":{
+          "shape":"StringList",
+          "documentation":"<p>The list of properties involved in the domain configuration change that are still in pending.</p>"
+        },
+        "CompletedProperties":{
+          "shape":"StringList",
+          "documentation":"<p>The list of properties involved in the domain configuration change that are completed.</p>"
+        },
+        "TotalNumberOfStages":{
+          "shape":"TotalNumberOfStages",
+          "documentation":"<p>The total number of stages required for the configuration change.</p>"
+        },
+        "ChangeProgressStages":{
+          "shape":"ChangeProgressStageList",
+          "documentation":"<p>The specific stages that the domain is going through to perform the configuration change.</p>"
+        }
+      },
+      "documentation":"<p>The progress details of a specific domain configuration change.</p>"
+    },
     "CloudWatchLogsLogGroupArn":{
       "type":"string",
       "documentation":"<p>ARN of the Cloudwatch log group to which log needs to be published.</p>"
@@ -1435,6 +1548,11 @@
         "ELIGIBLE"
       ]
     },
+    "DeploymentType":{
+      "type":"string",
+      "max":128,
+      "min":2
+    },
     "DescribeDomainAutoTunesRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1470,6 +1588,35 @@
       },
       "documentation":"<p>The result of <code>DescribeDomainAutoTunes</code> request. See the <a href=\"https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/auto-tune.html\" target=\"_blank\">Developer Guide</a> for more information. </p>"
     },
+    "DescribeDomainChangeProgressRequest":{
+      "type":"structure",
+      "required":["DomainName"],
+      "members":{
+        "DomainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain you want to get the progress information about.</p>",
+          "location":"uri",
+          "locationName":"DomainName"
+        },
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The specific change ID for which you want to get progress information. This is an optional parameter. If omitted, the service returns information about the most recent configuration change. </p>",
+          "location":"querystring",
+          "locationName":"changeid"
+        }
+      },
+      "documentation":"<p>Container for the parameters to the <code>DescribeDomainChangeProgress</code> operation. Specifies the domain name and optional change specific identity for which you want progress information. </p>"
+    },
+    "DescribeDomainChangeProgressResponse":{
+      "type":"structure",
+      "members":{
+        "ChangeProgressStatus":{
+          "shape":"ChangeProgressStatusDetails",
+          "documentation":"<p>Progress information for the configuration change that is requested in the <code>DescribeDomainChangeProgress</code> request. </p>"
+        }
+      },
+      "documentation":"<p>The result of a <code>DescribeDomainChangeProgress</code> request. Contains the progress information of the requested domain change. </p>"
+    },
     "DescribeElasticsearchDomainConfigRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1779,6 +1926,8 @@
       },
       "documentation":"<p>Container for results from <code>DescribeReservedElasticsearchInstances</code></p>"
     },
+    "Description":{"type":"string"},
+    "DisableTimestamp":{"type":"timestamp"},
     "DisabledOperationException":{
       "type":"structure",
       "members":{
@@ -1968,6 +2117,20 @@
       ]
     },
     "Double":{"type":"double"},
+    "DryRun":{"type":"boolean"},
+    "DryRunResults":{
+      "type":"structure",
+      "members":{
+        "DeploymentType":{
+          "shape":"DeploymentType",
+          "documentation":"<p> Specifies the deployment mechanism through which the update shall be applied on the domain. Possible responses are <code>Blue/Green</code> (The update will require a blue/green deployment.) <code>DynamicUpdate</code> (The update can be applied in-place without a Blue/Green deployment required.) <code>Undetermined</code> (The domain is undergoing an update which needs to complete before the deployment type can be predicted.) <code>None</code> (The configuration change matches the current configuration and will not result in any update.) </p>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Contains an optional message associated with the DryRunResults.</p>"
+        }
+      }
+    },
     "Duration":{
       "type":"structure",
       "members":{
@@ -2224,6 +2387,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptionsStatus",
           "documentation":"<p>Specifies <code>AutoTuneOptions</code> for the domain. </p>"
+        },
+        "ChangeProgressDetails":{
+          "shape":"ChangeProgressDetails",
+          "documentation":"<p>Specifies change details of the domain configuration change.</p>"
         }
       },
       "documentation":"<p>The configuration of an Elasticsearch domain.</p>"
@@ -2329,6 +2496,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptionsOutput",
           "documentation":"<p>The current status of the Elasticsearch domain's Auto-Tune options.</p>"
+        },
+        "ChangeProgressDetails":{
+          "shape":"ChangeProgressDetails",
+          "documentation":"<p>Specifies change details of the domain configuration change.</p>"
         }
       },
       "documentation":"<p>The current status of an Elasticsearch domain.</p>"
@@ -2976,6 +3147,11 @@
       "type":"integer",
       "documentation":"<p> Maximum number of Instances that can be instantiated for given InstanceType. </p>"
     },
+    "Message":{
+      "type":"string",
+      "max":1024,
+      "min":0
+    },
     "MinimumInstanceCount":{
       "type":"integer",
       "documentation":"<p> Minimum number of Instances that can be instantiated for given InstanceType. </p>"
@@ -3113,6 +3289,16 @@
       "type":"list",
       "member":{"shape":"OutboundCrossClusterSearchConnection"}
     },
+    "OverallChangeStatus":{
+      "type":"string",
+      "documentation":"<p>The overall status value of the domain configuration change.</p>",
+      "enum":[
+        "PENDING",
+        "PROCESSING",
+        "COMPLETED",
+        "FAILED"
+      ]
+    },
     "OwnerId":{
       "type":"string",
       "max":12,
@@ -3799,6 +3985,7 @@
       "documentation":"<p>Specifies the unit of a maintenance schedule duration. Valid value is HOUR. See the <a href=\"https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/auto-tune.html\" target=\"_blank\">Developer Guide</a> for more information.</p>",
       "enum":["HOURS"]
     },
+    "TotalNumberOfStages":{"type":"integer"},
     "UIntValue":{
       "type":"integer",
       "min":0
@@ -3864,6 +4051,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptions",
           "documentation":"<p>Specifies Auto-Tune options.</p>"
+        },
+        "DryRun":{
+          "shape":"DryRun",
+          "documentation":"<p> This flag, when set to True, specifies whether the <code>UpdateElasticsearchDomain</code> request should return the results of validation checks without actually applying the change. This flag, when set to True, specifies the deployment mechanism through which the update shall be applied on the domain. This will not actually perform the Update. </p>"
         }
       },
       "documentation":"<p>Container for the parameters to the <code><a>UpdateElasticsearchDomain</a></code> operation. Specifies the type and number of instances in the domain cluster.</p>"
@@ -3875,6 +4066,10 @@
         "DomainConfig":{
           "shape":"ElasticsearchDomainConfig",
           "documentation":"<p>The status of the updated Elasticsearch domain. </p>"
+        },
+        "DryRunResults":{
+          "shape":"DryRunResults",
+          "documentation":"<p>Contains result of DryRun. </p>"
         }
       },
       "documentation":"<p>The result of an <code>UpdateElasticsearchDomain</code> request. Contains the status of the Elasticsearch domain being updated.</p>"
@@ -3943,7 +4138,8 @@
         "PerformCheckOnly":{
           "shape":"Boolean",
           "documentation":"<p> This flag, when set to True, indicates that an Upgrade Eligibility Check needs to be performed. This will not actually perform the Upgrade. </p>"
-        }
+        },
+        "ChangeProgressDetails":{"shape":"ChangeProgressDetails"}
       },
       "documentation":"<p> Container for response returned by <code> <a>UpgradeElasticsearchDomain</a> </code> operation. </p>"
     },
diff --git a/contrib/python/botocore/py3/botocore/data/events/2015-10-07/service-2.json b/contrib/python/botocore/py3/botocore/data/events/2015-10-07/service-2.json
index 5dc608252d8..7a81a2807d3 100644
--- a/contrib/python/botocore/py3/botocore/data/events/2015-10-07/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/events/2015-10-07/service-2.json
@@ -633,7 +633,7 @@
         {"shape":"ManagedRuleException"},
         {"shape":"InternalException"}
       ],
-      "documentation":"<p>Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.</p> <p>Targets are the resources that are invoked when a rule is triggered.</p> <p>You can configure the following as targets for Events:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html\">API destination</a> </p> </li> <li> <p>Amazon API Gateway REST API endpoints</p> </li> <li> <p>API Gateway</p> </li> <li> <p>Batch job queue</p> </li> <li> <p>CloudWatch Logs group</p> </li> <li> <p>CodeBuild project</p> </li> <li> <p>CodePipeline</p> </li> <li> <p>Amazon EC2 <code>CreateSnapshot</code> API call</p> </li> <li> <p>Amazon EC2 <code>RebootInstances</code> API call</p> </li> <li> <p>Amazon EC2 <code>StopInstances</code> API call</p> </li> <li> <p>Amazon EC2 <code>TerminateInstances</code> API call</p> </li> <li> <p>Amazon ECS tasks</p> </li> <li> <p>Event bus in a different Amazon Web Services account or Region.</p> <p>You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.</p> </li> <li> <p>Firehose delivery stream (Kinesis Data Firehose)</p> </li> <li> <p>Inspector assessment template (Amazon Inspector)</p> </li> <li> <p>Kinesis stream (Kinesis Data Stream)</p> </li> <li> <p>Lambda function</p> </li> <li> <p>Redshift clusters (Data API statement execution)</p> </li> <li> <p>Amazon SNS topic</p> </li> <li> <p>Amazon SQS queues (includes FIFO queues</p> </li> <li> <p>SSM Automation</p> </li> <li> <p>SSM OpsItem</p> </li> <li> <p>SSM Run Command</p> </li> <li> <p>Step Functions state machines</p> </li> </ul> <p>Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are <code>EC2 CreateSnapshot API call</code>, <code>EC2 RebootInstances API call</code>, <code>EC2 StopInstances API call</code>, and <code>EC2 TerminateInstances API call</code>. </p> <p>For some target types, <code>PutTargets</code> provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the <code>KinesisParameters</code> argument. To invoke a command on multiple EC2 instances with one rule, you can use the <code>RunCommandParameters</code> field.</p> <p>To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the <code>RoleARN</code> argument in <code>PutTargets</code>. For more information, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/auth-and-access-control-eventbridge.html\">Authentication and Access Control</a> in the <i>Amazon EventBridge User Guide</i>.</p> <p>If another Amazon Web Services account is in the same region and has granted you permission (using <code>PutPermission</code>), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the <code>Arn</code> value when you run <code>PutTargets</code>. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see <a href=\"http://aws.amazon.com/eventbridge/pricing/\">Amazon EventBridge Pricing</a>.</p> <note> <p> <code>Input</code>, <code>InputPath</code>, and <code>InputTransformer</code> are not available with <code>PutTarget</code> if the target is an event bus of a different Amazon Web Services account.</p> </note> <p>If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a <code>RoleArn</code> with proper permissions in the <code>Target</code> structure. For more information, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html\">Sending and Receiving Events Between Amazon Web Services Accounts</a> in the <i>Amazon EventBridge User Guide</i>.</p> <p>For more information about enabling cross-account events, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutPermission.html\">PutPermission</a>.</p> <p> <b>Input</b>, <b>InputPath</b>, and <b>InputTransformer</b> are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:</p> <ul> <li> <p>If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).</p> </li> <li> <p>If <b>Input</b> is specified in the form of valid JSON, then the matched event is overridden with this constant.</p> </li> <li> <p>If <b>InputPath</b> is specified in the form of JSONPath (for example, <code>$.detail</code>), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).</p> </li> <li> <p>If <b>InputTransformer</b> is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.</p> </li> </ul> <p>When you specify <code>InputPath</code> or <code>InputTransformer</code>, you must use JSON dot notation, not bracket notation.</p> <p>When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.</p> <p>This action can partially fail if too many requests are made at the same time. If that happens, <code>FailedEntryCount</code> is non-zero in the response and each entry in <code>FailedEntries</code> provides the ID of the failed target and the error code.</p>"
+      "documentation":"<p>Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.</p> <p>Targets are the resources that are invoked when a rule is triggered.</p> <note> <p>Each rule can have up to five (5) targets associated with it at one time.</p> </note> <p>You can configure the following as targets for Events:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destinations.html\">API destination</a> </p> </li> <li> <p>Amazon API Gateway REST API endpoints</p> </li> <li> <p>API Gateway</p> </li> <li> <p>Batch job queue</p> </li> <li> <p>CloudWatch Logs group</p> </li> <li> <p>CodeBuild project</p> </li> <li> <p>CodePipeline</p> </li> <li> <p>Amazon EC2 <code>CreateSnapshot</code> API call</p> </li> <li> <p>EC2 Image Builder</p> </li> <li> <p>Amazon EC2 <code>RebootInstances</code> API call</p> </li> <li> <p>Amazon EC2 <code>StopInstances</code> API call</p> </li> <li> <p>Amazon EC2 <code>TerminateInstances</code> API call</p> </li> <li> <p>Amazon ECS tasks</p> </li> <li> <p>Event bus in a different Amazon Web Services account or Region.</p> <p>You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.</p> </li> <li> <p>Firehose delivery stream (Kinesis Data Firehose)</p> </li> <li> <p>Inspector assessment template (Amazon Inspector)</p> </li> <li> <p>Kinesis stream (Kinesis Data Stream)</p> </li> <li> <p>Lambda function</p> </li> <li> <p>Redshift clusters (Data API statement execution)</p> </li> <li> <p>Amazon SNS topic</p> </li> <li> <p>Amazon SQS queues (includes FIFO queues)</p> </li> <li> <p>SSM Automation</p> </li> <li> <p>SSM OpsItem</p> </li> <li> <p>SSM Run Command</p> </li> <li> <p>Step Functions state machines</p> </li> </ul> <p>Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are <code>EC2 CreateSnapshot API call</code>, <code>EC2 RebootInstances API call</code>, <code>EC2 StopInstances API call</code>, and <code>EC2 TerminateInstances API call</code>. </p> <p>For some target types, <code>PutTargets</code> provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the <code>KinesisParameters</code> argument. To invoke a command on multiple EC2 instances with one rule, you can use the <code>RunCommandParameters</code> field.</p> <p>To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the <code>RoleARN</code> argument in <code>PutTargets</code>. For more information, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/auth-and-access-control-eventbridge.html\">Authentication and Access Control</a> in the <i>Amazon EventBridge User Guide</i>.</p> <p>If another Amazon Web Services account is in the same region and has granted you permission (using <code>PutPermission</code>), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the <code>Arn</code> value when you run <code>PutTargets</code>. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see <a href=\"http://aws.amazon.com/eventbridge/pricing/\">Amazon EventBridge Pricing</a>.</p> <note> <p> <code>Input</code>, <code>InputPath</code>, and <code>InputTransformer</code> are not available with <code>PutTarget</code> if the target is an event bus of a different Amazon Web Services account.</p> </note> <p>If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a <code>RoleArn</code> with proper permissions in the <code>Target</code> structure. For more information, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-cross-account-event-delivery.html\">Sending and Receiving Events Between Amazon Web Services Accounts</a> in the <i>Amazon EventBridge User Guide</i>.</p> <p>For more information about enabling cross-account events, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_PutPermission.html\">PutPermission</a>.</p> <p> <b>Input</b>, <b>InputPath</b>, and <b>InputTransformer</b> are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:</p> <ul> <li> <p>If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).</p> </li> <li> <p>If <b>Input</b> is specified in the form of valid JSON, then the matched event is overridden with this constant.</p> </li> <li> <p>If <b>InputPath</b> is specified in the form of JSONPath (for example, <code>$.detail</code>), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).</p> </li> <li> <p>If <b>InputTransformer</b> is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.</p> </li> </ul> <p>When you specify <code>InputPath</code> or <code>InputTransformer</code>, you must use JSON dot notation, not bracket notation.</p> <p>When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.</p> <p>This action can partially fail if too many requests are made at the same time. If that happens, <code>FailedEntryCount</code> is non-zero in the response and each entry in <code>FailedEntries</code> provides the ID of the failed target and the error code.</p>"
     },
     "RemovePermission":{
       "name":"RemovePermission",
@@ -664,7 +664,7 @@
         {"shape":"ManagedRuleException"},
         {"shape":"InternalException"}
       ],
-      "documentation":"<p>Removes the specified targets from the specified rule. When the rule is triggered, those targets are no longer be invoked.</p> <p>When you remove a target, when the associated rule triggers, removed targets might continue to be invoked. Allow a short period of time for changes to take effect.</p> <p>This action can partially fail if too many requests are made at the same time. If that happens, <code>FailedEntryCount</code> is non-zero in the response and each entry in <code>FailedEntries</code> provides the ID of the failed target and the error code.</p>"
+      "documentation":"<p>Removes the specified targets from the specified rule. When the rule is triggered, those targets are no longer be invoked.</p> <note> <p>A successful execution of <code>RemoveTargets</code> doesn't guarantee all targets are removed from the rule, it means that the target(s) listed in the request are removed.</p> </note> <p>When you remove a target, when the associated rule triggers, removed targets might continue to be invoked. Allow a short period of time for changes to take effect.</p> <p>This action can partially fail if too many requests are made at the same time. If that happens, <code>FailedEntryCount</code> is non-zero in the response and each entry in <code>FailedEntries</code> provides the ID of the failed target and the error code.</p>"
     },
     "StartReplay":{
       "name":"StartReplay",
@@ -2299,7 +2299,7 @@
         },
         "LaunchType":{
           "shape":"LaunchType",
-          "documentation":"<p>Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The <code>FARGATE</code> value is supported only in the Regions where Fargate witt Amazon ECS is supported. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS-Fargate.html\">Fargate on Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
+          "documentation":"<p>Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The <code>FARGATE</code> value is supported only in the Regions where Fargate with Amazon ECS is supported. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS-Fargate.html\">Fargate on Amazon ECS</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>"
         },
         "NetworkConfiguration":{
           "shape":"NetworkConfiguration",
@@ -3207,7 +3207,7 @@
         },
         "TraceHeader":{
           "shape":"TraceHeader",
-          "documentation":"<p>An X-Ray trade header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.</p> <p>To learn more about X-Ray trace headers, see <a href=\"https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-tracingheader\">Tracing header</a> in the X-Ray Developer Guide.</p>"
+          "documentation":"<p>An X-Ray trace header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.</p> <p>To learn more about X-Ray trace headers, see <a href=\"https://docs.aws.amazon.com/xray/latest/devguide/xray-concepts.html#xray-concepts-tracingheader\">Tracing header</a> in the X-Ray Developer Guide.</p>"
         }
       },
       "documentation":"<p>Represents an event to be submitted.</p>"
@@ -3247,7 +3247,7 @@
           "documentation":"<p>The error message that explains why the event submission failed.</p>"
         }
       },
-      "documentation":"<p>Represents an event that failed to be submitted.</p>"
+      "documentation":"<p>Represents an event that failed to be submitted. For information about the errors that are common to all actions, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/APIReference/CommonErrors.html\">Common Errors</a>.</p>"
     },
     "PutEventsResultEntryList":{
       "type":"list",
@@ -3347,7 +3347,7 @@
         },
         "StatementId":{
           "shape":"StatementId",
-          "documentation":"<p>An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this <code>StatementId</code> when you run <a href=\"https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_RemovePermission.html\">RemovePermission</a>.</p>"
+          "documentation":"<p>An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this <code>StatementId</code> when you run <a href=\"https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_RemovePermission.html\">RemovePermission</a>.</p> <note> <p>Each <code>StatementId</code> must be unique.</p> </note>"
         },
         "Condition":{
           "shape":"Condition",
@@ -4071,7 +4071,7 @@
       "members":{
         "Id":{
           "shape":"TargetId",
-          "documentation":"<p>The ID of the target. We recommend using a memorable and unique string.</p>"
+          "documentation":"<p>The ID of the target within the specified rule. Use this ID to reference the target when updating the rule. We recommend using a memorable and unique string.</p>"
         },
         "Arn":{
           "shape":"TargetArn",
diff --git a/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/paginators-1.json
new file mode 100644
index 00000000000..4bc764c4423
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/paginators-1.json
@@ -0,0 +1,28 @@
+{
+  "pagination": {
+    "ListExperiments": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "experiments"
+    },
+    "ListFeatures": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "features"
+    },
+    "ListLaunches": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "launches"
+    },
+    "ListProjects": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "projects"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/service-2.json b/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/service-2.json
new file mode 100644
index 00000000000..7bbd49c09c7
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/evidently/2021-02-01/service-2.json
@@ -0,0 +1,3494 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-02-01",
+    "endpointPrefix":"evidently",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"Amazon CloudWatch Evidently",
+    "serviceId":"Evidently",
+    "signatureVersion":"v4",
+    "signingName":"evidently",
+    "uid":"evidently-2021-02-01"
+  },
+  "operations":{
+    "BatchEvaluateFeature":{
+      "name":"BatchEvaluateFeature",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/evaluations",
+        "responseCode":200
+      },
+      "input":{"shape":"BatchEvaluateFeatureRequest"},
+      "output":{"shape":"BatchEvaluateFeatureResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>This operation assigns feature variation to user sessions. For each user session, you pass in an <code>entityID</code> that represents the user. Evidently then checks the evaluation rules and assigns the variation.</p> <p>The first rules that are evaluated are the override rules. If the user's <code>entityID</code> matches an override rule, the user is served the variation specified by that rule.</p> <p>Next, if there is a launch of the feature, the user might be assigned to a variation in the launch. The chance of this depends on the percentage of users that are allocated to that launch. If the user is enrolled in the launch, the variation they are served depends on the allocation of the various feature variations used for the launch.</p> <p>If the user is not assigned to a launch, and there is an ongoing experiment for this feature, the user might be assigned to a variation in the experiment. The chance of this depends on the percentage of users that are allocated to that experiment. If the user is enrolled in the experiment, the variation they are served depends on the allocation of the various feature variations used for the experiment. </p> <p>If the user is not assigned to a launch or experiment, they are served the default variation.</p>",
+      "endpoint":{"hostPrefix":"dataplane."}
+    },
+    "CreateExperiment":{
+      "name":"CreateExperiment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/experiments",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateExperimentRequest"},
+      "output":{"shape":"CreateExperimentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Evidently <i>experiment</i>. Before you create an experiment, you must create the feature to use for the experiment.</p> <p>An experiment helps you make feature design decisions based on evidence and data. An experiment can test as many as five variations at once. Evidently collects experiment data and analyzes it by statistical methods, and provides clear recommendations about which variations perform better.</p> <p>Don't use this operation to update an existing experiment. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateExperiment.html\">UpdateExperiment</a>. </p>",
+      "idempotent":true
+    },
+    "CreateFeature":{
+      "name":"CreateFeature",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/features",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateFeatureRequest"},
+      "output":{"shape":"CreateFeatureResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Evidently <i>feature</i> that you want to launch or test. You can define up to five variations of a feature, and use these variations in your launches and experiments. A feature must be created in a project. For information about creating a project, see <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateProject.html\">CreateProject</a>.</p> <p>Don't use this operation to update an existing feature. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateFeature.html\">UpdateFeature</a>. </p>"
+    },
+    "CreateLaunch":{
+      "name":"CreateLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/launches",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateLaunchRequest"},
+      "output":{"shape":"CreateLaunchResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a <i>launch</i> of a given feature. Before you create a launch, you must create the feature to use for the launch.</p> <p>You can use a launch to safely validate new features by serving them to a specified percentage of your users while you roll out the feature. You can monitor the performance of the new feature to help you decide when to ramp up traffic to more users. This helps you reduce risk and identify unintended consequences before you fully launch the feature.</p> <p>Don't use this operation to update an existing launch. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateLaunch.html\">UpdateLaunch</a>. </p>"
+    },
+    "CreateProject":{
+      "name":"CreateProject",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateProjectRequest"},
+      "output":{"shape":"CreateProjectResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a project, which is the logical object in Evidently that can contain features, launches, and experiments. Use projects to group similar features together.</p> <p>To update an existing project, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateProject.html\">UpdateProject</a>.</p>"
+    },
+    "DeleteExperiment":{
+      "name":"DeleteExperiment",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/projects/{project}/experiments/{experiment}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteExperimentRequest"},
+      "output":{"shape":"DeleteExperimentResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Evidently experiment. The feature used for the experiment is not deleted.</p> <p>To stop an experiment without deleting it, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StopExperiment.html\">StopExperiment</a>. </p>",
+      "idempotent":true
+    },
+    "DeleteFeature":{
+      "name":"DeleteFeature",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/projects/{project}/features/{feature}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteFeatureRequest"},
+      "output":{"shape":"DeleteFeatureResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Evidently feature.</p>",
+      "idempotent":true
+    },
+    "DeleteLaunch":{
+      "name":"DeleteLaunch",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/projects/{project}/launches/{launch}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteLaunchRequest"},
+      "output":{"shape":"DeleteLaunchResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Evidently launch. The feature used for the launch is not deleted.</p> <p>To stop a launch without deleting it, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_StopLaunch.html\">StopLaunch</a>. </p>",
+      "idempotent":true
+    },
+    "DeleteProject":{
+      "name":"DeleteProject",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/projects/{project}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteProjectRequest"},
+      "output":{"shape":"DeleteProjectResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Evidently project. Before you can delete a project, you must delete all the features that the project contains. To delete a feature, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_DeleteFeature.html\">DeleteFeature</a>.</p>",
+      "idempotent":true
+    },
+    "EvaluateFeature":{
+      "name":"EvaluateFeature",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/evaluations/{feature}",
+        "responseCode":200
+      },
+      "input":{"shape":"EvaluateFeatureRequest"},
+      "output":{"shape":"EvaluateFeatureResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>This operation assigns a feature variation to one given user session. You pass in an <code>entityID</code> that represents the user. Evidently then checks the evaluation rules and assigns the variation.</p> <p>The first rules that are evaluated are the override rules. If the user's <code>entityID</code> matches an override rule, the user is served the variation specified by that rule.</p> <p>Next, if there is a launch of the feature, the user might be assigned to a variation in the launch. The chance of this depends on the percentage of users that are allocated to that launch. If the user is enrolled in the launch, the variation they are served depends on the allocation of the various feature variations used for the launch.</p> <p>If the user is not assigned to a launch, and there is an ongoing experiment for this feature, the user might be assigned to a variation in the experiment. The chance of this depends on the percentage of users that are allocated to that experiment. If the user is enrolled in the experiment, the variation they are served depends on the allocation of the various feature variations used for the experiment. </p> <p>If the user is not assigned to a launch or experiment, they are served the default variation.</p>",
+      "endpoint":{"hostPrefix":"dataplane."}
+    },
+    "GetExperiment":{
+      "name":"GetExperiment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/experiments/{experiment}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetExperimentRequest"},
+      "output":{"shape":"GetExperimentResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the details about one experiment. You must already know the experiment name. To retrieve a list of experiments in your account, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListExperiments.html\">ListExperiments</a>.</p>"
+    },
+    "GetExperimentResults":{
+      "name":"GetExperimentResults",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/experiments/{experiment}/results",
+        "responseCode":200
+      },
+      "input":{"shape":"GetExperimentResultsRequest"},
+      "output":{"shape":"GetExperimentResultsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Retrieves the results of a running or completed experiment.</p>"
+    },
+    "GetFeature":{
+      "name":"GetFeature",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/features/{feature}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetFeatureRequest"},
+      "output":{"shape":"GetFeatureResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the details about one feature. You must already know the feature name. To retrieve a list of features in your account, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListFeatures.html\">ListFeatures</a>.</p>"
+    },
+    "GetLaunch":{
+      "name":"GetLaunch",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/launches/{launch}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetLaunchRequest"},
+      "output":{"shape":"GetLaunchResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the details about one launch. You must already know the launch name. To retrieve a list of launches in your account, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListLaunches.html\">ListLaunches</a>.</p>"
+    },
+    "GetProject":{
+      "name":"GetProject",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetProjectRequest"},
+      "output":{"shape":"GetProjectResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the details about one launch. You must already know the project name. To retrieve a list of projects in your account, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_ListProjects.html\">ListProjects</a>.</p>"
+    },
+    "ListExperiments":{
+      "name":"ListExperiments",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/experiments",
+        "responseCode":200
+      },
+      "input":{"shape":"ListExperimentsRequest"},
+      "output":{"shape":"ListExperimentsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Returns configuration details about all the experiments in the specified project.</p>"
+    },
+    "ListFeatures":{
+      "name":"ListFeatures",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/features",
+        "responseCode":200
+      },
+      "input":{"shape":"ListFeaturesRequest"},
+      "output":{"shape":"ListFeaturesResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns configuration details about all the features in the specified project.</p>"
+    },
+    "ListLaunches":{
+      "name":"ListLaunches",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects/{project}/launches",
+        "responseCode":200
+      },
+      "input":{"shape":"ListLaunchesRequest"},
+      "output":{"shape":"ListLaunchesResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns configuration details about all the launches in the specified project.</p>"
+    },
+    "ListProjects":{
+      "name":"ListProjects",
+      "http":{
+        "method":"GET",
+        "requestUri":"/projects",
+        "responseCode":200
+      },
+      "input":{"shape":"ListProjectsRequest"},
+      "output":{"shape":"ListProjectsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns configuration details about all the projects in the current Region in your account.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Displays the tags associated with an Evidently resource.</p>"
+    },
+    "PutProjectEvents":{
+      "name":"PutProjectEvents",
+      "http":{
+        "method":"POST",
+        "requestUri":"/events/projects/{project}",
+        "responseCode":200
+      },
+      "input":{"shape":"PutProjectEventsRequest"},
+      "output":{"shape":"PutProjectEventsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Sends performance events to Evidently. These events can be used to evaluate a launch or an experiment.</p>",
+      "endpoint":{"hostPrefix":"dataplane."}
+    },
+    "StartExperiment":{
+      "name":"StartExperiment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/experiments/{experiment}/start",
+        "responseCode":200
+      },
+      "input":{"shape":"StartExperimentRequest"},
+      "output":{"shape":"StartExperimentResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Starts an existing experiment. To create an experiment, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateExperiment.html\">CreateExperiment</a>.</p>"
+    },
+    "StartLaunch":{
+      "name":"StartLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/launches/{launch}/start",
+        "responseCode":200
+      },
+      "input":{"shape":"StartLaunchRequest"},
+      "output":{"shape":"StartLaunchResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Starts an existing launch. To create a launch, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateLaunch.html\">CreateLaunch</a>.</p>"
+    },
+    "StopExperiment":{
+      "name":"StopExperiment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/experiments/{experiment}/cancel",
+        "responseCode":200
+      },
+      "input":{"shape":"StopExperimentRequest"},
+      "output":{"shape":"StopExperimentResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Stops an experiment that is currently running. If you stop an experiment, you can't resume it or restart it.</p>"
+    },
+    "StopLaunch":{
+      "name":"StopLaunch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/projects/{project}/launches/{launch}/cancel",
+        "responseCode":200
+      },
+      "input":{"shape":"StopLaunchRequest"},
+      "output":{"shape":"StopLaunchResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Stops a launch that is currently running. After you stop a launch, you will not be able to resume it or restart it. Also, it will not be evaluated as a rule for traffic allocation, and the traffic that was allocated to the launch will instead be available to the feature's experiment, if there is one. Otherwise, all traffic will be served the default variation after the launch is stopped.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Assigns one or more tags (key-value pairs) to the specified CloudWatch Evidently resource. Projects, features, launches, and experiments can be tagged.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <p>You can use the <code>TagResource</code> action with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.</p> <p>You can associate as many as 50 tags with a resource.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>",
+      "idempotent":true
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Removes one or more tags from the specified resource.</p>",
+      "idempotent":true
+    },
+    "UpdateExperiment":{
+      "name":"UpdateExperiment",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/projects/{project}/experiments/{experiment}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateExperimentRequest"},
+      "output":{"shape":"UpdateExperimentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates an Evidently experiment. </p> <p>Don't use this operation to update an experiment's tag. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TagResource.html\">TagResource</a>. </p>"
+    },
+    "UpdateFeature":{
+      "name":"UpdateFeature",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/projects/{project}/features/{feature}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateFeatureRequest"},
+      "output":{"shape":"UpdateFeatureResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates an existing feature.</p> <p>You can't use this operation to update the tags of an existing feature. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TagResource.html\">TagResource</a>. </p>"
+    },
+    "UpdateLaunch":{
+      "name":"UpdateLaunch",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/projects/{project}/launches/{launch}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateLaunchRequest"},
+      "output":{"shape":"UpdateLaunchResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates a launch of a given feature. </p> <p>Don't use this operation to update the tags of an existing launch. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TagResource.html\">TagResource</a>. </p>"
+    },
+    "UpdateProject":{
+      "name":"UpdateProject",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/projects/{project}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateProjectRequest"},
+      "output":{"shape":"UpdateProjectResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates the description of an existing project.</p> <p>To create a new project, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_CreateProject.html\">CreateProject</a>.</p> <p>Don't use this operation to update the data storage options of a project. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_UpdateProjectDataDelivery.html\">UpdateProjectDataDelivery</a>. </p> <p>Don't use this operation to update the tags of a project. Instead, use <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_TagResource.html\">TagResource</a>. </p>"
+    },
+    "UpdateProjectDataDelivery":{
+      "name":"UpdateProjectDataDelivery",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/projects/{project}/data-delivery",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateProjectDataDeliveryRequest"},
+      "output":{"shape":"UpdateProjectDataDeliveryResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates the data storage options for this project. If you store evaluation events, you an keep them and analyze them on your own. If you choose not to store evaluation events, Evidently deletes them after using them to produce metrics and other experiment results that you can view.</p> <p>You can't specify both <code>cloudWatchLogs</code> and <code>s3Destination</code> in the same operation.</p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You do not have sufficient permissions to perform this action. </p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Arn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*"
+    },
+    "BatchEvaluateFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "project",
+        "requests"
+      ],
+      "members":{
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the feature being evaluated.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "requests":{
+          "shape":"EvaluationRequestsList",
+          "documentation":"<p>An array of structures, where each structure assigns a feature variation to one user session.</p>"
+        }
+      }
+    },
+    "BatchEvaluateFeatureResponse":{
+      "type":"structure",
+      "members":{
+        "results":{
+          "shape":"EvaluationResultsList",
+          "documentation":"<p>An array of structures, where each structure displays the results of one feature evaluation assignment to one user session.</p>"
+        }
+      }
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "ChangeDirectionEnum":{
+      "type":"string",
+      "enum":[
+        "INCREASE",
+        "DECREASE"
+      ]
+    },
+    "CloudWatchLogsDestination":{
+      "type":"structure",
+      "members":{
+        "logGroup":{
+          "shape":"CwLogGroupSafeName",
+          "documentation":"<p>The name of the log group where the project stores evaluation events.</p>"
+        }
+      },
+      "documentation":"<p>A structure containing the CloudWatch Logs log group where the project stores evaluation events.</p>"
+    },
+    "CloudWatchLogsDestinationConfig":{
+      "type":"structure",
+      "members":{
+        "logGroup":{
+          "shape":"CwLogGroupSafeName",
+          "documentation":"<p>The name of the log group where the project stores evaluation events.</p>"
+        }
+      },
+      "documentation":"<p>A structure containing the CloudWatch Logs log group where the project stores evaluation events.</p>"
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"},
+        "resourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource that caused the exception.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the resource that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>A resource was in an inconsistent state during an update or a deletion.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "CreateExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "metricGoals",
+        "name",
+        "project",
+        "treatments"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the experiment.</p>"
+        },
+        "metricGoals":{
+          "shape":"MetricGoalConfigList",
+          "documentation":"<p>An array of structures that defines the metrics used for the experiment, and whether a higher or lower value for each metric is the goal.</p>"
+        },
+        "name":{
+          "shape":"ExperimentName",
+          "documentation":"<p>A name for the new experiment.</p>"
+        },
+        "onlineAbConfig":{
+          "shape":"OnlineAbConfig",
+          "documentation":"<p>A structure that contains the configuration of which variation to use as the \"control\" version. tThe \"control\" version is used for comparison with other variations. This structure also specifies how much experiment traffic is allocated to each variation.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that you want to create the new experiment in.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>When Evidently assigns a particular user session to an experiment, it must use a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>. If you omit <code>randomizationSalt</code>, Evidently uses the experiment name as the <code>randomizationSalt</code>.</p>"
+        },
+        "samplingRate":{
+          "shape":"SplitWeight",
+          "documentation":"<p>The portion of the available audience that you want to allocate to this experiment, in thousandths of a percent. The available audience is the total audience minus the audience that you have allocated to overrides or current launches of this feature.</p> <p>This is represented in thousandths of a percent. For example, specify 10,000 to allocate 10% of the available audience.</p>",
+          "box":true
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Assigns one or more tags (key-value pairs) to the experiment.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <pre><code> &lt;p&gt;You can associate as many as 50 tags with an experiment.&lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services resources&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+        },
+        "treatments":{
+          "shape":"TreatmentConfigList",
+          "documentation":"<p>An array of structures that describe the configuration of each feature variation used in the experiment.</p>"
+        }
+      }
+    },
+    "CreateExperimentResponse":{
+      "type":"structure",
+      "required":["experiment"],
+      "members":{
+        "experiment":{
+          "shape":"Experiment",
+          "documentation":"<p>A structure containing the configuration details of the experiment that you created.</p>"
+        }
+      }
+    },
+    "CreateFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "name",
+        "project",
+        "variations"
+      ],
+      "members":{
+        "defaultVariation":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation to use as the default variation. The default variation is served to users who are not allocated to any ongoing launches or experiments of this feature.</p> <p>This variation must also be listed in the <code>variations</code> structure.</p> <p>If you omit <code>defaultVariation</code>, the first variation listed in the <code>variations</code> structure is used as the default variation.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the feature.</p>"
+        },
+        "entityOverrides":{
+          "shape":"EntityOverrideMap",
+          "documentation":"<p>Specify users that should always be served a specific variation of a feature. Each user is specified by a key-value pair . For each key, specify a user by entering their user ID, account ID, or some other identifier. For the value, specify the name of the variation that they are to be served.</p>"
+        },
+        "evaluationStrategy":{
+          "shape":"FeatureEvaluationStrategy",
+          "documentation":"<p>Specify <code>ALL_RULES</code> to activate the traffic allocation specified by any ongoing launches or experiments. Specify <code>DEFAULT_VARIATION</code> to serve the default variation to all users instead.</p>"
+        },
+        "name":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name for the new feature.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that is to contain the new feature.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Assigns one or more tags (key-value pairs) to the feature.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <pre><code> &lt;p&gt;You can associate as many as 50 tags with a feature.&lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services resources&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+        },
+        "variations":{
+          "shape":"VariationConfigsList",
+          "documentation":"<p>An array of structures that contain the configuration of the feature's different variations.</p>"
+        }
+      }
+    },
+    "CreateFeatureResponse":{
+      "type":"structure",
+      "members":{
+        "feature":{
+          "shape":"Feature",
+          "documentation":"<p>A structure that contains information about the new feature.</p>"
+        }
+      }
+    },
+    "CreateLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "groups",
+        "name",
+        "project"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description for the launch.</p>"
+        },
+        "groups":{
+          "shape":"LaunchGroupConfigList",
+          "documentation":"<p>An array of structures that contains the feature and variations that are to be used for the launch.</p>"
+        },
+        "metricMonitors":{
+          "shape":"MetricMonitorConfigList",
+          "documentation":"<p>An array of structures that define the metrics that will be used to monitor the launch performance.</p>"
+        },
+        "name":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name for the new launch.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that you want to create the launch in.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>When Evidently assigns a particular user session to a launch, it must use a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>. If you omit <code>randomizationSalt</code>, Evidently uses the launch name as the <code>randomizationsSalt</code>.</p>"
+        },
+        "scheduledSplitsConfig":{
+          "shape":"ScheduledSplitsLaunchConfig",
+          "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of the launch.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Assigns one or more tags (key-value pairs) to the launch.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <pre><code> &lt;p&gt;You can associate as many as 50 tags with a launch.&lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services resources&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+        }
+      }
+    },
+    "CreateLaunchResponse":{
+      "type":"structure",
+      "required":["launch"],
+      "members":{
+        "launch":{
+          "shape":"Launch",
+          "documentation":"<p>A structure that contains the configuration of the launch that was created.</p>"
+        }
+      }
+    },
+    "CreateProjectRequest":{
+      "type":"structure",
+      "required":["name"],
+      "members":{
+        "dataDelivery":{
+          "shape":"ProjectDataDeliveryConfig",
+          "documentation":"<p>A structure that contains information about where Evidently is to store evaluation events for longer term storage, if you choose to do so. If you choose not to store these events, Evidently deletes them after using them to produce metrics and other experiment results that you can view.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the project.</p>"
+        },
+        "name":{
+          "shape":"ProjectName",
+          "documentation":"<p>The name for the project.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Assigns one or more tags (key-value pairs) to the project.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <pre><code> &lt;p&gt;You can associate as many as 50 tags with a project.&lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services resources&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+        }
+      }
+    },
+    "CreateProjectResponse":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"Project",
+          "documentation":"<p>A structure that contains information about the created project.</p>"
+        }
+      }
+    },
+    "CwDimensionSafeName":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^[\\S]+$"
+    },
+    "CwLogGroupSafeName":{
+      "type":"string",
+      "max":512,
+      "min":1,
+      "pattern":"^[-a-zA-Z0-9._/]+$"
+    },
+    "DeleteExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "experiment",
+        "project"
+      ],
+      "members":{
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment to delete.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment to delete.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "DeleteExperimentResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "feature",
+        "project"
+      ],
+      "members":{
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature to delete.</p>",
+          "location":"uri",
+          "locationName":"feature"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the feature to delete.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "DeleteFeatureResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "launch",
+        "project"
+      ],
+      "members":{
+        "launch":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch to delete.</p>",
+          "location":"uri",
+          "locationName":"launch"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch to delete.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "DeleteLaunchResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteProjectRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to delete.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "DeleteProjectResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Description":{
+      "type":"string",
+      "max":160,
+      "min":0,
+      "pattern":".*"
+    },
+    "Double":{
+      "type":"double",
+      "box":true
+    },
+    "DoubleValueList":{
+      "type":"list",
+      "member":{"shape":"Double"},
+      "max":100800,
+      "min":0
+    },
+    "EntityId":{
+      "type":"string",
+      "max":512,
+      "min":1,
+      "pattern":".*"
+    },
+    "EntityOverrideMap":{
+      "type":"map",
+      "key":{"shape":"EntityId"},
+      "value":{"shape":"VariationName"},
+      "max":20,
+      "min":0
+    },
+    "ErrorCodeEnum":{
+      "type":"string",
+      "documentation":"<p>Recommended errors from AWS API standards: https://w.amazon.com/bin/view/AWS/API_Standards/Exceptions ErrorCode = &quot;ValidationException&quot;|&quot;ServiceQuotaExceededException&quot;|&quot;AccessDeniedException&quot;|&quot;ResourceNotFoundException&quot;|&quot;ConflictException&quot;|&quot;ThrottlingException&quot;|&quot;InternalServerException&quot;|string;</p>",
+      "max":64,
+      "min":1
+    },
+    "ErrorMessage":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".*"
+    },
+    "EvaluateFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "feature",
+        "project"
+      ],
+      "members":{
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>An internal ID that represents a unique user of the application. This <code>entityID</code> is checked against any override rules assigned for this feature.</p>"
+        },
+        "evaluationContext":{
+          "shape":"JsonValue",
+          "documentation":"<p>A JSON block of attributes that you can optionally pass in. This JSON block is included in the evaluation events sent to Evidently from the user session. </p>",
+          "jsonvalue":true
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature being evaluated.</p>",
+          "location":"uri",
+          "locationName":"feature"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains this feature.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "EvaluateFeatureResponse":{
+      "type":"structure",
+      "members":{
+        "details":{
+          "shape":"JsonValue",
+          "documentation":"<p>If this user was assigned to a launch or experiment, this field lists the launch or experiment name.</p>",
+          "jsonvalue":true
+        },
+        "reason":{
+          "shape":"String",
+          "documentation":"<p>Specifies the reason that the user session was assigned this variation. Possible values include <code>DEFAULT</code>, meaning the user was served the default variation; <code>LAUNCH_RULE_MATCH</code>, if the user session was enrolled in a launch; <code>EXPERIMENT_RULE_MATCH</code>, if the user session was enrolled in an experiment; or <code>ENTITY_OVERRIDES_MATCH</code>, if the user's <code>entityId</code> matches an override rule.</p>"
+        },
+        "value":{
+          "shape":"VariableValue",
+          "documentation":"<p>The value assigned to this variation to differentiate it from the other variations of this feature.</p>"
+        },
+        "variation":{
+          "shape":"String",
+          "documentation":"<p>The name of the variation that was served to the user session.</p>"
+        }
+      }
+    },
+    "EvaluationRequest":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "feature"
+      ],
+      "members":{
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>An internal ID that represents a unique user session of the application. This <code>entityID</code> is checked against any override rules assigned for this feature.</p>"
+        },
+        "evaluationContext":{
+          "shape":"JsonValue",
+          "documentation":"<p>A JSON block of attributes that you can optionally pass in. This JSON block is included in the evaluation events sent to Evidently from the user session. </p>",
+          "jsonvalue":true
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature being evaluated.</p>"
+        }
+      },
+      "documentation":"<p>This structure assigns a feature variation to one user session.</p>"
+    },
+    "EvaluationRequestsList":{
+      "type":"list",
+      "member":{"shape":"EvaluationRequest"},
+      "max":20,
+      "min":1
+    },
+    "EvaluationResult":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "feature"
+      ],
+      "members":{
+        "details":{
+          "shape":"JsonValue",
+          "documentation":"<p>If this user was assigned to a launch or experiment, this field lists the launch or experiment name.</p>",
+          "jsonvalue":true
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>An internal ID that represents a unique user session of the application.</p>"
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature being evaluated.</p>"
+        },
+        "project":{
+          "shape":"Arn",
+          "documentation":"<p>The name or ARN of the project that contains the feature being evaluated.</p>"
+        },
+        "reason":{
+          "shape":"String",
+          "documentation":"<p>Specifies the reason that the user session was assigned this variation. Possible values include <code>DEFAULT</code>, meaning the user was served the default variation; <code>LAUNCH_RULE_MATCH</code>, if the user session was enrolled in a launch; or <code>EXPERIMENT_RULE_MATCH</code>, if the user session was enrolled in an experiment.</p>"
+        },
+        "value":{
+          "shape":"VariableValue",
+          "documentation":"<p>The value assigned to this variation to differentiate it from the other variations of this feature.</p>"
+        },
+        "variation":{
+          "shape":"String",
+          "documentation":"<p>The name of the variation that was served to the user session.</p>"
+        }
+      },
+      "documentation":"<p>This structure displays the results of one feature evaluation assignment to one user session.</p>"
+    },
+    "EvaluationResultsList":{
+      "type":"list",
+      "member":{"shape":"EvaluationResult"}
+    },
+    "EvaluationRule":{
+      "type":"structure",
+      "required":["type"],
+      "members":{
+        "name":{
+          "shape":"RuleName",
+          "documentation":"<p>The name of the experiment or launch.</p>"
+        },
+        "type":{
+          "shape":"RuleType",
+          "documentation":"<p>This value is <code>aws.evidently.splits</code> if this is an evaluation rule for a launch, and it is <code>aws.evidently.onlineab</code> if this is an evaluation rule for an experiment.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the information about an evaluation rule for this feature, if it is used in a launch or experiment.</p>"
+    },
+    "EvaluationRulesList":{
+      "type":"list",
+      "member":{"shape":"EvaluationRule"}
+    },
+    "Event":{
+      "type":"structure",
+      "required":[
+        "data",
+        "timestamp",
+        "type"
+      ],
+      "members":{
+        "data":{
+          "shape":"JsonValue",
+          "documentation":"<p>The event data.</p>",
+          "jsonvalue":true
+        },
+        "timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of the event.</p>"
+        },
+        "type":{
+          "shape":"EventType",
+          "documentation":"<p> <code>aws.evidently.evaluation</code> specifies an evaluation event, which determines which feature variation that a user sees. <code>aws.evidently.custom</code> specifies a custom event, which generates metrics from user actions such as clicks and checkouts.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the information about one evaluation event or custom event sent to Evidently. This is a JSON payload. If this event specifies a pre-defined event type, the payload must follow the defined event schema.</p>"
+    },
+    "EventList":{
+      "type":"list",
+      "member":{"shape":"Event"},
+      "max":50,
+      "min":0
+    },
+    "EventType":{
+      "type":"string",
+      "enum":[
+        "aws.evidently.evaluation",
+        "aws.evidently.custom"
+      ]
+    },
+    "Experiment":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "lastUpdatedTime",
+        "name",
+        "status",
+        "type"
+      ],
+      "members":{
+        "arn":{
+          "shape":"ExperimentArn",
+          "documentation":"<p>The ARN of the experiment.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment is first created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the experiment.</p>"
+        },
+        "execution":{
+          "shape":"ExperimentExecution",
+          "documentation":"<p>A structure that contains the date and time that the experiment started and ended.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment was most recently updated.</p>"
+        },
+        "metricGoals":{
+          "shape":"MetricGoalsList",
+          "documentation":"<p>An array of structures that defines the metrics used for the experiment, and whether a higher or lower value for each metric is the goal.</p>"
+        },
+        "name":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment.</p>"
+        },
+        "onlineAbDefinition":{
+          "shape":"OnlineAbDefinition",
+          "documentation":"<p>A structure that contains the configuration of which variation to use as the \"control\" version. The \"control\" version is used for comparison with other variations. This structure also specifies how much experiment traffic is allocated to each variation.</p>"
+        },
+        "project":{
+          "shape":"ProjectArn",
+          "documentation":"<p>The name or ARN of the project that contains this experiment.</p>"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>This value is used when Evidently assigns a particular user session to the experiment. It helps create a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>.</p>"
+        },
+        "samplingRate":{
+          "shape":"SplitWeight",
+          "documentation":"<p>In thousandths of a percent, the amount of the available audience that is allocated to this experiment. The available audience is the total audience minus the audience that you have allocated to overrides or current launches of this feature.</p> <p>This is represented in thousandths of a percent, so a value of 10,000 is 10% of the available audience.</p>"
+        },
+        "schedule":{
+          "shape":"ExperimentSchedule",
+          "documentation":"<p>A structure that contains the time and date that Evidently completed the analysis of the experiment.</p>"
+        },
+        "status":{
+          "shape":"ExperimentStatus",
+          "documentation":"<p>The current state of the experiment.</p>"
+        },
+        "statusReason":{
+          "shape":"Description",
+          "documentation":"<p>If the experiment was stopped, this is the string that was entered by the person who stopped the experiment, to explain why it was stopped.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this experiment.</p>"
+        },
+        "treatments":{
+          "shape":"TreatmentList",
+          "documentation":"<p>An array of structures that describe the configuration of each feature variation used in the experiment.</p>"
+        },
+        "type":{
+          "shape":"ExperimentType",
+          "documentation":"<p>The type of this experiment. Currently, this value must be <code>aws.experiment.onlineab</code>.</p>"
+        }
+      },
+      "documentation":"<p>A structure containing the configuration details of an experiment.</p>"
+    },
+    "ExperimentArn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/experiment/[-a-zA-Z0-9._]*"
+    },
+    "ExperimentBaseStat":{
+      "type":"string",
+      "enum":["Mean"]
+    },
+    "ExperimentExecution":{
+      "type":"structure",
+      "members":{
+        "endedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment ended.</p>"
+        },
+        "startedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment started.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains the date and time that the experiment started and ended.</p>"
+    },
+    "ExperimentList":{
+      "type":"list",
+      "member":{"shape":"Experiment"}
+    },
+    "ExperimentName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "ExperimentReport":{
+      "type":"structure",
+      "members":{
+        "content":{
+          "shape":"JsonValue",
+          "documentation":"<p>The content of the report.</p>",
+          "jsonvalue":true
+        },
+        "metricName":{
+          "shape":"CwDimensionSafeName",
+          "documentation":"<p>The name of the metric that is analyzed in this experiment report.</p>"
+        },
+        "reportName":{
+          "shape":"ExperimentReportName",
+          "documentation":"<p>The type of analysis used for this report.</p>"
+        },
+        "treatmentName":{
+          "shape":"TreatmentName",
+          "documentation":"<p>The name of the variation that this report pertains to.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains results of an experiment.</p>"
+    },
+    "ExperimentReportList":{
+      "type":"list",
+      "member":{"shape":"ExperimentReport"},
+      "max":1000,
+      "min":0
+    },
+    "ExperimentReportName":{
+      "type":"string",
+      "enum":["BayesianInference"]
+    },
+    "ExperimentReportNameList":{
+      "type":"list",
+      "member":{"shape":"ExperimentReportName"},
+      "max":5,
+      "min":0
+    },
+    "ExperimentResultRequestType":{
+      "type":"string",
+      "enum":[
+        "BaseStat",
+        "TreatmentEffect",
+        "ConfidenceInterval",
+        "PValue"
+      ]
+    },
+    "ExperimentResultRequestTypeList":{
+      "type":"list",
+      "member":{"shape":"ExperimentResultRequestType"},
+      "max":5,
+      "min":0
+    },
+    "ExperimentResultResponseType":{
+      "type":"string",
+      "enum":[
+        "Mean",
+        "TreatmentEffect",
+        "ConfidenceIntervalUpperBound",
+        "ConfidenceIntervalLowerBound",
+        "PValue"
+      ]
+    },
+    "ExperimentResultsData":{
+      "type":"structure",
+      "members":{
+        "metricName":{
+          "shape":"CwDimensionSafeName",
+          "documentation":"<p>The name of the metric.</p>"
+        },
+        "resultStat":{
+          "shape":"ExperimentResultResponseType",
+          "documentation":"<p>The experiment statistic that these results pertain to.</p>"
+        },
+        "treatmentName":{
+          "shape":"TreatmentName",
+          "documentation":"<p>The treatment, or variation, that returned the <code>values</code> in this structure.</p>"
+        },
+        "values":{
+          "shape":"DoubleValueList",
+          "documentation":"<p>The values for the <code>metricName</code> that were recorded in the experiment.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains experiment results for one metric that is monitored in the experiment.</p>"
+    },
+    "ExperimentResultsDataList":{
+      "type":"list",
+      "member":{"shape":"ExperimentResultsData"},
+      "max":1000,
+      "min":0
+    },
+    "ExperimentSchedule":{
+      "type":"structure",
+      "members":{
+        "analysisCompleteTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time and date that Evidently completed the analysis of the experiment.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains the time and date that Evidently completed the analysis of the experiment.</p>"
+    },
+    "ExperimentStatus":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "UPDATING",
+        "RUNNING",
+        "COMPLETED",
+        "CANCELLED"
+      ]
+    },
+    "ExperimentStopDesiredState":{
+      "type":"string",
+      "enum":[
+        "COMPLETED",
+        "CANCELLED"
+      ]
+    },
+    "ExperimentType":{
+      "type":"string",
+      "enum":["aws.evidently.onlineab"]
+    },
+    "Feature":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "evaluationStrategy",
+        "lastUpdatedTime",
+        "name",
+        "status",
+        "valueType",
+        "variations"
+      ],
+      "members":{
+        "arn":{
+          "shape":"FeatureArn",
+          "documentation":"<p>The ARN of the feature.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the feature is created.</p>"
+        },
+        "defaultVariation":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation that is used as the default variation. The default variation is served to users who are not allocated to any ongoing launches or experiments of this feature.</p> <p>This variation must also be listed in the <code>variations</code> structure.</p> <p>If you omit <code>defaultVariation</code>, the first variation listed in the <code>variations</code> structure is used as the default variation.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the feature.</p>"
+        },
+        "entityOverrides":{
+          "shape":"EntityOverrideMap",
+          "documentation":"<p>A set of key-value pairs that specify users who should always be served a specific variation of a feature. Each key specifies a user using their user ID, account ID, or some other identifier. The value specifies the name of the variation that the user is to be served.</p> <p>For the override to be successful, the value of the key must match the <code>entityId</code> used in the <a href=\"https://docs.aws.amazon.com/cloudwatchevidently/latest/APIReference/API_EvaluateFeature.html\">EvaluateFeature</a> operation.</p>"
+        },
+        "evaluationRules":{
+          "shape":"EvaluationRulesList",
+          "documentation":"<p>An array of structures that define the evaluation rules for the feature.</p>"
+        },
+        "evaluationStrategy":{
+          "shape":"FeatureEvaluationStrategy",
+          "documentation":"<p>If this value is <code>ALL_RULES</code>, the traffic allocation specified by any ongoing launches or experiments is being used. If this is <code>DEFAULT_VARIATION</code>, the default variation is being served to all users.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the feature was most recently updated.</p>"
+        },
+        "name":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature.</p>"
+        },
+        "project":{
+          "shape":"ProjectArn",
+          "documentation":"<p>The name or ARN of the project that contains the feature.</p>"
+        },
+        "status":{
+          "shape":"FeatureStatus",
+          "documentation":"<p>The current state of the feature.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this feature.</p>"
+        },
+        "valueType":{
+          "shape":"VariationValueType",
+          "documentation":"<p>Defines the type of value used to define the different feature variations. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Evidently-variationtypes.html\">Variation types</a> </p>"
+        },
+        "variations":{
+          "shape":"VariationsList",
+          "documentation":"<p>An array of structures that contain the configuration of the feature's different variations.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains information about one Evidently feature in your account.</p>"
+    },
+    "FeatureArn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/feature/[-a-zA-Z0-9._]*"
+    },
+    "FeatureEvaluationStrategy":{
+      "type":"string",
+      "enum":[
+        "ALL_RULES",
+        "DEFAULT_VARIATION"
+      ]
+    },
+    "FeatureName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "FeatureStatus":{
+      "type":"string",
+      "enum":[
+        "AVAILABLE",
+        "UPDATING"
+      ]
+    },
+    "FeatureSummariesList":{
+      "type":"list",
+      "member":{"shape":"FeatureSummary"}
+    },
+    "FeatureSummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "evaluationStrategy",
+        "lastUpdatedTime",
+        "name",
+        "status"
+      ],
+      "members":{
+        "arn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the feature.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the feature is created.</p>"
+        },
+        "defaultVariation":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation that is used as the default variation. The default variation is served to users who are not allocated to any ongoing launches or experiments of this feature.</p>"
+        },
+        "evaluationRules":{
+          "shape":"EvaluationRulesList",
+          "documentation":"<p>An array of structures that define</p>"
+        },
+        "evaluationStrategy":{
+          "shape":"FeatureEvaluationStrategy",
+          "documentation":"<p>If this value is <code>ALL_RULES</code>, the traffic allocation specified by any ongoing launches or experiments is being used. If this is <code>DEFAULT_VARIATION</code>, the default variation is being served to all users.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the feature was most recently updated.</p>"
+        },
+        "name":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the feature.</p>"
+        },
+        "status":{
+          "shape":"FeatureStatus",
+          "documentation":"<p>The current state of the feature.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this feature.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains information about one Evidently feature in your account.</p>"
+    },
+    "FeatureToVariationMap":{
+      "type":"map",
+      "key":{"shape":"FeatureName"},
+      "value":{"shape":"VariationName"}
+    },
+    "GetExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "experiment",
+        "project"
+      ],
+      "members":{
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment that you want to see the details of.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "GetExperimentResponse":{
+      "type":"structure",
+      "members":{
+        "experiment":{
+          "shape":"Experiment",
+          "documentation":"<p>A structure containing the configuration details of the experiment.</p>"
+        }
+      }
+    },
+    "GetExperimentResultsRequest":{
+      "type":"structure",
+      "required":[
+        "experiment",
+        "metricNames",
+        "project",
+        "treatmentNames"
+      ],
+      "members":{
+        "baseStat":{
+          "shape":"ExperimentBaseStat",
+          "documentation":"<p>The statistic used to calculate experiment results. Currently the only valid value is <code>mean</code>, which uses the mean of the collected values as the statistic.</p>"
+        },
+        "endTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment ended, if it is completed.</p>"
+        },
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment to retrieve the results of.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "metricNames":{
+          "shape":"MetricNameList",
+          "documentation":"<p>The names of the experiment metrics that you want to see the results of.</p>"
+        },
+        "period":{
+          "shape":"ResultsPeriod",
+          "documentation":"<p>In seconds, the amount of time to aggregate results together. </p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment that you want to see the results of.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "reportNames":{
+          "shape":"ExperimentReportNameList",
+          "documentation":"<p>The names of the report types that you want to see. Currently, <code>BayesianInference</code> is the only valid value.</p>"
+        },
+        "resultStats":{
+          "shape":"ExperimentResultRequestTypeList",
+          "documentation":"<p>The statistics that you want to see in the returned results.</p> <ul> <li> <p> <code>PValue</code> specifies to use p-values for the results. A p-value is used in hypothesis testing to measure how often you are willing to make a mistake in rejecting the null hypothesis. A general practice is to reject the null hypothesis and declare that the results are statistically significant when the p-value is less than 0.05.</p> </li> <li> <p> <code>ConfidenceInterval</code> specifies a confidence interval for the results. The confidence interval represents the range of values for the chosen metric that is likely to contain the true difference between the <code>baseStat</code> of a variation and the baseline. Evidently returns the 95% confidence interval. </p> </li> <li> <p> <code>TreatmentEffect</code> is the difference in the statistic specified by the <code>baseStat</code> parameter between each variation and the default variation. </p> </li> <li> <p> <code>BaseStat</code> returns the statistical values collected for the metric for each variation. The statistic uses the same statistic specified in the <code>baseStat</code> parameter. Therefore, if <code>baseStat</code> is <code>mean</code>, this returns the mean of the values collected for each variation.</p> </li> </ul>"
+        },
+        "startTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment started.</p>"
+        },
+        "treatmentNames":{
+          "shape":"TreatmentNameList",
+          "documentation":"<p>The names of the experiment treatments that you want to see the results for.</p>"
+        }
+      }
+    },
+    "GetExperimentResultsResponse":{
+      "type":"structure",
+      "members":{
+        "reports":{
+          "shape":"ExperimentReportList",
+          "documentation":"<p>An array of structures that include the reports that you requested.</p>"
+        },
+        "resultsData":{
+          "shape":"ExperimentResultsDataList",
+          "documentation":"<p>An array of structures that include experiment results including metric names and values. </p>"
+        },
+        "timestamps":{
+          "shape":"TimestampList",
+          "documentation":"<p>The timestamps of each result returned.</p>"
+        }
+      }
+    },
+    "GetFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "feature",
+        "project"
+      ],
+      "members":{
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature that you want to retrieve information for.</p>",
+          "location":"uri",
+          "locationName":"feature"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the feature.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "GetFeatureResponse":{
+      "type":"structure",
+      "required":["feature"],
+      "members":{
+        "feature":{
+          "shape":"Feature",
+          "documentation":"<p>A structure containing the configuration details of the feature.</p>"
+        }
+      }
+    },
+    "GetLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "launch",
+        "project"
+      ],
+      "members":{
+        "launch":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch that you want to see the details of.</p>",
+          "location":"uri",
+          "locationName":"launch"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "GetLaunchResponse":{
+      "type":"structure",
+      "members":{
+        "launch":{
+          "shape":"Launch",
+          "documentation":"<p>A structure containing the configuration details of the launch.</p>"
+        }
+      }
+    },
+    "GetProjectRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that you want to see the details of.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "GetProjectResponse":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"Project",
+          "documentation":"<p>A structure containing the configuration details of the project.</p>"
+        }
+      }
+    },
+    "GroupName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "GroupToWeightMap":{
+      "type":"map",
+      "key":{"shape":"GroupName"},
+      "value":{"shape":"SplitWeight"},
+      "max":5,
+      "min":0
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>Unexpected error while processing the request. Retry the request.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "JsonPath":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":".*"
+    },
+    "JsonValue":{"type":"string"},
+    "Launch":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "lastUpdatedTime",
+        "name",
+        "status",
+        "type"
+      ],
+      "members":{
+        "arn":{
+          "shape":"LaunchArn",
+          "documentation":"<p>The ARN of the launch.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the launch is created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the launch.</p>"
+        },
+        "execution":{
+          "shape":"LaunchExecution",
+          "documentation":"<p>A structure that contains information about the start and end times of the launch.</p>"
+        },
+        "groups":{
+          "shape":"LaunchGroupList",
+          "documentation":"<p>An array of structures that define the feature variations that are being used in the launch.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the launch was most recently updated.</p>"
+        },
+        "metricMonitors":{
+          "shape":"MetricMonitorList",
+          "documentation":"<p>An array of structures that define the metrics that are being used to monitor the launch performance.</p>"
+        },
+        "name":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch.</p>"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>This value is used when Evidently assigns a particular user session to the launch, to help create a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>.</p>"
+        },
+        "scheduledSplitsDefinition":{
+          "shape":"ScheduledSplitsLaunchDefinition",
+          "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of the launch.</p>"
+        },
+        "status":{
+          "shape":"LaunchStatus",
+          "documentation":"<p>The current state of the launch.</p>"
+        },
+        "statusReason":{
+          "shape":"Description",
+          "documentation":"<p>If the launch was stopped, this is the string that was entered by the person who stopped the launch, to explain why it was stopped.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this launch.</p>"
+        },
+        "type":{
+          "shape":"LaunchType",
+          "documentation":"<p>The type of launch.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains the configuration details of one Evidently launch.</p>"
+    },
+    "LaunchArn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*/launch/[-a-zA-Z0-9._]*"
+    },
+    "LaunchExecution":{
+      "type":"structure",
+      "members":{
+        "endedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the launch ended.</p>"
+        },
+        "startedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the launch started.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains information about the start and end times of the launch.</p>"
+    },
+    "LaunchGroup":{
+      "type":"structure",
+      "required":[
+        "featureVariations",
+        "name"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the launch group.</p>"
+        },
+        "featureVariations":{
+          "shape":"FeatureToVariationMap",
+          "documentation":"<p>The feature variation for this launch group. This is a key-value pair.</p>"
+        },
+        "name":{
+          "shape":"GroupName",
+          "documentation":"<p>The name of the launch group.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines one launch group in a launch. A launch group is a variation of the feature that you are including in the launch.</p>"
+    },
+    "LaunchGroupConfig":{
+      "type":"structure",
+      "required":[
+        "feature",
+        "name",
+        "variation"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the launch group.</p>"
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The feature that this launch is using.</p>"
+        },
+        "name":{
+          "shape":"GroupName",
+          "documentation":"<p>A name for this launch group.</p>"
+        },
+        "variation":{
+          "shape":"VariationName",
+          "documentation":"<p>The feature variation to use for this launch group.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines one launch group in a launch. A launch group is a variation of the feature that you are including in the launch.</p>"
+    },
+    "LaunchGroupConfigList":{
+      "type":"list",
+      "member":{"shape":"LaunchGroupConfig"},
+      "max":5,
+      "min":1
+    },
+    "LaunchGroupList":{
+      "type":"list",
+      "member":{"shape":"LaunchGroup"}
+    },
+    "LaunchName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "LaunchStatus":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "UPDATING",
+        "RUNNING",
+        "COMPLETED",
+        "CANCELLED"
+      ]
+    },
+    "LaunchStopDesiredState":{
+      "type":"string",
+      "enum":[
+        "COMPLETED",
+        "CANCELLED"
+      ]
+    },
+    "LaunchType":{
+      "type":"string",
+      "enum":["aws.evidently.splits"]
+    },
+    "LaunchesList":{
+      "type":"list",
+      "member":{"shape":"Launch"}
+    },
+    "ListExperimentsRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxExperiments",
+          "documentation":"<p>The maximum number of results to include in the response.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use when requesting the next set of results. You received this token from a previous <code>ListExperiments</code> operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to return the experiment list from.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "ListExperimentsResponse":{
+      "type":"structure",
+      "members":{
+        "experiments":{
+          "shape":"ExperimentList",
+          "documentation":"<p>An array of structures that contain the configuration details of the experiments in the specified project.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use in a subsequent <code>ListExperiments</code> operation to return the next set of results.</p>"
+        }
+      }
+    },
+    "ListFeaturesRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxFeatures",
+          "documentation":"<p>The maximum number of results to include in the response.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use when requesting the next set of results. You received this token from a previous <code>ListFeatures</code> operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to return the feature list from.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "ListFeaturesResponse":{
+      "type":"structure",
+      "members":{
+        "features":{
+          "shape":"FeatureSummariesList",
+          "documentation":"<p>An array of structures that contain the configuration details of the features in the specified project.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use in a subsequent <code>ListFeatures</code> operation to return the next set of results.</p>"
+        }
+      }
+    },
+    "ListLaunchesRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxLaunches",
+          "documentation":"<p>The maximum number of results to include in the response.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use when requesting the next set of results. You received this token from a previous <code>ListLaunches</code> operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to return the launch list from.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "ListLaunchesResponse":{
+      "type":"structure",
+      "members":{
+        "launches":{
+          "shape":"LaunchesList",
+          "documentation":"<p>An array of structures that contain the configuration details of the launches in the specified project.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use in a subsequent <code>ListLaunches</code> operation to return the next set of results.</p>"
+        }
+      }
+    },
+    "ListProjectsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxProjects",
+          "documentation":"<p>The maximum number of results to include in the response.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use when requesting the next set of results. You received this token from a previous <code>ListProjects</code> operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListProjectsResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use in a subsequent <code>ListProjects</code> operation to return the next set of results.</p>"
+        },
+        "projects":{
+          "shape":"ProjectSummariesList",
+          "documentation":"<p>An array of structures that contain the configuration details of the projects in the Region.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the resource that you want to see the tags of.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with the resource you specified.</p>"
+        }
+      }
+    },
+    "Long":{
+      "type":"long",
+      "box":true
+    },
+    "MaxExperiments":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "MaxFeatures":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "MaxLaunches":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "MaxProjects":{
+      "type":"integer",
+      "box":true,
+      "max":50,
+      "min":1
+    },
+    "MetricDefinition":{
+      "type":"structure",
+      "members":{
+        "entityIdKey":{
+          "shape":"JsonPath",
+          "documentation":"<p>The entity, such as a user or session, that does an action that causes a metric value to be recorded.</p>"
+        },
+        "eventPattern":{
+          "shape":"JsonValue",
+          "documentation":"<p>The EventBridge event pattern that defines how the metric is recorded.</p> <p>For more information about EventBridge event patterns, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html\">Amazon EventBridge event patterns</a>.</p>",
+          "jsonvalue":true
+        },
+        "name":{
+          "shape":"CwDimensionSafeName",
+          "documentation":"<p>The name of the metric.</p>"
+        },
+        "unitLabel":{
+          "shape":"MetricUnitLabel",
+          "documentation":"<p>The label for the units that the metric is measuring.</p>"
+        },
+        "valueKey":{
+          "shape":"JsonPath",
+          "documentation":"<p>The value that is tracked to produce the metric.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines a metric that is being used to evaluate the variations during a launch or experiment.</p>"
+    },
+    "MetricDefinitionConfig":{
+      "type":"structure",
+      "members":{
+        "entityIdKey":{
+          "shape":"JsonPath",
+          "documentation":"<p>The entity, such as a user or session, that does an action that causes a metric value to be recorded. An example is <code>userDetails.userID</code>.</p>"
+        },
+        "eventPattern":{
+          "shape":"MetricDefinitionConfigEventPatternString",
+          "documentation":"<p>The EventBridge event pattern that defines how the metric is recorded.</p> <p>For more information about EventBridge event patterns, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns.html\">Amazon EventBridge event patterns</a>.</p>",
+          "jsonvalue":true
+        },
+        "name":{
+          "shape":"CwDimensionSafeName",
+          "documentation":"<p>A name for the metric.</p>"
+        },
+        "unitLabel":{
+          "shape":"MetricUnitLabel",
+          "documentation":"<p>A label for the units that the metric is measuring.</p>"
+        },
+        "valueKey":{
+          "shape":"JsonPath",
+          "documentation":"<p>The value that is tracked to produce the metric.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines a metric that you want to use to evaluate the variations during a launch or experiment.</p>"
+    },
+    "MetricDefinitionConfigEventPatternString":{
+      "type":"string",
+      "max":1024,
+      "min":0
+    },
+    "MetricGoal":{
+      "type":"structure",
+      "required":["metricDefinition"],
+      "members":{
+        "desiredChange":{
+          "shape":"ChangeDirectionEnum",
+          "documentation":"<p> <code>INCREASE</code> means that a variation with a higher number for this metric is performing better.</p> <p> <code>DECREASE</code> means that a variation with a lower number for this metric is performing better.</p>"
+        },
+        "metricDefinition":{
+          "shape":"MetricDefinition",
+          "documentation":"<p>A structure that contains details about the metric.</p>"
+        }
+      },
+      "documentation":"<p>A structure that tells Evidently whether higher or lower values are desired for a metric that is used in an experiment.</p>"
+    },
+    "MetricGoalConfig":{
+      "type":"structure",
+      "required":["metricDefinition"],
+      "members":{
+        "desiredChange":{
+          "shape":"ChangeDirectionEnum",
+          "documentation":"<p> <code>INCREASE</code> means that a variation with a higher number for this metric is performing better.</p> <p> <code>DECREASE</code> means that a variation with a lower number for this metric is performing better.</p>"
+        },
+        "metricDefinition":{
+          "shape":"MetricDefinitionConfig",
+          "documentation":"<p>A structure that contains details about the metric.</p>"
+        }
+      },
+      "documentation":"<p>Use this structure to tell Evidently whether higher or lower values are desired for a metric that is used in an experiment.</p>"
+    },
+    "MetricGoalConfigList":{
+      "type":"list",
+      "member":{"shape":"MetricGoalConfig"},
+      "max":3,
+      "min":1
+    },
+    "MetricGoalsList":{
+      "type":"list",
+      "member":{"shape":"MetricGoal"},
+      "max":3,
+      "min":1
+    },
+    "MetricMonitor":{
+      "type":"structure",
+      "required":["metricDefinition"],
+      "members":{
+        "metricDefinition":{
+          "shape":"MetricDefinition",
+          "documentation":"<p>A structure that defines the metric.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines a metric to be used to monitor performance of the variations during a launch.</p>"
+    },
+    "MetricMonitorConfig":{
+      "type":"structure",
+      "required":["metricDefinition"],
+      "members":{
+        "metricDefinition":{
+          "shape":"MetricDefinitionConfig",
+          "documentation":"<p>A structure that defines the metric.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines a metric to be used to monitor performance of the variations during a launch.</p>"
+    },
+    "MetricMonitorConfigList":{
+      "type":"list",
+      "member":{"shape":"MetricMonitorConfig"},
+      "max":3,
+      "min":0
+    },
+    "MetricMonitorList":{
+      "type":"list",
+      "member":{"shape":"MetricMonitor"},
+      "max":3,
+      "min":0
+    },
+    "MetricNameList":{
+      "type":"list",
+      "member":{"shape":"CwDimensionSafeName"},
+      "max":1,
+      "min":1
+    },
+    "MetricUnitLabel":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":".*"
+    },
+    "NextToken":{
+      "type":"string",
+      "max":8192,
+      "min":1,
+      "pattern":".*"
+    },
+    "OnlineAbConfig":{
+      "type":"structure",
+      "members":{
+        "controlTreatmentName":{
+          "shape":"TreatmentName",
+          "documentation":"<p>The name of the variation that is to be the default variation that the other variations are compared to.</p>"
+        },
+        "treatmentWeights":{
+          "shape":"TreatmentToWeightMap",
+          "documentation":"<p>A set of key-value pairs. The keys are variation names, and the values are the portion of experiment traffic to be assigned to that variation. Specify the traffic portion in thousandths of a percent, so 20,000 for a variation would allocate 20% of the experiment traffic to that variation.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the configuration of which variation to use as the \"control\" version. The \"control\" version is used for comparison with other variations. This structure also specifies how much experiment traffic is allocated to each variation.</p>"
+    },
+    "OnlineAbDefinition":{
+      "type":"structure",
+      "members":{
+        "controlTreatmentName":{
+          "shape":"TreatmentName",
+          "documentation":"<p>The name of the variation that is the default variation that the other variations are compared to.</p>"
+        },
+        "treatmentWeights":{
+          "shape":"TreatmentToWeightMap",
+          "documentation":"<p>A set of key-value pairs. The keys are variation names, and the values are the portion of experiment traffic to be assigned to that variation. The traffic portion is specified in thousandths of a percent, so 20,000 for a variation would allocate 20% of the experiment traffic to that variation.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the configuration of which variation to use as the \"control\" version. The \"control\" version is used for comparison with other variations. This structure also specifies how much experiment traffic is allocated to each variation.</p>"
+    },
+    "Project":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "lastUpdatedTime",
+        "name",
+        "status"
+      ],
+      "members":{
+        "activeExperimentCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of ongoing experiments currently in the project.</p>"
+        },
+        "activeLaunchCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of ongoing launches currently in the project.</p>"
+        },
+        "arn":{
+          "shape":"ProjectArn",
+          "documentation":"<p>The name or ARN of the project.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the project is created.</p>"
+        },
+        "dataDelivery":{
+          "shape":"ProjectDataDelivery",
+          "documentation":"<p>A structure that contains information about where Evidently is to store evaluation events for longer term storage.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The user-entered description of the project.</p>"
+        },
+        "experimentCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of experiments currently in the project. This includes all experiments that have been created and not deleted, whether they are ongoing or not.</p>"
+        },
+        "featureCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of features currently in the project.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the project was most recently updated.</p>"
+        },
+        "launchCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of launches currently in the project. This includes all launches that have been created and not deleted, whether they are ongoing or not.</p>"
+        },
+        "name":{
+          "shape":"ProjectName",
+          "documentation":"<p>The name of the project.</p>"
+        },
+        "status":{
+          "shape":"ProjectStatus",
+          "documentation":"<p>The current state of the project.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this project.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines a project, which is the logical object in Evidently that can contain features, launches, and experiments. Use projects to group similar features together.</p>"
+    },
+    "ProjectArn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*"
+    },
+    "ProjectDataDelivery":{
+      "type":"structure",
+      "members":{
+        "cloudWatchLogs":{
+          "shape":"CloudWatchLogsDestination",
+          "documentation":"<p>If the project stores evaluation events in CloudWatch Logs, this structure stores the log group name.</p>"
+        },
+        "s3Destination":{
+          "shape":"S3Destination",
+          "documentation":"<p>If the project stores evaluation events in an Amazon S3 bucket, this structure stores the bucket name and bucket prefix.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about where Evidently is to store evaluation events for longer term storage.</p>"
+    },
+    "ProjectDataDeliveryConfig":{
+      "type":"structure",
+      "members":{
+        "cloudWatchLogs":{
+          "shape":"CloudWatchLogsDestinationConfig",
+          "documentation":"<p>If the project stores evaluation events in CloudWatch Logs, this structure stores the log group name.</p>"
+        },
+        "s3Destination":{
+          "shape":"S3DestinationConfig",
+          "documentation":"<p>If the project stores evaluation events in an Amazon S3 bucket, this structure stores the bucket name and bucket prefix.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about where Evidently is to store evaluation events for longer term storage.</p>"
+    },
+    "ProjectName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "ProjectRef":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"([-a-zA-Z0-9._]*)|(arn:[^:]*:[^:]*:[^:]*:[^:]*:project/[-a-zA-Z0-9._]*)"
+    },
+    "ProjectStatus":{
+      "type":"string",
+      "enum":[
+        "AVAILABLE",
+        "UPDATING"
+      ]
+    },
+    "ProjectSummariesList":{
+      "type":"list",
+      "member":{"shape":"ProjectSummary"}
+    },
+    "ProjectSummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "createdTime",
+        "lastUpdatedTime",
+        "name",
+        "status"
+      ],
+      "members":{
+        "activeExperimentCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of experiments currently in the project.</p>"
+        },
+        "activeLaunchCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of ongoing launches currently in the project.</p>"
+        },
+        "arn":{
+          "shape":"ProjectArn",
+          "documentation":"<p>The name or ARN of the project.</p>"
+        },
+        "createdTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the project is created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the project.</p>"
+        },
+        "experimentCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of experiments currently in the project.</p>"
+        },
+        "featureCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of features currently in the project.</p>"
+        },
+        "lastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the project was most recently updated.</p>"
+        },
+        "launchCount":{
+          "shape":"Long",
+          "documentation":"<p>The number of launches currently in the project, including launches that are ongoing, completed, and not started yet.</p>"
+        },
+        "name":{
+          "shape":"ProjectName",
+          "documentation":"<p>The name of the project.</p>"
+        },
+        "status":{
+          "shape":"ProjectStatus",
+          "documentation":"<p>The current state of the project.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this project.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains configuration information about an Evidently project.</p>"
+    },
+    "PutProjectEventsRequest":{
+      "type":"structure",
+      "required":[
+        "events",
+        "project"
+      ],
+      "members":{
+        "events":{
+          "shape":"EventList",
+          "documentation":"<p>An array of event structures that contain the performance data that is being sent to Evidently.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to write the events to.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "PutProjectEventsResponse":{
+      "type":"structure",
+      "members":{
+        "eventResults":{
+          "shape":"PutProjectEventsResultEntryList",
+          "documentation":"<p>A structure that contains Evidently's response to the sent events, including an event ID and error codes, if any.</p>"
+        },
+        "failedEventCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of events in the operation that could not be used by Evidently.</p>"
+        }
+      }
+    },
+    "PutProjectEventsResultEntry":{
+      "type":"structure",
+      "members":{
+        "errorCode":{
+          "shape":"ErrorCodeEnum",
+          "documentation":"<p>If the <code>PutProjectEvents</code> operation has an error, the error code is returned here.</p>"
+        },
+        "errorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>If the <code>PutProjectEvents</code> operation has an error, the error message is returned here.</p>"
+        },
+        "eventId":{
+          "shape":"Uuid",
+          "documentation":"<p>A unique ID assigned to this <code>PutProjectEvents</code> operation. </p>"
+        }
+      },
+      "documentation":"<p>A structure that contains Evidently's response to the sent events, including an event ID and error codes, if any. </p>"
+    },
+    "PutProjectEventsResultEntryList":{
+      "type":"list",
+      "member":{"shape":"PutProjectEventsResultEntry"}
+    },
+    "RandomizationSalt":{
+      "type":"string",
+      "max":127,
+      "min":0,
+      "pattern":".*"
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"},
+        "resourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource that caused the exception.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the resource that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>The request references a resource that does not exist.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResultsPeriod":{
+      "type":"long",
+      "max":90000,
+      "min":300
+    },
+    "RuleName":{
+      "type":"string",
+      "max":1024,
+      "min":0
+    },
+    "RuleType":{
+      "type":"string",
+      "max":1024,
+      "min":0
+    },
+    "S3BucketSafeName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^[a-z0-9][-a-z0-9]*[a-z0-9]$"
+    },
+    "S3Destination":{
+      "type":"structure",
+      "members":{
+        "bucket":{
+          "shape":"S3BucketSafeName",
+          "documentation":"<p>The name of the bucket in which Evidently stores evaluation events.</p>"
+        },
+        "prefix":{
+          "shape":"S3PrefixSafeName",
+          "documentation":"<p>The bucket prefix in which Evidently stores evaluation events.</p>"
+        }
+      },
+      "documentation":"<p>If the project stores evaluation events in an Amazon S3 bucket, this structure stores the bucket name and bucket prefix.</p>"
+    },
+    "S3DestinationConfig":{
+      "type":"structure",
+      "members":{
+        "bucket":{
+          "shape":"S3BucketSafeName",
+          "documentation":"<p>The name of the bucket in which Evidently stores evaluation events.</p>"
+        },
+        "prefix":{
+          "shape":"S3PrefixSafeName",
+          "documentation":"<p>The bucket prefix in which Evidently stores evaluation events.</p>"
+        }
+      },
+      "documentation":"<p>If the project stores evaluation events in an Amazon S3 bucket, this structure stores the bucket name and bucket prefix.</p>"
+    },
+    "S3PrefixSafeName":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"^[-a-zA-Z0-9!_.*'()/]*$"
+    },
+    "ScheduledSplit":{
+      "type":"structure",
+      "required":["startTime"],
+      "members":{
+        "groupWeights":{
+          "shape":"GroupToWeightMap",
+          "documentation":"<p>The traffic allocation percentages among the feature variations during one step of a launch. This is a set of key-value pairs. The keys are variation names. The values represent the percentage of traffic to allocate to that variation during this step.</p>"
+        },
+        "startTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that this step of the launch starts.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines the traffic allocation percentages among the feature variations during one step of a launch, and the start time of that step.</p>"
+    },
+    "ScheduledSplitConfig":{
+      "type":"structure",
+      "required":[
+        "groupWeights",
+        "startTime"
+      ],
+      "members":{
+        "groupWeights":{
+          "shape":"GroupToWeightMap",
+          "documentation":"<p>The traffic allocation percentages among the feature variations during one step of a launch. This is a set of key-value pairs. The keys are variation names. The values represent the percentage of traffic to allocate to that variation during this step.</p>"
+        },
+        "startTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that this step of the launch starts.</p>"
+        }
+      },
+      "documentation":"<p>This structure defines the traffic allocation percentages among the feature variations during one step of a launch, and the start time of that step.</p>"
+    },
+    "ScheduledSplitConfigList":{
+      "type":"list",
+      "member":{"shape":"ScheduledSplitConfig"},
+      "max":6,
+      "min":1
+    },
+    "ScheduledSplitsLaunchConfig":{
+      "type":"structure",
+      "required":["steps"],
+      "members":{
+        "steps":{
+          "shape":"ScheduledSplitConfigList",
+          "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of the launch. This also defines the start time of each step.</p>"
+        }
+      },
+      "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of a launch. This also defines the start time of each step.</p>"
+    },
+    "ScheduledSplitsLaunchDefinition":{
+      "type":"structure",
+      "members":{
+        "steps":{
+          "shape":"ScheduledStepList",
+          "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of the launch. This also defines the start time of each step.</p>"
+        }
+      },
+      "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of a launch. This also defines the start time of each step.</p>"
+    },
+    "ScheduledStepList":{
+      "type":"list",
+      "member":{"shape":"ScheduledSplit"},
+      "max":6,
+      "min":1
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"},
+        "quotaCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service quota that was exceeded.</p>"
+        },
+        "resourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource that caused the exception.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the resource that is associated with the error.</p>"
+        },
+        "serviceCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>The request would cause a service quota to be exceeded.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ServiceUnavailableException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The service was unavailable. Retry the request.</p>",
+      "error":{"httpStatusCode":503},
+      "exception":true,
+      "fault":true
+    },
+    "SplitWeight":{
+      "type":"long",
+      "max":100000,
+      "min":0
+    },
+    "StartExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "analysisCompleteTime",
+        "experiment",
+        "project"
+      ],
+      "members":{
+        "analysisCompleteTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time to end the experiment.</p>"
+        },
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment to start.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment to start.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "StartExperimentResponse":{
+      "type":"structure",
+      "members":{
+        "startedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the experiment started.</p>"
+        }
+      }
+    },
+    "StartLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "launch",
+        "project"
+      ],
+      "members":{
+        "launch":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch to start.</p>",
+          "location":"uri",
+          "locationName":"launch"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch to start.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "StartLaunchResponse":{
+      "type":"structure",
+      "required":["launch"],
+      "members":{
+        "launch":{
+          "shape":"Launch",
+          "documentation":"<p>A structure that contains information about the launch that was started.</p>"
+        }
+      }
+    },
+    "StopExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "experiment",
+        "project"
+      ],
+      "members":{
+        "desiredState":{
+          "shape":"ExperimentStopDesiredState",
+          "documentation":"<p>Specify whether the experiment is to be considered <code>COMPLETED</code> or <code>CANCELLED</code> after it stops.</p>"
+        },
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment to stop.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment to stop.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "reason":{
+          "shape":"Description",
+          "documentation":"<p>A string that describes why you are stopping the experiment.</p>"
+        }
+      }
+    },
+    "StopExperimentResponse":{
+      "type":"structure",
+      "members":{
+        "endedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the experiment stopped.</p>"
+        }
+      }
+    },
+    "StopLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "launch",
+        "project"
+      ],
+      "members":{
+        "desiredState":{
+          "shape":"LaunchStopDesiredState",
+          "documentation":"<p>Specify whether to consider the launch as <code>COMPLETED</code> or <code>CANCELLED</code> after it stops.</p>"
+        },
+        "launch":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch to stop.</p>",
+          "location":"uri",
+          "locationName":"launch"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch that you want to stop.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "reason":{
+          "shape":"Description",
+          "documentation":"<p>A string that describes why you are stopping the launch.</p>"
+        }
+      }
+    },
+    "StopLaunchResponse":{
+      "type":"structure",
+      "members":{
+        "endedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the launch stopped.</p>"
+        }
+      }
+    },
+    "String":{"type":"string"},
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":50,
+      "min":0
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"}
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the CloudWatch Evidently resource that you're adding tags to.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of key-value pairs to associate with the resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String"},
+        "quotaCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service quota that was exceeded.</p>"
+        },
+        "serviceCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>The request was denied because of request throttling. Retry the request.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Timestamp":{"type":"timestamp"},
+    "TimestampList":{
+      "type":"list",
+      "member":{"shape":"Timestamp"},
+      "max":100800,
+      "min":0
+    },
+    "Treatment":{
+      "type":"structure",
+      "required":["name"],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the treatment.</p>"
+        },
+        "featureVariations":{
+          "shape":"FeatureToVariationMap",
+          "documentation":"<p>The feature variation used for this treatment. This is a key-value pair. The key is the feature name, and the value is the variation name.</p>"
+        },
+        "name":{
+          "shape":"TreatmentName",
+          "documentation":"<p>The name of this treatment.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines one treatment in an experiment. A treatment is a variation of the feature that you are including in the experiment.</p>"
+    },
+    "TreatmentConfig":{
+      "type":"structure",
+      "required":[
+        "feature",
+        "name",
+        "variation"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>A description for this treatment.</p>"
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The feature that this experiment is testing.</p>"
+        },
+        "name":{
+          "shape":"TreatmentName",
+          "documentation":"<p>A name for this treatment.</p>"
+        },
+        "variation":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation to use as this treatment in the experiment.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines one treatment in an experiment. A treatment is a variation of the feature that you are including in the experiment.</p>"
+    },
+    "TreatmentConfigList":{
+      "type":"list",
+      "member":{"shape":"TreatmentConfig"},
+      "max":5,
+      "min":0
+    },
+    "TreatmentList":{
+      "type":"list",
+      "member":{"shape":"Treatment"},
+      "max":5,
+      "min":2
+    },
+    "TreatmentName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "TreatmentNameList":{
+      "type":"list",
+      "member":{"shape":"TreatmentName"},
+      "max":5,
+      "min":1
+    },
+    "TreatmentToWeightMap":{
+      "type":"map",
+      "key":{"shape":"TreatmentName"},
+      "value":{"shape":"SplitWeight"}
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the CloudWatch Evidently resource that you're removing tags from.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The list of tag keys to remove from the resource.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateExperimentRequest":{
+      "type":"structure",
+      "required":[
+        "experiment",
+        "project"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the experiment.</p>"
+        },
+        "experiment":{
+          "shape":"ExperimentName",
+          "documentation":"<p>The name of the experiment to update.</p>",
+          "location":"uri",
+          "locationName":"experiment"
+        },
+        "metricGoals":{
+          "shape":"MetricGoalConfigList",
+          "documentation":"<p>An array of structures that defines the metrics used for the experiment, and whether a higher or lower value for each metric is the goal.</p>"
+        },
+        "onlineAbConfig":{
+          "shape":"OnlineAbConfig",
+          "documentation":"<p>A structure that contains the configuration of which variation o use as the \"control\" version. The \"control\" version is used for comparison with other variations. This structure also specifies how much experiment traffic is allocated to each variation.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the experiment that you want to update.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>When Evidently assigns a particular user session to an experiment, it must use a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>. If you omit <code>randomizationSalt</code>, Evidently uses the experiment name as the <code>randomizationSalt</code>.</p>"
+        },
+        "samplingRate":{
+          "shape":"SplitWeight",
+          "documentation":"<p>The portion of the available audience that you want to allocate to this experiment, in thousandths of a percent. The available audience is the total audience minus the audience that you have allocated to overrides or current launches of this feature.</p> <p>This is represented in thousandths of a percent. For example, specify 20,000 to allocate 20% of the available audience.</p>",
+          "box":true
+        },
+        "treatments":{
+          "shape":"TreatmentConfigList",
+          "documentation":"<p>An array of structures that define the variations being tested in the experiment.</p>"
+        }
+      }
+    },
+    "UpdateExperimentResponse":{
+      "type":"structure",
+      "required":["experiment"],
+      "members":{
+        "experiment":{
+          "shape":"Experiment",
+          "documentation":"<p>A structure containing the configuration details of the experiment that was updated.</p>"
+        }
+      }
+    },
+    "UpdateFeatureRequest":{
+      "type":"structure",
+      "required":[
+        "feature",
+        "project"
+      ],
+      "members":{
+        "addOrUpdateVariations":{
+          "shape":"VariationConfigsList",
+          "documentation":"<p>To update variation configurations for this feature, or add new ones, specify this structure. In this array, include any variations that you want to add or update. If the array includes a variation name that already exists for this feature, it is updated. If it includes a new variation name, it is added as a new variation.</p>"
+        },
+        "defaultVariation":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation to use as the default variation. The default variation is served to users who are not allocated to any ongoing launches or experiments of this feature.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the feature.</p>"
+        },
+        "entityOverrides":{
+          "shape":"EntityOverrideMap",
+          "documentation":"<p>Specified users that should always be served a specific variation of a feature. Each user is specified by a key-value pair . For each key, specify a user by entering their user ID, account ID, or some other identifier. For the value, specify the name of the variation that they are to be served.</p>"
+        },
+        "evaluationStrategy":{
+          "shape":"FeatureEvaluationStrategy",
+          "documentation":"<p>Specify <code>ALL_RULES</code> to activate the traffic allocation specified by any ongoing launches or experiments. Specify <code>DEFAULT_VARIATION</code> to serve the default variation to all users instead.</p>"
+        },
+        "feature":{
+          "shape":"FeatureName",
+          "documentation":"<p>The name of the feature to be updated.</p>",
+          "location":"uri",
+          "locationName":"feature"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the feature to be updated.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "removeVariations":{
+          "shape":"VariationNameList",
+          "documentation":"<p>Removes a variation from the feature. If the variation you specify doesn't exist, then this makes no change and does not report an error.</p> <p>This operation fails if you try to remove a variation that is part of an ongoing launch or experiment.</p>"
+        }
+      }
+    },
+    "UpdateFeatureResponse":{
+      "type":"structure",
+      "required":["feature"],
+      "members":{
+        "feature":{
+          "shape":"Feature",
+          "documentation":"<p>A structure that contains information about the updated feature.</p>"
+        }
+      }
+    },
+    "UpdateLaunchRequest":{
+      "type":"structure",
+      "required":[
+        "launch",
+        "project"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description for the launch.</p>"
+        },
+        "groups":{
+          "shape":"LaunchGroupConfigList",
+          "documentation":"<p>An array of structures that contains the feature and variations that are to be used for the launch.</p>"
+        },
+        "launch":{
+          "shape":"LaunchName",
+          "documentation":"<p>The name of the launch that is to be updated.</p>",
+          "location":"uri",
+          "locationName":"launch"
+        },
+        "metricMonitors":{
+          "shape":"MetricMonitorConfigList",
+          "documentation":"<p>An array of structures that define the metrics that will be used to monitor the launch performance.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that contains the launch that you want to update.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "randomizationSalt":{
+          "shape":"RandomizationSalt",
+          "documentation":"<p>When Evidently assigns a particular user session to a launch, it must use a randomization ID to determine which variation the user session is served. This randomization ID is a combination of the entity ID and <code>randomizationSalt</code>. If you omit <code>randomizationSalt</code>, Evidently uses the launch name as the <code>randomizationSalt</code>.</p>"
+        },
+        "scheduledSplitsConfig":{
+          "shape":"ScheduledSplitsLaunchConfig",
+          "documentation":"<p>An array of structures that define the traffic allocation percentages among the feature variations during each step of the launch.</p>"
+        }
+      }
+    },
+    "UpdateLaunchResponse":{
+      "type":"structure",
+      "required":["launch"],
+      "members":{
+        "launch":{
+          "shape":"Launch",
+          "documentation":"<p>A structure that contains the new configuration of the launch that was updated.</p>"
+        }
+      }
+    },
+    "UpdateProjectDataDeliveryRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "cloudWatchLogs":{
+          "shape":"CloudWatchLogsDestinationConfig",
+          "documentation":"<p>A structure containing the CloudWatch Logs log group where you want to store evaluation events.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project that you want to modify the data storage options for.</p>",
+          "location":"uri",
+          "locationName":"project"
+        },
+        "s3Destination":{
+          "shape":"S3DestinationConfig",
+          "documentation":"<p>A structure containing the S3 bucket name and bucket prefix where you want to store evaluation events.</p>"
+        }
+      }
+    },
+    "UpdateProjectDataDeliveryResponse":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"Project",
+          "documentation":"<p>A structure containing details about the project that you updated.</p>"
+        }
+      }
+    },
+    "UpdateProjectRequest":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>An optional description of the project.</p>"
+        },
+        "project":{
+          "shape":"ProjectRef",
+          "documentation":"<p>The name or ARN of the project to update.</p>",
+          "location":"uri",
+          "locationName":"project"
+        }
+      }
+    },
+    "UpdateProjectResponse":{
+      "type":"structure",
+      "required":["project"],
+      "members":{
+        "project":{
+          "shape":"Project",
+          "documentation":"<p>A structure containing information about the updated project.</p>"
+        }
+      }
+    },
+    "Uuid":{
+      "type":"string",
+      "max":36,
+      "min":36,
+      "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "fieldList":{
+          "shape":"ValidationExceptionFieldList",
+          "documentation":"<p>The parameter that caused the exception.</p>"
+        },
+        "message":{"shape":"String"},
+        "reason":{
+          "shape":"ValidationExceptionReason",
+          "documentation":"<p>A reason for the error.</p>"
+        }
+      },
+      "documentation":"<p>The value of a parameter in the request caused an error.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ValidationExceptionField":{
+      "type":"structure",
+      "required":[
+        "message",
+        "name"
+      ],
+      "members":{
+        "message":{
+          "shape":"String",
+          "documentation":"<p>The error message.</p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The error name.</p>"
+        }
+      },
+      "documentation":"<p>A structure containing an error name and message.</p>"
+    },
+    "ValidationExceptionFieldList":{
+      "type":"list",
+      "member":{"shape":"ValidationExceptionField"}
+    },
+    "ValidationExceptionReason":{
+      "type":"string",
+      "enum":[
+        "unknownOperation",
+        "cannotParse",
+        "fieldValidationFailed",
+        "other"
+      ]
+    },
+    "VariableValue":{
+      "type":"structure",
+      "members":{
+        "boolValue":{
+          "shape":"Boolean",
+          "documentation":"<p>If this feature uses the Boolean variation type, this field contains the Boolean value of this variation.</p>"
+        },
+        "doubleValue":{
+          "shape":"Double",
+          "documentation":"<p>If this feature uses the double integer variation type, this field contains the double integer value of this variation.</p>"
+        },
+        "longValue":{
+          "shape":"VariableValueLongValueLong",
+          "documentation":"<p>If this feature uses the long variation type, this field contains the long value of this variation.</p>"
+        },
+        "stringValue":{
+          "shape":"VariableValueStringValueString",
+          "documentation":"<p>If this feature uses the string variation type, this field contains the string value of this variation.</p>"
+        }
+      },
+      "documentation":"<p>The value assigned to a feature variation. This structure must contain exactly one field. It can be <code>boolValue</code>, <code>doubleValue</code>, <code>longValue</code>, or <code>stringValue</code>.</p>",
+      "union":true
+    },
+    "VariableValueLongValueLong":{
+      "type":"long",
+      "box":true,
+      "max":9007199254740991,
+      "min":-9007199254740991
+    },
+    "VariableValueStringValueString":{
+      "type":"string",
+      "max":512,
+      "min":0
+    },
+    "Variation":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation.</p>"
+        },
+        "value":{
+          "shape":"VariableValue",
+          "documentation":"<p>The value assigned to this variation.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains the name and variation value of one variation of a feature.</p>"
+    },
+    "VariationConfig":{
+      "type":"structure",
+      "required":[
+        "name",
+        "value"
+      ],
+      "members":{
+        "name":{
+          "shape":"VariationName",
+          "documentation":"<p>The name of the variation.</p>"
+        },
+        "value":{
+          "shape":"VariableValue",
+          "documentation":"<p>The value assigned to this variation.</p>"
+        }
+      },
+      "documentation":"<p>This structure contains the name and variation value of one variation of a feature.</p>"
+    },
+    "VariationConfigsList":{
+      "type":"list",
+      "member":{"shape":"VariationConfig"},
+      "max":5,
+      "min":1
+    },
+    "VariationName":{
+      "type":"string",
+      "max":127,
+      "min":1,
+      "pattern":"[-a-zA-Z0-9._]*"
+    },
+    "VariationNameList":{
+      "type":"list",
+      "member":{"shape":"VariationName"},
+      "max":5,
+      "min":0
+    },
+    "VariationValueType":{
+      "type":"string",
+      "enum":[
+        "STRING",
+        "LONG",
+        "DOUBLE",
+        "BOOLEAN"
+      ]
+    },
+    "VariationsList":{
+      "type":"list",
+      "member":{"shape":"Variation"}
+    }
+  },
+  "documentation":"<p>You can use Amazon CloudWatch Evidently to safely validate new features by serving them to a specified percentage of your users while you roll out the feature. You can monitor the performance of the new feature to help you decide when to ramp up traffic to your users. This helps you reduce risk and identify unintended consequences before you fully launch the feature.</p> <p>You can also conduct A/B experiments to make feature design decisions based on evidence and data. An experiment can test as many as five variations at once. Evidently collects experiment data and analyzes it using statistical methods. It also provides clear recommendations about which variations perform better. You can test both user-facing features and backend features.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/paginators-1.json b/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/paginators-1.json
index ea142457a6a..59f6af47dfb 100644
--- a/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/paginators-1.json
@@ -1,3 +1,22 @@
 {
-  "pagination": {}
+  "pagination": {
+    "ListChangesets": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "changesets"
+    },
+    "ListDataViews": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "dataViews"
+    },
+    "ListDatasets": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "datasets"
+    }
+  }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/service-2.json b/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/service-2.json
index 3b8ac944a6c..90814ca7fc3 100644
--- a/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/finspace-data/2020-07-13/service-2.json
@@ -17,7 +17,7 @@
       "name":"CreateChangeset",
       "http":{
         "method":"POST",
-        "requestUri":"/datasets/{datasetId}/changesets"
+        "requestUri":"/datasets/{datasetId}/changesetsv2"
       },
       "input":{"shape":"CreateChangesetRequest"},
       "output":{"shape":"CreateChangesetResponse"},
@@ -26,9 +26,120 @@
         {"shape":"InternalServerException"},
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"},
-        {"shape":"AccessDeniedException"}
+        {"shape":"AccessDeniedException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a new Changeset in a FinSpace Dataset.</p>"
+    },
+    "CreateDataView":{
+      "name":"CreateDataView",
+      "http":{
+        "method":"POST",
+        "requestUri":"/datasets/{datasetId}/dataviewsv2"
+      },
+      "input":{"shape":"CreateDataViewRequest"},
+      "output":{"shape":"CreateDataViewResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Creates a Dataview for a Dataset.</p>"
+    },
+    "CreateDataset":{
+      "name":"CreateDataset",
+      "http":{
+        "method":"POST",
+        "requestUri":"/datasetsv2"
+      },
+      "input":{"shape":"CreateDatasetRequest"},
+      "output":{"shape":"CreateDatasetResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Creates a new FinSpace Dataset.</p>"
+    },
+    "DeleteDataset":{
+      "name":"DeleteDataset",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/datasetsv2/{datasetId}"
+      },
+      "input":{"shape":"DeleteDatasetRequest"},
+      "output":{"shape":"DeleteDatasetResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes a FinSpace Dataset.</p>"
+    },
+    "GetChangeset":{
+      "name":"GetChangeset",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasets/{datasetId}/changesetsv2/{changesetId}"
+      },
+      "input":{"shape":"GetChangesetRequest"},
+      "output":{"shape":"GetChangesetResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Get information about a Changeset.</p>"
+    },
+    "GetDataView":{
+      "name":"GetDataView",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasets/{datasetId}/dataviewsv2/{dataviewId}"
+      },
+      "input":{"shape":"GetDataViewRequest"},
+      "output":{"shape":"GetDataViewResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
       ],
-      "documentation":"<p>Creates a new changeset in a FinSpace dataset.</p>"
+      "documentation":"<p>Gets information about a Dataview.</p>"
+    },
+    "GetDataset":{
+      "name":"GetDataset",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasetsv2/{datasetId}"
+      },
+      "input":{"shape":"GetDatasetRequest"},
+      "output":{"shape":"GetDatasetResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Returns information about a Dataset.</p>"
     },
     "GetProgrammaticAccessCredentials":{
       "name":"GetProgrammaticAccessCredentials",
@@ -40,10 +151,11 @@
       "output":{"shape":"GetProgrammaticAccessCredentialsResponse"},
       "errors":[
         {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
         {"shape":"ThrottlingException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Request programmatic credentials to use with Habanero SDK.</p>"
+      "documentation":"<p>Request programmatic credentials to use with FinSpace SDK.</p>"
     },
     "GetWorkingLocation":{
       "name":"GetWorkingLocation",
@@ -59,7 +171,95 @@
         {"shape":"ThrottlingException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>A temporary Amazon S3 location to copy your files from a source location to stage or use as a scratch space in Habanero notebook.</p>"
+      "documentation":"<p>A temporary Amazon S3 location, where you can copy your files from a source location to stage or use as a scratch space in FinSpace notebook.</p>"
+    },
+    "ListChangesets":{
+      "name":"ListChangesets",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasets/{datasetId}/changesetsv2"
+      },
+      "input":{"shape":"ListChangesetsRequest"},
+      "output":{"shape":"ListChangesetsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Lists the FinSpace Changesets for a Dataset.</p>"
+    },
+    "ListDataViews":{
+      "name":"ListDataViews",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasets/{datasetId}/dataviewsv2"
+      },
+      "input":{"shape":"ListDataViewsRequest"},
+      "output":{"shape":"ListDataViewsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Lists all available Dataviews for a Dataset.</p>"
+    },
+    "ListDatasets":{
+      "name":"ListDatasets",
+      "http":{
+        "method":"GET",
+        "requestUri":"/datasetsv2"
+      },
+      "input":{"shape":"ListDatasetsRequest"},
+      "output":{"shape":"ListDatasetsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Lists all of the active Datasets that a user has access to.</p>"
+    },
+    "UpdateChangeset":{
+      "name":"UpdateChangeset",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/datasets/{datasetId}/changesetsv2/{changesetId}"
+      },
+      "input":{"shape":"UpdateChangesetRequest"},
+      "output":{"shape":"UpdateChangesetResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Updates a FinSpace Changeset.</p>"
+    },
+    "UpdateDataset":{
+      "name":"UpdateDataset",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/datasetsv2/{datasetId}"
+      },
+      "input":{"shape":"UpdateDatasetRequest"},
+      "output":{"shape":"UpdateDatasetResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates a FinSpace Dataset.</p>"
     }
   },
   "shapes":{
@@ -72,135 +272,346 @@
       "error":{"httpStatusCode":403},
       "exception":true
     },
+    "AliasString":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^alias\\/\\S+"
+    },
+    "Boolean":{
+      "type":"boolean",
+      "documentation":"Common Boolean data type"
+    },
     "ChangeType":{
       "type":"string",
+      "documentation":"Indicates how the given change will be applied to the dataset.",
       "enum":[
         "REPLACE",
         "APPEND",
         "MODIFY"
       ]
     },
-    "ChangesetInfo":{
+    "ChangesetArn":{
+      "type":"string",
+      "documentation":"Arn for a given Changeset"
+    },
+    "ChangesetErrorInfo":{
       "type":"structure",
       "members":{
-        "id":{
-          "shape":"IdType",
-          "documentation":"<p>Unique identifier for a changeset.</p>"
+        "errorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The text of the error message.</p>"
+        },
+        "errorCategory":{
+          "shape":"ErrorCategory",
+          "documentation":"<p>The category of the error.</p> <ul> <li> <p> <code>VALIDATION</code> -The inputs to this request are invalid.</p> </li> <li> <p> <code>SERVICE_QUOTA_EXCEEDED</code> - Service quotas have been exceeded. Please contact AWS support to increase quotas.</p> </li> <li> <p> <code>ACCESS_DENIED</code> - Missing required permission to perform this request.</p> </li> <li> <p> <code>RESOURCE_NOT_FOUND</code> - One or more inputs to this request were not found.</p> </li> <li> <p> <code>THROTTLING</code> - The system temporarily lacks sufficient resources to process the request.</p> </li> <li> <p> <code>INTERNAL_SERVICE_EXCEPTION</code> - An internal service error has occurred.</p> </li> <li> <p> <code>CANCELLED</code> - Cancelled.</p> </li> <li> <p> <code>USER_RECOVERABLE</code> - A user recoverable error has occurred.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The structure with error messages.</p>"
+    },
+    "ChangesetId":{
+      "type":"string",
+      "documentation":"ID used to identify a Changeset",
+      "max":26,
+      "min":1
+    },
+    "ChangesetList":{
+      "type":"list",
+      "member":{"shape":"ChangesetSummary"},
+      "documentation":"List of Changeset Summaries"
+    },
+    "ChangesetSummary":{
+      "type":"structure",
+      "members":{
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier for a Changeset.</p>"
         },
         "changesetArn":{
-          "shape":"arn",
-          "documentation":"<p>The ARN identifier of the changeset.</p>"
+          "shape":"ChangesetArn",
+          "documentation":"<p>The ARN identifier of the Changeset.</p>"
         },
         "datasetId":{
-          "shape":"IdType",
-          "documentation":"<p>The unique identifier for the FinSpace dataset in which the changeset is created.</p>"
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset in which the Changeset is created.</p>"
         },
         "changeType":{
           "shape":"ChangeType",
-          "documentation":"<p>Change type indicates how a changeset is applied to a dataset.</p> <ul> <li> <p> <code>REPLACE</code> - Changeset is considered as a replacement to all prior loaded changesets.</p> </li> <li> <p> <code>APPEND</code> - Changeset is considered as an addition to the end of all prior loaded changesets.</p> </li> <li> <p> <code>MODIFY</code> - Changeset is considered as a replacement to a specific prior ingested changeset.</p> </li> </ul>"
-        },
-        "sourceType":{
-          "shape":"SourceType",
-          "documentation":"<p>Type of the data source from which the files to create the changeset are sourced.</p> <ul> <li> <p> <code>S3</code> - Amazon S3.</p> </li> </ul>"
+          "documentation":"<p>Type that indicates how a Changeset is applied to a Dataset.</p> <ul> <li> <p> <code>REPLACE</code> - Changeset is considered as a replacement to all prior loaded Changesets.</p> </li> <li> <p> <code>APPEND</code> - Changeset is considered as an addition to the end of all prior loaded Changesets.</p> </li> <li> <p> <code>MODIFY</code> - Changeset is considered as a replacement to a specific prior ingested Changeset.</p> </li> </ul>"
         },
         "sourceParams":{
-          "shape":"stringMap",
-          "documentation":"<p>Source path from which the files to create the changeset are sourced.</p>"
-        },
-        "formatType":{
-          "shape":"FormatType",
-          "documentation":"<p>Format type of the input files loaded into the changeset.</p>"
+          "shape":"SourceParams",
+          "documentation":"<p>Options that define the location of the data being ingested.</p>"
         },
         "formatParams":{
-          "shape":"stringMap",
-          "documentation":"<p>Structure of the source file(s).</p>"
+          "shape":"FormatParams",
+          "documentation":"<p>Options that define the structure of the source file(s).</p>"
         },
-        "createTimestamp":{
-          "shape":"Timestamp",
-          "documentation":"<p>The timestamp at which the changeset was created in FinSpace.</p>"
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Changeset was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
         },
         "status":{
-          "shape":"ChangesetStatus",
-          "documentation":"<p>The status of changeset creation operation.</p>"
+          "shape":"IngestionStatus",
+          "documentation":"<p>Status of the Changeset ingestion.</p> <ul> <li> <p> <code>PENDING</code> - Changeset is pending creation.</p> </li> <li> <p> <code>FAILED</code> - Changeset creation has failed.</p> </li> <li> <p> <code>SUCCESS</code> - Changeset creation has succeeded.</p> </li> <li> <p> <code>RUNNING</code> - Changeset creation is running.</p> </li> <li> <p> <code>STOP_REQUESTED</code> - User requested Changeset creation to stop.</p> </li> </ul>"
         },
         "errorInfo":{
-          "shape":"ErrorInfo",
+          "shape":"ChangesetErrorInfo",
           "documentation":"<p>The structure with error messages.</p>"
         },
-        "changesetLabels":{
-          "shape":"stringMap",
-          "documentation":"<p>Tags associated with the changeset.</p>"
+        "activeUntilTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Time until which the Changeset is active. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "activeFromTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Beginning time from which the Changeset is active. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
         },
         "updatesChangesetId":{
-          "shape":"stringValue",
-          "documentation":"<p>Unique identifier of the changeset that is updated.</p>"
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the Changeset that is updated.</p>"
         },
         "updatedByChangesetId":{
-          "shape":"stringValue",
-          "documentation":"<p>Unique identifier of the changeset that is updated a changeset.</p>"
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the updated Changeset.</p>"
         }
       },
-      "documentation":"<p>A changeset is unit of data in a dataset.</p>"
+      "documentation":"<p>A Changeset is unit of data in a Dataset.</p>"
     },
-    "ChangesetStatus":{
+    "ClientToken":{
       "type":"string",
+      "documentation":"Idempotence Token for API operations",
+      "max":128,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "ColumnDataType":{
+      "type":"string",
+      "documentation":"Data type of a column.",
       "enum":[
-        "PENDING",
-        "FAILED",
-        "SUCCESS",
-        "RUNNING",
-        "STOP_REQUESTED"
+        "STRING",
+        "CHAR",
+        "INTEGER",
+        "TINYINT",
+        "SMALLINT",
+        "BIGINT",
+        "FLOAT",
+        "DOUBLE",
+        "DATE",
+        "DATETIME",
+        "BOOLEAN",
+        "BINARY"
       ]
     },
+    "ColumnDefinition":{
+      "type":"structure",
+      "members":{
+        "dataType":{
+          "shape":"ColumnDataType",
+          "documentation":"<p>Data type of a column.</p> <ul> <li> <p> <code>STRING</code> - A String data type.</p> <p> <code>CHAR</code> - A char data type.</p> <p> <code>INTEGER</code> - An integer data type.</p> <p> <code>TINYINT</code> - A tinyint data type.</p> <p> <code>SMALLINT</code> - A smallint data type.</p> <p> <code>BIGINT</code> - A bigint data type.</p> <p> <code>FLOAT</code> - A float data type.</p> <p> <code>DOUBLE</code> - A double data type.</p> <p> <code>DATE</code> - A date data type.</p> <p> <code>DATETIME</code> - A datetime data type.</p> <p> <code>BOOLEAN</code> - A boolean data type.</p> <p> <code>BINARY</code> - A binary data type.</p> </li> </ul>"
+        },
+        "columnName":{
+          "shape":"ColumnName",
+          "documentation":"<p>Name for a column.</p>"
+        },
+        "columnDescription":{
+          "shape":"ColumnDescription",
+          "documentation":"<p>Description for a column.</p>"
+        }
+      },
+      "documentation":"<p>The definition of a column in a tabular Dataset.</p>"
+    },
+    "ColumnDescription":{
+      "type":"string",
+      "documentation":"Column Description",
+      "max":512,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
+    },
+    "ColumnList":{
+      "type":"list",
+      "member":{"shape":"ColumnDefinition"},
+      "documentation":"List of Column Definitions"
+    },
+    "ColumnName":{
+      "type":"string",
+      "documentation":"Column Name",
+      "max":126,
+      "pattern":".*\\S.*"
+    },
+    "ColumnNameList":{
+      "type":"list",
+      "member":{"shape":"ColumnName"},
+      "documentation":"List of Column Names"
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p>The request conflicts with an existing resource.</p>",
+      "error":{"httpStatusCode":409},
+      "exception":true
+    },
     "CreateChangesetRequest":{
       "type":"structure",
       "required":[
         "datasetId",
         "changeType",
-        "sourceType",
-        "sourceParams"
+        "sourceParams",
+        "formatParams"
       ],
       "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true
+        },
         "datasetId":{
-          "shape":"IdType",
-          "documentation":"<p>The unique identifier for the FinSpace dataset in which the changeset will be created.</p>",
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset where the Changeset will be created. </p>",
           "location":"uri",
           "locationName":"datasetId"
         },
         "changeType":{
           "shape":"ChangeType",
-          "documentation":"<p>Option to indicate how a changeset will be applied to a dataset.</p> <ul> <li> <p> <code>REPLACE</code> - Changeset will be considered as a replacement to all prior loaded changesets.</p> </li> <li> <p> <code>APPEND</code> - Changeset will be considered as an addition to the end of all prior loaded changesets.</p> </li> </ul>"
-        },
-        "sourceType":{
-          "shape":"SourceType",
-          "documentation":"<p>Type of the data source from which the files to create the changeset will be sourced.</p> <ul> <li> <p> <code>S3</code> - Amazon S3.</p> </li> </ul>"
+          "documentation":"<p>Option to indicate how a Changeset will be applied to a Dataset.</p> <ul> <li> <p> <code>REPLACE</code> - Changeset will be considered as a replacement to all prior loaded Changesets.</p> </li> <li> <p> <code>APPEND</code> - Changeset will be considered as an addition to the end of all prior loaded Changesets.</p> </li> <li> <p> <code>MODIFY</code> - Changeset is considered as a replacement to a specific prior ingested Changeset.</p> </li> </ul>"
         },
         "sourceParams":{
-          "shape":"stringMap",
-          "documentation":"<p>Source path from which the files to create the changeset will be sourced.</p>"
-        },
-        "formatType":{
-          "shape":"FormatType",
-          "documentation":"<p>Format type of the input files being loaded into the changeset.</p>"
+          "shape":"SourceParams",
+          "documentation":"<p>Options that define the location of the data being ingested (<code>s3SourcePath</code>) and the source of the changeset (<code>sourceType</code>).</p> <p>Both <code>s3SourcePath</code> and <code>sourceType</code> are required attributes.</p> <p>Here is an example of how you could specify the <code>sourceParams</code>:</p> <p> <code> \"sourceParams\": { \"s3SourcePath\": \"s3://finspace-landing-us-east-2-bk7gcfvitndqa6ebnvys4d/scratch/wr5hh8pwkpqqkxa4sxrmcw/ingestion/equity.csv\", \"sourceType\": \"S3\" } </code> </p> <p>The S3 path that you specify must allow the FinSpace role access. To do that, you first need to configure the IAM policy on S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/finspace/latest/data-api/fs-using-the-finspace-api.html#access-s3-buckets\">Loading data from an Amazon S3 Bucket using the FinSpace API</a>section.</p>"
         },
         "formatParams":{
-          "shape":"stringMap",
-          "documentation":"<p>Options that define the structure of the source file(s).</p>"
-        },
-        "tags":{
-          "shape":"stringMap",
-          "documentation":"<p>Metadata tags to apply to this changeset.</p>"
+          "shape":"FormatParams",
+          "documentation":"<p>Options that define the structure of the source file(s) including the format type (<code>formatType</code>), header row (<code>withHeader</code>), data separation character (<code>separator</code>) and the type of compression (<code>compression</code>). </p> <p> <code>formatType</code> is a required attribute and can have the following values: </p> <ul> <li> <p> <code>PARQUET</code> - Parquet source file format.</p> </li> <li> <p> <code>CSV</code> - CSV source file format.</p> </li> <li> <p> <code>JSON</code> - JSON source file format.</p> </li> <li> <p> <code>XML</code> - XML source file format.</p> </li> </ul> <p>Here is an example of how you could specify the <code>formatParams</code>:</p> <p> <code> \"formatParams\": { \"formatType\": \"CSV\", \"withHeader\": \"true\", \"separator\": \",\", \"compression\":\"None\" } </code> </p> <p>Note that if you only provide <code>formatType</code> as <code>CSV</code>, the rest of the attributes will automatically default to CSV values as following:</p> <p> <code> { \"withHeader\": \"true\", \"separator\": \",\" } </code> </p> <p> For more information about supported file formats, see <a href=\"https://docs.aws.amazon.com/finspace/latest/userguide/supported-data-types.html\">Supported Data Types and File Formats</a> in the FinSpace User Guide.</p>"
         }
-      }
+      },
+      "documentation":"The request for a CreateChangeset operation."
     },
     "CreateChangesetResponse":{
       "type":"structure",
       "members":{
-        "changeset":{
-          "shape":"ChangesetInfo",
-          "documentation":"<p>Returns the changeset details.</p>"
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset where the Changeset is created.</p>"
+        },
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the Changeset that is created.</p>"
         }
-      }
+      },
+      "documentation":"The response from a CreateChangeset operation."
+    },
+    "CreateDataViewRequest":{
+      "type":"structure",
+      "required":[
+        "datasetId",
+        "destinationTypeParams"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique Dataset identifier that is used to create a Dataview.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "autoUpdate":{
+          "shape":"Boolean",
+          "documentation":"<p>Flag to indicate Dataview should be updated automatically.</p>"
+        },
+        "sortColumns":{
+          "shape":"SortColumnList",
+          "documentation":"<p>Columns to be used for sorting the data.</p>"
+        },
+        "partitionColumns":{
+          "shape":"PartitionColumnList",
+          "documentation":"<p>Ordered set of column names used to partition data.</p>"
+        },
+        "asOfTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Beginning time to use for the Dataview. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "destinationTypeParams":{
+          "shape":"DataViewDestinationTypeParams",
+          "documentation":"<p>Options that define the destination type for the Dataview.</p>"
+        }
+      },
+      "documentation":"Request for creating a data view."
+    },
+    "CreateDataViewResponse":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier of the Dataset used for the Dataview.</p>"
+        },
+        "dataViewId":{
+          "shape":"DataViewId",
+          "documentation":"<p>The unique identifier for the created Dataview.</p>"
+        }
+      },
+      "documentation":"Response for creating a data view."
+    },
+    "CreateDatasetRequest":{
+      "type":"structure",
+      "required":[
+        "datasetTitle",
+        "kind",
+        "permissionGroupParams"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true
+        },
+        "datasetTitle":{
+          "shape":"DatasetTitle",
+          "documentation":"<p>Display title for a FinSpace Dataset.</p>"
+        },
+        "kind":{
+          "shape":"DatasetKind",
+          "documentation":"<p>The format in which Dataset data is structured.</p> <ul> <li> <p> <code>TABULAR</code> - Data is structured in a tabular format.</p> </li> <li> <p> <code>NON_TABULAR</code> - Data is structured in a non-tabular format.</p> </li> </ul>"
+        },
+        "datasetDescription":{
+          "shape":"DatasetDescription",
+          "documentation":"<p>Description of a Dataset.</p>"
+        },
+        "ownerInfo":{
+          "shape":"DatasetOwnerInfo",
+          "documentation":"<p>Contact information for a Dataset owner.</p>"
+        },
+        "permissionGroupParams":{
+          "shape":"PermissionGroupParams",
+          "documentation":"<p>Permission group parameters for Dataset permissions.</p>"
+        },
+        "alias":{
+          "shape":"AliasString",
+          "documentation":"<p>The unique resource identifier for a Dataset.</p>"
+        },
+        "schemaDefinition":{
+          "shape":"SchemaUnion",
+          "documentation":"<p>Definition for a schema on a tabular Dataset.</p>"
+        }
+      },
+      "documentation":"The request for a CreateDataset operation"
+    },
+    "CreateDatasetResponse":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the created Dataset.</p>"
+        }
+      },
+      "documentation":"The response from a CreateDataset operation"
     },
     "Credentials":{
       "type":"structure",
@@ -218,44 +629,528 @@
           "documentation":"<p>The session token.</p>"
         }
       },
-      "documentation":"<p>Set short term API credentials.</p>"
+      "documentation":"<p>Short term API credentials.</p>"
     },
-    "ErrorCategory":{
+    "DataViewArn":{
       "type":"string",
-      "enum":[
-        "The_inputs_to_this_request_are_invalid",
-        "Service_limits_have_been_exceeded",
-        "Missing_required_permission_to_perform_this_request",
-        "One_or_more_inputs_to_this_request_were_not_found",
-        "The_system_temporarily_lacks_sufficient_resources_to_process_the_request",
-        "An_internal_error_has_occurred",
-        "Cancelled",
-        "A_user_recoverable_error_has_occurred"
-      ]
+      "documentation":"Arn of a DataView"
     },
-    "ErrorInfo":{
+    "DataViewDestinationType":{
+      "type":"string",
+      "documentation":"DataView Destination Type"
+    },
+    "DataViewDestinationTypeParams":{
+      "type":"structure",
+      "required":["destinationType"],
+      "members":{
+        "destinationType":{
+          "shape":"DataViewDestinationType",
+          "documentation":"<p>Destination type for a Dataview.</p> <ul> <li> <p> <code>GLUE_TABLE</code> - Glue table destination type.</p> </li> <li> <p> <code>S3</code> - S3 destination type.</p> </li> </ul>"
+        },
+        "s3DestinationExportFileFormat":{
+          "shape":"ExportFileFormat",
+          "documentation":"<p>Data view export file format.</p> <ul> <li> <p> <code>PARQUET</code> - Parquet export file format.</p> </li> <li> <p> <code>DELIMITED_TEXT</code> - Delimited text export file format.</p> </li> </ul>"
+        },
+        "s3DestinationExportFileFormatOptions":{
+          "shape":"S3DestinationFormatOptions",
+          "documentation":"<p>Format Options for S3 Destination type.</p> <p>Here is an example of how you could specify the <code>s3DestinationExportFileFormatOptions</code> </p> <p> <code> { \"header\": \"true\", \"delimiter\": \",\", \"compression\": \"gzip\" }</code> </p>"
+        }
+      },
+      "documentation":"<p>Structure for the Dataview destination type parameters.</p>"
+    },
+    "DataViewErrorInfo":{
       "type":"structure",
       "members":{
         "errorMessage":{
-          "shape":"stringValueMaxLength1000",
+          "shape":"ErrorMessage",
           "documentation":"<p>The text of the error message.</p>"
         },
         "errorCategory":{
           "shape":"ErrorCategory",
-          "documentation":"<p>The category of the error.</p> <ul> <li> <p> <code>VALIDATION</code> -The inputs to this request are invalid.</p> </li> <li> <p> <code>SERVICE_QUOTA_EXCEEDED</code> - Service quotas have been exceeded. Please contact AWS support to increase quotas.</p> </li> <li> <p> <code>ACCESS_DENIED</code> - Missing required permission to perform this request.</p> </li> <li> <p> <code>RESOURCE_NOT_FOUND</code> - One or more inputs to this request were not found.</p> </li> <li> <p> <code>THROTTLING</code> - The system temporarily lacks sufficient resources to process the request.</p> </li> <li> <p> <code>INTERNAL_SERVICE_EXCEPTION</code> - An internal service error has occurred.</p> </li> <li> <p> <code>CANCELLED</code> - A user recoverable error has occurred.</p> </li> </ul>"
+          "documentation":"<p>The category of the error.</p> <ul> <li> <p> <code>VALIDATION</code> -The inputs to this request are invalid.</p> </li> <li> <p> <code>SERVICE_QUOTA_EXCEEDED</code> - Service quotas have been exceeded. Please contact AWS support to increase quotas.</p> </li> <li> <p> <code>ACCESS_DENIED</code> - Missing required permission to perform this request.</p> </li> <li> <p> <code>RESOURCE_NOT_FOUND</code> - One or more inputs to this request were not found.</p> </li> <li> <p> <code>THROTTLING</code> - The system temporarily lacks sufficient resources to process the request.</p> </li> <li> <p> <code>INTERNAL_SERVICE_EXCEPTION</code> - An internal service error has occurred.</p> </li> <li> <p> <code>CANCELLED</code> - Cancelled.</p> </li> <li> <p> <code>USER_RECOVERABLE</code> - A user recoverable error has occurred.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The structure with error messages.</p>"
+    },
+    "DataViewId":{
+      "type":"string",
+      "documentation":"DataView ID",
+      "max":26,
+      "min":1
+    },
+    "DataViewList":{
+      "type":"list",
+      "member":{"shape":"DataViewSummary"},
+      "documentation":"List of Data Views"
+    },
+    "DataViewStatus":{
+      "type":"string",
+      "documentation":"Status of a DataView",
+      "enum":[
+        "RUNNING",
+        "STARTING",
+        "FAILED",
+        "CANCELLED",
+        "TIMEOUT",
+        "SUCCESS",
+        "PENDING",
+        "FAILED_CLEANUP_FAILED"
+      ]
+    },
+    "DataViewSummary":{
+      "type":"structure",
+      "members":{
+        "dataViewId":{
+          "shape":"DataViewId",
+          "documentation":"<p>The unique identifier for the Dataview.</p>"
+        },
+        "dataViewArn":{
+          "shape":"DataViewArn",
+          "documentation":"<p>The ARN identifier of the Dataview.</p>"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>Th unique identifier for the Dataview Dataset.</p>"
+        },
+        "asOfTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Time range to use for the Dataview. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "partitionColumns":{
+          "shape":"PartitionColumnList",
+          "documentation":"<p>Ordered set of column names used to partition data.</p>"
+        },
+        "sortColumns":{
+          "shape":"SortColumnList",
+          "documentation":"<p>Columns to be used for sorting the data.</p>"
+        },
+        "status":{
+          "shape":"DataViewStatus",
+          "documentation":"<p>The status of a Dataview creation.</p> <ul> <li> <p> <code>RUNNING</code> - Dataview creation is running.</p> </li> <li> <p> <code>STARTING</code> - Dataview creation is starting.</p> </li> <li> <p> <code>FAILED</code> - Dataview creation has failed.</p> </li> <li> <p> <code>CANCELLED</code> - Dataview creation has been cancelled.</p> </li> <li> <p> <code>TIMEOUT</code> - Dataview creation has timed out.</p> </li> <li> <p> <code>SUCCESS</code> - Dataview creation has succeeded.</p> </li> <li> <p> <code>PENDING</code> - Dataview creation is pending.</p> </li> <li> <p> <code>FAILED_CLEANUP_FAILED</code> - Dataview creation failed and resource cleanup failed.</p> </li> </ul>"
+        },
+        "errorInfo":{
+          "shape":"DataViewErrorInfo",
+          "documentation":"<p>The structure with error messages.</p>"
+        },
+        "destinationTypeProperties":{
+          "shape":"DataViewDestinationTypeParams",
+          "documentation":"<p>Information about the Dataview destination.</p>"
+        },
+        "autoUpdate":{
+          "shape":"Boolean",
+          "documentation":"<p>The flag to indicate Dataview should be updated automatically.</p>"
+        },
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Dataview was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "lastModifiedTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The last time that a Dataview was modified. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        }
+      },
+      "documentation":"<p>Structure for the summary of a Dataview.</p>"
+    },
+    "Dataset":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>An identifier for a Dataset.</p>"
+        },
+        "datasetArn":{
+          "shape":"DatasetArn",
+          "documentation":"<p>The ARN identifier of the Dataset.</p>"
+        },
+        "datasetTitle":{
+          "shape":"DatasetTitle",
+          "documentation":"<p>Display title for a Dataset.</p>"
+        },
+        "kind":{
+          "shape":"DatasetKind",
+          "documentation":"<p>The format in which Dataset data is structured.</p> <ul> <li> <p> <code>TABULAR</code> - Data is structured in a tabular format.</p> </li> <li> <p> <code>NON_TABULAR</code> - Data is structured in a non-tabular format.</p> </li> </ul>"
+        },
+        "datasetDescription":{
+          "shape":"DatasetDescription",
+          "documentation":"<p>Description for a Dataset.</p>"
+        },
+        "ownerInfo":{
+          "shape":"DatasetOwnerInfo",
+          "documentation":"<p>Contact information for a Dataset owner.</p>"
+        },
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Dataset was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "lastModifiedTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The last time that the Dataset was modified. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "schemaDefinition":{
+          "shape":"SchemaUnion",
+          "documentation":"<p>Definition for a schema on a tabular Dataset.</p>"
+        },
+        "alias":{
+          "shape":"AliasString",
+          "documentation":"<p>The unique resource identifier for a Dataset.</p>"
+        }
+      },
+      "documentation":"<p>The structure for a Dataset.</p>"
+    },
+    "DatasetArn":{
+      "type":"string",
+      "documentation":"Arn of a Dataset"
+    },
+    "DatasetDescription":{
+      "type":"string",
+      "documentation":"Description of a dataset",
+      "max":1000,
+      "min":1,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
+    },
+    "DatasetId":{
+      "type":"string",
+      "documentation":"ID for a given Dataset",
+      "max":26,
+      "min":1
+    },
+    "DatasetKind":{
+      "type":"string",
+      "documentation":"Dataset Kind",
+      "enum":[
+        "TABULAR",
+        "NON_TABULAR"
+      ]
+    },
+    "DatasetList":{
+      "type":"list",
+      "member":{"shape":"Dataset"},
+      "documentation":"List of Dataset structures"
+    },
+    "DatasetOwnerInfo":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"OwnerName",
+          "documentation":"<p>Name of the Dataset owner.</p>"
+        },
+        "phoneNumber":{
+          "shape":"PhoneNumber",
+          "documentation":"<p>Phone number for the Dataset owner.</p>"
+        },
+        "email":{
+          "shape":"Email",
+          "documentation":"<p>Email address for the Dataset owner.</p>"
+        }
+      },
+      "documentation":"<p>A structure for Dataset owner info.</p>"
+    },
+    "DatasetStatus":{
+      "type":"string",
+      "documentation":"Status of the dataset process returned from scheduler service.",
+      "enum":[
+        "PENDING",
+        "FAILED",
+        "SUCCESS",
+        "RUNNING"
+      ]
+    },
+    "DatasetTitle":{
+      "type":"string",
+      "documentation":"Title for a given Dataset",
+      "max":255,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "DeleteDatasetRequest":{
+      "type":"structure",
+      "required":["datasetId"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"clientToken"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier of the Dataset to be deleted.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
         }
       },
-      "documentation":"<p>Error message.</p>"
+      "documentation":"The request for a DeleteDataset operation."
     },
-    "FormatType":{
+    "DeleteDatasetResponse":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the deleted Dataset.</p>"
+        }
+      },
+      "documentation":"The response from an DeleteDataset operation"
+    },
+    "Email":{
       "type":"string",
+      "documentation":"Email of Dataset Owner",
+      "max":320,
+      "min":4,
+      "pattern":"[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}"
+    },
+    "ErrorCategory":{
+      "type":"string",
+      "documentation":"Changeset Error Category",
+      "enum":[
+        "VALIDATION",
+        "SERVICE_QUOTA_EXCEEDED",
+        "ACCESS_DENIED",
+        "RESOURCE_NOT_FOUND",
+        "THROTTLING",
+        "INTERNAL_SERVICE_EXCEPTION",
+        "CANCELLED",
+        "USER_RECOVERABLE"
+      ]
+    },
+    "ErrorMessage":{
+      "type":"string",
+      "documentation":"Changeset Error Message",
+      "max":1000
+    },
+    "ExportFileFormat":{
+      "type":"string",
+      "documentation":"Data View Export File Format",
       "enum":[
-        "CSV",
-        "JSON",
         "PARQUET",
-        "XML"
+        "DELIMITED_TEXT"
       ]
     },
+    "FormatParams":{
+      "type":"map",
+      "key":{"shape":"StringMapKey"},
+      "value":{"shape":"StringMapValue"},
+      "documentation":"Format Parameters of a Changeset"
+    },
+    "GetChangesetRequest":{
+      "type":"structure",
+      "required":[
+        "datasetId",
+        "changesetId"
+      ],
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset where the Changeset is created.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the Changeset for which to get data.</p>",
+          "location":"uri",
+          "locationName":"changesetId"
+        }
+      },
+      "documentation":"Request to describe a changeset."
+    },
+    "GetChangesetResponse":{
+      "type":"structure",
+      "members":{
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier for a Changeset.</p>"
+        },
+        "changesetArn":{
+          "shape":"ChangesetArn",
+          "documentation":"<p>The ARN identifier of the Changeset.</p>"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset where the Changeset is created.</p>"
+        },
+        "changeType":{
+          "shape":"ChangeType",
+          "documentation":"<p>Type that indicates how a Changeset is applied to a Dataset.</p> <ul> <li> <p> <code>REPLACE</code> - Changeset is considered as a replacement to all prior loaded Changesets.</p> </li> <li> <p> <code>APPEND</code> - Changeset is considered as an addition to the end of all prior loaded Changesets.</p> </li> <li> <p> <code>MODIFY</code> - Changeset is considered as a replacement to a specific prior ingested Changeset.</p> </li> </ul>"
+        },
+        "sourceParams":{
+          "shape":"SourceParams",
+          "documentation":"<p>Options that define the location of the data being ingested.</p>"
+        },
+        "formatParams":{
+          "shape":"FormatParams",
+          "documentation":"<p>Structure of the source file(s).</p>"
+        },
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Changeset was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "status":{
+          "shape":"IngestionStatus",
+          "documentation":"<p>The status of Changeset creation operation.</p>"
+        },
+        "errorInfo":{
+          "shape":"ChangesetErrorInfo",
+          "documentation":"<p>The structure with error messages.</p>"
+        },
+        "activeUntilTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Time until which the Changeset is active. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "activeFromTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Beginning time from which the Changeset is active. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "updatesChangesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the Changeset that is being updated.</p>"
+        },
+        "updatedByChangesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier of the updated Changeset.</p>"
+        }
+      },
+      "documentation":"The response from a describe changeset operation"
+    },
+    "GetDataViewRequest":{
+      "type":"structure",
+      "required":[
+        "dataViewId",
+        "datasetId"
+      ],
+      "members":{
+        "dataViewId":{
+          "shape":"DataViewId",
+          "documentation":"<p>The unique identifier for the Dataview.</p>",
+          "location":"uri",
+          "locationName":"dataviewId"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the Dataset used in the Dataview.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        }
+      },
+      "documentation":"Request for retrieving a data view detail. Grouped / accessible within a dataset by its dataset id."
+    },
+    "GetDataViewResponse":{
+      "type":"structure",
+      "members":{
+        "autoUpdate":{
+          "shape":"Boolean",
+          "documentation":"<p>Flag to indicate Dataview should be updated automatically.</p>"
+        },
+        "partitionColumns":{
+          "shape":"PartitionColumnList",
+          "documentation":"<p>Ordered set of column names used to partition data.</p>"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the Dataset used in the Dataview.</p>"
+        },
+        "asOfTimestamp":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>Time range to use for the Dataview. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>",
+          "box":true
+        },
+        "errorInfo":{
+          "shape":"DataViewErrorInfo",
+          "documentation":"<p>Information about an error that occurred for the Dataview.</p>"
+        },
+        "lastModifiedTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The last time that a Dataview was modified. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Dataview was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "sortColumns":{
+          "shape":"SortColumnList",
+          "documentation":"<p>Columns to be used for sorting the data.</p>"
+        },
+        "dataViewId":{
+          "shape":"DataViewId",
+          "documentation":"<p>The unique identifier for the Dataview.</p>"
+        },
+        "dataViewArn":{
+          "shape":"DataViewArn",
+          "documentation":"<p>The ARN identifier of the Dataview.</p>"
+        },
+        "destinationTypeParams":{
+          "shape":"DataViewDestinationTypeParams",
+          "documentation":"<p>Options that define the destination type for the Dataview.</p>"
+        },
+        "status":{
+          "shape":"DataViewStatus",
+          "documentation":"<p>The status of a Dataview creation.</p> <ul> <li> <p> <code>RUNNING</code> - Dataview creation is running.</p> </li> <li> <p> <code>STARTING</code> - Dataview creation is starting.</p> </li> <li> <p> <code>FAILED</code> - Dataview creation has failed.</p> </li> <li> <p> <code>CANCELLED</code> - Dataview creation has been cancelled.</p> </li> <li> <p> <code>TIMEOUT</code> - Dataview creation has timed out.</p> </li> <li> <p> <code>SUCCESS</code> - Dataview creation has succeeded.</p> </li> <li> <p> <code>PENDING</code> - Dataview creation is pending.</p> </li> <li> <p> <code>FAILED_CLEANUP_FAILED</code> - Dataview creation failed and resource cleanup failed.</p> </li> </ul>"
+        }
+      },
+      "documentation":"Response from retrieving a dataview, which includes details on the target database and table name"
+    },
+    "GetDatasetRequest":{
+      "type":"structure",
+      "required":["datasetId"],
+      "members":{
+        "datasetId":{
+          "shape":"StringValueLength1to255",
+          "documentation":"<p>The unique identifier for a Dataset.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        }
+      },
+      "documentation":"Request for the GetDataset operation."
+    },
+    "GetDatasetResponse":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for a Dataset.</p>"
+        },
+        "datasetArn":{
+          "shape":"DatasetArn",
+          "documentation":"<p>The ARN identifier of the Dataset.</p>"
+        },
+        "datasetTitle":{
+          "shape":"DatasetTitle",
+          "documentation":"<p>Display title for a Dataset.</p>"
+        },
+        "kind":{
+          "shape":"DatasetKind",
+          "documentation":"<p>The format in which Dataset data is structured.</p> <ul> <li> <p> <code>TABULAR</code> - Data is structured in a tabular format.</p> </li> <li> <p> <code>NON_TABULAR</code> - Data is structured in a non-tabular format.</p> </li> </ul>"
+        },
+        "datasetDescription":{
+          "shape":"DatasetDescription",
+          "documentation":"<p>A description of the Dataset.</p>"
+        },
+        "createTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The timestamp at which the Dataset was created in FinSpace. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "lastModifiedTime":{
+          "shape":"TimestampEpoch",
+          "documentation":"<p>The last time that the Dataset was modified. The value is determined as Epoch time in milliseconds. For example, the value for Monday, November 1, 2021 12:00:00 PM UTC is specified as 1635768000000.</p>"
+        },
+        "schemaDefinition":{
+          "shape":"SchemaUnion",
+          "documentation":"<p>Definition for a schema on a tabular Dataset.</p>"
+        },
+        "alias":{
+          "shape":"AliasString",
+          "documentation":"<p>The unique resource identifier for a Dataset.</p>"
+        },
+        "status":{
+          "shape":"DatasetStatus",
+          "documentation":"<p>Status of the Dataset creation.</p> <ul> <li> <p> <code>PENDING</code> - Dataset is pending creation.</p> </li> <li> <p> <code>FAILED</code> - Dataset creation has failed.</p> </li> <li> <p> <code>SUCCESS</code> - Dataset creation has succeeded.</p> </li> <li> <p> <code>RUNNING</code> - Dataset creation is running.</p> </li> </ul>"
+        }
+      },
+      "documentation":"Response for the GetDataset operation"
+    },
     "GetProgrammaticAccessCredentialsRequest":{
       "type":"structure",
       "required":["environmentId"],
@@ -268,11 +1163,12 @@
         },
         "environmentId":{
           "shape":"IdType",
-          "documentation":"<p>The habanero environment identifier.</p>",
+          "documentation":"<p>The FinSpace environment identifier.</p>",
           "location":"querystring",
           "locationName":"environmentId"
         }
-      }
+      },
+      "documentation":"Request for GetProgrammaticAccessCredentials operation"
     },
     "GetProgrammaticAccessCredentialsResponse":{
       "type":"structure",
@@ -285,14 +1181,15 @@
           "shape":"SessionDuration",
           "documentation":"<p>Returns the duration in which the credentials will remain valid.</p>"
         }
-      }
+      },
+      "documentation":"Response for GetProgrammaticAccessCredentials operation"
     },
     "GetWorkingLocationRequest":{
       "type":"structure",
       "members":{
         "locationType":{
           "shape":"locationType",
-          "documentation":"<p>Specify the type of the working location.</p> <ul> <li> <p> <code>SAGEMAKER</code> - Use the Amazon S3 location as a temporary location to store data content when working with FinSpace Notebooks that run on SageMaker studio.</p> </li> <li> <p> <code>INGESTION</code> - Use the Amazon S3 location as a staging location to copy your data content and then use the location with the changeset creation operation.</p> </li> </ul>"
+          "documentation":"<p>Specify the type of the working location.</p> <ul> <li> <p> <code>SAGEMAKER</code> - Use the Amazon S3 location as a temporary location to store data content when working with FinSpace Notebooks that run on SageMaker studio.</p> </li> <li> <p> <code>INGESTION</code> - Use the Amazon S3 location as a staging location to copy your data content and then use the location with the Changeset creation operation.</p> </li> </ul>"
         }
       }
     },
@@ -318,6 +1215,17 @@
       "max":26,
       "min":1
     },
+    "IngestionStatus":{
+      "type":"string",
+      "documentation":"Status of the ingestion process returned from scheduler service.",
+      "enum":[
+        "PENDING",
+        "FAILED",
+        "SUCCESS",
+        "RUNNING",
+        "STOP_REQUESTED"
+      ]
+    },
     "InternalServerException":{
       "type":"structure",
       "members":{
@@ -327,6 +1235,170 @@
       "error":{"httpStatusCode":500},
       "exception":true
     },
+    "LimitExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p>A limit has exceeded.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "ListChangesetsRequest":{
+      "type":"structure",
+      "required":["datasetId"],
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset to which the Changeset belongs.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "maxResults":{
+          "shape":"ResultLimit",
+          "documentation":"<p>The maximum number of results per page.</p>",
+          "box":true,
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      },
+      "documentation":"Request to ListChangesetsRequest. It exposes minimal query filters."
+    },
+    "ListChangesetsResponse":{
+      "type":"structure",
+      "members":{
+        "changesets":{
+          "shape":"ChangesetList",
+          "documentation":"<p>List of Changesets found.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>"
+        }
+      },
+      "documentation":"Response to ListChangesetsResponse. This returns a list of dataset changesets that match the query criteria."
+    },
+    "ListDataViewsRequest":{
+      "type":"structure",
+      "required":["datasetId"],
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier of the Dataset for which to retrieve Dataviews.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"ResultLimit",
+          "documentation":"<p>The maximum number of results per page.</p>",
+          "box":true,
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      },
+      "documentation":"Request for a list data views."
+    },
+    "ListDataViewsResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>"
+        },
+        "dataViews":{
+          "shape":"DataViewList",
+          "documentation":"<p>A list of Dataviews.</p>"
+        }
+      }
+    },
+    "ListDatasetsRequest":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"ResultLimit",
+          "documentation":"<p>The maximum number of results per page.</p>",
+          "box":true,
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      },
+      "documentation":"Request for the ListDatasets operation."
+    },
+    "ListDatasetsResponse":{
+      "type":"structure",
+      "members":{
+        "datasets":{
+          "shape":"DatasetList",
+          "documentation":"<p>List of Datasets.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>A token indicating where a results page should begin.</p>"
+        }
+      },
+      "documentation":"Response for the ListDatasets operation"
+    },
+    "OwnerName":{
+      "type":"string",
+      "documentation":"1 - 250 character String",
+      "max":250,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "PaginationToken":{
+      "type":"string",
+      "documentation":"Pagination token for list operations"
+    },
+    "PartitionColumnList":{
+      "type":"list",
+      "member":{"shape":"StringValueLength1to255"},
+      "documentation":"DataView Partition Column List"
+    },
+    "PermissionGroupId":{
+      "type":"string",
+      "documentation":"Id of the associated PermissionGroup",
+      "max":26,
+      "min":1
+    },
+    "PermissionGroupParams":{
+      "type":"structure",
+      "members":{
+        "permissionGroupId":{
+          "shape":"PermissionGroupId",
+          "documentation":"<p>The unique identifier of the PermissionGroup.</p>"
+        },
+        "datasetPermissions":{
+          "shape":"ResourcePermissionsList",
+          "documentation":"<p>List of resource permissions.</p>"
+        }
+      },
+      "documentation":"<p>Permission group parameters for Dataset permissions.</p> <p>Here is an example of how you could specify the <code>PermissionGroupParams</code>:</p> <p> <code> { \"permissionGroupId\": \"0r6fCRtSTUk4XPfXQe3M0g\", \"datasetPermissions\": [ {\"permission\": \"ViewDatasetDetails\"}, {\"permission\": \"AddDatasetData\"}, {\"permission\": \"EditDatasetMetadata\"}, {\"permission\": \"DeleteDataset\"} ] } </code> </p>"
+    },
+    "PhoneNumber":{
+      "type":"string",
+      "documentation":"PhoneNumber of Dataset Owner",
+      "max":20,
+      "min":10,
+      "pattern":"^[\\+0-9\\#\\,\\(][\\+0-9\\-\\.\\/\\(\\)\\,\\#\\s]+$"
+    },
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
@@ -336,14 +1408,95 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "ResourcePermission":{
+      "type":"structure",
+      "members":{
+        "permission":{
+          "shape":"StringValueLength1to250",
+          "documentation":"<p>Permission for a resource.</p>"
+        }
+      },
+      "documentation":"<p>Resource permission for a dataset. When you create a dataset, all the other members of the same user group inherit access to the dataset. You can only create a dataset if your user group has application permission for Create Datasets.</p> <p>The following is a list of valid dataset permissions that you can apply: </p> <ul> <li> <p> <code>ViewDatasetDetails</code> </p> </li> <li> <p> <code>ReadDatasetDetails</code> </p> </li> <li> <p> <code>AddDatasetData</code> </p> </li> <li> <p> <code>CreateSnapshot</code> </p> </li> <li> <p> <code>EditDatasetMetadata</code> </p> </li> <li> <p> <code>DeleteDataset</code> </p> </li> </ul> <p>For more information on the ataset permissions, see <a href=\"https://docs.aws.amazon.com/finspace/latest/userguide/managing-user-permissions.html#supported-dataset-permissions\">Supported Dataset Permissions</a> in the FinSpace User Guide.</p>"
+    },
+    "ResourcePermissionsList":{
+      "type":"list",
+      "member":{"shape":"ResourcePermission"},
+      "documentation":"List of Resource Permissions"
+    },
+    "ResultLimit":{
+      "type":"integer",
+      "documentation":"Maximum number of results to be returned as part of a list operation",
+      "max":100,
+      "min":1
+    },
+    "S3DestinationFormatOptions":{
+      "type":"map",
+      "key":{"shape":"StringMapKey"},
+      "value":{"shape":"StringMapValue"}
+    },
+    "SchemaDefinition":{
+      "type":"structure",
+      "members":{
+        "columns":{
+          "shape":"ColumnList",
+          "documentation":"<p>List of column definitions.</p>"
+        },
+        "primaryKeyColumns":{
+          "shape":"ColumnNameList",
+          "documentation":"<p>List of column names used for primary key.</p>"
+        }
+      },
+      "documentation":"<p>Definition for a schema on a tabular Dataset.</p>"
+    },
+    "SchemaUnion":{
+      "type":"structure",
+      "members":{
+        "tabularSchemaConfig":{
+          "shape":"SchemaDefinition",
+          "documentation":"<p>The configuration for a schema on a tabular Dataset.</p>"
+        }
+      },
+      "documentation":"<p>A union of schema types.</p>"
+    },
     "SessionDuration":{
       "type":"long",
       "max":720,
       "min":60
     },
-    "SourceType":{
+    "SortColumnList":{
+      "type":"list",
+      "member":{"shape":"StringValueLength1to255"},
+      "documentation":"DataView Sort Column List"
+    },
+    "SourceParams":{
+      "type":"map",
+      "key":{"shape":"StringMapKey"},
+      "value":{"shape":"StringMapValue"},
+      "documentation":"Source Parameters of a Changeset"
+    },
+    "StringMapKey":{
+      "type":"string",
+      "max":128,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
+    },
+    "StringMapValue":{
       "type":"string",
-      "enum":["S3"]
+      "max":1000,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
+    },
+    "StringValueLength1to250":{
+      "type":"string",
+      "documentation":"1 - 250 character String",
+      "max":250,
+      "min":1,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
+    },
+    "StringValueLength1to255":{
+      "type":"string",
+      "documentation":"1 - 255 character String",
+      "max":255,
+      "min":1,
+      "pattern":"[\\s\\S]*\\S[\\s\\S]*"
     },
     "ThrottlingException":{
       "type":"structure",
@@ -353,7 +1506,113 @@
       "error":{"httpStatusCode":429},
       "exception":true
     },
-    "Timestamp":{"type":"timestamp"},
+    "TimestampEpoch":{
+      "type":"long",
+      "documentation":"Milliseconds since UTC epoch"
+    },
+    "UpdateChangesetRequest":{
+      "type":"structure",
+      "required":[
+        "datasetId",
+        "changesetId",
+        "sourceParams",
+        "formatParams"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset in which the Changeset is created.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier for the Changeset to update.</p>",
+          "location":"uri",
+          "locationName":"changesetId"
+        },
+        "sourceParams":{
+          "shape":"SourceParams",
+          "documentation":"<p>Options that define the location of the data being ingested (<code>s3SourcePath</code>) and the source of the changeset (<code>sourceType</code>).</p> <p>Both <code>s3SourcePath</code> and <code>sourceType</code> are required attributes.</p> <p>Here is an example of how you could specify the <code>sourceParams</code>:</p> <p> <code> \"sourceParams\": { \"s3SourcePath\": \"s3://finspace-landing-us-east-2-bk7gcfvitndqa6ebnvys4d/scratch/wr5hh8pwkpqqkxa4sxrmcw/ingestion/equity.csv\", \"sourceType\": \"S3\" } </code> </p> <p>The S3 path that you specify must allow the FinSpace role access. To do that, you first need to configure the IAM policy on S3 bucket. For more information, see <a href=\"https://docs.aws.amazon.com/finspace/latest/data-api/fs-using-the-finspace-api.html#access-s3-buckets\">Loading data from an Amazon S3 Bucket using the FinSpace API</a>section.</p>"
+        },
+        "formatParams":{
+          "shape":"FormatParams",
+          "documentation":"<p>Options that define the structure of the source file(s) including the format type (<code>formatType</code>), header row (<code>withHeader</code>), data separation character (<code>separator</code>) and the type of compression (<code>compression</code>). </p> <p> <code>formatType</code> is a required attribute and can have the following values: </p> <ul> <li> <p> <code>PARQUET</code> - Parquet source file format.</p> </li> <li> <p> <code>CSV</code> - CSV source file format.</p> </li> <li> <p> <code>JSON</code> - JSON source file format.</p> </li> <li> <p> <code>XML</code> - XML source file format.</p> </li> </ul> <p>Here is an example of how you could specify the <code>formatParams</code>:</p> <p> <code> \"formatParams\": { \"formatType\": \"CSV\", \"withHeader\": \"true\", \"separator\": \",\", \"compression\":\"None\" } </code> </p> <p>Note that if you only provide <code>formatType</code> as <code>CSV</code>, the rest of the attributes will automatically default to CSV values as following:</p> <p> <code> { \"withHeader\": \"true\", \"separator\": \",\" } </code> </p> <p> For more information about supported file formats, see <a href=\"https://docs.aws.amazon.com/finspace/latest/userguide/supported-data-types.html\">Supported Data Types and File Formats</a> in the FinSpace User Guide.</p>"
+        }
+      },
+      "documentation":"Request to update an existing changeset."
+    },
+    "UpdateChangesetResponse":{
+      "type":"structure",
+      "members":{
+        "changesetId":{
+          "shape":"ChangesetId",
+          "documentation":"<p>The unique identifier for the Changeset to update.</p>"
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the FinSpace Dataset in which the Changeset is created.</p>"
+        }
+      },
+      "documentation":"The response from a update changeset operation."
+    },
+    "UpdateDatasetRequest":{
+      "type":"structure",
+      "required":[
+        "datasetId",
+        "datasetTitle",
+        "kind"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A token that ensures idempotency. This token expires in 10 minutes.</p>",
+          "idempotencyToken":true
+        },
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for the Dataset to update.</p>",
+          "location":"uri",
+          "locationName":"datasetId"
+        },
+        "datasetTitle":{
+          "shape":"DatasetTitle",
+          "documentation":"<p>A display title for the Dataset.</p>"
+        },
+        "kind":{
+          "shape":"DatasetKind",
+          "documentation":"<p>The format in which the Dataset data is structured.</p> <ul> <li> <p> <code>TABULAR</code> - Data is structured in a tabular format.</p> </li> <li> <p> <code>NON_TABULAR</code> - Data is structured in a non-tabular format.</p> </li> </ul>"
+        },
+        "datasetDescription":{
+          "shape":"DatasetDescription",
+          "documentation":"<p>A description for the Dataset.</p>"
+        },
+        "alias":{
+          "shape":"AliasString",
+          "documentation":"<p>The unique resource identifier for a Dataset.</p>"
+        },
+        "schemaDefinition":{
+          "shape":"SchemaUnion",
+          "documentation":"<p>Definition for a schema on a tabular Dataset.</p>"
+        }
+      },
+      "documentation":"The request for an UpdateDataset operation"
+    },
+    "UpdateDatasetResponse":{
+      "type":"structure",
+      "members":{
+        "datasetId":{
+          "shape":"DatasetId",
+          "documentation":"<p>The unique identifier for updated Dataset.</p>"
+        }
+      },
+      "documentation":"The response from an UpdateDataset operation"
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
@@ -363,11 +1622,6 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
-    "arn":{
-      "type":"string",
-      "max":2048,
-      "min":20
-    },
     "errorMessage":{"type":"string"},
     "locationType":{
       "type":"string",
@@ -376,14 +1630,6 @@
         "SAGEMAKER"
       ]
     },
-    "stringMap":{
-      "type":"map",
-      "key":{"shape":"stringMapKey"},
-      "value":{"shape":"stringMapValue"}
-    },
-    "stringMapKey":{"type":"string"},
-    "stringMapValue":{"type":"string"},
-    "stringValue":{"type":"string"},
     "stringValueLength1to1024":{
       "type":"string",
       "max":1024,
@@ -406,5 +1652,5 @@
       "max":1000
     }
   },
-  "documentation":"<p> The FinSpace APIs let you take actions inside the FinSpace environment. </p>"
+  "documentation":"<p> The FinSpace APIs let you take actions inside the FinSpace.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/fis/2020-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/fis/2020-12-01/service-2.json
index 10e4b796bc2..c8d7023bc48 100644
--- a/contrib/python/botocore/py3/botocore/data/fis/2020-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/fis/2020-12-01/service-2.json
@@ -28,7 +28,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Creates an experiment template. </p> <p>To create a template, specify the following information: </p> <ul> <li> <p> <b>Targets</b>: A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags.</p> </li> <li> <p> <b>Actions</b>: The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment.</p> </li> <li> <p> <b>Stop conditions</b>: If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm.</p> </li> </ul> <p>For more information, see the <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/\">AWS Fault Injection Simulator User Guide</a>.</p>"
+      "documentation":"<p>Creates an experiment template. </p> <p>An experiment template includes the following components:</p> <ul> <li> <p> <b>Targets</b>: A target can be a specific resource in your Amazon Web Services environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags.</p> </li> <li> <p> <b>Actions</b>: The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment.</p> </li> <li> <p> <b>Stop conditions</b>: If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html\">Experiment templates</a> in the <i>Fault Injection Simulator User Guide</i>.</p>"
     },
     "DeleteExperimentTemplate":{
       "name":"DeleteExperimentTemplate",
@@ -58,7 +58,7 @@
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Gets information about the specified AWS FIS action.</p>"
+      "documentation":"<p>Gets information about the specified FIS action.</p>"
     },
     "GetExperiment":{
       "name":"GetExperiment",
@@ -90,6 +90,21 @@
       ],
       "documentation":"<p>Gets information about the specified experiment template.</p>"
     },
+    "GetTargetResourceType":{
+      "name":"GetTargetResourceType",
+      "http":{
+        "method":"GET",
+        "requestUri":"/targetResourceTypes/{resourceType}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetTargetResourceTypeRequest"},
+      "output":{"shape":"GetTargetResourceTypeResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Gets information about the specified resource type.</p>"
+    },
     "ListActions":{
       "name":"ListActions",
       "http":{
@@ -102,7 +117,7 @@
       "errors":[
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Lists the available AWS FIS actions.</p>"
+      "documentation":"<p>Lists the available FIS actions.</p>"
     },
     "ListExperimentTemplates":{
       "name":"ListExperimentTemplates",
@@ -143,6 +158,20 @@
       "output":{"shape":"ListTagsForResourceResponse"},
       "documentation":"<p>Lists the tags for the specified resource.</p>"
     },
+    "ListTargetResourceTypes":{
+      "name":"ListTargetResourceTypes",
+      "http":{
+        "method":"GET",
+        "requestUri":"/targetResourceTypes",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTargetResourceTypesRequest"},
+      "output":{"shape":"ListTargetResourceTypesResponse"},
+      "errors":[
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists the target resource types.</p>"
+    },
     "StartExperiment":{
       "name":"StartExperiment",
       "http":{
@@ -239,7 +268,7 @@
           "documentation":"<p>The tags for the action.</p>"
         }
       },
-      "documentation":"<p>Describes an action. For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html\">AWS FIS actions</a> in the <i>AWS Fault Injection Simulator User Guide</i>.</p>"
+      "documentation":"<p>Describes an action. For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/fis-actions-reference.html\">FIS actions</a> in the <i>Fault Injection Simulator User Guide</i>.</p>"
     },
     "ActionDescription":{
       "type":"string",
@@ -312,7 +341,7 @@
       "type":"structure",
       "members":{
         "resourceType":{
-          "shape":"TargetResourceType",
+          "shape":"TargetResourceTypeId",
           "documentation":"<p>The resource type of the target.</p>"
         }
       },
@@ -349,7 +378,7 @@
       "members":{
         "actionId":{
           "shape":"ActionId",
-          "documentation":"<p>The ID of the action.</p>"
+          "documentation":"<p>The ID of the action. The format of the action ID is: aws:<i>service-name</i>:<i>action-type</i>.</p>"
         },
         "description":{
           "shape":"ExperimentTemplateActionDescription",
@@ -368,7 +397,7 @@
           "documentation":"<p>The name of the action that must be completed before the current action starts. Omit this parameter to run the action at the start of the experiment.</p>"
         }
       },
-      "documentation":"<p>Specifies an action for an experiment template.</p>"
+      "documentation":"<p>Specifies an action for an experiment template.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/actions.html\">Actions</a> in the <i>Fault Injection Simulator User Guide</i>.</p>"
     },
     "CreateExperimentTemplateActionInputMap":{
       "type":"map",
@@ -392,7 +421,7 @@
         },
         "description":{
           "shape":"ExperimentTemplateDescription",
-          "documentation":"<p>A description for the experiment template. Can contain up to 64 letters (A-Z and a-z).</p>"
+          "documentation":"<p>A description for the experiment template.</p>"
         },
         "stopConditions":{
           "shape":"CreateExperimentTemplateStopConditionInputList",
@@ -408,7 +437,7 @@
         },
         "roleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the AWS FIS service permission to perform service actions on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the FIS service permission to perform service actions on your behalf.</p>"
         },
         "tags":{
           "shape":"TagMap",
@@ -452,8 +481,8 @@
       ],
       "members":{
         "resourceType":{
-          "shape":"ResourceType",
-          "documentation":"<p>The AWS resource type. The resource type must be supported for the specified action.</p>"
+          "shape":"TargetResourceTypeId",
+          "documentation":"<p>The resource type. The resource type must be supported for the specified action.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
@@ -470,9 +499,13 @@
         "selectionMode":{
           "shape":"ExperimentTemplateTargetSelectionMode",
           "documentation":"<p>Scopes the identified resources to a specific count of the resources at random, or a percentage of the resources. All identified resources are included in the target.</p> <ul> <li> <p>ALL - Run the action on all identified targets. This is the default.</p> </li> <li> <p>COUNT(n) - Run the action on the specified number of targets, chosen from the identified targets at random. For example, COUNT(1) selects one of the targets.</p> </li> <li> <p>PERCENT(n) - Run the action on the specified percentage of targets, chosen from the identified targets at random. For example, PERCENT(25) selects 25% of the targets.</p> </li> </ul>"
+        },
+        "parameters":{
+          "shape":"ExperimentTemplateTargetParameterMap",
+          "documentation":"<p>The resource type parameters.</p>"
         }
       },
-      "documentation":"<p>Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags.</p>"
+      "documentation":"<p>Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/targets.html\">Targets</a> in the <i>Fault Injection Simulator User Guide</i>.</p>"
     },
     "CreateExperimentTemplateTargetInputMap":{
       "type":"map",
@@ -519,7 +552,7 @@
         },
         "roleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the AWS FIS service permission to perform service actions on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the FIS service permission to perform service actions on your behalf.</p>"
         },
         "state":{
           "shape":"ExperimentState",
@@ -539,11 +572,11 @@
         },
         "creationTime":{
           "shape":"CreationTime",
-          "documentation":"<p>The time the experiment was created.</p>"
+          "documentation":"<p>The time that the experiment was created.</p>"
         },
         "startTime":{
           "shape":"ExperimentStartTime",
-          "documentation":"<p>The time that the experiment was started.</p>"
+          "documentation":"<p>The time that the experiment started.</p>"
         },
         "endTime":{
           "shape":"ExperimentEndTime",
@@ -582,6 +615,14 @@
         "state":{
           "shape":"ExperimentActionState",
           "documentation":"<p>The state of the action.</p>"
+        },
+        "startTime":{
+          "shape":"ExperimentActionStartTime",
+          "documentation":"<p>The time that the action started.</p>"
+        },
+        "endTime":{
+          "shape":"ExperimentActionEndTime",
+          "documentation":"<p>The time that the action ended.</p>"
         }
       },
       "documentation":"<p>Describes the action for an experiment.</p>"
@@ -591,6 +632,7 @@
       "max":512,
       "pattern":"[\\s\\S]+"
     },
+    "ExperimentActionEndTime":{"type":"timestamp"},
     "ExperimentActionMap":{
       "type":"map",
       "key":{"shape":"ExperimentActionName"},
@@ -625,6 +667,7 @@
       "type":"list",
       "member":{"shape":"ExperimentActionStartAfter"}
     },
+    "ExperimentActionStartTime":{"type":"timestamp"},
     "ExperimentActionState":{
       "type":"structure",
       "members":{
@@ -757,7 +800,7 @@
       "type":"structure",
       "members":{
         "resourceType":{
-          "shape":"ResourceType",
+          "shape":"TargetResourceTypeId",
           "documentation":"<p>The resource type.</p>"
         },
         "resourceArns":{
@@ -775,6 +818,10 @@
         "selectionMode":{
           "shape":"ExperimentTargetSelectionMode",
           "documentation":"<p>Scopes the identified resources to a specific count or percentage.</p>"
+        },
+        "parameters":{
+          "shape":"ExperimentTargetParameterMap",
+          "documentation":"<p>The resource type parameters.</p>"
         }
       },
       "documentation":"<p>Describes a target for an experiment.</p>"
@@ -821,6 +868,21 @@
       "max":64,
       "pattern":"[\\S]+"
     },
+    "ExperimentTargetParameterMap":{
+      "type":"map",
+      "key":{"shape":"ExperimentTargetParameterName"},
+      "value":{"shape":"ExperimentTargetParameterValue"}
+    },
+    "ExperimentTargetParameterName":{
+      "type":"string",
+      "max":64,
+      "pattern":"[\\S]+"
+    },
+    "ExperimentTargetParameterValue":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
     "ExperimentTargetSelectionMode":{
       "type":"string",
       "max":64,
@@ -1005,7 +1067,7 @@
       "type":"structure",
       "members":{
         "resourceType":{
-          "shape":"ResourceType",
+          "shape":"TargetResourceTypeId",
           "documentation":"<p>The resource type.</p>"
         },
         "resourceArns":{
@@ -1023,6 +1085,10 @@
         "selectionMode":{
           "shape":"ExperimentTemplateTargetSelectionMode",
           "documentation":"<p>Scopes the identified resources to a specific count or percentage.</p>"
+        },
+        "parameters":{
+          "shape":"ExperimentTemplateTargetParameterMap",
+          "documentation":"<p>The resource type parameters.</p>"
         }
       },
       "documentation":"<p>Describes a target for an experiment template.</p>"
@@ -1079,7 +1145,7 @@
           "documentation":"<p>The attribute values for the filter.</p>"
         }
       },
-      "documentation":"<p>Describes a filter used for the target resource input in an experiment template.</p>"
+      "documentation":"<p>Specifies a filter used for the target resource input in an experiment template.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters\">Resource filters</a> in the <i>Fault Injection Simulator User Guide</i>.</p>"
     },
     "ExperimentTemplateTargetMap":{
       "type":"map",
@@ -1091,6 +1157,22 @@
       "max":64,
       "pattern":"[\\S]+"
     },
+    "ExperimentTemplateTargetParameterMap":{
+      "type":"map",
+      "key":{"shape":"ExperimentTemplateTargetParameterName"},
+      "value":{"shape":"ExperimentTemplateTargetParameterValue"}
+    },
+    "ExperimentTemplateTargetParameterName":{
+      "type":"string",
+      "max":64,
+      "pattern":"[\\S]+"
+    },
+    "ExperimentTemplateTargetParameterValue":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"^[\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]+$"
+    },
     "ExperimentTemplateTargetSelectionMode":{
       "type":"string",
       "max":64,
@@ -1159,6 +1241,27 @@
         }
       }
     },
+    "GetTargetResourceTypeRequest":{
+      "type":"structure",
+      "required":["resourceType"],
+      "members":{
+        "resourceType":{
+          "shape":"TargetResourceTypeId",
+          "documentation":"<p>The resource type.</p>",
+          "location":"uri",
+          "locationName":"resourceType"
+        }
+      }
+    },
+    "GetTargetResourceTypeResponse":{
+      "type":"structure",
+      "members":{
+        "targetResourceType":{
+          "shape":"TargetResourceType",
+          "documentation":"<p>Information about the resource type.</p>"
+        }
+      }
+    },
     "LastUpdateTime":{"type":"timestamp"},
     "ListActionsMaxResults":{
       "type":"integer",
@@ -1289,6 +1392,42 @@
         }
       }
     },
+    "ListTargetResourceTypesMaxResults":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "ListTargetResourceTypesRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"ListTargetResourceTypesMaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "box":true,
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListTargetResourceTypesResponse":{
+      "type":"structure",
+      "members":{
+        "targetResourceTypes":{
+          "shape":"TargetResourceTypeSummaryList",
+          "documentation":"<p>The target resource types.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+        }
+      }
+    },
     "NextToken":{
       "type":"string",
       "max":1024,
@@ -1315,11 +1454,6 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
-    "ResourceType":{
-      "type":"string",
-      "max":64,
-      "pattern":"[\\S]+"
-    },
     "RoleArn":{
       "type":"string",
       "max":2048,
@@ -1443,10 +1577,82 @@
       "pattern":"[\\s\\S]*"
     },
     "TargetResourceType":{
+      "type":"structure",
+      "members":{
+        "resourceType":{
+          "shape":"TargetResourceTypeId",
+          "documentation":"<p>The resource type.</p>"
+        },
+        "description":{
+          "shape":"TargetResourceTypeDescription",
+          "documentation":"<p>A description of the resource type.</p>"
+        },
+        "parameters":{
+          "shape":"TargetResourceTypeParameterMap",
+          "documentation":"<p>The parameters for the resource type.</p>"
+        }
+      },
+      "documentation":"<p>Describes a resource type.</p>"
+    },
+    "TargetResourceTypeDescription":{
+      "type":"string",
+      "max":512,
+      "pattern":"[\\s\\S]+"
+    },
+    "TargetResourceTypeId":{
       "type":"string",
       "max":128,
       "pattern":"[\\S]+"
     },
+    "TargetResourceTypeParameter":{
+      "type":"structure",
+      "members":{
+        "description":{
+          "shape":"TargetResourceTypeParameterDescription",
+          "documentation":"<p>A description of the parameter.</p>"
+        },
+        "required":{
+          "shape":"TargetResourceTypeParameterRequired",
+          "documentation":"<p>Indicates whether the parameter is required.</p>",
+          "box":true
+        }
+      },
+      "documentation":"<p>Describes the parameters for a resource type. Use parameters to determine which tasks are identified during target resolution.</p>"
+    },
+    "TargetResourceTypeParameterDescription":{
+      "type":"string",
+      "max":512,
+      "pattern":"[\\s\\S]+"
+    },
+    "TargetResourceTypeParameterMap":{
+      "type":"map",
+      "key":{"shape":"TargetResourceTypeParameterName"},
+      "value":{"shape":"TargetResourceTypeParameter"}
+    },
+    "TargetResourceTypeParameterName":{
+      "type":"string",
+      "max":64,
+      "pattern":"[\\S]+"
+    },
+    "TargetResourceTypeParameterRequired":{"type":"boolean"},
+    "TargetResourceTypeSummary":{
+      "type":"structure",
+      "members":{
+        "resourceType":{
+          "shape":"TargetResourceTypeId",
+          "documentation":"<p>The resource type.</p>"
+        },
+        "description":{
+          "shape":"TargetResourceTypeDescription",
+          "documentation":"<p>A description of the resource type.</p>"
+        }
+      },
+      "documentation":"<p>Describes a resource type.</p>"
+    },
+    "TargetResourceTypeSummaryList":{
+      "type":"list",
+      "member":{"shape":"TargetResourceTypeSummary"}
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":["resourceArn"],
@@ -1529,7 +1735,7 @@
         },
         "roleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the AWS FIS service permission to perform service actions on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that grants the FIS service permission to perform service actions on your behalf.</p>"
         }
       }
     },
@@ -1569,8 +1775,8 @@
       ],
       "members":{
         "resourceType":{
-          "shape":"ResourceType",
-          "documentation":"<p>The AWS resource type. The resource type must be supported for the specified action.</p>"
+          "shape":"TargetResourceTypeId",
+          "documentation":"<p>The resource type. The resource type must be supported for the specified action.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
@@ -1587,6 +1793,10 @@
         "selectionMode":{
           "shape":"ExperimentTemplateTargetSelectionMode",
           "documentation":"<p>Scopes the identified resources to a specific count or percentage.</p>"
+        },
+        "parameters":{
+          "shape":"ExperimentTemplateTargetParameterMap",
+          "documentation":"<p>The resource type parameters.</p>"
         }
       },
       "documentation":"<p>Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both.</p>"
@@ -1606,5 +1816,5 @@
       "exception":true
     }
   },
-  "documentation":"<p>AWS Fault Injection Simulator is a managed service that enables you to perform fault injection experiments on your AWS workloads. For more information, see the <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/\">AWS Fault Injection Simulator User Guide</a>.</p>"
+  "documentation":"<p>Fault Injection Simulator is a managed service that enables you to perform fault injection experiments on your Amazon Web Services workloads. For more information, see the <a href=\"https://docs.aws.amazon.com/fis/latest/userguide/\">Fault Injection Simulator User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/fms/2018-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/fms/2018-01-01/service-2.json
index 187924e6183..c3f19ef3122 100644
--- a/contrib/python/botocore/py3/botocore/data/fms/2018-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/fms/2018-01-01/service-2.json
@@ -361,7 +361,7 @@
         {"shape":"InternalErrorException"},
         {"shape":"InvalidTypeException"}
       ],
-      "documentation":"<p>Creates an Firewall Manager policy.</p> <p>Firewall Manager provides the following types of policies: </p> <ul> <li> <p>An WAF policy (type WAFV2), which defines rule groups to run first in the corresponding WAF web ACL and rule groups to run last in the web ACL.</p> </li> <li> <p>An WAF Classic policy (type WAF), which defines a rule group. </p> </li> <li> <p>A Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources.</p> </li> <li> <p>A security group policy, which manages VPC security groups across your Amazon Web Services organization. </p> </li> <li> <p>An Network Firewall policy, which provides firewall rules to filter network traffic in specified Amazon VPCs.</p> </li> <li> <p>A DNS Firewall policy, which provides Route 53 Resolver DNS Firewall rules to filter DNS queries for specified VPCs.</p> </li> </ul> <p>Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.</p> <p>You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more information about subscribing to Shield Advanced, see <a href=\"https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html\">CreateSubscription</a>.</p>"
+      "documentation":"<p>Creates an Firewall Manager policy.</p> <p>Firewall Manager provides the following types of policies: </p> <ul> <li> <p>An WAF policy (type WAFV2), which defines rule groups to run first in the corresponding WAF web ACL and rule groups to run last in the web ACL.</p> </li> <li> <p>An WAF Classic policy (type WAF), which defines a rule group. </p> </li> <li> <p>A Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources.</p> </li> <li> <p>A security group policy, which manages VPC security groups across your Amazon Web Services organization. </p> </li> <li> <p>An Network Firewall policy, which provides firewall rules to filter network traffic in specified Amazon VPCs.</p> </li> <li> <p>A DNS Firewall policy, which provides Route 53 Resolver DNS Firewall rules to filter DNS queries for specified VPCs.</p> </li> </ul> <p>Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.</p> <p>You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more information about subscribing to Shield Advanced, see <a href=\"https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html\">CreateSubscription</a>.</p>"
     },
     "PutProtocolsList":{
       "name":"PutProtocolsList",
@@ -1479,7 +1479,7 @@
     },
     "ManagedServiceData":{
       "type":"string",
-      "max":4096,
+      "max":8192,
       "min":1,
       "pattern":".*"
     },
@@ -1902,7 +1902,7 @@
         },
         "ResourceType":{
           "shape":"ResourceType",
-          "documentation":"<p>The type of resource protected by or in scope of the policy. This is in the format shown in the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a>. To apply this policy to multiple resource types, specify a resource type of <code>ResourceTypeList</code> and then specify the resource types in a <code>ResourceTypeList</code>.</p> <p>For WAF and Shield Advanced, example resource types include <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code> and <code>AWS::CloudFront::Distribution</code>. For a security group common policy, valid values are <code>AWS::EC2::NetworkInterface</code> and <code>AWS::EC2::Instance</code>. For a security group content audit policy, valid values are <code>AWS::EC2::SecurityGroup</code>, <code>AWS::EC2::NetworkInterface</code>, and <code>AWS::EC2::Instance</code>. For a security group usage audit policy, the value is <code>AWS::EC2::SecurityGroup</code>. For an Network Firewall policy or DNS Firewall policy, the value is <code>AWS::EC2::VPC</code>.</p>"
+          "documentation":"<p>The type of resource protected by or in scope of the policy. This is in the format shown in the <a href=\"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\">Amazon Web Services Resource Types Reference</a>. To apply this policy to multiple resource types, specify a resource type of <code>ResourceTypeList</code> and then specify the resource types in a <code>ResourceTypeList</code>.</p> <p>For WAF and Shield Advanced, resource types include <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code>, <code>AWS::ElasticLoadBalancing::LoadBalancer</code>, <code>AWS::EC2::EIP</code>, and <code>AWS::CloudFront::Distribution</code>. For a security group common policy, valid values are <code>AWS::EC2::NetworkInterface</code> and <code>AWS::EC2::Instance</code>. For a security group content audit policy, valid values are <code>AWS::EC2::SecurityGroup</code>, <code>AWS::EC2::NetworkInterface</code>, and <code>AWS::EC2::Instance</code>. For a security group usage audit policy, the value is <code>AWS::EC2::SecurityGroup</code>. For an Network Firewall policy or DNS Firewall policy, the value is <code>AWS::EC2::VPC</code>.</p>"
         },
         "ResourceTypeList":{
           "shape":"ResourceTypeList",
@@ -1922,7 +1922,7 @@
         },
         "DeleteUnusedFMManagedResources":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.</p>"
+          "documentation":"<p>Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. </p> <p>By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. </p> <p>This option is not available for Shield Advanced or WAF Classic policies.</p>"
         },
         "IncludeMap":{
           "shape":"CustomerPolicyScopeMap",
@@ -2049,7 +2049,7 @@
         },
         "DeleteUnusedFMManagedResources":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.</p>"
+          "documentation":"<p>Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope. </p> <p>By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources. </p> <p>This option is not available for Shield Advanced or WAF Classic policies.</p>"
         }
       },
       "documentation":"<p>Details of the Firewall Manager policy. </p>"
@@ -2599,7 +2599,7 @@
         },
         "ManagedServiceData":{
           "shape":"ManagedServiceData",
-          "documentation":"<p>Details about the service that are specific to the service type, in JSON format. For service type <code>SHIELD_ADVANCED</code>, this is an empty string.</p> <ul> <li> <p>Example: <code>DNS_FIREWALL</code> </p> <p> <code>\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"</code> </p> <note> <p>Valid values for <code>preProcessRuleGroups</code> are between 1 and 99. Valid values for <code>postProcessRuleGroups</code> are between 9901 and 10000.</p> </note> </li> <li> <p>Example: <code>NETWORK_FIREWALL</code> </p> <p> <code>\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"</code> </p> </li> <li> <p>Example: <code>WAFV2</code> </p> <p> <code>\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"</code> </p> <p>In the <code>loggingConfiguration</code>, you can specify one <code>logDestinationConfigs</code>, you can optionally provide up to 20 <code>redactedFields</code>, and the <code>RedactedFieldType</code> must be one of <code>URI</code>, <code>QUERY_STRING</code>, <code>HEADER</code>, or <code>METHOD</code>.</p> </li> <li> <p>Example: <code>WAF Classic</code> </p> <p> <code>\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"</code> </p> </li> <li> <p>Example: <code>SECURITY_GROUPS_COMMON</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"</code> </p> </li> <li> <p>Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"</code> </p> </li> <li> <p>Example: <code>SECURITY_GROUPS_CONTENT_AUDIT</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"</code> </p> <p>The security group action for content audit can be <code>ALLOW</code> or <code>DENY</code>. For <code>ALLOW</code>, all in-scope security group rules must be within the allowed range of the policy's security group rules. For <code>DENY</code>, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.</p> </li> <li> <p>Example: <code>SECURITY_GROUPS_USAGE_AUDIT</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"</code> </p> </li> </ul>"
+          "documentation":"<p>Details about the service that are specific to the service type, in JSON format. </p> <ul> <li> <p>Example: <code>DNS_FIREWALL</code> </p> <p> <code>\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"</code> </p> <note> <p>Valid values for <code>preProcessRuleGroups</code> are between 1 and 99. Valid values for <code>postProcessRuleGroups</code> are between 9901 and 10000.</p> </note> </li> <li> <p>Example: <code>NETWORK_FIREWALL</code> </p> <p> <code>\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"</code> </p> </li> <li> <p>Specification for <code>SHIELD_ADVANCED</code> for Amazon CloudFront distributions </p> <p> <code>\"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED|IGNORED|DISABLED\\\", \\\"automaticResponseAction\\\":\\\"BLOCK|COUNT\\\"}, \\\"overrideCustomerWebaclClassic\\\":true|false}\"</code> </p> <p>For example: <code>\"{\\\"type\\\":\\\"SHIELD_ADVANCED\\\",\\\"automaticResponseConfiguration\\\": {\\\"automaticResponseStatus\\\":\\\"ENABLED\\\", \\\"automaticResponseAction\\\":\\\"COUNT\\\"}}\"</code> </p> <p>The default value for <code>automaticResponseStatus</code> is <code>IGNORED</code>. The value for <code>automaticResponseAction</code> is only required when <code>automaticResponseStatus</code> is set to <code>ENABLED</code>. The default value for <code>overrideCustomerWebaclClassic</code> is <code>false</code>.</p> <p>For other resource types that you can protect with a Shield Advanced policy, this <code>ManagedServiceData</code> configuration is an empty string.</p> </li> <li> <p>Example: <code>WAFV2</code> </p> <p> <code>\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"</code> </p> <p>In the <code>loggingConfiguration</code>, you can specify one <code>logDestinationConfigs</code>, you can optionally provide up to 20 <code>redactedFields</code>, and the <code>RedactedFieldType</code> must be one of <code>URI</code>, <code>QUERY_STRING</code>, <code>HEADER</code>, or <code>METHOD</code>.</p> </li> <li> <p>Example: <code>WAF Classic</code> </p> <p> <code>\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"</code> </p> </li> <li> <p>Example: <code>SECURITY_GROUPS_COMMON</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"</code> </p> </li> <li> <p>Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"</code> </p> </li> <li> <p>Example: <code>SECURITY_GROUPS_CONTENT_AUDIT</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"</code> </p> <p>The security group action for content audit can be <code>ALLOW</code> or <code>DENY</code>. For <code>ALLOW</code>, all in-scope security group rules must be within the allowed range of the policy's security group rules. For <code>DENY</code>, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.</p> </li> <li> <p>Example: <code>SECURITY_GROUPS_USAGE_AUDIT</code> </p> <p> <code>\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"</code> </p> </li> </ul>"
         }
       },
       "documentation":"<p>Details about the security service that is being used to protect the resources.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/forecast/2018-06-26/service-2.json b/contrib/python/botocore/py3/botocore/data/forecast/2018-06-26/service-2.json
index 49789f9decf..7ec178be6e8 100644
--- a/contrib/python/botocore/py3/botocore/data/forecast/2018-06-26/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/forecast/2018-06-26/service-2.json
@@ -13,6 +13,23 @@
     "uid":"forecast-2018-06-26"
   },
   "operations":{
+    "CreateAutoPredictor":{
+      "name":"CreateAutoPredictor",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateAutoPredictorRequest"},
+      "output":{"shape":"CreateAutoPredictorResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"LimitExceededException"}
+      ],
+      "documentation":"<p>Creates an Amazon Forecast predictor.</p> <p>Amazon Forecast creates predictors with AutoPredictor, which involves applying the optimal combination of algorithms to each time series in your datasets. You can use <a>CreateAutoPredictor</a> to create new predictors or upgrade/retrain existing predictors.</p> <p> <b>Creating new predictors</b> </p> <p>The following parameters are required when creating a new predictor:</p> <ul> <li> <p> <code>PredictorName</code> - A unique name for the predictor.</p> </li> <li> <p> <code>DatasetGroupArn</code> - The ARN of the dataset group used to train the predictor.</p> </li> <li> <p> <code>ForecastFrequency</code> - The granularity of your forecasts (hourly, daily, weekly, etc).</p> </li> <li> <p> <code>ForecastHorizon</code> - The number of time steps being forecasted.</p> </li> </ul> <p>When creating a new predictor, do not specify a value for <code>ReferencePredictorArn</code>.</p> <p> <b>Upgrading and retraining predictors</b> </p> <p>The following parameters are required when retraining or upgrading a predictor:</p> <ul> <li> <p> <code>PredictorName</code> - A unique name for the predictor.</p> </li> <li> <p> <code>ReferencePredictorArn</code> - The ARN of the predictor to retrain or upgrade.</p> </li> </ul> <p>When upgrading or retraining a predictor, only specify values for the <code>ReferencePredictorArn</code> and <code>PredictorName</code>. </p>"
+    },
     "CreateDataset":{
       "name":"CreateDataset",
       "http":{
@@ -62,6 +79,40 @@
       ],
       "documentation":"<p>Imports your training data to an Amazon Forecast dataset. You provide the location of your training data in an Amazon Simple Storage Service (Amazon S3) bucket and the Amazon Resource Name (ARN) of the dataset that you want to import the data to.</p> <p>You must specify a <a>DataSource</a> object that includes an AWS Identity and Access Management (IAM) role that Amazon Forecast can assume to access the data, as Amazon Forecast makes a copy of your data and processes it in an internal AWS system. For more information, see <a>aws-forecast-iam-roles</a>.</p> <p>The training data must be in CSV format. The delimiter must be a comma (,).</p> <p>You can specify the path to a specific CSV file, the S3 bucket, or to a folder in the S3 bucket. For the latter two cases, Amazon Forecast imports all files up to the limit of 10,000 files.</p> <p>Because dataset imports are not aggregated, your most recent dataset import is the one that is used when training a predictor or generating a forecast. Make sure that your most recent dataset import contains all of the data you want to model off of, and not just the new data collected since the previous import.</p> <p>To get a list of all your dataset import jobs, filtered by specified criteria, use the <a>ListDatasetImportJobs</a> operation.</p>"
     },
+    "CreateExplainability":{
+      "name":"CreateExplainability",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateExplainabilityRequest"},
+      "output":{"shape":"CreateExplainabilityResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"LimitExceededException"}
+      ],
+      "documentation":"<note> <p>Explainability is only available for Forecasts and Predictors generated from an AutoPredictor (<a>CreateAutoPredictor</a>)</p> </note> <p>Creates an Amazon Forecast Explainability.</p> <p>Explainability helps you better understand how the attributes in your datasets impact forecast. Amazon Forecast uses a metric called Impact scores to quantify the relative impact of each attribute and determine whether they increase or decrease forecast values.</p> <p>To enable Forecast Explainability, your predictor must include at least one of the following: related time series, item metadata, or additional datasets like Holidays and the Weather Index.</p> <p>CreateExplainability accepts either a Predictor ARN or Forecast ARN. To receive aggregated Impact scores for all time series and time points in your datasets, provide a Predictor ARN. To receive Impact scores for specific time series and time points, provide a Forecast ARN.</p> <p> <b>CreateExplainability with a Predictor ARN</b> </p> <note> <p>You can only have one Explainability resource per predictor. If you already enabled <code>ExplainPredictor</code> in <a>CreateAutoPredictor</a>, that predictor already has an Explainability resource.</p> </note> <p>The following parameters are required when providing a Predictor ARN:</p> <ul> <li> <p> <code>ExplainabilityName</code> - A unique name for the Explainability.</p> </li> <li> <p> <code>ResourceArn</code> - The Arn of the predictor.</p> </li> <li> <p> <code>TimePointGranularity</code> - Must be set to “ALL”.</p> </li> <li> <p> <code>TimeSeriesGranularity</code> - Must be set to “ALL”.</p> </li> </ul> <p>Do not specify a value for the following parameters:</p> <ul> <li> <p> <code>DataSource</code> - Only valid when TimeSeriesGranularity is “SPECIFIC”.</p> </li> <li> <p> <code>Schema</code> - Only valid when TimeSeriesGranularity is “SPECIFIC”.</p> </li> <li> <p> <code>StartDateTime</code> - Only valid when TimePointGranularity is “SPECIFIC”.</p> </li> <li> <p> <code>EndDateTime</code> - Only valid when TimePointGranularity is “SPECIFIC”.</p> </li> </ul> <p> <b>CreateExplainability with a Forecast ARN</b> </p> <note> <p>You can specify a maximum of 50 time series and 500 time points.</p> </note> <p>The following parameters are required when providing a Predictor ARN:</p> <ul> <li> <p> <code>ExplainabilityName</code> - A unique name for the Explainability.</p> </li> <li> <p> <code>ResourceArn</code> - The Arn of the forecast.</p> </li> <li> <p> <code>TimePointGranularity</code> - Either “ALL” or “SPECIFIC”.</p> </li> <li> <p> <code>TimeSeriesGranularity</code> - Either “ALL” or “SPECIFIC”.</p> </li> </ul> <p>If you set TimeSeriesGranularity to “SPECIFIC”, you must also provide the following:</p> <ul> <li> <p> <code>DataSource</code> - The S3 location of the CSV file specifying your time series.</p> </li> <li> <p> <code>Schema</code> - The Schema defines the attributes and attribute types listed in the Data Source.</p> </li> </ul> <p>If you set TimePointGranularity to “SPECIFIC”, you must also provide the following:</p> <ul> <li> <p> <code>StartDateTime</code> - The first timestamp in the range of time points.</p> </li> <li> <p> <code>EndDateTime</code> - The last timestamp in the range of time points.</p> </li> </ul>"
+    },
+    "CreateExplainabilityExport":{
+      "name":"CreateExplainabilityExport",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateExplainabilityExportRequest"},
+      "output":{"shape":"CreateExplainabilityExportResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"},
+        {"shape":"LimitExceededException"}
+      ],
+      "documentation":"<p>Exports an Explainability resource created by the <a>CreateExplainability</a> operation. Exported files are exported to an Amazon Simple Storage Service (Amazon S3) bucket.</p> <p>You must specify a <a>DataDestination</a> object that includes an Amazon S3 bucket and an AWS Identity and Access Management (IAM) role that Amazon Forecast can assume to access the Amazon S3 bucket. For more information, see <a>aws-forecast-iam-roles</a>.</p> <note> <p>The <code>Status</code> of the export job must be <code>ACTIVE</code> before you can access the export in your Amazon S3 bucket. To get the status, use the <a>DescribeExplainabilityExport</a> operation.</p> </note>"
+    },
     "CreateForecast":{
       "name":"CreateForecast",
       "http":{
@@ -111,7 +162,7 @@
         {"shape":"ResourceInUseException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates an Amazon Forecast predictor.</p> <p>In the request, provide a dataset group and either specify an algorithm or let Amazon Forecast choose an algorithm for you using AutoML. If you specify an algorithm, you also can override algorithm-specific hyperparameters.</p> <p>Amazon Forecast uses the algorithm to train a predictor using the latest version of the datasets in the specified dataset group. You can then generate a forecast using the <a>CreateForecast</a> operation.</p> <p> To see the evaluation metrics, use the <a>GetAccuracyMetrics</a> operation. </p> <p>You can specify a featurization configuration to fill and aggregate the data fields in the <code>TARGET_TIME_SERIES</code> dataset to improve model training. For more information, see <a>FeaturizationConfig</a>.</p> <p>For RELATED_TIME_SERIES datasets, <code>CreatePredictor</code> verifies that the <code>DataFrequency</code> specified when the dataset was created matches the <code>ForecastFrequency</code>. TARGET_TIME_SERIES datasets don't have this restriction. Amazon Forecast also verifies the delimiter and timestamp format. For more information, see <a>howitworks-datasets-groups</a>.</p> <p>By default, predictors are trained and evaluated at the 0.1 (P10), 0.5 (P50), and 0.9 (P90) quantiles. You can choose custom forecast types to train and evaluate your predictor by setting the <code>ForecastTypes</code>. </p> <p> <b>AutoML</b> </p> <p>If you want Amazon Forecast to evaluate each algorithm and choose the one that minimizes the <code>objective function</code>, set <code>PerformAutoML</code> to <code>true</code>. The <code>objective function</code> is defined as the mean of the weighted losses over the forecast types. By default, these are the p10, p50, and p90 quantile losses. For more information, see <a>EvaluationResult</a>.</p> <p>When AutoML is enabled, the following properties are disallowed:</p> <ul> <li> <p> <code>AlgorithmArn</code> </p> </li> <li> <p> <code>HPOConfig</code> </p> </li> <li> <p> <code>PerformHPO</code> </p> </li> <li> <p> <code>TrainingParameters</code> </p> </li> </ul> <p>To get a list of all of your predictors, use the <a>ListPredictors</a> operation.</p> <note> <p>Before you can use the predictor to create a forecast, the <code>Status</code> of the predictor must be <code>ACTIVE</code>, signifying that training has completed. To get the status, use the <a>DescribePredictor</a> operation.</p> </note>"
+      "documentation":"<note> <p> This operation creates a legacy predictor that does not include all the predictor functionalities provided by Amazon Forecast. To create a predictor that is compatible with all aspects of Forecast, use <a>CreateAutoPredictor</a>.</p> </note> <p>Creates an Amazon Forecast predictor.</p> <p>In the request, provide a dataset group and either specify an algorithm or let Amazon Forecast choose an algorithm for you using AutoML. If you specify an algorithm, you also can override algorithm-specific hyperparameters.</p> <p>Amazon Forecast uses the algorithm to train a predictor using the latest version of the datasets in the specified dataset group. You can then generate a forecast using the <a>CreateForecast</a> operation.</p> <p> To see the evaluation metrics, use the <a>GetAccuracyMetrics</a> operation. </p> <p>You can specify a featurization configuration to fill and aggregate the data fields in the <code>TARGET_TIME_SERIES</code> dataset to improve model training. For more information, see <a>FeaturizationConfig</a>.</p> <p>For RELATED_TIME_SERIES datasets, <code>CreatePredictor</code> verifies that the <code>DataFrequency</code> specified when the dataset was created matches the <code>ForecastFrequency</code>. TARGET_TIME_SERIES datasets don't have this restriction. Amazon Forecast also verifies the delimiter and timestamp format. For more information, see <a>howitworks-datasets-groups</a>.</p> <p>By default, predictors are trained and evaluated at the 0.1 (P10), 0.5 (P50), and 0.9 (P90) quantiles. You can choose custom forecast types to train and evaluate your predictor by setting the <code>ForecastTypes</code>. </p> <p> <b>AutoML</b> </p> <p>If you want Amazon Forecast to evaluate each algorithm and choose the one that minimizes the <code>objective function</code>, set <code>PerformAutoML</code> to <code>true</code>. The <code>objective function</code> is defined as the mean of the weighted losses over the forecast types. By default, these are the p10, p50, and p90 quantile losses. For more information, see <a>EvaluationResult</a>.</p> <p>When AutoML is enabled, the following properties are disallowed:</p> <ul> <li> <p> <code>AlgorithmArn</code> </p> </li> <li> <p> <code>HPOConfig</code> </p> </li> <li> <p> <code>PerformHPO</code> </p> </li> <li> <p> <code>TrainingParameters</code> </p> </li> </ul> <p>To get a list of all of your predictors, use the <a>ListPredictors</a> operation.</p> <note> <p>Before you can use the predictor to create a forecast, the <code>Status</code> of the predictor must be <code>ACTIVE</code>, signifying that training has completed. To get the status, use the <a>DescribePredictor</a> operation.</p> </note>"
     },
     "CreatePredictorBacktestExportJob":{
       "name":"CreatePredictorBacktestExportJob",
@@ -128,7 +179,7 @@
         {"shape":"ResourceInUseException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Exports backtest forecasts and accuracy metrics generated by the <a>CreatePredictor</a> operation. Two folders containing CSV files are exported to your specified S3 bucket.</p> <p> The export file names will match the following conventions:</p> <p> <code>&lt;ExportJobName&gt;_&lt;ExportTimestamp&gt;_&lt;PartNumber&gt;.csv</code> </p> <p>The &lt;ExportTimestamp&gt; component is in Java SimpleDate format (yyyy-MM-ddTHH-mm-ssZ).</p> <p>You must specify a <a>DataDestination</a> object that includes an Amazon S3 bucket and an AWS Identity and Access Management (IAM) role that Amazon Forecast can assume to access the Amazon S3 bucket. For more information, see <a>aws-forecast-iam-roles</a>.</p> <note> <p>The <code>Status</code> of the export job must be <code>ACTIVE</code> before you can access the export in your Amazon S3 bucket. To get the status, use the <a>DescribePredictorBacktestExportJob</a> operation.</p> </note>"
+      "documentation":"<p>Exports backtest forecasts and accuracy metrics generated by the <a>CreateAutoPredictor</a> or <a>CreatePredictor</a> operations. Two folders containing CSV files are exported to your specified S3 bucket.</p> <p> The export file names will match the following conventions:</p> <p> <code>&lt;ExportJobName&gt;_&lt;ExportTimestamp&gt;_&lt;PartNumber&gt;.csv</code> </p> <p>The &lt;ExportTimestamp&gt; component is in Java SimpleDate format (yyyy-MM-ddTHH-mm-ssZ).</p> <p>You must specify a <a>DataDestination</a> object that includes an Amazon S3 bucket and an AWS Identity and Access Management (IAM) role that Amazon Forecast can assume to access the Amazon S3 bucket. For more information, see <a>aws-forecast-iam-roles</a>.</p> <note> <p>The <code>Status</code> of the export job must be <code>ACTIVE</code> before you can access the export in your Amazon S3 bucket. To get the status, use the <a>DescribePredictorBacktestExportJob</a> operation.</p> </note>"
     },
     "DeleteDataset":{
       "name":"DeleteDataset",
@@ -175,6 +226,36 @@
       "documentation":"<p>Deletes a dataset import job created using the <a>CreateDatasetImportJob</a> operation. You can delete only dataset import jobs that have a status of <code>ACTIVE</code> or <code>CREATE_FAILED</code>. To get the status, use the <a>DescribeDatasetImportJob</a> operation.</p>",
       "idempotent":true
     },
+    "DeleteExplainability":{
+      "name":"DeleteExplainability",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteExplainabilityRequest"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Deletes an Explainability resource.</p> <p>You can delete only predictor that have a status of <code>ACTIVE</code> or <code>CREATE_FAILED</code>. To get the status, use the <a>DescribeExplainability</a> operation.</p>",
+      "idempotent":true
+    },
+    "DeleteExplainabilityExport":{
+      "name":"DeleteExplainabilityExport",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteExplainabilityExportRequest"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Deletes an Explainability export.</p>",
+      "idempotent":true
+    },
     "DeleteForecast":{
       "name":"DeleteForecast",
       "http":{
@@ -217,7 +298,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Deletes a predictor created using the <a>CreatePredictor</a> operation. You can delete only predictor that have a status of <code>ACTIVE</code> or <code>CREATE_FAILED</code>. To get the status, use the <a>DescribePredictor</a> operation.</p>",
+      "documentation":"<p>Deletes a predictor created using the <a>DescribePredictor</a> or <a>CreatePredictor</a> operations. You can delete only predictor that have a status of <code>ACTIVE</code> or <code>CREATE_FAILED</code>. To get the status, use the <a>DescribePredictor</a> operation.</p>",
       "idempotent":true
     },
     "DeletePredictorBacktestExportJob":{
@@ -250,6 +331,21 @@
       "documentation":"<p>Deletes an entire resource tree. This operation will delete the parent resource and its child resources.</p> <p>Child resources are resources that were created from another resource. For example, when a forecast is generated from a predictor, the forecast is the child resource and the predictor is the parent resource.</p> <p>Amazon Forecast resources possess the following parent-child resource hierarchies:</p> <ul> <li> <p> <b>Dataset</b>: dataset import jobs</p> </li> <li> <p> <b>Dataset Group</b>: predictors, predictor backtest export jobs, forecasts, forecast export jobs</p> </li> <li> <p> <b>Predictor</b>: predictor backtest export jobs, forecasts, forecast export jobs</p> </li> <li> <p> <b>Forecast</b>: forecast export jobs</p> </li> </ul> <note> <p> <code>DeleteResourceTree</code> will only delete Amazon Forecast resources, and will not delete datasets or exported files stored in Amazon S3. </p> </note>",
       "idempotent":true
     },
+    "DescribeAutoPredictor":{
+      "name":"DescribeAutoPredictor",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeAutoPredictorRequest"},
+      "output":{"shape":"DescribeAutoPredictorResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Describes a predictor created using the CreateAutoPredictor operation.</p>",
+      "idempotent":true
+    },
     "DescribeDataset":{
       "name":"DescribeDataset",
       "http":{
@@ -295,6 +391,36 @@
       "documentation":"<p>Describes a dataset import job created using the <a>CreateDatasetImportJob</a> operation.</p> <p>In addition to listing the parameters provided in the <code>CreateDatasetImportJob</code> request, this operation includes the following properties:</p> <ul> <li> <p> <code>CreationTime</code> </p> </li> <li> <p> <code>LastModificationTime</code> </p> </li> <li> <p> <code>DataSize</code> </p> </li> <li> <p> <code>FieldStatistics</code> </p> </li> <li> <p> <code>Status</code> </p> </li> <li> <p> <code>Message</code> - If an error occurred, information about the error.</p> </li> </ul>",
       "idempotent":true
     },
+    "DescribeExplainability":{
+      "name":"DescribeExplainability",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeExplainabilityRequest"},
+      "output":{"shape":"DescribeExplainabilityResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Describes an Explainability resource created using the <a>CreateExplainability</a> operation.</p>",
+      "idempotent":true
+    },
+    "DescribeExplainabilityExport":{
+      "name":"DescribeExplainabilityExport",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeExplainabilityExportRequest"},
+      "output":{"shape":"DescribeExplainabilityExportResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Describes an Explainability export created using the <a>CreateExplainabilityExport</a> operation.</p>",
+      "idempotent":true
+    },
     "DescribeForecast":{
       "name":"DescribeForecast",
       "http":{
@@ -337,7 +463,7 @@
         {"shape":"InvalidInputException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Describes a predictor created using the <a>CreatePredictor</a> operation.</p> <p>In addition to listing the properties provided in the <code>CreatePredictor</code> request, this operation lists the following properties:</p> <ul> <li> <p> <code>DatasetImportJobArns</code> - The dataset import jobs used to import training data.</p> </li> <li> <p> <code>AutoMLAlgorithmArns</code> - If AutoML is performed, the algorithms that were evaluated.</p> </li> <li> <p> <code>CreationTime</code> </p> </li> <li> <p> <code>LastModificationTime</code> </p> </li> <li> <p> <code>Status</code> </p> </li> <li> <p> <code>Message</code> - If an error occurred, information about the error.</p> </li> </ul>",
+      "documentation":"<note> <p> This operation is only valid for legacy predictors created with CreatePredictor. If you are not using a legacy predictor, use <a>DescribeAutoPredictor</a>.</p> </note> <p>Describes a predictor created using the <a>CreatePredictor</a> operation.</p> <p>In addition to listing the properties provided in the <code>CreatePredictor</code> request, this operation lists the following properties:</p> <ul> <li> <p> <code>DatasetImportJobArns</code> - The dataset import jobs used to import training data.</p> </li> <li> <p> <code>AutoMLAlgorithmArns</code> - If AutoML is performed, the algorithms that were evaluated.</p> </li> <li> <p> <code>CreationTime</code> </p> </li> <li> <p> <code>LastModificationTime</code> </p> </li> <li> <p> <code>Status</code> </p> </li> <li> <p> <code>Message</code> - If an error occurred, information about the error.</p> </li> </ul>",
       "idempotent":true
     },
     "DescribePredictorBacktestExportJob":{
@@ -414,6 +540,36 @@
       "documentation":"<p>Returns a list of datasets created using the <a>CreateDataset</a> operation. For each dataset, a summary of its properties, including its Amazon Resource Name (ARN), is returned. To retrieve the complete set of properties, use the ARN with the <a>DescribeDataset</a> operation.</p>",
       "idempotent":true
     },
+    "ListExplainabilities":{
+      "name":"ListExplainabilities",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListExplainabilitiesRequest"},
+      "output":{"shape":"ListExplainabilitiesResponse"},
+      "errors":[
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"InvalidInputException"}
+      ],
+      "documentation":"<p>Returns a list of Explainability resources created using the <a>CreateExplainability</a> operation. This operation returns a summary for each Explainability. You can filter the list using an array of <a>Filter</a> objects.</p> <p>To retrieve the complete set of properties for a particular Explainability resource, use the ARN with the <a>DescribeExplainability</a> operation.</p>",
+      "idempotent":true
+    },
+    "ListExplainabilityExports":{
+      "name":"ListExplainabilityExports",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListExplainabilityExportsRequest"},
+      "output":{"shape":"ListExplainabilityExportsResponse"},
+      "errors":[
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"InvalidInputException"}
+      ],
+      "documentation":"<p>Returns a list of Explainability exports created using the <a>CreateExplainabilityExport</a> operation. This operation returns a summary for each Explainability export. You can filter the list using an array of <a>Filter</a> objects.</p> <p>To retrieve the complete set of properties for a particular Explainability export, use the ARN with the <a>DescribeExplainability</a> operation.</p>",
+      "idempotent":true
+    },
     "ListForecastExportJobs":{
       "name":"ListForecastExportJobs",
       "http":{
@@ -471,7 +627,7 @@
         {"shape":"InvalidNextTokenException"},
         {"shape":"InvalidInputException"}
       ],
-      "documentation":"<p>Returns a list of predictors created using the <a>CreatePredictor</a> operation. For each predictor, this operation returns a summary of its properties, including its Amazon Resource Name (ARN). You can retrieve the complete set of properties by using the ARN with the <a>DescribePredictor</a> operation. You can filter the list using an array of <a>Filter</a> objects.</p>",
+      "documentation":"<p>Returns a list of predictors created using the <a>CreateAutoPredictor</a> or <a>CreatePredictor</a> operations. For each predictor, this operation returns a summary of its properties, including its Amazon Resource Name (ARN). </p> <p>You can retrieve the complete set of properties by using the ARN with the <a>DescribeAutoPredictor</a> and <a>DescribePredictor</a> operations. You can filter the list using an array of <a>Filter</a> objects.</p>",
       "idempotent":true
     },
     "ListTagsForResource":{
@@ -500,7 +656,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Stops a resource.</p> <p>The resource undergoes the following states: <code>CREATE_STOPPING</code> and <code>CREATE_STOPPED</code>. You cannot resume a resource once it has been stopped.</p> <p>This operation can be applied to the following resources (and their corresponding child resources):</p> <ul> <li> <p>Dataset Import Job</p> </li> <li> <p>Predictor Job</p> </li> <li> <p>Forecast Job</p> </li> <li> <p>Forecast Export Job</p> </li> <li> <p>Predictor Backtest Export Job</p> </li> </ul>",
+      "documentation":"<p>Stops a resource.</p> <p>The resource undergoes the following states: <code>CREATE_STOPPING</code> and <code>CREATE_STOPPED</code>. You cannot resume a resource once it has been stopped.</p> <p>This operation can be applied to the following resources (and their corresponding child resources):</p> <ul> <li> <p>Dataset Import Job</p> </li> <li> <p>Predictor Job</p> </li> <li> <p>Forecast Job</p> </li> <li> <p>Forecast Export Job</p> </li> <li> <p>Predictor Backtest Export Job</p> </li> <li> <p>Explainability Job</p> </li> <li> <p>Explainability Export Job</p> </li> </ul>",
       "idempotent":true
     },
     "TagResource":{
@@ -550,6 +706,27 @@
     }
   },
   "shapes":{
+    "AdditionalDataset":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the additional dataset. Valid names: <code>\"holiday\"</code> and <code>\"weather\"</code>.</p>"
+        },
+        "Configuration":{
+          "shape":"Configuration",
+          "documentation":"<p> <b>Weather Index</b> </p> <p>To enable the Weather Index, do not specify a value for <code>Configuration</code>.</p> <p> <b>Holidays</b> </p> <p>To enable Holidays, set <code>CountryCode</code> to one of the following two-letter country codes:</p> <ul> <li> <p>\"AL\" - ALBANIA</p> </li> <li> <p>\"AR\" - ARGENTINA</p> </li> <li> <p>\"AT\" - AUSTRIA</p> </li> <li> <p>\"AU\" - AUSTRALIA</p> </li> <li> <p>\"BA\" - BOSNIA HERZEGOVINA</p> </li> <li> <p>\"BE\" - BELGIUM</p> </li> <li> <p>\"BG\" - BULGARIA</p> </li> <li> <p>\"BO\" - BOLIVIA</p> </li> <li> <p>\"BR\" - BRAZIL</p> </li> <li> <p>\"BY\" - BELARUS</p> </li> <li> <p>\"CA\" - CANADA</p> </li> <li> <p>\"CL\" - CHILE</p> </li> <li> <p>\"CO\" - COLOMBIA</p> </li> <li> <p>\"CR\" - COSTA RICA</p> </li> <li> <p>\"HR\" - CROATIA</p> </li> <li> <p>\"CZ\" - CZECH REPUBLIC</p> </li> <li> <p>\"DK\" - DENMARK</p> </li> <li> <p>\"EC\" - ECUADOR</p> </li> <li> <p>\"EE\" - ESTONIA</p> </li> <li> <p>\"ET\" - ETHIOPIA</p> </li> <li> <p>\"FI\" - FINLAND</p> </li> <li> <p>\"FR\" - FRANCE</p> </li> <li> <p>\"DE\" - GERMANY</p> </li> <li> <p>\"GR\" - GREECE</p> </li> <li> <p>\"HU\" - HUNGARY</p> </li> <li> <p>\"IS\" - ICELAND</p> </li> <li> <p>\"IN\" - INDIA</p> </li> <li> <p>\"IE\" - IRELAND</p> </li> <li> <p>\"IT\" - ITALY</p> </li> <li> <p>\"JP\" - JAPAN</p> </li> <li> <p>\"KZ\" - KAZAKHSTAN</p> </li> <li> <p>\"KR\" - KOREA</p> </li> <li> <p>\"LV\" - LATVIA</p> </li> <li> <p>\"LI\" - LIECHTENSTEIN</p> </li> <li> <p>\"LT\" - LITHUANIA</p> </li> <li> <p>\"LU\" - LUXEMBOURG</p> </li> <li> <p>\"MK\" - MACEDONIA</p> </li> <li> <p>\"MT\" - MALTA</p> </li> <li> <p>\"MX\" - MEXICO</p> </li> <li> <p>\"MD\" - MOLDOVA</p> </li> <li> <p>\"ME\" - MONTENEGRO</p> </li> <li> <p>\"NL\" - NETHERLANDS</p> </li> <li> <p>\"NZ\" - NEW ZEALAND</p> </li> <li> <p>\"NI\" - NICARAGUA</p> </li> <li> <p>\"NG\" - NIGERIA</p> </li> <li> <p>\"NO\" - NORWAY</p> </li> <li> <p>\"PA\" - PANAMA</p> </li> <li> <p>\"PY\" - PARAGUAY</p> </li> <li> <p>\"PE\" - PERU</p> </li> <li> <p>\"PL\" - POLAND</p> </li> <li> <p>\"PT\" - PORTUGAL</p> </li> <li> <p>\"RO\" - ROMANIA</p> </li> <li> <p>\"RU\" - RUSSIA</p> </li> <li> <p>\"RS\" - SERBIA</p> </li> <li> <p>\"SK\" - SLOVAKIA</p> </li> <li> <p>\"SI\" - SLOVENIA</p> </li> <li> <p>\"ZA\" - SOUTH AFRICA</p> </li> <li> <p>\"ES\" - SPAIN</p> </li> <li> <p>\"SE\" - SWEDEN</p> </li> <li> <p>\"CH\" - SWITZERLAND</p> </li> <li> <p>\"UA\" - UKRAINE</p> </li> <li> <p>\"AE\" - UNITED ARAB EMIRATES</p> </li> <li> <p>\"US\" - UNITED STATES</p> </li> <li> <p>\"UK\" - UNITED KINGDOM</p> </li> <li> <p>\"UY\" - URUGUAY</p> </li> <li> <p>\"VE\" - VENEZUELA</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Describes an additional dataset. This object is part of the <a>DataConfig</a> object. Forecast supports the Weather Index and Holidays additional datasets.</p> <p> <b>Weather Index</b> </p> <p>The Amazon Forecast Weather Index is a built-in dataset that incorporates historical and projected weather information into your model. The Weather Index supplements your datasets with over two years of historical weather data and up to 14 days of projected weather data. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/weather.html\">Amazon Forecast Weather Index</a>.</p> <p> <b>Holidays</b> </p> <p>Holidays is a built-in dataset that incorporates national holiday information into your model. It provides native support for the holiday calendars of 66 countries. To view the holiday calendars, refer to the <a href=\"http://jollyday.sourceforge.net/data.html\">Jollyday</a> library. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/holidays.html\">Holidays Featurization</a>.</p>"
+    },
+    "AdditionalDatasets":{
+      "type":"list",
+      "member":{"shape":"AdditionalDataset"},
+      "max":2,
+      "min":1
+    },
     "Arn":{
       "type":"string",
       "max":256,
@@ -559,6 +736,30 @@
       "type":"list",
       "member":{"shape":"Arn"}
     },
+    "AttributeConfig":{
+      "type":"structure",
+      "required":[
+        "AttributeName",
+        "Transformations"
+      ],
+      "members":{
+        "AttributeName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the attribute as specified in the schema. Amazon Forecast supports the target field of the target time series and the related time series datasets. For example, for the RETAIL domain, the target is <code>demand</code>.</p>"
+        },
+        "Transformations":{
+          "shape":"Transformations",
+          "documentation":"<p>The method parameters (key-value pairs), which are a map of override parameters. Specify these parameters to override the default values. Related Time Series attributes do not accept aggregation parameters.</p> <p>The following list shows the parameters and their valid values for the \"filling\" featurization method for a <b>Target Time Series</b> dataset. Default values are bolded.</p> <ul> <li> <p> <code>aggregation</code>: <b>sum</b>, <code>avg</code>, <code>first</code>, <code>min</code>, <code>max</code> </p> </li> <li> <p> <code>frontfill</code>: <b>none</b> </p> </li> <li> <p> <code>middlefill</code>: <b>zero</b>, <code>nan</code> (not a number), <code>value</code>, <code>median</code>, <code>mean</code>, <code>min</code>, <code>max</code> </p> </li> <li> <p> <code>backfill</code>: <b>zero</b>, <code>nan</code>, <code>value</code>, <code>median</code>, <code>mean</code>, <code>min</code>, <code>max</code> </p> </li> </ul> <p>The following list shows the parameters and their valid values for a <b>Related Time Series</b> featurization method (there are no defaults):</p> <ul> <li> <p> <code>middlefill</code>: <code>zero</code>, <code>value</code>, <code>median</code>, <code>mean</code>, <code>min</code>, <code>max</code> </p> </li> <li> <p> <code>backfill</code>: <code>zero</code>, <code>value</code>, <code>median</code>, <code>mean</code>, <code>min</code>, <code>max</code> </p> </li> <li> <p> <code>futurefill</code>: <code>zero</code>, <code>value</code>, <code>median</code>, <code>mean</code>, <code>min</code>, <code>max</code> </p> </li> </ul> <p>To set a filling method to a specific value, set the fill parameter to <code>value</code> and define the value in a corresponding <code>_value</code> parameter. For example, to set backfilling to a value of 2, include the following: <code>\"backfill\": \"value\"</code> and <code>\"backfill_value\":\"2\"</code>. </p>"
+        }
+      },
+      "documentation":"<p>Provides information about the method used to transform attributes.</p> <p>The following is an example using the RETAIL domain:</p> <p> <code>{</code> </p> <p> <code>\"AttributeName\": \"demand\",</code> </p> <p> <code>\"Transformations\": {\"aggregation\": \"sum\", \"middlefill\": \"zero\", \"backfill\": \"zero\"}</code> </p> <p> <code>}</code> </p>"
+    },
+    "AttributeConfigs":{
+      "type":"list",
+      "member":{"shape":"AttributeConfig"},
+      "max":50,
+      "min":1
+    },
     "AttributeType":{
       "type":"string",
       "enum":[
@@ -571,7 +772,10 @@
     },
     "AutoMLOverrideStrategy":{
       "type":"string",
-      "enum":["LatencyOptimized"]
+      "enum":[
+        "LatencyOptimized",
+        "AccuracyOptimized"
+      ]
     },
     "Boolean":{"type":"boolean"},
     "CategoricalParameterRange":{
@@ -598,6 +802,11 @@
       "max":20,
       "min":1
     },
+    "Configuration":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"Values"}
+    },
     "ContinuousParameterRange":{
       "type":"structure",
       "required":[
@@ -631,6 +840,62 @@
       "max":20,
       "min":1
     },
+    "CreateAutoPredictorRequest":{
+      "type":"structure",
+      "required":["PredictorName"],
+      "members":{
+        "PredictorName":{
+          "shape":"Name",
+          "documentation":"<p>A unique name for the predictor</p>"
+        },
+        "ForecastHorizon":{
+          "shape":"Integer",
+          "documentation":"<p>The number of time-steps that the model predicts. The forecast horizon is also called the prediction length.</p>"
+        },
+        "ForecastTypes":{
+          "shape":"ForecastTypes",
+          "documentation":"<p>The forecast types used to train a predictor. You can specify up to five forecast types. Forecast types can be quantiles from 0.01 to 0.99, by increments of 0.01 or higher. You can also specify the mean forecast with <code>mean</code>.</p>"
+        },
+        "ForecastDimensions":{
+          "shape":"ForecastDimensions",
+          "documentation":"<p>An array of dimension (field) names that specify how to group the generated forecast.</p> <p>For example, if you are generating forecasts for item sales across all your stores, and your dataset contains a <code>store_id</code> field, you would specify <code>store_id</code> as a dimension to group sales forecasts for each store.</p>"
+        },
+        "ForecastFrequency":{
+          "shape":"Frequency",
+          "documentation":"<p>The frequency of predictions in a forecast.</p> <p>Valid intervals are Y (Year), M (Month), W (Week), D (Day), H (Hour), 30min (30 minutes), 15min (15 minutes), 10min (10 minutes), 5min (5 minutes), and 1min (1 minute). For example, \"Y\" indicates every year and \"5min\" indicates every five minutes.</p> <p>The frequency must be greater than or equal to the TARGET_TIME_SERIES dataset frequency.</p> <p>When a RELATED_TIME_SERIES dataset is provided, the frequency must be equal to the RELATED_TIME_SERIES dataset frequency.</p>"
+        },
+        "DataConfig":{
+          "shape":"DataConfig",
+          "documentation":"<p>The data configuration for your dataset group and any additional datasets.</p>"
+        },
+        "EncryptionConfig":{"shape":"EncryptionConfig"},
+        "ReferencePredictorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the predictor to retrain or upgrade. This parameter is only used when retraining or upgrading a predictor. When creating a new predictor, do not specify a value for this parameter.</p> <p>When upgrading or retraining a predictor, only specify values for the <code>ReferencePredictorArn</code> and <code>PredictorName</code>. The value for <code>PredictorName</code> must be a unique predictor name.</p>"
+        },
+        "OptimizationMetric":{
+          "shape":"OptimizationMetric",
+          "documentation":"<p>The accuracy metric used to optimize the predictor.</p>"
+        },
+        "ExplainPredictor":{
+          "shape":"Boolean",
+          "documentation":"<p>Create an Explainability resource for the predictor.</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>Optional metadata to help you categorize and organize your predictors. Each tag consists of a key and an optional value, both of which you define. Tag keys and values are case sensitive.</p> <p>The following restrictions apply to tags:</p> <ul> <li> <p>For each resource, each tag key must be unique and each tag key must have one value.</p> </li> <li> <p>Maximum number of tags per resource: 50.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8.</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8.</p> </li> <li> <p>Accepted characters: all letters and numbers, spaces representable in UTF-8, and + - = . _ : / @. If your tagging schema is used across other services and resources, the character restrictions of those services also apply. </p> </li> <li> <p>Key prefixes cannot include any upper or lowercase combination of <code>aws:</code> or <code>AWS:</code>. Values can have this prefix. If a tag value has <code>aws</code> as its prefix but the key does not, Forecast considers it to be a user tag and will count against the limit of 50 tags. Tags with only the key prefix of <code>aws</code> do not count against your tags per resource limit. You cannot edit or delete tag keys with this prefix.</p> </li> </ul>"
+        }
+      }
+    },
+    "CreateAutoPredictorResponse":{
+      "type":"structure",
+      "members":{
+        "PredictorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the predictor.</p>"
+        }
+      }
+    },
     "CreateDatasetGroupRequest":{
       "type":"structure",
       "required":[
@@ -764,6 +1029,87 @@
         }
       }
     },
+    "CreateExplainabilityExportRequest":{
+      "type":"structure",
+      "required":[
+        "ExplainabilityExportName",
+        "ExplainabilityArn",
+        "Destination"
+      ],
+      "members":{
+        "ExplainabilityExportName":{
+          "shape":"Name",
+          "documentation":"<p>A unique name for the Explainability export.</p>"
+        },
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability to export.</p>"
+        },
+        "Destination":{"shape":"DataDestination"},
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>Optional metadata to help you categorize and organize your resources. Each tag consists of a key and an optional value, both of which you define. Tag keys and values are case sensitive.</p> <p>The following restrictions apply to tags:</p> <ul> <li> <p>For each resource, each tag key must be unique and each tag key must have one value.</p> </li> <li> <p>Maximum number of tags per resource: 50.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8.</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8.</p> </li> <li> <p>Accepted characters: all letters and numbers, spaces representable in UTF-8, and + - = . _ : / @. If your tagging schema is used across other services and resources, the character restrictions of those services also apply. </p> </li> <li> <p>Key prefixes cannot include any upper or lowercase combination of <code>aws:</code> or <code>AWS:</code>. Values can have this prefix. If a tag value has <code>aws</code> as its prefix but the key does not, Forecast considers it to be a user tag and will count against the limit of 50 tags. Tags with only the key prefix of <code>aws</code> do not count against your tags per resource limit. You cannot edit or delete tag keys with this prefix.</p> </li> </ul>"
+        }
+      }
+    },
+    "CreateExplainabilityExportResponse":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityExportArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the export.</p>"
+        }
+      }
+    },
+    "CreateExplainabilityRequest":{
+      "type":"structure",
+      "required":[
+        "ExplainabilityName",
+        "ResourceArn",
+        "ExplainabilityConfig"
+      ],
+      "members":{
+        "ExplainabilityName":{
+          "shape":"Name",
+          "documentation":"<p>A unique name for the Explainability.</p>"
+        },
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Predictor or Forecast used to create the Explainability.</p>"
+        },
+        "ExplainabilityConfig":{
+          "shape":"ExplainabilityConfig",
+          "documentation":"<p>The configuration settings that define the granularity of time series and time points for the Explainability.</p>"
+        },
+        "DataSource":{"shape":"DataSource"},
+        "Schema":{"shape":"Schema"},
+        "EnableVisualization":{
+          "shape":"Boolean",
+          "documentation":"<p>Create an Expainability visualization that is viewable within the AWS console.</p>"
+        },
+        "StartDateTime":{
+          "shape":"LocalDateTime",
+          "documentation":"<p>If <code>TimePointGranularity</code> is set to <code>SPECIFIC</code>, define the first point for the Explainability.</p> <p>Use the following timestamp format: yyyy-MM-ddTHH:mm:ss (example: 2015-01-01T20:00:00)</p>"
+        },
+        "EndDateTime":{
+          "shape":"LocalDateTime",
+          "documentation":"<p>If <code>TimePointGranularity</code> is set to <code>SPECIFIC</code>, define the last time point for the Explainability.</p> <p>Use the following timestamp format: yyyy-MM-ddTHH:mm:ss (example: 2015-01-01T20:00:00)</p>"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>Optional metadata to help you categorize and organize your resources. Each tag consists of a key and an optional value, both of which you define. Tag keys and values are case sensitive.</p> <p>The following restrictions apply to tags:</p> <ul> <li> <p>For each resource, each tag key must be unique and each tag key must have one value.</p> </li> <li> <p>Maximum number of tags per resource: 50.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8.</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8.</p> </li> <li> <p>Accepted characters: all letters and numbers, spaces representable in UTF-8, and + - = . _ : / @. If your tagging schema is used across other services and resources, the character restrictions of those services also apply. </p> </li> <li> <p>Key prefixes cannot include any upper or lowercase combination of <code>aws:</code> or <code>AWS:</code>. Values can have this prefix. If a tag value has <code>aws</code> as its prefix but the key does not, Forecast considers it to be a user tag and will count against the limit of 50 tags. Tags with only the key prefix of <code>aws</code> do not count against your tags per resource limit. You cannot edit or delete tag keys with this prefix.</p> </li> </ul>"
+        }
+      }
+    },
+    "CreateExplainabilityResponse":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability.</p>"
+        }
+      }
+    },
     "CreateForecastExportJobRequest":{
       "type":"structure",
       "required":[
@@ -945,6 +1291,25 @@
         }
       }
     },
+    "DataConfig":{
+      "type":"structure",
+      "required":["DatasetGroupArn"],
+      "members":{
+        "DatasetGroupArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the dataset group used to train the predictor.</p>"
+        },
+        "AttributeConfigs":{
+          "shape":"AttributeConfigs",
+          "documentation":"<p>Aggregation and filling options for attributes in your dataset group.</p>"
+        },
+        "AdditionalDatasets":{
+          "shape":"AdditionalDatasets",
+          "documentation":"<p>Additional built-in datasets like Holidays and the Weather Index.</p>"
+        }
+      },
+      "documentation":"<p>The data configuration for your dataset group and any additional datasets.</p>"
+    },
     "DataDestination":{
       "type":"structure",
       "required":["S3Config"],
@@ -962,10 +1327,10 @@
       "members":{
         "S3Config":{
           "shape":"S3Config",
-          "documentation":"<p>The path to the training data stored in an Amazon Simple Storage Service (Amazon S3) bucket along with the credentials to access the data.</p>"
+          "documentation":"<p>The path to the data stored in an Amazon Simple Storage Service (Amazon S3) bucket along with the credentials to access the data.</p>"
         }
       },
-      "documentation":"<p>The source of your training data, an AWS Identity and Access Management (IAM) role that allows Amazon Forecast to access the data and, optionally, an AWS Key Management Service (KMS) key. This object is submitted in the <a>CreateDatasetImportJob</a> request.</p>"
+      "documentation":"<p>The source of your data, an AWS Identity and Access Management (IAM) role that allows Amazon Forecast to access the data and, optionally, an AWS Key Management Service (KMS) key.</p>"
     },
     "DatasetGroupSummary":{
       "type":"structure",
@@ -1103,6 +1468,26 @@
         }
       }
     },
+    "DeleteExplainabilityExportRequest":{
+      "type":"structure",
+      "required":["ExplainabilityExportArn"],
+      "members":{
+        "ExplainabilityExportArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability export to delete. </p>"
+        }
+      }
+    },
+    "DeleteExplainabilityRequest":{
+      "type":"structure",
+      "required":["ExplainabilityArn"],
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability resource to delete.</p>"
+        }
+      }
+    },
     "DeleteForecastExportJobRequest":{
       "type":"structure",
       "required":["ForecastExportJobArn"],
@@ -1153,6 +1538,86 @@
         }
       }
     },
+    "DescribeAutoPredictorRequest":{
+      "type":"structure",
+      "required":["PredictorArn"],
+      "members":{
+        "PredictorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the predictor.</p>"
+        }
+      }
+    },
+    "DescribeAutoPredictorResponse":{
+      "type":"structure",
+      "members":{
+        "PredictorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the predictor</p>"
+        },
+        "PredictorName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the predictor.</p>"
+        },
+        "ForecastHorizon":{
+          "shape":"Integer",
+          "documentation":"<p>The number of time-steps that the model predicts. The forecast horizon is also called the prediction length.</p>"
+        },
+        "ForecastTypes":{
+          "shape":"ForecastTypes",
+          "documentation":"<p>The forecast types used during predictor training. Default value is [\"0.1\",\"0.5\",\"0.9\"].</p>"
+        },
+        "ForecastFrequency":{
+          "shape":"Frequency",
+          "documentation":"<p>The frequency of predictions in a forecast.</p> <p>Valid intervals are Y (Year), M (Month), W (Week), D (Day), H (Hour), 30min (30 minutes), 15min (15 minutes), 10min (10 minutes), 5min (5 minutes), and 1min (1 minute). For example, \"Y\" indicates every year and \"5min\" indicates every five minutes.</p>"
+        },
+        "ForecastDimensions":{
+          "shape":"ForecastDimensions",
+          "documentation":"<p>An array of dimension (field) names that specify the attributes used to group your time series.</p>"
+        },
+        "DatasetImportJobArns":{
+          "shape":"ArnList",
+          "documentation":"<p>An array of the ARNs of the dataset import jobs used to import training data for the predictor.</p>"
+        },
+        "DataConfig":{
+          "shape":"DataConfig",
+          "documentation":"<p>The data configuration for your dataset group and any additional datasets.</p>"
+        },
+        "EncryptionConfig":{"shape":"EncryptionConfig"},
+        "ReferencePredictorSummary":{
+          "shape":"ReferencePredictorSummary",
+          "documentation":"<p>The ARN and state of the reference predictor. This parameter is only valid for retrained or upgraded predictors.</p>"
+        },
+        "EstimatedTimeRemainingInMinutes":{
+          "shape":"Long",
+          "documentation":"<p>The estimated time remaining in minutes for the predictor training job to complete.</p>"
+        },
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the predictor. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>In the event of an error, a message detailing the cause of the error.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of the CreateAutoPredictor request.</p>"
+        },
+        "LastModificationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last time the resource was modified. The timestamp depends on the status of the job:</p> <ul> <li> <p> <code>CREATE_PENDING</code> - The <code>CreationTime</code>.</p> </li> <li> <p> <code>CREATE_IN_PROGRESS</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPING</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPED</code> - When the job stopped.</p> </li> <li> <p> <code>ACTIVE</code> or <code>CREATE_FAILED</code> - When the job finished or failed.</p> </li> </ul>"
+        },
+        "OptimizationMetric":{
+          "shape":"OptimizationMetric",
+          "documentation":"<p>The accuracy metric used to optimize the predictor.</p>"
+        },
+        "ExplainabilityInfo":{
+          "shape":"ExplainabilityInfo",
+          "documentation":"<p>Provides the status and ARN of the Predictor Explainability.</p>"
+        }
+      }
+    },
     "DescribeDatasetGroupRequest":{
       "type":"structure",
       "required":["DatasetGroupArn"],
@@ -1326,6 +1791,115 @@
         }
       }
     },
+    "DescribeExplainabilityExportRequest":{
+      "type":"structure",
+      "required":["ExplainabilityExportArn"],
+      "members":{
+        "ExplainabilityExportArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability export.</p>"
+        }
+      }
+    },
+    "DescribeExplainabilityExportResponse":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityExportArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability export.</p>"
+        },
+        "ExplainabilityExportName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the Explainability export.</p>"
+        },
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability.</p>"
+        },
+        "Destination":{"shape":"DataDestination"},
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Information about any errors that occurred during the export.</p>"
+        },
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the Explainability export. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>When the Explainability export was created.</p>"
+        },
+        "LastModificationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last time the resource was modified. The timestamp depends on the status of the job:</p> <ul> <li> <p> <code>CREATE_PENDING</code> - The <code>CreationTime</code>.</p> </li> <li> <p> <code>CREATE_IN_PROGRESS</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPING</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPED</code> - When the job stopped.</p> </li> <li> <p> <code>ACTIVE</code> or <code>CREATE_FAILED</code> - When the job finished or failed.</p> </li> </ul>"
+        }
+      }
+    },
+    "DescribeExplainabilityRequest":{
+      "type":"structure",
+      "required":["ExplainabilityArn"],
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explaianability to describe.</p>"
+        }
+      }
+    },
+    "DescribeExplainabilityResponse":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability.</p>"
+        },
+        "ExplainabilityName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the Explainability.</p>"
+        },
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Predictor or Forecast used to create the Explainability resource.</p>"
+        },
+        "ExplainabilityConfig":{
+          "shape":"ExplainabilityConfig",
+          "documentation":"<p>The configuration settings that define the granularity of time series and time points for the Explainability.</p>"
+        },
+        "EnableVisualization":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the visualization was enabled for the Explainability resource.</p>"
+        },
+        "DataSource":{"shape":"DataSource"},
+        "Schema":{"shape":"Schema"},
+        "StartDateTime":{
+          "shape":"LocalDateTime",
+          "documentation":"<p>If <code>TimePointGranularity</code> is set to <code>SPECIFIC</code>, the first time point in the Explainability.</p>"
+        },
+        "EndDateTime":{
+          "shape":"LocalDateTime",
+          "documentation":"<p>If <code>TimePointGranularity</code> is set to <code>SPECIFIC</code>, the last time point in the Explainability.</p>"
+        },
+        "EstimatedTimeRemainingInMinutes":{
+          "shape":"Long",
+          "documentation":"<p>The estimated time remaining in minutes for the <a>CreateExplainability</a> job to complete.</p>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>If an error occurred, a message about the error.</p>"
+        },
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the Explainability resource. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>When the Explainability resource was created.</p>"
+        },
+        "LastModificationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last time the resource was modified. The timestamp depends on the status of the job:</p> <ul> <li> <p> <code>CREATE_PENDING</code> - The <code>CreationTime</code>.</p> </li> <li> <p> <code>CREATE_IN_PROGRESS</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPING</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPED</code> - When the job stopped.</p> </li> <li> <p> <code>ACTIVE</code> or <code>CREATE_FAILED</code> - When the job finished or failed.</p> </li> </ul>"
+        }
+      }
+    },
     "DescribeForecastExportJobRequest":{
       "type":"structure",
       "required":["ForecastExportJobArn"],
@@ -1497,6 +2071,10 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the algorithm used for model training.</p>"
         },
+        "AutoMLAlgorithmArns":{
+          "shape":"ArnList",
+          "documentation":"<p>When <code>PerformAutoML</code> is specified, the ARN of the chosen algorithm.</p>"
+        },
         "ForecastHorizon":{
           "shape":"Integer",
           "documentation":"<p>The number of time-steps of the forecast. The forecast horizon is also called the prediction length.</p>"
@@ -1549,14 +2127,14 @@
           "shape":"Long",
           "documentation":"<p>The estimated time remaining in minutes for the predictor training job to complete.</p>"
         },
+        "IsAutoPredictor":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the predictor was created with <a>CreateAutoPredictor</a>.</p>"
+        },
         "DatasetImportJobArns":{
           "shape":"ArnList",
           "documentation":"<p>An array of the ARNs of the dataset import jobs used to import training data for the predictor.</p>"
         },
-        "AutoMLAlgorithmArns":{
-          "shape":"ArnList",
-          "documentation":"<p>When <code>PerformAutoML</code> is specified, the ARN of the chosen algorithm.</p>"
-        },
         "Status":{
           "shape":"Status",
           "documentation":"<p>The status of the predictor. States include:</p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> </ul> <note> <p>The <code>Status</code> of the predictor must be <code>ACTIVE</code> before you can use the predictor to create a forecast.</p> </note>"
@@ -1676,6 +2254,115 @@
         "COMPUTED"
       ]
     },
+    "Explainabilities":{
+      "type":"list",
+      "member":{"shape":"ExplainabilitySummary"}
+    },
+    "ExplainabilityConfig":{
+      "type":"structure",
+      "required":[
+        "TimeSeriesGranularity",
+        "TimePointGranularity"
+      ],
+      "members":{
+        "TimeSeriesGranularity":{
+          "shape":"TimeSeriesGranularity",
+          "documentation":"<p>To create an Explainability for all time series in your datasets, use <code>ALL</code>. To create an Explainability for specific time series in your datasets, use <code>SPECIFIC</code>.</p> <p>Specify time series by uploading a CSV file to an Amazon S3 bucket and set the location within the <a>DataDestination</a> data type.</p>"
+        },
+        "TimePointGranularity":{
+          "shape":"TimePointGranularity",
+          "documentation":"<p>To create an Explainability for all time points in your forecast horizon, use <code>ALL</code>. To create an Explainability for specific time points in your forecast horizon, use <code>SPECIFIC</code>.</p> <p>Specify time points with the <code>StartDateTime</code> and <code>EndDateTime</code> parameters within the <a>CreateExplainability</a> operation.</p>"
+        }
+      },
+      "documentation":"<p>The ExplainabilityConfig data type defines the number of time series and time points included in <a>CreateExplainability</a>.</p> <p>If you provide a predictor ARN for <code>ResourceArn</code>, you must set both <code>TimePointGranularity</code> and <code>TimeSeriesGranularity</code> to “ALL”. When creating Predictor Explainability, Amazon Forecast considers all time series and time points.</p> <p>If you provide a forecast ARN for <code>ResourceArn</code>, you can set <code>TimePointGranularity</code> and <code>TimeSeriesGranularity</code> to either “ALL” or “Specific”.</p>"
+    },
+    "ExplainabilityExportSummary":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityExportArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability export.</p>"
+        },
+        "ExplainabilityExportName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the Explainability export</p>"
+        },
+        "Destination":{"shape":"DataDestination"},
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the Explainability export. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        },
+        "Message":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>Information about any errors that may have occurred during the Explainability export.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>When the Explainability was created.</p>"
+        },
+        "LastModificationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last time the resource was modified. The timestamp depends on the status of the job:</p> <ul> <li> <p> <code>CREATE_PENDING</code> - The <code>CreationTime</code>.</p> </li> <li> <p> <code>CREATE_IN_PROGRESS</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPING</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPED</code> - When the job stopped.</p> </li> <li> <p> <code>ACTIVE</code> or <code>CREATE_FAILED</code> - When the job finished or failed.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Provides a summary of the Explainability export properties used in the <a>ListExplainabilityExports</a> operation. To get a complete set of properties, call the <a>DescribeExplainabilityExport</a> operation, and provide the <code>ExplainabilityExportArn</code>.</p>"
+    },
+    "ExplainabilityExports":{
+      "type":"list",
+      "member":{"shape":"ExplainabilityExportSummary"}
+    },
+    "ExplainabilityInfo":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability.</p>"
+        },
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the Explainability. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Provides information about the Explainability resource.</p>"
+    },
+    "ExplainabilitySummary":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Explainability.</p>"
+        },
+        "ExplainabilityName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the Explainability.</p>"
+        },
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Predictor or Forecast used to create the Explainability.</p>"
+        },
+        "ExplainabilityConfig":{
+          "shape":"ExplainabilityConfig",
+          "documentation":"<p>The configuration settings that define the granularity of time series and time points for the Explainability.</p>"
+        },
+        "Status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the Explainability. States include: </p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> </ul>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Information about any errors that may have occurred during the Explainability creation process.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>When the Explainability was created.</p>"
+        },
+        "LastModificationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last time the resource was modified. The timestamp depends on the status of the job:</p> <ul> <li> <p> <code>CREATE_PENDING</code> - The <code>CreationTime</code>.</p> </li> <li> <p> <code>CREATE_IN_PROGRESS</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPING</code> - The current timestamp.</p> </li> <li> <p> <code>CREATE_STOPPED</code> - When the job stopped.</p> </li> <li> <p> <code>ACTIVE</code> or <code>CREATE_FAILED</code> - When the job finished or failed.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Provides a summary of the Explainability properties used in the <a>ListExplainabilities</a> operation. To get a complete set of properties, call the <a>DescribeExplainability</a> operation, and provide the listed <code>ExplainabilityArn</code>.</p>"
+    },
     "Featurization":{
       "type":"structure",
       "required":["AttributeName"],
@@ -1689,7 +2376,7 @@
           "documentation":"<p>An array of one <code>FeaturizationMethod</code> object that specifies the feature transformation method.</p>"
         }
       },
-      "documentation":"<p>Provides featurization (transformation) information for a dataset field. This object is part of the <a>FeaturizationConfig</a> object.</p> <p>For example:</p> <p> <code>{</code> </p> <p> <code>\"AttributeName\": \"demand\",</code> </p> <p> <code>FeaturizationPipeline [ {</code> </p> <p> <code>\"FeaturizationMethodName\": \"filling\",</code> </p> <p> <code>\"FeaturizationMethodParameters\": {\"aggregation\": \"avg\", \"backfill\": \"nan\"}</code> </p> <p> <code>} ]</code> </p> <p> <code>}</code> </p>"
+      "documentation":"<note> <p>This object belongs to the <a>CreatePredictor</a> operation. If you created your predictor with <a>CreateAutoPredictor</a>, see <a>AttributeConfig</a>.</p> </note> <p>Provides featurization (transformation) information for a dataset field. This object is part of the <a>FeaturizationConfig</a> object.</p> <p>For example:</p> <p> <code>{</code> </p> <p> <code>\"AttributeName\": \"demand\",</code> </p> <p> <code>FeaturizationPipeline [ {</code> </p> <p> <code>\"FeaturizationMethodName\": \"filling\",</code> </p> <p> <code>\"FeaturizationMethodParameters\": {\"aggregation\": \"avg\", \"backfill\": \"nan\"}</code> </p> <p> <code>} ]</code> </p> <p> <code>}</code> </p>"
     },
     "FeaturizationConfig":{
       "type":"structure",
@@ -1708,7 +2395,7 @@
           "documentation":"<p>An array of featurization (transformation) information for the fields of a dataset.</p>"
         }
       },
-      "documentation":"<p>In a <a>CreatePredictor</a> operation, the specified algorithm trains a model using the specified dataset group. You can optionally tell the operation to modify data fields prior to training a model. These modifications are referred to as <i>featurization</i>.</p> <p>You define featurization using the <code>FeaturizationConfig</code> object. You specify an array of transformations, one for each field that you want to featurize. You then include the <code>FeaturizationConfig</code> object in your <code>CreatePredictor</code> request. Amazon Forecast applies the featurization to the <code>TARGET_TIME_SERIES</code> and <code>RELATED_TIME_SERIES</code> datasets before model training.</p> <p>You can create multiple featurization configurations. For example, you might call the <code>CreatePredictor</code> operation twice by specifying different featurization configurations.</p>"
+      "documentation":"<note> <p>This object belongs to the <a>CreatePredictor</a> operation. If you created your predictor with <a>CreateAutoPredictor</a>, see <a>AttributeConfig</a>.</p> </note> <p>In a <a>CreatePredictor</a> operation, the specified algorithm trains a model using the specified dataset group. You can optionally tell the operation to modify data fields prior to training a model. These modifications are referred to as <i>featurization</i>.</p> <p>You define featurization using the <code>FeaturizationConfig</code> object. You specify an array of transformations, one for each field that you want to featurize. You then include the <code>FeaturizationConfig</code> object in your <code>CreatePredictor</code> request. Amazon Forecast applies the featurization to the <code>TARGET_TIME_SERIES</code> and <code>RELATED_TIME_SERIES</code> datasets before model training.</p> <p>You can create multiple featurization configurations. For example, you might call the <code>CreatePredictor</code> operation twice by specifying different featurization configurations.</p>"
     },
     "FeaturizationMethod":{
       "type":"structure",
@@ -1790,7 +2477,7 @@
     "ForecastDimensions":{
       "type":"list",
       "member":{"shape":"Name"},
-      "max":5,
+      "max":10,
       "min":1
     },
     "ForecastExportJobSummary":{
@@ -1846,6 +2533,10 @@
           "shape":"String",
           "documentation":"<p>The ARN of the predictor used to generate the forecast.</p>"
         },
+        "CreatedUsingAutoPredictor":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the Forecast was created from an AutoPredictor.</p>"
+        },
         "DatasetGroupArn":{
           "shape":"String",
           "documentation":"<p>The Amazon Resource Name (ARN) of the dataset group that provided the data used to train the predictor.</p>"
@@ -1871,6 +2562,8 @@
     },
     "ForecastType":{
       "type":"string",
+      "max":4,
+      "min":2,
       "pattern":"(^0?\\.\\d\\d?$|^mean$)"
     },
     "ForecastTypes":{
@@ -1885,6 +2578,8 @@
     },
     "Frequency":{
       "type":"string",
+      "max":5,
+      "min":1,
       "pattern":"^Y|M|W|D|H|30min|15min|10min|5min|1min$"
     },
     "GeolocationFormat":{
@@ -1909,6 +2604,10 @@
           "shape":"PredictorEvaluationResults",
           "documentation":"<p>An array of results from evaluating the predictor.</p>"
         },
+        "IsAutoPredictor":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the predictor was created with <a>CreateAutoPredictor</a>.</p>"
+        },
         "AutoMLOverrideStrategy":{
           "shape":"AutoMLOverrideStrategy",
           "documentation":"<note> <p> The <code>LatencyOptimized</code> AutoML override strategy is only available in private beta. Contact AWS Support or your account manager to learn more about access privileges. </p> </note> <p>The AutoML strategy used to train the predictor. Unless <code>LatencyOptimized</code> is specified, the AutoML strategy optimizes predictor accuracy.</p> <p>This parameter is only valid for predictors trained using AutoML.</p>"
@@ -1942,7 +2641,7 @@
           "documentation":"<p>An array of supplementary features. The only supported feature is a holiday calendar.</p>"
         }
       },
-      "documentation":"<p>The data used to train a predictor. The data includes a dataset group and any supplementary features. You specify this object in the <a>CreatePredictor</a> request.</p>"
+      "documentation":"<note> <p>This object belongs to the <a>CreatePredictor</a> operation. If you created your predictor with <a>CreateAutoPredictor</a>, see <a>DataConfig</a>.</p> </note> <p>The data used to train a predictor. The data includes a dataset group and any supplementary features. You specify this object in the <a>CreatePredictor</a> request.</p>"
     },
     "Integer":{"type":"integer"},
     "IntegerParameterRange":{
@@ -2089,6 +2788,66 @@
         }
       }
     },
+    "ListExplainabilitiesRequest":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the result of the previous request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The number of items returned in the response.</p>"
+        },
+        "Filters":{
+          "shape":"Filters",
+          "documentation":"<p>An array of filters. For each filter, provide a condition and a match statement. The condition is either <code>IS</code> or <code>IS_NOT</code>, which specifies whether to include or exclude the resources that match the statement from the list. The match statement consists of a key and a value.</p> <p> <b>Filter properties</b> </p> <ul> <li> <p> <code>Condition</code> - The condition to apply. Valid values are <code>IS</code> and <code>IS_NOT</code>.</p> </li> <li> <p> <code>Key</code> - The name of the parameter to filter on. Valid values are <code>ResourceArn</code> and <code>Status</code>.</p> </li> <li> <p> <code>Value</code> - The value to match.</p> </li> </ul>"
+        }
+      }
+    },
+    "ListExplainabilitiesResponse":{
+      "type":"structure",
+      "members":{
+        "Explainabilities":{
+          "shape":"Explainabilities",
+          "documentation":"<p>An array of objects that summarize the properties of each Explainability resource.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Returns this token if the response is truncated. To retrieve the next set of results, use the token in the next request.</p>"
+        }
+      }
+    },
+    "ListExplainabilityExportsRequest":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the result of the previous request was truncated, the response includes a NextToken. To retrieve the next set of results, use the token in the next request. Tokens expire after 24 hours.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The number of items to return in the response.</p>"
+        },
+        "Filters":{
+          "shape":"Filters",
+          "documentation":"<p>An array of filters. For each filter, provide a condition and a match statement. The condition is either <code>IS</code> or <code>IS_NOT</code>, which specifies whether to include or exclude resources that match the statement from the list. The match statement consists of a key and a value.</p> <p> <b>Filter properties</b> </p> <ul> <li> <p> <code>Condition</code> - The condition to apply. Valid values are <code>IS</code> and <code>IS_NOT</code>.</p> </li> <li> <p> <code>Key</code> - The name of the parameter to filter on. Valid values are <code>ResourceArn</code> and <code>Status</code>.</p> </li> <li> <p> <code>Value</code> - The value to match.</p> </li> </ul>"
+        }
+      }
+    },
+    "ListExplainabilityExportsResponse":{
+      "type":"structure",
+      "members":{
+        "ExplainabilityExports":{
+          "shape":"ExplainabilityExports",
+          "documentation":"<p>An array of objects that summarize the properties of each Explainability export.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Returns this token if the response is truncated. To retrieve the next set of results, use the token in the next request.</p>"
+        }
+      }
+    },
     "ListForecastExportJobsRequest":{
       "type":"structure",
       "members":{
@@ -2215,7 +2974,7 @@
       "members":{
         "ResourceArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are Forecast dataset groups, datasets, dataset import jobs, predictors, forecasts, and forecast export jobs.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. </p>"
         }
       }
     },
@@ -2228,6 +2987,11 @@
         }
       }
     },
+    "LocalDateTime":{
+      "type":"string",
+      "max":19,
+      "pattern":"^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$"
+    },
     "Long":{"type":"long"},
     "MaxResults":{
       "type":"integer",
@@ -2268,7 +3032,8 @@
     "NextToken":{
       "type":"string",
       "max":3000,
-      "min":1
+      "min":1,
+      "pattern":".+"
     },
     "OptimizationMetric":{
       "type":"string",
@@ -2392,6 +3157,14 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the dataset group that contains the data used to train the predictor.</p>"
         },
+        "IsAutoPredictor":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether AutoPredictor was used to create the predictor.</p>"
+        },
+        "ReferencePredictorSummary":{
+          "shape":"ReferencePredictorSummary",
+          "documentation":"<p>A summary of the reference predictor used if the predictor was retrained or upgraded.</p>"
+        },
         "Status":{
           "shape":"Status",
           "documentation":"<p>The status of the predictor. States include:</p> <ul> <li> <p> <code>ACTIVE</code> </p> </li> <li> <p> <code>CREATE_PENDING</code>, <code>CREATE_IN_PROGRESS</code>, <code>CREATE_FAILED</code> </p> </li> <li> <p> <code>DELETE_PENDING</code>, <code>DELETE_IN_PROGRESS</code>, <code>DELETE_FAILED</code> </p> </li> <li> <p> <code>CREATE_STOPPING</code>, <code>CREATE_STOPPED</code> </p> </li> </ul> <note> <p>The <code>Status</code> of the predictor must be <code>ACTIVE</code> before you can use the predictor to create a forecast.</p> </note>"
@@ -2415,6 +3188,20 @@
       "type":"list",
       "member":{"shape":"PredictorSummary"}
     },
+    "ReferencePredictorSummary":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the reference predictor.</p>"
+        },
+        "State":{
+          "shape":"State",
+          "documentation":"<p>Whether the reference predictor is <code>Active</code> or <code>Deleted</code>.</p>"
+        }
+      },
+      "documentation":"<p>Provides a summary of the reference predictor used when retraining or upgrading a predictor.</p>"
+    },
     "ResourceAlreadyExistsException":{
       "type":"structure",
       "members":{
@@ -2463,6 +3250,8 @@
     },
     "S3Path":{
       "type":"string",
+      "max":4096,
+      "min":7,
       "pattern":"^s3://[a-z0-9].+$"
     },
     "ScalingType":{
@@ -2482,7 +3271,7 @@
           "documentation":"<p>An array of attributes specifying the name and type of each field in a dataset.</p>"
         }
       },
-      "documentation":"<p>Defines the fields of a dataset. You specify this object in the <a>CreateDataset</a> request.</p>"
+      "documentation":"<p>Defines the fields of a dataset.</p>"
     },
     "SchemaAttribute":{
       "type":"structure",
@@ -2504,6 +3293,13 @@
       "max":100,
       "min":1
     },
+    "State":{
+      "type":"string",
+      "enum":[
+        "Active",
+        "Deleted"
+      ]
+    },
     "Statistics":{
       "type":"structure",
       "members":{
@@ -2568,7 +3364,7 @@
       "members":{
         "ResourceArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource to stop. The supported ARNs are <code>DatasetImportJobArn</code>, <code>PredictorArn</code>, <code>PredictorBacktestExportJobArn</code>, <code>ForecastArn</code>, and <code>ForecastExportJobArn</code>. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource to stop. The supported ARNs are <code>DatasetImportJobArn</code>, <code>PredictorArn</code>, <code>PredictorBacktestExportJobArn</code>, <code>ForecastArn</code>, <code>ForecastExportJobArn</code>, <code>ExplainabilityArn</code>, and <code>ExplainabilityExportArn</code>. </p>"
         }
       }
     },
@@ -2593,7 +3389,7 @@
           "documentation":"<p> <b>Weather Index</b> </p> <p>To enable the Weather Index, set the value to <code>\"true\"</code> </p> <p> <b>Holidays</b> </p> <p>To enable Holidays, specify a country with one of the following two-letter country codes:</p> <ul> <li> <p>\"AL\" - ALBANIA</p> </li> <li> <p>\"AR\" - ARGENTINA</p> </li> <li> <p>\"AT\" - AUSTRIA</p> </li> <li> <p>\"AU\" - AUSTRALIA</p> </li> <li> <p>\"BA\" - BOSNIA HERZEGOVINA</p> </li> <li> <p>\"BE\" - BELGIUM</p> </li> <li> <p>\"BG\" - BULGARIA</p> </li> <li> <p>\"BO\" - BOLIVIA</p> </li> <li> <p>\"BR\" - BRAZIL</p> </li> <li> <p>\"BY\" - BELARUS</p> </li> <li> <p>\"CA\" - CANADA</p> </li> <li> <p>\"CL\" - CHILE</p> </li> <li> <p>\"CO\" - COLOMBIA</p> </li> <li> <p>\"CR\" - COSTA RICA</p> </li> <li> <p>\"HR\" - CROATIA</p> </li> <li> <p>\"CZ\" - CZECH REPUBLIC</p> </li> <li> <p>\"DK\" - DENMARK</p> </li> <li> <p>\"EC\" - ECUADOR</p> </li> <li> <p>\"EE\" - ESTONIA</p> </li> <li> <p>\"ET\" - ETHIOPIA</p> </li> <li> <p>\"FI\" - FINLAND</p> </li> <li> <p>\"FR\" - FRANCE</p> </li> <li> <p>\"DE\" - GERMANY</p> </li> <li> <p>\"GR\" - GREECE</p> </li> <li> <p>\"HU\" - HUNGARY</p> </li> <li> <p>\"IS\" - ICELAND</p> </li> <li> <p>\"IN\" - INDIA</p> </li> <li> <p>\"IE\" - IRELAND</p> </li> <li> <p>\"IT\" - ITALY</p> </li> <li> <p>\"JP\" - JAPAN</p> </li> <li> <p>\"KZ\" - KAZAKHSTAN</p> </li> <li> <p>\"KR\" - KOREA</p> </li> <li> <p>\"LV\" - LATVIA</p> </li> <li> <p>\"LI\" - LIECHTENSTEIN</p> </li> <li> <p>\"LT\" - LITHUANIA</p> </li> <li> <p>\"LU\" - LUXEMBOURG</p> </li> <li> <p>\"MK\" - MACEDONIA</p> </li> <li> <p>\"MT\" - MALTA</p> </li> <li> <p>\"MX\" - MEXICO</p> </li> <li> <p>\"MD\" - MOLDOVA</p> </li> <li> <p>\"ME\" - MONTENEGRO</p> </li> <li> <p>\"NL\" - NETHERLANDS</p> </li> <li> <p>\"NZ\" - NEW ZEALAND</p> </li> <li> <p>\"NI\" - NICARAGUA</p> </li> <li> <p>\"NG\" - NIGERIA</p> </li> <li> <p>\"NO\" - NORWAY</p> </li> <li> <p>\"PA\" - PANAMA</p> </li> <li> <p>\"PY\" - PARAGUAY</p> </li> <li> <p>\"PE\" - PERU</p> </li> <li> <p>\"PL\" - POLAND</p> </li> <li> <p>\"PT\" - PORTUGAL</p> </li> <li> <p>\"RO\" - ROMANIA</p> </li> <li> <p>\"RU\" - RUSSIA</p> </li> <li> <p>\"RS\" - SERBIA</p> </li> <li> <p>\"SK\" - SLOVAKIA</p> </li> <li> <p>\"SI\" - SLOVENIA</p> </li> <li> <p>\"ZA\" - SOUTH AFRICA</p> </li> <li> <p>\"ES\" - SPAIN</p> </li> <li> <p>\"SE\" - SWEDEN</p> </li> <li> <p>\"CH\" - SWITZERLAND</p> </li> <li> <p>\"UA\" - UKRAINE</p> </li> <li> <p>\"AE\" - UNITED ARAB EMIRATES</p> </li> <li> <p>\"US\" - UNITED STATES</p> </li> <li> <p>\"UK\" - UNITED KINGDOM</p> </li> <li> <p>\"UY\" - URUGUAY</p> </li> <li> <p>\"VE\" - VENEZUELA</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes a supplementary feature of a dataset group. This object is part of the <a>InputDataConfig</a> object. Forecast supports the Weather Index and Holidays built-in featurizations.</p> <p> <b>Weather Index</b> </p> <p>The Amazon Forecast Weather Index is a built-in featurization that incorporates historical and projected weather information into your model. The Weather Index supplements your datasets with over two years of historical weather data and up to 14 days of projected weather data. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/weather.html\">Amazon Forecast Weather Index</a>.</p> <p> <b>Holidays</b> </p> <p>Holidays is a built-in featurization that incorporates a feature-engineered dataset of national holiday information into your model. It provides native support for the holiday calendars of 66 countries. To view the holiday calendars, refer to the <a href=\"http://jollyday.sourceforge.net/data.html\">Jollyday</a> library. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/holidays.html\">Holidays Featurization</a>.</p>"
+      "documentation":"<note> <p>This object belongs to the <a>CreatePredictor</a> operation. If you created your predictor with <a>CreateAutoPredictor</a>, see <a>AdditionalDataset</a>.</p> </note> <p>Describes a supplementary feature of a dataset group. This object is part of the <a>InputDataConfig</a> object. Forecast supports the Weather Index and Holidays built-in featurizations.</p> <p> <b>Weather Index</b> </p> <p>The Amazon Forecast Weather Index is a built-in featurization that incorporates historical and projected weather information into your model. The Weather Index supplements your datasets with over two years of historical weather data and up to 14 days of projected weather data. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/weather.html\">Amazon Forecast Weather Index</a>.</p> <p> <b>Holidays</b> </p> <p>Holidays is a built-in featurization that incorporates a feature-engineered dataset of national holiday information into your model. It provides native support for the holiday calendars of 66 countries. To view the holiday calendars, refer to the <a href=\"http://jollyday.sourceforge.net/data.html\">Jollyday</a> library. For more information, see <a href=\"https://docs.aws.amazon.com/forecast/latest/dg/holidays.html\">Holidays Featurization</a>.</p>"
     },
     "SupplementaryFeatures":{
       "type":"list",
@@ -2641,7 +3437,7 @@
       "members":{
         "ResourceArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are Forecast dataset groups, datasets, dataset import jobs, predictors, forecasts, and forecast export jobs.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. </p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -2697,6 +3493,20 @@
       "type":"list",
       "member":{"shape":"WindowSummary"}
     },
+    "TimePointGranularity":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "SPECIFIC"
+      ]
+    },
+    "TimeSeriesGranularity":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "SPECIFIC"
+      ]
+    },
     "TimeZone":{
       "type":"string",
       "max":256,
@@ -2715,6 +3525,13 @@
       "max":100,
       "min":0
     },
+    "Transformations":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"Value"},
+      "max":20,
+      "min":1
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -2724,7 +3541,7 @@
       "members":{
         "ResourceArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. Currently, the supported resources are Forecast dataset groups, datasets, dataset import jobs, predictors, forecasts, and forecast exports.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) that identifies the resource for which to list the tags. </p>"
         },
         "TagKeys":{
           "shape":"TagKeys",
diff --git a/contrib/python/botocore/py3/botocore/data/frauddetector/2019-11-15/service-2.json b/contrib/python/botocore/py3/botocore/data/frauddetector/2019-11-15/service-2.json
index 670c9782d12..30d0118d912 100644
--- a/contrib/python/botocore/py3/botocore/data/frauddetector/2019-11-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/frauddetector/2019-11-15/service-2.json
@@ -619,6 +619,23 @@
       ],
       "documentation":"<p>Evaluates an event against a detector version. If a version ID is not provided, the detector’s (<code>ACTIVE</code>) version is used.</p>"
     },
+    "GetEventPredictionMetadata":{
+      "name":"GetEventPredictionMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetEventPredictionMetadataRequest"},
+      "output":{"shape":"GetEventPredictionMetadataResult"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Gets details of the past fraud predictions for the specified event ID, event type, detector ID, and detector version ID that was generated in the specified time period. </p>"
+    },
     "GetEventTypes":{
       "name":"GetEventTypes",
       "http":{
@@ -770,6 +787,22 @@
       ],
       "documentation":"<p>Gets all of the variables or the specific variable. This is a paginated API. Providing null <code>maxSizePerPage</code> results in retrieving maximum of 100 records per page. If you provide <code>maxSizePerPage</code> the value must be between 50 and 100. To get the next page result, a provide a pagination token from <code>GetVariablesResult</code> as part of your request. Null pagination token fetches the records from the beginning. </p>"
     },
+    "ListEventPredictions":{
+      "name":"ListEventPredictions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEventPredictionsRequest"},
+      "output":{"shape":"ListEventPredictionsResult"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets a list of past predictions. The list can be filtered by detector ID, detector version ID, event ID, event type, or by specifying a time period. If filter is not specified, the most recent prediction is returned.</p> <p>For example, the following filter lists all past predictions for <code>xyz</code> event type - <code>{ \"eventType\":{ \"value\": \"xyz\" }” } </code> </p> <p>This is a paginated API. If you provide a null <code>maxResults</code>, this action will retrieve a maximum of 10 records per page. If you provide a <code>maxResults</code>, the value must be between 50 and 100. To get the next page results, provide the <code>nextToken</code> from the response as part of your request. A null <code>nextToken</code> fetches the records from the beginning. </p>"
+    },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
       "http":{
@@ -1379,6 +1412,7 @@
       "type":"list",
       "member":{"shape":"BatchPrediction"}
     },
+    "Boolean":{"type":"boolean"},
     "CancelBatchImportJobRequest":{
       "type":"structure",
       "required":["jobId"],
@@ -2257,6 +2291,88 @@
       },
       "documentation":"<p>The entity type details.</p>"
     },
+    "EvaluatedExternalModel":{
+      "type":"structure",
+      "members":{
+        "modelEndpoint":{
+          "shape":"string",
+          "documentation":"<p> The endpoint of the external (Amazon Sagemaker) model. </p>"
+        },
+        "useEventVariables":{
+          "shape":"Boolean",
+          "documentation":"<p> Indicates whether event variables were used to generate predictions. </p>"
+        },
+        "inputVariables":{
+          "shape":"MapOfStrings",
+          "documentation":"<p> Input variables use for generating predictions. </p>"
+        },
+        "outputVariables":{
+          "shape":"MapOfStrings",
+          "documentation":"<p> Output variables. </p>"
+        }
+      },
+      "documentation":"<p> The details of the external (Amazon Sagemaker) model evaluated for generating predictions. </p>"
+    },
+    "EvaluatedModelVersion":{
+      "type":"structure",
+      "members":{
+        "modelId":{
+          "shape":"string",
+          "documentation":"<p> The model ID. </p>"
+        },
+        "modelVersion":{
+          "shape":"string",
+          "documentation":"<p> The model version. </p>"
+        },
+        "modelType":{
+          "shape":"string",
+          "documentation":"<p>The model type. </p> <p>Valid values: <code>ONLINE_FRAUD_INSIGHTS</code> | <code>TRANSACTION_FRAUD_INSIGHTS</code> </p>"
+        },
+        "evaluations":{
+          "shape":"ListOfModelVersionEvaluations",
+          "documentation":"<p> Evaluations generated for the model version. </p>"
+        }
+      },
+      "documentation":"<p> The model version evaluated for generating prediction. </p>"
+    },
+    "EvaluatedRule":{
+      "type":"structure",
+      "members":{
+        "ruleId":{
+          "shape":"identifier",
+          "documentation":"<p> The rule ID. </p>"
+        },
+        "ruleVersion":{
+          "shape":"wholeNumberVersionString",
+          "documentation":"<p> The rule version. </p>"
+        },
+        "expression":{
+          "shape":"sensitiveString",
+          "documentation":"<p> The rule expression. </p>"
+        },
+        "expressionWithValues":{
+          "shape":"sensitiveString",
+          "documentation":"<p> The rule expression value. </p>"
+        },
+        "outcomes":{
+          "shape":"ListOfStrings",
+          "documentation":"<p> The rule outcome. </p>"
+        },
+        "evaluated":{
+          "shape":"Boolean",
+          "documentation":"<p> Indicates whether the rule was evaluated. </p>"
+        },
+        "matched":{
+          "shape":"Boolean",
+          "documentation":"<p> Indicates whether the rule matched. </p>"
+        }
+      },
+      "documentation":"<p> The details of the rule used for evaluating variable values. </p>"
+    },
+    "EvaluatedRuleList":{
+      "type":"list",
+      "member":{"shape":"EvaluatedRule"}
+    },
     "Event":{
       "type":"structure",
       "members":{
@@ -2303,6 +2419,42 @@
         "DISABLED"
       ]
     },
+    "EventPredictionSummary":{
+      "type":"structure",
+      "members":{
+        "eventId":{
+          "shape":"identifier",
+          "documentation":"<p> The event ID. </p>"
+        },
+        "eventTypeName":{
+          "shape":"identifier",
+          "documentation":"<p> The event type. </p>"
+        },
+        "eventTimestamp":{
+          "shape":"time",
+          "documentation":"<p> The timestamp of the event. </p>"
+        },
+        "predictionTimestamp":{
+          "shape":"time",
+          "documentation":"<p> The timestamp when the prediction was generated. </p>"
+        },
+        "detectorId":{
+          "shape":"identifier",
+          "documentation":"<p> The detector ID. </p>"
+        },
+        "detectorVersionId":{
+          "shape":"wholeNumberVersionString",
+          "documentation":"<p> The detector version ID. </p>"
+        }
+      },
+      "documentation":"<p> Information about the summary of an event prediction. </p>"
+    },
+    "EventPredictionsMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":50
+    },
     "EventType":{
       "type":"structure",
       "members":{
@@ -2356,6 +2508,24 @@
       "value":{"shape":"variableValue"},
       "min":1
     },
+    "EventVariableSummary":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"sensitiveString",
+          "documentation":"<p> The event variable name. </p>"
+        },
+        "value":{
+          "shape":"sensitiveString",
+          "documentation":"<p> The value of the event variable. </p>"
+        },
+        "source":{
+          "shape":"sensitiveString",
+          "documentation":"<p> The event variable source. </p>"
+        }
+      },
+      "documentation":"<p> Information about the summary of an event variable that was evaluated for generating prediction. </p>"
+    },
     "ExternalEventsDetail":{
       "type":"structure",
       "required":[
@@ -2509,6 +2679,16 @@
       },
       "documentation":"<p>The message details.</p>"
     },
+    "FilterCondition":{
+      "type":"structure",
+      "members":{
+        "value":{
+          "shape":"filterString",
+          "documentation":"<p> A statement containing a resource property and a value to specify filter condition. </p>"
+        }
+      },
+      "documentation":"<p> A conditional statement for filtering a list of past predictions. </p>"
+    },
     "GetBatchImportJobsRequest":{
       "type":"structure",
       "members":{
@@ -2718,6 +2898,103 @@
         }
       }
     },
+    "GetEventPredictionMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "eventId",
+        "eventTypeName",
+        "detectorId",
+        "detectorVersionId",
+        "predictionTimestamp"
+      ],
+      "members":{
+        "eventId":{
+          "shape":"identifier",
+          "documentation":"<p> The event ID. </p>"
+        },
+        "eventTypeName":{
+          "shape":"identifier",
+          "documentation":"<p> The event type associated with the detector specified for the prediction. </p>"
+        },
+        "detectorId":{
+          "shape":"identifier",
+          "documentation":"<p> The detector ID. </p>"
+        },
+        "detectorVersionId":{
+          "shape":"wholeNumberVersionString",
+          "documentation":"<p> The detector version ID. </p>"
+        },
+        "predictionTimestamp":{
+          "shape":"time",
+          "documentation":"<p> The timestamp that defines when the prediction was generated. </p>"
+        }
+      }
+    },
+    "GetEventPredictionMetadataResult":{
+      "type":"structure",
+      "members":{
+        "eventId":{
+          "shape":"identifier",
+          "documentation":"<p> The event ID. </p>"
+        },
+        "eventTypeName":{
+          "shape":"identifier",
+          "documentation":"<p> The event type associated with the detector specified for this prediction. </p>"
+        },
+        "entityId":{
+          "shape":"string",
+          "documentation":"<p> The entity ID. </p>"
+        },
+        "entityType":{
+          "shape":"string",
+          "documentation":"<p> The entity type. </p>"
+        },
+        "eventTimestamp":{
+          "shape":"time",
+          "documentation":"<p> The timestamp for when the prediction was generated for the associated event ID. </p>"
+        },
+        "detectorId":{
+          "shape":"identifier",
+          "documentation":"<p> The detector ID. </p>"
+        },
+        "detectorVersionId":{
+          "shape":"wholeNumberVersionString",
+          "documentation":"<p> The detector version ID. </p>"
+        },
+        "detectorVersionStatus":{
+          "shape":"string",
+          "documentation":"<p> The status of the detector version. </p>"
+        },
+        "eventVariables":{
+          "shape":"ListOfEventVariableSummaries",
+          "documentation":"<p> A list of event variables that influenced the prediction scores. </p>"
+        },
+        "rules":{
+          "shape":"EvaluatedRuleList",
+          "documentation":"<p> List of rules associated with the detector version that were used for evaluating variable values. </p>"
+        },
+        "ruleExecutionMode":{
+          "shape":"RuleExecutionMode",
+          "documentation":"<p> The execution mode of the rule used for evaluating variable values. </p>"
+        },
+        "outcomes":{
+          "shape":"ListOfStrings",
+          "documentation":"<p> The outcomes of the matched rule, based on the rule execution mode. </p>"
+        },
+        "evaluatedModelVersions":{
+          "shape":"ListOfEvaluatedModelVersions",
+          "documentation":"<p> Model versions that were evaluated for generating predictions. </p>"
+        },
+        "evaluatedExternalModels":{
+          "shape":"ListOfEvaluatedExternalModels",
+          "documentation":"<p> External (Amazon SageMaker) models that were evaluated for generating predictions. </p>"
+        },
+        "predictionTimestamp":{
+          "shape":"time",
+          "documentation":"<p>The timestamp that defines when the prediction was generated. </p>"
+        }
+      }
+    },
     "GetEventPredictionRequest":{
       "type":"structure",
       "required":[
@@ -3233,6 +3510,68 @@
       "type":"string",
       "enum":["DETECTORPL"]
     },
+    "ListEventPredictionsRequest":{
+      "type":"structure",
+      "members":{
+        "eventId":{
+          "shape":"FilterCondition",
+          "documentation":"<p> The event ID. </p>"
+        },
+        "eventType":{
+          "shape":"FilterCondition",
+          "documentation":"<p> The event type associated with the detector. </p>"
+        },
+        "detectorId":{
+          "shape":"FilterCondition",
+          "documentation":"<p> The detector ID. </p>"
+        },
+        "detectorVersionId":{
+          "shape":"FilterCondition",
+          "documentation":"<p> The detector version ID. </p>"
+        },
+        "predictionTimeRange":{
+          "shape":"PredictionTimeRange",
+          "documentation":"<p> The time period for when the predictions were generated. </p>"
+        },
+        "nextToken":{
+          "shape":"string",
+          "documentation":"<p> Identifies the next page of results to return. Use the token to make the call again to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. </p>"
+        },
+        "maxResults":{
+          "shape":"EventPredictionsMaxResults",
+          "documentation":"<p> The maximum number of predictions to return for the request. </p>"
+        }
+      }
+    },
+    "ListEventPredictionsResult":{
+      "type":"structure",
+      "members":{
+        "eventPredictionSummaries":{
+          "shape":"ListOfEventPredictionSummaries",
+          "documentation":"<p> The summary of the past predictions. </p>"
+        },
+        "nextToken":{
+          "shape":"string",
+          "documentation":"<p> Identifies the next page of results to return. Use the token to make the call again to retrieve the next page. Keep all other arguments unchanged. Each pagination token expires after 24 hours. </p>"
+        }
+      }
+    },
+    "ListOfEvaluatedExternalModels":{
+      "type":"list",
+      "member":{"shape":"EvaluatedExternalModel"}
+    },
+    "ListOfEvaluatedModelVersions":{
+      "type":"list",
+      "member":{"shape":"EvaluatedModelVersion"}
+    },
+    "ListOfEventPredictionSummaries":{
+      "type":"list",
+      "member":{"shape":"EventPredictionSummary"}
+    },
+    "ListOfEventVariableSummaries":{
+      "type":"list",
+      "member":{"shape":"EventVariableSummary"}
+    },
     "ListOfExternalModelOutputs":{
       "type":"list",
       "member":{"shape":"ExternalModelOutputs"}
@@ -3245,6 +3584,10 @@
       "type":"list",
       "member":{"shape":"ModelScores"}
     },
+    "ListOfModelVersionEvaluations":{
+      "type":"list",
+      "member":{"shape":"ModelVersionEvaluation"}
+    },
     "ListOfModelVersions":{
       "type":"list",
       "member":{"shape":"ModelVersion"}
@@ -3312,6 +3655,12 @@
       "documentation":"<p>The log odds metric details.</p>"
     },
     "Long":{"type":"long"},
+    "MapOfStrings":{
+      "type":"map",
+      "key":{"shape":"string"},
+      "value":{"shape":"string"},
+      "sensitive":true
+    },
     "MetricDataPoint":{
       "type":"structure",
       "members":{
@@ -3560,6 +3909,24 @@
       },
       "documentation":"<p>The details of the model version.</p>"
     },
+    "ModelVersionEvaluation":{
+      "type":"structure",
+      "members":{
+        "outputVariableName":{
+          "shape":"string",
+          "documentation":"<p> The output variable name. </p>"
+        },
+        "evaluationScore":{
+          "shape":"string",
+          "documentation":"<p> The evaluation score generated for the model version. </p>"
+        },
+        "predictionExplanations":{
+          "shape":"PredictionExplanations",
+          "documentation":"<p> The prediction explanations generated for the model version. </p>"
+        }
+      },
+      "documentation":"<p> The model version evalutions. </p>"
+    },
     "ModelVersionStatus":{
       "type":"string",
       "enum":[
@@ -3615,6 +3982,34 @@
       "max":100,
       "min":50
     },
+    "PredictionExplanations":{
+      "type":"structure",
+      "members":{
+        "variableImpactExplanations":{
+          "shape":"listOfVariableImpactExplanations",
+          "documentation":"<p> The details of the event variable's impact on the prediction score. </p>"
+        }
+      },
+      "documentation":"<p> The prediction explanations that provide insight into how each event variable impacted the model version's fraud prediction score. </p>"
+    },
+    "PredictionTimeRange":{
+      "type":"structure",
+      "required":[
+        "startTime",
+        "endTime"
+      ],
+      "members":{
+        "startTime":{
+          "shape":"time",
+          "documentation":"<p> The start time of the time period for when the predictions were generated. </p>"
+        },
+        "endTime":{
+          "shape":"time",
+          "documentation":"<p> The end time of the time period for when the predictions were generated. </p>"
+        }
+      },
+      "documentation":"<p> The time period for when the predictions were generated. </p>"
+    },
     "PutDetectorRequest":{
       "type":"structure",
       "required":[
@@ -4547,6 +4942,24 @@
       "max":25,
       "min":1
     },
+    "VariableImpactExplanation":{
+      "type":"structure",
+      "members":{
+        "eventVariableName":{
+          "shape":"string",
+          "documentation":"<p> The event variable name. </p>"
+        },
+        "relativeImpact":{
+          "shape":"string",
+          "documentation":"<p> The event variable's relative impact in terms of magnitude on the prediction scores. The relative impact values consist of a numerical rating (0-5, 5 being the highest) and direction (increased/decreased) impact of the fraud risk. </p>"
+        },
+        "logOddsImpact":{
+          "shape":"float",
+          "documentation":"<p> The raw, uninterpreted value represented as log-odds of the fraud. These values are usually between -10 to +10, but range from - infinity to + infinity.</p> <ul> <li> <p>A positive value indicates that the variable drove the risk score up.</p> </li> <li> <p>A negative value indicates that the variable drove the risk score down.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p> The details of the event variable's impact on the prediction score. </p>"
+    },
     "VariableImportanceMetrics":{
       "type":"structure",
       "members":{
@@ -4635,6 +5048,12 @@
       "type":"list",
       "member":{"shape":"FileValidationMessage"}
     },
+    "filterString":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^[0-9A-Za-z_-]+$"
+    },
     "float":{"type":"float"},
     "floatVersionString":{
       "type":"string",
@@ -4680,6 +5099,10 @@
       "type":"list",
       "member":{"shape":"Entity"}
     },
+    "listOfVariableImpactExplanations":{
+      "type":"list",
+      "member":{"shape":"VariableImpactExplanation"}
+    },
     "metricDataPointsList":{
       "type":"list",
       "member":{"shape":"MetricDataPoint"}
@@ -4727,6 +5150,10 @@
       "min":1,
       "pattern":"^[0-9A-Za-z_-]+$"
     },
+    "sensitiveString":{
+      "type":"string",
+      "sensitive":true
+    },
     "string":{"type":"string"},
     "tagKey":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/fsx/2018-03-01/service-2.json b/contrib/python/botocore/py3/botocore/data/fsx/2018-03-01/service-2.json
index da41d49e555..911056387da 100644
--- a/contrib/python/botocore/py3/botocore/data/fsx/2018-03-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/fsx/2018-03-01/service-2.json
@@ -67,7 +67,7 @@
         {"shape":"SourceBackupUnavailable"},
         {"shape":"IncompatibleRegionForMultiAZ"}
       ],
-      "documentation":"<p>Copies an existing backup within the same Amazon Web Services account to another Amazon Web Services Region (cross-Region copy) or within the same Amazon Web Services Region (in-Region copy). You can have up to five backup copy requests in progress to a single destination Region per account.</p> <p>You can use cross-Region backup copies for cross-region disaster recovery. You periodically take backups and copy them to another Region so that in the event of a disaster in the primary Region, you can restore from backup and recover availability quickly in the other Region. You can make cross-Region copies only within your Amazon Web Services partition.</p> <p> You can also use backup copies to clone your file data set to another Region or within the same Region.</p> <p>You can use the <code>SourceRegion</code> parameter to specify the Amazon Web Services Region from which the backup will be copied. For example, if you make the call from the <code>us-west-1</code> Region and want to copy a backup from the <code>us-east-2</code> Region, you specify <code>us-east-2</code> in the <code>SourceRegion</code> parameter to make a cross-Region copy. If you don't specify a Region, the backup copy is created in the same Region where the request is sent from (in-Region copy).</p> <p>For more information on creating backup copies, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups\"> Copying backups</a> in the <i>Amazon FSx for Windows User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html#copy-backups\">Copying backups</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p>",
+      "documentation":"<p>Copies an existing backup within the same Amazon Web Services account to another Amazon Web Services Region (cross-Region copy) or within the same Amazon Web Services Region (in-Region copy). You can have up to five backup copy requests in progress to a single destination Region per account.</p> <p>You can use cross-Region backup copies for cross-Region disaster recovery. You can periodically take backups and copy them to another Region so that in the event of a disaster in the primary Region, you can restore from backup and recover availability quickly in the other Region. You can make cross-Region copies only within your Amazon Web Services partition. A partition is a grouping of Regions. Amazon Web Services currently has three partitions: <code>aws</code> (Standard Regions), <code>aws-cn</code> (China Regions), and <code>aws-us-gov</code> (Amazon Web Services GovCloud [US] Regions).</p> <p>You can also use backup copies to clone your file dataset to another Region or within the same Region.</p> <p>You can use the <code>SourceRegion</code> parameter to specify the Amazon Web Services Region from which the backup will be copied. For example, if you make the call from the <code>us-west-1</code> Region and want to copy a backup from the <code>us-east-2</code> Region, you specify <code>us-east-2</code> in the <code>SourceRegion</code> parameter to make a cross-Region copy. If you don't specify a Region, the backup copy is created in the same Region where the request is sent from (in-Region copy).</p> <p>For more information about creating backup copies, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html#copy-backups\"> Copying backups</a> in the <i>Amazon FSx for Windows User Guide</i>, <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html#copy-backups\">Copying backups</a> in the <i>Amazon FSx for Lustre User Guide</i>, and <a href=\"https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/using-backups.html#copy-backups\">Copying backups</a> in the <i>Amazon FSx for OpenZFS User Guide</i>.</p>",
       "idempotent":true
     },
     "CreateBackup":{
@@ -88,7 +88,26 @@
         {"shape":"ServiceLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Creates a backup of an existing Amazon FSx for Windows File Server or Amazon FSx for Lustre file system, or of an Amazon FSx for NetApp ONTAP volume. Creating regular backups is a best practice, enabling you to restore a file system or volume from a backup if an issue arises with the original file system or volume.</p> <p>For Amazon FSx for Lustre file systems, you can create a backup only for file systems with the following configuration:</p> <ul> <li> <p>a Persistent deployment type</p> </li> <li> <p>is <i>not</i> linked to a data repository.</p> </li> </ul> <p>For more information about backups, see the following:</p> <ul> <li> <p>For Amazon FSx for Lustre, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html\">Working with FSx for Lustre backups</a>.</p> </li> <li> <p>For Amazon FSx for Windows, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html\">Working with FSx for Windows backups</a>.</p> </li> <li> <p>For Amazon FSx for NetApp ONTAP, see <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/using-backups.html\">Working with FSx for NetApp ONTAP backups</a>.</p> </li> </ul> <p>If a backup with the specified client request token exists, and the parameters match, this operation returns the description of the existing backup. If a backup specified client request token exists, and the parameters don't match, this operation returns <code>IncompatibleParameterError</code>. If a backup with the specified client request token doesn't exist, <code>CreateBackup</code> does the following: </p> <ul> <li> <p>Creates a new Amazon FSx backup with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the backup.</p> </li> </ul> <p>By using the idempotent operation, you can retry a <code>CreateBackup</code> operation without the risk of creating an extra backup. This approach can be useful when an initial call fails in a way that makes it unclear whether a backup was created. If you use the same client request token and the initial call created a backup, the operation returns a successful result because all the parameters are the same.</p> <p>The <code>CreateBackup</code> operation returns while the backup's lifecycle state is still <code>CREATING</code>. You can check the backup creation status by calling the <a>DescribeBackups</a> operation, which returns the backup state along with other information.</p>",
+      "documentation":"<p>Creates a backup of an existing Amazon FSx for Windows File Server file system, Amazon FSx for Lustre file system, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS file system. We recommend creating regular backups so that you can restore a file system or volume from a backup if an issue arises with the original file system or volume.</p> <p>For Amazon FSx for Lustre file systems, you can create a backup only for file systems that have the following configuration:</p> <ul> <li> <p>A Persistent deployment type</p> </li> <li> <p>Are <i>not</i> linked to a data repository</p> </li> </ul> <p>For more information about backups, see the following:</p> <ul> <li> <p>For Amazon FSx for Lustre, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html\">Working with FSx for Lustre backups</a>.</p> </li> <li> <p>For Amazon FSx for Windows, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html\">Working with FSx for Windows backups</a>.</p> </li> <li> <p>For Amazon FSx for NetApp ONTAP, see <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/using-backups.html\">Working with FSx for NetApp ONTAP backups</a>.</p> </li> <li> <p>For Amazon FSx for OpenZFS, see <a href=\"https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/using-backups.html\">Working with FSx for OpenZFS backups</a>.</p> </li> </ul> <p>If a backup with the specified client request token exists and the parameters match, this operation returns the description of the existing backup. If a backup with the specified client request token exists and the parameters don't match, this operation returns <code>IncompatibleParameterError</code>. If a backup with the specified client request token doesn't exist, <code>CreateBackup</code> does the following: </p> <ul> <li> <p>Creates a new Amazon FSx backup with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the backup.</p> </li> </ul> <p>By using the idempotent operation, you can retry a <code>CreateBackup</code> operation without the risk of creating an extra backup. This approach can be useful when an initial call fails in a way that makes it unclear whether a backup was created. If you use the same client request token and the initial call created a backup, the operation returns a successful result because all the parameters are the same.</p> <p>The <code>CreateBackup</code> operation returns while the backup's lifecycle state is still <code>CREATING</code>. You can check the backup creation status by calling the <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeBackups.html\">DescribeBackups</a> operation, which returns the backup state along with other information.</p>",
+      "idempotent":true
+    },
+    "CreateDataRepositoryAssociation":{
+      "name":"CreateDataRepositoryAssociation",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateDataRepositoryAssociationRequest"},
+      "output":{"shape":"CreateDataRepositoryAssociationResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"UnsupportedOperation"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"IncompatibleParameterError"},
+        {"shape":"ServiceLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported only for file systems with the <code>Persistent_2</code> deployment type.</p> <p>Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-dra-linked-data-repo.html\">Linking your file system to an S3 bucket</a>.</p>",
       "idempotent":true
     },
     "CreateDataRepositoryTask":{
@@ -108,7 +127,7 @@
         {"shape":"InternalServerError"},
         {"shape":"DataRepositoryTaskExecuting"}
       ],
-      "documentation":"<p>Creates an Amazon FSx for Lustre data repository task. You use data repository tasks to perform bulk operations between your Amazon FSx file system and its linked data repository. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to its linked data repository. A <code>CreateDataRepositoryTask</code> operation will fail if a data repository is not linked to the FSx file system. To learn more about data repository tasks, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-repository-tasks.html\">Data Repository Tasks</a>. To learn more about linking a data repository to your file system, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-fs-linked-data-repo.html\">Linking your file system to an S3 bucket</a>.</p>",
+      "documentation":"<p>Creates an Amazon FSx for Lustre data repository task. You use data repository tasks to perform bulk operations between your Amazon FSx file system and its linked data repositories. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to a linked data repository. A <code>CreateDataRepositoryTask</code> operation will fail if a data repository is not linked to the FSx file system. To learn more about data repository tasks, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-repository-tasks.html\">Data Repository Tasks</a>. To learn more about linking a data repository to your file system, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/create-dra-linked-data-repo.html\">Linking your file system to an S3 bucket</a>.</p>",
       "idempotent":true
     },
     "CreateFileSystem":{
@@ -131,7 +150,7 @@
         {"shape":"InternalServerError"},
         {"shape":"MissingFileSystemConfiguration"}
       ],
-      "documentation":"<p>Creates a new, empty Amazon FSx file system.</p> <p>If a file system with the specified client request token exists and the parameters match, <code>CreateFileSystem</code> returns the description of the existing file system. If a file system specified client request token exists and the parameters don't match, this call returns <code>IncompatibleParameterError</code>. If a file system with the specified client request token doesn't exist, <code>CreateFileSystem</code> does the following: </p> <ul> <li> <p>Creates a new, empty Amazon FSx file system with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the file system.</p> </li> </ul> <p>This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a <code>CreateFileSystem</code> operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.</p> <note> <p>The <code>CreateFileSystem</code> call returns while the file system's lifecycle state is still <code>CREATING</code>. You can check the file-system creation status by calling the <a>DescribeFileSystems</a> operation, which returns the file system state along with other information.</p> </note>"
+      "documentation":"<p>Creates a new, empty Amazon FSx file system. You can create the following supported Amazon FSx file systems using the <code>CreateFileSystem</code> API operation:</p> <ul> <li> <p>Amazon FSx for Lustre</p> </li> <li> <p>Amazon FSx for NetApp ONTAP</p> </li> <li> <p>Amazon FSx for OpenZFS</p> </li> <li> <p>Amazon FSx for Windows File Server</p> </li> </ul> <p>This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a <code>CreateFileSystem</code> operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.</p> <p>If a file system with the specified client request token exists and the parameters match, <code>CreateFileSystem</code> returns the description of the existing file system. If a file system with the specified client request token exists and the parameters don't match, this call returns <code>IncompatibleParameterError</code>. If a file system with the specified client request token doesn't exist, <code>CreateFileSystem</code> does the following: </p> <ul> <li> <p>Creates a new, empty Amazon FSx file system with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the file system.</p> </li> </ul> <p>This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a <code>CreateFileSystem</code> operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport-level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.</p> <note> <p>The <code>CreateFileSystem</code> call returns while the file system's lifecycle state is still <code>CREATING</code>. You can check the file-system creation status by calling the <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html\">DescribeFileSystems</a> operation, which returns the file system state along with other information.</p> </note>"
     },
     "CreateFileSystemFromBackup":{
       "name":"CreateFileSystemFromBackup",
@@ -152,7 +171,24 @@
         {"shape":"InternalServerError"},
         {"shape":"MissingFileSystemConfiguration"}
       ],
-      "documentation":"<p>Creates a new Amazon FSx for Lustre or Amazon FSx for Windows File Server file system from an existing Amazon FSx backup.</p> <p>If a file system with the specified client request token exists and the parameters match, this operation returns the description of the file system. If a client request token specified by the file system exists and the parameters don't match, this call returns <code>IncompatibleParameterError</code>. If a file system with the specified client request token doesn't exist, this operation does the following:</p> <ul> <li> <p>Creates a new Amazon FSx file system from backup with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the file system.</p> </li> </ul> <p>Parameters like Active Directory, default share name, automatic backup, and backup settings default to the parameters of the file system that was backed up, unless overridden. You can explicitly supply other settings.</p> <p>By using the idempotent operation, you can retry a <code>CreateFileSystemFromBackup</code> call without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.</p> <note> <p>The <code>CreateFileSystemFromBackup</code> call returns while the file system's lifecycle state is still <code>CREATING</code>. You can check the file-system creation status by calling the <a>DescribeFileSystems</a> operation, which returns the file system state along with other information.</p> </note>"
+      "documentation":"<p>Creates a new Amazon FSx for Lustre, Amazon FSx for Windows File Server, or Amazon FSx for OpenZFS file system from an existing Amazon FSx backup.</p> <p>If a file system with the specified client request token exists and the parameters match, this operation returns the description of the file system. If a client request token with the specified by the file system exists and the parameters don't match, this call returns <code>IncompatibleParameterError</code>. If a file system with the specified client request token doesn't exist, this operation does the following:</p> <ul> <li> <p>Creates a new Amazon FSx file system from backup with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the file system.</p> </li> </ul> <p>Parameters like the Active Directory, default share name, automatic backup, and backup settings default to the parameters of the file system that was backed up, unless overridden. You can explicitly supply other settings.</p> <p>By using the idempotent operation, you can retry a <code>CreateFileSystemFromBackup</code> call without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.</p> <note> <p>The <code>CreateFileSystemFromBackup</code> call returns while the file system's lifecycle state is still <code>CREATING</code>. You can check the file-system creation status by calling the <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html\"> DescribeFileSystems</a> operation, which returns the file system state along with other information.</p> </note>"
+    },
+    "CreateSnapshot":{
+      "name":"CreateSnapshot",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateSnapshotRequest"},
+      "output":{"shape":"CreateSnapshotResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"VolumeNotFound"},
+        {"shape":"ServiceLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Creates a snapshot of an existing Amazon FSx for OpenZFS file system. With snapshots, you can easily undo file changes and compare file versions by restoring the volume to a previous version.</p> <p>If a snapshot with the specified client request token exists, and the parameters match, this operation returns the description of the existing snapshot. If a snapshot with the specified client request token exists, and the parameters don't match, this operation returns <code>IncompatibleParameterError</code>. If a snapshot with the specified client request token doesn't exist, <code>CreateSnapshot</code> does the following: </p> <ul> <li> <p>Creates a new OpenZFS snapshot with an assigned ID, and an initial lifecycle state of <code>CREATING</code>.</p> </li> <li> <p>Returns the description of the snapshot.</p> </li> </ul> <p>By using the idempotent operation, you can retry a <code>CreateSnapshot</code> operation without the risk of creating an extra snapshot. This approach can be useful when an initial call fails in a way that makes it unclear whether a snapshot was created. If you use the same client request token and the initial call created a snapshot, the operation returns a successful result because all the parameters are the same.</p> <p>The <code>CreateSnapshot</code> operation returns while the snapshot's lifecycle state is still <code>CREATING</code>. You can check the snapshot creation status by calling the <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSnapshots.html\">DescribeSnapshots</a> operation, which returns the snapshot state along with other information. </p>",
+      "idempotent":true
     },
     "CreateStorageVirtualMachine":{
       "name":"CreateStorageVirtualMachine",
@@ -191,7 +227,7 @@
         {"shape":"StorageVirtualMachineNotFound"},
         {"shape":"UnsupportedOperation"}
       ],
-      "documentation":"<p>Creates an Amazon FSx for NetApp ONTAP storage volume.</p>"
+      "documentation":"<p>Creates an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS storage volume.</p>"
     },
     "CreateVolumeFromBackup":{
       "name":"CreateVolumeFromBackup",
@@ -230,7 +266,25 @@
         {"shape":"InternalServerError"},
         {"shape":"BackupBeingCopied"}
       ],
-      "documentation":"<p>Deletes an Amazon FSx backup, deleting its contents. After deletion, the backup no longer exists, and its data is gone.</p> <p>The <code>DeleteBackup</code> call returns instantly. The backup will not show up in later <code>DescribeBackups</code> calls.</p> <important> <p>The data in a deleted backup is also deleted and can't be recovered by any means.</p> </important>",
+      "documentation":"<p>Deletes an Amazon FSx backup. After deletion, the backup no longer exists, and its data is gone.</p> <p>The <code>DeleteBackup</code> call returns instantly. The backup won't show up in later <code>DescribeBackups</code> calls.</p> <important> <p>The data in a deleted backup is also deleted and can't be recovered by any means.</p> </important>",
+      "idempotent":true
+    },
+    "DeleteDataRepositoryAssociation":{
+      "name":"DeleteDataRepositoryAssociation",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteDataRepositoryAssociationRequest"},
+      "output":{"shape":"DeleteDataRepositoryAssociationResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"IncompatibleParameterError"},
+        {"shape":"DataRepositoryAssociationNotFound"},
+        {"shape":"ServiceLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Deletes a data repository association on an Amazon FSx for Lustre file system. Deleting the data repository association unlinks the file system from the Amazon S3 bucket. When deleting a data repository association, you have the option of deleting the data in the file system that corresponds to the data repository association. Data repository associations are supported only for file systems with the <code>Persistent_2</code> deployment type.</p>",
       "idempotent":true
     },
     "DeleteFileSystem":{
@@ -248,7 +302,23 @@
         {"shape":"ServiceLimitExceeded"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Deletes a file system, deleting its contents. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups will also be deleted.</p> <p>To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and SVMs on the file system. Then provide a <code>FileSystemId</code> value to the <code>DeleFileSystem</code> operation.</p> <p>By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup is not subject to the file system's retention policy, and must be manually deleted.</p> <p>The <code>DeleteFileSystem</code> action returns while the file system has the <code>DELETING</code> status. You can check the file system deletion status by calling the <a>DescribeFileSystems</a> action, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the <a>DescribeFileSystems</a> returns a <code>FileSystemNotFound</code> error.</p> <note> <p>Deleting an Amazon FSx for Lustre file system will fail with a 400 BadRequest if a data repository task is in a <code>PENDING</code> or <code>EXECUTING</code> state.</p> </note> <important> <p>The data in a deleted file system is also deleted and can't be recovered by any means.</p> </important>",
+      "documentation":"<p>Deletes a file system. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups and snapshots are also deleted.</p> <p>To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and storage virtual machines (SVMs) on the file system. Then provide a <code>FileSystemId</code> value to the <code>DeleFileSystem</code> operation.</p> <p>By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup isn't subject to the file system's retention policy, and must be manually deleted.</p> <p>The <code>DeleteFileSystem</code> operation returns while the file system has the <code>DELETING</code> status. You can check the file system deletion status by calling the <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html\">DescribeFileSystems</a> operation, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the <code>DescribeFileSystems</code> operation returns a <code>FileSystemNotFound</code> error.</p> <note> <p>If a data repository task is in a <code>PENDING</code> or <code>EXECUTING</code> state, deleting an Amazon FSx for Lustre file system will fail with an HTTP status code 400 (Bad Request).</p> </note> <important> <p>The data in a deleted file system is also deleted and can't be recovered by any means.</p> </important>",
+      "idempotent":true
+    },
+    "DeleteSnapshot":{
+      "name":"DeleteSnapshot",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteSnapshotRequest"},
+      "output":{"shape":"DeleteSnapshotResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"InternalServerError"},
+        {"shape":"SnapshotNotFound"}
+      ],
+      "documentation":"<p>Deletes the Amazon FSx snapshot. After deletion, the snapshot no longer exists, and its data is gone. Deleting a snapshot doesn't affect snapshots stored in a file system backup. </p> <p>The <code>DeleteSnapshot</code> operation returns instantly. The snapshot appears with the lifecycle status of <code>DELETING</code> until the deletion is complete.</p>",
       "idempotent":true
     },
     "DeleteStorageVirtualMachine":{
@@ -281,7 +351,7 @@
         {"shape":"InternalServerError"},
         {"shape":"VolumeNotFound"}
       ],
-      "documentation":"<p>Deletes an Amazon FSx for NetApp ONTAP volume. When deleting a volume, you have the option of creating a final backup. If you create a final backup, you have the option to apply Tags to the backup. You need to have <code>fsx:TagResource</code> permission in order to apply tags to the backup.</p>"
+      "documentation":"<p>Deletes an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume.</p>"
     },
     "DescribeBackups":{
       "name":"DescribeBackups",
@@ -298,7 +368,25 @@
         {"shape":"BackupNotFound"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the description of specific Amazon FSx backups, if a <code>BackupIds</code> value is provided for that backup. Otherwise, it returns all backups owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all backups, you can optionally specify the <code>MaxResults</code> parameter to limit the number of backups in a response. If more backups remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response.</p> <p>This action is used in an iterative process to retrieve a list of your backups. <code>DescribeBackups</code> is called first without a <code>NextToken</code>value. Then the action continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code>.</p> <p>When using this action, keep the following in mind:</p> <ul> <li> <p>The implementation might return fewer than <code>MaxResults</code> backup descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of backups returned in the response of one <code>DescribeBackups</code> call and the order of backups returned across the responses of a multi-call iteration is unspecified.</p> </li> </ul>"
+      "documentation":"<p>Returns the description of a specific Amazon FSx backup, if a <code>BackupIds</code> value is provided for that backup. Otherwise, it returns all backups owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all backups, you can optionally specify the <code>MaxResults</code> parameter to limit the number of backups in a response. If more backups remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of the <code>NextToken</code> value from the last response.</p> <p>This operation is used in an iterative process to retrieve a list of your backups. <code>DescribeBackups</code> is called first without a <code>NextToken</code> value. Then the operation continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code> value.</p> <p>When using this operation, keep the following in mind:</p> <ul> <li> <p>The operation might return fewer than the <code>MaxResults</code> value of backup descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of the backups returned in the response of one <code>DescribeBackups</code> call and the order of the backups returned across the responses of a multi-call iteration is unspecified.</p> </li> </ul>"
+    },
+    "DescribeDataRepositoryAssociations":{
+      "name":"DescribeDataRepositoryAssociations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeDataRepositoryAssociationsRequest"},
+      "output":{"shape":"DescribeDataRepositoryAssociationsResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"DataRepositoryAssociationNotFound"},
+        {"shape":"InvalidDataRepositoryType"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Returns the description of specific Amazon FSx for Lustre data repository associations, if one or more <code>AssociationIds</code> values are provided in the request, or if filters are used in the request. Data repository associations are supported only for file systems with the <code>Persistent_2</code> deployment type.</p> <p>You can use filters to narrow the response to include just data repository associations for specific file systems (use the <code>file-system-id</code> filter with the ID of the file system) or data repository associations for a specific repository type (use the <code>data-repository-type</code> filter with a value of <code>S3</code>). If you don't use filters, the response returns all data repository associations owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all data repository associations, you can paginate the response by using the optional <code>MaxResults</code> parameter to limit the number of data repository associations returned in a response. If more data repository associations remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response.</p>",
+      "idempotent":true
     },
     "DescribeDataRepositoryTasks":{
       "name":"DescribeDataRepositoryTasks",
@@ -344,7 +432,22 @@
         {"shape":"FileSystemNotFound"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the description of specific Amazon FSx file systems, if a <code>FileSystemIds</code> value is provided for that file system. Otherwise, it returns descriptions of all file systems owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all file system descriptions, you can optionally specify the <code>MaxResults</code> parameter to limit the number of descriptions in a response. If more file system descriptions remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response.</p> <p>This action is used in an iterative process to retrieve a list of your file system descriptions. <code>DescribeFileSystems</code> is called first without a <code>NextToken</code>value. Then the action continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code>.</p> <p>When using this action, keep the following in mind:</p> <ul> <li> <p>The implementation might return fewer than <code>MaxResults</code> file system descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of file systems returned in the response of one <code>DescribeFileSystems</code> call and the order of file systems returned across the responses of a multicall iteration is unspecified.</p> </li> </ul>"
+      "documentation":"<p>Returns the description of specific Amazon FSx file systems, if a <code>FileSystemIds</code> value is provided for that file system. Otherwise, it returns descriptions of all file systems owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all file system descriptions, you can optionally specify the <code>MaxResults</code> parameter to limit the number of descriptions in a response. If more file system descriptions remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response.</p> <p>This operation is used in an iterative process to retrieve a list of your file system descriptions. <code>DescribeFileSystems</code> is called first without a <code>NextToken</code>value. Then the operation continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code>.</p> <p>When using this operation, keep the following in mind:</p> <ul> <li> <p>The implementation might return fewer than <code>MaxResults</code> file system descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of file systems returned in the response of one <code>DescribeFileSystems</code> call and the order of file systems returned across the responses of a multicall iteration is unspecified.</p> </li> </ul>"
+    },
+    "DescribeSnapshots":{
+      "name":"DescribeSnapshots",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeSnapshotsRequest"},
+      "output":{"shape":"DescribeSnapshotsResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"InternalServerError"},
+        {"shape":"SnapshotNotFound"}
+      ],
+      "documentation":"<p>Returns the description of specific Amazon FSx snapshots, if a <code>SnapshotIds</code> value is provided. Otherwise, this operation returns all snapshots owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.</p> <p>When retrieving all snapshots, you can optionally specify the <code>MaxResults</code> parameter to limit the number of snapshots in a response. If more backups remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response. </p> <p>Use this operation in an iterative process to retrieve a list of your snapshots. <code>DescribeSnapshots</code> is called first without a <code>NextToken</code> value. Then the operation continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code> value.</p> <p>When using this operation, keep the following in mind:</p> <ul> <li> <p>The operation might return fewer than the <code>MaxResults</code> value of snapshot descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of snapshots returned in the response of one <code>DescribeSnapshots</code> call and the order of backups returned across the responses of a multi-call iteration is unspecified. </p> </li> </ul>"
     },
     "DescribeStorageVirtualMachines":{
       "name":"DescribeStorageVirtualMachines",
@@ -374,7 +477,7 @@
         {"shape":"InternalServerError"},
         {"shape":"VolumeNotFound"}
       ],
-      "documentation":"<p>Describes one or more Amazon FSx for NetApp ONTAP volumes.</p>"
+      "documentation":"<p>Describes one or more Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volumes.</p>"
     },
     "DisassociateFileSystemAliases":{
       "name":"DisassociateFileSystemAliases",
@@ -408,6 +511,40 @@
       ],
       "documentation":"<p>Lists tags for an Amazon FSx file systems and backups in the case of Amazon FSx for Windows File Server.</p> <p>When retrieving all tags, you can optionally specify the <code>MaxResults</code> parameter to limit the number of tags in a response. If more tags remain, Amazon FSx returns a <code>NextToken</code> value in the response. In this case, send a later request with the <code>NextToken</code> request parameter set to the value of <code>NextToken</code> from the last response.</p> <p>This action is used in an iterative process to retrieve a list of your tags. <code>ListTagsForResource</code> is called first without a <code>NextToken</code>value. Then the action continues to be called with the <code>NextToken</code> parameter set to the value of the last <code>NextToken</code> value until a response has no <code>NextToken</code>.</p> <p>When using this action, keep the following in mind:</p> <ul> <li> <p>The implementation might return fewer than <code>MaxResults</code> file system descriptions while still including a <code>NextToken</code> value.</p> </li> <li> <p>The order of tags returned in the response of one <code>ListTagsForResource</code> call and the order of tags returned across the responses of a multi-call iteration is unspecified.</p> </li> </ul>"
     },
+    "ReleaseFileSystemNfsV3Locks":{
+      "name":"ReleaseFileSystemNfsV3Locks",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ReleaseFileSystemNfsV3LocksRequest"},
+      "output":{"shape":"ReleaseFileSystemNfsV3LocksResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"IncompatibleParameterError"},
+        {"shape":"FileSystemNotFound"},
+        {"shape":"ServiceLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Releases the file system lock from an Amazon FSx for OpenZFS file system.</p>",
+      "idempotent":true
+    },
+    "RestoreVolumeFromSnapshot":{
+      "name":"RestoreVolumeFromSnapshot",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RestoreVolumeFromSnapshotRequest"},
+      "output":{"shape":"RestoreVolumeFromSnapshotResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"InternalServerError"},
+        {"shape":"VolumeNotFound"}
+      ],
+      "documentation":"<p>Returns an Amazon FSx for OpenZFS volume to the state saved by the specified snapshot. </p>",
+      "idempotent":true
+    },
     "TagResource":{
       "name":"TagResource",
       "http":{
@@ -444,6 +581,24 @@
       "documentation":"<p>This action removes a tag from an Amazon FSx resource.</p>",
       "idempotent":true
     },
+    "UpdateDataRepositoryAssociation":{
+      "name":"UpdateDataRepositoryAssociation",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateDataRepositoryAssociationRequest"},
+      "output":{"shape":"UpdateDataRepositoryAssociationResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"IncompatibleParameterError"},
+        {"shape":"DataRepositoryAssociationNotFound"},
+        {"shape":"ServiceLimitExceeded"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Updates the configuration of an existing data repository association on an Amazon FSx for Lustre file system. Data repository associations are supported only for file systems with the <code>Persistent_2</code> deployment type.</p>",
+      "idempotent":true
+    },
     "UpdateFileSystem":{
       "name":"UpdateFileSystem",
       "http":{
@@ -461,7 +616,23 @@
         {"shape":"MissingFileSystemConfiguration"},
         {"shape":"ServiceLimitExceeded"}
       ],
-      "documentation":"<p>Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.</p> <p>For Amazon FSx for Windows File Server file systems, you can update the following properties:</p> <ul> <li> <p>AuditLogConfiguration</p> </li> <li> <p>AutomaticBackupRetentionDays</p> </li> <li> <p>DailyAutomaticBackupStartTime</p> </li> <li> <p>SelfManagedActiveDirectoryConfiguration</p> </li> <li> <p>StorageCapacity</p> </li> <li> <p>ThroughputCapacity</p> </li> <li> <p>WeeklyMaintenanceStartTime</p> </li> </ul> <p>For Amazon FSx for Lustre file systems, you can update the following properties:</p> <ul> <li> <p>AutoImportPolicy</p> </li> <li> <p>AutomaticBackupRetentionDays</p> </li> <li> <p>DailyAutomaticBackupStartTime</p> </li> <li> <p>DataCompressionType</p> </li> <li> <p>StorageCapacity</p> </li> <li> <p>WeeklyMaintenanceStartTime</p> </li> </ul> <p>For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:</p> <ul> <li> <p>AutomaticBackupRetentionDays</p> </li> <li> <p>DailyAutomaticBackupStartTime</p> </li> <li> <p>FsxAdminPassword</p> </li> <li> <p>WeeklyMaintenanceStartTime</p> </li> </ul>"
+      "documentation":"<p>Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.</p> <p>For Amazon FSx for Windows File Server file systems, you can update the following properties:</p> <ul> <li> <p> <code>AuditLogConfiguration</code> </p> </li> <li> <p> <code>AutomaticBackupRetentionDays</code> </p> </li> <li> <p> <code>DailyAutomaticBackupStartTime</code> </p> </li> <li> <p> <code>SelfManagedActiveDirectoryConfiguration</code> </p> </li> <li> <p> <code>StorageCapacity</code> </p> </li> <li> <p> <code>ThroughputCapacity</code> </p> </li> <li> <p> <code>WeeklyMaintenanceStartTime</code> </p> </li> </ul> <p>For Amazon FSx for Lustre file systems, you can update the following properties:</p> <ul> <li> <p> <code>AutoImportPolicy</code> </p> </li> <li> <p> <code>AutomaticBackupRetentionDays</code> </p> </li> <li> <p> <code>DailyAutomaticBackupStartTime</code> </p> </li> <li> <p> <code>DataCompressionType</code> </p> </li> <li> <p> <code>StorageCapacity</code> </p> </li> <li> <p> <code>WeeklyMaintenanceStartTime</code> </p> </li> </ul> <p>For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:</p> <ul> <li> <p> <code>AutomaticBackupRetentionDays</code> </p> </li> <li> <p> <code>DailyAutomaticBackupStartTime</code> </p> </li> <li> <p> <code>DiskIopsConfiguration</code> </p> </li> <li> <p> <code>FsxAdminPassword</code> </p> </li> <li> <p> <code>StorageCapacity</code> </p> </li> <li> <p> <code>WeeklyMaintenanceStartTime</code> </p> </li> </ul> <p>For the Amazon FSx for OpenZFS file systems, you can update the following properties:</p> <ul> <li> <p> <code>AutomaticBackupRetentionDays</code> </p> </li> <li> <p> <code>CopyTagsToBackups</code> </p> </li> <li> <p> <code>CopyTagsToVolumes</code> </p> </li> <li> <p> <code>DailyAutomaticBackupStartTime</code> </p> </li> <li> <p> <code>ThroughputCapacity</code> </p> </li> <li> <p> <code>WeeklyMaintenanceStartTime</code> </p> </li> </ul>"
+    },
+    "UpdateSnapshot":{
+      "name":"UpdateSnapshot",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateSnapshotRequest"},
+      "output":{"shape":"UpdateSnapshotResponse"},
+      "errors":[
+        {"shape":"BadRequest"},
+        {"shape":"SnapshotNotFound"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>Updates the name of a snapshot. </p>",
+      "idempotent":true
     },
     "UpdateStorageVirtualMachine":{
       "name":"UpdateStorageVirtualMachine",
@@ -495,7 +666,7 @@
         {"shape":"MissingVolumeConfiguration"},
         {"shape":"VolumeNotFound"}
       ],
-      "documentation":"<p>Updates an Amazon FSx for NetApp ONTAP volume's configuration.</p>"
+      "documentation":"<p>Updates the configuration of an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume.</p>"
     }
   },
   "shapes":{
@@ -511,7 +682,7 @@
       "members":{
         "DomainName":{
           "shape":"ActiveDirectoryFullyQualifiedName",
-          "documentation":"<p>The fully qualified domain name of the self-managed AD directory.</p>"
+          "documentation":"<p>The fully qualified domain name of the self-managed Active Directory directory.</p>"
         },
         "ActiveDirectoryId":{
           "shape":"DirectoryId",
@@ -519,7 +690,7 @@
         },
         "ResourceARN":{"shape":"ResourceARN"}
       },
-      "documentation":"<p>The Microsoft AD attributes of the Amazon FSx for Windows File Server file system.</p>"
+      "documentation":"<p>The Microsoft Active Directory attributes of the Amazon FSx for Windows File Server file system.</p>"
     },
     "ActiveDirectoryError":{
       "type":"structure",
@@ -567,24 +738,25 @@
         "AdministrativeActionType":{"shape":"AdministrativeActionType"},
         "ProgressPercent":{
           "shape":"ProgressPercent",
-          "documentation":"<p>Provides the percent complete of a <code>STORAGE_OPTIMIZATION</code> administrative action. Does not apply to any other administrative action type.</p>"
+          "documentation":"<p>The percentage-complete status of a <code>STORAGE_OPTIMIZATION</code> administrative action. Does not apply to any other administrative action type.</p>"
         },
         "RequestTime":{
           "shape":"RequestTime",
-          "documentation":"<p>Time that the administrative action request was received.</p>"
+          "documentation":"<p>The time that the administrative action request was received.</p>"
         },
         "Status":{
           "shape":"Status",
-          "documentation":"<p>Describes the status of the administrative action, as follows:</p> <ul> <li> <p> <code>FAILED</code> - Amazon FSx failed to process the administrative action successfully.</p> </li> <li> <p> <code>IN_PROGRESS</code> - Amazon FSx is processing the administrative action.</p> </li> <li> <p> <code>PENDING</code> - Amazon FSx is waiting to process the administrative action.</p> </li> <li> <p> <code>COMPLETED</code> - Amazon FSx has finished processing the administrative task.</p> </li> <li> <p> <code>UPDATED_OPTIMIZING</code> - For a storage capacity increase update, Amazon FSx has updated the file system with the new storage capacity, and is now performing the storage optimization process. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing storage capacity</a> in the <i>Amazon FSx for Windows File Server User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/managing-storage-capacity.html\">Managing storage and throughput capacity</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p> </li> </ul>"
+          "documentation":"<p>Describes the status of the administrative action, as follows:</p> <ul> <li> <p> <code>FAILED</code> - Amazon FSx failed to process the administrative action successfully.</p> </li> <li> <p> <code>IN_PROGRESS</code> - Amazon FSx is processing the administrative action.</p> </li> <li> <p> <code>PENDING</code> - Amazon FSx is waiting to process the administrative action.</p> </li> <li> <p> <code>COMPLETED</code> - Amazon FSx has finished processing the administrative task.</p> </li> <li> <p> <code>UPDATED_OPTIMIZING</code> - For a storage-capacity increase update, Amazon FSx has updated the file system with the new storage capacity, and is now performing the storage-optimization process. </p> </li> </ul>"
         },
         "TargetFileSystemValues":{
           "shape":"FileSystem",
           "documentation":"<p>Describes the target value for the administration action, provided in the <code>UpdateFileSystem</code> operation. Returned for <code>FILE_SYSTEM_UPDATE</code> administrative actions. </p>"
         },
         "FailureDetails":{"shape":"AdministrativeActionFailureDetails"},
-        "TargetVolumeValues":{"shape":"Volume"}
+        "TargetVolumeValues":{"shape":"Volume"},
+        "TargetSnapshotValues":{"shape":"Snapshot"}
       },
-      "documentation":"<p>Describes a specific Amazon FSx administrative action for the current Windows or Lustre file system.</p>"
+      "documentation":"<p>Describes a specific Amazon FSx administrative action for the current Windows, Lustre, or OpenZFS file system.</p>"
     },
     "AdministrativeActionFailureDetails":{
       "type":"structure",
@@ -598,12 +770,15 @@
     },
     "AdministrativeActionType":{
       "type":"string",
-      "documentation":"<p>Describes the type of administrative action, as follows:</p> <ul> <li> <p> <code>FILE_SYSTEM_UPDATE</code> - A file system update administrative action initiated by the user from the Amazon FSx console, API (UpdateFileSystem), or CLI (update-file-system).</p> </li> <li> <p> <code>STORAGE_OPTIMIZATION</code> - Once the <code>FILE_SYSTEM_UPDATE</code> task to increase a file system's storage capacity completes successfully, a <code>STORAGE_OPTIMIZATION</code> task starts. </p> <ul> <li> <p>For Windows, storage optimization is the process of migrating the file system data to the new, larger disks.</p> </li> <li> <p>For Lustre, storage optimization consists of rebalancing the data across the existing and newly added file servers.</p> </li> </ul> <p>You can track the storage optimization progress using the <code>ProgressPercent</code> property. When <code>STORAGE_OPTIMIZATION</code> completes successfully, the parent <code>FILE_SYSTEM_UPDATE</code> action status changes to <code>COMPLETED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing storage capacity</a> in the <i>Amazon FSx for Windows File Server User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/managing-storage-capacity.html\">Managing storage and throughput capacity</a> in the <i>Amazon FSx for Lustre User Guide</i>. </p> </li> <li> <p> <code>FILE_SYSTEM_ALIAS_ASSOCIATION</code> - A file system update to associate a new DNS alias with the file system. For more information, see .</p> </li> <li> <p> <code>FILE_SYSTEM_ALIAS_DISASSOCIATION</code> - A file system update to disassociate a DNS alias from the file system. For more information, see .</p> </li> </ul>",
+      "documentation":"<p>Describes the type of administrative action, as follows:</p> <ul> <li> <p> <code>FILE_SYSTEM_UPDATE</code> - A file system update administrative action initiated from the Amazon FSx console, API (<code>UpdateFileSystem</code>), or CLI (<code>update-file-system</code>).</p> </li> <li> <p> <code>STORAGE_OPTIMIZATION</code> - After the <code>FILE_SYSTEM_UPDATE</code> task to increase a file system's storage capacity has been completed successfully, a <code>STORAGE_OPTIMIZATION</code> task starts. </p> <ul> <li> <p>For Windows and ONTAP, storage optimization is the process of migrating the file system data to newer larger disks.</p> </li> <li> <p>For Lustre, storage optimization consists of rebalancing the data across the existing and newly added file servers.</p> </li> </ul> <p>You can track the storage-optimization progress using the <code>ProgressPercent</code> property. When <code>STORAGE_OPTIMIZATION</code> has been completed successfully, the parent <code>FILE_SYSTEM_UPDATE</code> action status changes to <code>COMPLETED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing storage capacity</a> in the <i>Amazon FSx for Windows File Server User Guide</i>, <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/managing-storage-capacity.html\">Managing storage and throughput capacity</a> in the <i>Amazon FSx for Lustre User Guide</i>, and <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-storage-capacity.html\">Managing storage capacity and provisioned IOPS</a> in the <i>Amazon FSx for NetApp ONTAP User Guide</i>.</p> </li> <li> <p> <code>FILE_SYSTEM_ALIAS_ASSOCIATION</code> - A file system update to associate a new Domain Name System (DNS) alias with the file system. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_AssociateFileSystemAliases.html\"> AssociateFileSystemAliases</a>.</p> </li> <li> <p> <code>FILE_SYSTEM_ALIAS_DISASSOCIATION</code> - A file system update to disassociate a DNS alias from the file system. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/APIReference/API_DisassociateFileSystemAliases.html\">DisassociateFileSystemAliases</a>.</p> </li> <li> <p> <code>VOLUME_UPDATE</code> - A volume update to an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume initiated from the Amazon FSx console, API (<code>UpdateVolume</code>), or CLI (<code>update-volume</code>).</p> </li> <li> <p> <code>SNAPSHOT_UPDATE</code> - A snapshot update to an Amazon FSx for OpenZFS volume initiated from the Amazon FSx console, API (<code>UpdateSnapshot</code>), or CLI (<code>update-snapshot</code>).</p> </li> <li> <p> <code>RELEASE_NFS_V3_LOCKS</code> - Tracks the release of Network File System (NFS) V3 locks on an Amazon FSx for OpenZFS file system. </p> </li> </ul>",
       "enum":[
         "FILE_SYSTEM_UPDATE",
         "STORAGE_OPTIMIZATION",
         "FILE_SYSTEM_ALIAS_ASSOCIATION",
-        "FILE_SYSTEM_ALIAS_DISASSOCIATION"
+        "FILE_SYSTEM_ALIAS_DISASSOCIATION",
+        "VOLUME_UPDATE",
+        "SNAPSHOT_UPDATE",
+        "RELEASE_NFS_V3_LOCKS"
       ]
     },
     "AdministrativeActions":{
@@ -690,17 +865,38 @@
       },
       "documentation":"<p>The system generated response showing the DNS aliases that Amazon FSx is attempting to associate with the file system. Use the API operation to monitor the status of the aliases Amazon FSx is associating with the file system. It can take up to 2.5 minutes for the alias status to change from <code>CREATING</code> to <code>AVAILABLE</code>. </p>"
     },
+    "AutoExportPolicy":{
+      "type":"structure",
+      "members":{
+        "Events":{
+          "shape":"EventTypes",
+          "documentation":"<p>The <code>AutoExportPolicy</code> can have the following event values:</p> <ul> <li> <p> <code>NEW</code> - Amazon FSx automatically exports new files and directories to the data repository as they are added to the file system.</p> </li> <li> <p> <code>CHANGED</code> - Amazon FSx automatically exports changes to files and directories on the file system to the data repository.</p> </li> <li> <p> <code>DELETED</code> - Files and directories are automatically deleted on the data repository when they are deleted on the file system.</p> </li> </ul> <p>You can define any combination of event types for your <code>AutoExportPolicy</code>.</p>"
+        }
+      },
+      "documentation":"<p>Describes a data repository association's automatic export policy. The <code>AutoExportPolicy</code> defines the types of updated objects on the file system that will be automatically exported to the data repository. As you create, modify, or delete files, Amazon FSx automatically exports the defined changes asynchronously once your application finishes modifying the file.</p> <p>This <code>AutoExportPolicy</code> is supported only for file systems with the <code>Persistent_2</code> deployment type.</p>"
+    },
+    "AutoImportPolicy":{
+      "type":"structure",
+      "members":{
+        "Events":{
+          "shape":"EventTypes",
+          "documentation":"<p>The <code>AutoImportPolicy</code> can have the following event values:</p> <ul> <li> <p> <code>NEW</code> - Amazon FSx automatically imports metadata of files added to the linked S3 bucket that do not currently exist in the FSx file system.</p> </li> <li> <p> <code>CHANGED</code> - Amazon FSx automatically updates file metadata and invalidates existing file content on the file system as files change in the data repository.</p> </li> <li> <p> <code>DELETED</code> - Amazon FSx automatically deletes files on the file system as corresponding files are deleted in the data repository.</p> </li> </ul> <p>You can define any combination of event types for your <code>AutoImportPolicy</code>.</p>"
+        }
+      },
+      "documentation":"<p>Describes the data repository association's automatic import policy. The AutoImportPolicy defines how Amazon FSx keeps your file metadata and directory listings up to date by importing changes to your file system as you modify objects in a linked S3 bucket.</p> <p>This <code>AutoImportPolicy</code> is supported only for file systems with the <code>Persistent_2</code> deployment type.</p>"
+    },
     "AutoImportPolicyType":{
       "type":"string",
       "enum":[
         "NONE",
         "NEW",
-        "NEW_CHANGED"
+        "NEW_CHANGED",
+        "NEW_CHANGED_DELETED"
       ]
     },
     "AutomaticBackupRetentionDays":{
       "type":"integer",
-      "documentation":"<p>The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. The default is 0.</p>",
+      "documentation":"<p>The number of days to retain automatic backups. Setting this property to <code>0</code> disables automatic backups. You can retain automatic backups for a maximum of 90 days. The default is <code>0</code>.</p>",
       "max":90,
       "min":0
     },
@@ -720,15 +916,15 @@
         },
         "Lifecycle":{
           "shape":"BackupLifecycle",
-          "documentation":"<p>The lifecycle status of the backup.</p> <ul> <li> <p> <code>AVAILABLE</code> - The backup is fully available.</p> </li> <li> <p> <code>PENDING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx has not started creating the backup.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the backup.</p> </li> <li> <p> <code>TRANSFERRING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx is transferring the backup to S3.</p> </li> <li> <p> <code>COPYING</code> - Amazon FSx is copying the backup.</p> </li> <li> <p> <code>DELETED</code> - Amazon FSx deleted the backup and it is no longer available.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx could not complete the backup.</p> </li> </ul>"
+          "documentation":"<p>The lifecycle status of the backup.</p> <ul> <li> <p> <code>AVAILABLE</code> - The backup is fully available.</p> </li> <li> <p> <code>PENDING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx hasn't started creating the backup.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the backup.</p> </li> <li> <p> <code>TRANSFERRING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx is transferring the backup to Amazon S3.</p> </li> <li> <p> <code>COPYING</code> - Amazon FSx is copying the backup.</p> </li> <li> <p> <code>DELETED</code> - Amazon FSx deleted the backup and it's no longer available.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx couldn't finish the backup.</p> </li> </ul>"
         },
         "FailureDetails":{
           "shape":"BackupFailureDetails",
-          "documentation":"<p>Details explaining any failures that occur when creating a backup.</p>"
+          "documentation":"<p>Details explaining any failures that occurred when creating a backup.</p>"
         },
         "Type":{
           "shape":"BackupType",
-          "documentation":"<p>The type of the file system backup.</p>"
+          "documentation":"<p>The type of the file-system backup.</p>"
         },
         "ProgressPercent":{"shape":"ProgressPercent"},
         "CreationTime":{
@@ -745,15 +941,15 @@
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>Tags associated with a particular file system.</p>"
+          "documentation":"<p>The tags associated with a particular file system.</p>"
         },
         "FileSystem":{
           "shape":"FileSystem",
-          "documentation":"<p>Metadata of the file system associated with the backup. This metadata is persisted even if the file system is deleted.</p>"
+          "documentation":"<p>The metadata of the file system associated with the backup. This metadata is persisted even if the file system is deleted.</p>"
         },
         "DirectoryInformation":{
           "shape":"ActiveDirectoryBackupAttributes",
-          "documentation":"<p>The configuration of the self-managed Microsoft Active Directory (AD) to which the Windows File Server instance is joined.</p>"
+          "documentation":"<p>The configuration of the self-managed Microsoft Active Directory directory to which the Windows File Server instance is joined.</p>"
         },
         "OwnerId":{"shape":"AWSAccountId"},
         "SourceBackupId":{"shape":"BackupId"},
@@ -763,11 +959,11 @@
         },
         "ResourceType":{
           "shape":"ResourceType",
-          "documentation":"<p>Specifies the resource type that is backed up.</p>"
+          "documentation":"<p>Specifies the resource type that's backed up.</p>"
         },
         "Volume":{"shape":"Volume"}
       },
-      "documentation":"<p>A backup of an Amazon FSx for Windows File Server or Amazon FSx for Lustre file system, or of an Amazon FSx for NetApp ONTAP volume.</p>"
+      "documentation":"<p>A backup of an Amazon FSx for Windows File Server, Amazon FSx for Lustre file system, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS file system.</p>"
     },
     "BackupBeingCopied":{
       "type":"structure",
@@ -783,14 +979,14 @@
       "members":{
         "Message":{
           "shape":"ErrorMessage",
-          "documentation":"<p>A message describing the backup creation failure.</p>"
+          "documentation":"<p>A message describing the backup-creation failure.</p>"
         }
       },
       "documentation":"<p>If backup creation fails, this structure contains the details of that failure.</p>"
     },
     "BackupId":{
       "type":"string",
-      "documentation":"<p>The ID of the source backup. Specifies the backup you are copying.</p>",
+      "documentation":"<p>The ID of the source backup. Specifies the backup that you are copying.</p>",
       "max":128,
       "min":12,
       "pattern":"^(backup-[0-9a-f]{8,})$"
@@ -811,7 +1007,7 @@
     },
     "BackupLifecycle":{
       "type":"string",
-      "documentation":"<p>The lifecycle status of the backup.</p> <ul> <li> <p> <code>AVAILABLE</code> - The backup is fully available.</p> </li> <li> <p> <code>PENDING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx has not started creating the backup.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new user-intiated backup</p> </li> <li> <p> <code>TRANSFERRING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx is backing up the file system.</p> </li> <li> <p> <code>COPYING</code> - Amazon FSx is copying the backup.</p> </li> <li> <p> <code>DELETED</code> - Amazon FSx deleted the backup and it is no longer available.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx could not complete the backup.</p> </li> </ul>",
+      "documentation":"<p>The lifecycle status of the backup.</p> <ul> <li> <p> <code>AVAILABLE</code> - The backup is fully available.</p> </li> <li> <p> <code>PENDING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx hasn't started creating the backup.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new user-initiated backup.</p> </li> <li> <p> <code>TRANSFERRING</code> - For user-initiated backups on Lustre file systems only; Amazon FSx is backing up the file system.</p> </li> <li> <p> <code>COPYING</code> - Amazon FSx is copying the backup.</p> </li> <li> <p> <code>DELETED</code> - Amazon FSx deleted the backup and it's no longer available.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx couldn't finish the backup.</p> </li> </ul>",
       "enum":[
         "AVAILABLE",
         "CREATING",
@@ -865,6 +1061,7 @@
       "documentation":"<p>A generic error indicating a failure with a client request.</p>",
       "exception":true
     },
+    "BatchImportMetaDataOnCreate":{"type":"boolean"},
     "CancelDataRepositoryTaskRequest":{
       "type":"structure",
       "required":["TaskId"],
@@ -934,16 +1131,16 @@
         },
         "SourceBackupId":{
           "shape":"SourceBackupId",
-          "documentation":"<p>The ID of the source backup. Specifies the ID of the backup that is being copied.</p>"
+          "documentation":"<p>The ID of the source backup. Specifies the ID of the backup that's being copied.</p>"
         },
         "SourceRegion":{
           "shape":"Region",
-          "documentation":"<p>The source Amazon Web Services Region of the backup. Specifies the Amazon Web Services Region from which the backup is being copied. The source and destination Regions must be in the same Amazon Web Services partition. If you don't specify a Region, it defaults to the Region where the request is sent from (in-Region copy).</p>"
+          "documentation":"<p>The source Amazon Web Services Region of the backup. Specifies the Amazon Web Services Region from which the backup is being copied. The source and destination Regions must be in the same Amazon Web Services partition. If you don't specify a Region, <code>SourceRegion</code> defaults to the Region where the request is sent from (in-Region copy).</p>"
         },
         "KmsKeyId":{"shape":"KmsKeyId"},
         "CopyTags":{
           "shape":"Flag",
-          "documentation":"<p>A boolean flag indicating whether tags from the source backup should be copied to the backup copy. This value defaults to false.</p> <p>If you set <code>CopyTags</code> to true and the source backup has existing tags, you can use the <code>Tags</code> parameter to create new tags, provided that the sum of the source backup tags and the new tags doesn't exceed 50. Both sets of tags are merged. If there are tag conflicts (for example, two tags with the same key but different values), the tags created with the <code>Tags</code> parameter take precedence.</p>"
+          "documentation":"<p>A Boolean flag indicating whether tags from the source backup should be copied to the backup copy. This value defaults to <code>false</code>.</p> <p>If you set <code>CopyTags</code> to <code>true</code> and the source backup has existing tags, you can use the <code>Tags</code> parameter to create new tags, provided that the sum of the source backup tags and the new tags doesn't exceed 50. Both sets of tags are merged. If there are tag conflicts (for example, two tags with the same key but different values), the tags created with the <code>Tags</code> parameter take precedence.</p>"
         },
         "Tags":{"shape":"Tags"}
       }
@@ -968,11 +1165,11 @@
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>(Optional) The tags to apply to the backup at backup creation. The key value of the <code>Name</code> tag appears in the console as the backup name. If you have set <code>CopyTagsToBackups</code> to true, and you specify one or more tags using the <code>CreateBackup</code> action, no existing file system tags are copied from the file system to the backup.</p>"
+          "documentation":"<p>(Optional) The tags to apply to the backup at backup creation. The key value of the <code>Name</code> tag appears in the console as the backup name. If you have set <code>CopyTagsToBackups</code> to <code>true</code>, and you specify one or more tags using the <code>CreateBackup</code> operation, no existing file system tags are copied from the file system to the backup.</p>"
         },
         "VolumeId":{
           "shape":"VolumeId",
-          "documentation":"<p>The ID of he FSx for NetApp ONTAP volume to back up.</p>"
+          "documentation":"<p>(Optional) The ID of the FSx for ONTAP volume to back up.</p>"
         }
       },
       "documentation":"<p>The request object for the <code>CreateBackup</code> operation.</p>"
@@ -987,6 +1184,51 @@
       },
       "documentation":"<p>The response object for the <code>CreateBackup</code> operation.</p>"
     },
+    "CreateDataRepositoryAssociationRequest":{
+      "type":"structure",
+      "required":[
+        "FileSystemId",
+        "FileSystemPath",
+        "DataRepositoryPath"
+      ],
+      "members":{
+        "FileSystemId":{"shape":"FileSystemId"},
+        "FileSystemPath":{
+          "shape":"Namespace",
+          "documentation":"<p>A path on the file system that points to a high-level directory (such as <code>/ns1/</code>) or subdirectory (such as <code>/ns1/subdir/</code>) that will be mapped 1-1 with <code>DataRepositoryPath</code>. The leading forward slash in the name is required. Two data repository associations cannot have overlapping file system paths. For example, if a data repository is associated with file system path <code>/ns1/</code>, then you cannot link another data repository with file system path <code>/ns1/ns2</code>.</p> <p>This path specifies where in your file system files will be exported from or imported to. This file system directory can be linked to only one Amazon S3 bucket, and no other S3 bucket can be linked to the directory.</p>"
+        },
+        "DataRepositoryPath":{
+          "shape":"ArchivePath",
+          "documentation":"<p>The path to the Amazon S3 data repository that will be linked to the file system. The path can be an S3 bucket or prefix in the format <code>s3://myBucket/myPrefix/</code>. This path specifies where in the S3 data repository files will be imported from or exported to.</p>"
+        },
+        "BatchImportMetaDataOnCreate":{
+          "shape":"BatchImportMetaDataOnCreate",
+          "documentation":"<p>Set to <code>true</code> to run an import data repository task to import metadata from the data repository to the file system after the data repository association is created. Default is <code>false</code>.</p>"
+        },
+        "ImportedFileChunkSize":{
+          "shape":"Megabytes",
+          "documentation":"<p>For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system.</p> <p>The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.</p>"
+        },
+        "S3":{
+          "shape":"S3DataRepositoryConfiguration",
+          "documentation":"<p>The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository.</p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "Tags":{"shape":"Tags"}
+      }
+    },
+    "CreateDataRepositoryAssociationResponse":{
+      "type":"structure",
+      "members":{
+        "Association":{
+          "shape":"DataRepositoryAssociation",
+          "documentation":"<p>The response object returned after the data repository association is created.</p>"
+        }
+      }
+    },
     "CreateDataRepositoryTaskRequest":{
       "type":"structure",
       "required":[
@@ -1039,11 +1281,11 @@
         },
         "SubnetIds":{
           "shape":"SubnetIds",
-          "documentation":"<p>Specifies the IDs of the subnets that the file system will be accessible from. For Windows <code>MULTI_AZ_1</code> file system deployment types, provide exactly two subnet IDs, one for the preferred file server and one for the standby file server. You specify one of these subnets as the preferred subnet using the <code>WindowsConfiguration &gt; PreferredSubnetID</code> property.</p> <p>For Windows <code>SINGLE_AZ_1</code> and <code>SINGLE_AZ_2</code> deployment types and Lustre file systems, provide exactly one subnet ID. The file server is launched in that subnet's Availability Zone.</p>"
+          "documentation":"<p>Specifies the IDs of the subnets that the file system will be accessible from. For Windows <code>MULTI_AZ_1</code> file system deployment types, provide exactly two subnet IDs, one for the preferred file server and one for the standby file server. You specify one of these subnets as the preferred subnet using the <code>WindowsConfiguration &gt; PreferredSubnetID</code> property.</p> <p>Windows <code>SINGLE_AZ_1</code> and <code>SINGLE_AZ_2</code> file system deployment types, Lustre file systems, and OpenZFS file systems provide exactly one subnet ID. The file server is launched in that subnet's Availability Zone.</p>"
         },
         "SecurityGroupIds":{
           "shape":"SecurityGroupIds",
-          "documentation":"<p>A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups apply to all network interfaces. This value isn't returned in later DescribeFileSystem requests.</p>"
+          "documentation":"<p>A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups apply to all network interfaces. This value isn't returned in later <code>DescribeFileSystem</code> requests.</p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -1056,12 +1298,16 @@
         "LustreConfiguration":{"shape":"CreateFileSystemLustreConfiguration"},
         "StorageType":{
           "shape":"StorageType",
-          "documentation":"<p>Sets the storage type for the Windows file system you're creating from a backup. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. Supported on all Windows deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. Supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> Windows file system deployment types. </p> </li> </ul> <p> Default value is <code>SSD</code>. </p> <note> <p>HDD and SSD storage types have different minimum storage capacity requirements. A restored file system's storage capacity is tied to the file system that was backed up. You can create a file system that uses HDD storage from a backup of a file system that used SSD storage only if the original SSD file system had a storage capacity of at least 2000 GiB. </p> </note>"
+          "documentation":"<p>Sets the storage type for the Windows or OpenZFS file system that you're creating from a backup. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. SSD is supported on all Windows and OpenZFS deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. HDD is supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> FSx for Windows File Server file system deployment types.</p> </li> </ul> <p> The default value is <code>SSD</code>. </p> <note> <p>HDD and SSD storage types have different minimum storage capacity requirements. A restored file system's storage capacity is tied to the file system that was backed up. You can create a file system that uses HDD storage from a backup of a file system that used SSD storage if the original SSD file system had a storage capacity of at least 2000 GiB.</p> </note>"
         },
         "KmsKeyId":{"shape":"KmsKeyId"},
         "FileSystemTypeVersion":{
           "shape":"FileSystemTypeVersion",
-          "documentation":"<p>Sets the version for the Amazon FSx for Lustre file system you're creating from a backup. Valid values are <code>2.10</code> and <code>2.12</code>.</p> <p>You don't need to specify <code>FileSystemTypeVersion</code> because it will be applied using the backup's <code>FileSystemTypeVersion</code> setting. If you choose to specify <code>FileSystemTypeVersion</code> when creating from backup, the value must match the backup's <code>FileSystemTypeVersion</code> setting.</p>"
+          "documentation":"<p>Sets the version for the Amazon FSx for Lustre file system that you're creating from a backup. Valid values are <code>2.10</code> and <code>2.12</code>.</p> <p>You don't need to specify <code>FileSystemTypeVersion</code> because it will be applied using the backup's <code>FileSystemTypeVersion</code> setting. If you choose to specify <code>FileSystemTypeVersion</code> when creating from backup, the value must match the backup's <code>FileSystemTypeVersion</code> setting.</p>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"CreateFileSystemOpenZFSConfiguration",
+          "documentation":"<p>The OpenZFS configuration for the file system that's being created. </p>"
         }
       },
       "documentation":"<p>The request object for the <code>CreateFileSystemFromBackup</code> operation.</p>"
@@ -1085,44 +1331,48 @@
         },
         "ImportPath":{
           "shape":"ArchivePath",
-          "documentation":"<p>(Optional) The path to the Amazon S3 bucket (including the optional prefix) that you're using as the data repository for your Amazon FSx for Lustre file system. The root of your FSx for Lustre file system will be mapped to the root of the Amazon S3 bucket you select. An example is <code>s3://import-bucket/optional-prefix</code>. If you specify a prefix after the Amazon S3 bucket name, only object keys with that prefix are loaded into the file system.</p>"
+          "documentation":"<p>(Optional) The path to the Amazon S3 bucket (including the optional prefix) that you're using as the data repository for your Amazon FSx for Lustre file system. The root of your FSx for Lustre file system will be mapped to the root of the Amazon S3 bucket you select. An example is <code>s3://import-bucket/optional-prefix</code>. If you specify a prefix after the Amazon S3 bucket name, only object keys with that prefix are loaded into the file system.</p> <note> <p>This parameter is not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use <code>CreateDataRepositoryAssociation</code> to create a data repository association to link your Lustre file system to a data repository.</p> </note>"
         },
         "ExportPath":{
           "shape":"ArchivePath",
-          "documentation":"<p>(Optional) The path in Amazon S3 where the root of your Amazon FSx file system is exported. The path must use the same Amazon S3 bucket as specified in ImportPath. You can provide an optional prefix to which new and changed data is to be exported from your Amazon FSx for Lustre file system. If an <code>ExportPath</code> value is not provided, Amazon FSx sets a default export path, <code>s3://import-bucket/FSxLustre[creation-timestamp]</code>. The timestamp is in UTC format, for example <code>s3://import-bucket/FSxLustre20181105T222312Z</code>.</p> <p>The Amazon S3 export bucket must be the same as the import bucket specified by <code>ImportPath</code>. If you only specify a bucket name, such as <code>s3://import-bucket</code>, you get a 1:1 mapping of file system objects to S3 bucket objects. This mapping means that the input data in S3 is overwritten on export. If you provide a custom prefix in the export path, such as <code>s3://import-bucket/[custom-optional-prefix]</code>, Amazon FSx exports the contents of your file system to that export prefix in the Amazon S3 bucket.</p>"
+          "documentation":"<p>(Optional) Available with <code>Scratch</code> and <code>Persistent_1</code> deployment types. Specifies the path in the Amazon S3 bucket where the root of your Amazon FSx file system is exported. The path must use the same Amazon S3 bucket as specified in ImportPath. You can provide an optional prefix to which new and changed data is to be exported from your Amazon FSx for Lustre file system. If an <code>ExportPath</code> value is not provided, Amazon FSx sets a default export path, <code>s3://import-bucket/FSxLustre[creation-timestamp]</code>. The timestamp is in UTC format, for example <code>s3://import-bucket/FSxLustre20181105T222312Z</code>.</p> <p>The Amazon S3 export bucket must be the same as the import bucket specified by <code>ImportPath</code>. If you specify only a bucket name, such as <code>s3://import-bucket</code>, you get a 1:1 mapping of file system objects to S3 bucket objects. This mapping means that the input data in S3 is overwritten on export. If you provide a custom prefix in the export path, such as <code>s3://import-bucket/[custom-optional-prefix]</code>, Amazon FSx exports the contents of your file system to that export prefix in the Amazon S3 bucket.</p> <note> <p>This parameter is not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use <code>CreateDataRepositoryAssociation</code> to create a data repository association to link your Lustre file system to a data repository.</p> </note>"
         },
         "ImportedFileChunkSize":{
           "shape":"Megabytes",
-          "documentation":"<p>(Optional) For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system.</p> <p>The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.</p>"
+          "documentation":"<p>(Optional) For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system.</p> <p>The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.</p> <p>This parameter is not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use <code>CreateDataRepositoryAssociation</code> to create a data repository association to link your Lustre file system to a data repository.</p>"
         },
         "DeploymentType":{
           "shape":"LustreDeploymentType",
-          "documentation":"<p> Choose <code>SCRATCH_1</code> and <code>SCRATCH_2</code> deployment types when you need temporary storage and shorter-term processing of data. The <code>SCRATCH_2</code> deployment type provides in-transit encryption of data and higher burst throughput capacity than <code>SCRATCH_1</code>.</p> <p>Choose <code>PERSISTENT_1</code> deployment type for longer-term storage and workloads and encryption of data in transit. To learn more about deployment types, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/lustre-deployment-types.html\"> FSx for Lustre Deployment Options</a>.</p> <p>Encryption of data in-transit is automatically enabled when you access a <code>SCRATCH_2</code> or <code>PERSISTENT_1</code> file system from Amazon EC2 instances that <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data- protection.html\">support this feature</a>. (Default = <code>SCRATCH_1</code>) </p> <p>Encryption of data in-transit for <code>SCRATCH_2</code> and <code>PERSISTENT_1</code> deployment types is supported when accessed from supported instance types in supported Amazon Web Services Regions. To learn more, <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/encryption-in-transit-fsxl.html\">Encrypting Data in Transit</a>.</p>"
+          "documentation":"<p>(Optional) Choose <code>SCRATCH_1</code> and <code>SCRATCH_2</code> deployment types when you need temporary storage and shorter-term processing of data. The <code>SCRATCH_2</code> deployment type provides in-transit encryption of data and higher burst throughput capacity than <code>SCRATCH_1</code>.</p> <p>Choose <code>PERSISTENT_1</code> for longer-term storage and for throughput-focused workloads that aren’t latency-sensitive. <code>PERSISTENT_1</code> supports encryption of data in transit, and is available in all Amazon Web Services Regions in which FSx for Lustre is available.</p> <p>Choose <code>PERSISTENT_2</code> for longer-term storage and for latency-sensitive workloads that require the highest levels of IOPS/throughput. <code>PERSISTENT_2</code> supports SSD storage, and offers higher <code>PerUnitStorageThroughput</code> (up to 1000 MB/s/TiB). <code>PERSISTENT_2</code> is available in a limited number of Amazon Web Services Regions. For more information, and an up-to-date list of Amazon Web Services Regions in which <code>PERSISTENT_2</code> is available, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-fsx-lustre.html#lustre-deployment-types\">File system deployment options for FSx for Lustre</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p> <note> <p>If you choose <code>PERSISTENT_2</code>, and you set <code>FileSystemTypeVersion</code> to <code>2.10</code>, the <code>CreateFileSystem</code> operation fails.</p> </note> <p>Encryption of data in transit is automatically turned on when you access <code>SCRATCH_2</code>, <code>PERSISTENT_1</code> and <code>PERSISTENT_2</code> file systems from Amazon EC2 instances that <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/data- protection.html\">support automatic encryption</a> in the Amazon Web Services Regions where they are available. For more information about encryption in transit for FSx for Lustre file systems, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/encryption-in-transit-fsxl.html\">Encrypting data in transit</a> in the <i>Amazon FSx for Lustre User Guide</i>. </p> <p>(Default = <code>SCRATCH_1</code>)</p>"
         },
         "AutoImportPolicy":{
           "shape":"AutoImportPolicyType",
-          "documentation":"<p> (Optional) When you create your file system, your existing S3 objects appear as file and directory listings. Use this property to choose how Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update file and directory listings for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option. </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html\">Automatically import updates from your S3 bucket</a>.</p>"
+          "documentation":"<p> (Optional) Available with <code>Scratch</code> and <code>Persistent_1</code> deployment types. When you create your file system, your existing S3 objects appear as file and directory listings. Use this property to choose how Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update file and directory listings for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option.</p> </li> <li> <p> <code>NEW_CHANGED_DELETED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket, any existing objects that are changed in the S3 bucket, and any objects that were deleted in the S3 bucket.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html\"> Automatically import updates from your S3 bucket</a>.</p> <note> <p>This parameter is not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use <code>CreateDataRepositoryAssociation\"</code> to create a data repository association to link your Lustre file system to a data repository.</p> </note>"
         },
         "PerUnitStorageThroughput":{
           "shape":"PerUnitStorageThroughput",
-          "documentation":"<p> Required for the <code>PERSISTENT_1</code> deployment type, describes the amount of read and write throughput for each 1 tebibyte of storage, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the PerUnitStorageThroughput (MB/s/TiB). For a 2.4 TiB file system, provisioning 50 MB/s/TiB of PerUnitStorageThroughput yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision. </p> <p>Valid values for SSD storage: 50, 100, 200. Valid values for HDD storage: 12, 40.</p>"
+          "documentation":"<p>Required with <code>PERSISTENT_1</code> and <code>PERSISTENT_2</code> deployment types, provisions the amount of read and write throughput for each 1 tebibyte (TiB) of file system storage capacity, in MB/s/TiB. File system throughput capacity is calculated by multiplying file system storage capacity (TiB) by the <code>PerUnitStorageThroughput</code> (MB/s/TiB). For a 2.4-TiB file system, provisioning 50 MB/s/TiB of <code>PerUnitStorageThroughput</code> yields 120 MB/s of file system throughput. You pay for the amount of throughput that you provision. </p> <p>Valid values:</p> <ul> <li> <p>For <code>PERSISTENT_1</code> SSD storage: 50, 100, 200 MB/s/TiB.</p> </li> <li> <p>For <code>PERSISTENT_1</code> HDD storage: 12, 40 MB/s/TiB.</p> </li> <li> <p>For <code>PERSISTENT_2</code> SSD storage: 125, 250, 500, 1000 MB/s/TiB.</p> </li> </ul>"
         },
         "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
         "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
         "CopyTagsToBackups":{
           "shape":"Flag",
-          "documentation":"<p>(Optional) Not available to use with file systems that are linked to a data repository. A boolean flag indicating whether tags for the file system should be copied to backups. The default value is false. If it's set to true, all file system tags are copied to all automatic and user-initiated backups when the user doesn't specify any backup-specific tags. If this value is true, and you specify one or more backup tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html\">Working with backups</a>.</p>"
+          "documentation":"<p>(Optional) Not available for use with file systems that are linked to a data repository. A boolean flag indicating whether tags for the file system should be copied to backups. The default value is false. If <code>CopyTagsToBackups</code> is set to true, all file system tags are copied to all automatic and user-initiated backups when the user doesn't specify any backup-specific tags. If <code>CopyTagsToBackups</code> is set to true and you specify one or more backup tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value.</p> <p>(Default = <code>false</code>)</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html\"> Working with backups</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p>"
         },
         "DriveCacheType":{
           "shape":"DriveCacheType",
-          "documentation":"<p>The type of drive cache used by PERSISTENT_1 file systems that are provisioned with HDD storage devices. This parameter is required when storage type is HDD. Set to <code>READ</code>, improve the performance for frequently accessed files and allows 20% of the total storage capacity of the file system to be cached. </p> <p>This parameter is required when <code>StorageType</code> is set to HDD.</p>"
+          "documentation":"<p>The type of drive cache used by <code>PERSISTENT_1</code> file systems that are provisioned with HDD storage devices. This parameter is required when storage type is HDD. Set this property to <code>READ</code> to improve the performance for frequently accessed files by caching up to 20% of the total storage capacity of the file system.</p> <p>This parameter is required when <code>StorageType</code> is set to <code>HDD</code>.</p>"
         },
         "DataCompressionType":{
           "shape":"DataCompressionType",
-          "documentation":"<p>Sets the data compression configuration for the file system. <code>DataCompressionType</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) Data compression is turned off when the file system is created.</p> </li> <li> <p> <code>LZ4</code> - Data compression is turned on with the LZ4 algorithm.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-compression.html\">Lustre data compression</a>.</p>"
+          "documentation":"<p>Sets the data compression configuration for the file system. <code>DataCompressionType</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) Data compression is turned off when the file system is created.</p> </li> <li> <p> <code>LZ4</code> - Data compression is turned on with the LZ4 algorithm.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-compression.html\">Lustre data compression</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p>"
+        },
+        "LogConfiguration":{
+          "shape":"LustreLogCreateConfiguration",
+          "documentation":"<p>The Lustre logging configuration used when creating an Amazon FSx for Lustre file system. When logging is enabled, Lustre logs error and warning events for data repositories associated with your file system to Amazon CloudWatch Logs.</p>"
         }
       },
-      "documentation":"<p>The Lustre configuration for the file system being created. </p>"
+      "documentation":"<p>The Lustre configuration for the file system being created.</p> <note> <p>The following parameters are not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use <code>CreateDataRepositoryAssociation</code> to create a data repository association to link your Lustre file system to a data repository.</p> <ul> <li> <p> <code>AutoImportPolicy</code> </p> </li> <li> <p> <code>ExportPath</code> </p> </li> <li> <p> <code>ImportedChunkSize</code> </p> </li> <li> <p> <code>ImportPath</code> </p> </li> </ul> </note>"
     },
     "CreateFileSystemOntapConfiguration":{
       "type":"structure",
@@ -1135,7 +1385,7 @@
         "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
         "DeploymentType":{
           "shape":"OntapDeploymentType",
-          "documentation":"<p>Specifies the ONTAP file system deployment type to use in creating the file system.</p>"
+          "documentation":"<p>Specifies the FSx for ONTAP file system deployment type to use in creating the file system. <code>MULTI_AZ_1</code> is the supported ONTAP deployment type.</p>"
         },
         "EndpointIpAddressRange":{
           "shape":"IpAddressRange",
@@ -1143,21 +1393,61 @@
         },
         "FsxAdminPassword":{
           "shape":"AdminPassword",
-          "documentation":"<p>The ONTAP administrative password for the <code>fsxadmin</code> user that you can use to administer your file system using the ONTAP CLI and REST API.</p>"
+          "documentation":"<p>The ONTAP administrative password for the <code>fsxadmin</code> user with which you administer your file system using the NetApp ONTAP CLI and REST API.</p>"
         },
         "DiskIopsConfiguration":{
           "shape":"DiskIopsConfiguration",
-          "documentation":"<p>The SSD IOPS configuration for the Amazon FSx for NetApp ONTAP file system.</p>"
+          "documentation":"<p>The SSD IOPS configuration for the FSx for ONTAP file system.</p>"
+        },
+        "PreferredSubnetId":{
+          "shape":"SubnetId",
+          "documentation":"<p>Required when <code>DeploymentType</code> is set to <code>MULTI_AZ_1</code>. This specifies the subnet in which you want the preferred file server to be located.</p>"
         },
-        "PreferredSubnetId":{"shape":"SubnetId"},
         "RouteTableIds":{
           "shape":"RouteTableIds",
-          "documentation":"<p>Specifies the VPC route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.</p>"
+          "documentation":"<p>Specifies the virtual private cloud (VPC) route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.</p>"
+        },
+        "ThroughputCapacity":{
+          "shape":"MegabytesPerSecond",
+          "documentation":"<p>Sets the throughput capacity for the file system that you're creating. Valid values are 128, 256, 512, 1024, and 2048 MBps.</p>"
         },
-        "ThroughputCapacity":{"shape":"MegabytesPerSecond"},
         "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}
       },
-      "documentation":"<p>The ONTAP configuration properties of the FSx for NetApp ONTAP file system that you are creating.</p>"
+      "documentation":"<p>The ONTAP configuration properties of the FSx for ONTAP file system that you are creating.</p>"
+    },
+    "CreateFileSystemOpenZFSConfiguration":{
+      "type":"structure",
+      "required":[
+        "DeploymentType",
+        "ThroughputCapacity"
+      ],
+      "members":{
+        "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
+        "CopyTagsToBackups":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the file system should be copied to backups. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the file system are copied to all automatic and user-initiated backups where the user doesn't specify tags. If this value is <code>true</code>, and you specify one or more tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value.</p>"
+        },
+        "CopyTagsToVolumes":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code>, and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
+        "DeploymentType":{
+          "shape":"OpenZFSDeploymentType",
+          "documentation":"<p>Specifies the file system deployment type. Amazon FSx for OpenZFS supports <code>SINGLE_AZ_1</code>. <code>SINGLE_AZ_1</code> is a file system configured for a single Availability Zone (AZ) of redundancy.</p>"
+        },
+        "ThroughputCapacity":{
+          "shape":"MegabytesPerSecond",
+          "documentation":"<p>Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MB/s). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s. You pay for additional throughput capacity that you provision.</p>"
+        },
+        "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"},
+        "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"},
+        "RootVolumeConfiguration":{
+          "shape":"OpenZFSCreateRootVolumeConfiguration",
+          "documentation":"<p>The configuration Amazon FSx uses when creating the root value of the Amazon FSx for OpenZFS file system. All volumes are children of the root volume. </p>"
+        }
+      },
+      "documentation":"<p>The OpenZFS configuration properties for the file system that you are creating.</p>"
     },
     "CreateFileSystemRequest":{
       "type":"structure",
@@ -1174,19 +1464,19 @@
         },
         "FileSystemType":{
           "shape":"FileSystemType",
-          "documentation":"<p>The type of Amazon FSx file system to create. Valid values are <code>WINDOWS</code>, <code>LUSTRE</code>, and <code>ONTAP</code>.</p>"
+          "documentation":"<p>The type of Amazon FSx file system to create. Valid values are <code>WINDOWS</code>, <code>LUSTRE</code>, <code>ONTAP</code>, and <code>OPENZFS</code>.</p>"
         },
         "StorageCapacity":{
           "shape":"StorageCapacity",
-          "documentation":"<p>Sets the storage capacity of the file system that you're creating.</p> <p>For Lustre file systems:</p> <ul> <li> <p>For <code>SCRATCH_2</code> and <code>PERSISTENT_1 SSD</code> deployment types, valid values are 1200 GiB, 2400 GiB, and increments of 2400 GiB.</p> </li> <li> <p>For <code>PERSISTENT HDD</code> file systems, valid values are increments of 6000 GiB for 12 MB/s/TiB file systems and increments of 1800 GiB for 40 MB/s/TiB file systems.</p> </li> <li> <p>For <code>SCRATCH_1</code> deployment type, valid values are 1200 GiB, 2400 GiB, and increments of 3600 GiB.</p> </li> </ul> <p>For Windows file systems:</p> <ul> <li> <p>If <code>StorageType=SSD</code>, valid values are 32 GiB - 65,536 GiB (64 TiB).</p> </li> <li> <p>If <code>StorageType=HDD</code>, valid values are 2000 GiB - 65,536 GiB (64 TiB).</p> </li> </ul> <p>For ONTAP file systems:</p> <ul> <li> <p>Valid values are 1024 GiB - 196,608 GiB (192 TiB).</p> </li> </ul>"
+          "documentation":"<p>Sets the storage capacity of the file system that you're creating, in gibibytes (GiB).</p> <p> <b>FSx for Lustre file systems</b> - The amount of storage capacity that you can configure depends on the value that you set for <code>StorageType</code> and the Lustre <code>DeploymentType</code>, as follows:</p> <ul> <li> <p>For <code>SCRATCH_2</code>, <code>PERSISTENT_2</code> and <code>PERSISTENT_1</code> deployment types using SSD storage type, the valid values are 1200 GiB, 2400 GiB, and increments of 2400 GiB.</p> </li> <li> <p>For <code>PERSISTENT_1</code> HDD file systems, valid values are increments of 6000 GiB for 12 MB/s/TiB file systems and increments of 1800 GiB for 40 MB/s/TiB file systems.</p> </li> <li> <p>For <code>SCRATCH_1</code> deployment type, valid values are 1200 GiB, 2400 GiB, and increments of 3600 GiB.</p> </li> </ul> <p> <b>FSx for ONTAP file systems</b> - The amount of storage capacity that you can configure is from 1024 GiB up to 196,608 GiB (192 TiB).</p> <p> <b>FSx for OpenZFS file systems</b> - The amount of storage capacity that you can configure is from 64 GiB up to 524,288 GiB (512 TiB).</p> <p> <b>FSx for Windows File Server file systems</b> - The amount of storage capacity that you can configure depends on the value that you set for <code>StorageType</code> as follows:</p> <ul> <li> <p>For SSD storage, valid values are 32 GiB-65,536 GiB (64 TiB).</p> </li> <li> <p>For HDD storage, valid values are 2000 GiB-65,536 GiB (64 TiB).</p> </li> </ul>"
         },
         "StorageType":{
           "shape":"StorageType",
-          "documentation":"<p>Sets the storage type for the file system you're creating. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. SSD is supported on all Windows, Lustre, and ONTAP deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. HDD is supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> Windows file system deployment types, and on <code>PERSISTENT</code> Lustre file system deployment types. </p> </li> </ul> <p> Default value is <code>SSD</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options\"> Storage Type Options</a> in the <i>Amazon FSx for Windows User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options\">Multiple Storage Options</a> in the <i>Amazon FSx for Lustre User Guide</i>. </p>"
+          "documentation":"<p>Sets the storage type for the file system that you're creating. Valid values are <code>SSD</code> and <code>HDD</code>.</p> <ul> <li> <p>Set to <code>SSD</code> to use solid state drive storage. SSD is supported on all Windows, Lustre, ONTAP, and OpenZFS deployment types.</p> </li> <li> <p>Set to <code>HDD</code> to use hard disk drive storage. HDD is supported on <code>SINGLE_AZ_2</code> and <code>MULTI_AZ_1</code> Windows file system deployment types, and on <code>PERSISTENT_1</code> Lustre file system deployment types. </p> </li> </ul> <p>Default value is <code>SSD</code>. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/optimize-fsx-costs.html#storage-type-options\"> Storage type options</a> in the <i>FSx for Windows File Server User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html#storage-options\">Multiple storage options</a> in the <i>FSx for Lustre User Guide</i>. </p>"
         },
         "SubnetIds":{
           "shape":"SubnetIds",
-          "documentation":"<p>Specifies the IDs of the subnets that the file system will be accessible from. For Windows and ONTAP <code>MULTI_AZ_1</code> file system deployment types, provide exactly two subnet IDs, one for the preferred file server and one for the standby file server. You specify one of these subnets as the preferred subnet using the <code>WindowsConfiguration &gt; PreferredSubnetID</code> or <code>OntapConfiguration &gt; PreferredSubnetID</code> properties. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/high-availability-multiAZ.html\"> Availability and durability: Single-AZ and Multi-AZ file systems</a> in the <i>Amazon FSx for Windows User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/high-availability-multiAZ.html\"> Availability and durability</a> in the <i>Amazon FSx for ONTAP User Guide</i>.</p> <p>For Windows <code>SINGLE_AZ_1</code> and <code>SINGLE_AZ_2</code> file system deployment types and Lustre file systems, provide exactly one subnet ID. The file server is launched in that subnet's Availability Zone.</p>"
+          "documentation":"<p>Specifies the IDs of the subnets that the file system will be accessible from. For Windows and ONTAP <code>MULTI_AZ_1</code> deployment types,provide exactly two subnet IDs, one for the preferred file server and one for the standby file server. You specify one of these subnets as the preferred subnet using the <code>WindowsConfiguration &gt; PreferredSubnetID</code> or <code>OntapConfiguration &gt; PreferredSubnetID</code> properties. For more information about Multi-AZ file system configuration, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/high-availability-multiAZ.html\"> Availability and durability: Single-AZ and Multi-AZ file systems</a> in the <i>Amazon FSx for Windows User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/high-availability-multiAZ.html\"> Availability and durability</a> in the <i>Amazon FSx for ONTAP User Guide</i>.</p> <p>For Windows <code>SINGLE_AZ_1</code> and <code>SINGLE_AZ_2</code> and all Lustre deployment types, provide exactly one subnet ID. The file server is launched in that subnet's Availability Zone.</p>"
         },
         "SecurityGroupIds":{
           "shape":"SecurityGroupIds",
@@ -1194,18 +1484,22 @@
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>The tags to apply to the file system being created. The key value of the <code>Name</code> tag appears in the console as the file system name.</p>"
+          "documentation":"<p>The tags to apply to the file system that's being created. The key value of the <code>Name</code> tag appears in the console as the file system name.</p>"
         },
         "KmsKeyId":{"shape":"KmsKeyId"},
         "WindowsConfiguration":{
           "shape":"CreateFileSystemWindowsConfiguration",
-          "documentation":"<p>The Microsoft Windows configuration for the file system being created. </p>"
+          "documentation":"<p>The Microsoft Windows configuration for the file system that's being created. </p>"
         },
         "LustreConfiguration":{"shape":"CreateFileSystemLustreConfiguration"},
         "OntapConfiguration":{"shape":"CreateFileSystemOntapConfiguration"},
         "FileSystemTypeVersion":{
           "shape":"FileSystemTypeVersion",
-          "documentation":"<p>Sets the version of the Amazon FSx for Lustre file system you're creating. Valid values are <code>2.10</code> and <code>2.12</code>.</p> <ul> <li> <p>Set the value to <code>2.10</code> to create a Lustre 2.10 file system.</p> </li> <li> <p>Set the value to <code>2.12</code> to create a Lustre 2.12 file system.</p> </li> </ul> <p>Default value is <code>2.10</code>.</p>"
+          "documentation":"<p>(Optional) For FSx for Lustre file systems, sets the Lustre version for the file system that you're creating. Valid values are <code>2.10</code> and <code>2.12</code>:</p> <ul> <li> <p>2.10 is supported by the Scratch and Persistent_1 Lustre deployment types.</p> </li> <li> <p>2.12 is supported by all Lustre deployment types. <code>2.12</code> is required when setting FSx for Lustre <code>DeploymentType</code> to <code>PERSISTENT_2</code>.</p> </li> </ul> <p>Default value = <code>2.10</code>, except when <code>DeploymentType</code> is set to <code>PERSISTENT_2</code>, then the default is <code>2.12</code>.</p> <note> <p>If you set <code>FileSystemTypeVersion</code> to <code>2.10</code> for a <code>PERSISTENT_2</code> Lustre deployment type, the <code>CreateFileSystem</code> operation fails.</p> </note>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"CreateFileSystemOpenZFSConfiguration",
+          "documentation":"<p>The OpenZFS configuration for the file system that's being created.</p>"
         }
       },
       "documentation":"<p>The request object used to create a new Amazon FSx file system.</p>"
@@ -1239,7 +1533,7 @@
         },
         "ThroughputCapacity":{
           "shape":"MegabytesPerSecond",
-          "documentation":"<p>The throughput of an Amazon FSx file system, measured in megabytes per second, in 2 to the <i>n</i>th increments, between 2^3 (8) and 2^11 (2048).</p>"
+          "documentation":"<p>Sets the throughput capacity of an Amazon FSx file system, measured in megabytes per second (MB/s), in 2 to the <i>n</i>th increments, between 2^3 (8) and 2^11 (2048).</p>"
         },
         "WeeklyMaintenanceStartTime":{
           "shape":"WeeklyTime",
@@ -1301,6 +1595,95 @@
       },
       "documentation":"<p>Specifies the configuration of the ONTAP volume that you are creating.</p>"
     },
+    "CreateOpenZFSOriginSnapshotConfiguration":{
+      "type":"structure",
+      "required":[
+        "SnapshotARN",
+        "CopyStrategy"
+      ],
+      "members":{
+        "SnapshotARN":{"shape":"ResourceARN"},
+        "CopyStrategy":{
+          "shape":"OpenZFSCopyStrategy",
+          "documentation":"<p>The strategy used when copying data from the snapshot to the new volume. </p> <ul> <li> <p> <code>CLONE</code> - The new volume references the data in the origin snapshot. Cloning a snapshot is faster than copying data from the snapshot to a new volume and doesn't consume disk throughput. However, the origin snapshot can't be deleted if there is a volume using its copied data. </p> </li> <li> <p> <code>FULL_COPY</code> - Copies all data from the snapshot to the new volume. </p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The snapshot configuration to use when creating an OpenZFS volume from a snapshot. </p>"
+    },
+    "CreateOpenZFSVolumeConfiguration":{
+      "type":"structure",
+      "required":["ParentVolumeId"],
+      "members":{
+        "ParentVolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume to use as the parent volume. </p>"
+        },
+        "StorageCapacityReservationGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to reserve from the parent volume. You can't reserve more storage than the parent volume has reserved.</p>"
+        },
+        "StorageCapacityQuotaGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The maximum amount of storage in gibibytes (GiB) that the volume can use from its parent. You can specify a quota larger than the storage on the parent volume.</p>"
+        },
+        "DataCompressionType":{
+          "shape":"OpenZFSDataCompressionType",
+          "documentation":"<p>Specifies the method used to compress the data on the volume. Unless the compression type is specified, volumes inherit the <code>DataCompressionType</code> value of their parent volume.</p> <ul> <li> <p> <code>NONE</code> - Doesn't compress the data on the volume.</p> </li> <li> <p> <code>ZSTD</code> - Compresses the data in the volume using the Zstandard (ZSTD) compression algorithm. This algorithm reduces the amount of space used on your volume and has very little impact on compute resources.</p> </li> </ul>"
+        },
+        "CopyTagsToSnapshots":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code>, and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "OriginSnapshot":{
+          "shape":"CreateOpenZFSOriginSnapshotConfiguration",
+          "documentation":"<p>The configuration object that specifies the snapshot to use as the origin of the data for the volume.</p>"
+        },
+        "ReadOnly":{
+          "shape":"ReadOnly",
+          "documentation":"<p>A Boolean value indicating whether the volume is read-only. </p>"
+        },
+        "NfsExports":{
+          "shape":"OpenZFSNfsExports",
+          "documentation":"<p>The configuration object for mounting a Network File System (NFS) file system. </p>"
+        },
+        "UserAndGroupQuotas":{
+          "shape":"OpenZFSUserAndGroupQuotas",
+          "documentation":"<p>An object specifying how much storage users or groups can use on the volume. </p>"
+        }
+      },
+      "documentation":"<p>Specifies the configuration of the OpenZFS volume that you are creating.</p>"
+    },
+    "CreateSnapshotRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "VolumeId"
+      ],
+      "members":{
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "Name":{
+          "shape":"SnapshotName",
+          "documentation":"<p>The name of the snapshot. </p>"
+        },
+        "VolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume that you are taking a snapshot of.</p>"
+        },
+        "Tags":{"shape":"Tags"}
+      }
+    },
+    "CreateSnapshotResponse":{
+      "type":"structure",
+      "members":{
+        "Snapshot":{
+          "shape":"Snapshot",
+          "documentation":"<p>A description of the snapshot.</p>"
+        }
+      }
+    },
     "CreateStorageVirtualMachineRequest":{
       "type":"structure",
       "required":[
@@ -1398,17 +1781,21 @@
         },
         "VolumeType":{
           "shape":"VolumeType",
-          "documentation":"<p>Specifies the type of volume to create; <code>ONTAP</code> is the only valid volume type.</p>"
+          "documentation":"<p>Specifies the type of volume to create; <code>ONTAP</code> and <code>OPENZFS</code> are the only valid volume types.</p>"
         },
         "Name":{
           "shape":"VolumeName",
-          "documentation":"<p>Specifies the name of the volume you're creating.</p>"
+          "documentation":"<p>Specifies the name of the volume that you're creating.</p>"
         },
         "OntapConfiguration":{
           "shape":"CreateOntapVolumeConfiguration",
-          "documentation":"<p>Specifies the <code>ONTAP</code> configuration to use in creating the volume.</p>"
+          "documentation":"<p>Specifies the configuration to use when creating the ONTAP volume.</p>"
         },
-        "Tags":{"shape":"Tags"}
+        "Tags":{"shape":"Tags"},
+        "OpenZFSConfiguration":{
+          "shape":"CreateOpenZFSVolumeConfiguration",
+          "documentation":"<p>Specifies the configuration to use when creating the OpenZFS volume.</p>"
+        }
       }
     },
     "CreateVolumeResponse":{
@@ -1445,12 +1832,75 @@
         "LZ4"
       ]
     },
+    "DataRepositoryAssociation":{
+      "type":"structure",
+      "members":{
+        "AssociationId":{
+          "shape":"DataRepositoryAssociationId",
+          "documentation":"<p>The system-generated, unique ID of the data repository association.</p>"
+        },
+        "ResourceARN":{"shape":"ResourceARN"},
+        "FileSystemId":{"shape":"FileSystemId"},
+        "Lifecycle":{
+          "shape":"DataRepositoryLifecycle",
+          "documentation":"<p>Describes the state of a data repository association. The lifecycle can have the following values:</p> <ul> <li> <p> <code>CREATING</code> - The data repository association between the FSx file system and the S3 data repository is being created. The data repository is unavailable.</p> </li> <li> <p> <code>AVAILABLE</code> - The data repository association is available for use.</p> </li> <li> <p> <code>MISCONFIGURED</code> - Amazon FSx cannot automatically import updates from the S3 bucket or automatically export updates to the S3 bucket until the data repository association configuration is corrected.</p> </li> <li> <p> <code>UPDATING</code> - The data repository association is undergoing a customer initiated update that might affect its availability.</p> </li> <li> <p> <code>DELETING</code> - The data repository association is undergoing a customer initiated deletion.</p> </li> <li> <p> <code>FAILED</code> - The data repository association is in a terminal state that cannot be recovered.</p> </li> </ul>"
+        },
+        "FailureDetails":{"shape":"DataRepositoryFailureDetails"},
+        "FileSystemPath":{
+          "shape":"Namespace",
+          "documentation":"<p>A path on the file system that points to a high-level directory (such as <code>/ns1/</code>) or subdirectory (such as <code>/ns1/subdir/</code>) that will be mapped 1-1 with <code>DataRepositoryPath</code>. The leading forward slash in the name is required. Two data repository associations cannot have overlapping file system paths. For example, if a data repository is associated with file system path <code>/ns1/</code>, then you cannot link another data repository with file system path <code>/ns1/ns2</code>.</p> <p>This path specifies where in your file system files will be exported from or imported to. This file system directory can be linked to only one Amazon S3 bucket, and no other S3 bucket can be linked to the directory. </p>"
+        },
+        "DataRepositoryPath":{
+          "shape":"ArchivePath",
+          "documentation":"<p>The path to the Amazon S3 data repository that will be linked to the file system. The path can be an S3 bucket or prefix in the format <code>s3://myBucket/myPrefix/</code>. This path specifies where in the S3 data repository files will be imported from or exported to.</p>"
+        },
+        "BatchImportMetaDataOnCreate":{
+          "shape":"BatchImportMetaDataOnCreate",
+          "documentation":"<p>A boolean flag indicating whether an import data repository task to import metadata should run after the data repository association is created. The task runs if this flag is set to <code>true</code>.</p>"
+        },
+        "ImportedFileChunkSize":{
+          "shape":"Megabytes",
+          "documentation":"<p>For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system.</p> <p>The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.</p>"
+        },
+        "S3":{
+          "shape":"S3DataRepositoryConfiguration",
+          "documentation":"<p>The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository.</p>"
+        },
+        "Tags":{"shape":"Tags"},
+        "CreationTime":{"shape":"CreationTime"}
+      },
+      "documentation":"<p>The configuration of a data repository association that links an Amazon FSx for Lustre file system to an Amazon S3 bucket. The data repository association configuration object is returned in the response of the following operations:</p> <ul> <li> <p> <code>CreateDataRepositoryAssociation</code> </p> </li> <li> <p> <code>UpdateDataRepositoryAssociation</code> </p> </li> <li> <p> <code>DescribeDataRepositoryAssociations</code> </p> </li> </ul> <p>Data repository associations are supported only for file systems with the <code>Persistent_2</code> deployment type.</p>"
+    },
+    "DataRepositoryAssociationId":{
+      "type":"string",
+      "max":23,
+      "min":13,
+      "pattern":"^(dra-[0-9a-f]{8,})$"
+    },
+    "DataRepositoryAssociationIds":{
+      "type":"list",
+      "member":{"shape":"DataRepositoryAssociationId"},
+      "max":50
+    },
+    "DataRepositoryAssociationNotFound":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>No data repository associations were found based upon the supplied parameters.</p>",
+      "exception":true
+    },
+    "DataRepositoryAssociations":{
+      "type":"list",
+      "member":{"shape":"DataRepositoryAssociation"},
+      "max":100
+    },
     "DataRepositoryConfiguration":{
       "type":"structure",
       "members":{
         "Lifecycle":{
           "shape":"DataRepositoryLifecycle",
-          "documentation":"<p>Describes the state of the file system's S3 durable data repository, if it is configured with an S3 repository. The lifecycle can have the following values:</p> <ul> <li> <p> <code>CREATING</code> - The data repository configuration between the FSx file system and the linked S3 data repository is being created. The data repository is unavailable.</p> </li> <li> <p> <code>AVAILABLE</code> - The data repository is available for use.</p> </li> <li> <p> <code>MISCONFIGURED</code> - Amazon FSx cannot automatically import updates from the S3 bucket until the data repository configuration is corrected. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/troubleshooting.html#troubleshooting-misconfigured-data-repository\">Troubleshooting a Misconfigured linked S3 bucket</a>. </p> </li> <li> <p> <code>UPDATING</code> - The data repository is undergoing a customer initiated update and availability may be impacted.</p> </li> </ul>"
+          "documentation":"<p>Describes the state of the file system's S3 durable data repository, if it is configured with an S3 repository. The lifecycle can have the following values:</p> <ul> <li> <p> <code>CREATING</code> - The data repository configuration between the FSx file system and the linked S3 data repository is being created. The data repository is unavailable.</p> </li> <li> <p> <code>AVAILABLE</code> - The data repository is available for use.</p> </li> <li> <p> <code>MISCONFIGURED</code> - Amazon FSx cannot automatically import updates from the S3 bucket until the data repository configuration is corrected. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/troubleshooting.html#troubleshooting-misconfigured-data-repository\">Troubleshooting a Misconfigured linked S3 bucket</a>. </p> </li> <li> <p> <code>UPDATING</code> - The data repository is undergoing a customer initiated update and availability may be impacted.</p> </li> <li> <p> <code>FAILED</code> - The data repository is in a terminal state that cannot be recovered.</p> </li> </ul>"
         },
         "ImportPath":{
           "shape":"ArchivePath",
@@ -1466,18 +1916,18 @@
         },
         "AutoImportPolicy":{
           "shape":"AutoImportPolicyType",
-          "documentation":"<p>Describes the file system's linked S3 data repository's <code>AutoImportPolicy</code>. The AutoImportPolicy configures how Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update file and directory listings for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option. </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html\">Automatically import updates from your S3 bucket</a>.</p>"
+          "documentation":"<p>Describes the file system's linked S3 data repository's <code>AutoImportPolicy</code>. The AutoImportPolicy configures how Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update file and directory listings for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option.</p> </li> <li> <p> <code>NEW_CHANGED_DELETED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket, any existing objects that are changed in the S3 bucket, and any objects that were deleted in the S3 bucket.</p> </li> </ul>"
         },
         "FailureDetails":{"shape":"DataRepositoryFailureDetails"}
       },
-      "documentation":"<p>The data repository configuration object for Lustre file systems returned in the response of the <code>CreateFileSystem</code> operation.</p>"
+      "documentation":"<p>The data repository configuration object for Lustre file systems returned in the response of the <code>CreateFileSystem</code> operation.</p> <p>This data type is not supported for file systems with the <code>Persistent_2</code> deployment type. Instead, use .</p>"
     },
     "DataRepositoryFailureDetails":{
       "type":"structure",
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>Provides detailed information about the data respository if its <code>Lifecycle</code> is set to <code>MISCONFIGURED</code>.</p>"
+      "documentation":"<p>Provides detailed information about the data respository if its <code>Lifecycle</code> is set to <code>MISCONFIGURED</code> or <code>FAILED</code>.</p>"
     },
     "DataRepositoryLifecycle":{
       "type":"string",
@@ -1486,7 +1936,8 @@
         "AVAILABLE",
         "MISCONFIGURED",
         "UPDATING",
-        "DELETING"
+        "DELETING",
+        "FAILED"
       ]
     },
     "DataRepositoryTask":{
@@ -1509,7 +1960,7 @@
         },
         "Type":{
           "shape":"DataRepositoryTaskType",
-          "documentation":"<p>The type of data repository task; EXPORT_TO_REPOSITORY is the only type currently supported.</p>"
+          "documentation":"<p>The type of data repository task.</p> <ul> <li> <p>The <code>EXPORT_TO_REPOSITORY</code> data repository task exports from your Lustre file system from to a linked S3 bucket.</p> </li> <li> <p>The <code>IMPORT_METADATA_FROM_REPOSITORY</code> data repository task imports metadata changes from a linked S3 bucket to your Lustre file system.</p> </li> </ul>"
         },
         "CreationTime":{"shape":"CreationTime"},
         "StartTime":{
@@ -1537,7 +1988,7 @@
         },
         "Report":{"shape":"CompletionReport"}
       },
-      "documentation":"<p>A description of the data repository task. You use data repository tasks to perform bulk transfer operations between your Amazon FSx file system and its linked data repository.</p>"
+      "documentation":"<p>A description of the data repository task. You use data repository tasks to perform bulk transfer operations between your Amazon FSx file system and a linked data repository.</p>"
     },
     "DataRepositoryTaskEnded":{
       "type":"structure",
@@ -1580,7 +2031,8 @@
       "type":"string",
       "enum":[
         "file-system-id",
-        "task-lifecycle"
+        "task-lifecycle",
+        "data-repository-association-id"
       ]
     },
     "DataRepositoryTaskFilterValue":{
@@ -1653,7 +2105,10 @@
     },
     "DataRepositoryTaskType":{
       "type":"string",
-      "enum":["EXPORT_TO_REPOSITORY"]
+      "enum":[
+        "EXPORT_TO_REPOSITORY",
+        "IMPORT_METADATA_FROM_REPOSITORY"
+      ]
     },
     "DataRepositoryTasks":{
       "type":"list",
@@ -1666,36 +2121,75 @@
       "members":{
         "BackupId":{
           "shape":"BackupId",
-          "documentation":"<p>The ID of the backup you want to delete.</p>"
+          "documentation":"<p>The ID of the backup that you want to delete.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent deletion. This is automatically filled on your behalf when using the CLI or SDK.</p>",
+          "documentation":"<p>A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent deletion. This parameter is automatically filled on your behalf when using the CLI or SDK.</p>",
           "idempotencyToken":true
         }
       },
-      "documentation":"<p>The request object for <code>DeleteBackup</code> operation.</p>"
+      "documentation":"<p>The request object for the <code>DeleteBackup</code> operation.</p>"
     },
     "DeleteBackupResponse":{
       "type":"structure",
       "members":{
         "BackupId":{
           "shape":"BackupId",
-          "documentation":"<p>The ID of the backup deleted.</p>"
+          "documentation":"<p>The ID of the backup that was deleted.</p>"
         },
         "Lifecycle":{
           "shape":"BackupLifecycle",
-          "documentation":"<p>The lifecycle of the backup. Should be <code>DELETED</code>.</p>"
+          "documentation":"<p>The lifecycle status of the backup. If the <code>DeleteBackup</code> operation is successful, the status is <code>DELETED</code>.</p>"
         }
       },
-      "documentation":"<p>The response object for <code>DeleteBackup</code> operation.</p>"
+      "documentation":"<p>The response object for the <code>DeleteBackup</code> operation.</p>"
+    },
+    "DeleteDataInFileSystem":{"type":"boolean"},
+    "DeleteDataRepositoryAssociationRequest":{
+      "type":"structure",
+      "required":[
+        "AssociationId",
+        "DeleteDataInFileSystem"
+      ],
+      "members":{
+        "AssociationId":{
+          "shape":"DataRepositoryAssociationId",
+          "documentation":"<p>The ID of the data repository association that you want to delete.</p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "DeleteDataInFileSystem":{
+          "shape":"DeleteDataInFileSystem",
+          "documentation":"<p>Set to <code>true</code> to delete the data in the file system that corresponds to the data repository association.</p>"
+        }
+      }
+    },
+    "DeleteDataRepositoryAssociationResponse":{
+      "type":"structure",
+      "members":{
+        "AssociationId":{
+          "shape":"DataRepositoryAssociationId",
+          "documentation":"<p>The ID of the data repository association being deleted.</p>"
+        },
+        "Lifecycle":{
+          "shape":"DataRepositoryLifecycle",
+          "documentation":"<p>Describes the lifecycle state of the data repository association being deleted.</p>"
+        },
+        "DeleteDataInFileSystem":{
+          "shape":"DeleteDataInFileSystem",
+          "documentation":"<p>Indicates whether data in the file system that corresponds to the data repository association is being deleted. Default is <code>false</code>.</p>"
+        }
+      }
     },
     "DeleteFileSystemLustreConfiguration":{
       "type":"structure",
       "members":{
         "SkipFinalBackup":{
           "shape":"Flag",
-          "documentation":"<p>Set <code>SkipFinalBackup</code> to false if you want to take a final backup of the file system you are deleting. By default, Amazon FSx will not take a final backup on your behalf when the <code>DeleteFileSystem</code> operation is invoked. (Default = true)</p>"
+          "documentation":"<p>Set <code>SkipFinalBackup</code> to false if you want to take a final backup of the file system you are deleting. By default, Amazon FSx will not take a final backup on your behalf when the <code>DeleteFileSystem</code> operation is invoked. (Default = true)</p> <note> <p>The <code>fsx:CreateBackup</code> permission is required if you set <code>SkipFinalBackup</code> to <code>false</code> in order to delete the file system and take a final backup.</p> </note>"
         },
         "FinalBackupTags":{
           "shape":"Tags",
@@ -1718,21 +2212,44 @@
       },
       "documentation":"<p>The response object for the Amazon FSx for Lustre file system being deleted in the <code>DeleteFileSystem</code> operation.</p>"
     },
+    "DeleteFileSystemOpenZFSConfiguration":{
+      "type":"structure",
+      "members":{
+        "SkipFinalBackup":{
+          "shape":"Flag",
+          "documentation":"<p>By default, Amazon FSx for OpenZFS takes a final backup on your behalf when the <code>DeleteFileSystem</code> operation is invoked. Doing this helps protect you from data loss, and we highly recommend taking the final backup. If you want to skip this backup, use this value to do so. </p>"
+        },
+        "FinalBackupTags":{"shape":"Tags"}
+      },
+      "documentation":"<p>The configuration object for the OpenZFS file system used in the <code>DeleteFileSystem</code> operation.</p>"
+    },
+    "DeleteFileSystemOpenZFSResponse":{
+      "type":"structure",
+      "members":{
+        "FinalBackupId":{"shape":"BackupId"},
+        "FinalBackupTags":{"shape":"Tags"}
+      },
+      "documentation":"<p>The response object for the Amazon FSx for OpenZFS file system that's being deleted in the <code>DeleteFileSystem</code> operation.</p>"
+    },
     "DeleteFileSystemRequest":{
       "type":"structure",
       "required":["FileSystemId"],
       "members":{
         "FileSystemId":{
           "shape":"FileSystemId",
-          "documentation":"<p>The ID of the file system you want to delete.</p>"
+          "documentation":"<p>The ID of the file system that you want to delete.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p>A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent deletion. This is automatically filled on your behalf when using the Command Line Interface (CLI) or an Amazon Web Services SDK.</p>",
+          "documentation":"<p>A string of up to 64 ASCII characters that Amazon FSx uses to ensure idempotent deletion. This token is automatically filled on your behalf when using the Command Line Interface (CLI) or an Amazon Web Services SDK.</p>",
           "idempotencyToken":true
         },
         "WindowsConfiguration":{"shape":"DeleteFileSystemWindowsConfiguration"},
-        "LustreConfiguration":{"shape":"DeleteFileSystemLustreConfiguration"}
+        "LustreConfiguration":{"shape":"DeleteFileSystemLustreConfiguration"},
+        "OpenZFSConfiguration":{
+          "shape":"DeleteFileSystemOpenZFSConfiguration",
+          "documentation":"<p>The configuration object for the OpenZFS file system used in the <code>DeleteFileSystem</code> operation.</p>"
+        }
       },
       "documentation":"<p>The request object for <code>DeleteFileSystem</code> operation.</p>"
     },
@@ -1741,14 +2258,18 @@
       "members":{
         "FileSystemId":{
           "shape":"FileSystemId",
-          "documentation":"<p>The ID of the file system being deleted.</p>"
+          "documentation":"<p>The ID of the file system that's being deleted.</p>"
         },
         "Lifecycle":{
           "shape":"FileSystemLifecycle",
-          "documentation":"<p>The file system lifecycle for the deletion request. Should be <code>DELETING</code>.</p>"
+          "documentation":"<p>The file system lifecycle for the deletion request. If the <code>DeleteFileSystem</code> operation is successful, this status is <code>DELETING</code>.</p>"
         },
         "WindowsResponse":{"shape":"DeleteFileSystemWindowsResponse"},
-        "LustreResponse":{"shape":"DeleteFileSystemLustreResponse"}
+        "LustreResponse":{"shape":"DeleteFileSystemLustreResponse"},
+        "OpenZFSResponse":{
+          "shape":"DeleteFileSystemOpenZFSResponse",
+          "documentation":"<p>The response object for the OpenZFS file system that's being deleted in the <code>DeleteFileSystem</code> operation.</p>"
+        }
       },
       "documentation":"<p>The response object for the <code>DeleteFileSystem</code> operation.</p>"
     },
@@ -1780,6 +2301,42 @@
       },
       "documentation":"<p>The response object for the Microsoft Windows file system used in the <code>DeleteFileSystem</code> operation.</p>"
     },
+    "DeleteOpenZFSVolumeOption":{
+      "type":"string",
+      "enum":["DELETE_CHILD_VOLUMES_AND_SNAPSHOTS"]
+    },
+    "DeleteOpenZFSVolumeOptions":{
+      "type":"list",
+      "member":{"shape":"DeleteOpenZFSVolumeOption"},
+      "max":1
+    },
+    "DeleteSnapshotRequest":{
+      "type":"structure",
+      "required":["SnapshotId"],
+      "members":{
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot that you want to delete.</p>"
+        }
+      }
+    },
+    "DeleteSnapshotResponse":{
+      "type":"structure",
+      "members":{
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the deleted snapshot.</p>"
+        },
+        "Lifecycle":{
+          "shape":"SnapshotLifecycle",
+          "documentation":"<p>The lifecycle status of the snapshot. If the <code>DeleteSnapshot</code> operation is successful, this status is <code>DELETING</code>.</p>"
+        }
+      }
+    },
     "DeleteStorageVirtualMachineRequest":{
       "type":"structure",
       "required":["StorageVirtualMachineId"],
@@ -1826,6 +2383,16 @@
       },
       "documentation":"<p>The response object for the Amazon FSx for NetApp ONTAP volume being deleted in the <code>DeleteVolume</code> operation.</p>"
     },
+    "DeleteVolumeOpenZFSConfiguration":{
+      "type":"structure",
+      "members":{
+        "Options":{
+          "shape":"DeleteOpenZFSVolumeOptions",
+          "documentation":"<p>To delete the volume's child volumes, snapshots, and clones, use the string <code>DELETE_CHILD_VOLUMES_AND_SNAPSHOTS</code>.</p>"
+        }
+      },
+      "documentation":"<p>A value that specifies whether to delete all child volumes and snapshots. </p>"
+    },
     "DeleteVolumeRequest":{
       "type":"structure",
       "required":["VolumeId"],
@@ -1836,11 +2403,15 @@
         },
         "VolumeId":{
           "shape":"VolumeId",
-          "documentation":"<p>The ID of the volume you are deleting.</p>"
+          "documentation":"<p>The ID of the volume that you are deleting.</p>"
         },
         "OntapConfiguration":{
           "shape":"DeleteVolumeOntapConfiguration",
-          "documentation":"<p>For Amazon FSx for ONTAP volumes, specify whether to take a final backup of the volume, and apply tags to the backup.</p>"
+          "documentation":"<p>For Amazon FSx for ONTAP volumes, specify whether to take a final backup of the volume and apply tags to the backup. To apply tags to the backup, you must have the <code>fsx:TagResource</code> permission.</p>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"DeleteVolumeOpenZFSConfiguration",
+          "documentation":"<p>For Amazon FSx for OpenZFS volumes, specify whether to delete all child volumes and snapshots.</p>"
         }
       }
     },
@@ -1849,15 +2420,15 @@
       "members":{
         "VolumeId":{
           "shape":"VolumeId",
-          "documentation":"<p>The ID of the volume being deleted.</p>"
+          "documentation":"<p>The ID of the volume that's being deleted.</p>"
         },
         "Lifecycle":{
           "shape":"VolumeLifecycle",
-          "documentation":"<p>Describes the lifecycle state of the volume being deleted.</p>"
+          "documentation":"<p>The lifecycle state of the volume being deleted. If the <code>DeleteVolume</code> operation is successful, this value is <code>DELETING</code>.</p>"
         },
         "OntapResponse":{
           "shape":"DeleteVolumeOntapResponse",
-          "documentation":"<p>Returned after a <code>DeleteVolume request, showing the status of the delete request.</code> </p>"
+          "documentation":"<p>Returned after a <code>DeleteVolume</code> request, showing the status of the delete request.</p>"
         }
       }
     },
@@ -1866,22 +2437,22 @@
       "members":{
         "BackupIds":{
           "shape":"BackupIds",
-          "documentation":"<p>IDs of the backups you want to retrieve (String). This overrides any filters. If any IDs are not found, BackupNotFound will be thrown.</p>"
+          "documentation":"<p>The IDs of the backups that you want to retrieve. This parameter value overrides any filters. If any IDs aren't found, a <code>BackupNotFound</code> error occurs.</p>"
         },
         "Filters":{
           "shape":"Filters",
-          "documentation":"<p>Filters structure. Supported names are <code>file-system-id</code>, <code>backup-type</code>, <code>file-system-type</code>, and <code>volume-id</code>.</p>"
+          "documentation":"<p>The filters structure. The supported names are <code>file-system-id</code>, <code>backup-type</code>, <code>file-system-type</code>, and <code>volume-id</code>.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>Maximum number of backups to return in the response (integer). This parameter value must be greater than 0. The number of items that Amazon FSx returns is the minimum of the <code>MaxResults</code> parameter specified in the request and the service's internal maximum number of items per page.</p>"
+          "documentation":"<p>Maximum number of backups to return in the response. This parameter value must be greater than 0. The number of items that Amazon FSx returns is the minimum of the <code>MaxResults</code> parameter specified in the request and the service's internal maximum number of items per page.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>Opaque pagination token returned from a previous <code>DescribeBackups</code> operation (String). If a token present, the action continues the list from where the returning call left off.</p>"
+          "documentation":"<p>An opaque pagination token returned from a previous <code>DescribeBackups</code> operation. If a token is present, the operation continues the list from where the returning call left off.</p>"
         }
       },
-      "documentation":"<p>The request object for <code>DescribeBackups</code> operation.</p>"
+      "documentation":"<p>The request object for the <code>DescribeBackups</code> operation.</p>"
     },
     "DescribeBackupsResponse":{
       "type":"structure",
@@ -1892,10 +2463,35 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>This is present if there are more backups than returned in the response (String). You can use the <code>NextToken</code> value in the later request to fetch the backups. </p>"
+          "documentation":"<p>A <code>NextToken</code> value is present if there are more backups than returned in the response. You can use the <code>NextToken</code> value in the subsequent request to fetch the backups. </p>"
         }
       },
-      "documentation":"<p>Response object for <code>DescribeBackups</code> operation.</p>"
+      "documentation":"<p>Response object for the <code>DescribeBackups</code> operation.</p>"
+    },
+    "DescribeDataRepositoryAssociationsRequest":{
+      "type":"structure",
+      "members":{
+        "AssociationIds":{
+          "shape":"DataRepositoryAssociationIds",
+          "documentation":"<p>IDs of the data repository associations whose descriptions you want to retrieve (String).</p>"
+        },
+        "Filters":{"shape":"Filters"},
+        "MaxResults":{
+          "shape":"LimitedMaxResults",
+          "documentation":"<p>The maximum number of resources to return in the response. This value must be an integer greater than zero.</p>"
+        },
+        "NextToken":{"shape":"NextToken"}
+      }
+    },
+    "DescribeDataRepositoryAssociationsResponse":{
+      "type":"structure",
+      "members":{
+        "Associations":{
+          "shape":"DataRepositoryAssociations",
+          "documentation":"<p>An array of one ore more data repository association descriptions.</p>"
+        },
+        "NextToken":{"shape":"NextToken"}
+      }
     },
     "DescribeDataRepositoryTasksRequest":{
       "type":"structure",
@@ -1972,7 +2568,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>Opaque pagination token returned from a previous <code>DescribeFileSystems</code> operation (String). If a token present, the action continues the list from where the returning call left off.</p>"
+          "documentation":"<p>Opaque pagination token returned from a previous <code>DescribeFileSystems</code> operation (String). If a token present, the operation continues the list from where the returning call left off.</p>"
         }
       },
       "documentation":"<p>The request object for <code>DescribeFileSystems</code> operation.</p>"
@@ -1991,6 +2587,31 @@
       },
       "documentation":"<p>The response object for <code>DescribeFileSystems</code> operation.</p>"
     },
+    "DescribeSnapshotsRequest":{
+      "type":"structure",
+      "members":{
+        "SnapshotIds":{
+          "shape":"SnapshotIds",
+          "documentation":"<p>The IDs of the snapshots that you want to retrieve. This parameter value overrides any filters. If any IDs aren't found, a <code>SnapshotNotFound</code> error occurs.</p>"
+        },
+        "Filters":{
+          "shape":"SnapshotFilters",
+          "documentation":"<p>The filters structure. The supported names are <code>file-system-id</code> or <code>volume-id</code>.</p>"
+        },
+        "MaxResults":{"shape":"MaxResults"},
+        "NextToken":{"shape":"NextToken"}
+      }
+    },
+    "DescribeSnapshotsResponse":{
+      "type":"structure",
+      "members":{
+        "Snapshots":{
+          "shape":"Snapshots",
+          "documentation":"<p>An array of snapshots.</p>"
+        },
+        "NextToken":{"shape":"NextToken"}
+      }
+    },
     "DescribeStorageVirtualMachinesRequest":{
       "type":"structure",
       "members":{
@@ -2021,11 +2642,11 @@
       "members":{
         "VolumeIds":{
           "shape":"VolumeIds",
-          "documentation":"<p>IDs of the volumes whose descriptions you want to retrieve.</p>"
+          "documentation":"<p>The IDs of the volumes whose descriptions you want to retrieve.</p>"
         },
         "Filters":{
           "shape":"VolumeFilters",
-          "documentation":"<p>Enter a filter name:value pair to view a select set of volumes.</p>"
+          "documentation":"<p>Enter a filter <code>Name</code> and <code>Values</code> pair to view a select set of volumes.</p>"
         },
         "MaxResults":{"shape":"MaxResults"},
         "NextToken":{"shape":"NextToken"}
@@ -2104,7 +2725,7 @@
           "documentation":"<p>The total number of SSD IOPS provisioned for the file system.</p>"
         }
       },
-      "documentation":"<p>The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for NetApp ONTAP file system. The default is 3 IOPS per GB of storage capacity, but you can provision additional IOPS per GB of storage. The configuration consists of the total number of provisioned SSD IOPS and how the amount was provisioned (by the customer or by the system).</p>"
+      "documentation":"<p>The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS file system. The default is 3 IOPS per GB of storage capacity, but you can provision additional IOPS per GB of storage. The configuration consists of the total number of provisioned SSD IOPS and how the amount was provisioned (by the customer or by the system).</p>"
     },
     "DiskIopsConfigurationMode":{
       "type":"string",
@@ -2133,6 +2754,19 @@
       "max":256,
       "min":1
     },
+    "EventType":{
+      "type":"string",
+      "enum":[
+        "NEW",
+        "CHANGED",
+        "DELETED"
+      ]
+    },
+    "EventTypes":{
+      "type":"list",
+      "member":{"shape":"EventType"},
+      "max":3
+    },
     "FailedCount":{"type":"long"},
     "FileSystem":{
       "type":"structure",
@@ -2151,11 +2785,11 @@
         },
         "FileSystemType":{
           "shape":"FileSystemType",
-          "documentation":"<p>The type of Amazon FSx file system, which can be <code>LUSTRE</code>, <code>WINDOWS</code>, or <code>ONTAP</code>.</p>"
+          "documentation":"<p>The type of Amazon FSx file system, which can be <code>LUSTRE</code>, <code>WINDOWS</code>, <code>ONTAP</code>, or <code>OPENZFS</code>.</p>"
         },
         "Lifecycle":{
           "shape":"FileSystemLifecycle",
-          "documentation":"<p>The lifecycle status of the file system, following are the possible values and what they mean:</p> <ul> <li> <p> <code>AVAILABLE</code> - The file system is in a healthy state, and is reachable and available for use.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new file system.</p> </li> <li> <p> <code>DELETING</code> - Amazon FSx is deleting an existing file system.</p> </li> <li> <p> <code>FAILED</code> - An existing file system has experienced an unrecoverable failure. When creating a new file system, Amazon FSx was unable to create the file system.</p> </li> <li> <p> <code>MISCONFIGURED</code> indicates that the file system is in a failed but recoverable state.</p> </li> <li> <p> <code>UPDATING</code> indicates that the file system is undergoing a customer initiated update.</p> </li> </ul>"
+          "documentation":"<p>The lifecycle status of the file system. The following are the possible values and what they mean:</p> <ul> <li> <p> <code>AVAILABLE</code> - The file system is in a healthy state, and is reachable and available for use.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new file system.</p> </li> <li> <p> <code>DELETING</code> - Amazon FSx is deleting an existing file system.</p> </li> <li> <p> <code>FAILED</code> - An existing file system has experienced an unrecoverable failure. When creating a new file system, Amazon FSx was unable to create the file system.</p> </li> <li> <p> <code>MISCONFIGURED</code> - The file system is in a failed but recoverable state.</p> </li> <li> <p> <code>UPDATING</code> - The file system is undergoing a customer-initiated update.</p> </li> </ul>"
         },
         "FailureDetails":{"shape":"FileSystemFailureDetails"},
         "StorageCapacity":{
@@ -2164,27 +2798,27 @@
         },
         "StorageType":{
           "shape":"StorageType",
-          "documentation":"<p>The storage type of the file system. Valid values are <code>SSD</code> and <code>HDD</code>. If set to <code>SSD</code>, the file system uses solid state drive storage. If set to <code>HDD</code>, the file system uses hard disk drive storage. </p>"
+          "documentation":"<p>The type of storage the file system is using. If set to <code>SSD</code>, the file system uses solid state drive storage. If set to <code>HDD</code>, the file system uses hard disk drive storage. </p>"
         },
         "VpcId":{
           "shape":"VpcId",
-          "documentation":"<p>The ID of the primary VPC for the file system.</p>"
+          "documentation":"<p>The ID of the primary virtual private cloud (VPC) for the file system.</p>"
         },
         "SubnetIds":{
           "shape":"SubnetIds",
-          "documentation":"<p>Specifies the IDs of the subnets that the file system is accessible from. For Windows and ONTAP <code>MULTI_AZ_1</code> file system deployment type, there are two subnet IDs, one for the preferred file server and one for the standby file server. The preferred file server subnet identified in the <code>PreferredSubnetID</code> property. All other file systems have only one subnet ID.</p> <p>For Lustre file systems, and Single-AZ Windows file systems, this is the ID of the subnet that contains the endpoint for the file system. For <code>MULTI_AZ_1</code> Windows and ONTAP file systems, the endpoint for the file system is available in the <code>PreferredSubnetID</code>.</p>"
+          "documentation":"<p>Specifies the IDs of the subnets that the file system is accessible from. For the Amazon FSx Windows and ONTAP <code>MULTI_AZ_1</code> file system deployment type, there are two subnet IDs, one for the preferred file server and one for the standby file server. The preferred file server subnet identified in the <code>PreferredSubnetID</code> property. All other file systems have only one subnet ID.</p> <p>For FSx for Lustre file systems, and Single-AZ Windows file systems, this is the ID of the subnet that contains the file system's endpoint. For <code>MULTI_AZ_1</code> Windows and ONTAP file systems, the file system endpoint is available in the <code>PreferredSubnetID</code>.</p>"
         },
         "NetworkInterfaceIds":{
           "shape":"NetworkInterfaceIds",
-          "documentation":"<p>The IDs of the elastic network interface from which a specific file system is accessible. The elastic network interface is automatically created in the same VPC that the Amazon FSx file system was created in. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html\">Elastic Network Interfaces</a> in the <i>Amazon EC2 User Guide.</i> </p> <p>For an Amazon FSx for Windows File Server file system, you can have one network interface ID. For an Amazon FSx for Lustre file system, you can have more than one.</p>"
+          "documentation":"<p>The IDs of the elastic network interfaces from which a specific file system is accessible. The elastic network interface is automatically created in the same virtual private cloud (VPC) that the Amazon FSx file system was created in. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html\">Elastic Network Interfaces</a> in the <i>Amazon EC2 User Guide.</i> </p> <p>For an Amazon FSx for Windows File Server file system, you can have one network interface ID. For an Amazon FSx for Lustre file system, you can have more than one.</p>"
         },
         "DNSName":{
           "shape":"DNSName",
-          "documentation":"<p>The DNS name for the file system.</p>"
+          "documentation":"<p>The Domain Name System (DNS) name for the file system.</p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and persistent Amazon FSx for Lustre file systems at rest. If not specified, the Amazon FSx managed key is used. The scratch Amazon FSx for Lustre file systems are always encrypted at rest using Amazon FSx managed keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html\">Encrypt</a> in the <i>Key Management Service API Reference</i>.</p>"
+          "documentation":"<p>The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and <code>PERSISTENT</code> Amazon FSx for Lustre file systems at rest. If this ID isn't specified, the Amazon FSx-managed key for your account is used. The scratch Amazon FSx for Lustre file systems are always encrypted at rest using the Amazon FSx-managed key for your account. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html\">Encrypt</a> in the <i>Key Management Service API Reference</i>.</p>"
         },
         "ResourceARN":{
           "shape":"ResourceARN",
@@ -2192,24 +2826,28 @@
         },
         "Tags":{
           "shape":"Tags",
-          "documentation":"<p>The tags to associate with the file system. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html\">Tagging Your Amazon EC2 Resources</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+          "documentation":"<p>The tags to associate with the file system. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html\">Tagging your Amazon EC2 resources</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         },
         "WindowsConfiguration":{
           "shape":"WindowsFileSystemConfiguration",
-          "documentation":"<p>The configuration for this Microsoft Windows file system.</p>"
+          "documentation":"<p>The configuration for this FSx for Windows File Server file system.</p>"
         },
         "LustreConfiguration":{"shape":"LustreFileSystemConfiguration"},
         "AdministrativeActions":{
           "shape":"AdministrativeActions",
-          "documentation":"<p>A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Amazon FSx file system that you have initiated using the <code>UpdateFileSystem</code> action.</p>"
+          "documentation":"<p>A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Amazon FSx system that you have initiated using the <code>UpdateFileSystem</code> operation.</p>"
         },
         "OntapConfiguration":{
           "shape":"OntapFileSystemConfiguration",
-          "documentation":"<p>The configuration for this FSx for NetApp ONTAP file system.</p>"
+          "documentation":"<p>The configuration for this FSx for ONTAP file system.</p>"
         },
         "FileSystemTypeVersion":{
           "shape":"FileSystemTypeVersion",
-          "documentation":"<p>The version of your Amazon FSx for Lustre file system, either <code>2.10</code> or <code>2.12</code>.</p>"
+          "documentation":"<p>The Lustre version of the Amazon FSx for Lustre file system, either <code>2.10</code> or <code>2.12</code>.</p>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"OpenZFSFileSystemConfiguration",
+          "documentation":"<p>The configuration for this Amazon FSx for OpenZFS file system.</p>"
         }
       },
       "documentation":"<p>A description of a specific Amazon FSx file system.</p>"
@@ -2253,7 +2891,7 @@
           "documentation":"<p>A message describing any failures that occurred during file system creation.</p>"
         }
       },
-      "documentation":"<p>A structure providing details of any failures that occur when creating the file system has failed.</p>"
+      "documentation":"<p>A structure providing details of any failures that occurred when creating a file system.</p>"
     },
     "FileSystemId":{
       "type":"string",
@@ -2265,7 +2903,7 @@
     "FileSystemIds":{
       "type":"list",
       "member":{"shape":"FileSystemId"},
-      "documentation":"<p>A list of <code>FileSystemId</code>s.</p>",
+      "documentation":"<p>A list of file system IDs.</p>",
       "max":50
     },
     "FileSystemLifecycle":{
@@ -2308,14 +2946,15 @@
       "enum":[
         "WINDOWS",
         "LUSTRE",
-        "ONTAP"
+        "ONTAP",
+        "OPENZFS"
       ]
     },
     "FileSystemTypeVersion":{
       "type":"string",
       "max":20,
       "min":1,
-      "pattern":"^[0-9](\\.[0-9]*)*$"
+      "pattern":"^[0-9](.[0-9]*)*$"
     },
     "FileSystems":{
       "type":"list",
@@ -2344,7 +2983,8 @@
         "file-system-id",
         "backup-type",
         "file-system-type",
-        "volume-id"
+        "volume-id",
+        "data-repository-type"
       ]
     },
     "FilterValue":{
@@ -2402,6 +3042,11 @@
       "documentation":"<p>Amazon FSx doesn't support Multi-AZ Windows File Server copy backup in the destination Region, so the copied backup can't be restored.</p>",
       "exception":true
     },
+    "IntegerNoMax":{
+      "type":"integer",
+      "max":2147483647,
+      "min":0
+    },
     "InternalServerError":{
       "type":"structure",
       "members":{
@@ -2411,12 +3056,20 @@
       "exception":true,
       "fault":true
     },
+    "InvalidDataRepositoryType":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>You have filtered the response to a data repository type that is not supported.</p>",
+      "exception":true
+    },
     "InvalidDestinationKmsKey":{
       "type":"structure",
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The Key Management Service (KMS) key of the destination backup is invalid.</p>",
+      "documentation":"<p>The Key Management Service (KMS) key of the destination backup is not valid.</p>",
       "exception":true
     },
     "InvalidExportPath":{
@@ -2471,7 +3124,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The Region provided for <code>Source Region</code> is invalid or is in a different Amazon Web Services partition.</p>",
+      "documentation":"<p>The Region provided for <code>SourceRegion</code> is not valid or is in a different Amazon Web Services partition.</p>",
       "exception":true
     },
     "InvalidSourceKmsKey":{
@@ -2479,12 +3132,12 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The Key Management Service (KMS) key of the source backup is invalid.</p>",
+      "documentation":"<p>The Key Management Service (KMS) key of the source backup is not valid.</p>",
       "exception":true
     },
     "Iops":{
       "type":"long",
-      "max":80000,
+      "max":160000,
       "min":0
     },
     "IpAddress":{
@@ -2507,7 +3160,7 @@
     },
     "KmsKeyId":{
       "type":"string",
-      "documentation":"<p>The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for Lustre <code>PERSISTENT_1</code> file systems at rest. If not specified, the Amazon FSx managed key is used. The Amazon FSx for Lustre <code>SCRATCH_1</code> and <code>SCRATCH_2</code> file systems are always encrypted at rest using Amazon FSx managed keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html\">Encrypt</a> in the <i>Key Management Service API Reference</i>.</p>",
+      "documentation":"<p>The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for Lustre <code>PERSISTENT_1</code> and <code>PERSISTENT_2</code> file systems at rest. If this ID isn't specified, the key managed by Amazon FSx is used. The Amazon FSx for Lustre <code>SCRATCH_1</code> and <code>SCRATCH_2</code> file systems are always encrypted at rest using Amazon FSx-managed keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html\">Encrypt</a> in the <i>Key Management Service API Reference</i>.</p>",
       "max":2048,
       "min":1,
       "pattern":"^.{1,2048}$"
@@ -2520,6 +3173,11 @@
       },
       "documentation":"<p>Describes why a resource lifecycle state changed.</p>"
     },
+    "LimitedMaxResults":{
+      "type":"integer",
+      "max":25,
+      "min":1
+    },
     "ListTagsForResourceRequest":{
       "type":"structure",
       "required":["ResourceARN"],
@@ -2553,12 +3211,22 @@
       },
       "documentation":"<p>The response object for <code>ListTagsForResource</code> operation.</p>"
     },
+    "LustreAccessAuditLogLevel":{
+      "type":"string",
+      "enum":[
+        "DISABLED",
+        "WARN_ONLY",
+        "ERROR_ONLY",
+        "WARN_ERROR"
+      ]
+    },
     "LustreDeploymentType":{
       "type":"string",
       "enum":[
         "SCRATCH_1",
         "SCRATCH_2",
-        "PERSISTENT_1"
+        "PERSISTENT_1",
+        "PERSISTENT_2"
       ]
     },
     "LustreFileSystemConfiguration":{
@@ -2566,34 +3234,38 @@
       "members":{
         "WeeklyMaintenanceStartTime":{
           "shape":"WeeklyTime",
-          "documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
+          "documentation":"<p>The preferred start time to perform weekly maintenance, formatted d:HH:MM in the UTC time zone. Here, d is the weekday number, from 1 through 7, beginning with Monday and ending with Sunday.</p>"
         },
         "DataRepositoryConfiguration":{"shape":"DataRepositoryConfiguration"},
         "DeploymentType":{
           "shape":"LustreDeploymentType",
-          "documentation":"<p>The deployment type of the FSX for Lustre file system. <i>Scratch deployment type</i> is designed for temporary storage and shorter-term processing of data.</p> <p> <code>SCRATCH_1</code> and <code>SCRATCH_2</code> deployment types are best suited for when you need temporary storage and shorter-term processing of data. The <code>SCRATCH_2</code> deployment type provides in-transit encryption of data and higher burst throughput capacity than <code>SCRATCH_1</code>.</p> <p>The <code>PERSISTENT_1</code> deployment type is used for longer-term storage and workloads and encryption of data in transit. To learn more about deployment types, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/lustre-deployment-types.html\"> FSx for Lustre Deployment Options</a>. (Default = <code>SCRATCH_1</code>)</p>"
+          "documentation":"<p>The deployment type of the FSx for Lustre file system. <i>Scratch deployment type</i> is designed for temporary storage and shorter-term processing of data.</p> <p> <code>SCRATCH_1</code> and <code>SCRATCH_2</code> deployment types are best suited for when you need temporary storage and shorter-term processing of data. The <code>SCRATCH_2</code> deployment type provides in-transit encryption of data and higher burst throughput capacity than <code>SCRATCH_1</code>.</p> <p>The <code>PERSISTENT_1</code> and <code>PERSISTENT_2</code> deployment type is used for longer-term storage and workloads and encryption of data in transit. <code>PERSISTENT_2</code> is built on Lustre v2.12 and offers higher <code>PerUnitStorageThroughput</code> (up to 1000 MB/s/TiB) along with a lower minimum storage capacity requirement (600 GiB). To learn more about FSx for Lustre deployment types, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/lustre-deployment-types.html\"> FSx for Lustre deployment options</a>.</p> <p>The default is <code>SCRATCH_1</code>.</p>"
         },
         "PerUnitStorageThroughput":{
           "shape":"PerUnitStorageThroughput",
-          "documentation":"<p> Per unit storage throughput represents the megabytes per second of read or write throughput per 1 tebibyte of storage provisioned. File system throughput capacity is equal to Storage capacity (TiB) * PerUnitStorageThroughput (MB/s/TiB). This option is only valid for <code>PERSISTENT_1</code> deployment types. </p> <p>Valid values for SSD storage: 50, 100, 200. Valid values for HDD storage: 12, 40. </p>"
+          "documentation":"<p>Per unit storage throughput represents the megabytes per second of read or write throughput per 1 tebibyte of storage provisioned. File system throughput capacity is equal to Storage capacity (TiB) * PerUnitStorageThroughput (MB/s/TiB). This option is only valid for <code>PERSISTENT_1</code> and <code>PERSISTENT_2</code> deployment types. </p> <p>Valid values:</p> <ul> <li> <p>For <code>PERSISTENT_1</code> SSD storage: 50, 100, 200.</p> </li> <li> <p>For <code>PERSISTENT_1</code> HDD storage: 12, 40.</p> </li> <li> <p>For <code>PERSISTENT_2</code> SSD storage: 125, 250, 500, 1000.</p> </li> </ul>"
         },
         "MountName":{
           "shape":"LustreFileSystemMountName",
-          "documentation":"<p>You use the <code>MountName</code> value when mounting the file system.</p> <p>For the <code>SCRATCH_1</code> deployment type, this value is always \"<code>fsx</code>\". For <code>SCRATCH_2</code> and <code>PERSISTENT_1</code> deployment types, this value is a string that is unique within an Amazon Web Services Region. </p>"
+          "documentation":"<p>You use the <code>MountName</code> value when mounting the file system.</p> <p>For the <code>SCRATCH_1</code> deployment type, this value is always \"<code>fsx</code>\". For <code>SCRATCH_2</code>, <code>PERSISTENT_1</code>, and <code>PERSISTENT_2</code> deployment types, this value is a string that is unique within an Amazon Web Services Region. </p>"
         },
         "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
         "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
         "CopyTagsToBackups":{
           "shape":"Flag",
-          "documentation":"<p>A boolean flag indicating whether tags on the file system should be copied to backups. If it's set to true, all tags on the file system are copied to all automatic backups and any user-initiated backups where the user doesn't specify any tags. If this value is true, and you specify one or more tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value. (Default = false)</p>"
+          "documentation":"<p>A boolean flag indicating whether tags on the file system are copied to backups. If it's set to true, all tags on the file system are copied to all automatic backups and any user-initiated backups where the user doesn't specify any tags. If this value is true, and you specify one or more tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value. (Default = false)</p>"
         },
         "DriveCacheType":{
           "shape":"DriveCacheType",
-          "documentation":"<p>The type of drive cache used by PERSISTENT_1 file systems that are provisioned with HDD storage devices. This parameter is required when storage type is HDD. Set to <code>READ</code>, improve the performance for frequently accessed files and allows 20% of the total storage capacity of the file system to be cached. </p> <p>This parameter is required when <code>StorageType</code> is set to HDD.</p>"
+          "documentation":"<p>The type of drive cache used by <code>PERSISTENT_1</code> file systems that are provisioned with HDD storage devices. This parameter is required when <code>StorageType</code> is HDD. When set to <code>READ</code> the file system has an SSD storage cache that is sized to 20% of the file system's storage capacity. This improves the performance for frequently accessed files by caching up to 20% of the total storage capacity.</p> <p>This parameter is required when <code>StorageType</code> is set to HDD.</p>"
         },
         "DataCompressionType":{
           "shape":"DataCompressionType",
           "documentation":"<p>The data compression configuration for the file system. <code>DataCompressionType</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - Data compression is turned off for the file system.</p> </li> <li> <p> <code>LZ4</code> - Data compression is turned on with the LZ4 algorithm.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-compression.html\">Lustre data compression</a>.</p>"
+        },
+        "LogConfiguration":{
+          "shape":"LustreLogConfiguration",
+          "documentation":"<p>The Lustre logging configuration. Lustre logging writes the enabled log events for your file system to Amazon CloudWatch Logs.</p>"
         }
       },
       "documentation":"<p>The configuration for the Amazon FSx for Lustre file system.</p>"
@@ -2604,6 +3276,36 @@
       "min":1,
       "pattern":"^([A-Za-z0-9_-]{1,8})$"
     },
+    "LustreLogConfiguration":{
+      "type":"structure",
+      "required":["Level"],
+      "members":{
+        "Level":{
+          "shape":"LustreAccessAuditLogLevel",
+          "documentation":"<p>The data repository events that are logged by Amazon FSx.</p> <ul> <li> <p> <code>WARN_ONLY</code> - only warning events are logged.</p> </li> <li> <p> <code>ERROR_ONLY</code> - only error events are logged.</p> </li> <li> <p> <code>WARN_ERROR</code> - both warning events and error events are logged.</p> </li> <li> <p> <code>DISABLED</code> - logging of data repository events is turned off.</p> </li> </ul>"
+        },
+        "Destination":{
+          "shape":"GeneralARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) that specifies the destination of the logs. The destination can be any Amazon CloudWatch Logs log group ARN. The destination ARN must be in the same Amazon Web Services partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.</p>"
+        }
+      },
+      "documentation":"<p>The configuration for Lustre logging used to write the enabled logging events for your file system to Amazon CloudWatch Logs.</p> <p>When logging is enabled, Lustre logs error and warning events from data repository operations such as automatic export and data repository tasks. To learn more about Lustre logging, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/cw-event-logging.html\">Logging with Amazon CloudWatch Logs</a>. </p>"
+    },
+    "LustreLogCreateConfiguration":{
+      "type":"structure",
+      "required":["Level"],
+      "members":{
+        "Level":{
+          "shape":"LustreAccessAuditLogLevel",
+          "documentation":"<p>Sets which data repository events are logged by Amazon FSx.</p> <ul> <li> <p> <code>WARN_ONLY</code> - only warning events are logged.</p> </li> <li> <p> <code>ERROR_ONLY</code> - only error events are logged.</p> </li> <li> <p> <code>WARN_ERROR</code> - both warning events and error events are logged.</p> </li> <li> <p> <code>DISABLED</code> - logging of data repository events is turned off.</p> </li> </ul>"
+        },
+        "Destination":{
+          "shape":"GeneralARN",
+          "documentation":"<p>The Amazon Resource Name (ARN) that specifies the destination of the logs.</p> <p>The destination can be any Amazon CloudWatch Logs log group ARN, with the following requirements:</p> <ul> <li> <p>The destination ARN that you provide must be in the same Amazon Web Services partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.</p> </li> <li> <p>The name of the Amazon CloudWatch Logs log group must begin with the <code>/aws/fsx</code> prefix.</p> </li> <li> <p>If you do not provide a destination, Amazon FSx will create and use a log stream in the CloudWatch Logs <code>/aws/fsx/lustre</code> log group.</p> </li> <li> <p>If <code>Destination</code> is provided and the resource does not exist, the request will fail with a <code>BadRequest</code> error.</p> </li> <li> <p>If <code>Level</code> is set to <code>DISABLED</code>, you cannot specify a destination in <code>Destination</code>.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The Lustre logging configuration used when creating or updating an Amazon FSx for Lustre file system. Lustre logging writes the enabled logging events for your file system to Amazon CloudWatch Logs.</p> <p>Error and warning events can be logged from the following data repository operations:</p> <ul> <li> <p>Automatic export</p> </li> <li> <p>Data repository tasks</p> </li> </ul> <p>To learn more about Lustre logging, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/cw-event-logging.html\">Logging to Amazon CloudWatch Logs</a>.</p>"
+    },
     "MaxResults":{
       "type":"integer",
       "documentation":"<p>The maximum number of resources to return in the response. This value must be an integer greater than zero.</p>",
@@ -2617,8 +3319,8 @@
     },
     "MegabytesPerSecond":{
       "type":"integer",
-      "documentation":"<p>Sustained throughput of an Amazon FSx file system in MBps.</p>",
-      "max":2048,
+      "documentation":"<p>The sustained throughput of an Amazon FSx file system in MBps.</p>",
+      "max":4096,
       "min":8
     },
     "MissingFileSystemConfiguration":{
@@ -2637,6 +3339,12 @@
       "documentation":"<p>A volume configuration is required for this operation.</p>",
       "exception":true
     },
+    "Namespace":{
+      "type":"string",
+      "max":4096,
+      "min":1,
+      "pattern":"^[^\\u0000\\u0085\\u2028\\u2029\\r\\n]{3,4096}$"
+    },
     "NetBiosAlias":{
       "type":"string",
       "max":15,
@@ -2726,7 +3434,7 @@
         },
         "JunctionPath":{
           "shape":"JunctionPath",
-          "documentation":"<p>Specifies the directory that NAS clients use to mount the volume, along with the SVM DNS name or IP address. You can create a <code>JunctionPath</code> directly below a parent volume junction or on a directory within a volume. A <code>JunctionPath</code> for a volume named vol3 might be /vol1/vol2/vol3, or /vol1/dir2/vol3, or even /dir1/dir2/vol3..</p>"
+          "documentation":"<p>Specifies the directory that network-attached storage (NAS) clients use to mount the volume, along with the storage virtual machine (SVM) Domain Name System (DNS) name or IP address. You can create a <code>JunctionPath</code> directly below a parent volume junction or on a directory within a volume. A <code>JunctionPath</code> for a volume named <code>vol3</code> might be <code>/vol1/vol2/vol3</code>, or <code>/vol1/dir2/vol3</code>, or even <code>/dir1/dir2/vol3</code>.</p>"
         },
         "SecurityStyle":{
           "shape":"SecurityStyle",
@@ -2746,7 +3454,7 @@
         },
         "StorageVirtualMachineRoot":{
           "shape":"Flag",
-          "documentation":"<p>A boolean flag indicating whether this volume is the root volume for its storage virtual machine (SVM). Only one volume on an SVM can be the root volume. This value defaults to false. If this value is true, then this is the SVM root volume.</p> <p>This flag is useful when you're deleting an SVM, because you must first delete all non-root volumes. This flag, when set to false, helps you identify which volumes to delete before you can delete the SVM.</p>"
+          "documentation":"<p>A Boolean flag indicating whether this volume is the root volume for its storage virtual machine (SVM). Only one volume on an SVM can be the root volume. This value defaults to <code>false</code>. If this value is <code>true</code>, then this is the SVM root volume.</p> <p>This flag is useful when you're deleting an SVM, because you must first delete all non-root volumes. This flag, when set to <code>false</code>, helps you identify which volumes to delete before you can delete the SVM.</p>"
         },
         "TieringPolicy":{
           "shape":"TieringPolicy",
@@ -2754,14 +3462,14 @@
         },
         "UUID":{
           "shape":"UUID",
-          "documentation":"<p>The volume's UUID (universally unique identifier).</p>"
+          "documentation":"<p>The volume's universally unique identifier (UUID).</p>"
         },
         "OntapVolumeType":{
           "shape":"OntapVolumeType",
-          "documentation":"<p>Specifies the type of volume. Valid values are the following:</p> <ul> <li> <p> <code>RW</code> specifies a read-write volume. <code>RW</code> is the default.</p> </li> <li> <p> <code>DP</code> specifies a data protection volume. You can protect data by replicating it to data protection mirror copies and use data protection mirror copies to recover data when a disaster occurs.</p> </li> <li> <p> <code>LS</code> specifies a load-sharing mirror volume. A load-sharing mirror reduces the network traffic to a FlexVol volume by providing additional read-only access to clients.</p> </li> </ul>"
+          "documentation":"<p>Specifies the type of volume. Valid values are the following:</p> <ul> <li> <p> <code>RW</code> specifies a read/write volume. <code>RW</code> is the default.</p> </li> <li> <p> <code>DP</code> specifies a data-protection volume. You can protect data by replicating it to data-protection mirror copies. If a disaster occurs, you can use these data-protection mirror copies to recover data.</p> </li> <li> <p> <code>LS</code> specifies a load-sharing mirror volume. A load-sharing mirror reduces the network traffic to a FlexVol volume by providing additional read-only access to clients.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>The configuration of an Amazon FSx for NetApp ONTAP volume</p>"
+      "documentation":"<p>The configuration of an Amazon FSx for NetApp ONTAP volume.</p>"
     },
     "OntapVolumeType":{
       "type":"string",
@@ -2771,6 +3479,229 @@
         "LS"
       ]
     },
+    "OpenZFSClientConfiguration":{
+      "type":"structure",
+      "required":[
+        "Clients",
+        "Options"
+      ],
+      "members":{
+        "Clients":{
+          "shape":"OpenZFSClients",
+          "documentation":"<p>A value that specifies who can mount the file system. You can provide a wildcard character (<code>*</code>), an IP address (<code>0.0.0.0</code>), or a CIDR address (<code>192.0.2.0/24</code>. By default, Amazon FSx uses the wildcard character when specifying the client. </p>"
+        },
+        "Options":{
+          "shape":"OpenZFSNfsExportOptions",
+          "documentation":"<p>The options to use when mounting the file system. For a list of options that you can use with Network File System (NFS), see the <a href=\"https://linux.die.net/man/5/exports\">exports(5) - Linux man page</a>. When choosing your options, consider the following:</p> <ul> <li> <p> <code>crossmount</code> is used by default. If you don't specify <code>crossmount</code> when changing the client configuration, you won't be able to see or access snapshots in your file system's snapshot directory.</p> </li> <li> <p> <code>sync</code> is used by default. If you instead specify <code>async</code>, the system acknowledges writes before writing to disk. If the system crashes before the writes are finished, you lose the unwritten data. </p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>Specifies who can mount the file system and the options that can be used while mounting the file system.</p>"
+    },
+    "OpenZFSClientConfigurations":{
+      "type":"list",
+      "member":{"shape":"OpenZFSClientConfiguration"},
+      "max":25
+    },
+    "OpenZFSClients":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[ -~]{1,128}$"
+    },
+    "OpenZFSCopyStrategy":{
+      "type":"string",
+      "enum":[
+        "CLONE",
+        "FULL_COPY"
+      ]
+    },
+    "OpenZFSCreateRootVolumeConfiguration":{
+      "type":"structure",
+      "members":{
+        "DataCompressionType":{
+          "shape":"OpenZFSDataCompressionType",
+          "documentation":"<p>Specifies the method used to compress the data on the volume. Unless the compression type is specified, volumes inherit the <code>DataCompressionType</code> value of their parent volume.</p> <ul> <li> <p> <code>NONE</code> - Doesn't compress the data on the volume.</p> </li> <li> <p> <code>ZSTD</code> - Compresses the data in the volume using the ZStandard (ZSTD) compression algorithm. This algorithm reduces the amount of space used on your volume and has very little impact on compute resources.</p> </li> </ul>"
+        },
+        "NfsExports":{
+          "shape":"OpenZFSNfsExports",
+          "documentation":"<p>The configuration object for mounting a file system.</p>"
+        },
+        "UserAndGroupQuotas":{
+          "shape":"OpenZFSUserAndGroupQuotas",
+          "documentation":"<p>An object specifying how much storage users or groups can use on the volume.</p>"
+        },
+        "CopyTagsToSnapshots":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "ReadOnly":{
+          "shape":"ReadOnly",
+          "documentation":"<p>A Boolean value indicating whether the volume is read-only. Setting this value to <code>true</code> can be useful after you have completed changes to a volume and no longer want changes to occur. </p>"
+        }
+      },
+      "documentation":"<p>The configuration of an Amazon FSx for OpenZFS root volume.</p>"
+    },
+    "OpenZFSDataCompressionType":{
+      "type":"string",
+      "enum":[
+        "NONE",
+        "ZSTD"
+      ]
+    },
+    "OpenZFSDeploymentType":{
+      "type":"string",
+      "enum":["SINGLE_AZ_1"]
+    },
+    "OpenZFSFileSystemConfiguration":{
+      "type":"structure",
+      "members":{
+        "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
+        "CopyTagsToBackups":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags on the file system should be copied to backups. If it's set to <code>true</code>, all tags on the file system are copied to all automatic backups and any user-initiated backups where the user doesn't specify any tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value. </p>"
+        },
+        "CopyTagsToVolumes":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
+        "DeploymentType":{
+          "shape":"OpenZFSDeploymentType",
+          "documentation":"<p>Specifies the file-system deployment type. Amazon FSx for OpenZFS supports <code>SINGLE_AZ_1</code>. <code>SINGLE_AZ_1</code> is a file system configured for a single Availability Zone (AZ) of redundancy. </p>"
+        },
+        "ThroughputCapacity":{
+          "shape":"MegabytesPerSecond",
+          "documentation":"<p>The throughput of an Amazon FSx file system, measured in megabytes per second (MBps), in 2 to the nth increments, between 2^3 (8) and 2^11 (2048). </p>"
+        },
+        "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"},
+        "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"},
+        "RootVolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the root volume of the OpenZFS file system. </p>"
+        }
+      },
+      "documentation":"<p>The configuration for the Amazon FSx for OpenZFS file system. </p>"
+    },
+    "OpenZFSNfsExport":{
+      "type":"structure",
+      "required":["ClientConfigurations"],
+      "members":{
+        "ClientConfigurations":{
+          "shape":"OpenZFSClientConfigurations",
+          "documentation":"<p>A list of configuration objects that contain the client and options for mounting the OpenZFS file system. </p>"
+        }
+      },
+      "documentation":"<p>The Network File System NFS) configurations for mounting an Amazon FSx for OpenZFS file system. </p>"
+    },
+    "OpenZFSNfsExportOption":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[ -~]{1,128}$"
+    },
+    "OpenZFSNfsExportOptions":{
+      "type":"list",
+      "member":{"shape":"OpenZFSNfsExportOption"},
+      "max":20,
+      "min":1
+    },
+    "OpenZFSNfsExports":{
+      "type":"list",
+      "member":{"shape":"OpenZFSNfsExport"},
+      "max":1
+    },
+    "OpenZFSOriginSnapshotConfiguration":{
+      "type":"structure",
+      "members":{
+        "SnapshotARN":{"shape":"ResourceARN"},
+        "CopyStrategy":{
+          "shape":"OpenZFSCopyStrategy",
+          "documentation":"<p>The strategy used when copying data from the snapshot to the new volume. </p> <ul> <li> <p> <code>CLONE</code> - The new volume references the data in the origin snapshot. Cloning a snapshot is faster than copying the data from a snapshot to a new volume and doesn't consume disk throughput. However, the origin snapshot can't be deleted if there is a volume using its copied data. </p> </li> <li> <p> <code>FULL_COPY</code> - Copies all data from the snapshot to the new volume. </p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The snapshot configuration to use when creating an OpenZFS volume from a snapshot.</p>"
+    },
+    "OpenZFSQuotaType":{
+      "type":"string",
+      "enum":[
+        "USER",
+        "GROUP"
+      ]
+    },
+    "OpenZFSUserAndGroupQuotas":{
+      "type":"list",
+      "member":{"shape":"OpenZFSUserOrGroupQuota"},
+      "max":100
+    },
+    "OpenZFSUserOrGroupQuota":{
+      "type":"structure",
+      "required":[
+        "Type",
+        "Id",
+        "StorageCapacityQuotaGiB"
+      ],
+      "members":{
+        "Type":{
+          "shape":"OpenZFSQuotaType",
+          "documentation":"<p>A value that specifies whether the quota applies to a user or group.</p>"
+        },
+        "Id":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The ID of the user or group.</p>"
+        },
+        "StorageCapacityQuotaGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The amount of storage that the user or group can use in gibibytes (GiB).</p>"
+        }
+      },
+      "documentation":"<p>The configuration for how much storage a user or group can use on the volume. </p>"
+    },
+    "OpenZFSVolumeConfiguration":{
+      "type":"structure",
+      "members":{
+        "ParentVolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the parent volume.</p>"
+        },
+        "VolumePath":{
+          "shape":"VolumePath",
+          "documentation":"<p>The path to the volume from the root volume. For example, <code>fsx/parentVolume/volume1</code>.</p>"
+        },
+        "StorageCapacityReservationGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to reserve from the parent volume. You can't reserve more storage than the parent volume has reserved.</p>"
+        },
+        "StorageCapacityQuotaGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The maximum amount of storage in gibibtyes (GiB) that the volume can use from its parent. You can specify a quota larger than the storage on the parent volume.</p>"
+        },
+        "DataCompressionType":{
+          "shape":"OpenZFSDataCompressionType",
+          "documentation":"<p>The method used to compress the data on the volume. Unless a compression type is specified, volumes inherit the <code>DataCompressionType</code> value of their parent volume.</p> <ul> <li> <p> <code>NONE</code> - Doesn't compress the data on the volume.</p> </li> <li> <p> <code>ZSTD</code> - Compresses the data in the volume using the Zstandard (ZSTD) compression algorithm. This algorithm reduces the amount of space used on your volume and has very little impact on compute resources.</p> </li> </ul>"
+        },
+        "CopyTagsToSnapshots":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "OriginSnapshot":{
+          "shape":"OpenZFSOriginSnapshotConfiguration",
+          "documentation":"<p>The configuration object that specifies the snapshot to use as the origin of the data for the volume.</p>"
+        },
+        "ReadOnly":{
+          "shape":"ReadOnly",
+          "documentation":"<p>A Boolean value indicating whether the volume is read-only.</p>"
+        },
+        "NfsExports":{
+          "shape":"OpenZFSNfsExports",
+          "documentation":"<p>The configuration object for mounting a Network File System (NFS) file system.</p>"
+        },
+        "UserAndGroupQuotas":{
+          "shape":"OpenZFSUserAndGroupQuotas",
+          "documentation":"<p>An object specifying how much storage users or groups can use on the volume. </p>"
+        }
+      },
+      "documentation":"<p>The configuration of an Amazon FSx for OpenZFS volume.</p>"
+    },
     "OrganizationalUnitDistinguishedName":{
       "type":"string",
       "max":2000,
@@ -2784,7 +3715,7 @@
     },
     "PerUnitStorageThroughput":{
       "type":"integer",
-      "max":200,
+      "max":1000,
       "min":12
     },
     "ProgressPercent":{
@@ -2793,12 +3724,30 @@
       "max":100,
       "min":0
     },
+    "ReadOnly":{"type":"boolean"},
     "Region":{
       "type":"string",
       "max":20,
       "min":1,
       "pattern":"^[a-z0-9-]{1,20}$"
     },
+    "ReleaseFileSystemNfsV3LocksRequest":{
+      "type":"structure",
+      "required":["FileSystemId"],
+      "members":{
+        "FileSystemId":{"shape":"FileSystemId"},
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "ReleaseFileSystemNfsV3LocksResponse":{
+      "type":"structure",
+      "members":{
+        "FileSystem":{"shape":"FileSystem"}
+      }
+    },
     "ReportFormat":{
       "type":"string",
       "enum":["REPORT_CSV_20191124"]
@@ -2848,6 +3797,56 @@
         "VOLUME"
       ]
     },
+    "RestoreOpenZFSVolumeOption":{
+      "type":"string",
+      "enum":[
+        "DELETE_INTERMEDIATE_SNAPSHOTS",
+        "DELETE_CLONED_VOLUMES"
+      ]
+    },
+    "RestoreOpenZFSVolumeOptions":{
+      "type":"list",
+      "member":{"shape":"RestoreOpenZFSVolumeOption"},
+      "max":2
+    },
+    "RestoreVolumeFromSnapshotRequest":{
+      "type":"structure",
+      "required":[
+        "VolumeId",
+        "SnapshotId"
+      ],
+      "members":{
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "VolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume that you are restoring.</p>"
+        },
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the source snapshot. Specifies the snapshot that you are restoring from.</p>"
+        },
+        "Options":{
+          "shape":"RestoreOpenZFSVolumeOptions",
+          "documentation":"<p>The settings used when restoring the specified volume from snapshot. </p> <ul> <li> <p> <code>DELETE_INTERMEDIATE_SNAPSHOTS</code> - Deletes snapshots between the current state and the specified snapshot. If there are intermediate snapshots and this option isn't used, <code>RestoreVolumeFromSnapshot</code> fails.</p> </li> <li> <p> <code>DELETE_CLONED_VOLUMES</code> - Deletes any volumes cloned from this volume. If there are any cloned volumes and this option isn't used, <code>RestoreVolumeFromSnapshot</code> fails.</p> </li> </ul>"
+        }
+      }
+    },
+    "RestoreVolumeFromSnapshotResponse":{
+      "type":"structure",
+      "members":{
+        "VolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume that you restored.</p>"
+        },
+        "Lifecycle":{
+          "shape":"VolumeLifecycle",
+          "documentation":"<p>The lifecycle state of the volume being restored.</p>"
+        }
+      }
+    },
     "RouteTableId":{
       "type":"string",
       "max":21,
@@ -2859,9 +3858,23 @@
       "member":{"shape":"RouteTableId"},
       "max":50
     },
+    "S3DataRepositoryConfiguration":{
+      "type":"structure",
+      "members":{
+        "AutoImportPolicy":{
+          "shape":"AutoImportPolicy",
+          "documentation":"<p>Specifies the type of updated objects (new, changed, deleted) that will be automatically imported from the linked S3 bucket to your file system.</p>"
+        },
+        "AutoExportPolicy":{
+          "shape":"AutoExportPolicy",
+          "documentation":"<p>Specifies the type of updated objects (new, changed, deleted) that will be automatically exported from your file system to the linked S3 bucket.</p>"
+        }
+      },
+      "documentation":"<p>The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration consists of an <code>AutoImportPolicy</code> that defines file events on the data repository are automatically imported to the file system and an <code>AutoExportPolicy</code> that defines which file events on the file system are automatically exported to the data repository. File events are when files or directories are added, changed, or deleted on the file system or the data repository.</p>"
+    },
     "SecurityGroupId":{
       "type":"string",
-      "documentation":"<p>The ID of your Amazon EC2 security group. This ID is used to control network access to the endpoint that Amazon FSx creates on your behalf in each subnet. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html\">Amazon EC2 Security Groups for Linux Instances</a> in the <i>Amazon EC2 User Guide</i>.</p>",
+      "documentation":"<p>The ID of your Amazon EC2 security group. This ID is used to control network access to the endpoint that Amazon FSx creates on your behalf in each subnet. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html\">Amazon EC2 Security groups for Linux instances</a> in the <i>Amazon EC2 User Guide</i>.</p>",
       "max":20,
       "min":11,
       "pattern":"^(sg-[0-9a-f]{8,})$"
@@ -2988,6 +4001,111 @@
       "documentation":"<p>An error indicating that a particular service limit was exceeded. You can increase some service limits by contacting Amazon Web Services Support.</p>",
       "exception":true
     },
+    "Snapshot":{
+      "type":"structure",
+      "members":{
+        "ResourceARN":{"shape":"ResourceARN"},
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot.</p>"
+        },
+        "Name":{
+          "shape":"SnapshotName",
+          "documentation":"<p>The name of the snapshot.</p>"
+        },
+        "VolumeId":{
+          "shape":"VolumeId",
+          "documentation":"<p>The ID of the volume that the snapshot is of.</p>"
+        },
+        "CreationTime":{"shape":"CreationTime"},
+        "Lifecycle":{
+          "shape":"SnapshotLifecycle",
+          "documentation":"<p>The lifecycle status of the snapshot.</p> <ul> <li> <p> <code>PENDING</code> - Amazon FSx hasn't started creating the snapshot.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the snapshot.</p> </li> <li> <p> <code>DELETING</code> - Amazon FSx is deleting the snapshot.</p> </li> <li> <p> <code>AVAILABLE</code> - The snapshot is fully available.</p> </li> </ul>"
+        },
+        "Tags":{"shape":"Tags"},
+        "AdministrativeActions":{
+          "shape":"AdministrativeActions",
+          "documentation":"<p>A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Amazon FSx system.</p>"
+        }
+      },
+      "documentation":"<p>A snapshot of an Amazon FSx for OpenZFS volume.</p>"
+    },
+    "SnapshotFilter":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"SnapshotFilterName",
+          "documentation":"<p>The name of the filter to use. You can filter by the <code>file-system-id</code> or by <code>volume-id</code>.</p>"
+        },
+        "Values":{
+          "shape":"SnapshotFilterValues",
+          "documentation":"<p>The <code>file-system-id</code> or <code>volume-id</code> that you are filtering for.</p>"
+        }
+      },
+      "documentation":"<p>A filter used to restrict the results of <code>DescribeSnapshots</code> calls. You can use multiple filters to return results that meet all applied filter requirements.</p>"
+    },
+    "SnapshotFilterName":{
+      "type":"string",
+      "enum":[
+        "file-system-id",
+        "volume-id"
+      ]
+    },
+    "SnapshotFilterValue":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[0-9a-zA-Z\\*\\.\\\\/\\?\\-\\_]*$"
+    },
+    "SnapshotFilterValues":{
+      "type":"list",
+      "member":{"shape":"SnapshotFilterValue"},
+      "max":20
+    },
+    "SnapshotFilters":{
+      "type":"list",
+      "member":{"shape":"SnapshotFilter"},
+      "max":2
+    },
+    "SnapshotId":{
+      "type":"string",
+      "max":28,
+      "min":11,
+      "pattern":"^((fs)?volsnap-[0-9a-f]{8,})$"
+    },
+    "SnapshotIds":{
+      "type":"list",
+      "member":{"shape":"SnapshotId"},
+      "max":50
+    },
+    "SnapshotLifecycle":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "CREATING",
+        "DELETING",
+        "AVAILABLE"
+      ]
+    },
+    "SnapshotName":{
+      "type":"string",
+      "max":203,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9_:.-]{1,203}$"
+    },
+    "SnapshotNotFound":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>No Amazon FSx snapshots were found based on the supplied parameters.</p>",
+      "exception":true
+    },
+    "Snapshots":{
+      "type":"list",
+      "member":{"shape":"Snapshot"},
+      "max":50
+    },
     "SourceBackupId":{
       "type":"string",
       "max":128,
@@ -3000,7 +4118,7 @@
         "Message":{"shape":"ErrorMessage"},
         "BackupId":{"shape":"BackupId"}
       },
-      "documentation":"<p>The request was rejected because the lifecycle status of the source backup is not <code>AVAILABLE</code>.</p>",
+      "documentation":"<p>The request was rejected because the lifecycle status of the source backup isn't <code>AVAILABLE</code>.</p>",
       "exception":true
     },
     "StartTime":{"type":"timestamp"},
@@ -3168,7 +4286,7 @@
     },
     "SubnetId":{
       "type":"string",
-      "documentation":"<p>The ID for a subnet. A <i>subnet</i> is a range of IP addresses in your virtual private cloud (VPC). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html\">VPC and Subnets</a> in the <i>Amazon VPC User Guide.</i> </p>",
+      "documentation":"<p>The ID for a subnet. A <i>subnet</i> is a range of IP addresses in your virtual private cloud (VPC). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html\">VPC and subnets</a> in the <i>Amazon VPC User Guide.</i> </p>",
       "max":24,
       "min":15,
       "pattern":"^(subnet-[0-9a-f]{8,})$"
@@ -3317,7 +4435,7 @@
           "documentation":"<p>Specifies the tiering policy used to transition data. Default value is <code>SNAPSHOT_ONLY</code>.</p> <ul> <li> <p> <code>SNAPSHOT_ONLY</code> - moves cold snapshots to the capacity pool storage tier.</p> </li> <li> <p> <code>AUTO</code> - moves cold user data and snapshots to the capacity pool storage tier based on your access patterns.</p> </li> <li> <p> <code>ALL</code> - moves all user data blocks in both the active file system and Snapshot copies to the storage pool tier.</p> </li> <li> <p> <code>NONE</code> - keeps a volume's data in the primary storage tier, preventing it from being moved to the capacity pool tier.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes the data tiering policy for an ONTAP volume. When enabled, Amazon FSx for ONTAP's intelligent tiering automatically transitions a volume's data between the file system's primary storage and capacity pool storage based on your access patterns.</p>"
+      "documentation":"<p>Describes the data tiering policy for an ONTAP volume. When enabled, Amazon FSx for ONTAP's intelligent tiering automatically transitions a volume's data between the file system's primary storage and capacity pool storage based on your access patterns.</p> <p>Valid tiering policies are the following:</p> <ul> <li> <p> <code>SNAPSHOT_ONLY</code> - (Default value) moves cold snapshots to the capacity pool storage tier.</p> </li> </ul> <ul> <li> <p> <code>AUTO</code> - moves cold user data and snapshots to the capacity pool storage tier based on your access patterns.</p> </li> </ul> <ul> <li> <p> <code>ALL</code> - moves all user data blocks in both the active file system and Snapshot copies to the storage pool tier.</p> </li> </ul> <ul> <li> <p> <code>NONE</code> - keeps a volume's data in the primary storage tier, preventing it from being moved to the capacity pool tier.</p> </li> </ul>"
     },
     "TieringPolicyName":{
       "type":"string",
@@ -3366,6 +4484,37 @@
       },
       "documentation":"<p>The response object for <code>UntagResource</code> action.</p>"
     },
+    "UpdateDataRepositoryAssociationRequest":{
+      "type":"structure",
+      "required":["AssociationId"],
+      "members":{
+        "AssociationId":{
+          "shape":"DataRepositoryAssociationId",
+          "documentation":"<p>The ID of the data repository association that you are updating.</p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "ImportedFileChunkSize":{
+          "shape":"Megabytes",
+          "documentation":"<p>For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. The maximum number of disks that a single file can be striped across is limited by the total number of disks that make up the file system.</p> <p>The default chunk size is 1,024 MiB (1 GiB) and can go as high as 512,000 MiB (500 GiB). Amazon S3 objects have a maximum size of 5 TB.</p>"
+        },
+        "S3":{
+          "shape":"S3DataRepositoryConfiguration",
+          "documentation":"<p>The configuration for an Amazon S3 data repository linked to an Amazon FSx Lustre file system with a data repository association. The configuration defines which file events (new, changed, or deleted files or directories) are automatically imported from the linked data repository to the file system or automatically exported from the file system to the data repository.</p>"
+        }
+      }
+    },
+    "UpdateDataRepositoryAssociationResponse":{
+      "type":"structure",
+      "members":{
+        "Association":{
+          "shape":"DataRepositoryAssociation",
+          "documentation":"<p>The response object returned after the data repository association is updated.</p>"
+        }
+      }
+    },
     "UpdateFileSystemLustreConfiguration":{
       "type":"structure",
       "members":{
@@ -3377,11 +4526,15 @@
         "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
         "AutoImportPolicy":{
           "shape":"AutoImportPolicyType",
-          "documentation":"<p> (Optional) When you create your file system, your existing S3 objects appear as file and directory listings. Use this property to choose how Amazon FSx keeps your file and directory listing up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update the file and directory listing for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option. </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html\">Automatically import updates from your S3 bucket</a>.</p>"
+          "documentation":"<p> (Optional) When you create your file system, your existing S3 objects appear as file and directory listings. Use this property to choose how Amazon FSx keeps your file and directory listing up to date as you add or modify objects in your linked S3 bucket. <code>AutoImportPolicy</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - (Default) AutoImport is off. Amazon FSx only updates file and directory listings from the linked S3 bucket when the file system is created. FSx does not update the file and directory listing for any new or changed objects after choosing this option.</p> </li> <li> <p> <code>NEW</code> - AutoImport is on. Amazon FSx automatically imports directory listings of any new objects added to the linked S3 bucket that do not currently exist in the FSx file system. </p> </li> <li> <p> <code>NEW_CHANGED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket and any existing objects that are changed in the S3 bucket after you choose this option.</p> </li> <li> <p> <code>NEW_CHANGED_DELETED</code> - AutoImport is on. Amazon FSx automatically imports file and directory listings of any new objects added to the S3 bucket, any existing objects that are changed in the S3 bucket, and any objects that were deleted in the S3 bucket.</p> </li> </ul> <p>The <code>AutoImportPolicy</code> parameter is not supported for Lustre file systems with the <code>Persistent_2</code> deployment type. Instead, use to update a data repository association on your <code>Persistent_2</code> file system.</p>"
         },
         "DataCompressionType":{
           "shape":"DataCompressionType",
           "documentation":"<p>Sets the data compression configuration for the file system. <code>DataCompressionType</code> can have the following values:</p> <ul> <li> <p> <code>NONE</code> - Data compression is turned off for the file system.</p> </li> <li> <p> <code>LZ4</code> - Data compression is turned on with the LZ4 algorithm.</p> </li> </ul> <p>If you don't use <code>DataCompressionType</code>, the file system retains its current data compression configuration.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/data-compression.html\">Lustre data compression</a>.</p>"
+        },
+        "LogConfiguration":{
+          "shape":"LustreLogCreateConfiguration",
+          "documentation":"<p>The Lustre logging configuration used when updating an Amazon FSx for Lustre file system. When logging is enabled, Lustre logs error and warning events for data repositories associated with your file system to Amazon CloudWatch Logs.</p>"
         }
       },
       "documentation":"<p>The configuration object for Amazon FSx for Lustre file systems used in the <code>UpdateFileSystem</code> operation.</p>"
@@ -3395,17 +4548,43 @@
           "shape":"AdminPassword",
           "documentation":"<p>The ONTAP administrative password for the <code>fsxadmin</code> user.</p>"
         },
-        "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}
+        "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"},
+        "DiskIopsConfiguration":{
+          "shape":"DiskIopsConfiguration",
+          "documentation":"<p>The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for NetApp ONTAP file system. The default is 3 IOPS per GB of storage capacity, but you can provision additional IOPS per GB of storage. The configuration consists of an IOPS mode (<code>AUTOMATIC</code> or <code>USER_PROVISIONED</code>), and in the case of <code>USER_PROVISIONED</code> IOPS, the total number of SSD IOPS provisioned.</p>"
+        }
       },
       "documentation":"<p>The configuration updates for an Amazon FSx for NetApp ONTAP file system.</p>"
     },
+    "UpdateFileSystemOpenZFSConfiguration":{
+      "type":"structure",
+      "members":{
+        "AutomaticBackupRetentionDays":{"shape":"AutomaticBackupRetentionDays"},
+        "CopyTagsToBackups":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the file system should be copied to backups. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the file system are copied to all automatic and user-initiated backups where the user doesn't specify tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to backups. If you specify one or more tags when creating a user-initiated backup, no tags are copied from the file system, regardless of this value. </p>"
+        },
+        "CopyTagsToVolumes":{
+          "shape":"Flag",
+          "documentation":"<p>A Boolean value indicating whether tags for the volume should be copied to snapshots. This value defaults to <code>false</code>. If it's set to <code>true</code>, all tags for the volume are copied to snapshots where the user doesn't specify tags. If this value is <code>true</code> and you specify one or more tags, only the specified tags are copied to snapshots. If you specify one or more tags when creating the snapshot, no tags are copied from the volume, regardless of this value. </p>"
+        },
+        "DailyAutomaticBackupStartTime":{"shape":"DailyTime"},
+        "ThroughputCapacity":{
+          "shape":"MegabytesPerSecond",
+          "documentation":"<p>The throughput of an Amazon FSx file system, measured in megabytes per second (MBps), in 2 to the nth increments, between 2^3 (8) and 2^12 (4096). </p>"
+        },
+        "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"},
+        "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}
+      },
+      "documentation":"<p>The configuration updates for an Amazon FSx for OpenZFS file system.</p>"
+    },
     "UpdateFileSystemRequest":{
       "type":"structure",
       "required":["FileSystemId"],
       "members":{
         "FileSystemId":{
           "shape":"FileSystemId",
-          "documentation":"<p>Identifies the file system that you are updating.</p>"
+          "documentation":"<p>The ID of the file system that you are updating.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestToken",
@@ -3414,14 +4593,18 @@
         },
         "StorageCapacity":{
           "shape":"StorageCapacity",
-          "documentation":"<p>Use this parameter to increase the storage capacity of an Amazon FSx for Windows File Server or Amazon FSx for Lustre file system. Specifies the storage capacity target value, GiB, to increase the storage capacity for the file system that you're updating. You cannot make a storage capacity increase request if there is an existing storage capacity increase request in progress.</p> <p>For Windows file systems, the storage capacity target value must be at least 10 percent (%) greater than the current storage capacity value. In order to increase storage capacity, the file system must have at least 16 MB/s of throughput capacity.</p> <p>For Lustre file systems, the storage capacity target value can be the following:</p> <ul> <li> <p>For <code>SCRATCH_2</code> and <code>PERSISTENT_1 SSD</code> deployment types, valid values are in multiples of 2400 GiB. The value must be greater than the current storage capacity.</p> </li> <li> <p>For <code>PERSISTENT HDD</code> file systems, valid values are multiples of 6000 GiB for 12 MB/s/TiB file systems and multiples of 1800 GiB for 40 MB/s/TiB file systems. The values must be greater than the current storage capacity.</p> </li> <li> <p>For <code>SCRATCH_1</code> file systems, you cannot increase the storage capacity.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing storage capacity</a> in the <i>Amazon FSx for Windows File Server User Guide</i> and <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/managing-storage-capacity.html\">Managing storage and throughput capacity</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p>"
+          "documentation":"<p>Use this parameter to increase the storage capacity of an Amazon FSx for Windows File Server, Amazon FSx for Lustre, or Amazon FSx for NetApp ONTAP file system. Specifies the storage capacity target value, in GiB, to increase the storage capacity for the file system that you're updating. </p> <note> <p>You can't make a storage capacity increase request if there is an existing storage capacity increase request in progress.</p> </note> <p>For Windows file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. To increase storage capacity, the file system must have at least 16 MBps of throughput capacity. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-storage-capacity.html\">Managing storage capacity</a> in the <i>Amazon FSx for Windows File Server User Guide</i>.</p> <p>For Lustre file systems, the storage capacity target value can be the following:</p> <ul> <li> <p>For <code>SCRATCH_2</code>, <code>PERSISTENT_1</code>, and <code>PERSISTENT_2 SSD</code> deployment types, valid values are in multiples of 2400 GiB. The value must be greater than the current storage capacity.</p> </li> <li> <p>For <code>PERSISTENT HDD</code> file systems, valid values are multiples of 6000 GiB for 12-MBps throughput per TiB file systems and multiples of 1800 GiB for 40-MBps throughput per TiB file systems. The values must be greater than the current storage capacity.</p> </li> <li> <p>For <code>SCRATCH_1</code> file systems, you can't increase the storage capacity.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/LustreGuide/managing-storage-capacity.html\">Managing storage and throughput capacity</a> in the <i>Amazon FSx for Lustre User Guide</i>.</p> <p>For ONTAP file systems, the storage capacity target value must be at least 10 percent greater than the current storage capacity value. For more information, see <a href=\"https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/managing-storage-capacity.html\">Managing storage capacity and provisioned IOPS</a> in the <i>Amazon FSx for NetApp ONTAP User Guide</i>.</p>"
         },
         "WindowsConfiguration":{
           "shape":"UpdateFileSystemWindowsConfiguration",
           "documentation":"<p>The configuration updates for an Amazon FSx for Windows File Server file system.</p>"
         },
         "LustreConfiguration":{"shape":"UpdateFileSystemLustreConfiguration"},
-        "OntapConfiguration":{"shape":"UpdateFileSystemOntapConfiguration"}
+        "OntapConfiguration":{"shape":"UpdateFileSystemOntapConfiguration"},
+        "OpenZFSConfiguration":{
+          "shape":"UpdateFileSystemOpenZFSConfiguration",
+          "documentation":"<p>The configuration updates for an Amazon FSx for OpenZFS file system.</p>"
+        }
       },
       "documentation":"<p>The request object for the <code>UpdateFileSystem</code> operation.</p>"
     },
@@ -3491,6 +4674,66 @@
       },
       "documentation":"<p>Used to specify changes to the ONTAP configuration for the volume you are updating.</p>"
     },
+    "UpdateOpenZFSVolumeConfiguration":{
+      "type":"structure",
+      "members":{
+        "StorageCapacityReservationGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to reserve from the parent volume. You can't reserve more storage than the parent volume has reserved.</p>"
+        },
+        "StorageCapacityQuotaGiB":{
+          "shape":"IntegerNoMax",
+          "documentation":"<p/> <p>The maximum amount of storage in gibibytes (GiB) that the volume can use from its parent. You can specify a quota larger than the storage on the parent volume.</p>"
+        },
+        "DataCompressionType":{
+          "shape":"OpenZFSDataCompressionType",
+          "documentation":"<p/> <p>Specifies the method used to compress the data on the volume. Unless the compression type is specified, volumes inherit the <code>DataCompressionType</code> value of their parent volume.</p> <ul> <li> <p> <code>NONE</code> - Doesn't compress the data on the volume.</p> </li> <li> <p> <code>ZSTD</code> - Compresses the data in the volume using the Zstandard (ZSTD) compression algorithm. This algorithm reduces the amount of space used on your volume and has very little impact on compute resources.</p> </li> </ul>"
+        },
+        "NfsExports":{
+          "shape":"OpenZFSNfsExports",
+          "documentation":"<p>The configuration object for mounting a Network File System (NFS) file system.</p>"
+        },
+        "UserAndGroupQuotas":{
+          "shape":"OpenZFSUserAndGroupQuotas",
+          "documentation":"<p>An object specifying how much storage users or groups can use on the volume.</p>"
+        },
+        "ReadOnly":{
+          "shape":"ReadOnly",
+          "documentation":"<p>A Boolean value indicating whether the volume is read-only.</p>"
+        }
+      },
+      "documentation":"<p>Used to specify changes to the OpenZFS configuration for the volume that you are updating.</p>"
+    },
+    "UpdateSnapshotRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "SnapshotId"
+      ],
+      "members":{
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "Name":{
+          "shape":"SnapshotName",
+          "documentation":"<p>The name of the snapshot to update. </p>"
+        },
+        "SnapshotId":{
+          "shape":"SnapshotId",
+          "documentation":"<p>The ID of the snapshot that you want to update, in the format <code>fsvolsnap-0123456789abcdef0</code>.</p>"
+        }
+      }
+    },
+    "UpdateSnapshotResponse":{
+      "type":"structure",
+      "members":{
+        "Snapshot":{
+          "shape":"Snapshot",
+          "documentation":"<p>Returned after a successful <code>UpdateSnapshot</code> operation, describing the snapshot that you updated.</p>"
+        }
+      }
+    },
     "UpdateStorageVirtualMachineRequest":{
       "type":"structure",
       "required":["StorageVirtualMachineId"],
@@ -3524,7 +4767,7 @@
       "members":{
         "SelfManagedActiveDirectoryConfiguration":{"shape":"SelfManagedActiveDirectoryConfigurationUpdates"}
       },
-      "documentation":"<p>Updates the Microsoft Active Directory (AD) configuration of an SVM joined to an AD. Pleae note, account credentials are not returned in the response payload.</p>"
+      "documentation":"<p>Updates the Microsoft Active Directory (AD) configuration of an SVM joined to an AD. Please note, account credentials are not returned in the response payload.</p>"
     },
     "UpdateVolumeRequest":{
       "type":"structure",
@@ -3536,11 +4779,19 @@
         },
         "VolumeId":{
           "shape":"VolumeId",
-          "documentation":"<p>Specifies the volume that you want to update, formatted <code>fsvol-0123456789abcdef0</code>.</p>"
+          "documentation":"<p>The ID of the volume that you want to update, in the format <code>fsvol-0123456789abcdef0</code>.</p>"
         },
         "OntapConfiguration":{
           "shape":"UpdateOntapVolumeConfiguration",
-          "documentation":"<p>The <code>ONTAP</code> configuration of the volume you are updating.</p>"
+          "documentation":"<p>The configuration of the ONTAP volume that you are updating.</p>"
+        },
+        "Name":{
+          "shape":"VolumeName",
+          "documentation":"<p>The name of the OpenZFS volume. OpenZFS root volumes are automatically named <code>FSX</code>. Child volume names must be unique among their parent volume's children. The name of the volume is part of the mount string for the OpenZFS volume. </p>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"UpdateOpenZFSVolumeConfiguration",
+          "documentation":"<p>The configuration of the OpenZFS volume that you are updating.</p>"
         }
       }
     },
@@ -3549,7 +4800,7 @@
       "members":{
         "Volume":{
           "shape":"Volume",
-          "documentation":"<p>Returned after a successful <code>UpdateVolume</code> API operation, describing the volume just updated.</p>"
+          "documentation":"<p>A description of the volume just updated. Returned after a successful <code>UpdateVolume</code> API operation.</p>"
         }
       }
     },
@@ -3560,7 +4811,7 @@
         "FileSystemId":{"shape":"FileSystemId"},
         "Lifecycle":{
           "shape":"VolumeLifecycle",
-          "documentation":"<p>The lifecycle status of the volume.</p> <ul> <li> <p> <code>CREATED</code> - The volume is fully available for use.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new volume.</p> </li> <li> <p> <code>DELETING</code> - Amazon FSx is deleting an existing volume.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx was unable to create the volume.</p> </li> <li> <p> <code>MISCONFIGURED</code> - The volume is in a failed but recoverable state.</p> </li> <li> <p> <code>PENDING</code> - Amazon FSx has not started creating the volume.</p> </li> </ul>"
+          "documentation":"<p>The lifecycle status of the volume.</p> <ul> <li> <p> <code>AVAILABLE</code> - The volume is fully available for use.</p> </li> <li> <p> <code>CREATED</code> - The volume has been created.</p> </li> <li> <p> <code>CREATING</code> - Amazon FSx is creating the new volume.</p> </li> <li> <p> <code>DELETING</code> - Amazon FSx is deleting an existing volume.</p> </li> <li> <p> <code>FAILED</code> - Amazon FSx was unable to create the volume.</p> </li> <li> <p> <code>MISCONFIGURED</code> - The volume is in a failed but recoverable state.</p> </li> <li> <p> <code>PENDING</code> - Amazon FSx hasn't started creating the volume.</p> </li> </ul>"
         },
         "Name":{
           "shape":"VolumeName",
@@ -3575,14 +4826,22 @@
         },
         "VolumeType":{
           "shape":"VolumeType",
-          "documentation":"<p>The type of volume; <code>ONTAP</code> is the only valid volume type.</p>"
+          "documentation":"<p>The type of the volume.</p>"
         },
         "LifecycleTransitionReason":{
           "shape":"LifecycleTransitionReason",
-          "documentation":"<p>Describes why the volume lifecycle state changed.</p>"
+          "documentation":"<p>The reason why the volume lifecycle status changed.</p>"
+        },
+        "AdministrativeActions":{
+          "shape":"AdministrativeActions",
+          "documentation":"<p>A list of administrative actions for the file system that are in process or waiting to be processed. Administrative actions describe changes to the Amazon FSx system that you initiated.</p>"
+        },
+        "OpenZFSConfiguration":{
+          "shape":"OpenZFSVolumeConfiguration",
+          "documentation":"<p>The configuration of an Amazon FSx for OpenZFS volume.</p>"
         }
       },
-      "documentation":"<p>Describes an Amazon FSx for NetApp ONTAP volume.</p>"
+      "documentation":"<p>Describes an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume.</p>"
     },
     "VolumeCapacity":{
       "type":"integer",
@@ -3601,7 +4860,7 @@
           "documentation":"<p>The values of the filter. These are all the values for any of the applied filters.</p>"
         }
       },
-      "documentation":"<p>A filter used to restrict the results of describe calls for Amazon FSx for NetApp ONTAP volumes. You can use multiple filters to return results that meet all applied filter requirements.</p>"
+      "documentation":"<p>A filter used to restrict the results of describe calls for Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volumes. You can use multiple filters to return results that meet all applied filter requirements.</p>"
     },
     "VolumeFilterName":{
       "type":"string",
@@ -3645,7 +4904,8 @@
         "DELETING",
         "FAILED",
         "MISCONFIGURED",
-        "PENDING"
+        "PENDING",
+        "AVAILABLE"
       ]
     },
     "VolumeName":{
@@ -3662,9 +4922,18 @@
       "documentation":"<p>No Amazon FSx for NetApp ONTAP volumes were found based upon the supplied parameters.</p>",
       "exception":true
     },
+    "VolumePath":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^[A-za-z0-9\\_\\.\\:\\-\\/]*$"
+    },
     "VolumeType":{
       "type":"string",
-      "enum":["ONTAP"]
+      "enum":[
+        "ONTAP",
+        "OPENZFS"
+      ]
     },
     "Volumes":{
       "type":"list",
@@ -3673,7 +4942,7 @@
     },
     "VpcId":{
       "type":"string",
-      "documentation":"<p>The ID of your virtual private cloud (VPC). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html\">VPC and Subnets</a> in the <i>Amazon VPC User Guide</i>.</p>",
+      "documentation":"<p>The ID of your virtual private cloud (VPC). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html\">VPC and subnets</a> in the <i>Amazon VPC User Guide</i>.</p>",
       "max":21,
       "min":12,
       "pattern":"^(vpc-[0-9a-f]{8,})$"
diff --git a/contrib/python/botocore/py3/botocore/data/glue/2017-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/glue/2017-03-31/service-2.json
index 3c49973aeae..46c03b8c84c 100644
--- a/contrib/python/botocore/py3/botocore/data/glue/2017-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/glue/2017-03-31/service-2.json
@@ -73,7 +73,9 @@
         {"shape":"InvalidInputException"},
         {"shape":"EntityNotFoundException"},
         {"shape":"InternalServiceException"},
-        {"shape":"OperationTimeoutException"}
+        {"shape":"OperationTimeoutException"},
+        {"shape":"GlueEncryptionException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Deletes multiple tables at once.</p> <note> <p>After completing this operation, you no longer have access to the table versions and partitions that belong to the deleted table. Glue deletes these \"orphaned\" resources asynchronously in a timely manner, at the discretion of the service.</p> <p>To ensure the immediate deletion of all related resources, before calling <code>BatchDeleteTable</code>, use <code>DeleteTableVersion</code> or <code>BatchDeleteTableVersion</code>, and <code>DeletePartition</code> or <code>BatchDeletePartition</code>, to delete any resources that belong to the table.</p> </note>"
     },
@@ -166,7 +168,8 @@
         {"shape":"EntityNotFoundException"},
         {"shape":"OperationTimeoutException"},
         {"shape":"InternalServiceException"},
-        {"shape":"GlueEncryptionException"}
+        {"shape":"GlueEncryptionException"},
+        {"shape":"InvalidStateException"}
       ],
       "documentation":"<p>Retrieves partitions in a batch request.</p>"
     },
@@ -456,6 +459,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"AlreadyExistsException"},
         {"shape":"ResourceNumberLimitExceededException"},
+        {"shape":"ConcurrentModificationException"},
         {"shape":"InternalServiceException"}
       ],
       "documentation":"<p>Creates a new registry which may be used to hold a collection of schemas.</p>"
@@ -474,6 +478,7 @@
         {"shape":"EntityNotFoundException"},
         {"shape":"AlreadyExistsException"},
         {"shape":"ResourceNumberLimitExceededException"},
+        {"shape":"ConcurrentModificationException"},
         {"shape":"InternalServiceException"}
       ],
       "documentation":"<p>Creates a new schema set and registers the schema definition. Returns an error if the schema set already exists without actually registering the version.</p> <p>When the schema set is created, a version checkpoint will be set to the first version. Compatibility mode \"DISABLED\" restricts any additional schema versions from being added after the first schema version. For all other compatibility modes, validation of compatibility settings will be applied only from the second version onwards when the <code>RegisterSchemaVersion</code> API is used.</p> <p>When this API is called without a <code>RegistryId</code>, this will create an entry for a \"default-registry\" in the registry database tables, if it is not already present.</p>"
@@ -526,7 +531,8 @@
         {"shape":"InternalServiceException"},
         {"shape":"OperationTimeoutException"},
         {"shape":"GlueEncryptionException"},
-        {"shape":"ConcurrentModificationException"}
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Creates a new table definition in the Data Catalog.</p>"
     },
@@ -872,7 +878,8 @@
         {"shape":"InvalidInputException"},
         {"shape":"InternalServiceException"},
         {"shape":"OperationTimeoutException"},
-        {"shape":"ConcurrentModificationException"}
+        {"shape":"ConcurrentModificationException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Removes a table definition from the Data Catalog.</p> <note> <p>After completing this operation, you no longer have access to the table versions and partitions that belong to the deleted table. Glue deletes these \"orphaned\" resources asynchronously in a timely manner, at the discretion of the service.</p> <p>To ensure the immediate deletion of all related resources, before calling <code>DeleteTable</code>, use <code>DeleteTableVersion</code> or <code>BatchDeleteTableVersion</code>, and <code>DeletePartition</code> or <code>BatchDeletePartition</code>, to delete any resources that belong to the table.</p> </note>"
     },
@@ -1437,7 +1444,9 @@
         {"shape":"InvalidInputException"},
         {"shape":"OperationTimeoutException"},
         {"shape":"InternalServiceException"},
-        {"shape":"GlueEncryptionException"}
+        {"shape":"GlueEncryptionException"},
+        {"shape":"InvalidStateException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Retrieves information about the partitions in a table.</p>"
     },
@@ -1613,7 +1622,8 @@
         {"shape":"InvalidInputException"},
         {"shape":"InternalServiceException"},
         {"shape":"OperationTimeoutException"},
-        {"shape":"GlueEncryptionException"}
+        {"shape":"GlueEncryptionException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Retrieves the <code>Table</code> definition in a Data Catalog for a specified table.</p>"
     },
@@ -1716,6 +1726,57 @@
       ],
       "documentation":"<p>Gets all the triggers associated with a job.</p>"
     },
+    "GetUnfilteredPartitionMetadata":{
+      "name":"GetUnfilteredPartitionMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetUnfilteredPartitionMetadataRequest"},
+      "output":{"shape":"GetUnfilteredPartitionMetadataResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"GlueEncryptionException"},
+        {"shape":"PermissionTypeMismatchException"}
+      ]
+    },
+    "GetUnfilteredPartitionsMetadata":{
+      "name":"GetUnfilteredPartitionsMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetUnfilteredPartitionsMetadataRequest"},
+      "output":{"shape":"GetUnfilteredPartitionsMetadataResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"GlueEncryptionException"},
+        {"shape":"PermissionTypeMismatchException"}
+      ]
+    },
+    "GetUnfilteredTableMetadata":{
+      "name":"GetUnfilteredTableMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetUnfilteredTableMetadataRequest"},
+      "output":{"shape":"GetUnfilteredTableMetadataResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"GlueEncryptionException"},
+        {"shape":"PermissionTypeMismatchException"}
+      ]
+    },
     "GetUserDefinedFunction":{
       "name":"GetUserDefinedFunction",
       "http":{
@@ -2671,7 +2732,8 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"ConcurrentModificationException"},
         {"shape":"ResourceNumberLimitExceededException"},
-        {"shape":"GlueEncryptionException"}
+        {"shape":"GlueEncryptionException"},
+        {"shape":"ResourceNotReadyException"}
       ],
       "documentation":"<p>Updates a metadata table in the Data Catalog.</p>"
     },
@@ -2739,6 +2801,11 @@
       "documentation":"<p>Access to a resource was denied.</p>",
       "exception":true
     },
+    "AccountId":{
+      "type":"string",
+      "max":12,
+      "min":0
+    },
     "Action":{
       "type":"structure",
       "members":{
@@ -2790,6 +2857,17 @@
       "exception":true
     },
     "AttemptCount":{"type":"integer"},
+    "AuditContext":{
+      "type":"structure",
+      "members":{
+        "AdditionalAuditContext":{"shape":"AuditContextString"}
+      }
+    },
+    "AuditContextString":{
+      "type":"string",
+      "max":2048,
+      "min":0
+    },
     "BackfillError":{
       "type":"structure",
       "members":{
@@ -2949,6 +3027,10 @@
         "TablesToDelete":{
           "shape":"BatchDeleteTableNameList",
           "documentation":"<p>A list of the table to delete.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to delete the table contents.</p>"
         }
       }
     },
@@ -3681,6 +3763,10 @@
         "Tables":{
           "shape":"CatalogTablesList",
           "documentation":"<p>A list of the tables to be synchronized.</p>"
+        },
+        "ConnectionName":{
+          "shape":"ConnectionName",
+          "documentation":"<p>The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a <code>Catalog</code> connection type paired with a <code>NETWORK</code> Connection type.</p>"
         }
       },
       "documentation":"<p>Specifies an Glue Data Catalog target.</p>"
@@ -3698,7 +3784,7 @@
       "members":{
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "SchemaDefinition":{
           "shape":"SchemaDefinitionString",
@@ -3928,6 +4014,17 @@
       "min":1,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
     },
+    "ColumnRowFilter":{
+      "type":"structure",
+      "members":{
+        "ColumnName":{"shape":"NameString"},
+        "RowFilterExpression":{"shape":"PredicateString"}
+      }
+    },
+    "ColumnRowFilterList":{
+      "type":"list",
+      "member":{"shape":"ColumnRowFilter"}
+    },
     "ColumnStatistics":{
       "type":"structure",
       "required":[
@@ -4448,7 +4545,8 @@
         "CrawlerSecurityConfiguration":{
           "shape":"CrawlerSecurityConfiguration",
           "documentation":"<p>The name of the <code>SecurityConfiguration</code> structure to be used by this crawler.</p>"
-        }
+        },
+        "LakeFormationConfiguration":{"shape":"LakeFormationConfiguration"}
       },
       "documentation":"<p>Specifies a crawler program that examines a data source and uses classifiers to try to determine its schema. If successful, the crawler records metadata concerning the data source in the Glue Data Catalog.</p>"
     },
@@ -4590,6 +4688,10 @@
         "CatalogTargets":{
           "shape":"CatalogTargetList",
           "documentation":"<p>Specifies Glue Data Catalog targets.</p>"
+        },
+        "DeltaTargets":{
+          "shape":"DeltaTargetList",
+          "documentation":"<p>Specifies Delta data store targets.</p>"
         }
       },
       "documentation":"<p>Specifies data stores to crawl.</p>"
@@ -4729,6 +4831,7 @@
           "shape":"LineageConfiguration",
           "documentation":"<p>Specifies data lineage configuration settings for the crawler.</p>"
         },
+        "LakeFormationConfiguration":{"shape":"LakeFormationConfiguration"},
         "Configuration":{
           "shape":"CrawlerConfiguration",
           "documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
@@ -5284,7 +5387,7 @@
         },
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "Compatibility":{
           "shape":"Compatibility",
@@ -5329,7 +5432,7 @@
         },
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "Compatibility":{
           "shape":"Compatibility",
@@ -5447,6 +5550,10 @@
         "PartitionIndexes":{
           "shape":"PartitionIndexList",
           "documentation":"<p>A list of partition indexes, <code>PartitionIndex</code> structures, to create in the table.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The ID of the transaction.</p>"
         }
       }
     },
@@ -5702,7 +5809,8 @@
       "type":"string",
       "enum":[
         "AVRO",
-        "JSON"
+        "JSON",
+        "PROTOBUF"
       ]
     },
     "DataLakePrincipal":{
@@ -6293,6 +6401,10 @@
         "Name":{
           "shape":"NameString",
           "documentation":"<p>The name of the table to be deleted. For Hive compatibility, this name is entirely lowercase.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to delete the table contents.</p>"
         }
       }
     },
@@ -6396,6 +6508,28 @@
         }
       }
     },
+    "DeltaTarget":{
+      "type":"structure",
+      "members":{
+        "DeltaTables":{
+          "shape":"PathList",
+          "documentation":"<p>A list of the Amazon S3 paths to the Delta tables.</p>"
+        },
+        "ConnectionName":{
+          "shape":"ConnectionName",
+          "documentation":"<p>The name of the connection to use to connect to the Delta table target.</p>"
+        },
+        "WriteManifest":{
+          "shape":"NullableBoolean",
+          "documentation":"<p>Specifies whether to write the manifest files to the Delta table path.</p>"
+        }
+      },
+      "documentation":"<p>Specifies a Delta data store to crawl one or more Delta tables.</p>"
+    },
+    "DeltaTargetList":{
+      "type":"list",
+      "member":{"shape":"DeltaTarget"}
+    },
     "DescriptionString":{
       "type":"string",
       "max":2048,
@@ -7883,6 +8017,14 @@
         "ExcludeColumnSchema":{
           "shape":"BooleanNullable",
           "documentation":"<p>When true, specifies not returning the partition column schema. Useful when you are interested only in other partition attributes such as partition values or location. This approach avoids the problem of a large response by not returning duplicate data.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to read the partition contents.</p>"
+        },
+        "QueryAsOfTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time as of when to read the partition contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with <code>TransactionId</code>.</p>"
         }
       }
     },
@@ -8074,7 +8216,7 @@
         },
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently only <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "Status":{
           "shape":"SchemaVersionStatus",
@@ -8121,7 +8263,7 @@
         },
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "Compatibility":{
           "shape":"Compatibility",
@@ -8183,7 +8325,7 @@
         },
         "DataFormat":{
           "shape":"DataFormat",
-          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code> and <code>JSON</code> are supported.</p>"
+          "documentation":"<p>The data format of the schema definition. Currently <code>AVRO</code>, <code>JSON</code> and <code>PROTOBUF</code> are supported.</p>"
         },
         "SchemaArn":{
           "shape":"GlueResourceArn",
@@ -8302,6 +8444,14 @@
         "Name":{
           "shape":"NameString",
           "documentation":"<p>The name of the table for which to retrieve the definition. For Hive compatibility, this name is entirely lowercase.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to read the table contents. </p>"
+        },
+        "QueryAsOfTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with <code>TransactionId</code>.</p>"
         }
       }
     },
@@ -8417,6 +8567,14 @@
         "MaxResults":{
           "shape":"CatalogGetterPageSize",
           "documentation":"<p>The maximum number of tables to return in a single response.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to read the table contents.</p>"
+        },
+        "QueryAsOfTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with <code>TransactionId</code>.</p>"
         }
       }
     },
@@ -8501,6 +8659,84 @@
         }
       }
     },
+    "GetUnfilteredPartitionMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "CatalogId",
+        "DatabaseName",
+        "TableName",
+        "PartitionValues",
+        "SupportedPermissionTypes"
+      ],
+      "members":{
+        "CatalogId":{"shape":"CatalogIdString"},
+        "DatabaseName":{"shape":"NameString"},
+        "TableName":{"shape":"NameString"},
+        "PartitionValues":{"shape":"ValueStringList"},
+        "AuditContext":{"shape":"AuditContext"},
+        "SupportedPermissionTypes":{"shape":"PermissionTypeList"}
+      }
+    },
+    "GetUnfilteredPartitionMetadataResponse":{
+      "type":"structure",
+      "members":{
+        "Partition":{"shape":"Partition"},
+        "AuthorizedColumns":{"shape":"NameStringList"},
+        "IsRegisteredWithLakeFormation":{"shape":"Boolean"}
+      }
+    },
+    "GetUnfilteredPartitionsMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "CatalogId",
+        "DatabaseName",
+        "TableName",
+        "SupportedPermissionTypes"
+      ],
+      "members":{
+        "CatalogId":{"shape":"CatalogIdString"},
+        "DatabaseName":{"shape":"NameString"},
+        "TableName":{"shape":"NameString"},
+        "Expression":{"shape":"PredicateString"},
+        "AuditContext":{"shape":"AuditContext"},
+        "SupportedPermissionTypes":{"shape":"PermissionTypeList"},
+        "NextToken":{"shape":"Token"},
+        "Segment":{"shape":"Segment"},
+        "MaxResults":{"shape":"PageSize"}
+      }
+    },
+    "GetUnfilteredPartitionsMetadataResponse":{
+      "type":"structure",
+      "members":{
+        "UnfilteredPartitions":{"shape":"UnfilteredPartitionList"},
+        "NextToken":{"shape":"Token"}
+      }
+    },
+    "GetUnfilteredTableMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "CatalogId",
+        "DatabaseName",
+        "Name",
+        "SupportedPermissionTypes"
+      ],
+      "members":{
+        "CatalogId":{"shape":"CatalogIdString"},
+        "DatabaseName":{"shape":"NameString"},
+        "Name":{"shape":"NameString"},
+        "AuditContext":{"shape":"AuditContext"},
+        "SupportedPermissionTypes":{"shape":"PermissionTypeList"}
+      }
+    },
+    "GetUnfilteredTableMetadataResponse":{
+      "type":"structure",
+      "members":{
+        "Table":{"shape":"Table"},
+        "AuthorizedColumns":{"shape":"NameStringList"},
+        "IsRegisteredWithLakeFormation":{"shape":"Boolean"},
+        "CellFilters":{"shape":"ColumnRowFilterList"}
+      }
+    },
     "GetUserDefinedFunctionRequest":{
       "type":"structure",
       "required":[
@@ -8905,6 +9141,17 @@
       "documentation":"<p>The input provided was not valid.</p>",
       "exception":true
     },
+    "InvalidStateException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the problem.</p>"
+        }
+      },
+      "documentation":"<p>An error that indicates your data is in an invalid state.</p>",
+      "exception":true
+    },
     "IsVersionValid":{"type":"boolean"},
     "JdbcTarget":{
       "type":"structure",
@@ -9377,6 +9624,13 @@
       },
       "documentation":"<p>Specifies configuration properties for a labeling set generation task run.</p>"
     },
+    "LakeFormationConfiguration":{
+      "type":"structure",
+      "members":{
+        "UseLakeFormationCredentials":{"shape":"NullableBoolean"},
+        "AccountId":{"shape":"AccountId"}
+      }
+    },
     "Language":{
       "type":"string",
       "enum":[
@@ -9793,6 +10047,10 @@
       "max":2056,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
     },
+    "LocationStringList":{
+      "type":"list",
+      "member":{"shape":"LocationString"}
+    },
     "LogGroup":{
       "type":"string",
       "max":512,
@@ -10484,6 +10742,26 @@
       "type":"list",
       "member":{"shape":"Permission"}
     },
+    "PermissionType":{
+      "type":"string",
+      "enum":[
+        "COLUMN_PERMISSION",
+        "CELL_FILTER_PERMISSION"
+      ]
+    },
+    "PermissionTypeList":{
+      "type":"list",
+      "member":{"shape":"PermissionType"},
+      "max":255,
+      "min":1
+    },
+    "PermissionTypeMismatchException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"MessageString"}
+      },
+      "exception":true
+    },
     "PhysicalConnectionRequirements":{
       "type":"structure",
       "members":{
@@ -10984,6 +11262,17 @@
         }
       }
     },
+    "ResourceNotReadyException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the problem.</p>"
+        }
+      },
+      "documentation":"<p>A resource was not ready for a transaction.</p>",
+      "exception":true
+    },
     "ResourceNumberLimitExceededException":{
       "type":"structure",
       "members":{
@@ -11822,6 +12111,10 @@
         "Name":{
           "shape":"NameString",
           "documentation":"<p>The name of the workflow to start.</p>"
+        },
+        "RunProperties":{
+          "shape":"WorkflowRunProperties",
+          "documentation":"<p>The workflow run properties for the new workflow run.</p>"
         }
       }
     },
@@ -11930,6 +12223,7 @@
           "shape":"LocationString",
           "documentation":"<p>The physical location of the table. By default, this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.</p>"
         },
+        "AdditionalLocations":{"shape":"LocationStringList"},
         "InputFormat":{
           "shape":"FormatString",
           "documentation":"<p>The input format: <code>SequenceFileInputFormat</code> (binary), or <code>TextInputFormat</code>, or a custom format.</p>"
@@ -12441,6 +12735,12 @@
       "max":10,
       "min":1
     },
+    "TransactionIdString":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"[\\p{L}\\p{N}\\p{P}]*"
+    },
     "TransformEncryption":{
       "type":"structure",
       "members":{
@@ -12693,6 +12993,18 @@
       "min":1,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
     },
+    "UnfilteredPartition":{
+      "type":"structure",
+      "members":{
+        "Partition":{"shape":"Partition"},
+        "AuthorizedColumns":{"shape":"NameStringList"},
+        "IsRegisteredWithLakeFormation":{"shape":"Boolean"}
+      }
+    },
+    "UnfilteredPartitionList":{
+      "type":"list",
+      "member":{"shape":"UnfilteredPartition"}
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -12933,6 +13245,7 @@
           "shape":"LineageConfiguration",
           "documentation":"<p>Specifies data lineage configuration settings for the crawler.</p>"
         },
+        "LakeFormationConfiguration":{"shape":"LakeFormationConfiguration"},
         "Configuration":{
           "shape":"CrawlerConfiguration",
           "documentation":"<p>Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. For more information, see <a href=\"https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html\">Configuring a Crawler</a>.</p>"
@@ -13321,6 +13634,10 @@
         "SkipArchive":{
           "shape":"BooleanNullable",
           "documentation":"<p>By default, <code>UpdateTable</code> always creates an archived version of the table before updating it. However, if <code>skipArchive</code> is set to true, <code>UpdateTable</code> does not create the archived version.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to update the table contents. </p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/greengrassv2/2020-11-30/service-2.json b/contrib/python/botocore/py3/botocore/data/greengrassv2/2020-11-30/service-2.json
index e90628d9c04..9eb0e5903e0 100644
--- a/contrib/python/botocore/py3/botocore/data/greengrassv2/2020-11-30/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/greengrassv2/2020-11-30/service-2.json
@@ -3,7 +3,6 @@
   "metadata":{
     "apiVersion":"2020-11-30",
     "endpointPrefix":"greengrass",
-    "jsonVersion":"1.1",
     "protocol":"rest-json",
     "serviceAbbreviation":"AWS GreengrassV2",
     "serviceFullName":"AWS IoT Greengrass V2",
@@ -12,6 +11,21 @@
     "uid":"greengrassv2-2020-11-30"
   },
   "operations":{
+    "AssociateServiceRoleToAccount":{
+      "name":"AssociateServiceRoleToAccount",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/greengrass/servicerole",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateServiceRoleToAccountRequest"},
+      "output":{"shape":"AssociateServiceRoleToAccountResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Associates a Greengrass service role with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region. IoT Greengrass uses this role to verify the identity of client devices and manage core device connectivity information. The role must include the <a href=\"https://console.aws.amazon.com/iam/home#/policies/arn:awsiam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy\">AWSGreengrassResourceAccessRolePolicy</a> managed policy or a custom policy that defines equivalent permissions for the IoT Greengrass features that you use. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html\">Greengrass service role</a> in the <i>IoT Greengrass Version 2 Developer Guide</i>.</p>"
+    },
     "BatchAssociateClientDeviceWithCoreDevice":{
       "name":"BatchAssociateClientDeviceWithCoreDevice",
       "http":{
@@ -28,7 +42,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Associate a list of client devices with a core device. Use this API operation to specify which client devices can discover a core device through cloud discovery. With cloud discovery, client devices connect to IoT Greengrass to retrieve associated core devices' connectivity information and certificates. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-cloud-discovery.html\">Configure cloud discovery</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> <note> <p>Client devices are local IoT devices that connect to and communicate with an IoT Greengrass core device over MQTT. You can connect client devices to a core device to sync MQTT messages and data to Amazon Web Services IoT Core and interact with client devices in Greengrass components. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/interact-with-local-iot-devices.html\">Interact with local IoT devices</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> </note>"
+      "documentation":"<p>Associates a list of client devices with a core device. Use this API operation to specify which client devices can discover a core device through cloud discovery. With cloud discovery, client devices connect to IoT Greengrass to retrieve associated core devices' connectivity information and certificates. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-cloud-discovery.html\">Configure cloud discovery</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> <note> <p>Client devices are local IoT devices that connect to and communicate with an IoT Greengrass core device over MQTT. You can connect client devices to a core device to sync MQTT messages and data to Amazon Web Services IoT Core and interact with client devices in Greengrass components. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/interact-with-local-iot-devices.html\">Interact with local IoT devices</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> </note>"
     },
     "BatchDisassociateClientDeviceFromCoreDevice":{
       "name":"BatchDisassociateClientDeviceFromCoreDevice",
@@ -46,7 +60,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Disassociate a list of client devices from a core device. After you disassociate a client device from a core device, the client device won't be able to use cloud discovery to retrieve the core device's connectivity information and certificates.</p>"
+      "documentation":"<p>Disassociates a list of client devices from a core device. After you disassociate a client device from a core device, the client device won't be able to use cloud discovery to retrieve the core device's connectivity information and certificates.</p>"
     },
     "CancelDeployment":{
       "name":"CancelDeployment",
@@ -84,7 +98,7 @@
         {"shape":"InternalServerException"},
         {"shape":"RequestAlreadyInProgressException"}
       ],
-      "documentation":"<p>Creates a component. Components are software that run on Greengrass core devices. After you develop and test a component on your core device, you can use this operation to upload your component to IoT Greengrass. Then, you can deploy the component to other core devices.</p> <p>You can use this operation to do the following:</p> <ul> <li> <p> <b>Create components from recipes</b> </p> <p>Create a component from a recipe, which is a file that defines the component's metadata, parameters, dependencies, lifecycle, artifacts, and platform capability. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/component-recipe-reference.html\">IoT Greengrass component recipe reference</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> <p>To create a component from a recipe, specify <code>inlineRecipe</code> when you call this operation.</p> </li> <li> <p> <b>Create components from Lambda functions</b> </p> <p>Create a component from an Lambda function that runs on IoT Greengrass. This creates a recipe and artifacts from the Lambda function's deployment package. You can use this operation to migrate Lambda functions from IoT Greengrass V1 to IoT Greengrass V2.</p> <p>This function only accepts Lambda functions that use the following runtimes:</p> <ul> <li> <p>Python 2.7 – <code>python2.7</code> </p> </li> <li> <p>Python 3.7 – <code>python3.7</code> </p> </li> <li> <p>Python 3.8 – <code>python3.8</code> </p> </li> <li> <p>Java 8 – <code>java8</code> </p> </li> <li> <p>Node.js 10 – <code>nodejs10.x</code> </p> </li> <li> <p>Node.js 12 – <code>nodejs12.x</code> </p> </li> </ul> <p>To create a component from a Lambda function, specify <code>lambdaFunction</code> when you call this operation.</p> </li> </ul>"
+      "documentation":"<p>Creates a component. Components are software that run on Greengrass core devices. After you develop and test a component on your core device, you can use this operation to upload your component to IoT Greengrass. Then, you can deploy the component to other core devices.</p> <p>You can use this operation to do the following:</p> <ul> <li> <p> <b>Create components from recipes</b> </p> <p>Create a component from a recipe, which is a file that defines the component's metadata, parameters, dependencies, lifecycle, artifacts, and platform capability. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/component-recipe-reference.html\">IoT Greengrass component recipe reference</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p> <p>To create a component from a recipe, specify <code>inlineRecipe</code> when you call this operation.</p> </li> <li> <p> <b>Create components from Lambda functions</b> </p> <p>Create a component from an Lambda function that runs on IoT Greengrass. This creates a recipe and artifacts from the Lambda function's deployment package. You can use this operation to migrate Lambda functions from IoT Greengrass V1 to IoT Greengrass V2.</p> <p>This function only accepts Lambda functions that use the following runtimes:</p> <ul> <li> <p>Python 2.7 – <code>python2.7</code> </p> </li> <li> <p>Python 3.7 – <code>python3.7</code> </p> </li> <li> <p>Python 3.8 – <code>python3.8</code> </p> </li> <li> <p>Java 8 – <code>java8</code> </p> </li> <li> <p>Node.js 10 – <code>nodejs10.x</code> </p> </li> <li> <p>Node.js 12 – <code>nodejs12.x</code> </p> </li> </ul> <p>To create a component from a Lambda function, specify <code>lambdaFunction</code> when you call this operation.</p> <note> <p>IoT Greengrass currently supports Lambda functions on only Linux core devices.</p> </note> </li> </ul>"
     },
     "CreateDeployment":{
       "name":"CreateDeployment",
@@ -158,6 +172,20 @@
       ],
       "documentation":"<p>Retrieves metadata for a version of a component.</p>"
     },
+    "DisassociateServiceRoleFromAccount":{
+      "name":"DisassociateServiceRoleFromAccount",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/greengrass/servicerole",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateServiceRoleFromAccountRequest"},
+      "output":{"shape":"DisassociateServiceRoleFromAccountResponse"},
+      "errors":[
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Disassociates the Greengrass service role from IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region. Without a service role, IoT Greengrass can't verify the identity of client devices or manage core device connectivity information. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html\">Greengrass service role</a> in the <i>IoT Greengrass Version 2 Developer Guide</i>.</p>"
+    },
     "GetComponent":{
       "name":"GetComponent",
       "http":{
@@ -192,6 +220,21 @@
       ],
       "documentation":"<p>Gets the pre-signed URL to download a public component artifact. Core devices call this operation to identify the URL that they can use to download an artifact to install.</p>"
     },
+    "GetConnectivityInfo":{
+      "name":"GetConnectivityInfo",
+      "http":{
+        "method":"GET",
+        "requestUri":"/greengrass/things/{thingName}/connectivityInfo",
+        "responseCode":200
+      },
+      "input":{"shape":"GetConnectivityInfoRequest"},
+      "output":{"shape":"GetConnectivityInfoResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Retrieves connectivity information for a Greengrass core device.</p> <p>Connectivity information includes endpoints and ports where client devices can connect to an MQTT broker on the core device. When a client device calls the <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html\">Greengrass discovery API</a>, IoT Greengrass returns connectivity information for all of the core devices where the client device can connect. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/connect-client-devices.html\">Connect client devices to core devices</a> in the <i>IoT Greengrass Version 2 Developer Guide</i>.</p>"
+    },
     "GetCoreDevice":{
       "name":"GetCoreDevice",
       "http":{
@@ -226,6 +269,20 @@
       ],
       "documentation":"<p>Gets a deployment. Deployments define the components that run on Greengrass core devices.</p>"
     },
+    "GetServiceRoleForAccount":{
+      "name":"GetServiceRoleForAccount",
+      "http":{
+        "method":"GET",
+        "requestUri":"/greengrass/servicerole",
+        "responseCode":200
+      },
+      "input":{"shape":"GetServiceRoleForAccountRequest"},
+      "output":{"shape":"GetServiceRoleForAccountResponse"},
+      "errors":[
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets the service role associated with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region. IoT Greengrass uses this role to verify the identity of client devices and manage core device connectivity information. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-service-role.html\">Greengrass service role</a> in the <i>IoT Greengrass Version 2 Developer Guide</i>.</p>"
+    },
     "ListClientDevicesAssociatedWithCoreDevice":{
       "name":"ListClientDevicesAssociatedWithCoreDevice",
       "http":{
@@ -405,6 +462,21 @@
         {"shape":"ResourceNotFoundException"}
       ],
       "documentation":"<p>Removes a tag from an IoT Greengrass resource.</p>"
+    },
+    "UpdateConnectivityInfo":{
+      "name":"UpdateConnectivityInfo",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/greengrass/things/{thingName}/connectivityInfo",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateConnectivityInfoRequest"},
+      "output":{"shape":"UpdateConnectivityInfoResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates connectivity information for a Greengrass core device.</p> <p>Connectivity information includes endpoints and ports where client devices can connect to an MQTT broker on the core device. When a client device calls the <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html\">Greengrass discovery API</a>, IoT Greengrass returns connectivity information for all of the core devices where the client device can connect. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/connect-client-devices.html\">Connect client devices to core devices</a> in the <i>IoT Greengrass Version 2 Developer Guide</i>.</p>"
     }
   },
   "shapes":{
@@ -459,6 +531,27 @@
       "max":100,
       "min":1
     },
+    "AssociateServiceRoleToAccountRequest":{
+      "type":"structure",
+      "required":["roleArn"],
+      "members":{
+        "roleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the service role to associate with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region.</p>",
+          "locationName":"RoleArn"
+        }
+      }
+    },
+    "AssociateServiceRoleToAccountResponse":{
+      "type":"structure",
+      "members":{
+        "associatedAt":{
+          "shape":"String",
+          "documentation":"<p>The time when the service role was associated with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region.</p>",
+          "locationName":"AssociatedAt"
+        }
+      }
+    },
     "AssociatedClientDevice":{
       "type":"structure",
       "members":{
@@ -525,7 +618,7 @@
       "members":{
         "errorEntries":{
           "shape":"DisassociateClientDeviceFromCoreDeviceErrorList",
-          "documentation":"<p>The list of errors (if any) for the entries in the request. Each error entry contains the name of the IoT thing that failed to disassociate.</p>"
+          "documentation":"<p>The list of any errors for the entries in the request. Each error entry contains the name of the IoT thing that failed to disassociate.</p>"
         }
       }
     },
@@ -772,11 +865,15 @@
       "members":{
         "posixUser":{
           "shape":"NonEmptyString",
-          "documentation":"<p>The POSIX system user and (optional) group to use to run this component. Specify the user and group separated by a colon (<code>:</code>) in the following format: <code>user:group</code>. The group is optional. If you don't specify a group, the IoT Greengrass Core software uses the primary user for the group.</p> <p>If you omit this parameter, the IoT Greengrass Core software uses the default system user and group that you configure on the Greengrass nucleus component. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-user\">Configure the user and group that run components</a>.</p>"
+          "documentation":"<p>The POSIX system user and, optionally, group to use to run this component on Linux core devices. The user, and group if specified, must exist on each Linux core device. Specify the user and group separated by a colon (<code>:</code>) in the following format: <code>user:group</code>. The group is optional. If you don't specify a group, the IoT Greengrass Core software uses the primary user for the group.</p> <p>If you omit this parameter, the IoT Greengrass Core software uses the default system user and group that you configure on the Greengrass nucleus component. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-user\">Configure the user and group that run components</a>.</p>"
         },
         "systemResourceLimits":{
           "shape":"SystemResourceLimits",
-          "documentation":"<p>The system resource limits to apply to this component's process on the core device.</p> <p>If you omit this parameter, the IoT Greengrass Core software uses the default system resource limits that you configure on the Greengrass nucleus component. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-system-resource-limits\">Configure system resource limits for components</a>.</p>"
+          "documentation":"<p>The system resource limits to apply to this component's process on the core device. IoT Greengrass currently supports this feature on only Linux core devices.</p> <p>If you omit this parameter, the IoT Greengrass Core software uses the default system resource limits that you configure on the Greengrass nucleus component. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-system-resource-limits\">Configure system resource limits for components</a>.</p>"
+        },
+        "windowsUser":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The Windows user to use to run this component on Windows core devices. The user must exist on each Windows core device, and its name and password must be in the LocalSystem account's Credentials Manager instance.</p> <p>If you omit this parameter, the IoT Greengrass Core software uses the default Windows user that you configure on the Greengrass nucleus component. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-user\">Configure the user and group that run components</a>.</p>"
         }
       },
       "documentation":"<p>Contains information system user and group that the IoT Greengrass Core software uses to run component processes on the core device. For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#configure-component-user\">Configure the user and group that run components</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p>"
@@ -847,6 +944,32 @@
       "error":{"httpStatusCode":409},
       "exception":true
     },
+    "ConnectivityInfo":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"String",
+          "documentation":"<p>An ID for the connectivity information.</p>",
+          "locationName":"Id"
+        },
+        "hostAddress":{
+          "shape":"String",
+          "documentation":"<p>The IP address or DNS address where client devices can connect to an MQTT broker on the Greengrass core device.</p>",
+          "locationName":"HostAddress"
+        },
+        "portNumber":{
+          "shape":"PortNumberInt",
+          "documentation":"<p>The port where the MQTT broker operates on the core device. This port is typically 8883, which is the default port for the MQTT broker component that runs on core devices.</p>",
+          "locationName":"PortNumber"
+        },
+        "metadata":{
+          "shape":"String",
+          "documentation":"<p>Additional metadata to provide to client devices that connect to this core device.</p>",
+          "locationName":"Metadata"
+        }
+      },
+      "documentation":"<p>Contains information about an endpoint and port where client devices can connect to an MQTT broker on a Greengrass core device.</p>"
+    },
     "CoreDevice":{
       "type":"structure",
       "members":{
@@ -1258,6 +1381,21 @@
       "max":100,
       "min":1
     },
+    "DisassociateServiceRoleFromAccountRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateServiceRoleFromAccountResponse":{
+      "type":"structure",
+      "members":{
+        "disassociatedAt":{
+          "shape":"String",
+          "documentation":"<p>The time when the service role was disassociated from IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region.</p>",
+          "locationName":"DisassociatedAt"
+        }
+      }
+    },
     "EffectiveDeployment":{
       "type":"structure",
       "required":[
@@ -1408,6 +1546,33 @@
         }
       }
     },
+    "GetConnectivityInfoRequest":{
+      "type":"structure",
+      "required":["thingName"],
+      "members":{
+        "thingName":{
+          "shape":"CoreDeviceThingName",
+          "documentation":"<p>The name of the core device. This is also the name of the IoT thing.</p>",
+          "location":"uri",
+          "locationName":"thingName"
+        }
+      }
+    },
+    "GetConnectivityInfoResponse":{
+      "type":"structure",
+      "members":{
+        "connectivityInfo":{
+          "shape":"connectivityInfoList",
+          "documentation":"<p>The connectivity information for the core device.</p>",
+          "locationName":"ConnectivityInfo"
+        },
+        "message":{
+          "shape":"String",
+          "documentation":"<p>A message about the connectivity information request.</p>",
+          "locationName":"Message"
+        }
+      }
+    },
     "GetCoreDeviceRequest":{
       "type":"structure",
       "required":["coreDeviceThingName"],
@@ -1522,6 +1687,26 @@
         }
       }
     },
+    "GetServiceRoleForAccountRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetServiceRoleForAccountResponse":{
+      "type":"structure",
+      "members":{
+        "associatedAt":{
+          "shape":"String",
+          "documentation":"<p>The time when the service role was associated with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region.</p>",
+          "locationName":"AssociatedAt"
+        },
+        "roleArn":{
+          "shape":"String",
+          "documentation":"<p>The ARN of the service role that is associated with IoT Greengrass for your Amazon Web Services account in this Amazon Web Services Region.</p>",
+          "locationName":"RoleArn"
+        }
+      }
+    },
     "InstalledComponent":{
       "type":"structure",
       "members":{
@@ -2319,6 +2504,11 @@
       "key":{"shape":"NonEmptyString"},
       "value":{"shape":"NonEmptyString"}
     },
+    "PortNumberInt":{
+      "type":"integer",
+      "max":65535,
+      "min":0
+    },
     "PublisherString":{"type":"string"},
     "Reason":{"type":"string"},
     "RecipeBlob":{"type":"blob"},
@@ -2571,6 +2761,41 @@
       "members":{
       }
     },
+    "UpdateConnectivityInfoRequest":{
+      "type":"structure",
+      "required":[
+        "thingName",
+        "connectivityInfo"
+      ],
+      "members":{
+        "thingName":{
+          "shape":"CoreDeviceThingName",
+          "documentation":"<p>The name of the core device. This is also the name of the IoT thing.</p>",
+          "location":"uri",
+          "locationName":"thingName"
+        },
+        "connectivityInfo":{
+          "shape":"connectivityInfoList",
+          "documentation":"<p>The connectivity information for the core device.</p>",
+          "locationName":"ConnectivityInfo"
+        }
+      }
+    },
+    "UpdateConnectivityInfoResponse":{
+      "type":"structure",
+      "members":{
+        "version":{
+          "shape":"String",
+          "documentation":"<p>The new version of the connectivity information for the core device.</p>",
+          "locationName":"Version"
+        },
+        "message":{
+          "shape":"String",
+          "documentation":"<p>A message about the connectivity information update request.</p>",
+          "locationName":"Message"
+        }
+      }
+    },
     "ValidationException":{
       "type":"structure",
       "required":["message"],
@@ -2619,6 +2844,10 @@
         "FIELD_VALIDATION_FAILED",
         "OTHER"
       ]
+    },
+    "connectivityInfoList":{
+      "type":"list",
+      "member":{"shape":"ConnectivityInfo"}
     }
   },
   "documentation":"<p>IoT Greengrass brings local compute, messaging, data management, sync, and ML inference capabilities to edge devices. This enables devices to collect and analyze data closer to the source of information, react autonomously to local events, and communicate securely with each other on local networks. Local devices can also communicate securely with Amazon Web Services IoT Core and export IoT data to the Amazon Web Services Cloud. IoT Greengrass developers can use Lambda functions and components to create and deploy applications to fleets of edge devices for local operation.</p> <p>IoT Greengrass Version 2 provides a new major version of the IoT Greengrass Core software, new APIs, and a new console. Use this API reference to learn how to use the IoT Greengrass V2 API operations to manage components, manage deployments, and core devices.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/greengrass/v2/developerguide/what-is-iot-greengrass.html\">What is IoT Greengrass?</a> in the <i>IoT Greengrass V2 Developer Guide</i>.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/guardduty/2017-11-28/service-2.json b/contrib/python/botocore/py3/botocore/data/guardduty/2017-11-28/service-2.json
index 546b753e36f..a484d85b36d 100644
--- a/contrib/python/botocore/py3/botocore/data/guardduty/2017-11-28/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/guardduty/2017-11-28/service-2.json
@@ -85,7 +85,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with AWS infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.</p>"
+      "documentation":"<p>Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.</p>"
     },
     "CreateMembers":{
       "name":"CreateMembers",
@@ -100,7 +100,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Creates member accounts of the current AWS account by specifying a list of AWS account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.</p> <p>When using <code>Create Members</code> as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.</p> <p>If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\"> <code>Invite Members</code> </a>.</p>"
+      "documentation":"<p>Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.</p> <p>When using <code>Create Members</code> as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.</p> <p>If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using <a href=\"https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html\"> <code>Invite Members</code> </a>.</p>"
     },
     "CreatePublishingDestination":{
       "name":"CreatePublishingDestination",
@@ -160,7 +160,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Declines invitations sent to the current member account by AWS accounts specified by their account IDs.</p>"
+      "documentation":"<p>Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.</p>"
     },
     "DeleteDetector":{
       "name":"DeleteDetector",
@@ -220,7 +220,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Deletes invitations sent to the current member account by AWS accounts specified by their account IDs.</p>"
+      "documentation":"<p>Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.</p>"
     },
     "DeleteMembers":{
       "name":"DeleteMembers",
@@ -310,7 +310,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Disables an AWS account within the Organization as the GuardDuty delegated administrator.</p>"
+      "documentation":"<p>Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.</p>"
     },
     "DisassociateFromMasterAccount":{
       "name":"DisassociateFromMasterAccount",
@@ -355,7 +355,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Enables an AWS account within the organization as the GuardDuty delegated administrator.</p>"
+      "documentation":"<p>Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.</p>"
     },
     "GetDetector":{
       "name":"GetDetector",
@@ -535,7 +535,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Invites other AWS accounts (created as members of the current AWS account by CreateMembers) to enable GuardDuty, and allow the current AWS account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.</p>"
+      "documentation":"<p>Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage these accounts' findings on their behalf as the GuardDuty administrator account.</p>"
     },
     "ListDetectors":{
       "name":"ListDetectors",
@@ -610,7 +610,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Lists all GuardDuty membership invitations that were sent to the current AWS account.</p>"
+      "documentation":"<p>Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.</p>"
     },
     "ListMembers":{
       "name":"ListMembers",
@@ -655,7 +655,7 @@
         {"shape":"BadRequestException"},
         {"shape":"InternalServerErrorException"}
       ],
-      "documentation":"<p>Returns a list of publishing destinations associated with the specified <code>dectectorId</code>.</p>"
+      "documentation":"<p>Returns a list of publishing destinations associated with the specified <code>detectorId</code>.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -1032,6 +1032,11 @@
           "shape":"PortProbeAction",
           "documentation":"<p>Information about the PORT_PROBE action described in this finding.</p>",
           "locationName":"portProbeAction"
+        },
+        "KubernetesApiCallAction":{
+          "shape":"KubernetesApiCallAction",
+          "documentation":"<p>Information about the Kubernetes API call action described in this finding.</p>",
+          "locationName":"kubernetesApiCallAction"
         }
       },
       "documentation":"<p>Contains information about actions.</p>"
@@ -1041,7 +1046,7 @@
       "members":{
         "AdminAccountId":{
           "shape":"String",
-          "documentation":"<p>The AWS account ID for the account.</p>",
+          "documentation":"<p>The Amazon Web Services account ID for the account.</p>",
           "locationName":"adminAccountId"
         },
         "AdminStatus":{
@@ -1097,33 +1102,42 @@
       "members":{
         "Api":{
           "shape":"String",
-          "documentation":"<p>The AWS API name.</p>",
+          "documentation":"<p>The Amazon Web Services API name.</p>",
           "locationName":"api"
         },
         "CallerType":{
           "shape":"String",
-          "documentation":"<p>The AWS API caller type.</p>",
+          "documentation":"<p>The Amazon Web Services API caller type.</p>",
           "locationName":"callerType"
         },
         "DomainDetails":{
           "shape":"DomainDetails",
-          "documentation":"<p>The domain information for the AWS API call.</p>",
+          "documentation":"<p>The domain information for the Amazon Web Services API call.</p>",
           "locationName":"domainDetails"
         },
         "ErrorCode":{
           "shape":"String",
-          "documentation":"<p>The error code of the failed AWS API action.</p>",
+          "documentation":"<p>The error code of the failed Amazon Web Services API action.</p>",
           "locationName":"errorCode"
         },
+        "UserAgent":{
+          "shape":"String",
+          "locationName":"userAgent"
+        },
         "RemoteIpDetails":{
           "shape":"RemoteIpDetails",
-          "documentation":"<p>The remote IP information of the connection that initiated the AWS API call.</p>",
+          "documentation":"<p>The remote IP information of the connection that initiated the Amazon Web Services API call.</p>",
           "locationName":"remoteIpDetails"
         },
         "ServiceName":{
           "shape":"String",
-          "documentation":"<p>The AWS service name whose API was invoked.</p>",
+          "documentation":"<p>The Amazon Web Services service name whose API was invoked.</p>",
           "locationName":"serviceName"
+        },
+        "RemoteAccountDetails":{
+          "shape":"RemoteAccountDetails",
+          "documentation":"<p>The details of the Amazon Web Services account that made the API call. This field appears if the call was made from outside your account.</p>",
+          "locationName":"remoteAccountDetails"
         }
       },
       "documentation":"<p>Contains information about the API action.</p>"
@@ -1310,6 +1324,51 @@
       },
       "documentation":"<p>Contains information about the condition.</p>"
     },
+    "Container":{
+      "type":"structure",
+      "members":{
+        "ContainerRuntime":{
+          "shape":"String",
+          "documentation":"<p>The container runtime (such as, Docker or containerd) used to run the container.</p>",
+          "locationName":"containerRuntime"
+        },
+        "Id":{
+          "shape":"String",
+          "documentation":"<p>Container ID.</p>",
+          "locationName":"id"
+        },
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Container name.</p>",
+          "locationName":"name"
+        },
+        "Image":{
+          "shape":"String",
+          "documentation":"<p>Container image.</p>",
+          "locationName":"image"
+        },
+        "ImagePrefix":{
+          "shape":"String",
+          "documentation":"<p>Part of the image name before the last slash. For example, imagePrefix for public.ecr.aws/amazonlinux/amazonlinux:latest would be public.ecr.aws/amazonlinux. If the image name is relative and does not have a slash, this field is empty.</p>",
+          "locationName":"imagePrefix"
+        },
+        "VolumeMounts":{
+          "shape":"VolumeMounts",
+          "documentation":"<p>Container volume mounts.</p>",
+          "locationName":"volumeMounts"
+        },
+        "SecurityContext":{
+          "shape":"SecurityContext",
+          "documentation":"<p>Container security context.</p>",
+          "locationName":"securityContext"
+        }
+      },
+      "documentation":"<p>Details of a container.</p>"
+    },
+    "Containers":{
+      "type":"list",
+      "member":{"shape":"Container"}
+    },
     "CountBySeverity":{
       "type":"map",
       "key":{"shape":"String"},
@@ -1409,7 +1468,7 @@
         },
         "FindingCriteria":{
           "shape":"FindingCriteria",
-          "documentation":"<p>Represents the criteria to be used in the filter for querying findings.</p> <p>You can only use the following attributes to query findings:</p> <ul> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.outpostArn</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.errorCode</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.localIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.</p> </li> </ul>",
+          "documentation":"<p>Represents the criteria to be used in the filter for querying findings.</p> <p>You can only use the following attributes to query findings:</p> <ul> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.outpostArn</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.errorCode</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.localIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>resource.s3BucketDetails.publicAccess.effectivePermissions</p> </li> <li> <p>resource.s3BucketDetails.name</p> </li> <li> <p>resource.s3BucketDetails.tags.key</p> </li> <li> <p>resource.s3BucketDetails.tags.value</p> </li> <li> <p>resource.s3BucketDetails.type</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.</p> </li> </ul>",
           "locationName":"findingCriteria"
         },
         "ClientToken":{
@@ -1464,7 +1523,7 @@
         },
         "Location":{
           "shape":"Location",
-          "documentation":"<p>The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
+          "documentation":"<p>The URI of the file that contains the IPSet. </p>",
           "locationName":"location"
         },
         "Activate":{
@@ -1620,7 +1679,7 @@
         },
         "Location":{
           "shape":"Location",
-          "documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
+          "documentation":"<p>The URI of the file that contains the ThreatIntelSet. </p>",
           "locationName":"location"
         },
         "Activate":{
@@ -1675,7 +1734,8 @@
         "FLOW_LOGS",
         "CLOUD_TRAIL",
         "DNS_LOGS",
-        "S3_LOGS"
+        "S3_LOGS",
+        "KUBERNETES_AUDIT_LOGS"
       ]
     },
     "DataSourceConfigurations":{
@@ -1685,6 +1745,11 @@
           "shape":"S3LogsConfiguration",
           "documentation":"<p>Describes whether S3 data event logs are enabled as a data source.</p>",
           "locationName":"s3Logs"
+        },
+        "Kubernetes":{
+          "shape":"KubernetesConfiguration",
+          "documentation":"<p>Describes whether any Kubernetes logs are enabled as data sources.</p>",
+          "locationName":"kubernetes"
         }
       },
       "documentation":"<p>Contains information about which data sources are enabled.</p>"
@@ -1717,6 +1782,11 @@
           "shape":"S3LogsConfigurationResult",
           "documentation":"<p>An object that contains information on the status of S3 Data event logs as a data source.</p>",
           "locationName":"s3Logs"
+        },
+        "Kubernetes":{
+          "shape":"KubernetesConfigurationResult",
+          "documentation":"<p>An object that contains information on the status of all Kubernetes data sources.</p>",
+          "locationName":"kubernetes"
         }
       },
       "documentation":"<p>Contains information on the status of data sources for the detector.</p>"
@@ -1740,7 +1810,7 @@
       "members":{
         "AccountIds":{
           "shape":"AccountIds",
-          "documentation":"<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.</p>",
+          "documentation":"<p>A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to decline invitations from.</p>",
           "locationName":"accountIds"
         }
       }
@@ -1847,7 +1917,7 @@
       "members":{
         "AccountIds":{
           "shape":"AccountIds",
-          "documentation":"<p>A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.</p>",
+          "documentation":"<p>A list of account IDs of the Amazon Web Services accounts that sent invitations to the current member account that you want to delete invitations from.</p>",
           "locationName":"accountIds"
         }
       }
@@ -2071,7 +2141,7 @@
       "members":{
         "DestinationArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the resource to publish to.</p>",
+          "documentation":"<p>The ARN of the resource to publish to.</p> <p>To specify an S3 bucket folder use the following format: <code>arn:aws:s3:::DOC-EXAMPLE-BUCKET/myFolder/</code> </p>",
           "locationName":"destinationArn"
         },
         "KmsKeyArn":{
@@ -2118,7 +2188,7 @@
       "members":{
         "AdminAccountId":{
           "shape":"String",
-          "documentation":"<p>The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.</p>",
+          "documentation":"<p>The Amazon Web Services Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.</p>",
           "locationName":"adminAccountId"
         }
       }
@@ -2192,13 +2262,49 @@
       "members":{
         "Domain":{
           "shape":"String",
-          "documentation":"<p>The domain information for the AWS API call.</p>",
+          "documentation":"<p>The domain information for the Amazon Web Services API call.</p>",
           "locationName":"domain"
         }
       },
       "documentation":"<p>Contains information about the domain.</p>"
     },
     "Double":{"type":"double"},
+    "EksClusterDetails":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>EKS cluster name.</p>",
+          "locationName":"name"
+        },
+        "Arn":{
+          "shape":"String",
+          "documentation":"<p>EKS cluster ARN.</p>",
+          "locationName":"arn"
+        },
+        "VpcId":{
+          "shape":"String",
+          "documentation":"<p>The VPC ID to which the EKS cluster is attached.</p>",
+          "locationName":"vpcId"
+        },
+        "Status":{
+          "shape":"String",
+          "documentation":"<p>The EKS cluster status.</p>",
+          "locationName":"status"
+        },
+        "Tags":{
+          "shape":"Tags",
+          "documentation":"<p>The EKS cluster tags.</p>",
+          "locationName":"tags"
+        },
+        "CreatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp when the EKS cluster was created.</p>",
+          "locationName":"createdAt"
+        }
+      },
+      "documentation":"<p>Details about the EKS cluster involved in a Kubernetes finding.</p>"
+    },
     "Email":{
       "type":"string",
       "max":64,
@@ -2210,7 +2316,7 @@
       "members":{
         "AdminAccountId":{
           "shape":"String",
-          "documentation":"<p>The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator.</p>",
+          "documentation":"<p>The Amazon Web Services Account ID for the organization account to be enabled as a GuardDuty delegated administrator.</p>",
           "locationName":"adminAccountId"
         }
       }
@@ -2694,7 +2800,7 @@
         },
         "Location":{
           "shape":"Location",
-          "documentation":"<p>The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
+          "documentation":"<p>The URI of the file that contains the IPSet.</p>",
           "locationName":"location"
         },
         "Status":{
@@ -2867,7 +2973,7 @@
         },
         "Location":{
           "shape":"Location",
-          "documentation":"<p>The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
+          "documentation":"<p>The URI of the file that contains the ThreatIntelSet. </p>",
           "locationName":"location"
         },
         "Status":{
@@ -2938,10 +3044,25 @@
         }
       }
     },
+    "Groups":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
     "GuardDutyArn":{
       "type":"string",
       "pattern":"^arn:[A-Za-z_.-]{1,20}:guardduty:[A-Za-z0-9_/.-]{0,63}:\\d+:detector/[A-Za-z0-9_/.-]{32,264}$"
     },
+    "HostPath":{
+      "type":"structure",
+      "members":{
+        "Path":{
+          "shape":"String",
+          "documentation":"<p>Path of the file or directory on the host that the volume maps to.</p>",
+          "locationName":"path"
+        }
+      },
+      "documentation":"<p>Represents a pre-existing file or directory on the host machine that the volume maps to.</p>"
+    },
     "IamInstanceProfile":{
       "type":"structure",
       "members":{
@@ -2998,7 +3119,7 @@
         },
         "OutpostArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable to AWS Outposts instances.</p>",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Web Services Outpost. Only applicable to Amazon Web Services Outposts instances.</p>",
           "locationName":"outpostArn"
         },
         "LaunchTime":{
@@ -3158,6 +3279,172 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "KubernetesApiCallAction":{
+      "type":"structure",
+      "members":{
+        "RequestUri":{
+          "shape":"String",
+          "documentation":"<p>The Kubernetes API request URI.</p>",
+          "locationName":"requestUri"
+        },
+        "Verb":{
+          "shape":"String",
+          "documentation":"<p>The Kubernetes API request HTTP verb.</p>",
+          "locationName":"verb"
+        },
+        "SourceIps":{
+          "shape":"SourceIps",
+          "documentation":"<p>The IP of the Kubernetes API caller and the IPs of any proxies or load balancers between the caller and the API endpoint.</p>",
+          "locationName":"sourceIps"
+        },
+        "UserAgent":{
+          "shape":"String",
+          "documentation":"<p>The user agent of the caller of the Kubernetes API.</p>",
+          "locationName":"userAgent"
+        },
+        "RemoteIpDetails":{
+          "shape":"RemoteIpDetails",
+          "locationName":"remoteIpDetails"
+        },
+        "StatusCode":{
+          "shape":"Integer",
+          "documentation":"<p>The resulting HTTP response code of the Kubernetes API call action.</p>",
+          "locationName":"statusCode"
+        },
+        "Parameters":{
+          "shape":"String",
+          "documentation":"<p>Parameters related to the Kubernetes API call action.</p>",
+          "locationName":"parameters"
+        }
+      },
+      "documentation":"<p>Information about the Kubernetes API call action described in this finding.</p>"
+    },
+    "KubernetesAuditLogsConfiguration":{
+      "type":"structure",
+      "required":["Enable"],
+      "members":{
+        "Enable":{
+          "shape":"Boolean",
+          "documentation":"<p>The status of Kubernetes audit logs as a data source.</p>",
+          "locationName":"enable"
+        }
+      },
+      "documentation":"<p>Describes whether Kubernetes audit logs are enabled as a data source.</p>"
+    },
+    "KubernetesAuditLogsConfigurationResult":{
+      "type":"structure",
+      "required":["Status"],
+      "members":{
+        "Status":{
+          "shape":"DataSourceStatus",
+          "documentation":"<p>A value that describes whether Kubernetes audit logs are enabled as a data source.</p>",
+          "locationName":"status"
+        }
+      },
+      "documentation":"<p>Describes whether Kubernetes audit logs are enabled as a data source.</p>"
+    },
+    "KubernetesConfiguration":{
+      "type":"structure",
+      "required":["AuditLogs"],
+      "members":{
+        "AuditLogs":{
+          "shape":"KubernetesAuditLogsConfiguration",
+          "documentation":"<p>The status of Kubernetes audit logs as a data source.</p>",
+          "locationName":"auditLogs"
+        }
+      },
+      "documentation":"<p>Describes whether any Kubernetes data sources are enabled.</p>"
+    },
+    "KubernetesConfigurationResult":{
+      "type":"structure",
+      "required":["AuditLogs"],
+      "members":{
+        "AuditLogs":{
+          "shape":"KubernetesAuditLogsConfigurationResult",
+          "documentation":"<p>Describes whether Kubernetes audit logs are enabled as a data source.</p>",
+          "locationName":"auditLogs"
+        }
+      },
+      "documentation":"<p>Describes whether any Kubernetes logs will be enabled as a data source.</p>"
+    },
+    "KubernetesDetails":{
+      "type":"structure",
+      "members":{
+        "KubernetesUserDetails":{
+          "shape":"KubernetesUserDetails",
+          "documentation":"<p>Details about the Kubernetes user involved in a Kubernetes finding.</p>",
+          "locationName":"kubernetesUserDetails"
+        },
+        "KubernetesWorkloadDetails":{
+          "shape":"KubernetesWorkloadDetails",
+          "documentation":"<p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>",
+          "locationName":"kubernetesWorkloadDetails"
+        }
+      },
+      "documentation":"<p>Details about Kubernetes resources such as a Kubernetes user or workload resource involved in a Kubernetes finding.</p>"
+    },
+    "KubernetesUserDetails":{
+      "type":"structure",
+      "members":{
+        "Username":{
+          "shape":"String",
+          "documentation":"<p>The username of the user who called the Kubernetes API.</p>",
+          "locationName":"username"
+        },
+        "Uid":{
+          "shape":"String",
+          "documentation":"<p>The user ID of the user who called the Kubernetes API.</p>",
+          "locationName":"uid"
+        },
+        "Groups":{
+          "shape":"Groups",
+          "documentation":"<p>The groups that include the user who called the Kubernetes API.</p>",
+          "locationName":"groups"
+        }
+      },
+      "documentation":"<p>Details about the Kubernetes user involved in a Kubernetes finding.</p>"
+    },
+    "KubernetesWorkloadDetails":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Kubernetes workload name.</p>",
+          "locationName":"name"
+        },
+        "Type":{
+          "shape":"String",
+          "documentation":"<p>Kubernetes workload type (e.g. Pod, Deployment, etc.).</p>",
+          "locationName":"type"
+        },
+        "Uid":{
+          "shape":"String",
+          "documentation":"<p>Kubernetes workload ID.</p>",
+          "locationName":"uid"
+        },
+        "Namespace":{
+          "shape":"String",
+          "documentation":"<p>Kubernetes namespace that the workload is part of.</p>",
+          "locationName":"namespace"
+        },
+        "HostNetwork":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the hostNetwork flag is enabled for the pods included in the workload.</p>",
+          "locationName":"hostNetwork"
+        },
+        "Containers":{
+          "shape":"Containers",
+          "documentation":"<p>Containers running as part of the Kubernetes workload.</p>",
+          "locationName":"containers"
+        },
+        "Volumes":{
+          "shape":"Volumes",
+          "documentation":"<p>Volumes used by the Kubernetes workload.</p>",
+          "locationName":"volumes"
+        }
+      },
+      "documentation":"<p>Details about the Kubernetes workload involved in a Kubernetes finding.</p>"
+    },
     "ListDetectorsRequest":{
       "type":"structure",
       "members":{
@@ -3243,7 +3530,7 @@
         },
         "FindingCriteria":{
           "shape":"FindingCriteria",
-          "documentation":"<p>Represents the criteria used for querying findings. Valid values include:</p> <ul> <li> <p>JSON field name</p> </li> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: Timestamp in Unix Epoch millisecond format: 1486685375000</p> </li> </ul>",
+          "documentation":"<p>Represents the criteria used for querying findings. Valid values include:</p> <ul> <li> <p>JSON field name</p> </li> <li> <p>accountId</p> </li> <li> <p>region</p> </li> <li> <p>confidence</p> </li> <li> <p>id</p> </li> <li> <p>resource.accessKeyDetails.accessKeyId</p> </li> <li> <p>resource.accessKeyDetails.principalId</p> </li> <li> <p>resource.accessKeyDetails.userName</p> </li> <li> <p>resource.accessKeyDetails.userType</p> </li> <li> <p>resource.instanceDetails.iamInstanceProfile.id</p> </li> <li> <p>resource.instanceDetails.imageId</p> </li> <li> <p>resource.instanceDetails.instanceId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.ipv6Addresses</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicDnsName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.publicIp</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.securityGroups.groupName</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.subnetId</p> </li> <li> <p>resource.instanceDetails.networkInterfaces.vpcId</p> </li> <li> <p>resource.instanceDetails.tags.key</p> </li> <li> <p>resource.instanceDetails.tags.value</p> </li> <li> <p>resource.resourceType</p> </li> <li> <p>service.action.actionType</p> </li> <li> <p>service.action.awsApiCallAction.api</p> </li> <li> <p>service.action.awsApiCallAction.callerType</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.city.cityName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.awsApiCallAction.serviceName</p> </li> <li> <p>service.action.dnsRequestAction.domain</p> </li> <li> <p>service.action.networkConnectionAction.blocked</p> </li> <li> <p>service.action.networkConnectionAction.connectionDirection</p> </li> <li> <p>service.action.networkConnectionAction.localPortDetails.port</p> </li> <li> <p>service.action.networkConnectionAction.protocol</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.country.countryName</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.ipAddressV4</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asn</p> </li> <li> <p>service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg</p> </li> <li> <p>service.action.networkConnectionAction.remotePortDetails.port</p> </li> <li> <p>service.additionalInfo.threatListName</p> </li> <li> <p>service.archived</p> <p>When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.</p> </li> <li> <p>service.resourceRole</p> </li> <li> <p>severity</p> </li> <li> <p>type</p> </li> <li> <p>updatedAt</p> <p>Type: Timestamp in Unix Epoch millisecond format: 1486685375000</p> </li> </ul>",
           "locationName":"findingCriteria"
         },
         "SortCriteria":{
@@ -3828,6 +4115,11 @@
           "shape":"OrganizationS3LogsConfiguration",
           "documentation":"<p>Describes whether S3 data event logs are enabled for new members of the organization.</p>",
           "locationName":"s3Logs"
+        },
+        "Kubernetes":{
+          "shape":"OrganizationKubernetesConfiguration",
+          "documentation":"<p>Describes the configuration of Kubernetes data sources for new members of the organization.</p>",
+          "locationName":"kubernetes"
         }
       },
       "documentation":"<p>An object that contains information on which data sources will be configured to be automatically enabled for new members within the organization.</p>"
@@ -3840,10 +4132,63 @@
           "shape":"OrganizationS3LogsConfigurationResult",
           "documentation":"<p>Describes whether S3 data event logs are enabled as a data source.</p>",
           "locationName":"s3Logs"
+        },
+        "Kubernetes":{
+          "shape":"OrganizationKubernetesConfigurationResult",
+          "documentation":"<p>Describes the configuration of Kubernetes data sources.</p>",
+          "locationName":"kubernetes"
         }
       },
       "documentation":"<p>An object that contains information on which data sources are automatically enabled for new members within the organization.</p>"
     },
+    "OrganizationKubernetesAuditLogsConfiguration":{
+      "type":"structure",
+      "required":["AutoEnable"],
+      "members":{
+        "AutoEnable":{
+          "shape":"Boolean",
+          "documentation":"<p>A value that contains information on whether Kubernetes audit logs should be enabled automatically as a data source for the organization.</p>",
+          "locationName":"autoEnable"
+        }
+      },
+      "documentation":"<p>Organization-wide Kubernetes audit logs configuration.</p>"
+    },
+    "OrganizationKubernetesAuditLogsConfigurationResult":{
+      "type":"structure",
+      "required":["AutoEnable"],
+      "members":{
+        "AutoEnable":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.</p>",
+          "locationName":"autoEnable"
+        }
+      },
+      "documentation":"<p>The current configuration of Kubernetes audit logs as a data source for the organization.</p>"
+    },
+    "OrganizationKubernetesConfiguration":{
+      "type":"structure",
+      "required":["AuditLogs"],
+      "members":{
+        "AuditLogs":{
+          "shape":"OrganizationKubernetesAuditLogsConfiguration",
+          "documentation":"<p>Whether Kubernetes audit logs data source should be auto-enabled for new members joining the organization.</p>",
+          "locationName":"auditLogs"
+        }
+      },
+      "documentation":"<p>Organization-wide Kubernetes data sources configurations.</p>"
+    },
+    "OrganizationKubernetesConfigurationResult":{
+      "type":"structure",
+      "required":["AuditLogs"],
+      "members":{
+        "AuditLogs":{
+          "shape":"OrganizationKubernetesAuditLogsConfigurationResult",
+          "documentation":"<p>The current configuration of Kubernetes audit logs as a data source for the organization.</p>",
+          "locationName":"auditLogs"
+        }
+      },
+      "documentation":"<p>The current configuration of all Kubernetes data sources for the organization.</p>"
+    },
     "OrganizationS3LogsConfiguration":{
       "type":"structure",
       "required":["AutoEnable"],
@@ -4003,6 +4348,22 @@
       "max":300,
       "min":1
     },
+    "RemoteAccountDetails":{
+      "type":"structure",
+      "members":{
+        "AccountId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account ID of the remote API caller.</p>",
+          "locationName":"accountId"
+        },
+        "Affiliated":{
+          "shape":"Boolean",
+          "documentation":"<p>Details on whether the Amazon Web Services account of the remote API caller is related to your GuardDuty environment. If this value is <code>True</code> the API caller is affiliated to your account in some way. If it is <code>False</code> the API caller is from outside your environment.</p>",
+          "locationName":"affiliated"
+        }
+      },
+      "documentation":"<p>Contains details about the remote Amazon Web Services account that made the API call.</p>"
+    },
     "RemoteIpDetails":{
       "type":"structure",
       "members":{
@@ -4068,13 +4429,23 @@
           "documentation":"<p>The information about the EC2 instance associated with the activity that prompted GuardDuty to generate a finding.</p>",
           "locationName":"instanceDetails"
         },
+        "EksClusterDetails":{
+          "shape":"EksClusterDetails",
+          "documentation":"<p>Details about the EKS cluster involved in a Kubernetes finding.</p>",
+          "locationName":"eksClusterDetails"
+        },
+        "KubernetesDetails":{
+          "shape":"KubernetesDetails",
+          "documentation":"<p>Details about the Kubernetes user and workload involved in a Kubernetes finding.</p>",
+          "locationName":"kubernetesDetails"
+        },
         "ResourceType":{
           "shape":"String",
-          "documentation":"<p>The type of AWS resource.</p>",
+          "documentation":"<p>The type of Amazon Web Services resource.</p>",
           "locationName":"resourceType"
         }
       },
-      "documentation":"<p>Contains information about the AWS resource associated with the activity that prompted GuardDuty to generate a finding.</p>"
+      "documentation":"<p>Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.</p>"
     },
     "ResourceList":{
       "type":"list",
@@ -4154,6 +4525,17 @@
       },
       "documentation":"<p>Describes whether S3 data event logs will be enabled as a data source.</p>"
     },
+    "SecurityContext":{
+      "type":"structure",
+      "members":{
+        "Privileged":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the container is privileged.</p>",
+          "locationName":"privileged"
+        }
+      },
+      "documentation":"<p>Container security context.</p>"
+    },
     "SecurityGroup":{
       "type":"structure",
       "members":{
@@ -4219,7 +4601,7 @@
         },
         "ServiceName":{
           "shape":"String",
-          "documentation":"<p>The name of the AWS service (GuardDuty) that generated a finding.</p>",
+          "documentation":"<p>The name of the Amazon Web Services service (GuardDuty) that generated a finding.</p>",
           "locationName":"serviceName"
         },
         "UserFeedback":{
@@ -4246,6 +4628,10 @@
       },
       "documentation":"<p>Contains information about the criteria used for sorting findings.</p>"
     },
+    "SourceIps":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
     "StartMonitoringMembersRequest":{
       "type":"structure",
       "required":[
@@ -4485,7 +4871,7 @@
       "members":{
         "AccountId":{
           "shape":"AccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The Amazon Web Services account ID.</p>",
           "locationName":"accountId"
         },
         "Result":{
@@ -4674,7 +5060,7 @@
         },
         "Location":{
           "shape":"Location",
-          "documentation":"<p>The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.</p>",
+          "documentation":"<p>The updated URI of the file that contains the IPSet. </p>",
           "locationName":"location"
         },
         "Activate":{
@@ -4894,7 +5280,7 @@
       "members":{
         "Resource":{
           "shape":"String",
-          "documentation":"<p>The AWS resource that generated usage.</p>",
+          "documentation":"<p>The Amazon Web Services resource that generated usage.</p>",
           "locationName":"resource"
         },
         "Total":{
@@ -4903,7 +5289,7 @@
           "locationName":"total"
         }
       },
-      "documentation":"<p>Contains information on the sum of usage based on an AWS resource.</p>"
+      "documentation":"<p>Contains information on the sum of usage based on an Amazon Web Services resource.</p>"
     },
     "UsageResourceResultList":{
       "type":"list",
@@ -4943,7 +5329,47 @@
         }
       },
       "documentation":"<p>Contains the result of GuardDuty usage. If a UsageStatisticType is provided the result for other types will be null. </p>"
+    },
+    "Volume":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Volume name.</p>",
+          "locationName":"name"
+        },
+        "HostPath":{
+          "shape":"HostPath",
+          "documentation":"<p>Represents a pre-existing file or directory on the host machine that the volume maps to.</p>",
+          "locationName":"hostPath"
+        }
+      },
+      "documentation":"<p>Volume used by the Kubernetes workload.</p>"
+    },
+    "VolumeMount":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Volume mount name.</p>",
+          "locationName":"name"
+        },
+        "MountPath":{
+          "shape":"String",
+          "documentation":"<p>Volume mount path.</p>",
+          "locationName":"mountPath"
+        }
+      },
+      "documentation":"<p>Container volume mount.</p>"
+    },
+    "VolumeMounts":{
+      "type":"list",
+      "member":{"shape":"VolumeMount"}
+    },
+    "Volumes":{
+      "type":"list",
+      "member":{"shape":"Volume"}
     }
   },
-  "documentation":"<p>Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your AWS environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin. </p> <p>GuardDuty also monitors AWS account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. </p> <p>GuardDuty informs you of the status of your AWS environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the <i> <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html\">Amazon GuardDuty User Guide</a> </i>. </p>"
+  "documentation":"<p>Amazon GuardDuty is a continuous security monitoring service that analyzes and processes the following data sources: VPC Flow Logs, Amazon Web Services CloudTrail event logs, and DNS logs. It uses threat intelligence feeds (such as lists of malicious IPs and domains) and machine learning to identify unexpected, potentially unauthorized, and malicious activity within your Amazon Web Services environment. This can include issues like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains. For example, GuardDuty can detect compromised EC2 instances that serve malware or mine bitcoin. </p> <p>GuardDuty also monitors Amazon Web Services account access behavior for signs of compromise. Some examples of this are unauthorized infrastructure deployments such as EC2 instances deployed in a Region that has never been used, or unusual API calls like a password policy change to reduce password strength. </p> <p>GuardDuty informs you of the status of your Amazon Web Services environment by producing security findings that you can view in the GuardDuty console or through Amazon CloudWatch events. For more information, see the <i> <a href=\"https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html\">Amazon GuardDuty User Guide</a> </i>. </p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/health/2016-08-04/service-2.json b/contrib/python/botocore/py3/botocore/data/health/2016-08-04/service-2.json
index 4f1a0bd8533..9650d18bbd2 100644
--- a/contrib/python/botocore/py3/botocore/data/health/2016-08-04/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/health/2016-08-04/service-2.json
@@ -24,7 +24,7 @@
       "errors":[
         {"shape":"InvalidPaginationToken"}
       ],
-      "documentation":"<p>Returns a list of accounts in the organization from AWS Organizations that are affected by the provided event. For more information about the different types of AWS Health events, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>. </p> <p>Before you can call this operation, you must first enable AWS Health to work with AWS Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
+      "documentation":"<p>Returns a list of accounts in the organization from Organizations that are affected by the provided event. For more information about the different types of Health events, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>. </p> <p>Before you can call this operation, you must first enable Health to work with Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
       "idempotent":true
     },
     "DescribeAffectedEntities":{
@@ -39,7 +39,7 @@
         {"shape":"InvalidPaginationToken"},
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns a list of entities that have been affected by the specified events, based on the specified filter criteria. Entities can refer to individual customer resources, groups of customer resources, or any other construct, depending on the AWS service. Events that have impact beyond that of the affected entities, or where the extent of impact is unknown, include at least one entity indicating this.</p> <p>At least one event ARN is required. Results are sorted by the <code>lastUpdatedTime</code> of the entity, starting with the most recent.</p> <note> <ul> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> <li> <p>This operation supports resource-level permissions. You can use this operation to allow or deny access to specific AWS Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>AWS Health User Guide</i>.</p> </li> </ul> </note>",
+      "documentation":"<p>Returns a list of entities that have been affected by the specified events, based on the specified filter criteria. Entities can refer to individual customer resources, groups of customer resources, or any other construct, depending on the Amazon Web Services service. Events that have impact beyond that of the affected entities, or where the extent of impact is unknown, include at least one entity indicating this.</p> <p>At least one event ARN is required.</p> <note> <ul> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> <li> <p>This operation supports resource-level permissions. You can use this operation to allow or deny access to specific Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>Health User Guide</i>.</p> </li> </ul> </note>",
       "idempotent":true
     },
     "DescribeAffectedEntitiesForOrganization":{
@@ -54,7 +54,7 @@
         {"shape":"InvalidPaginationToken"},
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns a list of entities that have been affected by one or more events for one or more accounts in your organization in AWS Organizations, based on the filter criteria. Entities can refer to individual customer resources, groups of customer resources, or any other construct, depending on the AWS service.</p> <p>At least one event Amazon Resource Name (ARN) and account ID are required. Results are sorted by the <code>lastUpdatedTime</code> of the entity, starting with the most recent.</p> <p>Before you can call this operation, you must first enable AWS Health to work with AWS Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <ul> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> <li> <p>This operation doesn't support resource-level permissions. You can't use this operation to allow or deny access to specific AWS Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>AWS Health User Guide</i>.</p> </li> </ul> </note>",
+      "documentation":"<p>Returns a list of entities that have been affected by one or more events for one or more accounts in your organization in Organizations, based on the filter criteria. Entities can refer to individual customer resources, groups of customer resources, or any other construct, depending on the Amazon Web Services service.</p> <p>At least one event Amazon Resource Name (ARN) and account ID are required.</p> <p>Before you can call this operation, you must first enable Health to work with Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <ul> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> <li> <p>This operation doesn't support resource-level permissions. You can't use this operation to allow or deny access to specific Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>Health User Guide</i>.</p> </li> </ul> </note>",
       "idempotent":true
     },
     "DescribeEntityAggregates":{
@@ -65,7 +65,7 @@
       },
       "input":{"shape":"DescribeEntityAggregatesRequest"},
       "output":{"shape":"DescribeEntityAggregatesResponse"},
-      "documentation":"<p>Returns the number of entities that are affected by each of the specified events. If no events are specified, the counts of all affected entities are returned.</p>",
+      "documentation":"<p>Returns the number of entities that are affected by each of the specified events.</p>",
       "idempotent":true
     },
     "DescribeEventAggregates":{
@@ -93,7 +93,7 @@
       "errors":[
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns detailed information about one or more specified events. Information includes standard event data (AWS Region, service, and so on, as returned by <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEvents.html\">DescribeEvents</a>), a detailed event description, and possible additional metadata that depends upon the nature of the event. Affected entities are not included. To retrieve the entities, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntities.html\">DescribeAffectedEntities</a> operation.</p> <p>If a specified event can't be retrieved, an error message is returned for that event.</p> <note> <p>This operation supports resource-level permissions. You can use this operation to allow or deny access to specific AWS Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>AWS Health User Guide</i>.</p> </note>",
+      "documentation":"<p>Returns detailed information about one or more specified events. Information includes standard event data (Amazon Web Services Region, service, and so on, as returned by <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEvents.html\">DescribeEvents</a>), a detailed event description, and possible additional metadata that depends upon the nature of the event. Affected entities are not included. To retrieve the entities, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntities.html\">DescribeAffectedEntities</a> operation.</p> <p>If a specified event can't be retrieved, an error message is returned for that event.</p> <note> <p>This operation supports resource-level permissions. You can use this operation to allow or deny access to specific Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>Health User Guide</i>.</p> </note>",
       "idempotent":true
     },
     "DescribeEventDetailsForOrganization":{
@@ -107,7 +107,7 @@
       "errors":[
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns detailed information about one or more specified events for one or more AWS accounts in your organization. This information includes standard event data (such as the AWS Region and service), an event description, and (depending on the event) possible metadata. This operation doesn't return affected entities, such as the resources related to the event. To return affected entities, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntitiesForOrganization.html\">DescribeAffectedEntitiesForOrganization</a> operation.</p> <note> <p>Before you can call this operation, you must first enable AWS Health to work with AWS Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> </note> <p>When you call the <code>DescribeEventDetailsForOrganization</code> operation, specify the <code>organizationEventDetailFilters</code> object in the request. Depending on the AWS Health event type, note the following differences:</p> <ul> <li> <p>To return event details for a public event, you must specify a null value for the <code>awsAccountId</code> parameter. If you specify an account ID for a public event, AWS Health returns an error message because public events aren't specific to an account.</p> </li> <li> <p>To return event details for an event that is specific to an account in your organization, you must specify the <code>awsAccountId</code> parameter in the request. If you don't specify an account ID, AWS Health returns an error message because the event is specific to an account in your organization. </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> <note> <p>This operation doesn't support resource-level permissions. You can't use this operation to allow or deny access to specific AWS Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>AWS Health User Guide</i>.</p> </note>",
+      "documentation":"<p>Returns detailed information about one or more specified events for one or more Amazon Web Services accounts in your organization. This information includes standard event data (such as the Amazon Web Services Region and service), an event description, and (depending on the event) possible metadata. This operation doesn't return affected entities, such as the resources related to the event. To return affected entities, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntitiesForOrganization.html\">DescribeAffectedEntitiesForOrganization</a> operation.</p> <note> <p>Before you can call this operation, you must first enable Health to work with Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> </note> <p>When you call the <code>DescribeEventDetailsForOrganization</code> operation, specify the <code>organizationEventDetailFilters</code> object in the request. Depending on the Health event type, note the following differences:</p> <ul> <li> <p>To return event details for a public event, you must specify a null value for the <code>awsAccountId</code> parameter. If you specify an account ID for a public event, Health returns an error message because public events aren't specific to an account.</p> </li> <li> <p>To return event details for an event that is specific to an account in your organization, you must specify the <code>awsAccountId</code> parameter in the request. If you don't specify an account ID, Health returns an error message because the event is specific to an account in your organization. </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> <note> <p>This operation doesn't support resource-level permissions. You can't use this operation to allow or deny access to specific Health events. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html#resource-action-based-conditions\">Resource- and action-based conditions</a> in the <i>Health User Guide</i>.</p> </note>",
       "idempotent":true
     },
     "DescribeEventTypes":{
@@ -122,7 +122,7 @@
         {"shape":"InvalidPaginationToken"},
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns the event types that meet the specified filter criteria. You can use this API operation to find information about the AWS Health event, such as the category, AWS service, and event code. The metadata for each event appears in the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EventType.html\">EventType</a> object. </p> <p>If you don't specify a filter criteria, the API operation returns all event types, in no particular order. </p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
+      "documentation":"<p>Returns the event types that meet the specified filter criteria. You can use this API operation to find information about the Health event, such as the category, Amazon Web Services service, and event code. The metadata for each event appears in the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EventType.html\">EventType</a> object. </p> <p>If you don't specify a filter criteria, the API operation returns all event types, in no particular order. </p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
       "idempotent":true
     },
     "DescribeEvents":{
@@ -137,7 +137,7 @@
         {"shape":"InvalidPaginationToken"},
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p> Returns information about events that meet the specified filter criteria. Events are returned in a summary form and do not include the detailed description, any additional metadata that depends on the event type, or any affected resources. To retrieve that information, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetails.html\">DescribeEventDetails</a> and <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntities.html\">DescribeAffectedEntities</a> operations.</p> <p>If no filter criteria are specified, all events are returned. Results are sorted by <code>lastModifiedTime</code>, starting with the most recent event.</p> <note> <ul> <li> <p>When you call the <code>DescribeEvents</code> operation and specify an entity for the <code>entityValues</code> parameter, AWS Health might return public events that aren't specific to that resource. For example, if you call <code>DescribeEvents</code> and specify an ID for an Amazon Elastic Compute Cloud (Amazon EC2) instance, AWS Health might return events that aren't specific to that resource or service. To get events that are specific to a service, use the <code>services</code> parameter in the <code>filter</code> object. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> </li> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> </ul> </note>",
+      "documentation":"<p> Returns information about events that meet the specified filter criteria. Events are returned in a summary form and do not include the detailed description, any additional metadata that depends on the event type, or any affected resources. To retrieve that information, use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetails.html\">DescribeEventDetails</a> and <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntities.html\">DescribeAffectedEntities</a> operations.</p> <p>If no filter criteria are specified, all events are returned. Results are sorted by <code>lastModifiedTime</code>, starting with the most recent event.</p> <note> <ul> <li> <p>When you call the <code>DescribeEvents</code> operation and specify an entity for the <code>entityValues</code> parameter, Health might return public events that aren't specific to that resource. For example, if you call <code>DescribeEvents</code> and specify an ID for an Amazon Elastic Compute Cloud (Amazon EC2) instance, Health might return events that aren't specific to that resource or service. To get events that are specific to a service, use the <code>services</code> parameter in the <code>filter</code> object. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> </li> <li> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </li> </ul> </note>",
       "idempotent":true
     },
     "DescribeEventsForOrganization":{
@@ -152,7 +152,7 @@
         {"shape":"InvalidPaginationToken"},
         {"shape":"UnsupportedLocale"}
       ],
-      "documentation":"<p>Returns information about events across your organization in AWS Organizations. You can use the<code>filters</code> parameter to specify the events that you want to return. Events are returned in a summary form and don't include the affected accounts, detailed description, any additional metadata that depends on the event type, or any affected resources. To retrieve that information, use the following operations:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedAccountsForOrganization.html\">DescribeAffectedAccountsForOrganization</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetailsForOrganization.html\">DescribeEventDetailsForOrganization</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntitiesForOrganization.html\">DescribeAffectedEntitiesForOrganization</a> </p> </li> </ul> <p>If you don't specify a <code>filter</code>, the <code>DescribeEventsForOrganizations</code> returns all events across your organization. Results are sorted by <code>lastModifiedTime</code>, starting with the most recent event. </p> <p>For more information about the different types of AWS Health events, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> <p>Before you can call this operation, you must first enable AWS Health to work with AWS Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
+      "documentation":"<p>Returns information about events across your organization in Organizations. You can use the<code>filters</code> parameter to specify the events that you want to return. Events are returned in a summary form and don't include the affected accounts, detailed description, any additional metadata that depends on the event type, or any affected resources. To retrieve that information, use the following operations:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedAccountsForOrganization.html\">DescribeAffectedAccountsForOrganization</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetailsForOrganization.html\">DescribeEventDetailsForOrganization</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntitiesForOrganization.html\">DescribeAffectedEntitiesForOrganization</a> </p> </li> </ul> <p>If you don't specify a <code>filter</code>, the <code>DescribeEventsForOrganizations</code> returns all events across your organization. Results are sorted by <code>lastModifiedTime</code>, starting with the most recent event. </p> <p>For more information about the different types of Health events, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html\">Event</a>.</p> <p>Before you can call this operation, you must first enable Health to work with Organizations. To do this, call the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EnableHealthServiceAccessForOrganization.html\">EnableHealthServiceAccessForOrganization</a> operation from your organization's management account.</p> <note> <p>This API operation uses pagination. Specify the <code>nextToken</code> parameter in the next request to return more results.</p> </note>",
       "idempotent":true
     },
     "DescribeHealthServiceStatusForOrganization":{
@@ -162,7 +162,7 @@
         "requestUri":"/"
       },
       "output":{"shape":"DescribeHealthServiceStatusForOrganizationResponse"},
-      "documentation":"<p>This operation provides status information on enabling or disabling AWS Health to work with your organization. To call this operation, you must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.</p>",
+      "documentation":"<p>This operation provides status information on enabling or disabling Health to work with your organization. To call this operation, you must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.</p>",
       "idempotent":true
     },
     "DisableHealthServiceAccessForOrganization":{
@@ -174,7 +174,7 @@
       "errors":[
         {"shape":"ConcurrentModificationException"}
       ],
-      "documentation":"<p>Disables AWS Health from working with AWS Organizations. To call this operation, you must sign in as an AWS Identity and Access Management (IAM) user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating AWS Health events</a> in the <i>AWS Health User Guide</i>.</p> <p>This operation doesn't remove the service-linked role from the management account in your organization. You must use the IAM console, API, or AWS Command Line Interface (AWS CLI) to remove the service-linked role. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role\">Deleting a Service-Linked Role</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can also disable the organizational feature by using the Organizations <a href=\"https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html\">DisableAWSServiceAccess</a> API operation. After you call this operation, AWS Health stops aggregating events for all other AWS accounts in your organization. If you call the AWS Health API operations for organizational view, AWS Health returns an error. AWS Health continues to aggregate health events for your AWS account.</p> </note>",
+      "documentation":"<p>Disables Health from working with Organizations. To call this operation, you must sign in as an Identity and Access Management (IAM) user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating Health events</a> in the <i>Health User Guide</i>.</p> <p>This operation doesn't remove the service-linked role from the management account in your organization. You must use the IAM console, API, or Command Line Interface (CLI) to remove the service-linked role. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html#delete-service-linked-role\">Deleting a Service-Linked Role</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can also disable the organizational feature by using the Organizations <a href=\"https://docs.aws.amazon.com/organizations/latest/APIReference/API_DisableAWSServiceAccess.html\">DisableAWSServiceAccess</a> API operation. After you call this operation, Health stops aggregating events for all other Amazon Web Services accounts in your organization. If you call the Health API operations for organizational view, Health returns an error. Health continues to aggregate health events for your Amazon Web Services account.</p> </note>",
       "idempotent":true
     },
     "EnableHealthServiceAccessForOrganization":{
@@ -186,7 +186,7 @@
       "errors":[
         {"shape":"ConcurrentModificationException"}
       ],
-      "documentation":"<p>Enables AWS Health to work with AWS Organizations. You can use the organizational view feature to aggregate events from all AWS accounts in your organization in a centralized location. </p> <p>This operation also creates a service-linked role for the management account in the organization. </p> <note> <p>To call this operation, you must meet the following requirements:</p> <ul> <li> <p>You must have a Business or Enterprise Support plan from <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a> to use the AWS Health API. If you call the AWS Health API from an AWS account that doesn't have a Business or Enterprise Support plan, you receive a <code>SubscriptionRequiredException</code> error.</p> </li> <li> <p>You must have permission to call this operation from the organization's management account. For example IAM policies, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html\">AWS Health identity-based policy examples</a>.</p> </li> </ul> </note> <p>If you don't have the required support plan, you can instead use the AWS Health console to enable the organizational view feature. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating AWS Health events</a> in the <i>AWS Health User Guide</i>.</p>",
+      "documentation":"<p>Enables Health to work with Organizations. You can use the organizational view feature to aggregate events from all Amazon Web Services accounts in your organization in a centralized location. </p> <p>This operation also creates a service-linked role for the management account in the organization. </p> <note> <p>To call this operation, you must meet the following requirements:</p> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan from <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a> to use the Health API. If you call the Health API from an Amazon Web Services account that doesn't have a Business, Enterprise On-Ramp, or Enterprise Support plan, you receive a <code>SubscriptionRequiredException</code> error.</p> </li> <li> <p>You must have permission to call this operation from the organization's management account. For example IAM policies, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/security_iam_id-based-policy-examples.html\">Health identity-based policy examples</a>.</p> </li> </ul> </note> <p>If you don't have the required support plan, you can instead use the Health console to enable the organizational view feature. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating Health events</a> in the <i>Health User Guide</i>.</p>",
       "idempotent":true
     }
   },
@@ -212,7 +212,7 @@
         },
         "awsAccountId":{
           "shape":"accountId",
-          "documentation":"<p>The 12-digit AWS account number that contains the affected entity.</p>"
+          "documentation":"<p>The 12-digit Amazon Web Services account number that contains the affected entity.</p>"
         },
         "lastUpdatedTime":{
           "shape":"timestamp",
@@ -278,7 +278,7 @@
         },
         "eventScopeCode":{
           "shape":"eventScopeCode",
-          "documentation":"<p>This parameter specifies if the AWS Health event is a public AWS service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected AWS accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have AWS accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
+          "documentation":"<p>This parameter specifies if the Health event is a public Amazon Web Services service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected Amazon Web Services accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have Amazon Web Services accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
         },
         "nextToken":{
           "shape":"nextToken",
@@ -594,7 +594,7 @@
       "members":{
         "healthServiceAccessStatusForOrganization":{
           "shape":"healthServiceAccessStatusForOrganization",
-          "documentation":"<p>Information about the status of enabling or disabling AWS Health Organizational View in your organization.</p> <p>Valid values are <code>ENABLED | DISABLED | PENDING</code>. </p>"
+          "documentation":"<p>Information about the status of enabling or disabling the Health organizational view feature in your organization.</p> <p>Valid values are <code>ENABLED | DISABLED | PENDING</code>. </p>"
         }
       }
     },
@@ -645,7 +645,7 @@
           "documentation":"<p>A list of entity status codes (<code>IMPAIRED</code>, <code>UNIMPAIRED</code>, or <code>UNKNOWN</code>).</p>"
         }
       },
-      "documentation":"<p>The values to use to filter results from the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_EntityFilter.html\">EntityFilter</a> operation.</p>"
+      "documentation":"<p>The values to use to filter results from the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntities.html\">DescribeAffectedEntities</a> operation.</p>"
     },
     "EntityList":{
       "type":"list",
@@ -660,7 +660,7 @@
         },
         "service":{
           "shape":"service",
-          "documentation":"<p>The AWS service that is affected by the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services service that is affected by the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
         },
         "eventTypeCode":{
           "shape":"eventTypeCode",
@@ -668,15 +668,15 @@
         },
         "eventTypeCategory":{
           "shape":"eventTypeCategory",
-          "documentation":"<p>The category of the event. Possible values are <code>issue</code>, <code>scheduledChange</code>, and <code>accountNotification</code>.</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         },
         "region":{
           "shape":"region",
-          "documentation":"<p>The AWS Region name of the event.</p>"
+          "documentation":"<p>The Amazon Web Services Region name of the event.</p>"
         },
         "availabilityZone":{
           "shape":"availabilityZone",
-          "documentation":"<p>The AWS Availability Zone of the event. For example, us-east-1a.</p>"
+          "documentation":"<p>The Amazon Web Services Availability Zone of the event. For example, us-east-1a.</p>"
         },
         "startTime":{
           "shape":"timestamp",
@@ -696,10 +696,10 @@
         },
         "eventScopeCode":{
           "shape":"eventScopeCode",
-          "documentation":"<p>This parameter specifies if the AWS Health event is a public AWS service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected AWS accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have AWS accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
+          "documentation":"<p>This parameter specifies if the Health event is a public Amazon Web Services service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected Amazon Web Services accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have Amazon Web Services accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Summary information about an AWS Health event.</p> <p>AWS Health events can be public or account-specific:</p> <ul> <li> <p> <i>Public events</i> might be service events that are not specific to an AWS account. For example, if there is an issue with an AWS Region, AWS Health provides information about the event, even if you don't use services or resources in that Region.</p> </li> <li> <p> <i>Account-specific</i> events are specific to either your AWS account or an account in your organization. For example, if there's an issue with Amazon Elastic Compute Cloud in a Region that you use, AWS Health provides information about the event and the affected resources in the account.</p> </li> </ul> <p>You can determine if an event is public or account-specific by using the <code>eventScopeCode</code> parameter. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html#AWSHealth-Type-Event-eventScopeCode\">eventScopeCode</a>.</p>"
+      "documentation":"<p>Summary information about an Health event.</p> <p>Health events can be public or account-specific:</p> <ul> <li> <p> <i>Public events</i> might be service events that are not specific to an Amazon Web Services account. For example, if there is an issue with an Amazon Web Services Region, Health provides information about the event, even if you don't use services or resources in that Region.</p> </li> <li> <p> <i>Account-specific</i> events are specific to either your Amazon Web Services account or an account in your organization. For example, if there's an issue with Amazon Elastic Compute Cloud in a Region that you use, Health provides information about the event and the affected resources in the account.</p> </li> </ul> <p>You can determine if an event is public or account-specific by using the <code>eventScopeCode</code> parameter. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html#AWSHealth-Type-Event-eventScopeCode\">eventScopeCode</a>.</p>"
     },
     "EventAccountFilter":{
       "type":"structure",
@@ -711,7 +711,7 @@
         },
         "awsAccountId":{
           "shape":"accountId",
-          "documentation":"<p>The 12-digit AWS account numbers that contains the affected entities.</p>"
+          "documentation":"<p>The 12-digit Amazon Web Services account numbers that contains the affected entities.</p>"
         }
       },
       "documentation":"<p>The values used to filter results from the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetailsForOrganization.html\">DescribeEventDetailsForOrganization</a> and <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeAffectedEntitiesForOrganization.html\">DescribeAffectedEntitiesForOrganization</a> operations.</p>"
@@ -799,15 +799,15 @@
         },
         "services":{
           "shape":"serviceList",
-          "documentation":"<p>The AWS services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
         },
         "regions":{
           "shape":"regionList",
-          "documentation":"<p>A list of AWS Regions.</p>"
+          "documentation":"<p>A list of Amazon Web Services Regions.</p>"
         },
         "availabilityZones":{
           "shape":"availabilityZones",
-          "documentation":"<p>A list of AWS Availability Zones.</p>"
+          "documentation":"<p>A list of Amazon Web Services Availability Zones.</p>"
         },
         "startTimes":{
           "shape":"dateTimeRangeList",
@@ -831,7 +831,7 @@
         },
         "eventTypeCategories":{
           "shape":"eventTypeCategoryList",
-          "documentation":"<p>A list of event type category codes (<code>issue</code>, <code>scheduledChange</code>, or <code>accountNotification</code>).</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         },
         "tags":{
           "shape":"tagFilter",
@@ -853,7 +853,7 @@
       "members":{
         "service":{
           "shape":"service",
-          "documentation":"<p>The AWS service that is affected by the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services service that is affected by the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
         },
         "code":{
           "shape":"eventTypeCode",
@@ -861,10 +861,10 @@
         },
         "category":{
           "shape":"eventTypeCategory",
-          "documentation":"<p>A list of event type category codes (<code>issue</code>, <code>scheduledChange</code>, or <code>accountNotification</code>).</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         }
       },
-      "documentation":"<p>Contains the metadata about a type of event that is reported by AWS Health. The <code>EventType</code> shows the category, service, and the event type code of the event. For example, an <code>issue</code> might be the category, <code>EC2</code> the service, and <code>AWS_EC2_SYSTEM_MAINTENANCE_EVENT</code> the event type code.</p> <p>You can use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventTypes.html\">DescribeEventTypes</a> API operation to return this information about an event.</p> <p>You can also use the Amazon CloudWatch Events console to create a rule so that you can get notified or take action when AWS Health delivers a specific event to your AWS account. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html\">Monitor for AWS Health events with Amazon CloudWatch Events</a> in the <i>AWS Health User Guide</i>.</p>"
+      "documentation":"<p>Contains the metadata about a type of event that is reported by Health. The <code>EventType</code> shows the category, service, and the event type code of the event. For example, an <code>issue</code> might be the category, <code>EC2</code> the service, and <code>AWS_EC2_SYSTEM_MAINTENANCE_EVENT</code> the event type code.</p> <p>You can use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventTypes.html\">DescribeEventTypes</a> API operation to return this information about an event.</p> <p>You can also use the Amazon CloudWatch Events console to create a rule so that you can get notified or take action when Health delivers a specific event to your Amazon Web Services account. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html\">Monitor for Health events with Amazon CloudWatch Events</a> in the <i>Health User Guide</i>.</p>"
     },
     "EventTypeCategoryList":{
       "type":"list",
@@ -887,11 +887,11 @@
         },
         "services":{
           "shape":"serviceList",
-          "documentation":"<p>The AWS services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
         },
         "eventTypeCategories":{
           "shape":"EventTypeCategoryList",
-          "documentation":"<p>A list of event type category codes (<code>issue</code>, <code>scheduledChange</code>, or <code>accountNotification</code>).</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         }
       },
       "documentation":"<p>The values to use to filter results from the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventTypes.html\">DescribeEventTypes</a> operation.</p>"
@@ -913,7 +913,7 @@
       "members":{
         "awsAccountId":{
           "shape":"accountId",
-          "documentation":"<p>The 12-digit AWS account numbers that contains the affected entities.</p>"
+          "documentation":"<p>The 12-digit Amazon Web Services account numbers that contains the affected entities.</p>"
         },
         "eventArn":{
           "shape":"eventArn",
@@ -945,7 +945,7 @@
         },
         "service":{
           "shape":"service",
-          "documentation":"<p>The AWS service that is affected by the event, such as EC2 and RDS.</p>"
+          "documentation":"<p>The Amazon Web Services service that is affected by the event, such as EC2 and RDS.</p>"
         },
         "eventTypeCode":{
           "shape":"eventTypeCode",
@@ -953,15 +953,15 @@
         },
         "eventTypeCategory":{
           "shape":"eventTypeCategory",
-          "documentation":"<p>The category of the event type.</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         },
         "eventScopeCode":{
           "shape":"eventScopeCode",
-          "documentation":"<p>This parameter specifies if the AWS Health event is a public AWS service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected AWS accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have AWS accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
+          "documentation":"<p>This parameter specifies if the Health event is a public Amazon Web Services service event or an account-specific event.</p> <ul> <li> <p>If the <code>eventScopeCode</code> value is <code>PUBLIC</code>, then the <code>affectedAccounts</code> value is always empty.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>ACCOUNT_SPECIFIC</code>, then the <code>affectedAccounts</code> value lists the affected Amazon Web Services accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have Amazon Web Services accounts that use that service, those account IDs appear in the response.</p> </li> <li> <p>If the <code>eventScopeCode</code> value is <code>NONE</code>, then the <code>eventArn</code> that you specified in the request is invalid or doesn't exist.</p> </li> </ul>"
         },
         "region":{
           "shape":"region",
-          "documentation":"<p>The AWS Region name of the event.</p>"
+          "documentation":"<p>The Amazon Web Services Region name of the event.</p>"
         },
         "startTime":{
           "shape":"timestamp",
@@ -993,7 +993,7 @@
       "members":{
         "awsAccountId":{
           "shape":"accountId",
-          "documentation":"<p>The 12-digit AWS account numbers that contains the affected entities.</p>"
+          "documentation":"<p>The 12-digit Amazon Web Services account numbers that contains the affected entities.</p>"
         },
         "event":{"shape":"Event"},
         "eventDescription":{"shape":"EventDescription"},
@@ -1021,7 +1021,7 @@
         },
         "errorMessage":{
           "shape":"string",
-          "documentation":"<p>A message that describes the error.</p> <p>If you call the <code>DescribeEventDetailsForOrganization</code> operation and receive one of the following errors, follow the recommendations in the message:</p> <ul> <li> <p>We couldn't find a public event that matches your request. To find an event that is account specific, you must enter an AWS account ID in the request.</p> </li> <li> <p>We couldn't find an account specific event for the specified AWS account. To find an event that is public, you must enter a null value for the AWS account ID in the request.</p> </li> <li> <p>Your AWS account doesn't include the AWS Support plan required to use the AWS Health API. You must have either a Business or Enterprise Support plan.</p> </li> </ul>"
+          "documentation":"<p>A message that describes the error.</p> <p>If you call the <code>DescribeEventDetailsForOrganization</code> operation and receive one of the following errors, follow the recommendations in the message:</p> <ul> <li> <p>We couldn't find a public event that matches your request. To find an event that is account specific, you must enter an Amazon Web Services account ID in the request.</p> </li> <li> <p>We couldn't find an account specific event for the specified Amazon Web Services account. To find an event that is public, you must enter a null value for the Amazon Web Services account ID in the request.</p> </li> <li> <p>Your Amazon Web Services account doesn't include the Amazon Web Services Support plan required to use the Health API. You must have either a Business, Enterprise On-Ramp, or Enterprise Support plan.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Error information returned when a <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_DescribeEventDetailsForOrganization.html\">DescribeEventDetailsForOrganization</a> operation can't find a specified event.</p>"
@@ -1035,15 +1035,15 @@
         },
         "awsAccountIds":{
           "shape":"awsAccountIdsList",
-          "documentation":"<p>A list of 12-digit AWS account numbers that contains the affected entities.</p>"
+          "documentation":"<p>A list of 12-digit Amazon Web Services account numbers that contains the affected entities.</p>"
         },
         "services":{
           "shape":"serviceList",
-          "documentation":"<p>The AWS services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services services associated with the event. For example, <code>EC2</code>, <code>RDS</code>.</p>"
         },
         "regions":{
           "shape":"regionList",
-          "documentation":"<p>A list of AWS Regions.</p>"
+          "documentation":"<p>A list of Amazon Web Services Regions.</p>"
         },
         "startTime":{"shape":"DateTimeRange"},
         "endTime":{"shape":"DateTimeRange"},
@@ -1058,7 +1058,7 @@
         },
         "eventTypeCategories":{
           "shape":"eventTypeCategoryList",
-          "documentation":"<p>A list of event type category codes (issue, scheduledChange, or accountNotification).</p>"
+          "documentation":"<p>A list of event type category codes. Possible values are <code>issue</code>, <code>accountNotification</code>, or <code>scheduledChange</code>. Currently, the <code>investigation</code> value isn't supported at this time.</p>"
         },
         "eventStatusCodes":{
           "shape":"eventStatusCodeList",
@@ -1306,5 +1306,5 @@
     },
     "timestamp":{"type":"timestamp"}
   },
-  "documentation":"<fullname>AWS Health</fullname> <p>The AWS Health API provides programmatic access to the AWS Health information that appears in the <a href=\"https://phd.aws.amazon.com/phd/home#/\">AWS Personal Health Dashboard</a>. You can use the API operations to get information about AWS Health events that affect your AWS services and resources.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan from <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a> to use the AWS Health API. If you call the AWS Health API from an AWS account that doesn't have a Business or Enterprise Support plan, you receive a <code>SubscriptionRequiredException</code> error.</p> </li> <li> <p>You can use the AWS Health endpoint health.us-east-1.amazonaws.com (HTTPS) to call the AWS Health API operations. AWS Health supports a multi-Region application architecture and has two regional endpoints in an active-passive configuration. You can use the high availability endpoint example to determine which AWS Region is active, so that you can get the latest information from the API. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/health-api.html\">Accessing the AWS Health API</a> in the <i>AWS Health User Guide</i>.</p> </li> </ul> </note> <p>For authentication of requests, AWS Health uses the <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>.</p> <p>If your AWS account is part of AWS Organizations, you can use the AWS Health organizational view feature. This feature provides a centralized view of AWS Health events across all accounts in your organization. You can aggregate AWS Health events in real time to identify accounts in your organization that are affected by an operational event or get notified of security vulnerabilities. Use the organizational view API operations to enable this feature and return event information. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating AWS Health events</a> in the <i>AWS Health User Guide</i>.</p> <note> <p>When you use the AWS Health API operations to return AWS Health events, see the following recommendations:</p> <ul> <li> <p>Use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html#AWSHealth-Type-Event-eventScopeCode\">eventScopeCode</a> parameter to specify whether to return AWS Health events that are public or account-specific.</p> </li> <li> <p>Use pagination to view all events from the response. For example, if you call the <code>DescribeEventsForOrganization</code> operation to get all events in your organization, you might receive several page results. Specify the <code>nextToken</code> in the next request to return more results.</p> </li> </ul> </note>"
+  "documentation":"<fullname>Health</fullname> <p>The Health API provides programmatic access to the Health information that appears in the <a href=\"https://phd.aws.amazon.com/phd/home#/\">Personal Health Dashboard</a>. You can use the API operations to get information about events that might affect your Amazon Web Services services and resources.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan from <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a> to use the Health API. If you call the Health API from an Amazon Web Services account that doesn't have a Business, Enterprise On-Ramp, or Enterprise Support plan, you receive a <code>SubscriptionRequiredException</code> error.</p> </li> <li> <p>You can use the Health endpoint health.us-east-1.amazonaws.com (HTTPS) to call the Health API operations. Health supports a multi-Region application architecture and has two regional endpoints in an active-passive configuration. You can use the high availability endpoint example to determine which Amazon Web Services Region is active, so that you can get the latest information from the API. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/health-api.html\">Accessing the Health API</a> in the <i>Health User Guide</i>.</p> </li> </ul> </note> <p>For authentication of requests, Health uses the <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>.</p> <p>If your Amazon Web Services account is part of Organizations, you can use the Health organizational view feature. This feature provides a centralized view of Health events across all accounts in your organization. You can aggregate Health events in real time to identify accounts in your organization that are affected by an operational event or get notified of security vulnerabilities. Use the organizational view API operations to enable this feature and return event information. For more information, see <a href=\"https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html\">Aggregating Health events</a> in the <i>Health User Guide</i>.</p> <note> <p>When you use the Health API operations to return Health events, see the following recommendations:</p> <ul> <li> <p>Use the <a href=\"https://docs.aws.amazon.com/health/latest/APIReference/API_Event.html#AWSHealth-Type-Event-eventScopeCode\">eventScopeCode</a> parameter to specify whether to return Health events that are public or account-specific.</p> </li> <li> <p>Use pagination to view all events from the response. For example, if you call the <code>DescribeEventsForOrganization</code> operation to get all events in your organization, you might receive several page results. Specify the <code>nextToken</code> in the next request to return more results.</p> </li> </ul> </note>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/honeycode/2020-03-01/service-2.json b/contrib/python/botocore/py3/botocore/data/honeycode/2020-03-01/service-2.json
index dfca581ebdd..74c726cfe4e 100644
--- a/contrib/python/botocore/py3/botocore/data/honeycode/2020-03-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/honeycode/2020-03-01/service-2.json
@@ -105,7 +105,8 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceUnavailableException"},
         {"shape":"ThrottlingException"},
-        {"shape":"ValidationException"}
+        {"shape":"ValidationException"},
+        {"shape":"RequestTimeoutException"}
       ],
       "documentation":"<p> The DescribeTableDataImportJob API allows you to retrieve the status and details of a table data import job. </p>"
     },
@@ -145,7 +146,8 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"AutomationExecutionException"},
         {"shape":"AutomationExecutionTimeoutException"},
-        {"shape":"RequestTimeoutException"}
+        {"shape":"RequestTimeoutException"},
+        {"shape":"ServiceQuotaExceededException"}
       ],
       "documentation":"<p> The InvokeScreenAutomation API allows invoking an action defined in a screen in a Honeycode app. The API allows setting local variables, which can then be used in the automation being invoked. This allows automating the Honeycode app interactions to write, update or delete data in the workbook. </p>"
     },
@@ -206,6 +208,25 @@
       ],
       "documentation":"<p> The ListTables API allows you to retrieve a list of all the tables in a workbook. </p>"
     },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}"
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResult"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"RequestTimeoutException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p> The ListTagsForResource API allows you to return a resource's tags. </p>"
+    },
     "QueryTableRows":{
       "name":"QueryTableRows",
       "http":{
@@ -239,9 +260,49 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceUnavailableException"},
         {"shape":"ThrottlingException"},
-        {"shape":"ValidationException"}
+        {"shape":"ValidationException"},
+        {"shape":"RequestTimeoutException"},
+        {"shape":"ServiceQuotaExceededException"}
       ],
       "documentation":"<p> The StartTableDataImportJob API allows you to start an import job on a table. This API will only return the id of the job that was started. To find out the status of the import request, you need to call the DescribeTableDataImportJob API. </p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}"
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResult"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"RequestTimeoutException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p> The TagResource API allows you to add tags to an ARN-able resource. Resource includes workbook, table, screen and screen-automation. </p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}"
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResult"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"RequestTimeoutException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p> The UntagResource API allows you to removes tags from an ARN-able resource. Resource includes workbook, table, screen and screen-automation. </p>"
     }
   },
   "shapes":{
@@ -493,11 +554,15 @@
         },
         "rawValue":{
           "shape":"RawValue",
-          "documentation":"<p> The raw value of the data contained in the cell. The raw value depends on the format of the data in the cell. However the attribute in the API return value is always a string containing the raw value. </p> <p> Cells with format DATE, DATE_TIME or TIME have the raw value as a floating point number where the whole number represents the number of days since 1/1/1900 and the fractional part represents the fraction of the day since midnight. For example, a cell with date 11/3/2020 has the raw value \"44138\". A cell with the time 9:00 AM has the raw value \"0.375\" and a cell with date/time value of 11/3/2020 9:00 AM has the raw value \"44138.375\". Notice that even though the raw value is a number in all three cases, it is still represented as a string. </p> <p> Cells with format NUMBER, CURRENCY, PERCENTAGE and ACCOUNTING have the raw value of the data as the number representing the data being displayed. For example, the number 1.325 with two decimal places in the format will have it's raw value as \"1.325\" and formatted value as \"1.33\". A currency value for $10 will have the raw value as \"10\" and formatted value as \"$10.00\". A value representing 20% with two decimal places in the format will have its raw value as \"0.2\" and the formatted value as \"20.00%\". An accounting value of -$25 will have \"-25\" as the raw value and \"$ (25.00)\" as the formatted value. </p> <p> Cells with format TEXT will have the raw text as the raw value. For example, a cell with text \"John Smith\" will have \"John Smith\" as both the raw value and the formatted value. </p> <p> Cells with format CONTACT will have the name of the contact as a formatted value and the email address of the contact as the raw value. For example, a contact for John Smith will have \"John Smith\" as the formatted value and \"john.smith@example.com\" as the raw value. </p> <p> Cells with format ROWLINK (aka picklist) will have the first column of the linked row as the formatted value and the row id of the linked row as the raw value. For example, a cell containing a picklist to a table that displays task status might have \"Completed\" as the formatted value and \"row:dfcefaee-5b37-4355-8f28-40c3e4ff5dd4/ca432b2f-b8eb-431d-9fb5-cbe0342f9f03\" as the raw value. </p> <p> Cells with format AUTO or cells without any format that are auto-detected as one of the formats above will contain the raw and formatted values as mentioned above, based on the auto-detected formats. If there is no auto-detected format, the raw and formatted values will be the same as the data in the cell. </p>"
+          "documentation":"<p> The raw value of the data contained in the cell. The raw value depends on the format of the data in the cell. However the attribute in the API return value is always a string containing the raw value. </p> <p> Cells with format DATE, DATE_TIME or TIME have the raw value as a floating point number where the whole number represents the number of days since 1/1/1900 and the fractional part represents the fraction of the day since midnight. For example, a cell with date 11/3/2020 has the raw value \"44138\". A cell with the time 9:00 AM has the raw value \"0.375\" and a cell with date/time value of 11/3/2020 9:00 AM has the raw value \"44138.375\". Notice that even though the raw value is a number in all three cases, it is still represented as a string. </p> <p> Cells with format NUMBER, CURRENCY, PERCENTAGE and ACCOUNTING have the raw value of the data as the number representing the data being displayed. For example, the number 1.325 with two decimal places in the format will have it's raw value as \"1.325\" and formatted value as \"1.33\". A currency value for $10 will have the raw value as \"10\" and formatted value as \"$10.00\". A value representing 20% with two decimal places in the format will have its raw value as \"0.2\" and the formatted value as \"20.00%\". An accounting value of -$25 will have \"-25\" as the raw value and \"$ (25.00)\" as the formatted value. </p> <p> Cells with format TEXT will have the raw text as the raw value. For example, a cell with text \"John Smith\" will have \"John Smith\" as both the raw value and the formatted value. </p> <p> Cells with format CONTACT will have the name of the contact as a formatted value and the email address of the contact as the raw value. For example, a contact for John Smith will have \"John Smith\" as the formatted value and \"john.smith@example.com\" as the raw value. </p> <p> Cells with format ROWLINK (aka picklist) will have the first column of the linked row as the formatted value and the row id of the linked row as the raw value. For example, a cell containing a picklist to a table that displays task status might have \"Completed\" as the formatted value and \"row:dfcefaee-5b37-4355-8f28-40c3e4ff5dd4/ca432b2f-b8eb-431d-9fb5-cbe0342f9f03\" as the raw value. </p> <p> Cells with format ROWSET (aka multi-select or multi-record picklist) will by default have the first column of each of the linked rows as the formatted value in the list, and the rowset id of the linked rows as the raw value. For example, a cell containing a multi-select picklist to a table that contains items might have \"Item A\", \"Item B\" in the formatted value list and \"rows:b742c1f4-6cb0-4650-a845-35eb86fcc2bb/ [fdea123b-8f68-474a-aa8a-5ff87aa333af,6daf41f0-a138-4eee-89da-123086d36ecf]\" as the raw value. </p> <p> Cells with format ATTACHMENT will have the name of the attachment as the formatted value and the attachment id as the raw value. For example, a cell containing an attachment named \"image.jpeg\" will have \"image.jpeg\" as the formatted value and \"attachment:ca432b2f-b8eb-431d-9fb5-cbe0342f9f03\" as the raw value. </p> <p> Cells with format AUTO or cells without any format that are auto-detected as one of the formats above will contain the raw and formatted values as mentioned above, based on the auto-detected formats. If there is no auto-detected format, the raw and formatted values will be the same as the data in the cell. </p>"
         },
         "formattedValue":{
           "shape":"FormattedValue",
           "documentation":"<p> The formatted value of the cell. This is the value that you see displayed in the cell in the UI. </p> <p> Note that the formatted value of a cell is always represented as a string irrespective of the data that is stored in the cell. For example, if a cell contains a date, the formatted value of the cell is the string representation of the formatted date being shown in the cell in the UI. See details in the rawValue field below for how cells of different formats will have different raw and formatted values. </p>"
+        },
+        "formattedValues":{
+          "shape":"FormattedValuesList",
+          "documentation":"<p> A list of formatted values of the cell. This field is only returned when the cell is ROWSET format (aka multi-select or multi-record picklist). Values in the list are always represented as strings. The formattedValue field will be empty if this field is returned. </p>"
         }
       },
       "documentation":"<p>An object that represents a single cell in a table.</p>",
@@ -509,9 +574,13 @@
         "fact":{
           "shape":"Fact",
           "documentation":"<p> Fact represents the data that is entered into a cell. This data can be free text or a formula. Formulas need to start with the equals (=) sign. </p>"
+        },
+        "facts":{
+          "shape":"FactList",
+          "documentation":"<p> A list representing the values that are entered into a ROWSET cell. Facts list can have either only values or rowIDs, and rowIDs should from the same table. </p>"
         }
       },
-      "documentation":"<p> CellInput object contains the data needed to create or update cells in a table. </p>"
+      "documentation":"<p> CellInput object contains the data needed to create or update cells in a table. </p> <note> <p> CellInput object has only a facts field or a fact field, but not both. A 400 bad request will be thrown if both fact and facts field are present. </p> </note>"
     },
     "Cells":{
       "type":"list",
@@ -669,6 +738,10 @@
         "jobMetadata":{
           "shape":"TableDataImportJobMetadata",
           "documentation":"<p> The metadata about the job that was submitted for import. </p>"
+        },
+        "errorCode":{
+          "shape":"ErrorCode",
+          "documentation":"<p> If job status is failed, error code to understand reason for the failure. </p>"
         }
       }
     },
@@ -689,6 +762,25 @@
       "pattern":"^([a-zA-Z0-9_\\-\\.]+)@([a-zA-Z0-9_\\-\\.]+)\\.([a-zA-Z]{2,5})$",
       "sensitive":true
     },
+    "ErrorCode":{
+      "type":"string",
+      "enum":[
+        "ACCESS_DENIED",
+        "INVALID_URL_ERROR",
+        "INVALID_IMPORT_OPTIONS_ERROR",
+        "INVALID_TABLE_ID_ERROR",
+        "INVALID_TABLE_COLUMN_ID_ERROR",
+        "TABLE_NOT_FOUND_ERROR",
+        "FILE_EMPTY_ERROR",
+        "INVALID_FILE_TYPE_ERROR",
+        "FILE_PARSING_ERROR",
+        "FILE_SIZE_LIMIT_ERROR",
+        "FILE_NOT_FOUND_ERROR",
+        "UNKNOWN_ERROR",
+        "RESOURCE_NOT_FOUND_ERROR",
+        "SYSTEM_LIMIT_ERROR"
+      ]
+    },
     "ErrorMessage":{"type":"string"},
     "Fact":{
       "type":"string",
@@ -697,6 +789,12 @@
       "pattern":"[\\s\\S]*",
       "sensitive":true
     },
+    "FactList":{
+      "type":"list",
+      "member":{"shape":"Fact"},
+      "max":220,
+      "min":0
+    },
     "FailedBatchItem":{
       "type":"structure",
       "required":[
@@ -749,7 +847,8 @@
         "TEXT",
         "ACCOUNTING",
         "CONTACT",
-        "ROWLINK"
+        "ROWLINK",
+        "ROWSET"
       ]
     },
     "FormattedValue":{
@@ -758,6 +857,12 @@
       "min":0,
       "pattern":"[\\s\\S]*"
     },
+    "FormattedValuesList":{
+      "type":"list",
+      "member":{"shape":"FormattedValue"},
+      "max":220,
+      "min":0
+    },
     "Formula":{
       "type":"string",
       "max":8192,
@@ -779,7 +884,7 @@
         },
         "appId":{
           "shape":"ResourceId",
-          "documentation":"<p>The ID of the app that contains the screem.</p>"
+          "documentation":"<p>The ID of the app that contains the screen.</p>"
         },
         "screenId":{
           "shape":"ResourceId",
@@ -1114,6 +1219,27 @@
         }
       }
     },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The resource's Amazon Resource Name (ARN).</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResult":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>The resource's tags.</p>"
+        }
+      }
+    },
     "MaxResults":{
       "type":"integer",
       "box":true,
@@ -1208,6 +1334,12 @@
       },
       "exception":true
     },
+    "ResourceArn":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^arn:aws:honeycode:.+:[0-9]{12}:.+:.+$"
+    },
     "ResourceId":{
       "type":"string",
       "max":36,
@@ -1298,7 +1430,8 @@
       "type":"string",
       "max":8000,
       "min":1,
-      "pattern":"^https:\\/\\/[^\\n\\r\\x00\\x08\\x0B\\x0C\\x0E\\x1F]*$"
+      "pattern":"^https:\\/\\/[^\\n\\r\\x00\\x08\\x0B\\x0C\\x0E\\x1F]*$",
+      "sensitive":true
     },
     "ServiceQuotaExceededException":{
       "type":"structure",
@@ -1493,6 +1626,55 @@
       "type":"list",
       "member":{"shape":"Table"}
     },
+    "TagKey":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[^\\n\\r\\x00\\x08\\x0B\\x0C\\x0E\\x1F]*$"
+    },
+    "TagKeysList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "documentation":"<p>A list of tag keys</p>",
+      "max":100
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The resource's Amazon Resource Name (ARN).</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>A list of tags to apply to the resource.</p>"
+        }
+      }
+    },
+    "TagResourceResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[^\\n\\r\\x00\\x08\\x0B\\x0C\\x0E\\x1F]*$"
+    },
+    "TagsMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"},
+      "documentation":"<p>A string to string map representing tags</p>",
+      "max":100
+    },
     "ThrottlingException":{
       "type":"structure",
       "members":{
@@ -1503,6 +1685,32 @@
       "exception":true
     },
     "TimestampInMillis":{"type":"timestamp"},
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The resource's Amazon Resource Name (ARN).</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeysList",
+          "documentation":"<p>A list of tag keys to remove from the resource.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdateRowData":{
       "type":"structure",
       "required":[
@@ -1596,6 +1804,8 @@
     },
     "VariableName":{
       "type":"string",
+      "max":255,
+      "min":1,
       "pattern":"^(?!\\s*$).+",
       "sensitive":true
     },
diff --git a/contrib/python/botocore/py3/botocore/data/imagebuilder/2019-12-02/service-2.json b/contrib/python/botocore/py3/botocore/data/imagebuilder/2019-12-02/service-2.json
index be13a8ba9b6..6ededb45afe 100644
--- a/contrib/python/botocore/py3/botocore/data/imagebuilder/2019-12-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/imagebuilder/2019-12-02/service-2.json
@@ -264,7 +264,7 @@
         {"shape":"CallRateLimitExceededException"},
         {"shape":"ResourceDependencyException"}
       ],
-      "documentation":"<p>Deletes an Image Builder image resource. This does not delete any EC2 AMIs or ECR container images that are created during the image build process. You must clean those up separately, using the appropriate Amazon EC2 or Amazon ECR console actions, or API or CLI commands.</p> <ul> <li> <p>To deregister an EC2 Linux AMI, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html\">Deregister your Linux AMI</a> in the <i> <i>Amazon EC2 User Guide</i> </i>.</p> </li> <li> <p>To deregister an EC2 Windows AMI, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/deregister-ami.html\">Deregister your Windows AMI</a> in the <i> <i>Amazon EC2 Windows Guide</i> </i>.</p> </li> <li> <p>To delete a container image from Amazon ECR, see <a href=\"https://docs.aws.amazon.com/https:/docs.aws.amazon.comAmazonECR/latest/userguide/delete_image.html\">Deleting an image</a> in the <i>Amazon ECR User Guide</i>.</p> </li> </ul>"
+      "documentation":"<p>Deletes an Image Builder image resource. This does not delete any EC2 AMIs or ECR container images that are created during the image build process. You must clean those up separately, using the appropriate Amazon EC2 or Amazon ECR console actions, or API or CLI commands.</p> <ul> <li> <p>To deregister an EC2 Linux AMI, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html\">Deregister your Linux AMI</a> in the <i> <i>Amazon EC2 User Guide</i> </i>.</p> </li> <li> <p>To deregister an EC2 Windows AMI, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/deregister-ami.html\">Deregister your Windows AMI</a> in the <i> <i>Amazon EC2 Windows Guide</i> </i>.</p> </li> <li> <p>To delete a container image from Amazon ECR, see <a href=\"https://docs.aws.amazon.com/AmazonECR/latest/userguide/delete_image.html\">Deleting an image</a> in the <i>Amazon ECR User Guide</i>.</p> </li> </ul>"
     },
     "DeleteImagePipeline":{
       "name":"DeleteImagePipeline",
@@ -543,6 +543,21 @@
       ],
       "documentation":"<p>Imports a component and transforms its data into a component document.</p>"
     },
+    "ImportVmImage":{
+      "name":"ImportVmImage",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/ImportVmImage"
+      },
+      "input":{"shape":"ImportVmImageRequest"},
+      "output":{"shape":"ImportVmImageResponse"},
+      "errors":[
+        {"shape":"ServiceException"},
+        {"shape":"ClientException"},
+        {"shape":"ServiceUnavailableException"}
+      ],
+      "documentation":"<p>When you export your virtual machine (VM) from its virtualization environment, that process creates a set of one or more disk container files that act as snapshots of your VM’s environment, settings, and data. The Amazon EC2 API <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html\">ImportImage</a> action uses those files to import your VM and create an AMI. To import using the CLI command, see <a href=\"https://docs.aws.amazon.com/cli/latest/reference/ec2/import-image.html\">import-image</a> </p> <p>You can reference the task ID from the VM import to pull in the AMI that the import created as the base image for your Image Builder recipe.</p>"
+    },
     "ListComponentBuildVersions":{
       "name":"ListComponentBuildVersions",
       "http":{
@@ -807,7 +822,7 @@
         {"shape":"ForbiddenException"},
         {"shape":"CallRateLimitExceededException"}
       ],
-      "documentation":"<p>Applies a policy to a container image. We recommend that you call the RAM API CreateResourceShare (https://docs.aws.amazon.com/ram/latest/APIReference/API_CreateResourceShare.html) to share resources. If you call the Image Builder API <code>PutContainerImagePolicy</code>, you must also call the RAM API PromoteResourceShareCreatedFromPolicy (https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html) in order for the resource to be visible to all principals with whom the resource is shared.</p>"
+      "documentation":"<p>Applies a policy to a container image. We recommend that you call the RAM API CreateResourceShare (https://docs.aws.amazon.com//ram/latest/APIReference/API_CreateResourceShare.html) to share resources. If you call the Image Builder API <code>PutContainerImagePolicy</code>, you must also call the RAM API PromoteResourceShareCreatedFromPolicy (https://docs.aws.amazon.com//ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html) in order for the resource to be visible to all principals with whom the resource is shared.</p>"
     },
     "PutImagePolicy":{
       "name":"PutImagePolicy",
@@ -1023,7 +1038,7 @@
         },
         "description":{
           "shape":"NonEmptyString",
-          "documentation":"<p>The description of the distribution configuration. Minimum and maximum length are in characters.</p>"
+          "documentation":"<p>The description of the AMI distribution configuration. Minimum and maximum length are in characters.</p>"
         },
         "targetAccountIds":{
           "shape":"AccountList",
@@ -1056,6 +1071,14 @@
     },
     "Arn":{"type":"string"},
     "Boolean":{"type":"boolean"},
+    "BuildType":{
+      "type":"string",
+      "enum":[
+        "USER_INITIATED",
+        "SCHEDULED",
+        "IMPORT"
+      ]
+    },
     "CallRateLimitExceededException":{
       "type":"structure",
       "members":{
@@ -1078,7 +1101,7 @@
         },
         "clientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>The idempotency token used to make this request idempotent.</p>",
+          "documentation":"<p>Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring idempotency</a> in the <i>Amazon EC2 API Reference</i>.</p>",
           "idempotencyToken":true
         }
       }
@@ -1092,7 +1115,7 @@
         },
         "clientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>The idempotency token used to make this request idempotent.</p>"
+          "documentation":"<p>The idempotency token that was used for this request.</p>"
         },
         "imageBuildVersionArn":{
           "shape":"ImageBuildVersionArn",
@@ -1286,8 +1309,8 @@
     },
     "ComponentParameterValue":{
       "type":"string",
-      "min":1,
-      "pattern":"[^\\x00]+"
+      "min":0,
+      "pattern":"[^\\x00]*"
     },
     "ComponentParameterValueList":{
       "type":"list",
@@ -2063,7 +2086,7 @@
         },
         "snsTopicArn":{
           "shape":"SnsTopicArn",
-          "documentation":"<p>The SNS topic on which to send image build events.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the SNS topic to which we send image build event notifications.</p> <note> <p>EC2 Image Builder is unable to send notifications to SNS topics that are encrypted using keys from other accounts. The key that is used to encrypt the SNS topic must reside in the account that the Image Builder service runs under.</p> </note>"
         },
         "resourceTags":{
           "shape":"ResourceTagMap",
@@ -2277,6 +2300,14 @@
         }
       }
     },
+    "DiskImageFormat":{
+      "type":"string",
+      "enum":[
+        "VMDK",
+        "RAW",
+        "VHD"
+      ]
+    },
     "Distribution":{
       "type":"structure",
       "required":["region"],
@@ -2300,6 +2331,10 @@
         "launchTemplateConfigurations":{
           "shape":"LaunchTemplateConfigurationList",
           "documentation":"<p>A group of launchTemplateConfiguration settings that apply to image distribution for specified accounts.</p>"
+        },
+        "s3ExportConfiguration":{
+          "shape":"S3ExportConfiguration",
+          "documentation":"<p>Configure export settings to deliver disk images created from your image build, using a file format that is compatible with your VMs in that Region.</p>"
         }
       },
       "documentation":"<p> Defines the settings for a specific Region.</p>"
@@ -2878,6 +2913,10 @@
         "tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags of the image.</p>"
+        },
+        "buildType":{
+          "shape":"BuildType",
+          "documentation":"<p>Indicates the type of build that created this image. The build can be initiated in the following ways:</p> <ul> <li> <p> <b>USER_INITIATED</b> – A manual pipeline build request.</p> </li> <li> <p> <b>SCHEDULED</b> – A pipeline build initiated by a cron expression in the Image Builder pipeline, or from EventBridge.</p> </li> <li> <p> <b>IMPORT</b> – A VM import created the image to use as the base image for the recipe.</p> </li> </ul>"
         }
       },
       "documentation":"<p>An Image Builder image. You must specify exactly one recipe for the image – either a container recipe (<code>containerRecipe</code>), which creates a container image, or an image recipe (<code>imageRecipe</code>), which creates an AMI.</p>"
@@ -3170,6 +3209,10 @@
         "tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags of the image.</p>"
+        },
+        "buildType":{
+          "shape":"BuildType",
+          "documentation":"<p>Indicates the type of build that created this image. The build can be initiated in the following ways:</p> <ul> <li> <p> <b>USER_INITIATED</b> – A manual pipeline build request.</p> </li> <li> <p> <b>SCHEDULED</b> – A pipeline build initiated by a cron expression in the Image Builder pipeline, or from EventBridge.</p> </li> <li> <p> <b>IMPORT</b> – A VM import created the image to use as the base image for the recipe.</p> </li> </ul>"
         }
       },
       "documentation":"<p>An image summary.</p>"
@@ -3183,14 +3226,14 @@
       "members":{
         "imageTestsEnabled":{
           "shape":"NullableBoolean",
-          "documentation":"<p>Defines if tests should be executed when building this image.</p>"
+          "documentation":"<p>Determines if tests should run after building the image. Image Builder defaults to enable tests to run following the image build, before image distribution.</p>"
         },
         "timeoutMinutes":{
           "shape":"ImageTestsTimeoutMinutes",
           "documentation":"<p>The maximum time in minutes that tests are permitted to run.</p>"
         }
       },
-      "documentation":"<p>Image tests configuration.</p>"
+      "documentation":"<p>Configure image tests for your pipeline build. Tests run after building the image, to verify that the AMI or container image is valid before distributing it.</p>"
     },
     "ImageTestsTimeoutMinutes":{
       "type":"integer",
@@ -3238,6 +3281,10 @@
         "dateCreated":{
           "shape":"DateTime",
           "documentation":"<p>The date on which this specific version of the Image Builder image was created.</p>"
+        },
+        "buildType":{
+          "shape":"BuildType",
+          "documentation":"<p>Indicates the type of build that created this image. The build can be initiated in the following ways:</p> <ul> <li> <p> <b>USER_INITIATED</b> – A manual pipeline build request.</p> </li> <li> <p> <b>SCHEDULED</b> – A pipeline build initiated by a cron expression in the Image Builder pipeline, or from EventBridge.</p> </li> <li> <p> <b>IMPORT</b> – A VM import created the image to use as the base image for the recipe.</p> </li> </ul>"
         }
       },
       "documentation":"<p>The defining characteristics of a specific version of an Image Builder image.</p>"
@@ -3333,6 +3380,68 @@
         }
       }
     },
+    "ImportVmImageRequest":{
+      "type":"structure",
+      "required":[
+        "name",
+        "semanticVersion",
+        "platform",
+        "vmImportTaskId",
+        "clientToken"
+      ],
+      "members":{
+        "name":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the base image that is created by the import process.</p>"
+        },
+        "semanticVersion":{
+          "shape":"VersionNumber",
+          "documentation":"<p>The semantic version to attach to the base image that was created during the import process. This version follows the semantic version syntax.</p> <note> <p>The semantic version has four nodes: &lt;major&gt;.&lt;minor&gt;.&lt;patch&gt;/&lt;build&gt;. You can assign values for the first three, and can filter on all of them.</p> <p> <b>Assignment:</b> For the first three nodes you can assign any positive integer value, including zero, with an upper limit of 2^30-1, or 1073741823 for each node. Image Builder automatically assigns the build number to the fourth node.</p> <p> <b>Patterns:</b> You can use any numeric pattern that adheres to the assignment requirements for the nodes that you can assign. For example, you might choose a software version pattern, such as 1.0.0, or a date, such as 2021.01.01.</p> </note>"
+        },
+        "description":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The description for the base image that is created by the import process.</p>"
+        },
+        "platform":{
+          "shape":"Platform",
+          "documentation":"<p>The operating system platform for the imported VM.</p>"
+        },
+        "osVersion":{
+          "shape":"OsVersion",
+          "documentation":"<p>The operating system version for the imported VM.</p>"
+        },
+        "vmImportTaskId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The <code>importTaskId</code> (API) or <code>ImportTaskId</code> (CLI) from the Amazon EC2 VM import process. Image Builder retrieves information from the import process to pull in the AMI that is created from the VM source as the base image for your recipe.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Tags that are attached to the import resources.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html\">Ensuring idempotency</a> in the <i>Amazon EC2 API Reference</i>.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "ImportVmImageResponse":{
+      "type":"structure",
+      "members":{
+        "requestId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The request ID that uniquely identifies this request.</p>"
+        },
+        "imageArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the AMI that was created during the VM import process. This AMI is used as the base image for the recipe that imported the VM.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The idempotency token that was used for this request.</p>"
+        }
+      }
+    },
     "InfrastructureConfiguration":{
       "type":"structure",
       "members":{
@@ -3378,7 +3487,7 @@
         },
         "snsTopicArn":{
           "shape":"NonEmptyString",
-          "documentation":"<p>The SNS topic Amazon Resource Name (ARN) of the infrastructure configuration.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the SNS topic to which we send image build event notifications.</p> <note> <p>EC2 Image Builder is unable to send notifications to SNS topics that are encrypted using keys from other accounts. The key that is used to encrypt the SNS topic must reside in the account that the Image Builder service runs under.</p> </note>"
         },
         "dateCreated":{
           "shape":"DateTime",
@@ -3594,6 +3703,14 @@
         "userGroups":{
           "shape":"StringList",
           "documentation":"<p>The name of the group.</p>"
+        },
+        "organizationArns":{
+          "shape":"OrganizationArnList",
+          "documentation":"<p>The ARN for an Amazon Web Services Organization that you want to share your AMI with. For more information, see <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html\">What is Organizations?</a>.</p>"
+        },
+        "organizationalUnitArns":{
+          "shape":"OrganizationalUnitArnList",
+          "documentation":"<p>The ARN for an Organizations organizational unit (OU) that you want to share your AMI with. For more information about key concepts for Organizations, see <a href=\"https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html\">Organizations terminology and concepts</a>.</p>"
         }
       },
       "documentation":"<p>Describes the configuration for a launch permission. The launch permission modification request is sent to the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyImageAttribute.html\">Amazon EC2 ModifyImageAttribute</a> API on behalf of the user for each Region they have selected to distribute the AMI. To make an AMI public, set the launch permission authorized accounts to <code>all</code>. See the examples for making an AMI public at <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyImageAttribute.html\">Amazon EC2 ModifyImageAttribute</a>.</p>"
@@ -4099,6 +4216,26 @@
       "min":1
     },
     "NullableBoolean":{"type":"boolean"},
+    "OrganizationArn":{
+      "type":"string",
+      "pattern":"^arn:aws[^:]*:organizations::[0-9]{12}:organization/o-[a-z0-9]{10,32}$"
+    },
+    "OrganizationArnList":{
+      "type":"list",
+      "member":{"shape":"OrganizationArn"},
+      "max":25,
+      "min":1
+    },
+    "OrganizationalUnitArn":{
+      "type":"string",
+      "pattern":"^arn:aws[^:]*:organizations::[0-9]{12}:ou/o-[a-z0-9]{10,32}/ou-[0-9a-z]{4,32}-[0-9a-z]{8,32}"
+    },
+    "OrganizationalUnitArnList":{
+      "type":"list",
+      "member":{"shape":"OrganizationalUnitArn"},
+      "max":25,
+      "min":1
+    },
     "OsVersion":{
       "type":"string",
       "min":1
@@ -4338,16 +4475,43 @@
       "max":25,
       "min":1
     },
+    "S3ExportConfiguration":{
+      "type":"structure",
+      "required":[
+        "roleName",
+        "diskImageFormat",
+        "s3Bucket"
+      ],
+      "members":{
+        "roleName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the role that grants VM Import/Export permission to export images to your S3 bucket.</p>"
+        },
+        "diskImageFormat":{
+          "shape":"DiskImageFormat",
+          "documentation":"<p>Export the updated image to one of the following supported disk image formats:</p> <ul> <li> <p> <b>Virtual Hard Disk (VHD)</b> – Compatible with Citrix Xen and Microsoft Hyper-V virtualization products.</p> </li> <li> <p> <b>Stream-optimized ESX Virtual Machine Disk (VMDK)</b> – Compatible with VMware ESX and VMware vSphere versions 4, 5, and 6.</p> </li> <li> <p> <b>Raw</b> – Raw format.</p> </li> </ul>"
+        },
+        "s3Bucket":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The S3 bucket in which to store the output disk images for your VM.</p>"
+        },
+        "s3Prefix":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The Amazon S3 path for the bucket where the output disk images for your VM are stored.</p>"
+        }
+      },
+      "documentation":"<p>Properties that configure export from your build instance to a compatible file format for your VM.</p>"
+    },
     "S3Logs":{
       "type":"structure",
       "members":{
         "s3BucketName":{
           "shape":"NonEmptyString",
-          "documentation":"<p>The Amazon S3 bucket in which to store the logs.</p>"
+          "documentation":"<p>The S3 bucket in which to store the logs.</p>"
         },
         "s3KeyPrefix":{
           "shape":"NonEmptyString",
-          "documentation":"<p>The Amazon S3 path in which to store the logs.</p>"
+          "documentation":"<p>The Amazon S3 path to the bucket where the logs are stored.</p>"
         }
       },
       "documentation":"<p>Amazon S3 logging configuration.</p>"
@@ -4713,7 +4877,7 @@
         },
         "snsTopicArn":{
           "shape":"SnsTopicArn",
-          "documentation":"<p>The SNS topic on which to send image build events.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the SNS topic to which we send image build event notifications.</p> <note> <p>EC2 Image Builder is unable to send notifications to SNS topics that are encrypted using keys from other accounts. The key that is used to encrypt the SNS topic must reside in the account that the Image Builder service runs under.</p> </note>"
         },
         "clientToken":{
           "shape":"ClientToken",
diff --git a/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.json b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.json
new file mode 100644
index 00000000000..a796f811192
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.json
@@ -0,0 +1,57 @@
+{
+  "pagination": {
+    "ListAccountPermissions": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "permissions"
+    },
+    "ListCoverage": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "coveredResources"
+    },
+    "ListCoverageStatistics": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "countsByGroup"
+    },
+    "ListDelegatedAdminAccounts": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "delegatedAdminAccounts"
+    },
+    "ListFilters": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "filters"
+    },
+    "ListFindingAggregations": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "responses"
+    },
+    "ListFindings": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "findings"
+    },
+    "ListMembers": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "members"
+    },
+    "ListUsageTotals": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "totals"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json
new file mode 100644
index 00000000000..b01a0bfcf34
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json
@@ -0,0 +1,17 @@
+{
+  "version": 1.0,
+  "merge": {
+    "pagination": {
+      "ListFindingAggregations": {
+        "non_aggregate_keys": [
+          "aggregationType"
+        ]
+      },
+      "ListCoverageStatistics": {
+        "non_aggregate_keys": [
+          "totalCounts"
+        ]
+      }
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/service-2.json b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/service-2.json
new file mode 100644
index 00000000000..b0c20115bc1
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/inspector2/2020-06-08/service-2.json
@@ -0,0 +1,4346 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2020-06-08",
+    "endpointPrefix":"inspector2",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceAbbreviation":"Inspector2",
+    "serviceFullName":"Inspector2",
+    "serviceId":"Inspector2",
+    "signatureVersion":"v4",
+    "signingName":"inspector2",
+    "uid":"inspector2-2020-06-08"
+  },
+  "operations":{
+    "AssociateMember":{
+      "name":"AssociateMember",
+      "http":{
+        "method":"POST",
+        "requestUri":"/members/associate",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateMemberRequest"},
+      "output":{"shape":"AssociateMemberResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Associates an Amazon Web Services account with an Amazon Inspector delegated administrator.</p>"
+    },
+    "BatchGetAccountStatus":{
+      "name":"BatchGetAccountStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/status/batch/get",
+        "responseCode":200
+      },
+      "input":{"shape":"BatchGetAccountStatusRequest"},
+      "output":{"shape":"BatchGetAccountStatusResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.</p>"
+    },
+    "BatchGetFreeTrialInfo":{
+      "name":"BatchGetFreeTrialInfo",
+      "http":{
+        "method":"POST",
+        "requestUri":"/freetrialinfo/batchget",
+        "responseCode":200
+      },
+      "input":{"shape":"BatchGetFreeTrialInfoRequest"},
+      "output":{"shape":"BatchGetFreeTrialInfoResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets free trial status for multiple Amazon Web Services accounts.</p>"
+    },
+    "CancelFindingsReport":{
+      "name":"CancelFindingsReport",
+      "http":{
+        "method":"POST",
+        "requestUri":"/reporting/cancel",
+        "responseCode":200
+      },
+      "input":{"shape":"CancelFindingsReportRequest"},
+      "output":{"shape":"CancelFindingsReportResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Cancels the given findings report.</p>"
+    },
+    "CreateFilter":{
+      "name":"CreateFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/filters/create",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateFilterRequest"},
+      "output":{"shape":"CreateFilterResponse"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"BadRequestException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a filter resource using specified filter criteria.</p>"
+    },
+    "CreateFindingsReport":{
+      "name":"CreateFindingsReport",
+      "http":{
+        "method":"POST",
+        "requestUri":"/reporting/create",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateFindingsReportRequest"},
+      "output":{"shape":"CreateFindingsReportResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a finding report.</p>"
+    },
+    "DeleteFilter":{
+      "name":"DeleteFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/filters/delete",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteFilterRequest"},
+      "output":{"shape":"DeleteFilterResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes a filter resource.</p>"
+    },
+    "DescribeOrganizationConfiguration":{
+      "name":"DescribeOrganizationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organizationconfiguration/describe",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeOrganizationConfigurationRequest"},
+      "output":{"shape":"DescribeOrganizationConfigurationResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Describe Amazon Inspector configuration settings for an Amazon Web Services organization</p>"
+    },
+    "Disable":{
+      "name":"Disable",
+      "http":{
+        "method":"POST",
+        "requestUri":"/disable",
+        "responseCode":200
+      },
+      "input":{"shape":"DisableRequest"},
+      "output":{"shape":"DisableResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Disables Amazon Inspector scans for one or more Amazon Web Services accounts. Disabling all scan types in an account disables the Amazon Inspector service.</p>"
+    },
+    "DisableDelegatedAdminAccount":{
+      "name":"DisableDelegatedAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delegatedadminaccounts/disable",
+        "responseCode":200
+      },
+      "input":{"shape":"DisableDelegatedAdminAccountRequest"},
+      "output":{"shape":"DisableDelegatedAdminAccountResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Disables the Amazon Inspector delegated administrator for your organization.</p>"
+    },
+    "DisassociateMember":{
+      "name":"DisassociateMember",
+      "http":{
+        "method":"POST",
+        "requestUri":"/members/disassociate",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateMemberRequest"},
+      "output":{"shape":"DisassociateMemberResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Disassociates a member account from an Amazon Inspector delegated administrator.</p>"
+    },
+    "Enable":{
+      "name":"Enable",
+      "http":{
+        "method":"POST",
+        "requestUri":"/enable",
+        "responseCode":200
+      },
+      "input":{"shape":"EnableRequest"},
+      "output":{"shape":"EnableResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Enables Amazon Inspector scans for one or more Amazon Web Services accounts.</p>"
+    },
+    "EnableDelegatedAdminAccount":{
+      "name":"EnableDelegatedAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delegatedadminaccounts/enable",
+        "responseCode":200
+      },
+      "input":{"shape":"EnableDelegatedAdminAccountRequest"},
+      "output":{"shape":"EnableDelegatedAdminAccountResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Enables the Amazon Inspector delegated administrator for your Organizations organization.</p>"
+    },
+    "GetDelegatedAdminAccount":{
+      "name":"GetDelegatedAdminAccount",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delegatedadminaccounts/get",
+        "responseCode":200
+      },
+      "input":{"shape":"GetDelegatedAdminAccountRequest"},
+      "output":{"shape":"GetDelegatedAdminAccountResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Retrieves information about the Amazon Inspector delegated administrator for your organization.</p>"
+    },
+    "GetFindingsReportStatus":{
+      "name":"GetFindingsReportStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/reporting/status/get",
+        "responseCode":200
+      },
+      "input":{"shape":"GetFindingsReportStatusRequest"},
+      "output":{"shape":"GetFindingsReportStatusResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets the status of a findings report.</p>"
+    },
+    "GetMember":{
+      "name":"GetMember",
+      "http":{
+        "method":"POST",
+        "requestUri":"/members/get",
+        "responseCode":200
+      },
+      "input":{"shape":"GetMemberRequest"},
+      "output":{"shape":"GetMemberResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets member information for your organization.</p>"
+    },
+    "ListAccountPermissions":{
+      "name":"ListAccountPermissions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/accountpermissions/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAccountPermissionsRequest"},
+      "output":{"shape":"ListAccountPermissionsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists the permissions an account has to configure Amazon Inspector.</p>"
+    },
+    "ListCoverage":{
+      "name":"ListCoverage",
+      "http":{
+        "method":"POST",
+        "requestUri":"/coverage/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListCoverageRequest"},
+      "output":{"shape":"ListCoverageResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists coverage details for you environment.</p>"
+    },
+    "ListCoverageStatistics":{
+      "name":"ListCoverageStatistics",
+      "http":{
+        "method":"POST",
+        "requestUri":"/coverage/statistics/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListCoverageStatisticsRequest"},
+      "output":{"shape":"ListCoverageStatisticsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists Amazon Inspector coverage statistics for your environment.</p>"
+    },
+    "ListDelegatedAdminAccounts":{
+      "name":"ListDelegatedAdminAccounts",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delegatedadminaccounts/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListDelegatedAdminAccountsRequest"},
+      "output":{"shape":"ListDelegatedAdminAccountsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists information about the Amazon Inspector delegated administrator of your organization.</p>"
+    },
+    "ListFilters":{
+      "name":"ListFilters",
+      "http":{
+        "method":"POST",
+        "requestUri":"/filters/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListFiltersRequest"},
+      "output":{"shape":"ListFiltersResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists the filters associated with your account.</p>"
+    },
+    "ListFindingAggregations":{
+      "name":"ListFindingAggregations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/findings/aggregation/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListFindingAggregationsRequest"},
+      "output":{"shape":"ListFindingAggregationsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists aggregated finding data for your environment based on specific criteria.</p>"
+    },
+    "ListFindings":{
+      "name":"ListFindings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/findings/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListFindingsRequest"},
+      "output":{"shape":"ListFindingsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists findings for your environment.</p>"
+    },
+    "ListMembers":{
+      "name":"ListMembers",
+      "http":{
+        "method":"POST",
+        "requestUri":"/members/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListMembersRequest"},
+      "output":{"shape":"ListMembersResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List members associated with the Amazon Inspector delegated administrator for your organization.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists all tags attached to a given resource.</p>"
+    },
+    "ListUsageTotals":{
+      "name":"ListUsageTotals",
+      "http":{
+        "method":"POST",
+        "requestUri":"/usage/list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListUsageTotalsRequest"},
+      "output":{"shape":"ListUsageTotalsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists the Amazon Inspector usage totals over the last 30 days.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"BadRequestException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Adds tags to a resource.</p>",
+      "idempotent":true
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Removes tags from a resource.</p>"
+    },
+    "UpdateFilter":{
+      "name":"UpdateFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/filters/update",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateFilterRequest"},
+      "output":{"shape":"UpdateFilterResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Specifies the action that is to be applied to the findings that match the filter.</p>"
+    },
+    "UpdateOrganizationConfiguration":{
+      "name":"UpdateOrganizationConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/organizationconfiguration/update",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateOrganizationConfigurationRequest"},
+      "output":{"shape":"UpdateOrganizationConfigurationResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates the configurations for your Amazon Inspector organization.</p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You do not have sufficient access to perform this action.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Account":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "resourceStatus",
+        "status"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account.</p>"
+        },
+        "resourceStatus":{
+          "shape":"ResourceStatus",
+          "documentation":"<p>Details of the status of Amazon Inspector scans by resource type.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of Amazon Inspector for the account.</p>"
+        }
+      },
+      "documentation":"<p>An Amazon Web Services account within your environment that Amazon Inspector has been enabled for.</p>"
+    },
+    "AccountAggregation":{
+      "type":"structure",
+      "members":{
+        "findingType":{
+          "shape":"AggregationFindingType",
+          "documentation":"<p>The type of finding.</p>"
+        },
+        "resourceType":{
+          "shape":"AggregationResourceType",
+          "documentation":"<p>The type of resource.</p>"
+        },
+        "sortBy":{
+          "shape":"AccountSortBy",
+          "documentation":"<p>The value to sort by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The sort order (ascending or descending).</p>"
+        }
+      },
+      "documentation":"<p>An object that contains details about an aggregation response based on Amazon Web Services accounts.</p>"
+    },
+    "AccountAggregationResponse":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>The number of findings by severity.</p>"
+        }
+      },
+      "documentation":"<p>An aggregation of findings by Amazon Web Services account ID.</p>"
+    },
+    "AccountId":{
+      "type":"string",
+      "max":12,
+      "min":12,
+      "pattern":"^\\d{12}$"
+    },
+    "AccountIdSet":{
+      "type":"list",
+      "member":{"shape":"AccountId"},
+      "max":100,
+      "min":0
+    },
+    "AccountList":{
+      "type":"list",
+      "member":{"shape":"Account"}
+    },
+    "AccountSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "AccountState":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "resourceState",
+        "state"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID.</p>"
+        },
+        "resourceState":{
+          "shape":"ResourceState",
+          "documentation":"<p>An object detailing which resources Amazon Inspector is enabled to scan for the account.</p>"
+        },
+        "state":{
+          "shape":"State",
+          "documentation":"<p>An object detailing the status of Amazon Inspector for the account.</p>"
+        }
+      },
+      "documentation":"<p>An object with details the status of an Amazon Web Services account within your Amazon Inspector environment</p>"
+    },
+    "AccountStateList":{
+      "type":"list",
+      "member":{"shape":"AccountState"},
+      "max":100,
+      "min":0
+    },
+    "AggCounts":{"type":"long"},
+    "AggregationFindingType":{
+      "type":"string",
+      "enum":[
+        "NETWORK_REACHABILITY",
+        "PACKAGE_VULNERABILITY"
+      ]
+    },
+    "AggregationRequest":{
+      "type":"structure",
+      "members":{
+        "accountAggregation":{
+          "shape":"AccountAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on Amazon Web Services account IDs.</p>"
+        },
+        "amiAggregation":{
+          "shape":"AmiAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).</p>"
+        },
+        "awsEcrContainerAggregation":{
+          "shape":"AwsEcrContainerAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on Amazon ECR container images.</p>"
+        },
+        "ec2InstanceAggregation":{
+          "shape":"Ec2InstanceAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on Amazon EC2 instances.</p>"
+        },
+        "findingTypeAggregation":{
+          "shape":"FindingTypeAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on finding types.</p>"
+        },
+        "imageLayerAggregation":{
+          "shape":"ImageLayerAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on container image layers.</p>"
+        },
+        "packageAggregation":{
+          "shape":"PackageAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on operating system package type.</p>"
+        },
+        "repositoryAggregation":{
+          "shape":"RepositoryAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on Amazon ECR repositories.</p>"
+        },
+        "titleAggregation":{
+          "shape":"TitleAggregation",
+          "documentation":"<p>An object that contains details about an aggregation request based on finding title.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an aggregation request.</p>",
+      "union":true
+    },
+    "AggregationResourceType":{
+      "type":"string",
+      "enum":[
+        "AWS_EC2_INSTANCE",
+        "AWS_ECR_CONTAINER_IMAGE"
+      ]
+    },
+    "AggregationResponse":{
+      "type":"structure",
+      "members":{
+        "accountAggregation":{
+          "shape":"AccountAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on Amazon Web Services account IDs.</p>"
+        },
+        "amiAggregation":{
+          "shape":"AmiAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).</p>"
+        },
+        "awsEcrContainerAggregation":{
+          "shape":"AwsEcrContainerAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on Amazon ECR container images.</p>"
+        },
+        "ec2InstanceAggregation":{
+          "shape":"Ec2InstanceAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on Amazon EC2 instances.</p>"
+        },
+        "findingTypeAggregation":{
+          "shape":"FindingTypeAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on finding types.</p>"
+        },
+        "imageLayerAggregation":{
+          "shape":"ImageLayerAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on container image layers.</p>"
+        },
+        "packageAggregation":{
+          "shape":"PackageAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on operating system package type.</p>"
+        },
+        "repositoryAggregation":{
+          "shape":"RepositoryAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on Amazon ECR repositories.</p>"
+        },
+        "titleAggregation":{
+          "shape":"TitleAggregationResponse",
+          "documentation":"<p>An object that contains details about an aggregation response based on finding title.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains details about the results of an aggregation type.</p>",
+      "union":true
+    },
+    "AggregationResponseList":{
+      "type":"list",
+      "member":{"shape":"AggregationResponse"}
+    },
+    "AggregationType":{
+      "type":"string",
+      "enum":[
+        "FINDING_TYPE",
+        "PACKAGE",
+        "TITLE",
+        "REPOSITORY",
+        "AMI",
+        "AWS_EC2_INSTANCE",
+        "AWS_ECR_CONTAINER",
+        "IMAGE_LAYER",
+        "ACCOUNT"
+      ]
+    },
+    "AmiAggregation":{
+      "type":"structure",
+      "members":{
+        "amis":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The IDs of AMIs to aggregate findings for.</p>"
+        },
+        "sortBy":{
+          "shape":"AmiSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on Amazon machine images (AMIs).</p>"
+    },
+    "AmiAggregationResponse":{
+      "type":"structure",
+      "required":["ami"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID that the AMI belongs.</p>"
+        },
+        "affectedInstances":{
+          "shape":"Long",
+          "documentation":"<p>The IDs of Amazon EC2 instances using this AMI.</p>"
+        },
+        "ami":{
+          "shape":"AmiId",
+          "documentation":"<p>The ID of the AMI that findings were aggregated for.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that contains the count of matched findings per severity.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains the results of a finding aggregation by AMI.</p>"
+    },
+    "AmiId":{
+      "type":"string",
+      "pattern":"^ami-([a-z0-9]{8}|[a-z0-9]{17}|\\*)$"
+    },
+    "AmiSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL",
+        "AFFECTED_INSTANCES"
+      ]
+    },
+    "Arn":{
+      "type":"string",
+      "max":1011,
+      "min":1
+    },
+    "AssociateMemberRequest":{
+      "type":"structure",
+      "required":["accountId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the member account to be associated.</p>"
+        }
+      }
+    },
+    "AssociateMemberResponse":{
+      "type":"structure",
+      "required":["accountId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the successfully associated member account.</p>"
+        }
+      }
+    },
+    "AutoEnable":{
+      "type":"structure",
+      "required":[
+        "ec2",
+        "ecr"
+      ],
+      "members":{
+        "ec2":{
+          "shape":"Boolean",
+          "documentation":"<p>Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization.</p>"
+        },
+        "ecr":{
+          "shape":"Boolean",
+          "documentation":"<p>Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization.</p>"
+        }
+      },
+      "documentation":"<p>Represents which scan types are automatically enabled for new members of your Amazon Inspector organization.</p>"
+    },
+    "AwsEc2InstanceDetails":{
+      "type":"structure",
+      "members":{
+        "iamInstanceProfileArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The IAM instance profile ARN of the Amazon EC2 instance.</p>"
+        },
+        "imageId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The image ID of the Amazon EC2 instance.</p>"
+        },
+        "ipV4Addresses":{
+          "shape":"IpV4AddressList",
+          "documentation":"<p>The IPv4 addresses of the Amazon EC2 instance.</p>"
+        },
+        "ipV6Addresses":{
+          "shape":"IpV6AddressList",
+          "documentation":"<p>The IPv6 addresses of the Amazon EC2 instance.</p>"
+        },
+        "keyName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the key pair used to launch the Amazon EC2 instance.</p>"
+        },
+        "launchedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time the Amazon EC2 instance was launched at.</p>"
+        },
+        "platform":{
+          "shape":"Platform",
+          "documentation":"<p>The platform of the Amazon EC2 instance.</p>"
+        },
+        "subnetId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The subnet ID of the Amazon EC2 instance.</p>"
+        },
+        "type":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The type of the Amazon EC2 instance.</p>"
+        },
+        "vpcId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The VPC ID of the Amazon EC2 instance.</p>"
+        }
+      },
+      "documentation":"<p>Details of the Amazon EC2 instance involved in a finding.</p>"
+    },
+    "AwsEcrContainerAggregation":{
+      "type":"structure",
+      "members":{
+        "architectures":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The architecture of the containers.</p>"
+        },
+        "imageShas":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The image SHA values.</p>"
+        },
+        "imageTags":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The image tags.</p>"
+        },
+        "repositories":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The container repositories.</p>"
+        },
+        "resourceIds":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The container resource IDs.</p>"
+        },
+        "sortBy":{
+          "shape":"AwsEcrContainerSortBy",
+          "documentation":"<p>The value to sort by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The sort order (ascending or descending).</p>"
+        }
+      },
+      "documentation":"<p>An aggregation of information about Amazon ECR containers.</p>"
+    },
+    "AwsEcrContainerAggregationResponse":{
+      "type":"structure",
+      "required":["resourceId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the account that owns the container.</p>"
+        },
+        "architecture":{
+          "shape":"String",
+          "documentation":"<p>The architecture of the container.</p>"
+        },
+        "imageSha":{
+          "shape":"String",
+          "documentation":"<p>The SHA value of the container image.</p>"
+        },
+        "imageTags":{
+          "shape":"StringList",
+          "documentation":"<p>The container image stags.</p>"
+        },
+        "repository":{
+          "shape":"String",
+          "documentation":"<p>The container repository.</p>"
+        },
+        "resourceId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The resource ID of the container.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>The number of finding by severity.</p>"
+        }
+      },
+      "documentation":"<p>An aggregation of information about Amazon ECR containers.</p>"
+    },
+    "AwsEcrContainerImageDetails":{
+      "type":"structure",
+      "required":[
+        "imageHash",
+        "registry",
+        "repositoryName"
+      ],
+      "members":{
+        "architecture":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The architecture of the Amazon ECR container image.</p>"
+        },
+        "author":{
+          "shape":"String",
+          "documentation":"<p>The image author of the Amazon ECR container image.</p>"
+        },
+        "imageHash":{
+          "shape":"ImageHash",
+          "documentation":"<p>The image hash of the Amazon ECR container image.</p>"
+        },
+        "imageTags":{
+          "shape":"ImageTagList",
+          "documentation":"<p>The image tags attached to the Amazon ECR container image.</p>"
+        },
+        "platform":{
+          "shape":"Platform",
+          "documentation":"<p>The platform of the Amazon ECR container image.</p>"
+        },
+        "pushedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time the Amazon ECR container image was pushed.</p>"
+        },
+        "registry":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The registry the Amazon ECR container image belongs to.</p>"
+        },
+        "repositoryName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the repository the Amazon ECR container image resides in.</p>"
+        }
+      },
+      "documentation":"<p>The image details of the Amazon ECR container image.</p>"
+    },
+    "AwsEcrContainerSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "BadRequestException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>One or more tags submitted as part of the request is not valid.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "BatchGetAccountStatusRequest":{
+      "type":"structure",
+      "members":{
+        "accountIds":{
+          "shape":"AccountIdSet",
+          "documentation":"<p>The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for.</p>"
+        }
+      }
+    },
+    "BatchGetAccountStatusResponse":{
+      "type":"structure",
+      "required":["accounts"],
+      "members":{
+        "accounts":{
+          "shape":"AccountStateList",
+          "documentation":"<p>An array of objects that provide details on the status of Amazon Inspector for each of the requested accounts.</p>"
+        },
+        "failedAccounts":{
+          "shape":"FailedAccountList",
+          "documentation":"<p>An array of objects detailing any accounts that failed to enable Amazon Inspector and why.</p>"
+        }
+      }
+    },
+    "BatchGetFreeTrialInfoRequest":{
+      "type":"structure",
+      "required":["accountIds"],
+      "members":{
+        "accountIds":{
+          "shape":"BatchGetFreeTrialInfoRequestAccountIdsList",
+          "documentation":"<p>The account IDs to get free trial status for.</p>"
+        }
+      }
+    },
+    "BatchGetFreeTrialInfoRequestAccountIdsList":{
+      "type":"list",
+      "member":{"shape":"MeteringAccountId"},
+      "max":100,
+      "min":1
+    },
+    "BatchGetFreeTrialInfoResponse":{
+      "type":"structure",
+      "required":[
+        "accounts",
+        "failedAccounts"
+      ],
+      "members":{
+        "accounts":{
+          "shape":"FreeTrialAccountInfoList",
+          "documentation":"<p>An array of objects that provide Amazon Inspector free trial details for each of the requested accounts. </p>"
+        },
+        "failedAccounts":{
+          "shape":"FreeTrialInfoErrorList",
+          "documentation":"<p>An array of objects detailing any accounts that free trial data could not be returned for.</p>"
+        }
+      }
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "CancelFindingsReportRequest":{
+      "type":"structure",
+      "required":["reportId"],
+      "members":{
+        "reportId":{
+          "shape":"ReportId",
+          "documentation":"<p>The ID of the report to be canceled.</p>"
+        }
+      }
+    },
+    "CancelFindingsReportResponse":{
+      "type":"structure",
+      "required":["reportId"],
+      "members":{
+        "reportId":{
+          "shape":"ReportId",
+          "documentation":"<p>The ID of the canceled report.</p>"
+        }
+      }
+    },
+    "ClientToken":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "Component":{"type":"string"},
+    "ComponentType":{"type":"string"},
+    "ConflictException":{
+      "type":"structure",
+      "required":[
+        "message",
+        "resourceId",
+        "resourceType"
+      ],
+      "members":{
+        "message":{"shape":"String"},
+        "resourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the conflicting resource.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the conflicting resource.</p>"
+        }
+      },
+      "documentation":"<p>A conflict occurred.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Counts":{
+      "type":"structure",
+      "members":{
+        "count":{
+          "shape":"AggCounts",
+          "documentation":"<p>The number of resources.</p>"
+        },
+        "groupKey":{
+          "shape":"GroupKey",
+          "documentation":"<p>The key associated with this group</p>"
+        }
+      },
+      "documentation":"<p>a structure that contains information on the count of resources within a group.</p>"
+    },
+    "CountsList":{
+      "type":"list",
+      "member":{"shape":"Counts"},
+      "max":5,
+      "min":1
+    },
+    "CoverageFilterCriteria":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>An array of Amazon Web Services account IDs to return coverage statistics for.</p>"
+        },
+        "ec2InstanceTags":{
+          "shape":"CoverageMapFilterList",
+          "documentation":"<p>The Amazon EC2 instance tags to filter on.</p>"
+        },
+        "ecrImageTags":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>The Amazon ECR image tags to filter on.</p>"
+        },
+        "ecrRepositoryName":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>The Amazon ECR repository name to filter on.</p>"
+        },
+        "resourceId":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>An array of Amazon Web Services resource IDs to return coverage statistics for.</p>"
+        },
+        "resourceType":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>An array of Amazon Web Services resource types to return coverage statistics for.</p>"
+        },
+        "scanStatusCode":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>The scan status code to filter on.</p>"
+        },
+        "scanStatusReason":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>The scan status reason to filter on.</p>"
+        },
+        "scanType":{
+          "shape":"CoverageStringFilterList",
+          "documentation":"<p>An array of Amazon Inspector scan types to return coverage statistics for.</p>"
+        }
+      },
+      "documentation":"<p>A structure that identifies filter criteria for <code>GetCoverageStatistics</code>.</p>"
+    },
+    "CoverageMapComparison":{
+      "type":"string",
+      "enum":["EQUALS"]
+    },
+    "CoverageMapFilter":{
+      "type":"structure",
+      "required":[
+        "comparison",
+        "key"
+      ],
+      "members":{
+        "comparison":{
+          "shape":"CoverageMapComparison",
+          "documentation":"<p>The operator to compare coverage on.</p>"
+        },
+        "key":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The tag key associated with the coverage map filter.</p>"
+        },
+        "value":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The tag value associated with the coverage map filter.</p>"
+        }
+      },
+      "documentation":"<p>Contains details of a coverage map filter.</p>"
+    },
+    "CoverageMapFilterList":{
+      "type":"list",
+      "member":{"shape":"CoverageMapFilter"},
+      "max":10,
+      "min":1
+    },
+    "CoverageResourceType":{
+      "type":"string",
+      "enum":[
+        "AWS_EC2_INSTANCE",
+        "AWS_ECR_CONTAINER_IMAGE",
+        "AWS_ECR_REPOSITORY"
+      ]
+    },
+    "CoverageStringComparison":{
+      "type":"string",
+      "enum":[
+        "EQUALS",
+        "NOT_EQUALS"
+      ]
+    },
+    "CoverageStringFilter":{
+      "type":"structure",
+      "required":[
+        "comparison",
+        "value"
+      ],
+      "members":{
+        "comparison":{
+          "shape":"CoverageStringComparison",
+          "documentation":"<p>The operator to compare strings on.</p>"
+        },
+        "value":{
+          "shape":"CoverageStringInput",
+          "documentation":"<p>The value to compare strings on.</p>"
+        }
+      },
+      "documentation":"<p>Contains details of a coverage string filter.</p>"
+    },
+    "CoverageStringFilterList":{
+      "type":"list",
+      "member":{"shape":"CoverageStringFilter"},
+      "max":10,
+      "min":1
+    },
+    "CoverageStringInput":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "CoveredResource":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "resourceId",
+        "resourceType",
+        "scanType"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the covered resource.</p>"
+        },
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>The ID of the covered resource.</p>"
+        },
+        "resourceMetadata":{
+          "shape":"ResourceScanMetadata",
+          "documentation":"<p>An object that contains details about the metadata.</p>"
+        },
+        "resourceType":{
+          "shape":"CoverageResourceType",
+          "documentation":"<p>The type of the covered resource.</p>"
+        },
+        "scanStatus":{
+          "shape":"ScanStatus",
+          "documentation":"<p>The status of the scan covering the resource.</p>"
+        },
+        "scanType":{
+          "shape":"ScanType",
+          "documentation":"<p>The Amazon Inspector scan type covering the resource.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains details about a resource covered by Amazon Inspector.</p>"
+    },
+    "CoveredResources":{
+      "type":"list",
+      "member":{"shape":"CoveredResource"}
+    },
+    "CreateFilterRequest":{
+      "type":"structure",
+      "required":[
+        "action",
+        "filterCriteria",
+        "name"
+      ],
+      "members":{
+        "action":{
+          "shape":"FilterAction",
+          "documentation":"<p>Defines the action that is to be applied to the findings that match the filter.</p>"
+        },
+        "description":{
+          "shape":"FilterDescription",
+          "documentation":"<p>A description of the filter.</p>"
+        },
+        "filterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>Defines the criteria to be used in the filter for querying findings.</p>"
+        },
+        "name":{
+          "shape":"FilterName",
+          "documentation":"<p>The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>A list of tags for the filter.</p>"
+        }
+      }
+    },
+    "CreateFilterResponse":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the successfully created filter.</p>"
+        }
+      }
+    },
+    "CreateFindingsReportRequest":{
+      "type":"structure",
+      "required":[
+        "reportFormat",
+        "s3Destination"
+      ],
+      "members":{
+        "filterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>The filter criteria to apply to the results of the finding report.</p>"
+        },
+        "reportFormat":{
+          "shape":"ReportFormat",
+          "documentation":"<p>The format to generate the report in.</p>"
+        },
+        "s3Destination":{
+          "shape":"Destination",
+          "documentation":"<p>The Amazon S3 export destination for the report.</p>"
+        }
+      }
+    },
+    "CreateFindingsReportResponse":{
+      "type":"structure",
+      "members":{
+        "reportId":{
+          "shape":"ReportId",
+          "documentation":"<p>The ID of the report.</p>"
+        }
+      }
+    },
+    "Currency":{
+      "type":"string",
+      "enum":["USD"]
+    },
+    "CvssScore":{
+      "type":"structure",
+      "required":[
+        "baseScore",
+        "scoringVector",
+        "source",
+        "version"
+      ],
+      "members":{
+        "baseScore":{
+          "shape":"Double",
+          "documentation":"<p>The base CVSS score used for the finding.</p>"
+        },
+        "scoringVector":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The vector string of the CVSS score.</p>"
+        },
+        "source":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source of the CVSS score.</p>"
+        },
+        "version":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The version of CVSS used for the score.</p>"
+        }
+      },
+      "documentation":"<p>The CVSS score for a finding.</p>"
+    },
+    "CvssScoreAdjustment":{
+      "type":"structure",
+      "required":[
+        "metric",
+        "reason"
+      ],
+      "members":{
+        "metric":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The metric used to adjust the CVSS score.</p>"
+        },
+        "reason":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The reason the CVSS score has been adjustment.</p>"
+        }
+      },
+      "documentation":"<p>Details on adjustments Amazon Inspector made to the CVSS score for a finding.</p>"
+    },
+    "CvssScoreAdjustmentList":{
+      "type":"list",
+      "member":{"shape":"CvssScoreAdjustment"}
+    },
+    "CvssScoreDetails":{
+      "type":"structure",
+      "required":[
+        "score",
+        "scoreSource",
+        "scoringVector",
+        "version"
+      ],
+      "members":{
+        "adjustments":{
+          "shape":"CvssScoreAdjustmentList",
+          "documentation":"<p>An object that contains details about adjustment Amazon Inspector made to the CVSS score.</p>"
+        },
+        "cvssSource":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source of the CVSS data.</p>"
+        },
+        "score":{
+          "shape":"Double",
+          "documentation":"<p>The CVSS score.</p>"
+        },
+        "scoreSource":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source for the CVSS score.</p>"
+        },
+        "scoringVector":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The vector for the CVSS score.</p>"
+        },
+        "version":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The CVSS version used in scoring.</p>"
+        }
+      },
+      "documentation":"<p>Information about the CVSS score.</p>"
+    },
+    "CvssScoreList":{
+      "type":"list",
+      "member":{"shape":"CvssScore"}
+    },
+    "DateFilter":{
+      "type":"structure",
+      "members":{
+        "endInclusive":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp representing the end of the time period filtered on.</p>"
+        },
+        "startInclusive":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp representing the start of the time period filtered on.</p>"
+        }
+      },
+      "documentation":"<p>Contains details on the time range used to filter findings.</p>"
+    },
+    "DateFilterList":{
+      "type":"list",
+      "member":{"shape":"DateFilter"},
+      "max":10,
+      "min":1
+    },
+    "DateTimeTimestamp":{"type":"timestamp"},
+    "DelegatedAdmin":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.</p>"
+        },
+        "relationshipStatus":{
+          "shape":"RelationshipStatus",
+          "documentation":"<p>The status of the Amazon Inspector delegated administrator.</p>"
+        }
+      },
+      "documentation":"<p>Details of the Amazon Inspector delegated administrator for your organization.</p>"
+    },
+    "DelegatedAdminAccount":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.</p>"
+        },
+        "status":{
+          "shape":"DelegatedAdminStatus",
+          "documentation":"<p>The status of the Amazon Inspector delegated administrator.</p>"
+        }
+      },
+      "documentation":"<p>Details of the Amazon Inspector delegated administrator for your organization.</p>"
+    },
+    "DelegatedAdminAccountList":{
+      "type":"list",
+      "member":{"shape":"DelegatedAdminAccount"},
+      "max":5,
+      "min":0
+    },
+    "DelegatedAdminStatus":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLE_IN_PROGRESS"
+      ]
+    },
+    "DeleteFilterRequest":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the filter to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteFilterResponse":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the filter that has been deleted.</p>"
+        }
+      }
+    },
+    "DescribeOrganizationConfigurationRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DescribeOrganizationConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "autoEnable":{
+          "shape":"AutoEnable",
+          "documentation":"<p>The scan types are automatically enabled for new members of your organization.</p>"
+        },
+        "maxAccountLimitReached":{
+          "shape":"Boolean",
+          "documentation":"<p>Represents whether your organization has reached the maximum Amazon Web Services account limit for Amazon Inspector.</p>"
+        }
+      }
+    },
+    "Destination":{
+      "type":"structure",
+      "required":[
+        "bucketName",
+        "kmsKeyArn"
+      ],
+      "members":{
+        "bucketName":{
+          "shape":"String",
+          "documentation":"<p>The name of the Amazon S3 bucket to export findings to.</p>"
+        },
+        "keyPrefix":{
+          "shape":"String",
+          "documentation":"<p>The prefix of the KMS key used to export findings.</p>"
+        },
+        "kmsKeyArn":{
+          "shape":"String",
+          "documentation":"<p>The ARN of the KMS key used to encrypt data when exporting findings.</p>"
+        }
+      },
+      "documentation":"<p>Contains details of the Amazon S3 bucket and KMS key used to export findings.</p>"
+    },
+    "DisableDelegatedAdminAccountRequest":{
+      "type":"structure",
+      "required":["delegatedAdminAccountId"],
+      "members":{
+        "delegatedAdminAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the current Amazon Inspector delegated administrator.</p>"
+        }
+      }
+    },
+    "DisableDelegatedAdminAccountResponse":{
+      "type":"structure",
+      "required":["delegatedAdminAccountId"],
+      "members":{
+        "delegatedAdminAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the successfully disabled delegated administrator.</p>"
+        }
+      }
+    },
+    "DisableRequest":{
+      "type":"structure",
+      "members":{
+        "accountIds":{
+          "shape":"AccountIdSet",
+          "documentation":"<p>An array of account IDs you want to disable Amazon Inspector scans for.</p>"
+        },
+        "resourceTypes":{
+          "shape":"DisableResourceTypeList",
+          "documentation":"<p>The resource scan types you want to disable.</p>"
+        }
+      }
+    },
+    "DisableResourceTypeList":{
+      "type":"list",
+      "member":{"shape":"ResourceScanType"},
+      "max":2,
+      "min":0
+    },
+    "DisableResponse":{
+      "type":"structure",
+      "required":["accounts"],
+      "members":{
+        "accounts":{
+          "shape":"AccountList",
+          "documentation":"<p>Information on the accounts that have had Amazon Inspector scans successfully disabled. Details are provided for each account.</p>"
+        },
+        "failedAccounts":{
+          "shape":"FailedAccountList",
+          "documentation":"<p>Information on any accounts for which Amazon Inspector scans could not be disabled. Details are provided for each account.</p>"
+        }
+      }
+    },
+    "DisassociateMemberRequest":{
+      "type":"structure",
+      "required":["accountId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the member account to disassociate.</p>"
+        }
+      }
+    },
+    "DisassociateMemberResponse":{
+      "type":"structure",
+      "required":["accountId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the successfully disassociated member.</p>"
+        }
+      }
+    },
+    "Double":{
+      "type":"double",
+      "box":true
+    },
+    "Ec2InstanceAggregation":{
+      "type":"structure",
+      "members":{
+        "amis":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.</p>"
+        },
+        "instanceIds":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The Amazon EC2 instance IDs to aggregate findings for.</p>"
+        },
+        "instanceTags":{
+          "shape":"MapFilterList",
+          "documentation":"<p>The Amazon EC2 instance tags to aggregate findings for.</p>"
+        },
+        "operatingSystems":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are <code>ORACLE_LINUX_7</code> and <code>ALPINE_LINUX_3_8</code>.</p>"
+        },
+        "sortBy":{
+          "shape":"Ec2InstanceSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on Amazon EC2 instances.</p>"
+    },
+    "Ec2InstanceAggregationResponse":{
+      "type":"structure",
+      "required":["instanceId"],
+      "members":{
+        "accountId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services account the Amazon EC2 instance belongs to.</p>"
+        },
+        "ami":{
+          "shape":"AmiId",
+          "documentation":"<p>The Amazon Machine Image (AMI) of the Amazon EC2 instance.</p>"
+        },
+        "instanceId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The Amazon EC2 instance ID.</p>"
+        },
+        "instanceTags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags attached to the instance.</p>"
+        },
+        "networkFindings":{
+          "shape":"Long",
+          "documentation":"<p>The number of network findings for the Amazon EC2 instance.</p>"
+        },
+        "operatingSystem":{
+          "shape":"String",
+          "documentation":"<p>The operating system of the Amazon EC2 instance.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that contains the count of matched findings per severity.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains the results of a finding aggregation by Amazon EC2 instance.</p>"
+    },
+    "Ec2InstanceSortBy":{
+      "type":"string",
+      "enum":[
+        "NETWORK_FINDINGS",
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "Ec2Metadata":{
+      "type":"structure",
+      "members":{
+        "amiId":{
+          "shape":"AmiId",
+          "documentation":"<p>The ID of the Amazon Machine Image (AMI) used to launch the instance.</p>"
+        },
+        "platform":{
+          "shape":"Ec2Platform",
+          "documentation":"<p>The platform of the instance.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags attached to the instance.</p>"
+        }
+      },
+      "documentation":"<p>Meta data details of an Amazon EC2 instance.</p>"
+    },
+    "Ec2Platform":{
+      "type":"string",
+      "enum":[
+        "WINDOWS",
+        "LINUX",
+        "UNKNOWN"
+      ]
+    },
+    "EcrContainerImageMetadata":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>Tags associated with the Amazon ECR image metadata.</p>"
+        }
+      },
+      "documentation":"<p>Information on the Amazon ECR image metadata associated with a finding.</p>"
+    },
+    "EcrRepositoryMetadata":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the Amazon ECR repository.</p>"
+        },
+        "scanFrequency":{
+          "shape":"EcrScanFrequency",
+          "documentation":"<p>The frequency of scans.</p>"
+        }
+      },
+      "documentation":"<p>Information on the Amazon ECR repository metadata associated with a finding.</p>"
+    },
+    "EcrScanFrequency":{
+      "type":"string",
+      "enum":[
+        "MANUAL",
+        "SCAN_ON_PUSH",
+        "CONTINUOUS_SCAN"
+      ]
+    },
+    "EnableDelegatedAdminAccountRequest":{
+      "type":"structure",
+      "required":["delegatedAdminAccountId"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The idempotency token for the request.</p>",
+          "idempotencyToken":true
+        },
+        "delegatedAdminAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the Amazon Inspector delegated administrator.</p>"
+        }
+      }
+    },
+    "EnableDelegatedAdminAccountResponse":{
+      "type":"structure",
+      "required":["delegatedAdminAccountId"],
+      "members":{
+        "delegatedAdminAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the successfully Amazon Inspector delegated administrator.</p>"
+        }
+      }
+    },
+    "EnableRequest":{
+      "type":"structure",
+      "required":["resourceTypes"],
+      "members":{
+        "accountIds":{
+          "shape":"AccountIdSet",
+          "documentation":"<p>A list of account IDs you want to enable Amazon Inspector scans for.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The idempotency token for the request.</p>",
+          "idempotencyToken":true
+        },
+        "resourceTypes":{
+          "shape":"EnableResourceTypeList",
+          "documentation":"<p>The resource scan types you want to enable.</p>"
+        }
+      }
+    },
+    "EnableResourceTypeList":{
+      "type":"list",
+      "member":{"shape":"ResourceScanType"},
+      "max":2,
+      "min":1
+    },
+    "EnableResponse":{
+      "type":"structure",
+      "required":["accounts"],
+      "members":{
+        "accounts":{
+          "shape":"AccountList",
+          "documentation":"<p>Information on the accounts that have had Amazon Inspector scans successfully enabled. Details are provided for each account.</p>"
+        },
+        "failedAccounts":{
+          "shape":"FailedAccountList",
+          "documentation":"<p>Information on any accounts for which Amazon Inspector scans could not be enabled. Details are provided for each account.</p>"
+        }
+      }
+    },
+    "ErrorCode":{
+      "type":"string",
+      "enum":[
+        "ALREADY_ENABLED",
+        "ENABLE_IN_PROGRESS",
+        "DISABLE_IN_PROGRESS",
+        "SUSPEND_IN_PROGRESS",
+        "RESOURCE_NOT_FOUND",
+        "ACCESS_DENIED",
+        "INTERNAL_ERROR",
+        "SSM_UNAVAILABLE",
+        "SSM_THROTTLED",
+        "EVENTBRIDGE_UNAVAILABLE",
+        "EVENTBRIDGE_THROTTLED",
+        "RESOURCE_SCAN_NOT_DISABLED",
+        "DISASSOCIATE_ALL_MEMBERS"
+      ]
+    },
+    "ErrorMessage":{"type":"string"},
+    "ExternalReportStatus":{
+      "type":"string",
+      "enum":[
+        "SUCCEEDED",
+        "IN_PROGRESS",
+        "CANCELLED",
+        "FAILED"
+      ]
+    },
+    "FailedAccount":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "errorCode",
+        "errorMessage"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID.</p>"
+        },
+        "errorCode":{
+          "shape":"ErrorCode",
+          "documentation":"<p>The error code explaining why the account failed to enable Amazon Inspector.</p>"
+        },
+        "errorMessage":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The error message received when the account failed to enable Amazon Inspector.</p>"
+        },
+        "resourceStatus":{
+          "shape":"ResourceStatus",
+          "documentation":"<p>An object detailing which resources Amazon Inspector is enabled to scan for the account.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of Amazon Inspector for the account.</p>"
+        }
+      },
+      "documentation":"<p>An object with details on why an account failed to enable Amazon Inspector.</p>"
+    },
+    "FailedAccountList":{
+      "type":"list",
+      "member":{"shape":"FailedAccount"},
+      "max":100,
+      "min":0
+    },
+    "FilePath":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "Filter":{
+      "type":"structure",
+      "required":[
+        "action",
+        "arn",
+        "createdAt",
+        "criteria",
+        "name",
+        "ownerId",
+        "updatedAt"
+      ],
+      "members":{
+        "action":{
+          "shape":"FilterAction",
+          "documentation":"<p>The action that is to be applied to the findings that match the filter.</p>"
+        },
+        "arn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) associated with this filter.</p>"
+        },
+        "createdAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time this filter was created at.</p>"
+        },
+        "criteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>Details on the filter criteria associated with this filter.</p>"
+        },
+        "description":{
+          "shape":"FilterDescription",
+          "documentation":"<p>A description of the filter.</p>"
+        },
+        "name":{
+          "shape":"FilterName",
+          "documentation":"<p>The name of the filter.</p>"
+        },
+        "ownerId":{
+          "shape":"OwnerId",
+          "documentation":"<p>The Amazon Web Services account ID of the account that created the filter.</p>"
+        },
+        "reason":{
+          "shape":"FilterReason",
+          "documentation":"<p>The reason for the filter.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags attached to the filter.</p>"
+        },
+        "updatedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time the filter was last updated at.</p>"
+        }
+      },
+      "documentation":"<p>Details about a filter.</p>"
+    },
+    "FilterAction":{
+      "type":"string",
+      "enum":[
+        "NONE",
+        "SUPPRESS"
+      ]
+    },
+    "FilterArn":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "FilterArnList":{
+      "type":"list",
+      "member":{"shape":"FilterArn"}
+    },
+    "FilterCriteria":{
+      "type":"structure",
+      "members":{
+        "awsAccountId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon Web Services account IDs used to filter findings.</p>"
+        },
+        "componentId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the component IDs used to filter findings.</p>"
+        },
+        "componentType":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the component types used to filter findings.</p>"
+        },
+        "ec2InstanceImageId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon EC2 instance image IDs used to filter findings.</p>"
+        },
+        "ec2InstanceSubnetId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon EC2 instance subnet IDs used to filter findings.</p>"
+        },
+        "ec2InstanceVpcId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon EC2 instance VPC IDs used to filter findings.</p>"
+        },
+        "ecrImageArchitecture":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon ECR image architecture types used to filter findings.</p>"
+        },
+        "ecrImageHash":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details of the Amazon ECR image hashes used to filter findings.</p>"
+        },
+        "ecrImagePushedAt":{
+          "shape":"DateFilterList",
+          "documentation":"<p>Details on the Amazon ECR image push date and time used to filter findings.</p>"
+        },
+        "ecrImageRegistry":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the Amazon ECR registry used to filter findings.</p>"
+        },
+        "ecrImageRepositoryName":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the name of the Amazon ECR repository used to filter findings.</p>"
+        },
+        "ecrImageTags":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The tags attached to the Amazon ECR container image.</p>"
+        },
+        "findingArn":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the finding ARNs used to filter findings.</p>"
+        },
+        "findingStatus":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the finding status types used to filter findings.</p>"
+        },
+        "findingType":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the finding types used to filter findings.</p>"
+        },
+        "firstObservedAt":{
+          "shape":"DateFilterList",
+          "documentation":"<p>Details on the date and time a finding was first seen used to filter findings.</p>"
+        },
+        "inspectorScore":{
+          "shape":"NumberFilterList",
+          "documentation":"<p>The Amazon Inspector score to filter on.</p>"
+        },
+        "lastObservedAt":{
+          "shape":"DateFilterList",
+          "documentation":"<p>Details on the date and time a finding was last seen used to filter findings.</p>"
+        },
+        "networkProtocol":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the ingress source addresses used to filter findings.</p>"
+        },
+        "portRange":{
+          "shape":"PortRangeFilterList",
+          "documentation":"<p>Details on the port ranges used to filter findings.</p>"
+        },
+        "relatedVulnerabilities":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the related vulnerabilities used to filter findings.</p>"
+        },
+        "resourceId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the resource IDs used to filter findings.</p>"
+        },
+        "resourceTags":{
+          "shape":"MapFilterList",
+          "documentation":"<p>Details on the resource tags used to filter findings.</p>"
+        },
+        "resourceType":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the resource types used to filter findings.</p>"
+        },
+        "severity":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the severity used to filter findings.</p>"
+        },
+        "title":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the finding title used to filter findings.</p>"
+        },
+        "updatedAt":{
+          "shape":"DateFilterList",
+          "documentation":"<p>Details on the date and time a finding was last updated at used to filter findings.</p>"
+        },
+        "vendorSeverity":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the vendor severity used to filter findings.</p>"
+        },
+        "vulnerabilityId":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the vulnerability ID used to filter findings.</p>"
+        },
+        "vulnerabilitySource":{
+          "shape":"StringFilterList",
+          "documentation":"<p>Details on the vulnerability type used to filter findings.</p>"
+        },
+        "vulnerablePackages":{
+          "shape":"PackageFilterList",
+          "documentation":"<p>Details on the vulnerable packages used to filter findings.</p>"
+        }
+      },
+      "documentation":"<p>Details on the criteria used to define the filter.</p>"
+    },
+    "FilterDescription":{
+      "type":"string",
+      "max":512,
+      "min":1
+    },
+    "FilterList":{
+      "type":"list",
+      "member":{"shape":"Filter"}
+    },
+    "FilterName":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "FilterReason":{
+      "type":"string",
+      "max":512,
+      "min":1
+    },
+    "Finding":{
+      "type":"structure",
+      "required":[
+        "awsAccountId",
+        "description",
+        "findingArn",
+        "firstObservedAt",
+        "lastObservedAt",
+        "remediation",
+        "resources",
+        "severity",
+        "status",
+        "type"
+      ],
+      "members":{
+        "awsAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID associated with the finding.</p>"
+        },
+        "description":{
+          "shape":"FindingDescription",
+          "documentation":"<p>The description of the finding.</p>"
+        },
+        "findingArn":{
+          "shape":"FindingArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the finding.</p>"
+        },
+        "firstObservedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time that the finding was first observed.</p>"
+        },
+        "inspectorScore":{
+          "shape":"Double",
+          "documentation":"<p>The Amazon Inspector score given to the finding.</p>"
+        },
+        "inspectorScoreDetails":{
+          "shape":"InspectorScoreDetails",
+          "documentation":"<p>An object that contains details of the Amazon Inspector score.</p>"
+        },
+        "lastObservedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time that the finding was last observed.</p>"
+        },
+        "networkReachabilityDetails":{
+          "shape":"NetworkReachabilityDetails",
+          "documentation":"<p>An object that contains the details of a network reachability finding.</p>"
+        },
+        "packageVulnerabilityDetails":{
+          "shape":"PackageVulnerabilityDetails",
+          "documentation":"<p>An object that contains the details of a package vulnerability finding.</p>"
+        },
+        "remediation":{
+          "shape":"Remediation",
+          "documentation":"<p>An object that contains the details about how to remediate a finding.</p>"
+        },
+        "resources":{
+          "shape":"ResourceList",
+          "documentation":"<p>Contains information on the resources involved in a finding.</p>"
+        },
+        "severity":{
+          "shape":"Severity",
+          "documentation":"<p>The severity of the finding.</p>"
+        },
+        "status":{
+          "shape":"FindingStatus",
+          "documentation":"<p>The status of the finding.</p>"
+        },
+        "title":{
+          "shape":"FindingTitle",
+          "documentation":"<p>The title of the finding.</p>"
+        },
+        "type":{
+          "shape":"FindingType",
+          "documentation":"<p>The type of the finding.</p>"
+        },
+        "updatedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time the finding was last updated at.</p>"
+        }
+      },
+      "documentation":"<p>Details about an Amazon Inspector finding.</p>"
+    },
+    "FindingArn":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "FindingDescription":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "FindingList":{
+      "type":"list",
+      "member":{"shape":"Finding"},
+      "max":25,
+      "min":0
+    },
+    "FindingStatus":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "SUPPRESSED",
+        "CLOSED"
+      ]
+    },
+    "FindingTitle":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "FindingType":{
+      "type":"string",
+      "enum":[
+        "NETWORK_REACHABILITY",
+        "PACKAGE_VULNERABILITY"
+      ]
+    },
+    "FindingTypeAggregation":{
+      "type":"structure",
+      "members":{
+        "findingType":{
+          "shape":"AggregationFindingType",
+          "documentation":"<p>The finding type to aggregate.</p>"
+        },
+        "resourceType":{
+          "shape":"AggregationResourceType",
+          "documentation":"<p>The resource type to aggregate.</p>"
+        },
+        "sortBy":{
+          "shape":"FindingTypeSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on finding type.</p>"
+    },
+    "FindingTypeAggregationResponse":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account associated with the findings.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>The value to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains the results of a finding type aggregation.</p>"
+    },
+    "FindingTypeSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "FreeTrialAccountInfo":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "freeTrialInfo"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"MeteringAccountId",
+          "documentation":"<p>The account associated with the Amazon Inspector free trial information.</p>"
+        },
+        "freeTrialInfo":{
+          "shape":"FreeTrialInfoList",
+          "documentation":"<p>Contains information about the Amazon Inspector free trial for an account.</p>"
+        }
+      },
+      "documentation":"<p>Information about the Amazon Inspector free trial for an account.</p>"
+    },
+    "FreeTrialAccountInfoList":{
+      "type":"list",
+      "member":{"shape":"FreeTrialAccountInfo"}
+    },
+    "FreeTrialInfo":{
+      "type":"structure",
+      "required":[
+        "end",
+        "start",
+        "status",
+        "type"
+      ],
+      "members":{
+        "end":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the Amazon Inspector free trail ends for a given account.</p>"
+        },
+        "start":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the Amazon Inspector free trail started for a given account.</p>"
+        },
+        "status":{
+          "shape":"FreeTrialStatus",
+          "documentation":"<p>The order to sort results by.</p>"
+        },
+        "type":{
+          "shape":"FreeTrialType",
+          "documentation":"<p>The type of scan covered by the Amazon Inspector free trail.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about the Amazon Inspector free trial for an account.</p>"
+    },
+    "FreeTrialInfoError":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "code",
+        "message"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"MeteringAccountId",
+          "documentation":"<p>The account associated with the Amazon Inspector free trial information.</p>"
+        },
+        "code":{
+          "shape":"FreeTrialInfoErrorCode",
+          "documentation":"<p>The error code.</p>"
+        },
+        "message":{
+          "shape":"String",
+          "documentation":"<p>The error message returned.</p>"
+        }
+      },
+      "documentation":"<p>Information about an error received while accessing free trail data for an account.</p>"
+    },
+    "FreeTrialInfoErrorCode":{
+      "type":"string",
+      "enum":[
+        "ACCESS_DENIED",
+        "INTERNAL_ERROR"
+      ]
+    },
+    "FreeTrialInfoErrorList":{
+      "type":"list",
+      "member":{"shape":"FreeTrialInfoError"}
+    },
+    "FreeTrialInfoList":{
+      "type":"list",
+      "member":{"shape":"FreeTrialInfo"}
+    },
+    "FreeTrialStatus":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "INACTIVE"
+      ]
+    },
+    "FreeTrialType":{
+      "type":"string",
+      "enum":[
+        "EC2",
+        "ECR"
+      ]
+    },
+    "GetDelegatedAdminAccountRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetDelegatedAdminAccountResponse":{
+      "type":"structure",
+      "members":{
+        "delegatedAdmin":{
+          "shape":"DelegatedAdmin",
+          "documentation":"<p>The Amazon Web Services account ID of the Amazon Inspector delegated administrator.</p>"
+        }
+      }
+    },
+    "GetFindingsReportStatusRequest":{
+      "type":"structure",
+      "members":{
+        "reportId":{
+          "shape":"ReportId",
+          "documentation":"<p>The ID of the report to retrieve the status of.</p>"
+        }
+      }
+    },
+    "GetFindingsReportStatusResponse":{
+      "type":"structure",
+      "members":{
+        "destination":{
+          "shape":"Destination",
+          "documentation":"<p>The destination of the report.</p>"
+        },
+        "errorCode":{
+          "shape":"ReportingErrorCode",
+          "documentation":"<p>The error code of the report.</p>"
+        },
+        "errorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The error message of the report.</p>"
+        },
+        "filterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>The filter criteria associated with the report.</p>"
+        },
+        "reportId":{
+          "shape":"ReportId",
+          "documentation":"<p>The ID of the report.</p>"
+        },
+        "status":{
+          "shape":"ExternalReportStatus",
+          "documentation":"<p>The status of the report.</p>"
+        }
+      }
+    },
+    "GetMemberRequest":{
+      "type":"structure",
+      "required":["accountId"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the member account to retrieve information on.</p>"
+        }
+      }
+    },
+    "GetMemberResponse":{
+      "type":"structure",
+      "members":{
+        "member":{
+          "shape":"Member",
+          "documentation":"<p>Details of the retrieved member account.</p>"
+        }
+      }
+    },
+    "GroupKey":{
+      "type":"string",
+      "enum":[
+        "SCAN_STATUS_CODE",
+        "SCAN_STATUS_REASON",
+        "ACCOUNT_ID",
+        "RESOURCE_TYPE",
+        "ECR_REPOSITORY_NAME"
+      ]
+    },
+    "ImageHash":{
+      "type":"string",
+      "max":71,
+      "min":71,
+      "pattern":"^sha256:[a-z0-9]{64}$"
+    },
+    "ImageLayerAggregation":{
+      "type":"structure",
+      "members":{
+        "layerHashes":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The hashes associated with the layers.</p>"
+        },
+        "repositories":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The repository associated with the container image hosting the layers.</p>"
+        },
+        "resourceIds":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The ID of the container image layer.</p>"
+        },
+        "sortBy":{
+          "shape":"ImageLayerSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on container image layers.</p>"
+    },
+    "ImageLayerAggregationResponse":{
+      "type":"structure",
+      "required":[
+        "accountId",
+        "layerHash",
+        "repository",
+        "resourceId"
+      ],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account that owns the container image hosting the layer image.</p>"
+        },
+        "layerHash":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The layer hash.</p>"
+        },
+        "repository":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The repository the layer resides in.</p>"
+        },
+        "resourceId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The resource ID of the container image layer.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that represents the count of matched findings per severity.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains the results of a finding aggregation by image layer.</p>"
+    },
+    "ImageLayerSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "ImageTagList":{
+      "type":"list",
+      "member":{"shape":"NonEmptyString"}
+    },
+    "InspectorScoreDetails":{
+      "type":"structure",
+      "members":{
+        "adjustedCvss":{
+          "shape":"CvssScoreDetails",
+          "documentation":"<p>An object that contains details about the CVSS score given to a finding.</p>"
+        }
+      },
+      "documentation":"<p>Information about the Amazon Inspector score given to a finding.</p>"
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"},
+        "retryAfterSeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The number of seconds to wait before retrying the request.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        }
+      },
+      "documentation":"<p>The request has failed due to an internal failure of the Amazon Inspector service.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true,
+      "retryable":{"throttling":false}
+    },
+    "IpV4Address":{
+      "type":"string",
+      "max":15,
+      "min":7,
+      "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
+    },
+    "IpV4AddressList":{
+      "type":"list",
+      "member":{"shape":"IpV4Address"}
+    },
+    "IpV6Address":{
+      "type":"string",
+      "max":47,
+      "min":1
+    },
+    "IpV6AddressList":{
+      "type":"list",
+      "member":{"shape":"IpV6Address"}
+    },
+    "ListAccountPermissionsMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":1024,
+      "min":1
+    },
+    "ListAccountPermissionsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"ListAccountPermissionsMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "service":{
+          "shape":"Service",
+          "documentation":"<p>The service scan type to check permissions for.</p>"
+        }
+      }
+    },
+    "ListAccountPermissionsResponse":{
+      "type":"structure",
+      "required":["permissions"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "permissions":{
+          "shape":"Permissions",
+          "documentation":"<p>Contains details on the permissions an account has to configure Amazon Inspector.</p>"
+        }
+      }
+    },
+    "ListCoverageMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":200,
+      "min":1
+    },
+    "ListCoverageRequest":{
+      "type":"structure",
+      "members":{
+        "filterCriteria":{
+          "shape":"CoverageFilterCriteria",
+          "documentation":"<p>An object that contains details on the filters to apply to the coverage data for your environment.</p>"
+        },
+        "maxResults":{
+          "shape":"ListCoverageMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListCoverageResponse":{
+      "type":"structure",
+      "members":{
+        "coveredResources":{
+          "shape":"CoveredResources",
+          "documentation":"<p>An object that contains details on the covered resources in your environment.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListCoverageStatisticsRequest":{
+      "type":"structure",
+      "members":{
+        "filterCriteria":{
+          "shape":"CoverageFilterCriteria",
+          "documentation":"<p>An object that contains details on the filters to apply to the coverage data for your environment.</p>"
+        },
+        "groupBy":{
+          "shape":"GroupKey",
+          "documentation":"<p>The value to group the results by.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListCoverageStatisticsResponse":{
+      "type":"structure",
+      "required":["totalCounts"],
+      "members":{
+        "countsByGroup":{
+          "shape":"CountsList",
+          "documentation":"<p>An array with the number for each group.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "totalCounts":{
+          "shape":"Long",
+          "documentation":"<p>The total number for all groups.</p>"
+        }
+      }
+    },
+    "ListDelegatedAdminAccountsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"ListDelegatedAdminMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListDelegatedAdminAccountsResponse":{
+      "type":"structure",
+      "members":{
+        "delegatedAdminAccounts":{
+          "shape":"DelegatedAdminAccountList",
+          "documentation":"<p>Details of the Amazon Inspector delegated administrator of your organization.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListDelegatedAdminMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":5,
+      "min":1
+    },
+    "ListFilterMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "ListFiltersRequest":{
+      "type":"structure",
+      "members":{
+        "action":{
+          "shape":"FilterAction",
+          "documentation":"<p>The action the filter applies to matched findings.</p>"
+        },
+        "arns":{
+          "shape":"FilterArnList",
+          "documentation":"<p>The Amazon resource number (ARN) of the filter.</p>"
+        },
+        "maxResults":{
+          "shape":"ListFilterMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListFiltersResponse":{
+      "type":"structure",
+      "required":["filters"],
+      "members":{
+        "filters":{
+          "shape":"FilterList",
+          "documentation":"<p>Contains details on the filters associated with your account.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListFindingAggregationsMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "ListFindingAggregationsRequest":{
+      "type":"structure",
+      "required":["aggregationType"],
+      "members":{
+        "accountIds":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The Amazon Web Services account IDs to retrieve finding aggregation data for.</p>"
+        },
+        "aggregationRequest":{
+          "shape":"AggregationRequest",
+          "documentation":"<p>Details of the aggregation request that is used to filter your aggregation results.</p>"
+        },
+        "aggregationType":{
+          "shape":"AggregationType",
+          "documentation":"<p>The type of the aggregation request.</p>"
+        },
+        "maxResults":{
+          "shape":"ListFindingAggregationsMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListFindingAggregationsResponse":{
+      "type":"structure",
+      "required":["aggregationType"],
+      "members":{
+        "aggregationType":{
+          "shape":"AggregationType",
+          "documentation":"<p>The type of aggregation to perform.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "responses":{
+          "shape":"AggregationResponseList",
+          "documentation":"<p>Objects that contain the results of an aggregation operation.</p>"
+        }
+      }
+    },
+    "ListFindingsMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "ListFindingsRequest":{
+      "type":"structure",
+      "members":{
+        "filterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>Details on the filters to apply to your finding results.</p>"
+        },
+        "maxResults":{
+          "shape":"ListFindingsMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "sortCriteria":{
+          "shape":"SortCriteria",
+          "documentation":"<p>Details on the sort criteria to apply to your finding results.</p>"
+        }
+      }
+    },
+    "ListFindingsResponse":{
+      "type":"structure",
+      "members":{
+        "findings":{
+          "shape":"FindingList",
+          "documentation":"<p>Contains details on the findings in your environment.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListMembersMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":50,
+      "min":1
+    },
+    "ListMembersRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"ListMembersMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        },
+        "onlyAssociated":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to list only currently associated members if <code>True</code> or to list all members within the organization if <code>False</code>.</p>"
+        }
+      }
+    },
+    "ListMembersResponse":{
+      "type":"structure",
+      "members":{
+        "members":{
+          "shape":"MemberList",
+          "documentation":"<p>An object that contains details for each member account.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The pagination parameter to be used on the next list operation to retrieve more items.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon resource number (ARN) of the resource to list tags of.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags associated with the resource.</p>"
+        }
+      }
+    },
+    "ListUsageTotalsMaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":500,
+      "min":1
+    },
+    "ListUsageTotalsNextToken":{
+      "type":"string",
+      "min":1
+    },
+    "ListUsageTotalsRequest":{
+      "type":"structure",
+      "members":{
+        "accountIds":{
+          "shape":"UsageAccountIdList",
+          "documentation":"<p>The Amazon Web Services account IDs to retrieve usage totals for.</p>"
+        },
+        "maxResults":{
+          "shape":"ListUsageTotalsMaxResults",
+          "documentation":"<p>The maximum number of results to return in the response.</p>"
+        },
+        "nextToken":{
+          "shape":"ListUsageTotalsNextToken",
+          "documentation":"<p>A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the <code>NextToken</code> value returned from the previous request to continue listing results after the first page.</p>"
+        }
+      }
+    },
+    "ListUsageTotalsResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"ListUsageTotalsNextToken",
+          "documentation":"<p>The pagination parameter to be used on the next list operation to retrieve more items.</p>"
+        },
+        "totals":{
+          "shape":"UsageTotalList",
+          "documentation":"<p>An object with details on the total usage for the requested account.</p>"
+        }
+      }
+    },
+    "Long":{
+      "type":"long",
+      "box":true
+    },
+    "MapComparison":{
+      "type":"string",
+      "enum":["EQUALS"]
+    },
+    "MapFilter":{
+      "type":"structure",
+      "required":[
+        "comparison",
+        "key"
+      ],
+      "members":{
+        "comparison":{
+          "shape":"MapComparison",
+          "documentation":"<p>The operator to use when comparing values in the filter.</p>"
+        },
+        "key":{
+          "shape":"MapKey",
+          "documentation":"<p>The tag key used in the filter.</p>"
+        },
+        "value":{
+          "shape":"MapValue",
+          "documentation":"<p>The tag value used in the filter.</p>"
+        }
+      },
+      "documentation":"<p>An object that describes details of a map filter.</p>"
+    },
+    "MapFilterList":{
+      "type":"list",
+      "member":{"shape":"MapFilter"},
+      "max":10,
+      "min":1
+    },
+    "MapKey":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "MapValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "Member":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the member account.</p>"
+        },
+        "delegatedAdminAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.</p>"
+        },
+        "relationshipStatus":{
+          "shape":"RelationshipStatus",
+          "documentation":"<p>The status of the member account.</p>"
+        },
+        "updatedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>A timestamp showing when the status of this member was last updated.</p>"
+        }
+      },
+      "documentation":"<p>Details on a member account in your organization.</p>"
+    },
+    "MemberList":{
+      "type":"list",
+      "member":{"shape":"Member"},
+      "max":50,
+      "min":0
+    },
+    "MeteringAccountId":{
+      "type":"string",
+      "pattern":"[0-9]{12}"
+    },
+    "MonthlyCostEstimate":{
+      "type":"double",
+      "min":0
+    },
+    "NetworkPath":{
+      "type":"structure",
+      "members":{
+        "steps":{
+          "shape":"StepList",
+          "documentation":"<p>The details on the steps in the network path.</p>"
+        }
+      },
+      "documentation":"<p>Information on the network path associated with a finding.</p>"
+    },
+    "NetworkProtocol":{
+      "type":"string",
+      "enum":[
+        "TCP",
+        "UDP"
+      ]
+    },
+    "NetworkReachabilityDetails":{
+      "type":"structure",
+      "required":[
+        "networkPath",
+        "openPortRange",
+        "protocol"
+      ],
+      "members":{
+        "networkPath":{
+          "shape":"NetworkPath",
+          "documentation":"<p>An object that contains details about a network path associated with a finding.</p>"
+        },
+        "openPortRange":{
+          "shape":"PortRange",
+          "documentation":"<p>An object that contains details about the open port range associated with a finding.</p>"
+        },
+        "protocol":{
+          "shape":"NetworkProtocol",
+          "documentation":"<p>The protocol associated with a finding.</p>"
+        }
+      },
+      "documentation":"<p>Contains the details of a network reachability finding.</p>"
+    },
+    "NextToken":{
+      "type":"string",
+      "max":1000000,
+      "min":0
+    },
+    "NonEmptyString":{
+      "type":"string",
+      "min":1
+    },
+    "NonEmptyStringList":{
+      "type":"list",
+      "member":{"shape":"NonEmptyString"}
+    },
+    "NumberFilter":{
+      "type":"structure",
+      "members":{
+        "lowerInclusive":{
+          "shape":"Double",
+          "documentation":"<p>The lowest number to be included in the filter.</p>"
+        },
+        "upperInclusive":{
+          "shape":"Double",
+          "documentation":"<p>The highest number to be included in the filter.</p>"
+        }
+      },
+      "documentation":"<p>An object that describes the details of a number filter.</p>"
+    },
+    "NumberFilterList":{
+      "type":"list",
+      "member":{"shape":"NumberFilter"},
+      "max":10,
+      "min":1
+    },
+    "Operation":{
+      "type":"string",
+      "enum":[
+        "ENABLE_SCANNING",
+        "DISABLE_SCANNING",
+        "ENABLE_REPOSITORY",
+        "DISABLE_REPOSITORY"
+      ]
+    },
+    "OwnerId":{
+      "type":"string",
+      "max":34,
+      "min":12,
+      "pattern":"(^\\d{12}$)|(^o-[a-z0-9]{10,32}$)"
+    },
+    "PackageAggregation":{
+      "type":"structure",
+      "members":{
+        "packageNames":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The names of packages to aggregate findings on.</p>"
+        },
+        "sortBy":{
+          "shape":"PackageSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on operating system package type.</p>"
+    },
+    "PackageAggregationResponse":{
+      "type":"structure",
+      "required":["packageName"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account associated with the findings.</p>"
+        },
+        "packageName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the operating system package.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that contains the count of matched findings per severity.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains the results of a finding aggregation by image layer.</p>"
+    },
+    "PackageArchitecture":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "PackageEpoch":{"type":"integer"},
+    "PackageFilter":{
+      "type":"structure",
+      "members":{
+        "architecture":{
+          "shape":"StringFilter",
+          "documentation":"<p>An object that contains details on the package architecture type to filter on.</p>"
+        },
+        "epoch":{
+          "shape":"NumberFilter",
+          "documentation":"<p>An object that contains details on the package epoch to filter on.</p>"
+        },
+        "name":{
+          "shape":"StringFilter",
+          "documentation":"<p>An object that contains details on the name of the package to filter on.</p>"
+        },
+        "release":{
+          "shape":"StringFilter",
+          "documentation":"<p>An object that contains details on the package release to filter on.</p>"
+        },
+        "sourceLayerHash":{
+          "shape":"StringFilter",
+          "documentation":"<p>An object that contains details on the source layer hash to filter on.</p>"
+        },
+        "version":{
+          "shape":"StringFilter",
+          "documentation":"<p>The package version to filter on.</p>"
+        }
+      },
+      "documentation":"<p>Contains information on the details of a package filter.</p>"
+    },
+    "PackageFilterList":{
+      "type":"list",
+      "member":{"shape":"PackageFilter"},
+      "max":10,
+      "min":1
+    },
+    "PackageManager":{
+      "type":"string",
+      "enum":[
+        "BUNDLER",
+        "CARGO",
+        "COMPOSER",
+        "NPM",
+        "NUGET",
+        "PIPENV",
+        "POETRY",
+        "YARN",
+        "GOBINARY",
+        "GOMOD",
+        "JAR",
+        "OS"
+      ]
+    },
+    "PackageName":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "PackageRelease":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "PackageSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "PackageVersion":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "PackageVulnerabilityDetails":{
+      "type":"structure",
+      "required":[
+        "source",
+        "vulnerabilityId",
+        "vulnerablePackages"
+      ],
+      "members":{
+        "cvss":{
+          "shape":"CvssScoreList",
+          "documentation":"<p>An object that contains details about the CVSS score of a finding.</p>"
+        },
+        "referenceUrls":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>One or more URLs that contain details about this vulnerability type.</p>"
+        },
+        "relatedVulnerabilities":{
+          "shape":"VulnerabilityIdList",
+          "documentation":"<p>One or more vulnerabilities related to the one identified in this finding.</p>"
+        },
+        "source":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source of the vulnerability information.</p>"
+        },
+        "sourceUrl":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A URL to the source of the vulnerability information.</p>"
+        },
+        "vendorCreatedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time that this vulnerability was first added to the vendor's database.</p>"
+        },
+        "vendorSeverity":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The severity the vendor has given to this vulnerability type.</p>"
+        },
+        "vendorUpdatedAt":{
+          "shape":"DateTimeTimestamp",
+          "documentation":"<p>The date and time the vendor last updated this vulnerability in their database.</p>"
+        },
+        "vulnerabilityId":{
+          "shape":"VulnerabilityId",
+          "documentation":"<p>The ID given to this vulnerability.</p>"
+        },
+        "vulnerablePackages":{
+          "shape":"VulnerablePackageList",
+          "documentation":"<p>The packages impacted by this vulnerability.</p>"
+        }
+      },
+      "documentation":"<p>Information about a package vulnerability finding.</p>"
+    },
+    "Permission":{
+      "type":"structure",
+      "required":[
+        "operation",
+        "service"
+      ],
+      "members":{
+        "operation":{
+          "shape":"Operation",
+          "documentation":"<p>The operations that can be performed with the given permissions.</p>"
+        },
+        "service":{
+          "shape":"Service",
+          "documentation":"<p>The services that the permissions allow an account to perform the given operations for.</p>"
+        }
+      },
+      "documentation":"<p>Contains information on the permissions an account has within Amazon Inspector.</p>"
+    },
+    "Permissions":{
+      "type":"list",
+      "member":{"shape":"Permission"},
+      "max":1024,
+      "min":0
+    },
+    "Platform":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "Port":{
+      "type":"integer",
+      "box":true,
+      "max":65535,
+      "min":0
+    },
+    "PortRange":{
+      "type":"structure",
+      "required":[
+        "begin",
+        "end"
+      ],
+      "members":{
+        "begin":{
+          "shape":"Port",
+          "documentation":"<p>The beginning port in a port range.</p>"
+        },
+        "end":{
+          "shape":"Port",
+          "documentation":"<p>The ending port in a port range.</p>"
+        }
+      },
+      "documentation":"<p>Details about the port range associated with a finding.</p>"
+    },
+    "PortRangeFilter":{
+      "type":"structure",
+      "members":{
+        "beginInclusive":{
+          "shape":"Port",
+          "documentation":"<p>The port number the port range begins at.</p>"
+        },
+        "endInclusive":{
+          "shape":"Port",
+          "documentation":"<p>The port number the port range ends at.</p>"
+        }
+      },
+      "documentation":"<p>An object that describes the details of a port range filter.</p>"
+    },
+    "PortRangeFilterList":{
+      "type":"list",
+      "member":{"shape":"PortRangeFilter"},
+      "max":10,
+      "min":1
+    },
+    "Recommendation":{
+      "type":"structure",
+      "members":{
+        "Url":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The URL address to the CVE remediation recommendations.</p>"
+        },
+        "text":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The recommended course of action to remediate the finding.</p>"
+        }
+      },
+      "documentation":"<p>Details about the recommended course of action to remediate the finding.</p>"
+    },
+    "RelationshipStatus":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "INVITED",
+        "DISABLED",
+        "ENABLED",
+        "REMOVED",
+        "RESIGNED",
+        "DELETED",
+        "EMAIL_VERIFICATION_IN_PROGRESS",
+        "EMAIL_VERIFICATION_FAILED",
+        "REGION_DISABLED",
+        "ACCOUNT_SUSPENDED",
+        "CANNOT_CREATE_DETECTOR_IN_ORG_MASTER"
+      ]
+    },
+    "Remediation":{
+      "type":"structure",
+      "members":{
+        "recommendation":{
+          "shape":"Recommendation",
+          "documentation":"<p>An object that contains information about the recommended course of action to remediate the finding.</p>"
+        }
+      },
+      "documentation":"<p>Information on how to remediate a finding.</p>"
+    },
+    "ReportFormat":{
+      "type":"string",
+      "enum":[
+        "CSV",
+        "JSON"
+      ]
+    },
+    "ReportId":{
+      "type":"string",
+      "pattern":"\\b[a-f0-9]{8}\\b-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-\\b[a-f0-9]{12}\\b"
+    },
+    "ReportingErrorCode":{
+      "type":"string",
+      "enum":[
+        "INTERNAL_ERROR",
+        "INVALID_PERMISSIONS"
+      ]
+    },
+    "RepositoryAggregation":{
+      "type":"structure",
+      "members":{
+        "repositories":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The names of repositories to aggregate findings on.</p>"
+        },
+        "sortBy":{
+          "shape":"RepositorySortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on repository.</p>"
+    },
+    "RepositoryAggregationResponse":{
+      "type":"structure",
+      "required":["repository"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account associated with the findings.</p>"
+        },
+        "affectedImages":{
+          "shape":"Long",
+          "documentation":"<p>The number of container images impacted by the findings.</p>"
+        },
+        "repository":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the repository associated with the findings.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that represent the count of matched findings per severity.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains details on the results of a finding aggregation by repository.</p>"
+    },
+    "RepositorySortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL",
+        "AFFECTED_IMAGES"
+      ]
+    },
+    "Resource":{
+      "type":"structure",
+      "required":[
+        "id",
+        "type"
+      ],
+      "members":{
+        "details":{
+          "shape":"ResourceDetails",
+          "documentation":"<p>An object that contains details about the resource involved in a finding.</p>"
+        },
+        "id":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ID of the resource.</p>"
+        },
+        "partition":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The partition of the resource.</p>"
+        },
+        "region":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The Amazon Web Services Region the impacted resource is located in.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags attached to the resource.</p>"
+        },
+        "type":{
+          "shape":"ResourceType",
+          "documentation":"<p>The type of resource.</p>"
+        }
+      },
+      "documentation":"<p>Details about the resource involved in a finding.</p>"
+    },
+    "ResourceDetails":{
+      "type":"structure",
+      "members":{
+        "awsEc2Instance":{
+          "shape":"AwsEc2InstanceDetails",
+          "documentation":"<p>An object that contains details about the Amazon EC2 instance involved in the finding.</p>"
+        },
+        "awsEcrContainerImage":{
+          "shape":"AwsEcrContainerImageDetails",
+          "documentation":"<p>An object that contains details about the Amazon ECR container image involved in the finding.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about the resource involved in the finding.</p>"
+    },
+    "ResourceId":{
+      "type":"string",
+      "max":341,
+      "min":10,
+      "pattern":"(^arn:.*:ecr:.*:\\d{12}:repository\\/(?:[a-z0-9]+(?:[._-][a-z0-9]+)*\\/)*[a-z0-9]+(?:[._-][a-z0-9]+)*(\\/sha256:[a-z0-9]{64})?$)|(^i-([a-z0-9]{8}|[a-z0-9]{17}|\\\\*)$)"
+    },
+    "ResourceList":{
+      "type":"list",
+      "member":{"shape":"Resource"},
+      "max":10,
+      "min":1
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The operation tried to access an invalid resource. Make sure the resource is specified correctly.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceScanMetadata":{
+      "type":"structure",
+      "members":{
+        "ec2":{
+          "shape":"Ec2Metadata",
+          "documentation":"<p>An object that contains metadata details for an Amazon EC2 instance.</p>"
+        },
+        "ecrImage":{
+          "shape":"EcrContainerImageMetadata",
+          "documentation":"<p>An object that contains details about the container metadata for an Amazon ECR image.</p>"
+        },
+        "ecrRepository":{
+          "shape":"EcrRepositoryMetadata",
+          "documentation":"<p>An object that contains details about the repository an Amazon ECR image resides in.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains details about the metadata for an Amazon ECR resource.</p>"
+    },
+    "ResourceScanType":{
+      "type":"string",
+      "enum":[
+        "EC2",
+        "ECR"
+      ]
+    },
+    "ResourceState":{
+      "type":"structure",
+      "required":[
+        "ec2",
+        "ecr"
+      ],
+      "members":{
+        "ec2":{
+          "shape":"State",
+          "documentation":"<p>An object detailing the state of Amazon Inspector scanning for Amazon EC2 resources.</p>"
+        },
+        "ecr":{
+          "shape":"State",
+          "documentation":"<p>An object detailing the state of Amazon Inspector scanning for Amazon ECR resources.</p>"
+        }
+      },
+      "documentation":"<p>Details the state of Amazon Inspector for each resource type Amazon Inspector scans.</p>"
+    },
+    "ResourceStatus":{
+      "type":"structure",
+      "required":[
+        "ec2",
+        "ecr"
+      ],
+      "members":{
+        "ec2":{
+          "shape":"Status",
+          "documentation":"<p>The status of Amazon Inspector scanning for Amazon EC2 resources.</p>"
+        },
+        "ecr":{
+          "shape":"Status",
+          "documentation":"<p>The status of Amazon Inspector scanning for Amazon ECR resources.</p>"
+        }
+      },
+      "documentation":"<p>Details the status of Amazon Inspector for each resource type Amazon Inspector scans.</p>"
+    },
+    "ResourceType":{
+      "type":"string",
+      "enum":[
+        "AWS_EC2_INSTANCE",
+        "AWS_ECR_CONTAINER_IMAGE",
+        "AWS_ECR_REPOSITORY"
+      ]
+    },
+    "ScanStatus":{
+      "type":"structure",
+      "required":[
+        "reason",
+        "statusCode"
+      ],
+      "members":{
+        "reason":{
+          "shape":"ScanStatusReason",
+          "documentation":"<p>The reason for the scan.</p>"
+        },
+        "statusCode":{
+          "shape":"ScanStatusCode",
+          "documentation":"<p>The status code of the scan.</p>"
+        }
+      },
+      "documentation":"<p>The status of the scan.</p>"
+    },
+    "ScanStatusCode":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "INACTIVE"
+      ]
+    },
+    "ScanStatusReason":{
+      "type":"string",
+      "enum":[
+        "PENDING_INITIAL_SCAN",
+        "ACCESS_DENIED",
+        "INTERNAL_ERROR",
+        "UNMANAGED_EC2_INSTANCE",
+        "UNSUPPORTED_OS",
+        "SCAN_ELIGIBILITY_EXPIRED",
+        "RESOURCE_TERMINATED",
+        "SUCCESSFUL",
+        "NO_RESOURCES_FOUND",
+        "IMAGE_SIZE_EXCEEDED",
+        "SCAN_FREQUENCY_MANUAL",
+        "SCAN_FREQUENCY_SCAN_ON_PUSH",
+        "EC2_INSTANCE_STOPPED"
+      ]
+    },
+    "ScanType":{
+      "type":"string",
+      "enum":[
+        "NETWORK",
+        "PACKAGE"
+      ]
+    },
+    "Service":{
+      "type":"string",
+      "enum":[
+        "EC2",
+        "ECR"
+      ]
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "required":[
+        "message",
+        "resourceId"
+      ],
+      "members":{
+        "message":{"shape":"String"},
+        "resourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource that exceeds a service quota.</p>"
+        }
+      },
+      "documentation":"<p>You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Severity":{
+      "type":"string",
+      "enum":[
+        "INFORMATIONAL",
+        "LOW",
+        "MEDIUM",
+        "HIGH",
+        "CRITICAL",
+        "UNTRIAGED"
+      ]
+    },
+    "SeverityCounts":{
+      "type":"structure",
+      "members":{
+        "all":{
+          "shape":"Long",
+          "documentation":"<p>The total count of findings from all severities.</p>"
+        },
+        "critical":{
+          "shape":"Long",
+          "documentation":"<p>The total count of critical severity findings.</p>"
+        },
+        "high":{
+          "shape":"Long",
+          "documentation":"<p>The total count of high severity findings.</p>"
+        },
+        "medium":{
+          "shape":"Long",
+          "documentation":"<p>The total count of medium severity findings.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains the counts of aggregated finding per severity.</p>"
+    },
+    "SortCriteria":{
+      "type":"structure",
+      "required":[
+        "field",
+        "sortOrder"
+      ],
+      "members":{
+        "field":{
+          "shape":"SortField",
+          "documentation":"<p>The finding detail field by which results are sorted.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order by which findings are sorted.</p>"
+        }
+      },
+      "documentation":"<p>Details about the criteria used to sort finding results.</p>"
+    },
+    "SortField":{
+      "type":"string",
+      "enum":[
+        "AWS_ACCOUNT_ID",
+        "FINDING_TYPE",
+        "SEVERITY",
+        "FIRST_OBSERVED_AT",
+        "LAST_OBSERVED_AT",
+        "FINDING_STATUS",
+        "RESOURCE_TYPE",
+        "ECR_IMAGE_PUSHED_AT",
+        "ECR_IMAGE_REPOSITORY_NAME",
+        "ECR_IMAGE_REGISTRY",
+        "NETWORK_PROTOCOL",
+        "COMPONENT_TYPE",
+        "VULNERABILITY_ID",
+        "VULNERABILITY_SOURCE",
+        "INSPECTOR_SCORE",
+        "VENDOR_SEVERITY"
+      ]
+    },
+    "SortOrder":{
+      "type":"string",
+      "enum":[
+        "ASC",
+        "DESC"
+      ]
+    },
+    "SourceLayerHash":{
+      "type":"string",
+      "max":71,
+      "min":71,
+      "pattern":"^sha256:[a-z0-9]{64}$"
+    },
+    "State":{
+      "type":"structure",
+      "required":[
+        "errorCode",
+        "errorMessage",
+        "status"
+      ],
+      "members":{
+        "errorCode":{
+          "shape":"ErrorCode",
+          "documentation":"<p>The error code explaining why the account failed to enable Amazon Inspector.</p>"
+        },
+        "errorMessage":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The error message received when the account failed to enable Amazon Inspector.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of Amazon Inspector for the account.</p>"
+        }
+      },
+      "documentation":"<p>An object that described the state of Amazon Inspector scans for an account.</p>"
+    },
+    "Status":{
+      "type":"string",
+      "enum":[
+        "ENABLING",
+        "ENABLED",
+        "DISABLING",
+        "DISABLED",
+        "SUSPENDING",
+        "SUSPENDED"
+      ]
+    },
+    "Step":{
+      "type":"structure",
+      "required":[
+        "componentId",
+        "componentType"
+      ],
+      "members":{
+        "componentId":{
+          "shape":"Component",
+          "documentation":"<p>The component ID.</p>"
+        },
+        "componentType":{
+          "shape":"ComponentType",
+          "documentation":"<p>The component type.</p>"
+        }
+      },
+      "documentation":"<p>Details about the step associated with a finding.</p>"
+    },
+    "StepList":{
+      "type":"list",
+      "member":{"shape":"Step"},
+      "max":30,
+      "min":1
+    },
+    "String":{"type":"string"},
+    "StringComparison":{
+      "type":"string",
+      "enum":[
+        "EQUALS",
+        "PREFIX",
+        "NOT_EQUALS"
+      ]
+    },
+    "StringFilter":{
+      "type":"structure",
+      "required":[
+        "comparison",
+        "value"
+      ],
+      "members":{
+        "comparison":{
+          "shape":"StringComparison",
+          "documentation":"<p>The operator to use when comparing values in the filter</p>"
+        },
+        "value":{
+          "shape":"StringInput",
+          "documentation":"<p>The value to filter on.</p>"
+        }
+      },
+      "documentation":"<p>An object that describes the details of a string filter.</p>"
+    },
+    "StringFilterList":{
+      "type":"list",
+      "member":{"shape":"StringFilter"},
+      "max":10,
+      "min":1
+    },
+    "StringInput":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "StringList":{
+      "type":"list",
+      "member":{"shape":"NonEmptyString"}
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":50,
+      "min":0
+    },
+    "TagList":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"MapKey"},
+      "value":{"shape":"MapValue"}
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to apply a tag to.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to be added to a resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The limit on the number of requests per second was exceeded.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Timestamp":{"type":"timestamp"},
+    "TitleAggregation":{
+      "type":"structure",
+      "members":{
+        "resourceType":{
+          "shape":"AggregationResourceType",
+          "documentation":"<p>The resource type to aggregate on.</p>"
+        },
+        "sortBy":{
+          "shape":"TitleSortBy",
+          "documentation":"<p>The value to sort results by.</p>"
+        },
+        "sortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The order to sort results by.</p>"
+        },
+        "titles":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The finding titles to aggregate on.</p>"
+        },
+        "vulnerabilityIds":{
+          "shape":"StringFilterList",
+          "documentation":"<p>The vulnerability IDs of the findings.</p>"
+        }
+      },
+      "documentation":"<p>The details that define an aggregation based on finding title.</p>"
+    },
+    "TitleAggregationResponse":{
+      "type":"structure",
+      "required":["title"],
+      "members":{
+        "accountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The ID of the Amazon Web Services account associated with the findings.</p>"
+        },
+        "severityCounts":{
+          "shape":"SeverityCounts",
+          "documentation":"<p>An object that represent the count of matched findings per severity.</p>"
+        },
+        "title":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The title that the findings were aggregated on.</p>"
+        },
+        "vulnerabilityId":{
+          "shape":"String",
+          "documentation":"<p>The vulnerability ID of the finding.</p>"
+        }
+      },
+      "documentation":"<p>A response that contains details on the results of a finding aggregation by title.</p>"
+    },
+    "TitleSortBy":{
+      "type":"string",
+      "enum":[
+        "CRITICAL",
+        "HIGH",
+        "ALL"
+      ]
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the resource to remove tags from.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The tag keys to remove from the resource.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateFilterRequest":{
+      "type":"structure",
+      "required":["filterArn"],
+      "members":{
+        "action":{
+          "shape":"FilterAction",
+          "documentation":"<p>Specifies the action that is to be applied to the findings that match the filter.</p>"
+        },
+        "description":{
+          "shape":"FilterDescription",
+          "documentation":"<p>A description of the filter.</p>"
+        },
+        "filterArn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the filter to update.</p>"
+        },
+        "filterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>Defines the criteria to be update in the filter.</p>"
+        },
+        "name":{
+          "shape":"FilterName",
+          "documentation":"<p>The name of the filter.</p>"
+        }
+      }
+    },
+    "UpdateFilterResponse":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"FilterArn",
+          "documentation":"<p>The Amazon Resource Number (ARN) of the successfully updated filter.</p>"
+        }
+      }
+    },
+    "UpdateOrganizationConfigurationRequest":{
+      "type":"structure",
+      "required":["autoEnable"],
+      "members":{
+        "autoEnable":{
+          "shape":"AutoEnable",
+          "documentation":"<p>Defines which scan types are enabled automatically for new members of your Amazon Inspector organization.</p>"
+        }
+      }
+    },
+    "UpdateOrganizationConfigurationResponse":{
+      "type":"structure",
+      "required":["autoEnable"],
+      "members":{
+        "autoEnable":{
+          "shape":"AutoEnable",
+          "documentation":"<p>The updated status of scan types automatically enabled for new members of your Amazon Inspector organization.</p>"
+        }
+      }
+    },
+    "Usage":{
+      "type":"structure",
+      "members":{
+        "currency":{
+          "shape":"Currency",
+          "documentation":"<p>The currency type used when calculating usage data.</p>"
+        },
+        "estimatedMonthlyCost":{
+          "shape":"MonthlyCostEstimate",
+          "documentation":"<p>The estimated monthly cost of Amazon Inspector.</p>"
+        },
+        "total":{
+          "shape":"UsageValue",
+          "documentation":"<p>The total of usage.</p>"
+        },
+        "type":{
+          "shape":"UsageType",
+          "documentation":"<p>The type scan.</p>"
+        }
+      },
+      "documentation":"<p>Contains usage information about the cost of Amazon Inspector operation.</p>"
+    },
+    "UsageAccountId":{
+      "type":"string",
+      "pattern":"[0-9]{12}"
+    },
+    "UsageAccountIdList":{
+      "type":"list",
+      "member":{"shape":"UsageAccountId"},
+      "max":5000,
+      "min":1
+    },
+    "UsageList":{
+      "type":"list",
+      "member":{"shape":"Usage"}
+    },
+    "UsageTotal":{
+      "type":"structure",
+      "members":{
+        "accountId":{
+          "shape":"MeteringAccountId",
+          "documentation":"<p>The account ID of the account that usage data was retrieved for.</p>"
+        },
+        "usage":{
+          "shape":"UsageList",
+          "documentation":"<p>An object representing the total usage for an account.</p>"
+        }
+      },
+      "documentation":"<p>The total of usage for an account ID.</p>"
+    },
+    "UsageTotalList":{
+      "type":"list",
+      "member":{"shape":"UsageTotal"}
+    },
+    "UsageType":{
+      "type":"string",
+      "enum":[
+        "EC2_INSTANCE_HOURS",
+        "ECR_INITIAL_SCAN",
+        "ECR_RESCAN"
+      ]
+    },
+    "UsageValue":{
+      "type":"double",
+      "min":0
+    },
+    "ValidationException":{
+      "type":"structure",
+      "required":[
+        "message",
+        "reason"
+      ],
+      "members":{
+        "fields":{
+          "shape":"ValidationExceptionFields",
+          "documentation":"<p>The fields that failed validation.</p>"
+        },
+        "message":{"shape":"String"},
+        "reason":{
+          "shape":"ValidationExceptionReason",
+          "documentation":"<p>The reason for the validation failure.</p>"
+        }
+      },
+      "documentation":"<p>The request has failed validation due to missing required fields or having invalid inputs.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ValidationExceptionField":{
+      "type":"structure",
+      "required":[
+        "message",
+        "name"
+      ],
+      "members":{
+        "message":{
+          "shape":"String",
+          "documentation":"<p>The validation exception message.</p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the validation exception.</p>"
+        }
+      },
+      "documentation":"<p>An object that describes a validation exception.</p>"
+    },
+    "ValidationExceptionFields":{
+      "type":"list",
+      "member":{"shape":"ValidationExceptionField"}
+    },
+    "ValidationExceptionReason":{
+      "type":"string",
+      "enum":[
+        "CANNOT_PARSE",
+        "FIELD_VALIDATION_FAILED",
+        "OTHER"
+      ]
+    },
+    "VulnerabilityId":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "VulnerabilityIdList":{
+      "type":"list",
+      "member":{"shape":"VulnerabilityId"}
+    },
+    "VulnerablePackage":{
+      "type":"structure",
+      "required":[
+        "name",
+        "version"
+      ],
+      "members":{
+        "arch":{
+          "shape":"PackageArchitecture",
+          "documentation":"<p>The architecture of the vulnerable package.</p>"
+        },
+        "epoch":{
+          "shape":"PackageEpoch",
+          "documentation":"<p>The epoch of the vulnerable package.</p>"
+        },
+        "filePath":{
+          "shape":"FilePath",
+          "documentation":"<p>The file path of the vulnerable package.</p>"
+        },
+        "fixedInVersion":{
+          "shape":"PackageVersion",
+          "documentation":"<p>The version of the package that contains the vulnerability fix.</p>"
+        },
+        "name":{
+          "shape":"PackageName",
+          "documentation":"<p>The name of the vulnerable package.</p>"
+        },
+        "packageManager":{
+          "shape":"PackageManager",
+          "documentation":"<p>The package manager of the vulnerable package.</p>"
+        },
+        "release":{
+          "shape":"PackageRelease",
+          "documentation":"<p>The release of the vulnerable package.</p>"
+        },
+        "sourceLayerHash":{
+          "shape":"SourceLayerHash",
+          "documentation":"<p>The source layer hash of the vulnerable package.</p>"
+        },
+        "version":{
+          "shape":"PackageVersion",
+          "documentation":"<p>The version of the vulnerable package.</p>"
+        }
+      },
+      "documentation":"<p>Information on the vulnerable package identified by a finding.</p>"
+    },
+    "VulnerablePackageList":{
+      "type":"list",
+      "member":{"shape":"VulnerablePackage"}
+    }
+  },
+  "documentation":"<p>Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2 and Amazon ECR environments.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/iot/2015-05-28/service-2.json b/contrib/python/botocore/py3/botocore/data/iot/2015-05-28/service-2.json
index d70a50ccb5d..d588fd79324 100644
--- a/contrib/python/botocore/py3/botocore/data/iot/2015-05-28/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/iot/2015-05-28/service-2.json
@@ -352,7 +352,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates an X.509 certificate using the specified certificate signing request.</p> <p> <b>Note:</b> The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256 or NIST P-384 curves. </p> <p> <b>Note:</b> Reusing the same certificate signing request (CSR) results in a distinct certificate.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">CreateCertificateFromCsr</a> action.</p> <p>You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.</p> <p>Assuming a set of CSRs are located inside of the directory my-csr-directory:</p> <p>On Linux and OS X, the command is:</p> <p>$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}</p> <p>This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr Amazon Web Services CLI command to create a certificate for the corresponding CSR.</p> <p>The aws iot create-certificate-from-csr part of the command can also be run in parallel to speed up the certificate creation process:</p> <p>$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}</p> <p>On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:</p> <p>&gt; ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}</p> <p>On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:</p> <p>&gt; forfiles /p my-csr-directory /c \"cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path\"</p>"
+      "documentation":"<p>Creates an X.509 certificate using the specified certificate signing request.</p> <p> <b>Note:</b> The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256, NIST P-384, or NIST P-512 curves. For supported certificates, consult <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html#x509-cert-algorithms\"> Certificate signing algorithms supported by IoT</a>.</p> <p> <b>Note:</b> Reusing the same certificate signing request (CSR) results in a distinct certificate.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">CreateCertificateFromCsr</a> action.</p> <p>You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.</p> <p>Assuming a set of CSRs are located inside of the directory my-csr-directory:</p> <p>On Linux and OS X, the command is:</p> <p>$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}</p> <p>This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr Amazon Web Services CLI command to create a certificate for the corresponding CSR.</p> <p>The aws iot create-certificate-from-csr part of the command can also be run in parallel to speed up the certificate creation process:</p> <p>$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}</p> <p>On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:</p> <p>&gt; ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}</p> <p>On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:</p> <p>&gt; forfiles /p my-csr-directory /c \"cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path\"</p>"
     },
     "CreateCustomMetric":{
       "name":"CreateCustomMetric",
@@ -1685,6 +1685,22 @@
       ],
       "documentation":"<p>Returns information about a job template.</p>"
     },
+    "DescribeManagedJobTemplate":{
+      "name":"DescribeManagedJobTemplate",
+      "http":{
+        "method":"GET",
+        "requestUri":"/managed-job-templates/{templateName}"
+      },
+      "input":{"shape":"DescribeManagedJobTemplateRequest"},
+      "output":{"shape":"DescribeManagedJobTemplateResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>View details of a managed job template.</p>"
+    },
     "DescribeMitigationAction":{
       "name":"DescribeMitigationAction",
       "http":{
@@ -2626,6 +2642,22 @@
       ],
       "documentation":"<p>Lists jobs.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">ListJobs</a> action.</p>"
     },
+    "ListManagedJobTemplates":{
+      "name":"ListManagedJobTemplates",
+      "http":{
+        "method":"GET",
+        "requestUri":"/managed-job-templates"
+      },
+      "input":{"shape":"ListManagedJobTemplatesRequest"},
+      "output":{"shape":"ListManagedJobTemplatesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a list of managed job templates.</p>"
+    },
     "ListMitigationActions":{
       "name":"ListMitigationActions",
       "http":{
@@ -3216,7 +3248,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Register a certificate that does not have a certificate authority (CA).</p>"
+      "documentation":"<p>Register a certificate that does not have a certificate authority (CA). For supported certificates, consult <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html#x509-cert-algorithms\"> Certificate signing algorithms supported by IoT</a>. </p>"
     },
     "RegisterThing":{
       "name":"RegisterThing",
@@ -3269,7 +3301,7 @@
         {"shape":"InternalFailureException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Removes the given thing from the billing group.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">RemoveThingFromBillingGroup</a> action.</p>"
+      "documentation":"<p>Removes the given thing from the billing group.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">RemoveThingFromBillingGroup</a> action.</p> <note> <p>This call is asynchronous. It might take several seconds for the detachment to propagate.</p> </note>"
     },
     "RemoveThingFromThingGroup":{
       "name":"RemoveThingFromThingGroup",
@@ -4246,7 +4278,7 @@
       "members":{
         "billingGroupName":{
           "shape":"BillingGroupName",
-          "documentation":"<p>The name of the billing group.</p>"
+          "documentation":"<p>The name of the billing group.</p> <note> <p>This call is asynchronous. It might take several seconds for the detachment to propagate.</p> </note>"
         },
         "billingGroupArn":{
           "shape":"BillingGroupArn",
@@ -5146,13 +5178,18 @@
         "signingDisabled":{
           "shape":"BooleanKey",
           "documentation":"<p>Specifies whether IoT validates the token signature in an authorization request.</p>"
+        },
+        "enableCachingForHttp":{
+          "shape":"EnableCachingForHttp",
+          "documentation":"<p>When <code>true</code>, the result from the authorizer’s Lambda function is cached for the time specified in <code>refreshAfterInSeconds</code>. The cached result is used while the device reuses the same HTTP connection.</p>"
         }
       },
       "documentation":"<p>The authorizer description.</p>"
     },
     "AuthorizerFunctionArn":{
       "type":"string",
-      "max":2048
+      "max":2048,
+      "pattern":"[\\s\\S]*"
     },
     "AuthorizerName":{
       "type":"string",
@@ -5905,11 +5942,14 @@
       "type":"string",
       "documentation":"<p>The PEM of a certificate.</p>",
       "max":65536,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "CertificateSigningRequest":{
       "type":"string",
-      "min":1
+      "max":4096,
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "CertificateStateException":{
       "type":"structure",
@@ -6243,7 +6283,7 @@
         },
         "clientRequestToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p> Each audit supression must have a unique client request token. If you try to create a new audit suppression with the same token as one that already exists, an exception occurs. If you omit this value, Amazon Web Services SDKs will automatically generate a unique client request. </p>",
+          "documentation":"<p> Each audit supression must have a unique client request token. If you try to create a new audit suppression with the same token as one that already exists, an exception occurs. If you omit this value, Amazon Web Services SDKs will automatically generate a unique client request.</p>",
           "idempotencyToken":true
         }
       }
@@ -6289,6 +6329,10 @@
         "signingDisabled":{
           "shape":"BooleanKey",
           "documentation":"<p>Specifies whether IoT validates the token signature in an authorization request.</p>"
+        },
+        "enableCachingForHttp":{
+          "shape":"EnableCachingForHttp",
+          "documentation":"<p>When <code>true</code>, the result from the authorizer’s Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in <code>refreshAfterInSeconds</code>. This value does not affect authorization of clients that use MQTT connections.</p> <p>The default value is <code>false</code>.</p>"
         }
       }
     },
@@ -6693,7 +6737,7 @@
         },
         "abortConfig":{
           "shape":"AbortConfig",
-          "documentation":"<p>Allows you to create criteria to abort a job.</p>"
+          "documentation":"<p>Allows you to create the criteria to abort a job.</p>"
         },
         "timeoutConfig":{
           "shape":"TimeoutConfig",
@@ -6710,6 +6754,14 @@
         "jobTemplateArn":{
           "shape":"JobTemplateArn",
           "documentation":"<p>The ARN of the job template used to create the job.</p>"
+        },
+        "jobExecutionsRetryConfig":{
+          "shape":"JobExecutionsRetryConfig",
+          "documentation":"<p>Allows you to create the criteria to retry a job.</p>"
+        },
+        "documentParameters":{
+          "shape":"ParameterMap",
+          "documentation":"<p>Parameters of a managed template that you can specify to create the job document.</p>"
         }
       }
     },
@@ -6766,6 +6818,10 @@
         "tags":{
           "shape":"TagList",
           "documentation":"<p>Metadata that can be used to manage the job template.</p>"
+        },
+        "jobExecutionsRetryConfig":{
+          "shape":"JobExecutionsRetryConfig",
+          "documentation":"<p>Allows you to create the criteria to retry a job.</p>"
         }
       }
     },
@@ -7335,7 +7391,7 @@
         },
         "roleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>An IAM role that allows the IoT service principal assumes to access your S3 files.</p>"
+          "documentation":"<p>An IAM role that allows the IoT service principal to access your S3 files.</p>"
         },
         "tags":{
           "shape":"TagList",
@@ -8841,7 +8897,7 @@
         },
         "schema":{
           "shape":"IndexSchema",
-          "documentation":"<p>Contains a value that specifies the type of indexing performed. Valid values are:</p> <ul> <li> <p>REGISTRY – Your thing index contains only registry data.</p> </li> <li> <p>REGISTRY_AND_SHADOW - Your thing index contains registry data and shadow data.</p> </li> <li> <p>REGISTRY_AND_CONNECTIVITY_STATUS - Your thing index contains registry data and thing connectivity status data.</p> </li> <li> <p>REGISTRY_AND_SHADOW_AND_CONNECTIVITY_STATUS - Your thing index contains registry data, shadow data, and thing connectivity status data.</p> </li> </ul>"
+          "documentation":"<p>Contains a value that specifies the type of indexing performed. Valid values are:</p> <ul> <li> <p>REGISTRY – Your thing index contains only registry data.</p> </li> <li> <p>REGISTRY_AND_SHADOW - Your thing index contains registry data and shadow data.</p> </li> <li> <p>REGISTRY_AND_CONNECTIVITY_STATUS - Your thing index contains registry data and thing connectivity status data.</p> </li> <li> <p>REGISTRY_AND_SHADOW_AND_CONNECTIVITY_STATUS - Your thing index contains registry data, shadow data, and thing connectivity status data.</p> </li> <li> <p>MULTI_INDEXING_MODE - Your thing index contains multiple data sources. For more information, see <a href=\"https://docs.aws.amazon.com/iot/latest/apireference/API_GetIndexingConfiguration.html\">GetIndexingConfiguration</a>.</p> </li> </ul>"
         }
       }
     },
@@ -8948,7 +9004,62 @@
         "presignedUrlConfig":{"shape":"PresignedUrlConfig"},
         "jobExecutionsRolloutConfig":{"shape":"JobExecutionsRolloutConfig"},
         "abortConfig":{"shape":"AbortConfig"},
-        "timeoutConfig":{"shape":"TimeoutConfig"}
+        "timeoutConfig":{"shape":"TimeoutConfig"},
+        "jobExecutionsRetryConfig":{
+          "shape":"JobExecutionsRetryConfig",
+          "documentation":"<p>The configuration that determines how many retries are allowed for each failure type for a job.</p>"
+        }
+      }
+    },
+    "DescribeManagedJobTemplateRequest":{
+      "type":"structure",
+      "required":["templateName"],
+      "members":{
+        "templateName":{
+          "shape":"ManagedJobTemplateName",
+          "documentation":"<p>The unique name of a managed job template, which is required.</p>",
+          "location":"uri",
+          "locationName":"templateName"
+        },
+        "templateVersion":{
+          "shape":"ManagedTemplateVersion",
+          "documentation":"<p>An optional parameter to specify version of a managed template. If not specified, the pre-defined default version is returned.</p>",
+          "location":"querystring",
+          "locationName":"templateVersion"
+        }
+      }
+    },
+    "DescribeManagedJobTemplateResponse":{
+      "type":"structure",
+      "members":{
+        "templateName":{
+          "shape":"ManagedJobTemplateName",
+          "documentation":"<p>The unique name of a managed template, such as <code>AWS-Reboot</code>.</p>"
+        },
+        "templateArn":{
+          "shape":"JobTemplateArn",
+          "documentation":"<p>The unique Amazon Resource Name (ARN) of the managed template.</p>"
+        },
+        "description":{
+          "shape":"JobDescription",
+          "documentation":"<p>The unique description of a managed template.</p>"
+        },
+        "templateVersion":{
+          "shape":"ManagedTemplateVersion",
+          "documentation":"<p>The version for a managed template.</p>"
+        },
+        "environments":{
+          "shape":"Environments",
+          "documentation":"<p>A list of environments that are supported with the managed job template.</p>"
+        },
+        "documentParameters":{
+          "shape":"DocumentParameters",
+          "documentation":"<p>A map of key-value pairs that you can use as guidance to specify the inputs for creating a job from a managed template.</p>"
+        },
+        "document":{
+          "shape":"JobDocument",
+          "documentation":"<p>The document schema for a managed job template.</p>"
+        }
       }
     },
     "DescribeMitigationActionRequest":{
@@ -9736,6 +9847,13 @@
       "type":"string",
       "enum":["DEACTIVATE"]
     },
+    "DeviceDefenderIndexingMode":{
+      "type":"string",
+      "enum":[
+        "OFF",
+        "VIOLATIONS"
+      ]
+    },
     "DeviceDefenderThingName":{
       "type":"string",
       "max":128,
@@ -9789,6 +9907,36 @@
       "documentation":"<p>The input for the DisableTopicRuleRequest operation.</p>"
     },
     "DisconnectReason":{"type":"string"},
+    "DocumentParameter":{
+      "type":"structure",
+      "members":{
+        "key":{
+          "shape":"ParameterKey",
+          "documentation":"<p>Key of the map field containing the patterns that need to be replaced in a managed template job document schema.</p>"
+        },
+        "description":{
+          "shape":"JobDescription",
+          "documentation":"<p>Description of the map field containing the patterns that need to be replaced in a managed template job document schema.</p>"
+        },
+        "regex":{
+          "shape":"Regex",
+          "documentation":"<p>A regular expression of the patterns that need to be replaced in a managed template job document schema.</p>"
+        },
+        "example":{
+          "shape":"Example",
+          "documentation":"<p>An example illustrating a pattern that need to be replaced in a managed template job document schema.</p>"
+        },
+        "optional":{
+          "shape":"Optional",
+          "documentation":"<p>Specifies whether a pattern that needs to be replaced in a managed template job document schema is optional or required.</p>"
+        }
+      },
+      "documentation":"<p>A map of key-value pairs containing the patterns that need to be replaced in a managed template job document schema. You can use the description of each key as a guidance to specify the inputs during runtime when creating a job.</p>"
+    },
+    "DocumentParameters":{
+      "type":"list",
+      "member":{"shape":"DocumentParameter"}
+    },
     "DomainConfigurationArn":{"type":"string"},
     "DomainConfigurationName":{
       "type":"string",
@@ -9828,7 +9976,8 @@
     "DomainName":{
       "type":"string",
       "max":253,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "DomainType":{
       "type":"string",
@@ -9987,6 +10136,7 @@
     "ElasticsearchId":{"type":"string"},
     "ElasticsearchIndex":{"type":"string"},
     "ElasticsearchType":{"type":"string"},
+    "EnableCachingForHttp":{"type":"boolean"},
     "EnableIoTLoggingParams":{
       "type":"structure",
       "required":[
@@ -10022,7 +10172,16 @@
     "EndpointAddress":{"type":"string"},
     "EndpointType":{
       "type":"string",
-      "max":128
+      "max":128,
+      "pattern":"[\\s\\S]*"
+    },
+    "Environment":{
+      "type":"string",
+      "pattern":"[^\\p{C}]+"
+    },
+    "Environments":{
+      "type":"list",
+      "member":{"shape":"Environment"}
     },
     "ErrorCode":{"type":"string"},
     "ErrorInfo":{
@@ -10068,6 +10227,10 @@
         "CA_CERTIFICATE"
       ]
     },
+    "Example":{
+      "type":"string",
+      "pattern":"[^\\p{C}]+"
+    },
     "ExecutionNamePrefix":{"type":"string"},
     "ExecutionNumber":{"type":"long"},
     "ExpectedVersion":{"type":"long"},
@@ -10353,7 +10516,7 @@
       "members":{
         "totalCount":{
           "shape":"Count",
-          "documentation":"<p>The total number of documents that fit the query string criteria and contain a value for the Aggregation field targeted in the request.</p>"
+          "documentation":"<p>The total number of things that fit the query string criteria.</p>"
         },
         "buckets":{
           "shape":"Buckets",
@@ -10856,12 +11019,14 @@
     "HttpHeaderName":{
       "type":"string",
       "max":8192,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "HttpHeaderValue":{
       "type":"string",
       "max":8192,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "HttpHeaders":{
       "type":"map",
@@ -10871,7 +11036,8 @@
     "HttpQueryString":{
       "type":"string",
       "max":4096,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "HttpUrlDestinationConfiguration":{
       "type":"structure",
@@ -10920,7 +11086,7 @@
     "IncrementFactor":{
       "type":"double",
       "max":5,
-      "min":1
+      "min":1.1
     },
     "IndexName":{
       "type":"string",
@@ -10985,6 +11151,16 @@
       "exception":true,
       "fault":true
     },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p>Internal error from the service that indicates an unexpected error or that the service is unavailable.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
     "InvalidAggregationException":{
       "type":"structure",
       "members":{
@@ -11190,6 +11366,14 @@
         "jobTemplateArn":{
           "shape":"JobTemplateArn",
           "documentation":"<p>The ARN of the job template used to create the job.</p>"
+        },
+        "jobExecutionsRetryConfig":{
+          "shape":"JobExecutionsRetryConfig",
+          "documentation":"<p>The configuration for the criteria to retry the job.</p>"
+        },
+        "documentParameters":{
+          "shape":"ParameterMap",
+          "documentation":"<p>A key-value map that pairs the patterns that need to be replaced in a managed template job document schema. You can use the description of each key as a guidance to specify the inputs during runtime when creating a job.</p>"
         }
       },
       "documentation":"<p>The <code>Job</code> object contains details about a job.</p>"
@@ -11313,6 +11497,10 @@
         "executionNumber":{
           "shape":"ExecutionNumber",
           "documentation":"<p>A string (consisting of the digits \"0\" through \"9\") which identifies this particular job execution on this particular device. It can be used later in commands which return or update job execution information.</p>"
+        },
+        "retryAttempt":{
+          "shape":"RetryAttempt",
+          "documentation":"<p>The number that indicates how many retry attempts have been completed for this job on this device.</p>"
         }
       },
       "documentation":"<p>The job execution summary.</p>"
@@ -11353,6 +11541,17 @@
       "type":"list",
       "member":{"shape":"JobExecutionSummaryForThing"}
     },
+    "JobExecutionsRetryConfig":{
+      "type":"structure",
+      "required":["criteriaList"],
+      "members":{
+        "criteriaList":{
+          "shape":"RetryCriteriaList",
+          "documentation":"<p>The list of criteria that determines how many retries are allowed for each failure type for a job.</p>"
+        }
+      },
+      "documentation":"<p>The configuration that determines how many retries are allowed for each failure type for a job.</p>"
+    },
     "JobExecutionsRolloutConfig":{
       "type":"structure",
       "members":{
@@ -11564,7 +11763,8 @@
     },
     "KeyValue":{
       "type":"string",
-      "max":5120
+      "max":5120,
+      "pattern":"[\\s\\S]*"
     },
     "KinesisAction":{
       "type":"structure",
@@ -12514,6 +12714,12 @@
           "documentation":"<p>The token to retrieve the next set of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
+        },
+        "jobId":{
+          "shape":"JobId",
+          "documentation":"<p>The unique identifier you assigned to this job when it was created.</p>",
+          "location":"querystring",
+          "locationName":"jobId"
         }
       }
     },
@@ -12620,6 +12826,42 @@
         }
       }
     },
+    "ListManagedJobTemplatesRequest":{
+      "type":"structure",
+      "members":{
+        "templateName":{
+          "shape":"ManagedJobTemplateName",
+          "documentation":"<p>An optional parameter for template name. If specified, only the versions of the managed job templates that have the specified template name will be returned.</p>",
+          "location":"querystring",
+          "locationName":"templateName"
+        },
+        "maxResults":{
+          "shape":"LaserMaxResults",
+          "documentation":"<p>Maximum number of entries that can be returned.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to retrieve the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListManagedJobTemplatesResponse":{
+      "type":"structure",
+      "members":{
+        "managedJobTemplates":{
+          "shape":"ManagedJobTemplatesSummaryList",
+          "documentation":"<p>A list of managed job templates that are returned.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to retrieve the next set of results.</p>"
+        }
+      }
+    },
     "ListMitigationActionsRequest":{
       "type":"structure",
       "members":{
@@ -13900,7 +14142,10 @@
       "type":"string",
       "enum":[
         "DEFAULT",
-        "THING_GROUP"
+        "THING_GROUP",
+        "CLIENT_ID",
+        "SOURCE_IP",
+        "PRINCIPAL_ID"
       ]
     },
     "LoggingOptionsPayload":{
@@ -13941,6 +14186,45 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "ManagedJobTemplateName":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "ManagedJobTemplateSummary":{
+      "type":"structure",
+      "members":{
+        "templateArn":{
+          "shape":"JobTemplateArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a managed template.</p>"
+        },
+        "templateName":{
+          "shape":"ManagedJobTemplateName",
+          "documentation":"<p>The unique Name for a managed template.</p>"
+        },
+        "description":{
+          "shape":"JobDescription",
+          "documentation":"<p>The description for a managed template.</p>"
+        },
+        "environments":{
+          "shape":"Environments",
+          "documentation":"<p>A list of environments that are supported with the managed job template.</p>"
+        },
+        "templateVersion":{
+          "shape":"ManagedTemplateVersion",
+          "documentation":"<p>The version for a managed template.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about the managed template.</p>"
+    },
+    "ManagedJobTemplatesSummaryList":{
+      "type":"list",
+      "member":{"shape":"ManagedJobTemplateSummary"}
+    },
+    "ManagedTemplateVersion":{
+      "type":"string",
+      "pattern":"^[1-9]+.[0-9]+"
+    },
     "Marker":{
       "type":"string",
       "max":1024,
@@ -13968,7 +14252,8 @@
     },
     "Message":{
       "type":"string",
-      "max":128
+      "max":128,
+      "pattern":"[\\s\\S]*"
     },
     "MessageFormat":{
       "type":"string",
@@ -14180,7 +14465,8 @@
     "MqttClientId":{
       "type":"string",
       "max":65535,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "MqttContext":{
       "type":"structure",
@@ -14208,7 +14494,15 @@
     "MqttUsername":{
       "type":"string",
       "max":65535,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
+    },
+    "NamedShadowIndexingMode":{
+      "type":"string",
+      "enum":[
+        "OFF",
+        "ON"
+      ]
     },
     "NamespaceId":{
       "type":"string",
@@ -14255,6 +14549,11 @@
       "type":"list",
       "member":{"shape":"Number"}
     },
+    "NumberOfRetries":{
+      "type":"integer",
+      "max":10,
+      "min":0
+    },
     "NumberOfThings":{
       "type":"integer",
       "min":1
@@ -14443,6 +14742,7 @@
       },
       "documentation":"<p>Describes an action that writes data to an Amazon OpenSearch Service domain.</p>"
     },
+    "Optional":{"type":"boolean"},
     "OptionalVersion":{"type":"long"},
     "OutgoingCertificate":{
       "type":"structure",
@@ -14484,7 +14784,29 @@
       "max":250,
       "min":1
     },
-    "Parameter":{"type":"string"},
+    "Parameter":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"[\\s\\S]*"
+    },
+    "ParameterKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[a-zA-Z0-9_-]+"
+    },
+    "ParameterMap":{
+      "type":"map",
+      "key":{"shape":"ParameterKey"},
+      "value":{"shape":"ParameterValue"}
+    },
+    "ParameterValue":{
+      "type":"string",
+      "max":512,
+      "min":1,
+      "pattern":"[^\\p{C}]+"
+    },
     "Parameters":{
       "type":"map",
       "key":{"shape":"Parameter"},
@@ -14551,7 +14873,12 @@
       "documentation":"<p>Describes an IoT policy.</p>"
     },
     "PolicyArn":{"type":"string"},
-    "PolicyDocument":{"type":"string"},
+    "PolicyDocument":{
+      "type":"string",
+      "max":404600,
+      "min":0,
+      "pattern":"[\\s\\S]*"
+    },
     "PolicyDocuments":{
       "type":"list",
       "member":{"shape":"PolicyDocument"}
@@ -14885,6 +15212,7 @@
     },
     "Recursive":{"type":"boolean"},
     "RecursiveWithoutDefault":{"type":"boolean"},
+    "Regex":{"type":"string"},
     "RegisterCACertificateRequest":{
       "type":"structure",
       "required":[
@@ -15246,7 +15574,8 @@
     },
     "Resource":{
       "type":"string",
-      "max":2048
+      "max":2048,
+      "pattern":"[\\s\\S]*"
     },
     "ResourceAlreadyExistsException":{
       "type":"structure",
@@ -15354,6 +15683,39 @@
       "type":"list",
       "member":{"shape":"Resource"}
     },
+    "RetryAttempt":{"type":"integer"},
+    "RetryCriteria":{
+      "type":"structure",
+      "required":[
+        "failureType",
+        "numberOfRetries"
+      ],
+      "members":{
+        "failureType":{
+          "shape":"RetryableFailureType",
+          "documentation":"<p>The type of job execution failures that can initiate a job retry.</p>"
+        },
+        "numberOfRetries":{
+          "shape":"NumberOfRetries",
+          "documentation":"<p>The number of retries allowed for a failure type for the job.</p>"
+        }
+      },
+      "documentation":"<p>The criteria that determines how many retries are allowed for each failure type for a job.</p>"
+    },
+    "RetryCriteriaList":{
+      "type":"list",
+      "member":{"shape":"RetryCriteria"},
+      "max":2,
+      "min":1
+    },
+    "RetryableFailureType":{
+      "type":"string",
+      "enum":[
+        "FAILED",
+        "TIMED_OUT",
+        "ALL"
+      ]
+    },
     "RoleAlias":{
       "type":"string",
       "max":128,
@@ -15721,7 +16083,8 @@
     "ServerName":{
       "type":"string",
       "max":253,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "ServiceName":{"type":"string"},
     "ServiceType":{
@@ -16132,7 +16495,7 @@
       "members":{
         "count":{
           "shape":"Count",
-          "documentation":"<p>The count of things that match the query.</p>"
+          "documentation":"<p>The count of things that match the query string criteria and contain a valid aggregation field value.</p>"
         },
         "average":{
           "shape":"Average",
@@ -16170,7 +16533,7 @@
           "box":true
         }
       },
-      "documentation":"<p>A map of key-value pairs for all supported statistics. Currently, only count is supported.</p>"
+      "documentation":"<p>A map of key-value pairs for all supported statistics. For issues with missing or unexpected values for this API, consult <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/fleet-indexing-troubleshooting.html\"> Fleet indexing troubleshooting guide</a>.</p>"
     },
     "Status":{
       "type":"string",
@@ -16522,7 +16885,12 @@
       "documentation":"<p>Provides summary counts of how many tasks for findings are in a particular state. This information is included in the response from DescribeAuditMitigationActionsTask.</p>"
     },
     "TemplateArn":{"type":"string"},
-    "TemplateBody":{"type":"string"},
+    "TemplateBody":{
+      "type":"string",
+      "max":10240,
+      "min":0,
+      "pattern":"[\\s\\S]*"
+    },
     "TemplateDescription":{
       "type":"string",
       "max":500,
@@ -16725,7 +17093,11 @@
         },
         "shadow":{
           "shape":"JsonDocument",
-          "documentation":"<p>The shadow.</p>"
+          "documentation":"<p>The unnamed shadow and named shadow.</p> <p>For more information about shadows, see <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html\">IoT Device Shadow service.</a> </p>"
+        },
+        "deviceDefender":{
+          "shape":"JsonDocument",
+          "documentation":"<p>Contains Device Defender data.</p> <p>For more information about Device Defender, see <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/device-defender.html\">Device Defender</a>. </p>"
         },
         "connectivity":{
           "shape":"ThingConnectivity",
@@ -16875,6 +17247,14 @@
           "shape":"ThingConnectivityIndexingMode",
           "documentation":"<p>Thing connectivity indexing mode. Valid values are: </p> <ul> <li> <p>STATUS – Your thing index contains connectivity status. To enable thing connectivity indexing, <i>thingIndexMode</i> must not be set to OFF.</p> </li> <li> <p>OFF - Thing connectivity status indexing is disabled.</p> </li> </ul>"
         },
+        "deviceDefenderIndexingMode":{
+          "shape":"DeviceDefenderIndexingMode",
+          "documentation":"<p>Device Defender indexing mode. Valid values are:</p> <ul> <li> <p>VIOLATIONS – Your thing index contains Device Defender violations. To enable Device Defender indexing, <i>deviceDefenderIndexingMode</i> must not be set to OFF.</p> </li> <li> <p>OFF - Device Defender indexing is disabled.</p> </li> </ul> <p>For more information about Device Defender violations, see <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html\">Device Defender Detect.</a> </p>"
+        },
+        "namedShadowIndexingMode":{
+          "shape":"NamedShadowIndexingMode",
+          "documentation":"<p>Named shadow indexing mode. Valid values are:</p> <ul> <li> <p>ON – Your thing index contains named shadow. To enable thing named shadow indexing, <i>namedShadowIndexingMode</i> must not be set to OFF.</p> </li> <li> <p>OFF - Named shadow indexing is disabled.</p> </li> </ul> <p>For more information about Shadows, see <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html\">IoT Device Shadow service.</a> </p>"
+        },
         "managedFields":{
           "shape":"Fields",
           "documentation":"<p>Contains fields that are indexed and whose types are already known by the Fleet Indexing service.</p>"
@@ -17097,7 +17477,8 @@
     "Token":{
       "type":"string",
       "max":6144,
-      "min":1
+      "min":1,
+      "pattern":"[\\s\\S]*"
     },
     "TokenKeyName":{
       "type":"string",
@@ -17524,6 +17905,10 @@
         "status":{
           "shape":"AuthorizerStatus",
           "documentation":"<p>The status of the update authorizer request.</p>"
+        },
+        "enableCachingForHttp":{
+          "shape":"EnableCachingForHttp",
+          "documentation":"<p>When <code>true</code>, the result from the authorizer’s Lambda function is cached for the time specified in <code>refreshAfterInSeconds</code>. The cached result is used while the device reuses the same HTTP connection.</p>"
         }
       }
     },
@@ -17883,7 +18268,7 @@
         },
         "unit":{
           "shape":"FleetMetricUnit",
-          "documentation":"<p>Used to support unit transformation such as milliseconds to seconds. The unit must be supported by <a href=\"https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html\">CW metric</a>.</p>"
+          "documentation":"<p>Used to support unit transformation such as milliseconds to seconds. The unit must be supported by <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_MetricDatum.html\">CW metric</a>.</p>"
         },
         "expectedVersion":{
           "shape":"OptionalVersion",
@@ -17944,6 +18329,10 @@
           "documentation":"<p>The namespace used to indicate that a job is a customer-managed job.</p> <p>When you specify a value for this parameter, Amazon Web Services IoT Core sends jobs notifications to MQTT topics that contain the value in the following format.</p> <p> <code>$aws/things/<i>THING_NAME</i>/jobs/<i>JOB_ID</i>/notify-namespace-<i>NAMESPACE_ID</i>/</code> </p> <note> <p>The <code>namespaceId</code> feature is in public preview.</p> </note>",
           "location":"querystring",
           "locationName":"namespaceId"
+        },
+        "jobExecutionsRetryConfig":{
+          "shape":"JobExecutionsRetryConfig",
+          "documentation":"<p>Allows you to create the criteria to retry a job.</p>"
         }
       }
     },
@@ -18393,7 +18782,12 @@
       "type":"list",
       "member":{"shape":"ValidationError"}
     },
-    "Value":{"type":"string"},
+    "Value":{
+      "type":"string",
+      "max":4096,
+      "min":0,
+      "pattern":"[\\s\\S]*"
+    },
     "Variance":{"type":"double"},
     "VerificationState":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json b/contrib/python/botocore/py3/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json
index 6c014fc5940..1cb1ea3db4e 100644
--- a/contrib/python/botocore/py3/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/iotdeviceadvisor/2020-09-18/service-2.json
@@ -25,7 +25,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates a Device Advisor test suite.</p>"
+      "documentation":"<p>Creates a Device Advisor test suite.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">CreateSuiteDefinition</a> action.</p>"
     },
     "DeleteSuiteDefinition":{
       "name":"DeleteSuiteDefinition",
@@ -39,7 +39,22 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes a Device Advisor test suite.</p>"
+      "documentation":"<p>Deletes a Device Advisor test suite.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">DeleteSuiteDefinition</a> action.</p>"
+    },
+    "GetEndpoint":{
+      "name":"GetEndpoint",
+      "http":{
+        "method":"GET",
+        "requestUri":"/endpoint"
+      },
+      "input":{"shape":"GetEndpointRequest"},
+      "output":{"shape":"GetEndpointResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Gets information about an Device Advisor endpoint.</p>"
     },
     "GetSuiteDefinition":{
       "name":"GetSuiteDefinition",
@@ -54,7 +69,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Gets information about a Device Advisor test suite.</p>"
+      "documentation":"<p>Gets information about a Device Advisor test suite.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">GetSuiteDefinition</a> action.</p>"
     },
     "GetSuiteRun":{
       "name":"GetSuiteRun",
@@ -69,7 +84,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Gets information about a Device Advisor test suite run.</p>"
+      "documentation":"<p>Gets information about a Device Advisor test suite run.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">GetSuiteRun</a> action.</p>"
     },
     "GetSuiteRunReport":{
       "name":"GetSuiteRunReport",
@@ -84,7 +99,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Gets a report download link for a successful Device Advisor qualifying test suite run.</p>"
+      "documentation":"<p>Gets a report download link for a successful Device Advisor qualifying test suite run.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">GetSuiteRunReport</a> action.</p>"
     },
     "ListSuiteDefinitions":{
       "name":"ListSuiteDefinitions",
@@ -98,7 +113,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the Device Advisor test suites you have created.</p>"
+      "documentation":"<p>Lists the Device Advisor test suites you have created.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">ListSuiteDefinitions</a> action.</p>"
     },
     "ListSuiteRuns":{
       "name":"ListSuiteRuns",
@@ -112,7 +127,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the runs of the specified Device Advisor test suite. You can list all runs of the test suite, or the runs of a specific version of the test suite.</p>"
+      "documentation":"<p>Lists runs of the specified Device Advisor test suite. You can list all runs of the test suite, or the runs of a specific version of the test suite.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">ListSuiteRuns</a> action.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -127,7 +142,7 @@
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Lists the tags attached to an IoT Device Advisor resource.</p>"
+      "documentation":"<p>Lists the tags attached to an IoT Device Advisor resource.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">ListTagsForResource</a> action.</p>"
     },
     "StartSuiteRun":{
       "name":"StartSuiteRun",
@@ -142,7 +157,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ConflictException"}
       ],
-      "documentation":"<p>Starts a Device Advisor test suite run.</p>"
+      "documentation":"<p>Starts a Device Advisor test suite run.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">StartSuiteRun</a> action.</p>"
     },
     "StopSuiteRun":{
       "name":"StopSuiteRun",
@@ -157,7 +172,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Stops a Device Advisor test suite run that is currently running.</p>"
+      "documentation":"<p>Stops a Device Advisor test suite run that is currently running.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">StopSuiteRun</a> action.</p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -172,7 +187,7 @@
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Adds to and modifies existing tags of an IoT Device Advisor resource.</p>"
+      "documentation":"<p>Adds to and modifies existing tags of an IoT Device Advisor resource.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">TagResource</a> action.</p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -187,7 +202,7 @@
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Removes tags from an IoT Device Advisor resource.</p>"
+      "documentation":"<p>Removes tags from an IoT Device Advisor resource.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">UntagResource</a> action.</p>"
     },
     "UpdateSuiteDefinition":{
       "name":"UpdateSuiteDefinition",
@@ -201,7 +216,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Updates a Device Advisor test suite.</p>"
+      "documentation":"<p>Updates a Device Advisor test suite.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">UpdateSuiteDefinition</a> action.</p>"
     }
   },
   "shapes":{
@@ -215,10 +230,10 @@
       "members":{
         "message":{
           "shape":"Message",
-          "documentation":"<p>Sends Conflict Exception message.</p>"
+          "documentation":"<p>Sends a Conflict Exception message.</p>"
         }
       },
-      "documentation":"<p>Sends Conflict Exception.</p>",
+      "documentation":"<p>Sends a Conflict Exception.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -244,7 +259,7 @@
         },
         "suiteDefinitionArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Creates a Device Advisor test suite with Amazon Resource name.</p>"
+          "documentation":"<p>Creates a Device Advisor test suite with Amazon Resource Name (ARN).</p>"
         },
         "suiteDefinitionName":{
           "shape":"SuiteDefinitionName",
@@ -262,7 +277,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite to be deleted.</p>",
+          "documentation":"<p>Suite definition ID of the test suite to be deleted.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         }
@@ -278,14 +293,14 @@
       "members":{
         "thingArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Lists devices thing arn</p>"
+          "documentation":"<p>Lists devices thing ARN.</p>"
         },
         "certificateArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Lists devices certificate arn</p>"
+          "documentation":"<p>Lists devices certificate ARN.</p>"
         }
       },
-      "documentation":"<p>Lists all the devices under test</p>"
+      "documentation":"<p>Information of a test device. A thing ARN or a certificate ARN is required.</p>"
     },
     "DeviceUnderTestList":{
       "type":"list",
@@ -293,15 +308,46 @@
       "max":2,
       "min":0
     },
+    "Endpoint":{
+      "type":"string",
+      "max":75,
+      "min":45
+    },
     "ErrorReason":{"type":"string"},
     "Failure":{"type":"string"},
+    "GetEndpointRequest":{
+      "type":"structure",
+      "members":{
+        "thingArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The thing ARN of the device. This is an optional parameter.</p>",
+          "location":"querystring",
+          "locationName":"thingArn"
+        },
+        "certificateArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The certificate ARN of the device. This is an optional parameter.</p>",
+          "location":"querystring",
+          "locationName":"certificateArn"
+        }
+      }
+    },
+    "GetEndpointResponse":{
+      "type":"structure",
+      "members":{
+        "endpoint":{
+          "shape":"Endpoint",
+          "documentation":"<p>The response of an Device Advisor endpoint.</p>"
+        }
+      }
+    },
     "GetSuiteDefinitionRequest":{
       "type":"structure",
       "required":["suiteDefinitionId"],
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite to get.</p>",
+          "documentation":"<p>Suite definition ID of the test suite to get.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
@@ -318,7 +364,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the suite definition.</p>"
+          "documentation":"<p>Suite definition ID of the suite definition.</p>"
         },
         "suiteDefinitionArn":{
           "shape":"AmazonResourceName",
@@ -359,13 +405,13 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite.</p>",
+          "documentation":"<p>Suite definition ID of the test suite.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite run Id of the test suite run.</p>",
+          "documentation":"<p>Suite run ID of the test suite run.</p>",
           "location":"uri",
           "locationName":"suiteRunId"
         }
@@ -389,13 +435,13 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id for the test suite run.</p>",
+          "documentation":"<p>Suite definition ID for the test suite run.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite run Id for the test suite run.</p>",
+          "documentation":"<p>Suite run ID for the test suite run.</p>",
           "location":"uri",
           "locationName":"suiteRunId"
         }
@@ -406,7 +452,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id for the test suite run.</p>"
+          "documentation":"<p>Suite definition ID for the test suite run.</p>"
         },
         "suiteDefinitionVersion":{
           "shape":"SuiteDefinitionVersion",
@@ -414,7 +460,7 @@
         },
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite run Id for the test suite run.</p>"
+          "documentation":"<p>Suite run ID for the test suite run.</p>"
         },
         "suiteRunArn":{
           "shape":"AmazonResourceName",
@@ -430,7 +476,7 @@
         },
         "startTime":{
           "shape":"Timestamp",
-          "documentation":"<p>Date (in Unix epoch time) when the test suite run was started.</p>"
+          "documentation":"<p>Date (in Unix epoch time) when the test suite run started.</p>"
         },
         "endTime":{
           "shape":"Timestamp",
@@ -456,7 +502,7 @@
       "members":{
         "groupId":{
           "shape":"UUID",
-          "documentation":"<p>Group result Id.</p>"
+          "documentation":"<p>Group result ID.</p>"
         },
         "groupName":{
           "shape":"GroupName",
@@ -480,10 +526,10 @@
       "members":{
         "message":{
           "shape":"Message",
-          "documentation":"<p>Sends Internal Failure Exception message.</p>"
+          "documentation":"<p>Sends an Internal Failure Exception message.</p>"
         }
       },
-      "documentation":"<p>Sends Internal Failure Exception.</p>",
+      "documentation":"<p>Sends an Internal Failure exception.</p>",
       "error":{"httpStatusCode":500},
       "exception":true,
       "fault":true
@@ -523,13 +569,13 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Lists the test suite runs of the specified test suite based on suite definition Id.</p>",
+          "documentation":"<p>Lists the test suite runs of the specified test suite based on suite definition ID.</p>",
           "location":"querystring",
           "locationName":"suiteDefinitionId"
         },
         "suiteDefinitionVersion":{
           "shape":"SuiteDefinitionVersion",
-          "documentation":"<p>Must be passed along with suiteDefinitionId. Lists the test suite runs of the specified test suite based on suite definition version.</p>",
+          "documentation":"<p>Must be passed along with <code>suiteDefinitionId</code>. Lists the test suite runs of the specified test suite based on suite definition version.</p>",
           "location":"querystring",
           "locationName":"suiteDefinitionVersion"
         },
@@ -592,16 +638,17 @@
       "max":2048,
       "min":1
     },
+    "ParallelRun":{"type":"boolean"},
     "QualificationReportDownloadUrl":{"type":"string"},
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
         "message":{
           "shape":"Message",
-          "documentation":"<p>Sends Resource Not Found Exception message.</p>"
+          "documentation":"<p>Sends a Resource Not Found Exception message.</p>"
         }
       },
-      "documentation":"<p>Sends Resource Not Found Exception.</p>",
+      "documentation":"<p>Sends a Resource Not Found exception.</p>",
       "error":{"httpStatusCode":404},
       "exception":true
     },
@@ -622,7 +669,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite.</p>",
+          "documentation":"<p>Suite definition ID of the test suite.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
@@ -645,15 +692,15 @@
       "members":{
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite Run Id of the started suite run.</p>"
+          "documentation":"<p>Suite Run ID of the started suite run.</p>"
         },
         "suiteRunArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Amazon resource name of the started suite run.</p>"
+          "documentation":"<p>Amazon Resource Name (ARN) of the started suite run.</p>"
         },
         "createdAt":{
           "shape":"Timestamp",
-          "documentation":"<p>Date (in Unix epoch time) when the suite run was created.</p>"
+          "documentation":"<p>Starts a Device Advisor test suite run based on suite create time.</p>"
         }
       }
     },
@@ -680,13 +727,13 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite run to be stopped.</p>",
+          "documentation":"<p>Suite definition ID of the test suite run to be stopped.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite run Id of the test suite run to be stopped.</p>",
+          "documentation":"<p>Suite run ID of the test suite run to be stopped.</p>",
           "location":"uri",
           "locationName":"suiteRunId"
         }
@@ -728,7 +775,7 @@
         },
         "devicePermissionRoleArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Gets device permission arn.</p>"
+          "documentation":"<p>Gets the device permission ARN.</p>"
         }
       },
       "documentation":"<p>Gets Suite Definition Configuration.</p>"
@@ -738,7 +785,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite.</p>"
+          "documentation":"<p>Suite definition ID of the test suite.</p>"
         },
         "suiteDefinitionName":{
           "shape":"SuiteDefinitionName",
@@ -746,7 +793,7 @@
         },
         "defaultDevices":{
           "shape":"DeviceUnderTestList",
-          "documentation":"<p>Specifies the devices under test for the test suite.</p>"
+          "documentation":"<p>Specifies the devices that are under test for the test suite.</p>"
         },
         "intendedForQualification":{
           "shape":"IntendedForQualificationBoolean",
@@ -783,6 +830,10 @@
         "selectedTestList":{
           "shape":"SelectedTestList",
           "documentation":"<p>Gets test case list.</p>"
+        },
+        "parallelRun":{
+          "shape":"ParallelRun",
+          "documentation":"<p>TRUE if multiple test suites run in parallel.</p>"
         }
       },
       "documentation":"<p>Gets suite run configuration.</p>"
@@ -792,7 +843,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the suite run.</p>"
+          "documentation":"<p>Suite definition ID of the suite run.</p>"
         },
         "suiteDefinitionVersion":{
           "shape":"SuiteDefinitionVersion",
@@ -804,7 +855,7 @@
         },
         "suiteRunId":{
           "shape":"UUID",
-          "documentation":"<p>Suite run Id of the suite run.</p>"
+          "documentation":"<p>Suite run ID of the suite run.</p>"
         },
         "createdAt":{
           "shape":"Timestamp",
@@ -831,7 +882,7 @@
           "documentation":"<p>Number of test cases that failed in the suite run.</p>"
         }
       },
-      "documentation":"<p>Information about the suite run.</p>"
+      "documentation":"<p>Information about the suite run.</p> <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">SuiteRunInformation</a> action.</p>"
     },
     "SuiteRunResultCount":{
       "type":"integer",
@@ -899,19 +950,19 @@
       "members":{
         "testCaseRunId":{
           "shape":"UUID",
-          "documentation":"<p>Provides test case run Id.</p>"
+          "documentation":"<p>Provides the test case run ID.</p>"
         },
         "testCaseDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Provides test case run definition Id.</p>"
+          "documentation":"<p>Provides the test case run definition ID.</p>"
         },
         "testCaseDefinitionName":{
           "shape":"TestCaseDefinitionName",
-          "documentation":"<p>Provides test case run definition Name.</p>"
+          "documentation":"<p>Provides the test case run definition name.</p>"
         },
         "status":{
           "shape":"Status",
-          "documentation":"<p>Provides test case run status.</p>"
+          "documentation":"<p>Provides the test case run status. Status is one of the following:</p> <ul> <li> <p> <code>PASS</code>: Test passed.</p> </li> <li> <p> <code>FAIL</code>: Test failed.</p> </li> <li> <p> <code>PENDING</code>: Test has not started running but is scheduled.</p> </li> <li> <p> <code>RUNNING</code>: Test is running.</p> </li> <li> <p> <code>STOPPING</code>: Test is performing cleanup steps. You will see this status only if you stop a suite run.</p> </li> <li> <p> <code>STOPPED</code> Test is stopped. You will see this status only if you stop a suite run.</p> </li> <li> <p> <code>PASS_WITH_WARNINGS</code>: Test passed with warnings.</p> </li> <li> <p> <code>ERORR</code>: Test faced an error when running due to an internal issue.</p> </li> </ul>"
         },
         "startTime":{
           "shape":"Timestamp",
@@ -923,7 +974,7 @@
         },
         "logUrl":{
           "shape":"LogUrl",
-          "documentation":"<p>Provides test case run log Url.</p>"
+          "documentation":"<p>Provides test case run log URL.</p>"
         },
         "warnings":{
           "shape":"Warnings",
@@ -934,7 +985,7 @@
           "documentation":"<p>Provides test case run failure result.</p>"
         }
       },
-      "documentation":"<p>Provides test case run.</p>"
+      "documentation":"<p>Provides the test case run.</p>"
     },
     "TestCaseRuns":{
       "type":"list",
@@ -993,7 +1044,7 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the test suite to be updated.</p>",
+          "documentation":"<p>Suite definition ID of the test suite to be updated.</p>",
           "location":"uri",
           "locationName":"suiteDefinitionId"
         },
@@ -1008,11 +1059,11 @@
       "members":{
         "suiteDefinitionId":{
           "shape":"UUID",
-          "documentation":"<p>Suite definition Id of the updated test suite.</p>"
+          "documentation":"<p>Suite definition ID of the updated test suite.</p>"
         },
         "suiteDefinitionArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>Amazon Resource name of the updated test suite.</p>"
+          "documentation":"<p>Amazon Resource Name (ARN) of the updated test suite.</p>"
         },
         "suiteDefinitionName":{
           "shape":"SuiteDefinitionName",
@@ -1037,14 +1088,14 @@
       "members":{
         "message":{
           "shape":"Message",
-          "documentation":"<p>Sends invalid request exception message.</p>"
+          "documentation":"<p>Sends a Validation Exception message.</p>"
         }
       },
-      "documentation":"<p>Sends invalid request exception.</p>",
+      "documentation":"<p>Sends a validation exception.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
     "Warnings":{"type":"string"}
   },
-  "documentation":"<p>AWS IoT Core Device Advisor is a cloud-based, fully managed test capability for validating IoT devices during device software development. Device Advisor provides pre-built tests that you can use to validate IoT devices for reliable and secure connectivity with AWS IoT Core before deploying devices to production. By using Device Advisor, you can confirm that your devices can connect to AWS IoT Core, follow security best practices and, if applicable, receive software updates from IoT Device Management. You can also download signed qualification reports to submit to the AWS Partner Network to get your device qualified for the AWS Partner Device Catalog without the need to send your device in and wait for it to be tested.</p>"
+  "documentation":"<p>Amazon Web Services IoT Core Device Advisor is a cloud-based, fully managed test capability for validating IoT devices during device software development. Device Advisor provides pre-built tests that you can use to validate IoT devices for reliable and secure connectivity with Amazon Web Services IoT Core before deploying devices to production. By using Device Advisor, you can confirm that your devices can connect to Amazon Web Services IoT Core, follow security best practices and, if applicable, receive software updates from IoT Device Management. You can also download signed qualification reports to submit to the Amazon Web Services Partner Network to get your device qualified for the Amazon Web Services Partner Device Catalog without the need to send your device in and wait for it to be tested.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/iotevents-data/2018-10-23/service-2.json b/contrib/python/botocore/py3/botocore/data/iotevents-data/2018-10-23/service-2.json
index 0207200eb00..00985eb352f 100644
--- a/contrib/python/botocore/py3/botocore/data/iotevents-data/2018-10-23/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/iotevents-data/2018-10-23/service-2.json
@@ -77,7 +77,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Sends a set of messages to the AWS IoT Events system. Each message payload is transformed into the input you specify (<code>\"inputName\"</code>) and ingested into any detectors that monitor that input. If multiple messages are sent, the order in which the messages are processed isn't guaranteed. To guarantee ordering, you must send messages one at a time and wait for a successful response.</p>"
+      "documentation":"<p>Sends a set of messages to the IoT Events system. Each message payload is transformed into the input you specify (<code>\"inputName\"</code>) and ingested into any detectors that monitor that input. If multiple messages are sent, the order in which the messages are processed isn't guaranteed. To guarantee ordering, you must send messages one at a time and wait for a successful response.</p>"
     },
     "BatchResetAlarm":{
       "name":"BatchResetAlarm",
@@ -1270,7 +1270,7 @@
         },
         "timestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>The number of seconds which have elapsed on the timer.</p>"
+          "documentation":"<p>The expiration time for the timer.</p>"
         }
       },
       "documentation":"<p>The current state of a timer.</p>"
@@ -1410,5 +1410,5 @@
     },
     "errorMessage":{"type":"string"}
   },
-  "documentation":"<p>AWS IoT Events monitors your equipment or device fleets for failures or changes in operation, and triggers actions when such events occur. You can use AWS IoT Events Data API commands to send inputs to detectors, list detectors, and view or update a detector's status.</p> <p> For more information, see <a href=\"https://docs.aws.amazon.com/iotevents/latest/developerguide/what-is-iotevents.html\">What is AWS IoT Events?</a> in the <i>AWS IoT Events Developer Guide</i>.</p>"
+  "documentation":"<p>IoT Events monitors your equipment or device fleets for failures or changes in operation, and triggers actions when such events occur. You can use IoT Events Data API commands to send inputs to detectors, list detectors, and view or update a detector's status.</p> <p> For more information, see <a href=\"https://docs.aws.amazon.com/iotevents/latest/developerguide/what-is-iotevents.html\">What is IoT Events?</a> in the <i>IoT Events Developer Guide</i>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/paginators-1.json b/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/paginators-1.json
index a70b6688bbd..0f3fe49a312 100644
--- a/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/paginators-1.json
@@ -77,6 +77,12 @@
       "output_token": "nextToken",
       "limit_key": "maxResults",
       "result_key": "interpolatedAssetPropertyValues"
+    },
+    "ListTimeSeries": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "TimeSeriesSummaries"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/service-2.json b/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/service-2.json
index a97cd150fbc..6b63e2aae5d 100644
--- a/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/iotsitewise/2019-12-02/service-2.json
@@ -30,6 +30,23 @@
       "documentation":"<p>Associates a child asset with the given parent asset through a hierarchy defined in the parent asset's model. For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/add-associated-assets.html\">Associating assets</a> in the <i>IoT SiteWise User Guide</i>.</p>",
       "endpoint":{"hostPrefix":"api."}
     },
+    "AssociateTimeSeriesToAssetProperty":{
+      "name":"AssociateTimeSeriesToAssetProperty",
+      "http":{
+        "method":"POST",
+        "requestUri":"/timeseries/associate/"
+      },
+      "input":{"shape":"AssociateTimeSeriesToAssetPropertyRequest"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictingOperationException"}
+      ],
+      "documentation":"<p>Associates a time series (data stream) with an asset property.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
     "BatchAssociateProjectAssets":{
       "name":"BatchAssociateProjectAssets",
       "http":{
@@ -221,7 +238,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates a project in the specified portal.</p>",
+      "documentation":"<p>Creates a project in the specified portal.</p> <note> <p>Make sure that the project name and description don't contain confidential information.</p> </note>",
       "endpoint":{"hostPrefix":"monitor."}
     },
     "DeleteAccessPolicy":{
@@ -351,6 +368,23 @@
       "documentation":"<p>Deletes a project from IoT SiteWise Monitor.</p>",
       "endpoint":{"hostPrefix":"monitor."}
     },
+    "DeleteTimeSeries":{
+      "name":"DeleteTimeSeries",
+      "http":{
+        "method":"POST",
+        "requestUri":"/timeseries/delete/"
+      },
+      "input":{"shape":"DeleteTimeSeriesRequest"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictingOperationException"}
+      ],
+      "documentation":"<p>Deletes a time series (data stream). If you delete a time series that's associated with an asset property, the asset property still exists, but the time series will no longer be associated with this asset property.</p> <p>To identify a time series, do one of the following:</p> <ul> <li> <p>If the time series isn't associated with an asset property, specify the <code>alias</code> of the time series.</p> </li> <li> <p>If the time series is associated with an asset property, specify one of the following: </p> <ul> <li> <p>The <code>alias</code> of the time series.</p> </li> <li> <p>The <code>assetId</code> and <code>propertyId</code> that identifies the asset property.</p> </li> </ul> </li> </ul>",
+      "endpoint":{"hostPrefix":"api."}
+    },
     "DescribeAccessPolicy":{
       "name":"DescribeAccessPolicy",
       "http":{
@@ -560,6 +594,23 @@
       "documentation":"<p>Retrieves information about the storage configuration for IoT SiteWise.</p>",
       "endpoint":{"hostPrefix":"api."}
     },
+    "DescribeTimeSeries":{
+      "name":"DescribeTimeSeries",
+      "http":{
+        "method":"GET",
+        "requestUri":"/timeseries/describe/"
+      },
+      "input":{"shape":"DescribeTimeSeriesRequest"},
+      "output":{"shape":"DescribeTimeSeriesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Retrieves information about a time series (data stream).</p> <p>To identify a time series, do one of the following:</p> <ul> <li> <p>If the time series isn't associated with an asset property, specify the <code>alias</code> of the time series.</p> </li> <li> <p>If the time series is associated with an asset property, specify one of the following: </p> <ul> <li> <p>The <code>alias</code> of the time series.</p> </li> <li> <p>The <code>assetId</code> and <code>propertyId</code> that identifies the asset property.</p> </li> </ul> </li> </ul>",
+      "endpoint":{"hostPrefix":"api."}
+    },
     "DisassociateAssets":{
       "name":"DisassociateAssets",
       "http":{
@@ -577,6 +628,23 @@
       "documentation":"<p>Disassociates a child asset from the given parent asset through a hierarchy defined in the parent asset's model.</p>",
       "endpoint":{"hostPrefix":"api."}
     },
+    "DisassociateTimeSeriesFromAssetProperty":{
+      "name":"DisassociateTimeSeriesFromAssetProperty",
+      "http":{
+        "method":"POST",
+        "requestUri":"/timeseries/disassociate/"
+      },
+      "input":{"shape":"DisassociateTimeSeriesFromAssetPropertyRequest"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictingOperationException"}
+      ],
+      "documentation":"<p>Disassociates a time series (data stream) from an asset property.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
     "GetAssetPropertyAggregates":{
       "name":"GetAssetPropertyAggregates",
       "http":{
@@ -837,6 +905,23 @@
       "documentation":"<p>Retrieves the list of tags for an IoT SiteWise resource.</p>",
       "endpoint":{"hostPrefix":"api."}
     },
+    "ListTimeSeries":{
+      "name":"ListTimeSeries",
+      "http":{
+        "method":"GET",
+        "requestUri":"/timeseries/"
+      },
+      "input":{"shape":"ListTimeSeriesRequest"},
+      "output":{"shape":"ListTimeSeriesResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalFailureException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Retrieves a paginated list of time series (data streams).</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
     "PutDefaultEncryptionConfiguration":{
       "name":"PutDefaultEncryptionConfiguration",
       "http":{
@@ -1802,6 +1887,39 @@
         }
       }
     },
+    "AssociateTimeSeriesToAssetPropertyRequest":{
+      "type":"structure",
+      "required":[
+        "alias",
+        "assetId",
+        "propertyId"
+      ],
+      "members":{
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>",
+          "location":"querystring",
+          "locationName":"alias"
+        },
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>",
+          "location":"querystring",
+          "locationName":"assetId"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>",
+          "location":"querystring",
+          "locationName":"propertyId"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
     "AssociatedAssetsSummaries":{
       "type":"list",
       "member":{"shape":"AssociatedAssetsSummary"}
@@ -2431,7 +2549,7 @@
         },
         "portalAuthMode":{
           "shape":"AuthMode",
-          "documentation":"<p>The service to use to authenticate users to the portal. Choose from the following options:</p> <ul> <li> <p> <code>SSO</code> – The portal uses Amazon Web Services Single Sign On to authenticate users and manage user permissions. Before you can create a portal that uses Amazon Web Services SSO, you must enable Amazon Web Services SSO. For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso\">Enabling Amazon Web Services SSO</a> in the <i>IoT SiteWise User Guide</i>. This option is only available in Amazon Web Services Regions other than the China Regions.</p> </li> <li> <p> <code>IAM</code> – The portal uses Identity and Access Management to authenticate users and manage user permissions. This option is only available in the China Regions.</p> </li> </ul> <p>You can't change this value after you create a portal.</p> <p>Default: <code>SSO</code> </p>"
+          "documentation":"<p>The service to use to authenticate users to the portal. Choose from the following options:</p> <ul> <li> <p> <code>SSO</code> – The portal uses Amazon Web Services Single Sign On to authenticate users and manage user permissions. Before you can create a portal that uses Amazon Web Services SSO, you must enable Amazon Web Services SSO. For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso\">Enabling Amazon Web Services SSO</a> in the <i>IoT SiteWise User Guide</i>. This option is only available in Amazon Web Services Regions other than the China Regions.</p> </li> <li> <p> <code>IAM</code> – The portal uses Identity and Access Management to authenticate users and manage user permissions.</p> </li> </ul> <p>You can't change this value after you create a portal.</p> <p>Default: <code>SSO</code> </p>"
         },
         "notificationSenderEmail":{
           "shape":"Email",
@@ -2757,6 +2875,34 @@
       "members":{
       }
     },
+    "DeleteTimeSeriesRequest":{
+      "type":"structure",
+      "members":{
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>",
+          "location":"querystring",
+          "locationName":"alias"
+        },
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>",
+          "location":"querystring",
+          "locationName":"assetId"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>",
+          "location":"querystring",
+          "locationName":"propertyId"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
     "DescribeAccessPolicyRequest":{
       "type":"structure",
       "required":["accessPolicyId"],
@@ -3074,7 +3220,7 @@
         },
         "kmsKeyArn":{
           "shape":"ARN",
-          "documentation":"<p>The key ARN of the customer managed customer master key (CMK) used for KMS encryption if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
+          "documentation":"<p>The key ARN of the customer managed key used for KMS encryption if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
         },
         "configurationStatus":{
           "shape":"ConfigurationStatus",
@@ -3353,12 +3499,20 @@
       "members":{
         "storageType":{
           "shape":"StorageType",
-          "documentation":"<p>The type of storage that you specified for your data. The storage type can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise replicates your data into a service managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.</p> </li> </ul>"
+          "documentation":"<p>The storage tier that you specified for your data. The <code>storageType</code> parameter can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise saves your data into the hot tier. The hot tier is a service-managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise saves your data in both the cold tier and the cold tier. The cold tier is a customer-managed Amazon S3 bucket.</p> </li> </ul>"
         },
         "multiLayerStorage":{
           "shape":"MultiLayerStorage",
           "documentation":"<p>Contains information about the storage destination.</p>"
         },
+        "disassociatedDataStorage":{
+          "shape":"DisassociatedDataStorageState",
+          "documentation":"<p>Contains the storage configuration for time series (data streams) that aren't associated with asset properties. The <code>disassociatedDataStorage</code> can be one of the following values:</p> <ul> <li> <p> <code>ENABLED</code> – IoT SiteWise accepts time series that aren't associated with asset properties.</p> <important> <p>After the <code>disassociatedDataStorage</code> is enabled, you can't disable it.</p> </important> </li> <li> <p> <code>DISABLED</code> – IoT SiteWise doesn't accept time series (data streams) that aren't associated with asset properties.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/data-streams.html\">Data streams</a> in the <i>IoT SiteWise User Guide</i>.</p>"
+        },
+        "retentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>How many days your data is kept in the hot tier. By default, your data is kept indefinitely in the hot tier.</p>"
+        },
         "configurationStatus":{"shape":"ConfigurationStatus"},
         "lastUpdateDate":{
           "shape":"Timestamp",
@@ -3366,6 +3520,72 @@
         }
       }
     },
+    "DescribeTimeSeriesRequest":{
+      "type":"structure",
+      "members":{
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>",
+          "location":"querystring",
+          "locationName":"alias"
+        },
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>",
+          "location":"querystring",
+          "locationName":"assetId"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>",
+          "location":"querystring",
+          "locationName":"propertyId"
+        }
+      }
+    },
+    "DescribeTimeSeriesResponse":{
+      "type":"structure",
+      "required":[
+        "timeSeriesId",
+        "dataType",
+        "timeSeriesCreationDate",
+        "timeSeriesLastUpdateDate"
+      ],
+      "members":{
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>"
+        },
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>"
+        },
+        "timeSeriesId":{
+          "shape":"TimeSeriesId",
+          "documentation":"<p>The ID of the time series.</p>"
+        },
+        "dataType":{
+          "shape":"PropertyDataType",
+          "documentation":"<p>The data type of the time series.</p> <p>If you specify <code>STRUCT</code>, you must also specify <code>dataTypeSpec</code> to identify the type of the structure for this time series.</p>"
+        },
+        "dataTypeSpec":{
+          "shape":"Name",
+          "documentation":"<p>The data type of the structure for this time series. This parameter is required for time series that have the <code>STRUCT</code> data type.</p> <p>The options for this parameter depend on the type of the composite model in which you created the asset property that is associated with your time series. Use <code>AWS/ALARM_STATE</code> for alarm state in alarm composite models.</p>"
+        },
+        "timeSeriesCreationDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date that the time series was created, in Unix epoch time.</p>"
+        },
+        "timeSeriesLastUpdateDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date that the time series was last updated, in Unix epoch time.</p>"
+        }
+      }
+    },
     "Description":{
       "type":"string",
       "max":2048,
@@ -3431,6 +3651,46 @@
         }
       }
     },
+    "DisassociateTimeSeriesFromAssetPropertyRequest":{
+      "type":"structure",
+      "required":[
+        "alias",
+        "assetId",
+        "propertyId"
+      ],
+      "members":{
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>",
+          "location":"querystring",
+          "locationName":"alias"
+        },
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>",
+          "location":"querystring",
+          "locationName":"assetId"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>",
+          "location":"querystring",
+          "locationName":"propertyId"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "DisassociatedDataStorageState":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "Email":{
       "type":"string",
       "max":255,
@@ -3873,13 +4133,13 @@
         },
         "type":{
           "shape":"InterpolationType",
-          "documentation":"<p>The interpolation type.</p> <p>Valid values: <code>LINEAR_INTERPOLATION | LOCF_INTERPOLATION</code> </p> <ul> <li> <p> <code>LINEAR_INTERPOLATION</code> – Estimates missing data using <a href=\"https://en.wikipedia.org/wiki/Linear_interpolation\">linear interpolation</a>.</p> <p>For example, you can use this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days. If the interpolation starts on July 1, 2021, at 9 AM, IoT SiteWise returns the first interpolated value on July 2, 2021, at 9 AM, the second interpolated value on July 3, 2021, at 9 AM, and so on.</p> </li> <li> <p> <code>LOCF_INTERPOLATION</code> – Estimates missing data using last observation carried forward interpolation</p> <p>If no data point is found for an interval, IoT SiteWise returns the last observed data point for the previous interval and carries forward this interpolated value until a new data point is found.</p> <p>For example, you can get the state of an on-off valve every 24 hours over a duration of 7 days. If the interpolation starts on July 1, 2021, at 9 AM, IoT SiteWise returns the last observed data point between July 1, 2021, at 9 AM and July 2, 2021, at 9 AM as the first interpolated value. If no data point is found after 9 AM on July 2, 2021, IoT SiteWise uses the same interpolated value for the rest of the days.</p> </li> </ul>",
+          "documentation":"<p>The interpolation type.</p> <p>Valid values: <code>LINEAR_INTERPOLATION | LOCF_INTERPOLATION</code> </p> <ul> <li> <p> <code>LINEAR_INTERPOLATION</code> – Estimates missing data using <a href=\"https://en.wikipedia.org/wiki/Linear_interpolation\">linear interpolation</a>.</p> <p>For example, you can use this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days. If the interpolation starts July 1, 2021, at 9 AM, IoT SiteWise returns the first interpolated value on July 2, 2021, at 9 AM, the second interpolated value on July 3, 2021, at 9 AM, and so on.</p> </li> <li> <p> <code>LOCF_INTERPOLATION</code> – Estimates missing data using last observation carried forward interpolation</p> <p>If no data point is found for an interval, IoT SiteWise returns the last observed data point for the previous interval and carries forward this interpolated value until a new data point is found.</p> <p>For example, you can get the state of an on-off valve every 24 hours over a duration of 7 days. If the interpolation starts July 1, 2021, at 9 AM, IoT SiteWise returns the last observed data point between July 1, 2021, at 9 AM and July 2, 2021, at 9 AM as the first interpolated value. If a data point isn't found after 9 AM on July 2, 2021, IoT SiteWise uses the same interpolated value for the rest of the days.</p> </li> </ul>",
           "location":"querystring",
           "locationName":"type"
         },
         "intervalWindowInSeconds":{
           "shape":"IntervalWindowInSeconds",
-          "documentation":"<p>The query interval for the window in seconds. IoT SiteWise computes each interpolated value by using data points from the timestamp of each interval minus the window to the timestamp of each interval plus the window. If not specified, the window is between the start time minus the interval and the end time plus the interval. </p> <note> <ul> <li> <p>If you specify a value for the <code>intervalWindowInSeconds</code> parameter, the <code>type</code> parameter must be <code>LINEAR_INTERPOLATION</code>.</p> </li> <li> <p>If no data point is found during the specified query window, IoT SiteWise won't return an interpolated value for the interval. This indicates that there's a gap in the ingested data points.</p> </li> </ul> </note> <p>For example, you can get the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days. If the interpolation starts on July 1, 2021, at 9 AM with a window of 2 hours, IoT SiteWise uses the data points from 7 AM (9 AM - 2 hours) to 11 AM (9 AM + 2 hours) on July 2, 2021 to compute the first interpolated value, uses the data points from 7 AM (9 AM - 2 hours) to 11 AM (9 AM + 2 hours) on July 3, 2021 to compute the second interpolated value, and so on. </p>",
+          "documentation":"<p>The query interval for the window, in seconds. IoT SiteWise computes each interpolated value by using data points from the timestamp of each interval, minus the window to the timestamp of each interval plus the window. If not specified, the window ranges between the start time minus the interval and the end time plus the interval.</p> <note> <ul> <li> <p>If you specify a value for the <code>intervalWindowInSeconds</code> parameter, the value for the <code>type</code> parameter must be <code>LINEAR_INTERPOLATION</code>.</p> </li> <li> <p>If a data point isn't found during the specified query window, IoT SiteWise won't return an interpolated value for the interval. This indicates that there's a gap in the ingested data points.</p> </li> </ul> </note> <p>For example, you can get the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days. If the interpolation starts on July 1, 2021, at 9 AM with a window of 2 hours, IoT SiteWise uses the data points from 7 AM (9 AM minus 2 hours) to 11 AM (9 AM plus 2 hours) on July 2, 2021 to compute the first interpolated value. Next, IoT SiteWise uses the data points from 7 AM (9 AM minus 2 hours) to 11 AM (9 AM plus 2 hours) on July 3, 2021 to compute the second interpolated value, and so on. </p>",
           "location":"querystring",
           "locationName":"intervalWindowInSeconds"
         }
@@ -4565,6 +4825,62 @@
         }
       }
     },
+    "ListTimeSeriesRequest":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to be used for the next set of paginated results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return for each paginated request.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>",
+          "location":"querystring",
+          "locationName":"assetId"
+        },
+        "aliasPrefix":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias prefix of the time series.</p>",
+          "location":"querystring",
+          "locationName":"aliasPrefix"
+        },
+        "timeSeriesType":{
+          "shape":"ListTimeSeriesType",
+          "documentation":"<p>The type of the time series. The time series type can be one of the following values:</p> <ul> <li> <p> <code>ASSOCIATED</code> – The time series is associated with an asset property.</p> </li> <li> <p> <code>DISASSOCIATED</code> – The time series isn't associated with any asset property.</p> </li> </ul>",
+          "location":"querystring",
+          "locationName":"timeSeriesType"
+        }
+      }
+    },
+    "ListTimeSeriesResponse":{
+      "type":"structure",
+      "required":["TimeSeriesSummaries"],
+      "members":{
+        "TimeSeriesSummaries":{
+          "shape":"TimeSeriesSummaries",
+          "documentation":"<p>One or more time series summaries to list.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no additional results.</p>"
+        }
+      }
+    },
+    "ListTimeSeriesType":{
+      "type":"string",
+      "enum":[
+        "ASSOCIATED",
+        "DISASSOCIATED"
+      ]
+    },
     "LoggingLevel":{
       "type":"string",
       "enum":[
@@ -4714,6 +5030,10 @@
       "min":1,
       "pattern":"[A-Za-z0-9+/=]+"
     },
+    "NumberOfDays":{
+      "type":"integer",
+      "min":30
+    },
     "Offset":{
       "type":"string",
       "max":25,
@@ -5022,7 +5342,7 @@
         },
         "kmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>The Key ID of the customer managed customer master key (CMK) used for KMS encryption. This is required if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
+          "documentation":"<p>The Key ID of the customer managed key used for KMS encryption. This is required if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
         }
       }
     },
@@ -5039,7 +5359,7 @@
         },
         "kmsKeyArn":{
           "shape":"ARN",
-          "documentation":"<p>The Key ARN of the KMS CMK used for KMS encryption if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
+          "documentation":"<p>The Key ARN of the KMS key used for KMS encryption if you use <code>KMS_BASED_ENCRYPTION</code>.</p>"
         },
         "configurationStatus":{
           "shape":"ConfigurationStatus",
@@ -5068,12 +5388,17 @@
       "members":{
         "storageType":{
           "shape":"StorageType",
-          "documentation":"<p>The type of storage that you specified for your data. The storage type can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise replicates your data into a service managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.</p> </li> </ul>"
+          "documentation":"<p>The storage tier that you specified for your data. The <code>storageType</code> parameter can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise saves your data into the hot tier. The hot tier is a service-managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise saves your data in both the cold tier and the cold tier. The cold tier is a customer-managed Amazon S3 bucket.</p> </li> </ul>"
         },
         "multiLayerStorage":{
           "shape":"MultiLayerStorage",
           "documentation":"<p>Identifies a storage destination. If you specified <code>MULTI_LAYER_STORAGE</code> for the storage type, you must specify a <code>MultiLayerStorage</code> object.</p>"
-        }
+        },
+        "disassociatedDataStorage":{
+          "shape":"DisassociatedDataStorageState",
+          "documentation":"<p>Contains the storage configuration for time series (data streams) that aren't associated with asset properties. The <code>disassociatedDataStorage</code> can be one of the following values:</p> <ul> <li> <p> <code>ENABLED</code> – IoT SiteWise accepts time series that aren't associated with asset properties.</p> <important> <p>After the <code>disassociatedDataStorage</code> is enabled, you can't disable it.</p> </important> </li> <li> <p> <code>DISABLED</code> – IoT SiteWise doesn't accept time series (data streams) that aren't associated with asset properties.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/data-streams.html\">Data streams</a> in the <i>IoT SiteWise User Guide</i>.</p>"
+        },
+        "retentionPeriod":{"shape":"RetentionPeriod"}
       }
     },
     "PutStorageConfigurationResponse":{
@@ -5085,12 +5410,17 @@
       "members":{
         "storageType":{
           "shape":"StorageType",
-          "documentation":"<p>The type of storage that you specified for your data. The storage type can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise replicates your data into a service managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise replicates your data into a service managed database and saves a copy of your raw data and metadata in an Amazon S3 object that you specified.</p> </li> </ul>"
+          "documentation":"<p>The storage tier that you specified for your data. The <code>storageType</code> parameter can be one of the following values:</p> <ul> <li> <p> <code>SITEWISE_DEFAULT_STORAGE</code> – IoT SiteWise saves your data into the hot tier. The hot tier is a service-managed database.</p> </li> <li> <p> <code>MULTI_LAYER_STORAGE</code> – IoT SiteWise saves your data in both the cold tier and the cold tier. The cold tier is a customer-managed Amazon S3 bucket.</p> </li> </ul>"
         },
         "multiLayerStorage":{
           "shape":"MultiLayerStorage",
           "documentation":"<p>Contains information about the storage destination.</p>"
         },
+        "disassociatedDataStorage":{
+          "shape":"DisassociatedDataStorageState",
+          "documentation":"<p>Contains the storage configuration for time series (data streams) that aren't associated with asset properties. The <code>disassociatedDataStorage</code> can be one of the following values:</p> <ul> <li> <p> <code>ENABLED</code> – IoT SiteWise accepts time series that aren't associated with asset properties.</p> <important> <p>After the <code>disassociatedDataStorage</code> is enabled, you can't disable it.</p> </important> </li> <li> <p> <code>DISABLED</code> – IoT SiteWise doesn't accept time series (data streams) that aren't associated with asset properties.</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/iot-sitewise/latest/userguide/data-streams.html\">Data streams</a> in the <i>IoT SiteWise User Guide</i>.</p>"
+        },
+        "retentionPeriod":{"shape":"RetentionPeriod"},
         "configurationStatus":{"shape":"ConfigurationStatus"}
       }
     },
@@ -5169,6 +5499,20 @@
         "PROJECT"
       ]
     },
+    "RetentionPeriod":{
+      "type":"structure",
+      "members":{
+        "numberOfDays":{
+          "shape":"NumberOfDays",
+          "documentation":"<p>The number of days that your data is kept.</p> <note> <p>If you specified a value for this parameter, the <code>unlimited</code> parameter must be <code>false</code>.</p> </note>"
+        },
+        "unlimited":{
+          "shape":"Unlimited",
+          "documentation":"<p>If true, your data is kept indefinitely.</p> <note> <p>If configured to <code>true</code>, you must not specify a value for the <code>numberOfDays</code> parameter.</p> </note>"
+        }
+      },
+      "documentation":"<p>How many days your data is kept in the hot tier. By default, your data is kept indefinitely in the hot tier.</p>"
+    },
     "SSOApplicationId":{
       "type":"string",
       "max":64,
@@ -5277,6 +5621,59 @@
         "DESCENDING"
       ]
     },
+    "TimeSeriesId":{
+      "type":"string",
+      "max":73,
+      "min":36
+    },
+    "TimeSeriesSummaries":{
+      "type":"list",
+      "member":{"shape":"TimeSeriesSummary"}
+    },
+    "TimeSeriesSummary":{
+      "type":"structure",
+      "required":[
+        "timeSeriesId",
+        "dataType",
+        "timeSeriesCreationDate",
+        "timeSeriesLastUpdateDate"
+      ],
+      "members":{
+        "assetId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset in which the asset property was created.</p>"
+        },
+        "propertyId":{
+          "shape":"ID",
+          "documentation":"<p>The ID of the asset property.</p>"
+        },
+        "alias":{
+          "shape":"PropertyAlias",
+          "documentation":"<p>The alias that identifies the time series.</p>"
+        },
+        "timeSeriesId":{
+          "shape":"TimeSeriesId",
+          "documentation":"<p>The ID of the time series.</p>"
+        },
+        "dataType":{
+          "shape":"PropertyDataType",
+          "documentation":"<p>The data type of the time series.</p> <p>If you specify <code>STRUCT</code>, you must also specify <code>dataTypeSpec</code> to identify the type of the structure for this time series.</p>"
+        },
+        "dataTypeSpec":{
+          "shape":"Name",
+          "documentation":"<p>The data type of the structure for this time series. This parameter is required for time series that have the <code>STRUCT</code> data type.</p> <p>The options for this parameter depend on the type of the composite model in which you created the asset property that is associated with your time series. Use <code>AWS/ALARM_STATE</code> for alarm state in alarm composite models.</p>"
+        },
+        "timeSeriesCreationDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date that the time series was created, in Unix epoch time.</p>"
+        },
+        "timeSeriesLastUpdateDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date that the time series was last updated, in Unix epoch time.</p>"
+        }
+      },
+      "documentation":"<p>Contains a summary of a time series (data stream).</p>"
+    },
     "Timestamp":{"type":"timestamp"},
     "Timestamps":{
       "type":"list",
@@ -5350,10 +5747,10 @@
         },
         "offset":{
           "shape":"Offset",
-          "documentation":"<p>The offset for the tumbling window. The <code>offset</code> parameter accepts the following:</p> <ul> <li> <p>The offset time.</p> <p>For example, if you specify <code>18h</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6:00 PM (UTC), you get the first aggregation result at 6 PM (UTC) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6:00 PM (UTC), you get the first aggregation result at 6 PM (UTC) the next day.</p> </li> </ul> </li> <li> <p>The ISO 8601 format.</p> <p>For example, if you specify <code>PT18H</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6:00 PM (UTC), you get the first aggregation result at 6 PM (UTC) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6:00 PM (UTC), you get the first aggregation result at 6 PM (UTC) the next day.</p> </li> </ul> </li> <li> <p>The 24-hour clock.</p> <p>For example, if you specify <code>00:03:00</code> for <code>offset</code> and <code>5m</code> for <code>interval</code>, and you create the metric at 2 PM (UTC), you get the first aggregation result at 2:03 PM (UTC). You get the second aggregation result at 2:08 PM (UTC). </p> </li> <li> <p>The offset time zone.</p> <p>For example, if you specify <code>2021-07-23T18:00-08</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6:00 PM (PST), you get the first aggregation result at 6 PM (PST) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6:00 PM (PST), you get the first aggregation result at 6 PM (PST) the next day.</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The offset for the tumbling window. The <code>offset</code> parameter accepts the following:</p> <ul> <li> <p>The offset time.</p> <p>For example, if you specify <code>18h</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6 PM (UTC), you get the first aggregation result at 6 PM (UTC) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6 PM (UTC), you get the first aggregation result at 6 PM (UTC) the next day.</p> </li> </ul> </li> <li> <p>The ISO 8601 format.</p> <p>For example, if you specify <code>PT18H</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6 PM (UTC), you get the first aggregation result at 6 PM (UTC) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6 PM (UTC), you get the first aggregation result at 6 PM (UTC) the next day.</p> </li> </ul> </li> <li> <p>The 24-hour clock.</p> <p>For example, if you specify <code>00:03:00</code> for <code>offset</code>, <code>5m</code> for <code>interval</code>, and you create the metric at 2 PM (UTC), you get the first aggregation result at 2:03 PM (UTC). You get the second aggregation result at 2:08 PM (UTC). </p> </li> <li> <p>The offset time zone.</p> <p>For example, if you specify <code>2021-07-23T18:00-08</code> for <code>offset</code> and <code>1d</code> for <code>interval</code>, IoT SiteWise aggregates data in one of the following ways:</p> <ul> <li> <p>If you create the metric before or at 6 PM (PST), you get the first aggregation result at 6 PM (PST) on the day when you create the metric.</p> </li> <li> <p>If you create the metric after 6 PM (PST), you get the first aggregation result at 6 PM (PST) the next day.</p> </li> </ul> </li> </ul>"
         }
       },
-      "documentation":"<p>Contains a tumbling window, which is a repeating fixed-sized, non-overlapping, and contiguous time window. You use this window in metrics to aggregate data from properties and other assets.</p> <p>You can use <code>m</code>, <code>h</code>, <code>d</code>, and <code>w</code> when you specify an interval or offset. Note that <code>m</code> represents minutes, and <code>w</code> represents weeks. You can also use <code>s</code> to represent seconds in <code>offset</code>.</p> <p>The <code>interval</code> and <code>offset</code> parameters support the <a href=\"https://en.wikipedia.org/wiki/ISO_8601\">ISO 8601 format</a>. For example, <code>PT5S</code> represents five seconds, <code>PT5M</code> represents five minutes, and <code>PT5H</code> represents five hours.</p>"
+      "documentation":"<p>Contains a tumbling window, which is a repeating fixed-sized, non-overlapping, and contiguous time window. You can use this window in metrics to aggregate data from properties and other assets.</p> <p>You can use <code>m</code>, <code>h</code>, <code>d</code>, and <code>w</code> when you specify an interval or offset. Note that <code>m</code> represents minutes, <code>h</code> represents hours, <code>d</code> represents days, and <code>w</code> represents weeks. You can also use <code>s</code> to represent seconds in <code>offset</code>.</p> <p>The <code>interval</code> and <code>offset</code> parameters support the <a href=\"https://en.wikipedia.org/wiki/ISO_8601\">ISO 8601 format</a>. For example, <code>PT5S</code> represents 5 seconds, <code>PT5M</code> represents 5 minutes, and <code>PT5H</code> represents 5 hours.</p>"
     },
     "UnauthorizedException":{
       "type":"structure",
@@ -5365,6 +5762,7 @@
       "error":{"httpStatusCode":401},
       "exception":true
     },
+    "Unlimited":{"type":"boolean"},
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
diff --git a/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/paginators-1.json b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/paginators-1.json
new file mode 100644
index 00000000000..ea142457a6a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/paginators-1.json
@@ -0,0 +1,3 @@
+{
+  "pagination": {}
+}
diff --git a/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/service-2.json b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/service-2.json
new file mode 100644
index 00000000000..e214b4211ab
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/service-2.json
@@ -0,0 +1,2948 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-11-29",
+    "endpointPrefix":"iottwinmaker",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"AWS IoT TwinMaker",
+    "serviceId":"IoTTwinMaker",
+    "signatureVersion":"v4",
+    "signingName":"iottwinmaker",
+    "uid":"iottwinmaker-2021-11-29"
+  },
+  "operations":{
+    "BatchPutPropertyValues":{
+      "name":"BatchPutPropertyValues",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/entity-properties",
+        "responseCode":200
+      },
+      "input":{"shape":"BatchPutPropertyValuesRequest"},
+      "output":{"shape":"BatchPutPropertyValuesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Sets values for multiple time series properties.</p>",
+      "endpoint":{"hostPrefix":"data."}
+    },
+    "CreateComponentType":{
+      "name":"CreateComponentType",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/component-types/{componentTypeId}",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateComponentTypeRequest"},
+      "output":{"shape":"CreateComponentTypeResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Creates a component type.</p> <important> <p> TwinMaker is in public preview and is subject to change. </p> </important>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "CreateEntity":{
+      "name":"CreateEntity",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/entities",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateEntityRequest"},
+      "output":{"shape":"CreateEntityResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Creates an entity.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "CreateScene":{
+      "name":"CreateScene",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/scenes",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateSceneRequest"},
+      "output":{"shape":"CreateSceneResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Creates a scene.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "CreateWorkspace":{
+      "name":"CreateWorkspace",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateWorkspaceRequest"},
+      "output":{"shape":"CreateWorkspaceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Creates a workplace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "DeleteComponentType":{
+      "name":"DeleteComponentType",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/workspaces/{workspaceId}/component-types/{componentTypeId}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteComponentTypeRequest"},
+      "output":{"shape":"DeleteComponentTypeResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes a component type.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "DeleteEntity":{
+      "name":"DeleteEntity",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/workspaces/{workspaceId}/entities/{entityId}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteEntityRequest"},
+      "output":{"shape":"DeleteEntityResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Deletes an entity.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "DeleteScene":{
+      "name":"DeleteScene",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/workspaces/{workspaceId}/scenes/{sceneId}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteSceneRequest"},
+      "output":{"shape":"DeleteSceneResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes a scene.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "DeleteWorkspace":{
+      "name":"DeleteWorkspace",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/workspaces/{workspaceId}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteWorkspaceRequest"},
+      "output":{"shape":"DeleteWorkspaceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "GetComponentType":{
+      "name":"GetComponentType",
+      "http":{
+        "method":"GET",
+        "requestUri":"/workspaces/{workspaceId}/component-types/{componentTypeId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetComponentTypeRequest"},
+      "output":{"shape":"GetComponentTypeResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Retrieves information about a component type.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "GetEntity":{
+      "name":"GetEntity",
+      "http":{
+        "method":"GET",
+        "requestUri":"/workspaces/{workspaceId}/entities/{entityId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetEntityRequest"},
+      "output":{"shape":"GetEntityResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Retrieves information about an entity.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "GetPropertyValue":{
+      "name":"GetPropertyValue",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/entity-properties/value",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPropertyValueRequest"},
+      "output":{"shape":"GetPropertyValueResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConnectorFailureException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConnectorTimeoutException"}
+      ],
+      "documentation":"<p>Gets the property values for a component, component type, entity, or workspace.</p> <p>You must specify a value for either <code>componentName</code>, <code>componentTypeId</code>, <code>entityId</code>, or <code>workspaceId</code>.</p>",
+      "endpoint":{"hostPrefix":"data."}
+    },
+    "GetPropertyValueHistory":{
+      "name":"GetPropertyValueHistory",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/entity-properties/history",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPropertyValueHistoryRequest"},
+      "output":{"shape":"GetPropertyValueHistoryResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConnectorFailureException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConnectorTimeoutException"}
+      ],
+      "documentation":"<p>Retrieves information about the history of a time series property value for a component, component type, entity, or workspace.</p> <p>You must specify a value for <code>workspaceId</code>. For entity-specific queries, specify values for <code>componentName</code> and <code>entityId</code>. For cross-entity quries, specify a value for <code>componentTypeId</code>.</p>",
+      "endpoint":{"hostPrefix":"data."}
+    },
+    "GetScene":{
+      "name":"GetScene",
+      "http":{
+        "method":"GET",
+        "requestUri":"/workspaces/{workspaceId}/scenes/{sceneId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetSceneRequest"},
+      "output":{"shape":"GetSceneResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves information about a scene.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "GetWorkspace":{
+      "name":"GetWorkspace",
+      "http":{
+        "method":"GET",
+        "requestUri":"/workspaces/{workspaceId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetWorkspaceRequest"},
+      "output":{"shape":"GetWorkspaceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Retrieves information about a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "ListComponentTypes":{
+      "name":"ListComponentTypes",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/component-types-list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListComponentTypesRequest"},
+      "output":{"shape":"ListComponentTypesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists all component types in a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "ListEntities":{
+      "name":"ListEntities",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/entities-list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListEntitiesRequest"},
+      "output":{"shape":"ListEntitiesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Lists all entities in a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "ListScenes":{
+      "name":"ListScenes",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces/{workspaceId}/scenes-list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListScenesRequest"},
+      "output":{"shape":"ListScenesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists all scenes in a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags-list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Lists all tags associated with a resource.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "ListWorkspaces":{
+      "name":"ListWorkspaces",
+      "http":{
+        "method":"POST",
+        "requestUri":"/workspaces-list",
+        "responseCode":200
+      },
+      "input":{"shape":"ListWorkspacesRequest"},
+      "output":{"shape":"ListWorkspacesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Retrieves information about workspaces in the current account.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"TooManyTagsException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Adds tags to a resource.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Removes tags from a resource.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "UpdateComponentType":{
+      "name":"UpdateComponentType",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/workspaces/{workspaceId}/component-types/{componentTypeId}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateComponentTypeRequest"},
+      "output":{"shape":"UpdateComponentTypeResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Updates information in a component type.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "UpdateEntity":{
+      "name":"UpdateEntity",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/workspaces/{workspaceId}/entities/{entityId}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateEntityRequest"},
+      "output":{"shape":"UpdateEntityResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Updates an entity.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "UpdateScene":{
+      "name":"UpdateScene",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/workspaces/{workspaceId}/scenes/{sceneId}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateSceneRequest"},
+      "output":{"shape":"UpdateSceneResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates a scene.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    },
+    "UpdateWorkspace":{
+      "name":"UpdateWorkspace",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/workspaces/{workspaceId}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateWorkspaceRequest"},
+      "output":{"shape":"UpdateWorkspaceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Updates a workspace.</p>",
+      "endpoint":{"hostPrefix":"api."}
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>Access is denied.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "BatchPutPropertyError":{
+      "type":"structure",
+      "required":[
+        "entry",
+        "errorCode",
+        "errorMessage"
+      ],
+      "members":{
+        "entry":{
+          "shape":"PropertyValueEntry",
+          "documentation":"<p>An object that contains information about errors returned by the <code>BatchPutProperty</code> action.</p>"
+        },
+        "errorCode":{
+          "shape":"String",
+          "documentation":"<p>The error code.</p>"
+        },
+        "errorMessage":{
+          "shape":"String",
+          "documentation":"<p>The error message.</p>"
+        }
+      },
+      "documentation":"<p>An error returned by the <code>BatchPutProperty</code> action.</p>"
+    },
+    "BatchPutPropertyErrorEntry":{
+      "type":"structure",
+      "required":["errors"],
+      "members":{
+        "errors":{
+          "shape":"Errors",
+          "documentation":"<p>A list of objects that contain information about errors returned by the <code>BatchPutProperty</code> action.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about errors returned by the <code>BatchPutProperty</code> action.</p>"
+    },
+    "BatchPutPropertyValuesRequest":{
+      "type":"structure",
+      "required":[
+        "entries",
+        "workspaceId"
+      ],
+      "members":{
+        "entries":{
+          "shape":"Entries",
+          "documentation":"<p>An object that maps strings to the property value entries to set. Each string in the mapping must be unique to this object.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the properties to set.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "BatchPutPropertyValuesResponse":{
+      "type":"structure",
+      "required":["errorEntries"],
+      "members":{
+        "errorEntries":{
+          "shape":"ErrorEntries",
+          "documentation":"<p>Entries that caused errors in the batch put operation.</p>"
+        }
+      }
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "ComponentRequest":{
+      "type":"structure",
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component request.</p>"
+        },
+        "properties":{
+          "shape":"PropertyRequests",
+          "documentation":"<p>An object that maps strings to the properties to set in the component type. Each string in the mapping must be unique to this object.</p>"
+        }
+      },
+      "documentation":"<p>An object that sets information about a component type create or update request.</p>"
+    },
+    "ComponentResponse":{
+      "type":"structure",
+      "members":{
+        "componentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the component.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "definedIn":{
+          "shape":"String",
+          "documentation":"<p>The name of the property definition set in the request.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "properties":{
+          "shape":"PropertyResponses",
+          "documentation":"<p>An object that maps strings to the properties to set in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the component type.</p>"
+        }
+      },
+      "documentation":"<p>An object that returns information about a component type create or update request.</p>"
+    },
+    "ComponentTypeId":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z_\\.\\-0-9:]+"
+    },
+    "ComponentTypeSummaries":{
+      "type":"list",
+      "member":{"shape":"ComponentTypeSummary"}
+    },
+    "ComponentTypeSummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "componentTypeId",
+        "creationDateTime",
+        "updateDateTime"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the component type.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the component type was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The current status of the component type.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the component type was last updated.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about a component type.</p>"
+    },
+    "ComponentUpdateRequest":{
+      "type":"structure",
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "propertyUpdates":{
+          "shape":"PropertyRequests",
+          "documentation":"<p>An object that maps strings to the properties to set in the component type update. Each string in the mapping must be unique to this object.</p>"
+        },
+        "updateType":{
+          "shape":"ComponentUpdateType",
+          "documentation":"<p>The update type of the component update request.</p>"
+        }
+      },
+      "documentation":"<p>The component update request.</p>"
+    },
+    "ComponentUpdateType":{
+      "type":"string",
+      "enum":[
+        "CREATE",
+        "UPDATE",
+        "DELETE"
+      ]
+    },
+    "ComponentUpdatesMapRequest":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"ComponentUpdateRequest"}
+    },
+    "ComponentsMap":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"ComponentResponse"}
+    },
+    "ComponentsMapRequest":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"ComponentRequest"}
+    },
+    "Configuration":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"Value"}
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>A conflict occurred.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ConnectorFailureException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The connector failed.</p>",
+      "error":{
+        "httpStatusCode":424,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ConnectorTimeoutException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The connector timed out.</p>",
+      "error":{
+        "httpStatusCode":424,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "CreateComponentTypeRequest":{
+      "type":"structure",
+      "required":[
+        "componentTypeId",
+        "workspaceId"
+      ],
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>",
+          "location":"uri",
+          "locationName":"componentTypeId"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "extendsFrom":{
+          "shape":"ExtendsFrom",
+          "documentation":"<p>Specifies the parent component type to extend.</p>"
+        },
+        "functions":{
+          "shape":"FunctionsRequest",
+          "documentation":"<p>An object that maps strings to the functions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "isSingleton":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether an entity can have more than one component of this type.</p>"
+        },
+        "propertyDefinitions":{
+          "shape":"PropertyDefinitionsRequest",
+          "documentation":"<p>An object that maps strings to the property definitions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata that you can use to manage the component type.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "CreateComponentTypeResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "state"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the component type.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was created.</p>"
+        },
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the component type.</p>"
+        }
+      }
+    },
+    "CreateEntityRequest":{
+      "type":"structure",
+      "required":[
+        "entityName",
+        "workspaceId"
+      ],
+      "members":{
+        "components":{
+          "shape":"ComponentsMapRequest",
+          "documentation":"<p>An object that maps strings to the components in the entity. Each string in the mapping must be unique to this object.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entity.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the entity.</p>"
+        },
+        "parentEntityId":{
+          "shape":"ParentEntityId",
+          "documentation":"<p>The ID of the entity's parent entity.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata that you can use to manage the entity.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the entity.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "CreateEntityResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "entityId",
+        "state"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the entity.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was created.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the entity.</p>"
+        }
+      }
+    },
+    "CreateSceneRequest":{
+      "type":"structure",
+      "required":[
+        "contentLocation",
+        "sceneId",
+        "workspaceId"
+      ],
+      "members":{
+        "capabilities":{
+          "shape":"SceneCapabilities",
+          "documentation":"<p>A list of capabilities that the scene uses to render itself.</p>"
+        },
+        "contentLocation":{
+          "shape":"S3Url",
+          "documentation":"<p>The relative path that specifies the location of the content definition file.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description for this scene.</p>"
+        },
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata that you can use to manage the scene.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the scene.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "CreateSceneResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the scene.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was created.</p>"
+        }
+      }
+    },
+    "CreateWorkspaceRequest":{
+      "type":"structure",
+      "required":[
+        "role",
+        "s3Location",
+        "workspaceId"
+      ],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the workspace.</p>"
+        },
+        "role":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the execution role associated with the workspace.</p>"
+        },
+        "s3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The ARN of the S3 bucket where resources associated with the workspace are stored.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata that you can use to manage the workspace</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "CreateWorkspaceResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the workspace.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the workspace was created.</p>"
+        }
+      }
+    },
+    "DataConnector":{
+      "type":"structure",
+      "members":{
+        "isNative":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the data connector is native to TwinMaker.</p>"
+        },
+        "lambda":{
+          "shape":"LambdaFunction",
+          "documentation":"<p>The Lambda function associated with this data connector.</p>"
+        }
+      },
+      "documentation":"<p>The data connector.</p>"
+    },
+    "DataType":{
+      "type":"structure",
+      "required":["type"],
+      "members":{
+        "allowedValues":{
+          "shape":"DataValueList",
+          "documentation":"<p>The allowed values for this data type.</p>"
+        },
+        "nestedType":{
+          "shape":"DataType",
+          "documentation":"<p>The nested type in the data type.</p>"
+        },
+        "relationship":{
+          "shape":"Relationship",
+          "documentation":"<p>A relationship that associates a component with another component.</p>"
+        },
+        "type":{
+          "shape":"Type",
+          "documentation":"<p>The underlying type of the data type.</p>"
+        },
+        "unitOfMeasure":{
+          "shape":"String",
+          "documentation":"<p>The unit of measure used in this data type.</p>"
+        }
+      },
+      "documentation":"<p>An object that specifies the data type of a property.</p>"
+    },
+    "DataValue":{
+      "type":"structure",
+      "members":{
+        "booleanValue":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value.</p>"
+        },
+        "doubleValue":{
+          "shape":"Double",
+          "documentation":"<p>A double value.</p>"
+        },
+        "expression":{
+          "shape":"Expression",
+          "documentation":"<p>An expression that produces the value.</p>"
+        },
+        "integerValue":{
+          "shape":"Integer",
+          "documentation":"<p>An integer value.</p>"
+        },
+        "listValue":{
+          "shape":"DataValueList",
+          "documentation":"<p>A list of multiple values.</p>"
+        },
+        "longValue":{
+          "shape":"Long",
+          "documentation":"<p>A long value.</p>"
+        },
+        "mapValue":{
+          "shape":"DataValueMap",
+          "documentation":"<p>An object that maps strings to multiple <code>DataValue</code> objects.</p>"
+        },
+        "relationshipValue":{
+          "shape":"RelationshipValue",
+          "documentation":"<p>A value that relates a component to another component.</p>"
+        },
+        "stringValue":{
+          "shape":"String",
+          "documentation":"<p>A string value.</p>"
+        }
+      },
+      "documentation":"<p>An object that specifies a value for a property.</p>"
+    },
+    "DataValueList":{
+      "type":"list",
+      "member":{"shape":"DataValue"},
+      "max":50,
+      "min":0
+    },
+    "DataValueMap":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"DataValue"},
+      "max":50,
+      "min":0
+    },
+    "DeleteComponentTypeRequest":{
+      "type":"structure",
+      "required":[
+        "componentTypeId",
+        "workspaceId"
+      ],
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type to delete.</p>",
+          "location":"uri",
+          "locationName":"componentTypeId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "DeleteComponentTypeResponse":{
+      "type":"structure",
+      "required":["state"],
+      "members":{
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the component type to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteEntityRequest":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "workspaceId"
+      ],
+      "members":{
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity to delete.</p>",
+          "location":"uri",
+          "locationName":"entityId"
+        },
+        "isRecursive":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the operation deletes child entities.</p>",
+          "location":"querystring",
+          "locationName":"isRecursive"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the entity to delete.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "DeleteEntityResponse":{
+      "type":"structure",
+      "required":["state"],
+      "members":{
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the deleted entity.</p>"
+        }
+      }
+    },
+    "DeleteSceneRequest":{
+      "type":"structure",
+      "required":[
+        "sceneId",
+        "workspaceId"
+      ],
+      "members":{
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene to delete.</p>",
+          "location":"uri",
+          "locationName":"sceneId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "DeleteSceneResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteWorkspaceRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace to delete.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "DeleteWorkspaceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Description":{
+      "type":"string",
+      "max":512,
+      "min":0,
+      "pattern":".*"
+    },
+    "Double":{
+      "type":"double",
+      "box":true
+    },
+    "EntityId":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|^[a-zA-Z0-9][a-zA-Z_\\-0-9.:]*[a-zA-Z0-9]+"
+    },
+    "EntityName":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z_0-9-.][a-zA-Z_0-9-. ]*[a-zA-Z0-9]+"
+    },
+    "EntityPropertyReference":{
+      "type":"structure",
+      "required":["propertyName"],
+      "members":{
+        "componentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the component.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "externalIdProperty":{
+          "shape":"ExternalIdProperty",
+          "documentation":"<p>A mapping of external IDs to property names. External IDs uniquely identify properties from external data stores.</p>"
+        },
+        "propertyName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the property.</p>"
+        }
+      },
+      "documentation":"<p>An object that uniquely identifies an entity property.</p>"
+    },
+    "EntitySummaries":{
+      "type":"list",
+      "member":{"shape":"EntitySummary"}
+    },
+    "EntitySummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "entityId",
+        "entityName",
+        "status",
+        "updateDateTime"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the entity.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entity.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the entity.</p>"
+        },
+        "hasChildEntities":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the entity has child entities or not.</p>"
+        },
+        "parentEntityId":{
+          "shape":"ParentEntityId",
+          "documentation":"<p>The ID of the parent entity.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The current status of the entity.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last date and time when the entity was updated.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about an entity.</p>"
+    },
+    "Entries":{
+      "type":"list",
+      "member":{"shape":"PropertyValueEntry"},
+      "max":10,
+      "min":1
+    },
+    "ErrorCode":{
+      "type":"string",
+      "enum":[
+        "VALIDATION_ERROR",
+        "INTERNAL_FAILURE"
+      ]
+    },
+    "ErrorDetails":{
+      "type":"structure",
+      "members":{
+        "code":{
+          "shape":"ErrorCode",
+          "documentation":"<p>The error code.</p>"
+        },
+        "message":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The error message.</p>"
+        }
+      },
+      "documentation":"<p>The error details.</p>"
+    },
+    "ErrorEntries":{
+      "type":"list",
+      "member":{"shape":"BatchPutPropertyErrorEntry"},
+      "max":10,
+      "min":1
+    },
+    "ErrorMessage":{
+      "type":"string",
+      "max":2048,
+      "min":0
+    },
+    "Errors":{
+      "type":"list",
+      "member":{"shape":"BatchPutPropertyError"},
+      "max":10,
+      "min":1
+    },
+    "ExceptionMessage":{"type":"string"},
+    "Expression":{
+      "type":"string",
+      "max":316,
+      "min":1,
+      "pattern":"(^\\$\\{Parameters\\.[a-zA-z]+([a-zA-z_0-9]*)}$)"
+    },
+    "ExtendsFrom":{
+      "type":"list",
+      "member":{"shape":"ComponentTypeId"}
+    },
+    "ExternalIdProperty":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"String"}
+    },
+    "FunctionRequest":{
+      "type":"structure",
+      "members":{
+        "implementedBy":{
+          "shape":"DataConnector",
+          "documentation":"<p>The data connector.</p>"
+        },
+        "requiredProperties":{
+          "shape":"RequiredProperties",
+          "documentation":"<p>The required properties of the function.</p>"
+        },
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>The scope of the function.</p>"
+        }
+      },
+      "documentation":"<p>The function request body.</p>"
+    },
+    "FunctionResponse":{
+      "type":"structure",
+      "members":{
+        "implementedBy":{
+          "shape":"DataConnector",
+          "documentation":"<p>The data connector.</p>"
+        },
+        "isInherited":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether this function is inherited.</p>"
+        },
+        "requiredProperties":{
+          "shape":"RequiredProperties",
+          "documentation":"<p>The required properties of the function.</p>"
+        },
+        "scope":{
+          "shape":"Scope",
+          "documentation":"<p>The scope of the function.</p>"
+        }
+      },
+      "documentation":"<p>The function response.</p>"
+    },
+    "FunctionsRequest":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"FunctionRequest"}
+    },
+    "FunctionsResponse":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"FunctionResponse"}
+    },
+    "GetComponentTypeRequest":{
+      "type":"structure",
+      "required":[
+        "componentTypeId",
+        "workspaceId"
+      ],
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>",
+          "location":"uri",
+          "locationName":"componentTypeId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetComponentTypeResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "componentTypeId",
+        "creationDateTime",
+        "updateDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the component type.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the component type was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "extendsFrom":{
+          "shape":"ExtendsFrom",
+          "documentation":"<p>The name of the parent component type that this component type extends.</p>"
+        },
+        "functions":{
+          "shape":"FunctionsResponse",
+          "documentation":"<p>An object that maps strings to the functions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "isAbstract":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the component type is abstract.</p>"
+        },
+        "isSchemaInitialized":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the component type has a schema initializer and that the schema initializer has run.</p>"
+        },
+        "isSingleton":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether an entity can have more than one component of this type.</p>"
+        },
+        "propertyDefinitions":{
+          "shape":"PropertyDefinitionsResponse",
+          "documentation":"<p>An object that maps strings to the property definitions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The current status of the component type.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the component was last updated.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>"
+        }
+      }
+    },
+    "GetEntityRequest":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "workspaceId"
+      ],
+      "members":{
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>",
+          "location":"uri",
+          "locationName":"entityId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetEntityResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "entityId",
+        "entityName",
+        "hasChildEntities",
+        "parentEntityId",
+        "status",
+        "updateDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the entity.</p>"
+        },
+        "components":{
+          "shape":"ComponentsMap",
+          "documentation":"<p>An object that maps strings to the components in the entity. Each string in the mapping must be unique to this object.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entity.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the entity.</p>"
+        },
+        "hasChildEntities":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the entity has associated child entities.</p>"
+        },
+        "parentEntityId":{
+          "shape":"ParentEntityId",
+          "documentation":"<p>The ID of the parent entity for this entity.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The current status of the entity.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was last updated.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>"
+        }
+      }
+    },
+    "GetPropertyValueHistoryRequest":{
+      "type":"structure",
+      "required":[
+        "endDateTime",
+        "selectedProperties",
+        "startDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "componentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the component.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "endDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time of the latest property value to return.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>"
+        },
+        "interpolation":{
+          "shape":"InterpolationParameters",
+          "documentation":"<p>An object that specifies the interpolation type and the interval over which to interpolate data.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "orderByTime":{
+          "shape":"OrderByTime",
+          "documentation":"<p>The time direction to use in the result order.</p>"
+        },
+        "propertyFilters":{
+          "shape":"PropertyFilters",
+          "documentation":"<p>A list of objects that filter the property value history request.</p>"
+        },
+        "selectedProperties":{
+          "shape":"SelectedPropertyList",
+          "documentation":"<p>A list of properties whose value histories the request retrieves.</p>"
+        },
+        "startDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time of the earliest property value to return.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetPropertyValueHistoryResponse":{
+      "type":"structure",
+      "required":["propertyValues"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "propertyValues":{
+          "shape":"PropertyValueList",
+          "documentation":"<p>An object that maps strings to the property definitions in the component type. Each string in the mapping must be unique to this object.</p>"
+        }
+      }
+    },
+    "GetPropertyValueRequest":{
+      "type":"structure",
+      "required":[
+        "selectedProperties",
+        "workspaceId"
+      ],
+      "members":{
+        "componentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the component whose property values the operation returns.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type whose property values the operation returns.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity whose property values the operation returns.</p>"
+        },
+        "selectedProperties":{
+          "shape":"SelectedPropertyList",
+          "documentation":"<p>The properties whose values the operation returns.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace whose values the operation returns.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetPropertyValueResponse":{
+      "type":"structure",
+      "required":["propertyValues"],
+      "members":{
+        "propertyValues":{
+          "shape":"PropertyLatestValueMap",
+          "documentation":"<p>An object that maps strings to the properties and latest property values in the response. Each string in the mapping must be unique to this object.</p>"
+        }
+      }
+    },
+    "GetSceneRequest":{
+      "type":"structure",
+      "required":[
+        "sceneId",
+        "workspaceId"
+      ],
+      "members":{
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene.</p>",
+          "location":"uri",
+          "locationName":"sceneId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the scene.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetSceneResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "contentLocation",
+        "creationDateTime",
+        "sceneId",
+        "updateDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the scene.</p>"
+        },
+        "capabilities":{
+          "shape":"SceneCapabilities",
+          "documentation":"<p>A list of capabilities that the scene uses to render.</p>"
+        },
+        "contentLocation":{
+          "shape":"S3Url",
+          "documentation":"<p>The relative path that specifies the location of the content definition file.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the scene.</p>"
+        },
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was last updated.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the scene.</p>"
+        }
+      }
+    },
+    "GetWorkspaceRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "workspaceId":{
+          "shape":"IdOrArn",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "GetWorkspaceResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "role",
+        "s3Location",
+        "updateDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the workspace.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the workspace was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the workspace.</p>"
+        },
+        "role":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the execution role associated with the workspace.</p>"
+        },
+        "s3Location":{
+          "shape":"S3Location",
+          "documentation":"<p>The ARN of the S3 bucket where resources associated with the workspace are stored.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the workspace was last updated.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>"
+        }
+      }
+    },
+    "Id":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[a-zA-Z_0-9][a-zA-Z_\\-0-9]*[a-zA-Z0-9]+"
+    },
+    "IdOrArn":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"[a-zA-Z][a-zA-Z_\\-0-9]*[a-zA-Z0-9]+$|^arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\\/a-zA-Z0-9_-]+"
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>An unexpected error has occurred.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "InterpolationParameters":{
+      "type":"structure",
+      "members":{
+        "interpolationType":{
+          "shape":"InterpolationType",
+          "documentation":"<p>The interpolation type.</p>"
+        },
+        "intervalInSeconds":{
+          "shape":"IntervalInSeconds",
+          "documentation":"<p>The interpolation time interval in seconds.</p>"
+        }
+      },
+      "documentation":"<p>An object that specifies how to interpolate data in a list.</p>"
+    },
+    "InterpolationType":{
+      "type":"string",
+      "enum":["LINEAR"]
+    },
+    "IntervalInSeconds":{
+      "type":"long",
+      "box":true
+    },
+    "LambdaArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"arn:((aws)|(aws-cn)|(aws-us-gov)):lambda:[a-z0-9-]+:[0-9]{12}:function:[\\/a-zA-Z0-9_-]+"
+    },
+    "LambdaFunction":{
+      "type":"structure",
+      "required":["arn"],
+      "members":{
+        "arn":{
+          "shape":"LambdaArn",
+          "documentation":"<p>The ARN of the Lambda function.</p>"
+        }
+      },
+      "documentation":"<p>The Lambda function.</p>"
+    },
+    "ListComponentTypesFilter":{
+      "type":"structure",
+      "members":{
+        "extendsFrom":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The component type that the component types in the list extend.</p>"
+        },
+        "isAbstract":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the component types in the list are abstract.</p>"
+        },
+        "namespace":{
+          "shape":"String",
+          "documentation":"<p>The namespace to which the component types in the list belong.</p>"
+        }
+      },
+      "documentation":"<p>An object that filters items in a list of component types.</p>",
+      "union":true
+    },
+    "ListComponentTypesFilters":{
+      "type":"list",
+      "member":{"shape":"ListComponentTypesFilter"}
+    },
+    "ListComponentTypesRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "filters":{
+          "shape":"ListComponentTypesFilters",
+          "documentation":"<p>A list of objects that filter the request.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "ListComponentTypesResponse":{
+      "type":"structure",
+      "required":[
+        "componentTypeSummaries",
+        "workspaceId"
+      ],
+      "members":{
+        "componentTypeSummaries":{
+          "shape":"ComponentTypeSummaries",
+          "documentation":"<p>A list of objects that contain information about the component types.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Specifies the maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>"
+        }
+      }
+    },
+    "ListEntitiesFilter":{
+      "type":"structure",
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type in the entities in the list.</p>"
+        },
+        "parentEntityId":{
+          "shape":"ParentEntityId",
+          "documentation":"<p>The parent of the entities in the list.</p>"
+        }
+      },
+      "documentation":"<p>An object that filters items in a list of entities.</p>",
+      "union":true
+    },
+    "ListEntitiesFilters":{
+      "type":"list",
+      "member":{"shape":"ListEntitiesFilter"}
+    },
+    "ListEntitiesRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "filters":{
+          "shape":"ListEntitiesFilters",
+          "documentation":"<p>A list of objects that filter the request.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "ListEntitiesResponse":{
+      "type":"structure",
+      "members":{
+        "entitySummaries":{
+          "shape":"EntitySummaries",
+          "documentation":"<p>A list of objects that contain information about the entities.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        }
+      }
+    },
+    "ListScenesRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Specifies the maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the scenes.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "ListScenesResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "sceneSummaries":{
+          "shape":"SceneSummaries",
+          "documentation":"<p>A list of objects that contain information about the scenes.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceARN"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "resourceARN":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the resource.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata that you can use to manage a resource.</p>"
+        }
+      }
+    },
+    "ListWorkspacesRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to display.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        }
+      }
+    },
+    "ListWorkspacesResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The string that specifies the next page of results.</p>"
+        },
+        "workspaceSummaries":{
+          "shape":"WorkspaceSummaries",
+          "documentation":"<p>A list of objects that contain information about the workspaces.</p>"
+        }
+      }
+    },
+    "Long":{
+      "type":"long",
+      "box":true
+    },
+    "MaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":200,
+      "min":0
+    },
+    "Name":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z_\\-0-9]+"
+    },
+    "NextToken":{
+      "type":"string",
+      "max":17880,
+      "min":0,
+      "pattern":".*"
+    },
+    "OrderByTime":{
+      "type":"string",
+      "enum":[
+        "ASCENDING",
+        "DESCENDING"
+      ]
+    },
+    "ParentEntityId":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"\\$ROOT|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|^[a-zA-Z0-9][a-zA-Z_\\-0-9.:]*[a-zA-Z0-9]+"
+    },
+    "ParentEntityUpdateRequest":{
+      "type":"structure",
+      "required":["updateType"],
+      "members":{
+        "parentEntityId":{
+          "shape":"ParentEntityId",
+          "documentation":"<p>The ID of the parent entity.</p>"
+        },
+        "updateType":{
+          "shape":"ParentEntityUpdateType",
+          "documentation":"<p>The type of the update.</p>"
+        }
+      },
+      "documentation":"<p>The parent entity update request.</p>"
+    },
+    "ParentEntityUpdateType":{
+      "type":"string",
+      "enum":[
+        "UPDATE",
+        "DELETE"
+      ]
+    },
+    "PropertyDefinitionRequest":{
+      "type":"structure",
+      "members":{
+        "configuration":{
+          "shape":"Configuration",
+          "documentation":"<p>A mapping that specifies configuration information about the property. Use this field to specify information that you read from and write to an external source.</p>"
+        },
+        "dataType":{
+          "shape":"DataType",
+          "documentation":"<p>An object that contains information about the data type.</p>"
+        },
+        "defaultValue":{
+          "shape":"DataValue",
+          "documentation":"<p>An object that contains the default value.</p>"
+        },
+        "isExternalId":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property ID comes from an external data store.</p>"
+        },
+        "isRequiredInEntity":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property is required.</p>"
+        },
+        "isStoredExternally":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property is stored externally.</p>"
+        },
+        "isTimeSeries":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property consists of time series data.</p>"
+        }
+      },
+      "documentation":"<p>An object that sets information about a property.</p>"
+    },
+    "PropertyDefinitionResponse":{
+      "type":"structure",
+      "required":[
+        "dataType",
+        "isExternalId",
+        "isFinal",
+        "isImported",
+        "isInherited",
+        "isRequiredInEntity",
+        "isStoredExternally",
+        "isTimeSeries"
+      ],
+      "members":{
+        "configuration":{
+          "shape":"Configuration",
+          "documentation":"<p>A mapping that specifies configuration information about the property.</p>"
+        },
+        "dataType":{
+          "shape":"DataType",
+          "documentation":"<p>An object that contains information about the data type.</p>"
+        },
+        "defaultValue":{
+          "shape":"DataValue",
+          "documentation":"<p>An object that contains the default value.</p>"
+        },
+        "isExternalId":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property ID comes from an external data store.</p>"
+        },
+        "isFinal":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property definition can be updated.</p>"
+        },
+        "isImported":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property definition is imported from an external data store.</p>"
+        },
+        "isInherited":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property definition is inherited from a parent entity.</p>"
+        },
+        "isRequiredInEntity":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property is required in an entity.</p>"
+        },
+        "isStoredExternally":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property is stored externally.</p>"
+        },
+        "isTimeSeries":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether the property consists of time series data.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains response data from a property definition request.</p>"
+    },
+    "PropertyDefinitionsRequest":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"PropertyDefinitionRequest"}
+    },
+    "PropertyDefinitionsResponse":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"PropertyDefinitionResponse"}
+    },
+    "PropertyFilter":{
+      "type":"structure",
+      "members":{
+        "operator":{
+          "shape":"String",
+          "documentation":"<p>The operator associated with this property filter.</p>"
+        },
+        "propertyName":{
+          "shape":"String",
+          "documentation":"<p>The property name associated with this property filter.</p>"
+        },
+        "value":{
+          "shape":"DataValue",
+          "documentation":"<p>The value associated with this property filter.</p>"
+        }
+      },
+      "documentation":"<p>An object that filters items returned by a property request.</p>"
+    },
+    "PropertyFilters":{
+      "type":"list",
+      "member":{"shape":"PropertyFilter"},
+      "max":10,
+      "min":1
+    },
+    "PropertyLatestValue":{
+      "type":"structure",
+      "required":["propertyReference"],
+      "members":{
+        "propertyReference":{
+          "shape":"EntityPropertyReference",
+          "documentation":"<p>An object that specifies information about a property.&gt;</p>"
+        },
+        "propertyValue":{
+          "shape":"DataValue",
+          "documentation":"<p>The value of the property.</p>"
+        }
+      },
+      "documentation":"<p>The latest value of the property.</p>"
+    },
+    "PropertyLatestValueMap":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"PropertyLatestValue"}
+    },
+    "PropertyRequest":{
+      "type":"structure",
+      "members":{
+        "definition":{
+          "shape":"PropertyDefinitionRequest",
+          "documentation":"<p>An object that specifies information about a property.</p>"
+        },
+        "updateType":{
+          "shape":"PropertyUpdateType",
+          "documentation":"<p>The update type of the update property request.</p>"
+        },
+        "value":{
+          "shape":"DataValue",
+          "documentation":"<p>The value of the property.</p>"
+        }
+      },
+      "documentation":"<p>An object that sets information about a property.</p>"
+    },
+    "PropertyRequests":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"PropertyRequest"}
+    },
+    "PropertyResponse":{
+      "type":"structure",
+      "members":{
+        "definition":{
+          "shape":"PropertyDefinitionResponse",
+          "documentation":"<p>An object that specifies information about a property.</p>"
+        },
+        "value":{
+          "shape":"DataValue",
+          "documentation":"<p>The value of the property.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about a property response.</p>"
+    },
+    "PropertyResponses":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"PropertyResponse"}
+    },
+    "PropertyUpdateType":{
+      "type":"string",
+      "enum":[
+        "UPDATE",
+        "DELETE"
+      ]
+    },
+    "PropertyValue":{
+      "type":"structure",
+      "required":[
+        "timestamp",
+        "value"
+      ],
+      "members":{
+        "timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of a value for a time series property.</p>"
+        },
+        "value":{
+          "shape":"DataValue",
+          "documentation":"<p>An object that specifies a value for a time series property.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about a value for a time series property.</p>"
+    },
+    "PropertyValueEntry":{
+      "type":"structure",
+      "required":["entityPropertyReference"],
+      "members":{
+        "entityPropertyReference":{
+          "shape":"EntityPropertyReference",
+          "documentation":"<p>An object that contains information about the entity that has the property.</p>"
+        },
+        "propertyValues":{
+          "shape":"PropertyValues",
+          "documentation":"<p>A list of objects that specify time series property values.</p>"
+        }
+      },
+      "documentation":"<p>An object that specifies information about time series property values.</p>"
+    },
+    "PropertyValueHistory":{
+      "type":"structure",
+      "required":["entityPropertyReference"],
+      "members":{
+        "entityPropertyReference":{
+          "shape":"EntityPropertyReference",
+          "documentation":"<p>An object that uniquely identifies an entity property.</p>"
+        },
+        "values":{
+          "shape":"Values",
+          "documentation":"<p>A list of objects that contain information about the values in the history of a time series property.</p>"
+        }
+      },
+      "documentation":"<p>The history of values for a time series property.</p>"
+    },
+    "PropertyValueList":{
+      "type":"list",
+      "member":{"shape":"PropertyValueHistory"}
+    },
+    "PropertyValues":{
+      "type":"list",
+      "member":{"shape":"PropertyValue"},
+      "max":10,
+      "min":1
+    },
+    "Relationship":{
+      "type":"structure",
+      "members":{
+        "relationshipType":{
+          "shape":"String",
+          "documentation":"<p>The type of the relationship.</p>"
+        },
+        "targetComponentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the target component type associated with this relationship.</p>"
+        }
+      },
+      "documentation":"<p>An object that specifies a relationship with another component type.</p>"
+    },
+    "RelationshipValue":{
+      "type":"structure",
+      "members":{
+        "targetComponentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the target component associated with the relationship value.</p>"
+        },
+        "targetEntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the target entity associated with this relationship value.</p>"
+        }
+      },
+      "documentation":"<p>A value that associates a component and an entity.</p>"
+    },
+    "RequiredProperties":{
+      "type":"list",
+      "member":{"shape":"Name"}
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The resource wasn't found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "RoleArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"arn:((aws)|(aws-cn)|(aws-us-gov)):iam::[0-9]{12}:role/.*"
+    },
+    "S3Location":{"type":"string"},
+    "S3Url":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":"[sS]3://[A-Za-z0-9._/-]+"
+    },
+    "SceneCapabilities":{
+      "type":"list",
+      "member":{"shape":"SceneCapability"},
+      "max":50,
+      "min":0
+    },
+    "SceneCapability":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":".*"
+    },
+    "SceneSummaries":{
+      "type":"list",
+      "member":{"shape":"SceneSummary"}
+    },
+    "SceneSummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "contentLocation",
+        "creationDateTime",
+        "sceneId",
+        "updateDateTime"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the scene.</p>"
+        },
+        "contentLocation":{
+          "shape":"S3Url",
+          "documentation":"<p>The relative path that specifies the location of the content definition file.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The scene description.</p>"
+        },
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was last updated.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about a scene.</p>"
+    },
+    "Scope":{
+      "type":"string",
+      "enum":[
+        "ENTITY",
+        "WORKSPACE"
+      ]
+    },
+    "SelectedPropertyList":{
+      "type":"list",
+      "member":{"shape":"String"},
+      "max":10,
+      "min":1
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The service quota was exceeded.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "State":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "UPDATING",
+        "DELETING",
+        "ACTIVE",
+        "ERROR"
+      ]
+    },
+    "Status":{
+      "type":"structure",
+      "members":{
+        "error":{
+          "shape":"ErrorDetails",
+          "documentation":"<p>The error message.</p>"
+        },
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the entity, component, component type, or workspace.</p>"
+        }
+      },
+      "documentation":"<p>An object that represents the status of an entity, component, component type, or workspace.</p>"
+    },
+    "String":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":".*"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":50,
+      "min":0
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"},
+      "max":50,
+      "min":0
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceARN",
+        "tags"
+      ],
+      "members":{
+        "resourceARN":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the resource.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Metadata to add to this resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":".*"
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The rate exceeds the limit.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Timestamp":{"type":"timestamp"},
+    "TooManyTagsException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"}
+      },
+      "documentation":"<p>The number of tags exceeds the limit.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "TwinMakerArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"arn:((aws)|(aws-cn)|(aws-us-gov)):iottwinmaker:[a-z0-9-]+:[0-9]{12}:[\\/a-zA-Z0-9_\\-\\.:]+"
+    },
+    "Type":{
+      "type":"string",
+      "enum":[
+        "RELATIONSHIP",
+        "STRING",
+        "LONG",
+        "BOOLEAN",
+        "INTEGER",
+        "DOUBLE",
+        "LIST",
+        "MAP"
+      ]
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceARN",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceARN":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the resource.</p>",
+          "location":"querystring",
+          "locationName":"resourceARN"
+        },
+        "tagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>A list of tag key names to remove from the resource. You don't specify the value. Both the key and its associated value are removed.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateComponentTypeRequest":{
+      "type":"structure",
+      "required":[
+        "componentTypeId",
+        "workspaceId"
+      ],
+      "members":{
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>",
+          "location":"uri",
+          "locationName":"componentTypeId"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the component type.</p>"
+        },
+        "extendsFrom":{
+          "shape":"ExtendsFrom",
+          "documentation":"<p>Specifies the component type that this component type extends.</p>"
+        },
+        "functions":{
+          "shape":"FunctionsRequest",
+          "documentation":"<p>An object that maps strings to the functions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "isSingleton":{
+          "shape":"Boolean",
+          "documentation":"<p>A Boolean value that specifies whether an entity can have more than one component of this type.</p>"
+        },
+        "propertyDefinitions":{
+          "shape":"PropertyDefinitionsRequest",
+          "documentation":"<p>An object that maps strings to the property definitions in the component type. Each string in the mapping must be unique to this object.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "UpdateComponentTypeResponse":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "componentTypeId",
+        "state",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the component type.</p>"
+        },
+        "componentTypeId":{
+          "shape":"ComponentTypeId",
+          "documentation":"<p>The ID of the component type.</p>"
+        },
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the component type.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the component type.</p>"
+        }
+      }
+    },
+    "UpdateEntityRequest":{
+      "type":"structure",
+      "required":[
+        "entityId",
+        "workspaceId"
+      ],
+      "members":{
+        "componentUpdates":{
+          "shape":"ComponentUpdatesMapRequest",
+          "documentation":"<p>An object that maps strings to the component updates in the request. Each string in the mapping must be unique to this object.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the entity.</p>"
+        },
+        "entityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The ID of the entity.</p>",
+          "location":"uri",
+          "locationName":"entityId"
+        },
+        "entityName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the entity.</p>"
+        },
+        "parentEntityUpdate":{
+          "shape":"ParentEntityUpdateRequest",
+          "documentation":"<p>An object that describes the update request for a parent entity.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the entity.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "UpdateEntityResponse":{
+      "type":"structure",
+      "required":[
+        "state",
+        "updateDateTime"
+      ],
+      "members":{
+        "state":{
+          "shape":"State",
+          "documentation":"<p>The current state of the entity update.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the entity was last updated.</p>"
+        }
+      }
+    },
+    "UpdateSceneRequest":{
+      "type":"structure",
+      "required":[
+        "sceneId",
+        "workspaceId"
+      ],
+      "members":{
+        "capabilities":{
+          "shape":"SceneCapabilities",
+          "documentation":"<p>A list of capabilities that the scene uses to render.</p>"
+        },
+        "contentLocation":{
+          "shape":"S3Url",
+          "documentation":"<p>The relative path that specifies the location of the content definition file.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of this scene.</p>"
+        },
+        "sceneId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the scene.</p>",
+          "location":"uri",
+          "locationName":"sceneId"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace that contains the scene.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "UpdateSceneResponse":{
+      "type":"structure",
+      "required":["updateDateTime"],
+      "members":{
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the scene was last updated.</p>"
+        }
+      }
+    },
+    "UpdateWorkspaceRequest":{
+      "type":"structure",
+      "required":["workspaceId"],
+      "members":{
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the workspace.</p>"
+        },
+        "role":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the execution role associated with the workspace.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>",
+          "location":"uri",
+          "locationName":"workspaceId"
+        }
+      }
+    },
+    "UpdateWorkspaceResponse":{
+      "type":"structure",
+      "required":["updateDateTime"],
+      "members":{
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time of the current update.</p>"
+        }
+      }
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>Failed</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Value":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z_\\-0-9]+"
+    },
+    "Values":{
+      "type":"list",
+      "member":{"shape":"PropertyValue"}
+    },
+    "WorkspaceSummaries":{
+      "type":"list",
+      "member":{"shape":"WorkspaceSummary"}
+    },
+    "WorkspaceSummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "creationDateTime",
+        "updateDateTime",
+        "workspaceId"
+      ],
+      "members":{
+        "arn":{
+          "shape":"TwinMakerArn",
+          "documentation":"<p>The ARN of the workspace.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the workspace was created.</p>"
+        },
+        "description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the workspace.</p>"
+        },
+        "updateDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time when the workspace was last updated.</p>"
+        },
+        "workspaceId":{
+          "shape":"Id",
+          "documentation":"<p>The ID of the workspace.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains information about a workspace.</p>"
+    }
+  },
+  "documentation":"<important> <p> TwinMaker is in public preview and is subject to change. </p> </important> <p>IoT TwinMaker is a service that enables you to build operational digital twins of physical systems. IoT TwinMaker overlays measurements and analysis from real-world sensors, cameras, and enterprise applications so you can create data visualizations to monitor your physical factory, building, or industrial plant. You can use this real-world data to monitor operations and diagnose and repair errors.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/waiters-2.json b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/waiters-2.json
new file mode 100644
index 00000000000..13f60ee66be
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/iottwinmaker/2021-11-29/waiters-2.json
@@ -0,0 +1,5 @@
+{
+  "version": 2,
+  "waiters": {
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/iotwireless/2020-11-22/service-2.json b/contrib/python/botocore/py3/botocore/data/iotwireless/2020-11-22/service-2.json
index 9772fcb712d..d1eb7789005 100644
--- a/contrib/python/botocore/py3/botocore/data/iotwireless/2020-11-22/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/iotwireless/2020-11-22/service-2.json
@@ -404,6 +404,24 @@
       ],
       "documentation":"<p>Deletes a multicast group if it is not in use by a fuota task.</p>"
     },
+    "DeleteQueuedMessages":{
+      "name":"DeleteQueuedMessages",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/wireless-devices/{Id}/data",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteQueuedMessagesRequest"},
+      "output":{"shape":"DeleteQueuedMessagesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p> The operation to delete queued messages. </p>"
+    },
     "DeleteServiceProfile":{
       "name":"DeleteServiceProfile",
       "http":{
@@ -726,6 +744,24 @@
       ],
       "documentation":"<p>Gets information about a multicast group session.</p>"
     },
+    "GetNetworkAnalyzerConfiguration":{
+      "name":"GetNetworkAnalyzerConfiguration",
+      "http":{
+        "method":"GET",
+        "requestUri":"/network-analyzer-configurations/{ConfigurationName}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetNetworkAnalyzerConfigurationRequest"},
+      "output":{"shape":"GetNetworkAnalyzerConfigurationResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Get NetworkAnalyzer configuration.</p>"
+    },
     "GetPartnerAccount":{
       "name":"GetPartnerAccount",
       "http":{
@@ -1045,6 +1081,23 @@
       ],
       "documentation":"<p>Lists the partner accounts associated with your AWS account.</p>"
     },
+    "ListQueuedMessages":{
+      "name":"ListQueuedMessages",
+      "http":{
+        "method":"GET",
+        "requestUri":"/wireless-devices/{Id}/data"
+      },
+      "input":{"shape":"ListQueuedMessagesRequest"},
+      "output":{"shape":"ListQueuedMessagesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>The operation to list queued messages. </p>"
+    },
     "ListServiceProfiles":{
       "name":"ListServiceProfiles",
       "http":{
@@ -1419,6 +1472,24 @@
       ],
       "documentation":"<p>Updates properties of a multicast group session.</p>"
     },
+    "UpdateNetworkAnalyzerConfiguration":{
+      "name":"UpdateNetworkAnalyzerConfiguration",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/network-analyzer-configurations/{ConfigurationName}",
+        "responseCode":204
+      },
+      "input":{"shape":"UpdateNetworkAnalyzerConfigurationRequest"},
+      "output":{"shape":"UpdateNetworkAnalyzerConfigurationResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Update NetworkAnalyzer configuration.</p>"
+    },
     "UpdatePartnerAccount":{
       "name":"UpdatePartnerAccount",
       "http":{
@@ -2242,6 +2313,38 @@
       "members":{
       }
     },
+    "DeleteQueuedMessagesRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "MessageId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"WirelessDeviceId",
+          "documentation":"<p>Id of a given wireless device which messages will be deleted </p>",
+          "location":"uri",
+          "locationName":"Id"
+        },
+        "MessageId":{
+          "shape":"MessageId",
+          "documentation":"<p>if messageID==\"*\", the queue for a particular wireless deviceId will be purged, otherwise, the specific message with messageId will be deleted </p>",
+          "location":"querystring",
+          "locationName":"messageId"
+        },
+        "WirelessDeviceType":{
+          "shape":"WirelessDeviceType",
+          "documentation":"<p>The wireless device type, it is either Sidewalk or LoRaWAN. </p>",
+          "location":"querystring",
+          "locationName":"WirelessDeviceType"
+        }
+      }
+    },
+    "DeleteQueuedMessagesResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteServiceProfileRequest":{
       "type":"structure",
       "required":["Id"],
@@ -2626,6 +2729,29 @@
       "max":256
     },
     "Double":{"type":"double"},
+    "DownlinkQueueMessage":{
+      "type":"structure",
+      "members":{
+        "MessageId":{
+          "shape":"MessageId",
+          "documentation":"<p> The messageId allocated by IoT Wireless for tracing purpose</p>"
+        },
+        "TransmitMode":{
+          "shape":"TransmitMode",
+          "documentation":"<p>The transmit mode to use to send data to the wireless device. Can be: <code>0</code> for UM (unacknowledge mode) or <code>1</code> for AM (acknowledge mode).</p>"
+        },
+        "ReceivedAt":{
+          "shape":"ISODateTimeString",
+          "documentation":"<p>The timestamp that Iot Wireless received the message.</p>"
+        },
+        "LoRaWAN":{"shape":"LoRaWANSendDataToDevice"}
+      },
+      "documentation":"<p>The message in downlink queue.</p>"
+    },
+    "DownlinkQueueMessagesList":{
+      "type":"list",
+      "member":{"shape":"DownlinkQueueMessage"}
+    },
     "DrMax":{
       "type":"integer",
       "max":15,
@@ -2935,6 +3061,31 @@
         "LoRaWAN":{"shape":"LoRaWANMulticastSession"}
       }
     },
+    "GetNetworkAnalyzerConfigurationRequest":{
+      "type":"structure",
+      "required":["ConfigurationName"],
+      "members":{
+        "ConfigurationName":{
+          "shape":"NetworkAnalyzerConfigurationName",
+          "location":"uri",
+          "locationName":"ConfigurationName"
+        }
+      }
+    },
+    "GetNetworkAnalyzerConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "TraceContent":{"shape":"TraceContent"},
+        "WirelessDevices":{
+          "shape":"WirelessDeviceList",
+          "documentation":"<p>List of WirelessDevices in the NetworkAnalyzerConfiguration.</p>"
+        },
+        "WirelessGateways":{
+          "shape":"WirelessGatewayList",
+          "documentation":"<p>List of WirelessGateways in the NetworkAnalyzerConfiguration.</p>"
+        }
+      }
+    },
     "GetPartnerAccountRequest":{
       "type":"structure",
       "required":[
@@ -3614,6 +3765,49 @@
         }
       }
     },
+    "ListQueuedMessagesRequest":{
+      "type":"structure",
+      "required":["Id"],
+      "members":{
+        "Id":{
+          "shape":"WirelessDeviceId",
+          "documentation":"<p>Id of a given wireless device which the downlink packets are targeted </p>",
+          "location":"uri",
+          "locationName":"Id"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>To retrieve the next set of results, the <code>nextToken</code> value from a previous response; otherwise <b>null</b> to receive the first set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return in this operation.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "WirelessDeviceType":{
+          "shape":"WirelessDeviceType",
+          "documentation":"<p>The wireless device type, it is either Sidewalk or LoRaWAN.</p>",
+          "location":"querystring",
+          "locationName":"WirelessDeviceType"
+        }
+      }
+    },
+    "ListQueuedMessagesResponse":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>To retrieve the next set of results, the <code>nextToken</code> value from a previous response; otherwise <b>null</b> to receive the first set of results.</p>"
+        },
+        "DownlinkQueueMessagesList":{
+          "shape":"DownlinkQueueMessagesList",
+          "documentation":"<p>The messages in downlink queue.</p>"
+        }
+      }
+    },
     "ListServiceProfilesRequest":{
       "type":"structure",
       "members":{
@@ -4359,6 +4553,13 @@
       "max":10,
       "min":0
     },
+    "NetworkAnalyzerConfigurationName":{
+      "type":"string",
+      "documentation":"<p>NetworkAnalyzer configuration name.</p>",
+      "max":1024,
+      "min":1,
+      "pattern":"NetworkAnalyzerConfig_Default"
+    },
     "NextToken":{
       "type":"string",
       "max":4096
@@ -5119,6 +5320,14 @@
       "error":{"httpStatusCode":400},
       "exception":true
     },
+    "TraceContent":{
+      "type":"structure",
+      "members":{
+        "WirelessDeviceFrameInfo":{"shape":"WirelessDeviceFrameInfo"},
+        "LogLevel":{"shape":"LogLevel"}
+      },
+      "documentation":"<p>Trace Content for resources.</p>"
+    },
     "TransmitMode":{
       "type":"integer",
       "max":1,
@@ -5255,6 +5464,39 @@
       "members":{
       }
     },
+    "UpdateNetworkAnalyzerConfigurationRequest":{
+      "type":"structure",
+      "required":["ConfigurationName"],
+      "members":{
+        "ConfigurationName":{
+          "shape":"NetworkAnalyzerConfigurationName",
+          "location":"uri",
+          "locationName":"ConfigurationName"
+        },
+        "TraceContent":{"shape":"TraceContent"},
+        "WirelessDevicesToAdd":{
+          "shape":"WirelessDeviceList",
+          "documentation":"<p>WirelessDevices to add into NetworkAnalyzerConfiguration.</p>"
+        },
+        "WirelessDevicesToRemove":{
+          "shape":"WirelessDeviceList",
+          "documentation":"<p>WirelessDevices to remove from NetworkAnalyzerConfiguration.</p>"
+        },
+        "WirelessGatewaysToAdd":{
+          "shape":"WirelessGatewayList",
+          "documentation":"<p>WirelessGateways to add into NetworkAnalyzerConfiguration.</p>"
+        },
+        "WirelessGatewaysToRemove":{
+          "shape":"WirelessGatewayList",
+          "documentation":"<p>WirelessGateways to remove from NetworkAnalyzerConfiguration.</p>"
+        }
+      }
+    },
+    "UpdateNetworkAnalyzerConfigurationResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdatePartnerAccountRequest":{
       "type":"structure",
       "required":[
@@ -5465,6 +5707,14 @@
       "member":{"shape":"WirelessDeviceEventLogOption"},
       "documentation":"<p>The list of wireless device event log options.</p>"
     },
+    "WirelessDeviceFrameInfo":{
+      "type":"string",
+      "documentation":"<p>WirelessDevice FrameInfo for trace content.</p>",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "WirelessDeviceId":{
       "type":"string",
       "documentation":"<p>The ID of the wireless device.</p>",
@@ -5479,6 +5729,12 @@
         "SidewalkManufacturingSn"
       ]
     },
+    "WirelessDeviceList":{
+      "type":"list",
+      "member":{"shape":"WirelessDeviceId"},
+      "max":250,
+      "min":0
+    },
     "WirelessDeviceLogOption":{
       "type":"structure",
       "required":[
@@ -5597,6 +5853,10 @@
         "ThingName"
       ]
     },
+    "WirelessGatewayList":{
+      "type":"list",
+      "member":{"shape":"WirelessGatewayId"}
+    },
     "WirelessGatewayLogOption":{
       "type":"structure",
       "required":[
@@ -5710,5 +5970,5 @@
       "documentation":"<p>WirelessMetadata object.</p>"
     }
   },
-  "documentation":"<p>AWS IoT Wireless API documentation</p>"
+  "documentation":"<p>AWS IoT Wireless provides bi-directional communication between internet-connected wireless devices and the AWS Cloud. To onboard both LoRaWAN and Sidewalk devices to AWS IoT, use the IoT Wireless API. These wireless devices use the Low Power Wide Area Networking (LPWAN) communication protocol to communicate with AWS IoT.</p> <p>Using the API, you can perform create, read, update, and delete operations for your wireless devices, gateways, destinations, and profiles. After onboarding your devices, you can use the API operations to set log levels and monitor your devices with CloudWatch.</p> <p>You can also use the API operations to create multicast groups and schedule a multicast session for sending a downlink message to devices in the group. By using Firmware Updates Over-The-Air (FUOTA) API operations, you can create a FUOTA task and schedule a session to update the firmware of individual devices or an entire group of devices in a multicast group.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/ivs/2020-07-14/service-2.json b/contrib/python/botocore/py3/botocore/data/ivs/2020-07-14/service-2.json
index a3ea62f9545..af0740f93ca 100644
--- a/contrib/python/botocore/py3/botocore/data/ivs/2020-07-14/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ivs/2020-07-14/service-2.json
@@ -239,6 +239,22 @@
       ],
       "documentation":"<p>Gets stream-key information for a specified ARN.</p>"
     },
+    "GetStreamSession":{
+      "name":"GetStreamSession",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetStreamSession",
+        "responseCode":200
+      },
+      "input":{"shape":"GetStreamSessionRequest"},
+      "output":{"shape":"GetStreamSessionResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets metadata on a specified stream.</p>"
+    },
     "ImportPlaybackKeyPair":{
       "name":"ImportPlaybackKeyPair",
       "http":{
@@ -320,6 +336,22 @@
       ],
       "documentation":"<p>Gets summary information about stream keys for the specified channel.</p>"
     },
+    "ListStreamSessions":{
+      "name":"ListStreamSessions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ListStreamSessions",
+        "responseCode":200
+      },
+      "input":{"shape":"ListStreamSessionsRequest"},
+      "output":{"shape":"ListStreamSessionsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets a summary of current and previous streams for a specified channel in your account, in the AWS region where the API request is processed.</p>"
+    },
     "ListStreams":{
       "name":"ListStreams",
       "http":{
@@ -330,7 +362,8 @@
       "input":{"shape":"ListStreamsRequest"},
       "output":{"shape":"ListStreamsResponse"},
       "errors":[
-        {"shape":"AccessDeniedException"}
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"}
       ],
       "documentation":"<p>Gets summary information about live streams in your account, in the Amazon Web Services region where the API request is processed.</p>"
     },
@@ -453,6 +486,28 @@
       },
       "exception":true
     },
+    "AudioConfiguration":{
+      "type":"structure",
+      "members":{
+        "channels":{
+          "shape":"Integer",
+          "documentation":"<p>Number of audio channels.</p>"
+        },
+        "codec":{
+          "shape":"String",
+          "documentation":"<p>Codec used for the audio encoding.</p>"
+        },
+        "sampleRate":{
+          "shape":"Integer",
+          "documentation":"<p>Number of audio samples recorded per second.</p>"
+        },
+        "targetBitrate":{
+          "shape":"Integer",
+          "documentation":"<p>The expected ingest bitrate (bits per second). This is configured in the encoder.</p>"
+        }
+      },
+      "documentation":"<p>Object specifying a stream’s audio configuration.</p>"
+    },
     "BatchError":{
       "type":"structure",
       "members":{
@@ -727,6 +782,10 @@
         "tags":{
           "shape":"Tags",
           "documentation":"<p>Array of 1-50 maps, each of the form <code>string:string (key:value)</code>.</p>"
+        },
+        "thumbnailConfiguration":{
+          "shape":"ThumbnailConfiguration",
+          "documentation":"<p>A complex type that allows you to enable/disable the recording of thumbnails for a live session and modify the interval at which thumbnails are generated for the live session.</p>"
         }
       }
     },
@@ -912,6 +971,29 @@
         }
       }
     },
+    "GetStreamSessionRequest":{
+      "type":"structure",
+      "required":["channelArn"],
+      "members":{
+        "channelArn":{
+          "shape":"ChannelArn",
+          "documentation":"<p>ARN of the channel resource</p>"
+        },
+        "streamId":{
+          "shape":"StreamId",
+          "documentation":"<p>Unique identifier for a live or previously live stream in the specified channel. If no <code>streamId</code> is provided, this returns the most recent stream session for the channel, if it exists.</p>"
+        }
+      }
+    },
+    "GetStreamSessionResponse":{
+      "type":"structure",
+      "members":{
+        "streamSession":{
+          "shape":"StreamSession",
+          "documentation":"<p>List of stream details.</p>"
+        }
+      }
+    },
     "ImportPlaybackKeyPairRequest":{
       "type":"structure",
       "required":["publicKeyMaterial"],
@@ -939,7 +1021,22 @@
         }
       }
     },
+    "IngestConfiguration":{
+      "type":"structure",
+      "members":{
+        "audio":{
+          "shape":"AudioConfiguration",
+          "documentation":"<p>Encoder settings for audio.</p>"
+        },
+        "video":{
+          "shape":"VideoConfiguration",
+          "documentation":"<p>Encoder settings for video.</p>"
+        }
+      },
+      "documentation":"<p>Object specifying the ingest configuration set up by the broadcaster, usually in an encoder.</p>"
+    },
     "IngestEndpoint":{"type":"string"},
+    "Integer":{"type":"long"},
     "InternalServerException":{
       "type":"structure",
       "members":{
@@ -1075,9 +1172,45 @@
         }
       }
     },
+    "ListStreamSessionsRequest":{
+      "type":"structure",
+      "required":["channelArn"],
+      "members":{
+        "channelArn":{
+          "shape":"ChannelArn",
+          "documentation":"<p>Channel ARN used to filter the list.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxStreamResults",
+          "documentation":"<p>Maximum number of streams to return. Default: 50.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The first stream to retrieve. This is used for pagination; see the <code>nextToken</code> response field.</p>"
+        }
+      }
+    },
+    "ListStreamSessionsResponse":{
+      "type":"structure",
+      "required":["streamSessions"],
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>If there are more streams than <code>maxResults</code>, use <code>nextToken</code> in the request to get the next set.</p>"
+        },
+        "streamSessions":{
+          "shape":"StreamSessionList",
+          "documentation":"<p>List of stream sessions.</p>"
+        }
+      }
+    },
     "ListStreamsRequest":{
       "type":"structure",
       "members":{
+        "filterBy":{
+          "shape":"StreamFilters",
+          "documentation":"<p>Filters the stream list to match the specified criterion.</p>"
+        },
         "maxResults":{
           "shape":"MaxStreamResults",
           "documentation":"<p>Maximum number of streams to return. Default: 50.</p>"
@@ -1272,6 +1405,10 @@
         "tags":{
           "shape":"Tags",
           "documentation":"<p>Array of 1-50 maps, each of the form <code>string:string (key:value)</code>.</p>"
+        },
+        "thumbnailConfiguration":{
+          "shape":"ThumbnailConfiguration",
+          "documentation":"<p>A complex type that allows you to enable/disable the recording of thumbnails for a live session and modify the interval at which thumbnails are generated for the live session.</p>"
         }
       },
       "documentation":"<p>An object representing a configuration to record a channel stream.</p>"
@@ -1331,6 +1468,13 @@
       },
       "documentation":"<p>Summary information about a RecordingConfiguration.</p>"
     },
+    "RecordingMode":{
+      "type":"string",
+      "enum":[
+        "DISABLED",
+        "INTERVAL"
+      ]
+    },
     "ResourceArn":{
       "type":"string",
       "max":128,
@@ -1422,6 +1566,10 @@
           "shape":"StreamState",
           "documentation":"<p>The stream’s state.</p>"
         },
+        "streamId":{
+          "shape":"StreamId",
+          "documentation":"<p>Unique identifier for a live or previously live stream in the specified channel.</p>"
+        },
         "viewerCount":{
           "shape":"StreamViewerCount",
           "documentation":"<p>A count of concurrent views of the stream. Typically, a new view appears in <code>viewerCount</code> within 15 seconds of when video playback starts and a view is removed from <code>viewerCount</code> within 1 minute of when video playback ends. A value of -1 indicates that the request timed out; in this case, retry.</p>"
@@ -1429,6 +1577,40 @@
       },
       "documentation":"<p>Specifies a live video stream that has been ingested and distributed.</p>"
     },
+    "StreamEvent":{
+      "type":"structure",
+      "members":{
+        "eventTime":{
+          "shape":"Time",
+          "documentation":"<p>UTC ISO-8601 formatted timestamp of when the event occurred.</p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p>Name that identifies the stream event within a <code>type</code>.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>Logical group for certain events.</p>"
+        }
+      },
+      "documentation":"<p>Object specifying a stream’s events. For a list of events, see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/eventbridge.html\">Using Amazon EventBridge with Amazon IVS</a>.</p>"
+    },
+    "StreamEvents":{
+      "type":"list",
+      "member":{"shape":"StreamEvent"},
+      "max":500,
+      "min":0
+    },
+    "StreamFilters":{
+      "type":"structure",
+      "members":{
+        "health":{
+          "shape":"StreamHealth",
+          "documentation":"<p>The stream’s health.</p>"
+        }
+      },
+      "documentation":"<p>Object specifying the stream attribute on which to filter.</p>"
+    },
     "StreamHealth":{
       "type":"string",
       "enum":[
@@ -1437,6 +1619,12 @@
         "UNKNOWN"
       ]
     },
+    "StreamId":{
+      "type":"string",
+      "max":26,
+      "min":26,
+      "pattern":"^st-[a-zA-Z0-9]+$"
+    },
     "StreamKey":{
       "type":"structure",
       "members":{
@@ -1510,6 +1698,66 @@
       "min":1,
       "sensitive":true
     },
+    "StreamSession":{
+      "type":"structure",
+      "members":{
+        "channel":{
+          "shape":"Channel",
+          "documentation":"<p>The properties of the channel at the time of going live.</p>"
+        },
+        "endTime":{
+          "shape":"Time",
+          "documentation":"<p>UTC ISO-8601 formatted timestamp of when the channel went offline. For live streams, this is <code>NULL</code>.</p>"
+        },
+        "ingestConfiguration":{
+          "shape":"IngestConfiguration",
+          "documentation":"<p>The properties of the incoming RTMP stream for the stream.</p>"
+        },
+        "recordingConfiguration":{
+          "shape":"RecordingConfiguration",
+          "documentation":"<p>The properties of recording the live stream.</p>"
+        },
+        "startTime":{
+          "shape":"Time",
+          "documentation":"<p>UTC ISO-8601 formatted timestamp of when the channel went live.</p>"
+        },
+        "streamId":{
+          "shape":"StreamId",
+          "documentation":"<p>Unique identifier for a live or previously live stream in the specified channel.</p>"
+        },
+        "truncatedEvents":{
+          "shape":"StreamEvents",
+          "documentation":"<p>List of Amazon IVS events that the stream encountered. The list is sorted by most recent events and contains up to 500 events. For Amazon IVS events, see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/eventbridge.html\">Using Amazon EventBridge with Amazon IVS</a>.</p>"
+        }
+      },
+      "documentation":"<p>Object that captures the Amazon IVS configuration that the customer provisioned, the ingest configurations that the broadcaster used, and the most recent Amazon IVS stream events it encountered.</p>"
+    },
+    "StreamSessionList":{
+      "type":"list",
+      "member":{"shape":"StreamSessionSummary"}
+    },
+    "StreamSessionSummary":{
+      "type":"structure",
+      "members":{
+        "endTime":{
+          "shape":"Time",
+          "documentation":"<p>UTC ISO-8601 formatted timestamp of when the channel went offline. For live streams, this is <code>NULL</code>.</p>"
+        },
+        "hasErrorEvent":{
+          "shape":"Boolean",
+          "documentation":"<p>If <code>true</code>, this stream encountered a quota breach or failure.</p>"
+        },
+        "startTime":{
+          "shape":"Time",
+          "documentation":"<p>UTC ISO-8601 formatted timestamp of when the channel went live.</p>"
+        },
+        "streamId":{
+          "shape":"StreamId",
+          "documentation":"<p>Unique identifier for a live or previously live stream in the specified channel.</p>"
+        }
+      },
+      "documentation":"<p>Summary information about a stream session.</p>"
+    },
     "StreamStartTime":{
       "type":"timestamp",
       "timestampFormat":"iso8601"
@@ -1540,6 +1788,10 @@
           "shape":"StreamState",
           "documentation":"<p>The stream’s state.</p>"
         },
+        "streamId":{
+          "shape":"StreamId",
+          "documentation":"<p>Unique identifier for a live or previously live stream in the specified channel.</p>"
+        },
         "viewerCount":{
           "shape":"StreamViewerCount",
           "documentation":"<p>A count of concurrent views of the stream. Typically, a new view appears in <code>viewerCount</code> within 15 seconds of when video playback starts and a view is removed from <code>viewerCount</code> within 1 minute of when video playback ends. A value of -1 indicates that the request timed out; in this case, retry.</p>"
@@ -1561,6 +1813,7 @@
       "fault":true
     },
     "StreamViewerCount":{"type":"long"},
+    "String":{"type":"string"},
     "TagKey":{
       "type":"string",
       "max":128,
@@ -1608,6 +1861,11 @@
       "max":50,
       "min":0
     },
+    "TargetIntervalSeconds":{
+      "type":"long",
+      "max":60,
+      "min":5
+    },
     "ThrottlingException":{
       "type":"structure",
       "members":{
@@ -1623,6 +1881,24 @@
       },
       "exception":true
     },
+    "ThumbnailConfiguration":{
+      "type":"structure",
+      "members":{
+        "recordingMode":{
+          "shape":"RecordingMode",
+          "documentation":"<p>Thumbnail recording mode. Default: <code>INTERVAL</code>.</p>"
+        },
+        "targetIntervalSeconds":{
+          "shape":"TargetIntervalSeconds",
+          "documentation":"<p>The targeted thumbnail-generation interval in seconds. This is configurable (and required) only if <code>recordingMode</code> is <code>INTERVAL</code>. Default: 60.</p> <p> <b>Important:</b> Setting a value for <code>targetIntervalSeconds</code> does not guarantee that thumbnails are generated at the specified interval. For thumbnails to be generated at the <code>targetIntervalSeconds</code> interval, the <code>IDR/Keyframe</code> value for the input video must be less than the <code>targetIntervalSeconds</code> value. See <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/streaming-config.html\"> Amazon IVS Streaming Configuration</a> for information on setting <code>IDR/Keyframe</code> to the recommended value in video-encoder settings.</p>"
+        }
+      },
+      "documentation":"<p>An object representing a configuration of thumbnails for recorded video.</p>"
+    },
+    "Time":{
+      "type":"timestamp",
+      "timestampFormat":"iso8601"
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -1700,8 +1976,46 @@
       },
       "exception":true
     },
+    "VideoConfiguration":{
+      "type":"structure",
+      "members":{
+        "avcLevel":{
+          "shape":"String",
+          "documentation":"<p>Indicates the degree of required decoder performance for a profile. Normally this is set automatically by the encoder. For details, see the H.264 specification.</p>"
+        },
+        "avcProfile":{
+          "shape":"String",
+          "documentation":"<p>Indicates to the decoder the requirements for decoding the stream. For definitions of the valid values, see the H.264 specification.</p>"
+        },
+        "codec":{
+          "shape":"String",
+          "documentation":"<p>Codec used for the video encoding.</p>"
+        },
+        "encoder":{
+          "shape":"String",
+          "documentation":"<p>Software or hardware used to encode the video.</p>"
+        },
+        "targetBitrate":{
+          "shape":"Integer",
+          "documentation":"<p>The expected ingest bitrate (bits per second). This is configured in the encoder.</p>"
+        },
+        "targetFramerate":{
+          "shape":"Integer",
+          "documentation":"<p>The expected ingest framerate. This is configured in the encoder.</p>"
+        },
+        "videoHeight":{
+          "shape":"Integer",
+          "documentation":"<p>Video-resolution height in pixels.</p>"
+        },
+        "videoWidth":{
+          "shape":"Integer",
+          "documentation":"<p>Video-resolution width in pixels.</p>"
+        }
+      },
+      "documentation":"<p>Object specifying a stream’s video configuration.</p>"
+    },
     "errorCode":{"type":"string"},
     "errorMessage":{"type":"string"}
   },
-  "documentation":"<p> <b>Introduction</b> </p> <p>The Amazon Interactive Video Service (IVS) API is REST compatible, using a standard HTTP API and an Amazon Web Services EventBridge event stream for responses. JSON is used for both requests and responses, including errors.</p> <p>The API is an Amazon Web Services regional service. For a list of supported regions and Amazon IVS HTTPS service endpoints, see the <a href=\"https://docs.aws.amazon.com/general/latest/gr/ivs.html\">Amazon IVS page</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <i> <b>All API request parameters and URLs are case sensitive. </b> </i> </p> <p>For a summary of notable documentation changes in each release, see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/doc-history.html\"> Document History</a>.</p> <pre><code> &lt;p&gt; &lt;b&gt;Allowed Header Values&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt; &lt;b&gt;Accept:&lt;/b&gt; &lt;/code&gt; application/json&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt; &lt;b&gt;Accept-Encoding:&lt;/b&gt; &lt;/code&gt; gzip, deflate&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt; &lt;b&gt;Content-Type:&lt;/b&gt; &lt;/code&gt;application/json&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Resources&lt;/b&gt; &lt;/p&gt; &lt;p&gt;The following resources contain information about your IVS live stream (see &lt;a href=&quot;https://docs.aws.amazon.com/ivs/latest/userguide/getting-started.html&quot;&gt; Getting Started with Amazon IVS&lt;/a&gt;):&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;Channel — Stores configuration data related to your live stream. You first create a channel and then use the channel’s stream key to start your live stream. See the Channel endpoints for more information. &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Stream key — An identifier assigned by Amazon IVS when you create a channel, which is then used to authorize streaming. See the StreamKey endpoints for more information. &lt;i&gt; &lt;b&gt;Treat the stream key like a secret, since it allows anyone to stream to the channel.&lt;/b&gt; &lt;/i&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Playback key pair — Video playback may be restricted using playback-authorization tokens, which use public-key encryption. A playback key pair is the public-private pair of keys used to sign and validate the playback-authorization token. See the PlaybackKeyPair endpoints for more information.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Recording configuration — Stores configuration related to recording a live stream and where to store the recorded content. Multiple channels can reference the same recording configuration. See the Recording Configuration endpoints for more information.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Tagging&lt;/b&gt; &lt;/p&gt; &lt;p&gt;A &lt;i&gt;tag&lt;/i&gt; is a metadata label that you assign to an Amazon Web Services resource. A tag comprises a &lt;i&gt;key&lt;/i&gt; and a &lt;i&gt;value&lt;/i&gt;, both set by you. For example, you might set a tag as &lt;code&gt;topic:nature&lt;/code&gt; to label a particular video category. See &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services Resources&lt;/a&gt; for more information, including restrictions that apply to tags.&lt;/p&gt; &lt;p&gt;Tags can help you identify and organize your Amazon Web Services resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see &lt;a href=&quot;https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html&quot;&gt; Access Tags&lt;/a&gt;). &lt;/p&gt; &lt;p&gt;The Amazon IVS API has these tag-related endpoints: &lt;a&gt;TagResource&lt;/a&gt;, &lt;a&gt;UntagResource&lt;/a&gt;, and &lt;a&gt;ListTagsForResource&lt;/a&gt;. The following resources support tagging: Channels, Stream Keys, Playback Key Pairs, and Recording Configurations.&lt;/p&gt; &lt;p&gt;At most 50 tags can be applied to a resource. &lt;/p&gt; &lt;p&gt; &lt;b&gt;Authentication versus Authorization&lt;/b&gt; &lt;/p&gt; &lt;p&gt;Note the differences between these concepts:&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;i&gt;Authentication&lt;/i&gt; is about verifying identity. You need to be authenticated to sign Amazon IVS API requests.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;i&gt;Authorization&lt;/i&gt; is about granting permissions. You need to be authorized to view &lt;a href=&quot;https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html&quot;&gt;Amazon IVS private channels&lt;/a&gt;. (Private channels are channels that are enabled for &quot;playback authorization.&quot;)&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Authentication&lt;/b&gt; &lt;/p&gt; &lt;p&gt;All Amazon IVS API requests must be authenticated with a signature. The Amazon Web Services Command-Line Interface (CLI) and Amazon IVS Player SDKs take care of signing the underlying API calls for you. However, if your application calls the Amazon IVS API directly, it’s your responsibility to sign the requests.&lt;/p&gt; &lt;p&gt;You generate a signature using valid Amazon Web Services credentials that have permission to perform the requested action. For example, you must sign PutMetadata requests with a signature generated from an IAM user account that has the &lt;code&gt;ivs:PutMetadata&lt;/code&gt; permission.&lt;/p&gt; &lt;p&gt;For more information:&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;Authentication and generating signatures — See &lt;a href=&quot;https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html&quot;&gt;Authenticating Requests (Amazon Web Services Signature Version 4)&lt;/a&gt; in the &lt;i&gt;Amazon Web Services General Reference&lt;/i&gt;.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt;Managing Amazon IVS permissions — See &lt;a href=&quot;https://docs.aws.amazon.com/ivs/latest/userguide/security-iam.html&quot;&gt;Identity and Access Management&lt;/a&gt; on the Security page of the &lt;i&gt;Amazon IVS User Guide&lt;/i&gt;.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Channel Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;CreateChannel&lt;/a&gt; — Creates a new channel and an associated stream key to start streaming.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;GetChannel&lt;/a&gt; — Gets the channel configuration for the specified channel ARN (Amazon Resource Name).&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;BatchGetChannel&lt;/a&gt; — Performs &lt;a&gt;GetChannel&lt;/a&gt; on multiple ARNs simultaneously.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListChannels&lt;/a&gt; — Gets summary information about all channels in your account, in the Amazon Web Services region where the API request is processed. This list can be filtered to match a specified name or recording-configuration ARN. Filters are mutually exclusive and cannot be used together. If you try to use both filters, you will get an error (409 Conflict Exception).&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;UpdateChannel&lt;/a&gt; — Updates a channel's configuration. This does not affect an ongoing stream of this channel. You must stop and restart the stream for the changes to take effect.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;DeleteChannel&lt;/a&gt; — Deletes the specified channel.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;StreamKey Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;CreateStreamKey&lt;/a&gt; — Creates a stream key, used to initiate a stream, for the specified channel ARN.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;GetStreamKey&lt;/a&gt; — Gets stream key information for the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;BatchGetStreamKey&lt;/a&gt; — Performs &lt;a&gt;GetStreamKey&lt;/a&gt; on multiple ARNs simultaneously.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListStreamKeys&lt;/a&gt; — Gets summary information about stream keys for the specified channel.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;DeleteStreamKey&lt;/a&gt; — Deletes the stream key for the specified ARN, so it can no longer be used to stream.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Stream Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;GetStream&lt;/a&gt; — Gets information about the active (live) stream on a specified channel.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListStreams&lt;/a&gt; — Gets summary information about live streams in your account, in the Amazon Web Services region where the API request is processed.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;StopStream&lt;/a&gt; — Disconnects the incoming RTMPS stream for the specified channel. Can be used in conjunction with &lt;a&gt;DeleteStreamKey&lt;/a&gt; to prevent further streaming to a channel.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;PutMetadata&lt;/a&gt; — Inserts metadata into the active stream of the specified channel. At most 5 requests per second per channel are allowed, each with a maximum 1 KB payload. (If 5 TPS is not sufficient for your needs, we recommend batching your data into a single PutMetadata call.) At most 155 requests per second per account are allowed.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;PlaybackKeyPair Endpoints&lt;/b&gt; &lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html&quot;&gt;Setting Up Private Channels&lt;/a&gt; in the &lt;i&gt;Amazon IVS User Guide&lt;/i&gt;.&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ImportPlaybackKeyPair&lt;/a&gt; — Imports the public portion of a new key pair and returns its &lt;code&gt;arn&lt;/code&gt; and &lt;code&gt;fingerprint&lt;/code&gt;. The &lt;code&gt;privateKey&lt;/code&gt; can then be used to generate viewer authorization tokens, to grant viewers access to private channels (channels enabled for playback authorization).&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;GetPlaybackKeyPair&lt;/a&gt; — Gets a specified playback authorization key pair and returns the &lt;code&gt;arn&lt;/code&gt; and &lt;code&gt;fingerprint&lt;/code&gt;. The &lt;code&gt;privateKey&lt;/code&gt; held by the caller can be used to generate viewer authorization tokens, to grant viewers access to private channels.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListPlaybackKeyPairs&lt;/a&gt; — Gets summary information about playback key pairs.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;DeletePlaybackKeyPair&lt;/a&gt; — Deletes a specified authorization key pair. This invalidates future viewer tokens generated using the key pair’s &lt;code&gt;privateKey&lt;/code&gt;.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;RecordingConfiguration Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;CreateRecordingConfiguration&lt;/a&gt; — Creates a new recording configuration, used to enable recording to Amazon S3.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;GetRecordingConfiguration&lt;/a&gt; — Gets the recording-configuration metadata for the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListRecordingConfigurations&lt;/a&gt; — Gets summary information about all recording configurations in your account, in the Amazon Web Services region where the API request is processed.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;DeleteRecordingConfiguration&lt;/a&gt; — Deletes the recording configuration for the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Amazon Web Services Tags Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;TagResource&lt;/a&gt; — Adds or updates tags for the Amazon Web Services resource with the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;UntagResource&lt;/a&gt; — Removes tags from the resource with the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a&gt;ListTagsForResource&lt;/a&gt; — Gets information about Amazon Web Services tags for the specified ARN.&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; </code></pre>"
+  "documentation":"<p> <b>Introduction</b> </p> <p>The Amazon Interactive Video Service (IVS) API is REST compatible, using a standard HTTP API and an Amazon Web Services EventBridge event stream for responses. JSON is used for both requests and responses, including errors.</p> <p>The API is an Amazon Web Services regional service. For a list of supported regions and Amazon IVS HTTPS service endpoints, see the <a href=\"https://docs.aws.amazon.com/general/latest/gr/ivs.html\">Amazon IVS page</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <i> <b>All API request parameters and URLs are case sensitive. </b> </i> </p> <p>For a summary of notable documentation changes in each release, see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/doc-history.html\"> Document History</a>.</p> <p> <b>Allowed Header Values</b> </p> <ul> <li> <p> <code> <b>Accept:</b> </code> application/json</p> </li> <li> <p> <code> <b>Accept-Encoding:</b> </code> gzip, deflate</p> </li> <li> <p> <code> <b>Content-Type:</b> </code>application/json</p> </li> </ul> <p> <b>Resources</b> </p> <p>The following resources contain information about your IVS live stream (see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/getting-started.html\"> Getting Started with Amazon IVS</a>):</p> <ul> <li> <p>Channel — Stores configuration data related to your live stream. You first create a channel and then use the channel’s stream key to start your live stream. See the Channel endpoints for more information. </p> </li> <li> <p>Stream key — An identifier assigned by Amazon IVS when you create a channel, which is then used to authorize streaming. See the StreamKey endpoints for more information. <i> <b>Treat the stream key like a secret, since it allows anyone to stream to the channel.</b> </i> </p> </li> <li> <p>Playback key pair — Video playback may be restricted using playback-authorization tokens, which use public-key encryption. A playback key pair is the public-private pair of keys used to sign and validate the playback-authorization token. See the PlaybackKeyPair endpoints for more information.</p> </li> <li> <p>Recording configuration — Stores configuration related to recording a live stream and where to store the recorded content. Multiple channels can reference the same recording configuration. See the Recording Configuration endpoints for more information.</p> </li> </ul> <p> <b>Tagging</b> </p> <p>A <i>tag</i> is a metadata label that you assign to an Amazon Web Services resource. A tag comprises a <i>key</i> and a <i>value</i>, both set by you. For example, you might set a tag as <code>topic:nature</code> to label a particular video category. See <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services Resources</a> for more information, including restrictions that apply to tags.</p> <p>Tags can help you identify and organize your Amazon Web Services resources. For example, you can use the same tag for different resources to indicate that they are related. You can also use tags to manage access (see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html\"> Access Tags</a>). </p> <p>The Amazon IVS API has these tag-related endpoints: <a>TagResource</a>, <a>UntagResource</a>, and <a>ListTagsForResource</a>. The following resources support tagging: Channels, Stream Keys, Playback Key Pairs, and Recording Configurations.</p> <p>At most 50 tags can be applied to a resource. </p> <p> <b>Authentication versus Authorization</b> </p> <p>Note the differences between these concepts:</p> <ul> <li> <p> <i>Authentication</i> is about verifying identity. You need to be authenticated to sign Amazon IVS API requests.</p> </li> <li> <p> <i>Authorization</i> is about granting permissions. You need to be authorized to view <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html\">Amazon IVS private channels</a>. (Private channels are channels that are enabled for \"playback authorization.\")</p> </li> </ul> <p> <b>Authentication</b> </p> <p>All Amazon IVS API requests must be authenticated with a signature. The Amazon Web Services Command-Line Interface (CLI) and Amazon IVS Player SDKs take care of signing the underlying API calls for you. However, if your application calls the Amazon IVS API directly, it’s your responsibility to sign the requests.</p> <p>You generate a signature using valid Amazon Web Services credentials that have permission to perform the requested action. For example, you must sign PutMetadata requests with a signature generated from an IAM user account that has the <code>ivs:PutMetadata</code> permission.</p> <p>For more information:</p> <ul> <li> <p>Authentication and generating signatures — See <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html\">Authenticating Requests (Amazon Web Services Signature Version 4)</a> in the <i>Amazon Web Services General Reference</i>.</p> </li> <li> <p>Managing Amazon IVS permissions — See <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/security-iam.html\">Identity and Access Management</a> on the Security page of the <i>Amazon IVS User Guide</i>.</p> </li> </ul> <p> <b>Channel Endpoints</b> </p> <ul> <li> <p> <a>CreateChannel</a> — Creates a new channel and an associated stream key to start streaming.</p> </li> <li> <p> <a>GetChannel</a> — Gets the channel configuration for the specified channel ARN (Amazon Resource Name).</p> </li> <li> <p> <a>BatchGetChannel</a> — Performs <a>GetChannel</a> on multiple ARNs simultaneously.</p> </li> <li> <p> <a>ListChannels</a> — Gets summary information about all channels in your account, in the Amazon Web Services region where the API request is processed. This list can be filtered to match a specified name or recording-configuration ARN. Filters are mutually exclusive and cannot be used together. If you try to use both filters, you will get an error (409 Conflict Exception).</p> </li> <li> <p> <a>UpdateChannel</a> — Updates a channel's configuration. This does not affect an ongoing stream of this channel. You must stop and restart the stream for the changes to take effect.</p> </li> <li> <p> <a>DeleteChannel</a> — Deletes the specified channel.</p> </li> </ul> <p> <b>StreamKey Endpoints</b> </p> <ul> <li> <p> <a>CreateStreamKey</a> — Creates a stream key, used to initiate a stream, for the specified channel ARN.</p> </li> <li> <p> <a>GetStreamKey</a> — Gets stream key information for the specified ARN.</p> </li> <li> <p> <a>BatchGetStreamKey</a> — Performs <a>GetStreamKey</a> on multiple ARNs simultaneously.</p> </li> <li> <p> <a>ListStreamKeys</a> — Gets summary information about stream keys for the specified channel.</p> </li> <li> <p> <a>DeleteStreamKey</a> — Deletes the stream key for the specified ARN, so it can no longer be used to stream.</p> </li> </ul> <p> <b>Stream Endpoints</b> </p> <ul> <li> <p> <a>GetStream</a> — Gets information about the active (live) stream on a specified channel.</p> </li> <li> <p> <a>GetStreamSession</a> — Gets metadata on a specified stream.</p> </li> <li> <p> <a>ListStreams</a> — Gets summary information about live streams in your account, in the Amazon Web Services region where the API request is processed.</p> </li> <li> <p> <a>ListStreamSessions</a> — Gets a summary of current and previous streams for a specified channel in your account, in the AWS region where the API request is processed.</p> </li> <li> <p> <a>StopStream</a> — Disconnects the incoming RTMPS stream for the specified channel. Can be used in conjunction with <a>DeleteStreamKey</a> to prevent further streaming to a channel.</p> </li> <li> <p> <a>PutMetadata</a> — Inserts metadata into the active stream of the specified channel. At most 5 requests per second per channel are allowed, each with a maximum 1 KB payload. (If 5 TPS is not sufficient for your needs, we recommend batching your data into a single PutMetadata call.) At most 155 requests per second per account are allowed.</p> </li> </ul> <p> <b>PlaybackKeyPair Endpoints</b> </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html\">Setting Up Private Channels</a> in the <i>Amazon IVS User Guide</i>.</p> <ul> <li> <p> <a>ImportPlaybackKeyPair</a> — Imports the public portion of a new key pair and returns its <code>arn</code> and <code>fingerprint</code>. The <code>privateKey</code> can then be used to generate viewer authorization tokens, to grant viewers access to private channels (channels enabled for playback authorization).</p> </li> <li> <p> <a>GetPlaybackKeyPair</a> — Gets a specified playback authorization key pair and returns the <code>arn</code> and <code>fingerprint</code>. The <code>privateKey</code> held by the caller can be used to generate viewer authorization tokens, to grant viewers access to private channels.</p> </li> <li> <p> <a>ListPlaybackKeyPairs</a> — Gets summary information about playback key pairs.</p> </li> <li> <p> <a>DeletePlaybackKeyPair</a> — Deletes a specified authorization key pair. This invalidates future viewer tokens generated using the key pair’s <code>privateKey</code>.</p> </li> </ul> <p> <b>RecordingConfiguration Endpoints</b> </p> <ul> <li> <p> <a>CreateRecordingConfiguration</a> — Creates a new recording configuration, used to enable recording to Amazon S3.</p> </li> <li> <p> <a>GetRecordingConfiguration</a> — Gets the recording-configuration metadata for the specified ARN.</p> </li> <li> <p> <a>ListRecordingConfigurations</a> — Gets summary information about all recording configurations in your account, in the Amazon Web Services region where the API request is processed.</p> </li> <li> <p> <a>DeleteRecordingConfiguration</a> — Deletes the recording configuration for the specified ARN.</p> </li> </ul> <p> <b>Amazon Web Services Tags Endpoints</b> </p> <ul> <li> <p> <a>TagResource</a> — Adds or updates tags for the Amazon Web Services resource with the specified ARN.</p> </li> <li> <p> <a>UntagResource</a> — Removes tags from the resource with the specified ARN.</p> </li> <li> <p> <a>ListTagsForResource</a> — Gets information about Amazon Web Services tags for the specified ARN.</p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/paginators-1.json b/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/paginators-1.json
index b890941bb0d..e17d3e2289b 100644
--- a/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/paginators-1.json
@@ -41,6 +41,12 @@
       "output_token": "NextToken",
       "limit_key": "MaxResults",
       "result_key": "SecretArnList"
+    },
+    "ListClustersV2": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ClusterInfoList"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/service-2.json b/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/service-2.json
index e025de9ca92..9f929f44c5d 100644
--- a/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/kafka/2018-11-14/service-2.json
@@ -95,6 +95,51 @@
       ],
       "documentation": "\n            <p>Creates a new MSK cluster.</p>\n         "
     },
+    "CreateClusterV2": {
+      "name": "CreateClusterV2",
+      "http": {
+        "method": "POST",
+        "requestUri": "/api/v2/clusters",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "CreateClusterV2Request"
+      },
+      "output": {
+        "shape": "CreateClusterV2Response"
+      },
+      "errors": [
+        {
+          "shape": "BadRequestException",
+          "documentation": "\n            <p>The request isn't valid because the input is incorrect. Correct your input and then submit it again.</p>\n         "
+        },
+        {
+          "shape": "InternalServerErrorException",
+          "documentation": "\n            <p>There was an unexpected internal server error. Retrying your request might resolve the issue.</p>\n         "
+        },
+        {
+          "shape": "UnauthorizedException",
+          "documentation": "\n            <p>The request is not authorized. The provided credentials couldn't be validated.</p>\n         "
+        },
+        {
+          "shape": "ForbiddenException",
+          "documentation": "\n            <p>Access forbidden. Check your credentials and then retry your request.</p>\n         "
+        },
+        {
+          "shape": "ServiceUnavailableException",
+          "documentation": "\n            <p>503 response</p>\n         "
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "\n            <p>429 response</p>\n         "
+        },
+        {
+          "shape": "ConflictException",
+          "documentation": "\n            <p>This cluster name already exists. Retry your request using another name.</p>\n         "
+        }
+      ],
+      "documentation": "\n            <p>Creates a new MSK cluster.</p>\n         "
+    },
     "CreateConfiguration": {
       "name": "CreateConfiguration",
       "http": {
@@ -247,6 +292,44 @@
       ],
       "documentation": "\n            <p>Returns a description of the MSK cluster whose Amazon Resource Name (ARN) is specified in the request.</p>\n         "
     },
+    "DescribeClusterV2": {
+      "name": "DescribeClusterV2",
+      "http": {
+        "method": "GET",
+        "requestUri": "/api/v2/clusters/{clusterArn}",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "DescribeClusterV2Request"
+      },
+      "output": {
+        "shape": "DescribeClusterV2Response",
+        "documentation": "\n            <p>Successful response.</p>\n         "
+      },
+      "errors": [
+        {
+          "shape": "NotFoundException",
+          "documentation": "\n            <p>The resource could not be found due to incorrect input. Correct the input, then retry the request.</p>\n         "
+        },
+        {
+          "shape": "BadRequestException",
+          "documentation": "\n            <p>The request isn't valid because the input is incorrect. Correct your input and then submit it again.</p>\n         "
+        },
+        {
+          "shape": "UnauthorizedException",
+          "documentation": "\n            <p>The request is not authorized. The provided credentials couldn't be validated.</p>\n         "
+        },
+        {
+          "shape": "InternalServerErrorException",
+          "documentation": "\n            <p>There was an unexpected internal server error. Retrying your request might resolve the issue.</p>\n         "
+        },
+        {
+          "shape": "ForbiddenException",
+          "documentation": "\n            <p>Access forbidden. Check your credentials and then retry your request.</p>\n         "
+        }
+      ],
+      "documentation": "\n            <p>Returns a description of the MSK cluster whose Amazon Resource Name (ARN) is specified in the request.</p>\n         "
+    },
     "DescribeClusterOperation": {
       "name": "DescribeClusterOperation",
       "http": {
@@ -560,6 +643,40 @@
       ],
       "documentation": "\n            <p>Returns a list of all the MSK clusters in the current Region.</p>\n         "
     },
+    "ListClustersV2": {
+      "name": "ListClustersV2",
+      "http": {
+        "method": "GET",
+        "requestUri": "/api/v2/clusters",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "ListClustersV2Request"
+      },
+      "output": {
+        "shape": "ListClustersV2Response",
+        "documentation": "\n            <p>Successful response.</p>\n         "
+      },
+      "errors": [
+        {
+          "shape": "BadRequestException",
+          "documentation": "\n            <p>The request isn't valid because the input is incorrect. Correct your input and then submit it again.</p>\n         "
+        },
+        {
+          "shape": "InternalServerErrorException",
+          "documentation": "\n            <p>There was an unexpected internal server error. Retrying your request might resolve the issue.</p>\n         "
+        },
+        {
+          "shape": "UnauthorizedException",
+          "documentation": "\n            <p>The request is not authorized. The provided credentials couldn't be validated.</p>\n         "
+        },
+        {
+          "shape": "ForbiddenException",
+          "documentation": "\n            <p>Access forbidden. Check your credentials and then retry your request.</p>\n         "
+        }
+      ],
+      "documentation": "\n            <p>Returns a list of all the MSK clusters in the current Region.</p>\n         "
+    },
     "ListConfigurationRevisions": {
       "name": "ListConfigurationRevisions",
       "http": {
@@ -671,7 +788,7 @@
           "documentation": "\n            <p>Access forbidden. Check your credentials and then retry your request.</p>\n         "
         }
       ],
-      "documentation": "\n            <p>Returns a list of Kafka versions.</p>\n         "
+      "documentation": "\n            <p>Returns a list of Apache Kafka versions.</p>\n         "
     },
     "ListNodes": {
       "name": "ListNodes",
@@ -1037,6 +1154,48 @@
       ],
       "documentation": "\n            <p>Updates an MSK configuration.</p>\n         "
     },
+    "UpdateConnectivity" : {
+      "name" : "UpdateConnectivity",
+      "http" : {
+        "method" : "PUT",
+        "requestUri" : "/v1/clusters/{clusterArn}/connectivity",
+        "responseCode" : 200
+      },
+      "input" : {
+        "shape" : "UpdateConnectivityRequest"
+      },
+      "output" : {
+        "shape" : "UpdateConnectivityResponse",
+        "documentation": "\n            <p>Successful response.</p>\n         "
+      },
+      "errors": [
+        {
+          "shape": "BadRequestException",
+          "documentation": "\n            <p>The request isn't valid because the input is incorrect. Correct your input and then submit it again.</p>\n         "
+        },
+        {
+          "shape": "UnauthorizedException",
+          "documentation": "\n            <p>The request is not authorized. The provided credentials couldn't be validated.</p>\n         "
+        },
+        {
+          "shape": "InternalServerErrorException",
+          "documentation": "\n            <p>There was an unexpected internal server error. Retrying your request might resolve the issue.</p>\n         "
+        },
+        {
+          "shape": "ForbiddenException",
+          "documentation": "\n            <p>Access forbidden. Check your credentials and then retry your request.</p>\n         "
+        },
+        {
+          "shape": "NotFoundException",
+          "documentation": "\n            <p>The resource could not be found due to incorrect input. Correct the input, then retry the request.</p>\n         "
+        },
+        {
+          "shape": "ServiceUnavailableException",
+          "documentation": "\n            <p>503 response</p>\n         "
+        }
+      ],
+      "documentation" : "\n            <p>Updates the cluster's connectivity configuration.</p>\n         "
+    },
     "UpdateClusterConfiguration": {
       "name": "UpdateClusterConfiguration",
       "http": {
@@ -1264,6 +1423,11 @@
           "locationName": "kafkaBrokerNodeId",
           "documentation": "\n            <p>The ID of the broker to update.</p>\n         "
         },
+        "ProvisionedThroughput" : {
+          "shape" : "ProvisionedThroughput",
+          "locationName" : "provisionedThroughput",
+          "documentation" : "EBS volume provisioned throughput information."
+        },
         "VolumeSizeGB": {
           "shape": "__integer",
           "locationName": "volumeSizeGB",
@@ -1272,7 +1436,6 @@
       },
       "documentation": "\n            <p>Specifies the EBS volume upgrade information. The broker identifier must be set to the keyword ALL. This means the changes apply to all the brokers in the cluster.</p>\n         ",
       "required": [
-        "VolumeSizeGB",
         "KafkaBrokerNodeId"
       ]
     },
@@ -1309,7 +1472,7 @@
         "InstanceType": {
           "shape": "__stringMin5Max32",
           "locationName": "instanceType",
-          "documentation": "\n            <p>The type of Amazon EC2 instances to use for Kafka brokers. The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge,\nkafka.m5.4xlarge, kafka.m5.12xlarge, and kafka.m5.24xlarge.</p>\n         "
+          "documentation": "\n            <p>The type of Amazon EC2 instances to use for Apache Kafka brokers. The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge,\nkafka.m5.4xlarge, kafka.m5.12xlarge, and kafka.m5.24xlarge.</p>\n         "
         },
         "SecurityGroups": {
           "shape": "__listOf__string",
@@ -1320,9 +1483,14 @@
           "shape": "StorageInfo",
           "locationName": "storageInfo",
           "documentation": "\n            <p>Contains information about storage volumes attached to MSK broker nodes.</p>\n         "
+        },
+        "ConnectivityInfo" : {
+          "shape" : "ConnectivityInfo",
+          "locationName" : "connectivityInfo",
+          "documentation" : "\n            <p>Information about the broker access configuration.</p>\n         "
         }
       },
-      "documentation": "\n            <p>Describes the setup to be used for Kafka broker nodes in the cluster.</p>\n         ",
+      "documentation": "\n            <p>Describes the setup to be used for Apache Kafka broker nodes in the cluster.</p>\n         ",
       "required": [
         "ClientSubnets",
         "InstanceType"
@@ -1354,7 +1522,7 @@
         "CurrentBrokerSoftwareInfo": {
           "shape": "BrokerSoftwareInfo",
           "locationName": "currentBrokerSoftwareInfo",
-          "documentation": "\n            <p>Information about the version of software currently deployed on the Kafka brokers in the cluster.</p>\n         "
+          "documentation": "\n            <p>Information about the version of software currently deployed on the Apache Kafka brokers in the cluster.</p>\n         "
         },
         "Endpoints": {
           "shape": "__listOf__string",
@@ -1406,6 +1574,17 @@
       },
       "documentation" : "\n            <p>Includes all client authentication information.</p>\n         "
     },
+    "ServerlessClientAuthentication" : {
+      "type" : "structure",
+      "members" : {
+        "Sasl" : {
+          "shape" : "ServerlessSasl",
+          "locationName" : "sasl",
+          "documentation" : "\n            <p>Details for ClientAuthentication using SASL.</p>\n         "
+        }
+      },
+      "documentation" : "\n            <p>Includes all client authentication information.</p>\n         "
+    },
     "ClientBroker": {
       "type": "string",
       "documentation": "\n            <p>Client-broker encryption in transit setting.</p>\n         ",
@@ -1465,7 +1644,7 @@
         "CurrentBrokerSoftwareInfo": {
           "shape": "BrokerSoftwareInfo",
           "locationName": "currentBrokerSoftwareInfo",
-          "documentation": "\n            <p>Information about the version of software currently deployed on the Kafka brokers in the cluster.</p>\n         "
+          "documentation": "\n            <p>Information about the version of software currently deployed on the Apache Kafka brokers in the cluster.</p>\n         "
         },
         "CurrentVersion": {
           "shape": "__string",
@@ -1523,6 +1702,67 @@
       },
       "documentation": "\n            <p>Returns information about a cluster.</p>\n         "
     },
+    "Cluster": {
+      "type": "structure",
+      "members": {
+        "ActiveOperationArn": {
+          "shape": "__string",
+          "locationName": "activeOperationArn",
+          "documentation": "\n            <p>The Amazon Resource Name (ARN) that uniquely identifies a cluster operation.</p>\n         "
+        },
+        "ClusterType": {
+          "shape": "ClusterType",
+          "locationName": "clusterType",
+          "documentation": "\n            <p>Cluster Type.</p>\n         "
+        },
+        "ClusterArn": {
+          "shape": "__string",
+          "locationName": "clusterArn",
+          "documentation": "\n            <p>The Amazon Resource Name (ARN) that uniquely identifies the cluster.</p>\n         "
+        },
+        "ClusterName": {
+          "shape": "__string",
+          "locationName": "clusterName",
+          "documentation": "\n            <p>The name of the cluster.</p>\n         "
+        },
+        "CreationTime": {
+          "shape": "__timestampIso8601",
+          "locationName": "creationTime",
+          "documentation": "\n            <p>The time when the cluster was created.</p>\n         "
+        },
+        "CurrentVersion": {
+          "shape": "__string",
+          "locationName": "currentVersion",
+          "documentation": "\n            <p>The current version of the MSK cluster.</p>\n         "
+        },
+        "State": {
+          "shape": "ClusterState",
+          "locationName": "state",
+          "documentation": "\n            <p>The state of the cluster. The possible states are ACTIVE, CREATING, DELETING, FAILED, HEALING, MAINTENANCE, REBOOTING_BROKER, and UPDATING.</p>\n         "
+        },
+        "StateInfo" : {
+          "shape" : "StateInfo",
+          "locationName" : "stateInfo",
+          "documentation": "\n            <p>State Info for the Amazon MSK cluster.</p>\n         "
+        },
+        "Tags": {
+          "shape": "__mapOf__string",
+          "locationName": "tags",
+          "documentation": "\n            <p>Tags attached to the cluster.</p>\n         "
+        },
+        "Provisioned": {
+          "shape": "Provisioned",
+          "locationName": "provisioned",
+          "documentation": "\n            <p>Information about the provisioned cluster.</p>\n         "
+        },
+        "Serverless": {
+          "shape": "Serverless",
+          "locationName": "serverless",
+          "documentation": "\n            <p>Information about the serverless cluster.</p>\n         "
+        }
+      },
+      "documentation": "\n            <p>Returns information about a cluster.</p>\n         "
+    },
     "ClusterOperationInfo": {
       "type": "structure",
       "members": {
@@ -1613,7 +1853,7 @@
     },
     "ClusterState": {
       "type": "string",
-      "documentation": "\n            <p>The state of a Kafka cluster.</p>\n         ",
+      "documentation": "\n            <p>The state of the Apache Kafka cluster.</p>\n         ",
       "enum": [
         "ACTIVE",
         "CREATING",
@@ -1625,21 +1865,202 @@
         "UPDATING"
       ]
     },
+    "ClusterType": {
+      "type": "string",
+      "documentation": "\n            <p>The type of cluster.</p>\n         ",
+      "enum": [
+        "PROVISIONED",
+        "SERVERLESS"
+      ]
+    },
+    "ProvisionedRequest": {
+      "type" : "structure",
+      "documentation": "\n            <p>Provisioned cluster request.</p>\n         ",
+      "members" : {
+        "BrokerNodeGroupInfo": {
+          "shape": "BrokerNodeGroupInfo",
+          "locationName": "brokerNodeGroupInfo",
+          "documentation": "\n            <p>Information about the brokers.</p>\n         "
+        },
+        "ClientAuthentication": {
+          "shape": "ClientAuthentication",
+          "locationName": "clientAuthentication",
+          "documentation": "\n            <p>Includes all client authentication information.</p>\n         "
+        },
+        "ConfigurationInfo": {
+          "shape": "ConfigurationInfo",
+          "locationName": "configurationInfo",
+          "documentation": "\n            <p>Represents the configuration that you want Amazon MSK to use for the brokers in a cluster.</p>\n         "
+        },
+        "EncryptionInfo": {
+          "shape": "EncryptionInfo",
+          "locationName": "encryptionInfo",
+          "documentation": "\n            <p>Includes all encryption-related information.</p>\n         "
+        },
+        "EnhancedMonitoring": {
+          "shape": "EnhancedMonitoring",
+          "locationName": "enhancedMonitoring",
+          "documentation": "\n            <p>Specifies the level of monitoring for the MSK cluster. The possible values are DEFAULT, PER_BROKER, PER_TOPIC_PER_BROKER, and PER_TOPIC_PER_PARTITION.</p>\n         "
+        },
+        "OpenMonitoring" : {
+          "shape" : "OpenMonitoringInfo",
+          "locationName" : "openMonitoring",
+          "documentation" : "\n            <p>The settings for open monitoring.</p>\n         "
+        },
+        "KafkaVersion": {
+          "shape": "__stringMin1Max128",
+          "locationName": "kafkaVersion",
+          "documentation": "\n            <p>The Apache Kafka version that you want for the cluster.</p>\n         "
+        },
+        "LoggingInfo": {
+          "shape": "LoggingInfo",
+          "locationName": "loggingInfo",
+          "documentation": "\n            <p>Log delivery information for the cluster.</p>\n         "
+        },
+        "NumberOfBrokerNodes": {
+          "shape": "__integerMin1Max15",
+          "locationName": "numberOfBrokerNodes",
+          "documentation": "\n            <p>The number of broker nodes in the cluster.</p>\n         "
+        }
+      },
+      "required": [
+        "BrokerNodeGroupInfo",
+        "KafkaVersion",
+        "NumberOfBrokerNodes"
+      ]
+    },
+    "Provisioned": {
+      "type" : "structure",
+      "documentation": "\n            <p>Provisioned cluster.</p>\n         ",
+      "members" : {
+        "BrokerNodeGroupInfo": {
+          "shape": "BrokerNodeGroupInfo",
+          "locationName": "brokerNodeGroupInfo",
+          "documentation": "\n            <p>Information about the brokers.</p>\n         "
+        },
+        "CurrentBrokerSoftwareInfo": {
+          "shape": "BrokerSoftwareInfo",
+          "locationName": "currentBrokerSoftwareInfo",
+          "documentation": "\n            <p>Information about the Apache Kafka version deployed on the brokers.</p>\n         "
+        },
+        "ClientAuthentication": {
+          "shape": "ClientAuthentication",
+          "locationName": "clientAuthentication",
+          "documentation": "\n            <p>Includes all client authentication information.</p>\n         "
+        },
+        "EncryptionInfo": {
+          "shape": "EncryptionInfo",
+          "locationName": "encryptionInfo",
+          "documentation": "\n            <p>Includes all encryption-related information.</p>\n         "
+        },
+        "EnhancedMonitoring": {
+          "shape": "EnhancedMonitoring",
+          "locationName": "enhancedMonitoring",
+          "documentation": "\n            <p>Specifies the level of monitoring for the MSK cluster. The possible values are DEFAULT, PER_BROKER, PER_TOPIC_PER_BROKER, and PER_TOPIC_PER_PARTITION.</p>\n         "
+        },
+        "OpenMonitoring" : {
+          "shape" : "OpenMonitoringInfo",
+          "locationName" : "openMonitoring",
+          "documentation" : "\n            <p>The settings for open monitoring.</p>\n         "
+        },
+        "LoggingInfo": {
+          "shape": "LoggingInfo",
+          "locationName": "loggingInfo",
+          "documentation": "\n            <p>Log delivery information for the cluster.</p>\n         "
+        },
+        "NumberOfBrokerNodes": {
+          "shape": "__integerMin1Max15",
+          "locationName": "numberOfBrokerNodes",
+          "documentation": "\n            <p>The number of broker nodes in the cluster.</p>\n         "
+        },
+        "ZookeeperConnectString": {
+          "shape": "__string",
+          "locationName": "zookeeperConnectString",
+          "documentation": "\n            <p>The connection string to use to connect to the Apache ZooKeeper cluster.</p>\n         "
+        },
+        "ZookeeperConnectStringTls" : {
+          "shape" : "__string",
+          "locationName" : "zookeeperConnectStringTls",
+          "documentation" : "\n            <p>The connection string to use to connect to the Apache ZooKeeper cluster on a TLS port.</p>\n         "
+        }
+      },
+      "required": [
+        "BrokerNodeGroupInfo",
+        "NumberOfBrokerNodes"
+      ]
+    },
+    "VpcConfig": {
+      "type" : "structure",
+      "documentation": "\n            <p>The configuration of the Amazon VPCs for the cluster.</p>\n         ",
+      "members": {
+        "SubnetIds": {
+          "shape": "__listOf__string",
+          "locationName": "subnetIds",
+          "documentation" : "\n            <p>The IDs of the subnets associated with the cluster.</p>\n         "
+        },
+        "SecurityGroupIds": {
+          "shape": "__listOf__string",
+          "locationName": "securityGroupIds",
+          "documentation" : "\n            <p>The IDs of the security groups associated with the cluster.</p>\n         "
+        }
+      },
+      "required": [
+        "SubnetIds"
+      ]
+    },
+    "ServerlessRequest": {
+      "type" : "structure",
+      "documentation": "\n            <p>Serverless cluster request.</p>\n         ",
+      "members" : {
+        "VpcConfigs": {
+          "shape": "__listOfVpcConfig",
+          "locationName": "vpcConfigs",
+          "documentation": "\n            <p>The configuration of the Amazon VPCs for the cluster.</p>\n         "
+        },
+        "ClientAuthentication": {
+          "shape": "ServerlessClientAuthentication",
+          "locationName": "clientAuthentication",
+          "documentation": "\n            <p>Includes all client authentication information.</p>\n         "
+        }
+      },
+      "required": [
+        "VpcConfigs"
+      ]
+    },
+    "Serverless": {
+      "type" : "structure",
+      "documentation": "\n            <p>Serverless cluster.</p>\n         ",
+      "members" : {
+        "VpcConfigs": {
+          "shape": "__listOfVpcConfig",
+          "locationName": "vpcConfigs",
+          "documentation": "\n            <p>The configuration of the Amazon VPCs for the cluster.</p>\n         "
+        },
+        "ClientAuthentication": {
+          "shape": "ServerlessClientAuthentication",
+          "locationName": "clientAuthentication",
+          "documentation": "\n            <p>Includes all client authentication information.</p>\n         "
+        }
+      },
+      "required": [
+        "VpcConfigs"
+      ]
+    },
     "CompatibleKafkaVersion" : {
       "type" : "structure",
       "members" : {
         "SourceVersion" : {
           "shape" : "__string",
           "locationName" : "sourceVersion",
-          "documentation": "\n            <p>A Kafka version.</p>\n            "
+          "documentation": "\n            <p>An Apache Kafka version.</p>\n            "
         },
         "TargetVersions" : {
           "shape" : "__listOf__string",
           "locationName" : "targetVersions",
-          "documentation": "\n            <p>A list of Kafka versions.</p>\n            "
+          "documentation": "\n            <p>A list of Apache Kafka versions.</p>\n            "
         }
       },
-      "documentation": "\n            <p>Contains source Kafka versions and compatible target Kafka versions.</p>\n        "
+      "documentation": "\n            <p>Contains source Apache Kafka versions and compatible target Apache Kafka versions.</p>\n        "
     },
     "Configuration": {
       "type": "structure",
@@ -1765,6 +2186,45 @@
         "httpStatusCode": 409
       }
     },
+    "ConnectivityInfo" : {
+      "type": "structure",
+      "members": {
+        "PublicAccess": {
+          "shape": "PublicAccess",
+          "locationName": "publicAccess",
+          "documentation": "\n            <p>Public access control for brokers.</p>\n         "
+        }
+      },
+      "documentation": "\n            <p>Information about the broker access configuration.</p>\n         "
+    },
+    "CreateClusterV2Request": {
+      "type": "structure",
+      "members": {
+        "ClusterName": {
+          "shape": "__stringMin1Max64",
+          "locationName": "clusterName",
+          "documentation": "\n            <p>The name of the cluster.</p>\n         "
+        },
+        "Tags": {
+          "shape": "__mapOf__string",
+          "locationName": "tags",
+          "documentation": "\n            <p>A map of tags that you want the cluster to have.</p>\n         "
+        },
+        "Provisioned": {
+          "shape": "ProvisionedRequest",
+          "locationName": "provisioned",
+          "documentation": "\n            <p>Information about the provisioned cluster.</p>\n         "
+        },
+        "Serverless": {
+          "shape": "ServerlessRequest",
+          "locationName": "serverless",
+          "documentation": "\n            <p>Information about the serverless cluster.</p>\n         "
+        }
+      },
+      "required": [
+        "ClusterName"
+      ]
+    },
     "CreateClusterRequest": {
       "type": "structure",
       "members": {
@@ -1850,6 +2310,31 @@
         }
       }
     },
+    "CreateClusterV2Response": {
+      "type": "structure",
+      "members": {
+        "ClusterArn": {
+          "shape": "__string",
+          "locationName": "clusterArn",
+          "documentation": "\n            <p>The Amazon Resource Name (ARN) of the cluster.</p>\n         "
+        },
+        "ClusterName": {
+          "shape": "__string",
+          "locationName": "clusterName",
+          "documentation": "\n            <p>The name of the MSK cluster.</p>\n         "
+        },
+        "State": {
+          "shape": "ClusterState",
+          "locationName": "state",
+          "documentation": "\n            <p>The state of the cluster. The possible states are ACTIVE, CREATING, DELETING, FAILED, HEALING, MAINTENANCE, REBOOTING_BROKER, and UPDATING.</p>\n         "
+        },
+        "ClusterType": {
+          "shape": "ClusterType",
+          "locationName": "clusterType",
+          "documentation": "\n            <p>The type of the cluster. The possible states are PROVISIONED or SERVERLESS.</p>\n         "
+        }
+      }
+    },
     "CreateConfigurationRequest": {
       "type": "structure",
       "members": {
@@ -2011,6 +2496,20 @@
         "ClusterArn"
       ]
     },
+    "DescribeClusterV2Request": {
+      "type": "structure",
+      "members": {
+        "ClusterArn": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "clusterArn",
+          "documentation": "\n            <p>The Amazon Resource Name (ARN) that uniquely identifies the cluster.</p>\n         "
+        }
+      },
+      "required": [
+        "ClusterArn"
+      ]
+    },
     "DescribeClusterResponse": {
       "type": "structure",
       "members": {
@@ -2021,6 +2520,16 @@
         }
       }
     },
+    "DescribeClusterV2Response": {
+      "type": "structure",
+      "members": {
+        "ClusterInfo": {
+          "shape": "Cluster",
+          "locationName": "clusterInfo",
+          "documentation": "\n            <p>The cluster information.</p>\n         "
+        }
+      }
+    },
     "DescribeConfigurationRequest": {
       "type": "structure",
       "members": {
@@ -2162,13 +2671,18 @@
     "EBSStorageInfo": {
       "type": "structure",
       "members": {
+        "ProvisionedThroughput" : {
+          "shape" : "ProvisionedThroughput",
+          "locationName" : "provisionedThroughput",
+          "documentation" : "EBS volume provisioned throughput information."
+        },
         "VolumeSize": {
           "shape": "__integerMin1Max16384",
           "locationName": "volumeSize",
           "documentation": "\n            <p>The size in GiB of the EBS volume for the data drive on each broker node.</p>\n         "
         }
       },
-      "documentation": "\n            <p>Contains information about the EBS storage volumes attached to Kafka broker nodes.</p>\n         "
+      "documentation": "\n            <p>Contains information about the EBS storage volumes attached to Apache Kafka broker nodes.</p>\n         "
     },
     "EncryptionAtRest": {
       "type": "structure",
@@ -2328,6 +2842,21 @@
           "shape": "__string",
           "locationName": "bootstrapBrokerStringSaslIam",
           "documentation": "\n            <p>A string that contains one or more DNS names (or IP addresses) and SASL IAM port pairs.</p>\n         "
+        },
+        "BootstrapBrokerStringPublicTls": {
+          "shape": "__string",
+          "locationName": "bootstrapBrokerStringPublicTls",
+          "documentation": "\n            <p>A string containing one or more DNS names (or IP) and TLS port pairs.</p>\n         "
+        },
+        "BootstrapBrokerStringPublicSaslScram": {
+          "shape": "__string",
+          "locationName": "bootstrapBrokerStringPublicSaslScram",
+          "documentation": "\n            <p>A string containing one or more DNS names (or IP) and Sasl Scram port pairs.</p>\n         "
+        },
+        "BootstrapBrokerStringPublicSaslIam": {
+          "shape": "__string",
+          "locationName": "bootstrapBrokerStringPublicSaslIam",
+          "documentation": "\n            <p>A string that contains one or more DNS names (or IP addresses) and SASL IAM port pairs.</p>\n         "
         }
       }
     },
@@ -2456,6 +2985,35 @@
         }
       }
     },
+    "ListClustersV2Request": {
+      "type": "structure",
+      "members": {
+        "ClusterNameFilter": {
+          "shape": "__string",
+          "location": "querystring",
+          "locationName": "clusterNameFilter",
+          "documentation": "\n            <p>Specify a prefix of the names of the clusters that you want to list. The service lists all the clusters whose names start with this prefix.</p>\n         "
+        },
+        "ClusterTypeFilter": {
+          "shape": "__string",
+          "location": "querystring",
+          "locationName": "clusterTypeFilter",
+          "documentation": "\n            <p>Specify either PROVISIONED or SERVERLESS.</p>\n         "
+        },
+        "MaxResults": {
+          "shape": "MaxResults",
+          "location": "querystring",
+          "locationName": "maxResults",
+          "documentation": "\n            <p>The maximum number of results to return in the response. If there are more results, the response includes a NextToken parameter.</p>\n         "
+        },
+        "NextToken": {
+          "shape": "__string",
+          "location": "querystring",
+          "locationName": "nextToken",
+          "documentation": "\n            <p>The paginated results marker. When the result of the operation is truncated, the call returns NextToken in the response. \n            To get the next batch, provide this token in your next request.</p>\n         "
+        }
+      }
+    },
     "ListClustersResponse": {
       "type": "structure",
       "members": {
@@ -2471,6 +3029,21 @@
         }
       }
     },
+    "ListClustersV2Response": {
+      "type": "structure",
+      "members": {
+        "ClusterInfoList": {
+          "shape": "__listOfCluster",
+          "locationName": "clusterInfoList",
+          "documentation": "\n            <p>Information on each of the MSK clusters in the response.</p>\n         "
+        },
+        "NextToken": {
+          "shape": "__string",
+          "locationName": "nextToken",
+          "documentation": "\n            <p>The paginated results marker. When the result of a ListClusters operation is truncated, the call returns NextToken in the response. \n               To get another batch of clusters, provide this token in your next request.</p>\n         "
+        }
+      }
+    },
     "ListConfigurationRevisionsRequest": {
       "type": "structure",
       "members": {
@@ -2724,7 +3297,7 @@
         "KafkaVersion" : {
           "shape" : "__string",
           "locationName" : "kafkaVersion",
-          "documentation" : "\n            <p>The Kafka version.</p>\n            "
+          "documentation" : "\n            <p>The Apache Kafka version.</p>\n            "
         },
         "LoggingInfo": {
           "shape": "LoggingInfo",
@@ -2745,6 +3318,11 @@
           "shape" : "EncryptionInfo",
           "locationName" : "encryptionInfo",
           "documentation": "\n            <p>Includes all encryption-related information.</p>\n         "
+        },
+        "ConnectivityInfo" : {
+          "shape" : "ConnectivityInfo",
+          "locationName" : "connectivityInfo",
+          "documentation" : "\n            <p>Information about the broker access configuration.</p>\n         "
         }
       },
       "documentation": "\n            <p>Information about cluster attributes that can be updated via update APIs.</p>\n         "
@@ -2755,10 +3333,10 @@
         "EnabledInBroker" : {
           "shape" : "__boolean",
           "locationName" : "enabledInBroker",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         "
         }
       },
-      "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         ",
+      "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         ",
       "required" : [ "EnabledInBroker" ]
     },
     "NodeExporterInfo" : {
@@ -2767,10 +3345,10 @@
         "EnabledInBroker" : {
           "shape" : "__boolean",
           "locationName" : "enabledInBroker",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         "
         }
       },
-      "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         ",
+      "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         ",
       "required" : [ "EnabledInBroker" ]
     },
     "JmxExporter" : {
@@ -2779,10 +3357,10 @@
         "EnabledInBroker" : {
           "shape" : "__boolean",
           "locationName" : "enabledInBroker",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         "
         }
       },
-      "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         ",
+      "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         ",
       "required" : [ "EnabledInBroker" ]
     },
     "JmxExporterInfo" : {
@@ -2791,10 +3369,10 @@
         "EnabledInBroker" : {
           "shape" : "__boolean",
           "locationName" : "enabledInBroker",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         "
         }
       },
-      "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         ",
+      "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         ",
       "required" : [ "EnabledInBroker" ]
     },
     "OpenMonitoring" : {
@@ -2827,12 +3405,12 @@
         "JmxExporter" : {
           "shape" : "JmxExporter",
           "locationName" : "jmxExporter",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         "
         },
         "NodeExporter" : {
           "shape" : "NodeExporter",
           "locationName" : "nodeExporter",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         "
         }
       },
       "documentation" : "\n            <p>Prometheus settings.</p>\n         "
@@ -2843,16 +3421,43 @@
         "JmxExporter" : {
           "shape" : "JmxExporterInfo",
           "locationName" : "jmxExporter",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the JMX Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the JMX Exporter.</p>\n         "
         },
         "NodeExporter" : {
           "shape" : "NodeExporterInfo",
           "locationName" : "nodeExporter",
-          "documentation" : "\n            <p>Indicates whether you want to enable or disable the Node Exporter.</p>\n         "
+          "documentation" : "\n            <p>Indicates whether you want to turn on or turn off the Node Exporter.</p>\n         "
         }
       },
       "documentation" : "\n            <p>Prometheus settings.</p>\n         "
     },
+    "ProvisionedThroughput" : {
+      "type" : "structure",
+      "members" : {
+        "Enabled" : {
+          "shape" : "__boolean",
+          "locationName" : "enabled",
+          "documentation" : "Provisioned throughput is enabled or not."
+        },
+        "VolumeThroughput" : {
+          "shape" : "__integer",
+          "locationName" : "volumeThroughput",
+          "documentation" : "Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second."
+        }
+      },
+      "documentation" : "Contains information about provisioned throughput for EBS storage volumes attached to kafka broker nodes."
+    },
+    "PublicAccess" : {
+      "type" : "structure",
+      "members" : {
+        "Type" : {
+          "shape" : "__string",
+          "locationName" : "type",
+          "documentation" : "\n            <p>The value DISABLED indicates that public access is turned off. SERVICE_PROVIDED_EIPS indicates that public access is turned on.</p>\n         "
+        }
+      },
+      "documentation" : "Public access control for brokers."
+    },
     "RebootBrokerRequest" : {
       "type" : "structure",
       "members" : {
@@ -2904,6 +3509,17 @@
       },
       "required" : [ "Enabled" ]
     },
+    "ServerlessSasl" : {
+      "type" : "structure",
+      "members" : {
+        "Iam" : {
+          "shape" : "Iam",
+          "locationName" : "iam",
+          "documentation" : "\n            <p>Indicates whether IAM access control is enabled.</p>\n         "
+        }
+      },
+      "documentation" : "\n            <p>Details for client authentication using SASL.</p>\n         "
+    },
     "Sasl" : {
       "type" : "structure",
       "members" : {
@@ -3080,7 +3696,7 @@
         "Enabled" : {
           "shape" : "__boolean",
           "locationName" : "enabled",
-          "documentation" : "\n            <p>Specifies whether you want to enable or disable TLS authentication.</p>\n         "
+          "documentation" : "\n            <p>Specifies whether you want to turn on or turn off TLS authentication.</p>\n         "
         }
       },
       "documentation": "\n            <p>Details for client authentication using TLS.</p>\n         "
@@ -3111,7 +3727,7 @@
         "Enabled" : {
           "shape" : "__boolean",
           "locationName" : "enabled",
-          "documentation" : "\n            <p>Specifies whether you want to enable or disable unauthenticated traffic to your cluster.</p>\n         "
+          "documentation" : "\n            <p>Specifies whether you want to turn on or turn off unauthenticated traffic to your cluster.</p>\n         "
         }
       }
     },
@@ -3512,6 +4128,44 @@
         }
       }
     },
+    "UpdateConnectivityRequest" : {
+      "type" : "structure",
+      "members" : {
+        "ClusterArn" : {
+          "shape" : "__string",
+          "location" : "uri",
+          "locationName" : "clusterArn",
+          "documentation": "\n            <p>The Amazon Resource Name (ARN) of the configuration.</p>\n         "
+        },
+        "ConnectivityInfo" : {
+          "shape" : "ConnectivityInfo",
+          "locationName" : "connectivityInfo",
+          "documentation" : "\n            <p>Information about the broker access configuration.</p>\n         "
+        },
+        "CurrentVersion" : {
+          "shape" : "__string",
+          "locationName" : "currentVersion",
+          "documentation" : "\n            <p>The version of the MSK cluster to update. Cluster versions aren't simple numbers. You can describe an MSK cluster to find its version. When this update operation is successful, it generates a new cluster version.</p>\n         "
+        }
+      },
+      "documentation" : "Request body for UpdateConnectivity.",
+      "required" : [ "ClusterArn", "ConnectivityInfo", "CurrentVersion" ]
+    },
+    "UpdateConnectivityResponse" : {
+      "type" : "structure",
+      "members" : {
+        "ClusterArn" : {
+          "shape" : "__string",
+          "locationName" : "clusterArn",
+          "documentation" : "\n            <p>The Amazon Resource Name (ARN) of the cluster.</p>\n         "
+        },
+        "ClusterOperationArn" : {
+          "shape" : "__string",
+          "locationName" : "clusterOperationArn",
+          "documentation" : "\n            <p>The Amazon Resource Name (ARN) of the cluster operation.</p>\n         "
+        }
+      }
+    },
     "ZookeeperNodeInfo": {
       "type": "structure",
       "members": {
@@ -3577,6 +4231,12 @@
         "shape": "ClusterInfo"
       }
     },
+    "__listOfCluster": {
+      "type": "list",
+      "member": {
+        "shape": "Cluster"
+      }
+    },
     "__listOfClusterOperationInfo": {
       "type": "list",
       "member": {
@@ -3595,6 +4255,12 @@
         "shape" : "CompatibleKafkaVersion"
       }
     },
+    "__listOfVpcConfig" : {
+      "type" : "list",
+      "member" : {
+        "shape" : "VpcConfig"
+      }
+    },
     "__listOfConfiguration": {
       "type": "list",
       "member": {
diff --git a/contrib/python/botocore/py3/botocore/data/kendra/2019-02-03/service-2.json b/contrib/python/botocore/py3/botocore/data/kendra/2019-02-03/service-2.json
index 0a7f6010f7b..4d6793743da 100644
--- a/contrib/python/botocore/py3/botocore/data/kendra/2019-02-03/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/kendra/2019-02-03/service-2.json
@@ -14,6 +14,42 @@
     "uid":"kendra-2019-02-03"
   },
   "operations":{
+    "AssociateEntitiesToExperience":{
+      "name":"AssociateEntitiesToExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AssociateEntitiesToExperienceRequest"},
+      "output":{"shape":"AssociateEntitiesToExperienceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceAlreadyExistException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Grants users or groups in your Amazon Web Services SSO identity source access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "AssociatePersonasToEntities":{
+      "name":"AssociatePersonasToEntities",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AssociatePersonasToEntitiesRequest"},
+      "output":{"shape":"AssociatePersonasToEntitiesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceAlreadyExistException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Defines the specific permissions of users or groups in your Amazon Web Services SSO identity source with access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
     "BatchDeleteDocument":{
       "name":"BatchDeleteDocument",
       "http":{
@@ -30,7 +66,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Removes one or more documents from an index. The documents must have been added with the <code>BatchPutDocument</code> operation.</p> <p>The documents are deleted asynchronously. You can see the progress of the deletion by using Amazon Web Services CloudWatch. Any error messages related to the processing of the batch are sent to you CloudWatch log.</p>"
+      "documentation":"<p>Removes one or more documents from an index. The documents must have been added with the <code>BatchPutDocument</code> API.</p> <p>The documents are deleted asynchronously. You can see the progress of the deletion by using Amazon Web Services CloudWatch. Any error messages related to the processing of the batch are sent to you CloudWatch log.</p>"
     },
     "BatchGetDocumentStatus":{
       "name":"BatchGetDocumentStatus",
@@ -48,7 +84,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Returns the indexing status for one or more documents submitted with the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_BatchPutDocument.html\"> BatchPutDocument</a> operation.</p> <p>When you use the <code>BatchPutDocument</code> operation, documents are indexed asynchronously. You can use the <code>BatchGetDocumentStatus</code> operation to get the current status of a list of documents so that you can determine if they have been successfully indexed.</p> <p>You can also use the <code>BatchGetDocumentStatus</code> operation to check the status of the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_BatchDeleteDocument.html\"> BatchDeleteDocument</a> operation. When a document is deleted from the index, Amazon Kendra returns <code>NOT_FOUND</code> as the status.</p>"
+      "documentation":"<p>Returns the indexing status for one or more documents submitted with the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_BatchPutDocument.html\"> BatchPutDocument</a> API.</p> <p>When you use the <code>BatchPutDocument</code> API, documents are indexed asynchronously. You can use the <code>BatchGetDocumentStatus</code> API to get the current status of a list of documents so that you can determine if they have been successfully indexed.</p> <p>You can also use the <code>BatchGetDocumentStatus</code> API to check the status of the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_BatchDeleteDocument.html\"> BatchDeleteDocument</a> API. When a document is deleted from the index, Amazon Kendra returns <code>NOT_FOUND</code> as the status.</p>"
     },
     "BatchPutDocument":{
       "name":"BatchPutDocument",
@@ -67,7 +103,7 @@
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Adds one or more documents to an index.</p> <p>The <code>BatchPutDocument</code> operation enables you to ingest inline documents or a set of documents stored in an Amazon S3 bucket. Use this operation to ingest your text and unstructured text into an index, add custom attributes to the documents, and to attach an access control list to the documents added to the index.</p> <p>The documents are indexed asynchronously. You can see the progress of the batch using Amazon Web Services CloudWatch. Any error messages related to processing the batch are sent to your Amazon Web Services CloudWatch log.</p>"
+      "documentation":"<p>Adds one or more documents to an index.</p> <p>The <code>BatchPutDocument</code> API enables you to ingest inline documents or a set of documents stored in an Amazon S3 bucket. Use this API to ingest your text and unstructured text into an index, add custom attributes to the documents, and to attach an access control list to the documents added to the index.</p> <p>The documents are indexed asynchronously. You can see the progress of the batch using Amazon Web Services CloudWatch. Any error messages related to processing the batch are sent to your Amazon Web Services CloudWatch log.</p>"
     },
     "ClearQuerySuggestions":{
       "name":"ClearQuerySuggestions",
@@ -84,7 +120,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Clears existing query suggestions from an index.</p> <p>This deletes existing suggestions only, not the queries in the query log. After you clear suggestions, Amazon Kendra learns new suggestions based on new queries added to the query log from the time you cleared suggestions. If you do not see any new suggestions, then please allow Amazon Kendra to collect enough queries to learn new suggestions.</p>"
+      "documentation":"<p>Clears existing query suggestions from an index.</p> <p>This deletes existing suggestions only, not the queries in the query log. After you clear suggestions, Amazon Kendra learns new suggestions based on new queries added to the query log from the time you cleared suggestions. If you do not see any new suggestions, then please allow Amazon Kendra to collect enough queries to learn new suggestions.</p> <p> <code>ClearQuerySuggestions</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "CreateDataSource":{
       "name":"CreateDataSource",
@@ -104,7 +140,26 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates a data source that you want to use with an Amazon Kendra index. </p> <p>You specify a name, data source connector type and description for your data source. You also specify configuration information for the data source connector.</p> <p> <code>CreateDataSource</code> is a synchronous operation. The operation returns 200 if the data source was successfully created. Otherwise, an exception is raised.</p>"
+      "documentation":"<p>Creates a data source that you want to use with an Amazon Kendra index. </p> <p>You specify a name, data source connector type and description for your data source. You also specify configuration information for the data source connector.</p> <p> <code>CreateDataSource</code> is a synchronous operation. The operation returns 200 if the data source was successfully created. Otherwise, an exception is raised.</p> <p>Amazon S3 and <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/data-source-custom.html\">custom</a> data sources are the only supported data sources in the Amazon Web Services GovCloud (US-West) region.</p>"
+    },
+    "CreateExperience":{
+      "name":"CreateExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateExperienceRequest"},
+      "output":{"shape":"CreateExperienceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
     },
     "CreateFaq":{
       "name":"CreateFaq",
@@ -123,7 +178,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates an new set of frequently asked question (FAQ) questions and answers.</p>"
+      "documentation":"<p>Creates an new set of frequently asked question (FAQ) questions and answers.</p> <p>Adding FAQs to an index is an asynchronous operation.</p>"
     },
     "CreateIndex":{
       "name":"CreateIndex",
@@ -142,7 +197,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates a new Amazon Kendra index. Index creation is an asynchronous operation. To determine if index creation has completed, check the <code>Status</code> field returned from a call to <code>DescribeIndex</code>. The <code>Status</code> field is set to <code>ACTIVE</code> when the index is ready to use.</p> <p>Once the index is active you can index your documents using the <code>BatchPutDocument</code> operation or using one of the supported data sources. </p>"
+      "documentation":"<p>Creates a new Amazon Kendra index. Index creation is an asynchronous API. To determine if index creation has completed, check the <code>Status</code> field returned from a call to <code>DescribeIndex</code>. The <code>Status</code> field is set to <code>ACTIVE</code> when the index is ready to use.</p> <p>Once the index is active you can index your documents using the <code>BatchPutDocument</code> API or using one of the supported data sources. </p>"
     },
     "CreateQuerySuggestionsBlockList":{
       "name":"CreateQuerySuggestionsBlockList",
@@ -161,7 +216,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Creates a block list to exlcude certain queries from suggestions.</p> <p>Any query that contains words or phrases specified in the block list is blocked or filtered out from being shown as a suggestion.</p> <p>You need to provide the file location of your block list text file in your S3 bucket. In your text file, enter each block word or phrase on a separate line.</p> <p>For information on the current quota limits for block lists, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas for Amazon Kendra</a>.</p>"
+      "documentation":"<p>Creates a block list to exlcude certain queries from suggestions.</p> <p>Any query that contains words or phrases specified in the block list is blocked or filtered out from being shown as a suggestion.</p> <p>You need to provide the file location of your block list text file in your S3 bucket. In your text file, enter each block word or phrase on a separate line.</p> <p>For information on the current quota limits for block lists, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas for Amazon Kendra</a>.</p> <p> <code>CreateQuerySuggestionsBlockList</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "CreateThesaurus":{
       "name":"CreateThesaurus",
@@ -197,7 +252,25 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes an Amazon Kendra data source. An exception is not thrown if the data source is already being deleted. While the data source is being deleted, the <code>Status</code> field returned by a call to the <code>DescribeDataSource</code> operation is set to <code>DELETING</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/delete-data-source.html\">Deleting Data Sources</a>.</p>"
+      "documentation":"<p>Deletes an Amazon Kendra data source. An exception is not thrown if the data source is already being deleted. While the data source is being deleted, the <code>Status</code> field returned by a call to the <code>DescribeDataSource</code> API is set to <code>DELETING</code>. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/delete-data-source.html\">Deleting Data Sources</a>.</p>"
+    },
+    "DeleteExperience":{
+      "name":"DeleteExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteExperienceRequest"},
+      "output":{"shape":"DeleteExperienceResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
     },
     "DeleteFaq":{
       "name":"DeleteFaq",
@@ -231,7 +304,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes an existing Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the <code>Status</code> field returned by a call to the <code>DescribeIndex</code> operation is set to <code>DELETING</code>.</p>"
+      "documentation":"<p>Deletes an existing Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the <code>Status</code> field returned by a call to the <code>DescribeIndex</code> API is set to <code>DELETING</code>.</p>"
     },
     "DeletePrincipalMapping":{
       "name":"DeletePrincipalMapping",
@@ -248,7 +321,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes a group so that all users and sub groups that belong to the group can no longer access documents only available to that group.</p> <p>For example, after deleting the group \"Summer Interns\", all interns who belonged to that group no longer see intern-only documents in their search results.</p> <p>If you want to delete or replace users or sub groups of a group, you need to use the <code>PutPrincipalMapping</code> operation. For example, if a user in the group \"Engineering\" leaves the engineering team and another user takes their place, you provide an updated list of users or sub groups that belong to the \"Engineering\" group when calling <code>PutPrincipalMapping</code>. You can update your internal list of users or sub groups and input this list when calling <code>PutPrincipalMapping</code>.</p>"
+      "documentation":"<p>Deletes a group so that all users and sub groups that belong to the group can no longer access documents only available to that group.</p> <p>For example, after deleting the group \"Summer Interns\", all interns who belonged to that group no longer see intern-only documents in their search results.</p> <p>If you want to delete or replace users or sub groups of a group, you need to use the <code>PutPrincipalMapping</code> operation. For example, if a user in the group \"Engineering\" leaves the engineering team and another user takes their place, you provide an updated list of users or sub groups that belong to the \"Engineering\" group when calling <code>PutPrincipalMapping</code>. You can update your internal list of users or sub groups and input this list when calling <code>PutPrincipalMapping</code>.</p> <p> <code>DeletePrincipalMapping</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "DeleteQuerySuggestionsBlockList":{
       "name":"DeleteQuerySuggestionsBlockList",
@@ -265,7 +338,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes a block list used for query suggestions for an index.</p> <p>A deleted block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to add back the queries that were previously blocked.</p>"
+      "documentation":"<p>Deletes a block list used for query suggestions for an index.</p> <p>A deleted block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to add back the queries that were previously blocked.</p> <p> <code>DeleteQuerySuggestionsBlockList</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "DeleteThesaurus":{
       "name":"DeleteThesaurus",
@@ -299,7 +372,24 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Gets information about a Amazon Kendra data source.</p>"
+      "documentation":"<p>Gets information about an Amazon Kendra data source.</p>"
+    },
+    "DescribeExperience":{
+      "name":"DescribeExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeExperienceRequest"},
+      "output":{"shape":"DescribeExperienceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets information about your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
     },
     "DescribeFaq":{
       "name":"DescribeFaq",
@@ -350,7 +440,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Describes the processing of <code>PUT</code> and <code>DELETE</code> actions for mapping users to their groups. This includes information on the status of actions currently processing or yet to be processed, when actions were last updated, when actions were received by Amazon Kendra, the latest action that should process and apply after other actions, and useful error messages if an action could not be processed.</p>"
+      "documentation":"<p>Describes the processing of <code>PUT</code> and <code>DELETE</code> actions for mapping users to their groups. This includes information on the status of actions currently processing or yet to be processed, when actions were last updated, when actions were received by Amazon Kendra, the latest action that should process and apply after other actions, and useful error messages if an action could not be processed.</p> <p> <code>DescribePrincipalMapping</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "DescribeQuerySuggestionsBlockList":{
       "name":"DescribeQuerySuggestionsBlockList",
@@ -367,7 +457,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Describes a block list used for query suggestions for an index.</p> <p>This is used to check the current settings that are applied to a block list.</p>"
+      "documentation":"<p>Describes a block list used for query suggestions for an index.</p> <p>This is used to check the current settings that are applied to a block list.</p> <p> <code>DescribeQuerySuggestionsBlockList</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "DescribeQuerySuggestionsConfig":{
       "name":"DescribeQuerySuggestionsConfig",
@@ -384,7 +474,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Describes the settings of query suggestions for an index.</p> <p>This is used to check the current settings applied to query suggestions.</p>"
+      "documentation":"<p>Describes the settings of query suggestions for an index.</p> <p>This is used to check the current settings applied to query suggestions.</p> <p> <code>DescribeQuerySuggestionsConfig</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "DescribeThesaurus":{
       "name":"DescribeThesaurus",
@@ -403,6 +493,40 @@
       ],
       "documentation":"<p>Describes an existing Amazon Kendra thesaurus.</p>"
     },
+    "DisassociateEntitiesFromExperience":{
+      "name":"DisassociateEntitiesFromExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisassociateEntitiesFromExperienceRequest"},
+      "output":{"shape":"DisassociateEntitiesFromExperienceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Prevents users or groups in your Amazon Web Services SSO identity source from accessing your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "DisassociatePersonasFromEntities":{
+      "name":"DisassociatePersonasFromEntities",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisassociatePersonasFromEntitiesRequest"},
+      "output":{"shape":"DisassociatePersonasFromEntitiesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Removes the specific permissions of users or groups in your Amazon Web Services SSO identity source with access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
     "GetQuerySuggestions":{
       "name":"GetQuerySuggestions",
       "http":{
@@ -420,7 +544,23 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Fetches the queries that are suggested to your users.</p>"
+      "documentation":"<p>Fetches the queries that are suggested to your users.</p> <p> <code>GetQuerySuggestions</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
+    },
+    "GetSnapshots":{
+      "name":"GetSnapshots",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetSnapshotsRequest"},
+      "output":{"shape":"GetSnapshotsResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Retrieves search metrics data. The data provides a snapshot of how your users interact with your search application and how effective the application is.</p>"
     },
     "ListDataSourceSyncJobs":{
       "name":"ListDataSourceSyncJobs",
@@ -457,6 +597,57 @@
       ],
       "documentation":"<p>Lists the data sources that you have created.</p>"
     },
+    "ListEntityPersonas":{
+      "name":"ListEntityPersonas",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEntityPersonasRequest"},
+      "output":{"shape":"ListEntityPersonasResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists specific permissions of users and groups with access to your Amazon Kendra experience.</p>"
+    },
+    "ListExperienceEntities":{
+      "name":"ListExperienceEntities",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListExperienceEntitiesRequest"},
+      "output":{"shape":"ListExperienceEntitiesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists users or groups in your Amazon Web Services SSO identity source that are granted access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "ListExperiences":{
+      "name":"ListExperiences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListExperiencesRequest"},
+      "output":{"shape":"ListExperiencesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists one or more Amazon Kendra experiences. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
     "ListFaqs":{
       "name":"ListFaqs",
       "http":{
@@ -490,7 +681,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Provides a list of groups that are mapped to users before a given ordering or timestamp identifier.</p>"
+      "documentation":"<p>Provides a list of groups that are mapped to users before a given ordering or timestamp identifier.</p> <p> <code>ListGroupsOlderThanOrderingId</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "ListIndices":{
       "name":"ListIndices",
@@ -523,7 +714,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the block lists used for query suggestions for an index.</p> <p>For information on the current quota limits for block lists, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas for Amazon Kendra</a>.</p>"
+      "documentation":"<p>Lists the block lists used for query suggestions for an index.</p> <p>For information on the current quota limits for block lists, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas for Amazon Kendra</a>.</p> <p> <code>ListQuerySuggestionsBlockLists</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -575,7 +766,7 @@
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Maps users to their groups so that you only need to provide the user ID when you issue the query.</p> <p>You can also map sub groups to groups. For example, the group \"Company Intellectual Property Teams\" includes sub groups \"Research\" and \"Engineering\". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their search results.</p> <p>You map users to their groups when you want to filter search results for different users based on their group’s access to documents. For more information on filtering search results for different users, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/user-context-filter.html\">Filtering on user context</a>.</p> <p>If more than five <code>PUT</code> actions for a group are currently processing, a validation exception is thrown.</p>"
+      "documentation":"<p>Maps users to their groups so that you only need to provide the user ID when you issue the query.</p> <p>You can also map sub groups to groups. For example, the group \"Company Intellectual Property Teams\" includes sub groups \"Research\" and \"Engineering\". These sub groups include their own list of users or people who work in these teams. Only users who work in research and engineering, and therefore belong in the intellectual property group, can see top-secret company documents in their search results.</p> <p>You map users to their groups when you want to filter search results for different users based on their group’s access to documents. For more information on filtering search results for different users, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/user-context-filter.html\">Filtering on user context</a>.</p> <p>If more than five <code>PUT</code> actions for a group are currently processing, a validation exception is thrown.</p> <p> <code>PutPrincipalMapping</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "Query":{
       "name":"Query",
@@ -594,7 +785,7 @@
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Searches an active index. Use this API to search your documents using query. The <code>Query</code> operation enables to do faceted search and to filter results based on document attributes.</p> <p>It also enables you to provide user context that Amazon Kendra uses to enforce document access control in the search results. </p> <p>Amazon Kendra searches your index for text content and question and answer (FAQ) content. By default the response contains three types of results.</p> <ul> <li> <p>Relevant passages</p> </li> <li> <p>Matching FAQs</p> </li> <li> <p>Relevant documents</p> </li> </ul> <p>You can specify that the query return only one type of result using the <code>QueryResultTypeConfig</code> parameter.</p> <p>Each query returns the 100 most relevant results. </p>"
+      "documentation":"<p>Searches an active index. Use this API to search your documents using query. The <code>Query</code> API enables to do faceted search and to filter results based on document attributes.</p> <p>It also enables you to provide user context that Amazon Kendra uses to enforce document access control in the search results.</p> <p>Amazon Kendra searches your index for text content and question and answer (FAQ) content. By default the response contains three types of results.</p> <ul> <li> <p>Relevant passages</p> </li> <li> <p>Matching FAQs</p> </li> <li> <p>Relevant documents</p> </li> </ul> <p>You can specify that the query return only one type of result using the <code>QueryResultTypeConfig</code> parameter.</p> <p>Each query returns the 100 most relevant results. </p>"
     },
     "StartDataSourceSyncJob":{
       "name":"StartDataSourceSyncJob",
@@ -629,7 +820,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Stops a running synchronization job. You can't stop a scheduled synchronization job.</p>"
+      "documentation":"<p>Stops a synchronization job that is currently running. You can't stop a scheduled synchronization job.</p>"
     },
     "SubmitFeedback":{
       "name":"SubmitFeedback",
@@ -646,7 +837,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Enables you to provide feedback to Amazon Kendra to improve the performance of your index. </p>"
+      "documentation":"<p>Enables you to provide feedback to Amazon Kendra to improve the performance of your index.</p> <p> <code>SubmitFeedback</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -699,6 +890,23 @@
       ],
       "documentation":"<p>Updates an existing Amazon Kendra data source.</p>"
     },
+    "UpdateExperience":{
+      "name":"UpdateExperience",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateExperienceRequest"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
     "UpdateIndex":{
       "name":"UpdateIndex",
       "http":{
@@ -732,7 +940,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Updates a block list used for query suggestions for an index.</p> <p>Updates to a block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to apply any updates to the block list. Other changes not related to the block list apply immediately.</p> <p>If a block list is updating, then you need to wait for the first update to finish before submitting another update.</p> <p>Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.</p>"
+      "documentation":"<p>Updates a block list used for query suggestions for an index.</p> <p>Updates to a block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to apply any updates to the block list. Other changes not related to the block list apply immediately.</p> <p>If a block list is updating, then you need to wait for the first update to finish before submitting another update.</p> <p>Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.</p> <p> <code>UpdateQuerySuggestionsBlockList</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "UpdateQuerySuggestionsConfig":{
       "name":"UpdateQuerySuggestionsConfig",
@@ -749,7 +957,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Updates the settings of query suggestions for an index.</p> <p>Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.</p> <p>If an update is currently processing (i.e. 'happening'), you need to wait for the update to finish before making another update.</p> <p>Updates to query suggestions settings might not take effect right away. The time for your updated settings to take effect depends on the updates made and the number of search queries in your index.</p> <p>You can still enable/disable query suggestions at any time.</p>"
+      "documentation":"<p>Updates the settings of query suggestions for an index.</p> <p>Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.</p> <p>If an update is currently processing (i.e. 'happening'), you need to wait for the update to finish before making another update.</p> <p>Updates to query suggestions settings might not take effect right away. The time for your updated settings to take effect depends on the updates made and the number of search queries in your index.</p> <p>You can still enable/disable query suggestions at any time.</p> <p> <code>UpdateQuerySuggestionsConfig</code> is currently not supported in the Amazon Web Services GovCloud (US-West) region.</p>"
     },
     "UpdateThesaurus":{
       "name":"UpdateThesaurus",
@@ -794,7 +1002,7 @@
       "members":{
         "AllowedGroupsColumnName":{
           "shape":"ColumnName",
-          "documentation":"<p>A list of groups, separated by semi-colons, that filters a query response based on user context. The document is only returned to users that are in one of the groups specified in the <code>UserContext</code> field of the <code>Query</code> operation.</p>"
+          "documentation":"<p>A list of groups, separated by semi-colons, that filters a query response based on user context. The document is only returned to users that are in one of the groups specified in the <code>UserContext</code> field of the <code>Query</code> API.</p>"
         }
       },
       "documentation":"<p>Provides information about the column that should be used for filtering the query response by groups.</p>"
@@ -845,6 +1053,80 @@
       "max":1011,
       "min":1
     },
+    "AssociateEntitiesToExperienceFailedEntityList":{
+      "type":"list",
+      "member":{"shape":"FailedEntity"},
+      "max":20,
+      "min":1
+    },
+    "AssociateEntitiesToExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId",
+        "EntityList"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "EntityList":{
+          "shape":"AssociateEntityList",
+          "documentation":"<p>Lists users or groups in your Amazon Web Services SSO identity source.</p>"
+        }
+      }
+    },
+    "AssociateEntitiesToExperienceResponse":{
+      "type":"structure",
+      "members":{
+        "FailedEntityList":{
+          "shape":"AssociateEntitiesToExperienceFailedEntityList",
+          "documentation":"<p>Lists the users or groups in your Amazon Web Services SSO identity source that failed to properly configure with your Amazon Kendra experience.</p>"
+        }
+      }
+    },
+    "AssociateEntityList":{
+      "type":"list",
+      "member":{"shape":"EntityConfiguration"},
+      "max":20,
+      "min":1
+    },
+    "AssociatePersonasToEntitiesRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId",
+        "Personas"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "Personas":{
+          "shape":"EntityPersonaConfigurationList",
+          "documentation":"<p>The personas that define the specific permissions of users or groups in your Amazon Web Services SSO identity source. The available personas or access roles are <code>Owner</code> and <code>Viewer</code>. For more information on these personas, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html#access-search-experience\">Providing access to your search page</a>.</p>"
+        }
+      }
+    },
+    "AssociatePersonasToEntitiesResponse":{
+      "type":"structure",
+      "members":{
+        "FailedEntityList":{
+          "shape":"FailedEntityList",
+          "documentation":"<p>Lists the users or groups in your Amazon Web Services SSO identity source that failed to properly configure with your Amazon Kendra experience.</p>"
+        }
+      }
+    },
     "AttributeFilter":{
       "type":"structure",
       "members":{
@@ -889,7 +1171,7 @@
           "documentation":"<p>Performs a less than or equals operation on two document attributes. Use with a document attribute of type <code>Date</code> or <code>Long</code>.</p>"
         }
       },
-      "documentation":"<p>Provides filtering the query results based on document attributes.</p> <p>When you use the <code>AndAllFilters</code> or <code>OrAllFilters</code>, filters you can use 2 layers under the first attribute filter. For example, you can use:</p> <p> <code>&lt;AndAllFilters&gt;</code> </p> <ol> <li> <p> <code> &lt;OrAllFilters&gt;</code> </p> </li> <li> <p> <code> &lt;EqualTo&gt;</code> </p> </li> </ol> <p>If you use more than 2 layers, you receive a <code>ValidationException</code> exception with the message \"<code>AttributeFilter</code> cannot have a depth of more than 2.\"</p> <p>If you use more than 10 attribute filters in a given list for <code>AndAllFilters</code> or <code>OrAllFilters</code>, you receive a <code>ValidationException</code> with the message \"<code>AttributeFilter</code> cannot have a length of more than 10\".</p>"
+      "documentation":"<p>Provides filtering the query results based on document attributes.</p> <p>When you use the <code>AndAllFilters</code> or <code>OrAllFilters</code>, filters you can use 2 layers under the first attribute filter. For example, you can use:</p> <p> <code>&lt;AndAllFilters&gt;</code> </p> <ol> <li> <p> <code> &lt;OrAllFilters&gt;</code> </p> </li> <li> <p> <code> &lt;EqualsTo&gt;</code> </p> </li> </ol> <p>If you use more than 2 layers, you receive a <code>ValidationException</code> exception with the message \"<code>AttributeFilter</code> cannot have a depth of more than 2.\"</p> <p>If you use more than 10 attribute filters in a given list for <code>AndAllFilters</code> or <code>OrAllFilters</code>, you receive a <code>ValidationException</code> with the message \"<code>AttributeFilter</code> cannot have a length of more than 10\".</p>"
     },
     "AttributeFilterList":{
       "type":"list",
@@ -923,7 +1205,7 @@
         },
         "Credentials":{
           "shape":"SecretArn",
-          "documentation":"<p>Your secret ARN, which you can create in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">AWS Secrets Manager</a> </p> <p>You use a secret if basic authentication credentials are required to connect to a website. The secret stores your credentials of user name and password.</p>"
+          "documentation":"<p>Your secret ARN, which you can create in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">Secrets Manager</a> </p> <p>You use a secret if basic authentication credentials are required to connect to a website. The secret stores your credentials of user name and password.</p>"
         }
       },
       "documentation":"<p>Provides the configuration information to connect to websites that require basic user authentication.</p>"
@@ -977,7 +1259,7 @@
           "documentation":"<p>An explanation for why the document couldn't be removed from the index.</p>"
         }
       },
-      "documentation":"<p>Provides information about documents that could not be removed from an index by the <code>BatchDeleteDocument</code> operation.</p>"
+      "documentation":"<p>Provides information about documents that could not be removed from an index by the <code>BatchDeleteDocument</code> API.</p>"
     },
     "BatchDeleteDocumentResponseFailedDocuments":{
       "type":"list",
@@ -992,7 +1274,7 @@
       "members":{
         "IndexId":{
           "shape":"IndexId",
-          "documentation":"<p>The identifier of the index to add documents to. The index ID is returned by the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_CreateIndex.html\"> CreateIndex </a> operation.</p>"
+          "documentation":"<p>The identifier of the index to add documents to. The index ID is returned by the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_CreateIndex.html\">CreateIndex </a> API.</p>"
         },
         "DocumentInfoList":{
           "shape":"DocumentInfoList",
@@ -1044,15 +1326,19 @@
       "members":{
         "IndexId":{
           "shape":"IndexId",
-          "documentation":"<p>The identifier of the index to add the documents to. You need to create the index first using the <code>CreateIndex</code> operation.</p>"
+          "documentation":"<p>The identifier of the index to add the documents to. You need to create the index first using the <code>CreateIndex</code> API.</p>"
         },
         "RoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of a role that is allowed to run the <code>BatchPutDocument</code> operation. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM Roles for Amazon Kendra</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of a role that is allowed to run the <code>BatchPutDocument</code> API. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM Roles for Amazon Kendra</a>.</p>"
         },
         "Documents":{
           "shape":"DocumentList",
-          "documentation":"<p>One or more documents to add to the index.</p> <p>Documents can include custom attributes. For example, 'DataSourceId' and 'DataSourceSyncJobId' are custom attributes that provide information on the synchronization of documents running on a data source. Note, 'DataSourceSyncJobId' could be an optional custom attribute as Amazon Kendra will use the ID of a running sync job.</p> <p>Documents have the following file size limits.</p> <ul> <li> <p>5 MB total size for inline documents</p> </li> <li> <p>50 MB total size for files from an S3 bucket</p> </li> <li> <p>5 MB extracted text for any file</p> </li> </ul> <p>For more information about file size and transaction per second quotas, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas</a>.</p>"
+          "documentation":"<p>One or more documents to add to the index.</p> <p>Documents have the following file size limits.</p> <ul> <li> <p>5 MB total size for inline documents</p> </li> <li> <p>50 MB total size for files from an S3 bucket</p> </li> <li> <p>5 MB extracted text for any file</p> </li> </ul> <p>For more information about file size and transaction per second quotas, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/quotas.html\">Quotas</a>.</p>"
+        },
+        "CustomDocumentEnrichmentConfiguration":{
+          "shape":"CustomDocumentEnrichmentConfiguration",
+          "documentation":"<p>Configuration information for altering your document metadata and content during the document ingestion process when you use the <code>BatchPutDocument</code> API.</p> <p>For more information on how to create, modify and delete document metadata, or make other content alterations when you ingest documents into Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
         }
       }
     },
@@ -1145,7 +1431,7 @@
           "documentation":"<p>The Unix timestamp of the date and time that the result was clicked.</p>"
         }
       },
-      "documentation":"<p>Gathers information about when a particular result was clicked by a user. Your application uses the <code>SubmitFeedback</code> operation to provide click information.</p>"
+      "documentation":"<p>Gathers information about when a particular result was clicked by a user. Your application uses the <code>SubmitFeedback</code> API to provide click information.</p>"
     },
     "ClickFeedbackList":{
       "type":"list",
@@ -1178,7 +1464,7 @@
         },
         "FieldMappings":{
           "shape":"DataSourceToIndexFieldMappingList",
-          "documentation":"<p>An array of objects that map database column names to the corresponding fields in an index. You must first create the fields in the index using the <code>UpdateIndex</code> operation.</p>"
+          "documentation":"<p>An array of objects that map database column names to the corresponding fields in an index. You must first create the fields in the index using the <code>UpdateIndex</code> API.</p>"
         },
         "ChangeDetectingColumns":{
           "shape":"ChangeDetectingColumns",
@@ -1193,6 +1479,22 @@
       "min":1,
       "pattern":"^[a-zA-Z][a-zA-Z0-9_]*$"
     },
+    "ConditionOperator":{
+      "type":"string",
+      "enum":[
+        "GreaterThan",
+        "GreaterThanOrEquals",
+        "LessThan",
+        "LessThanOrEquals",
+        "Equals",
+        "NotEquals",
+        "Contains",
+        "NotContains",
+        "Exists",
+        "NotExists",
+        "BeginsWith"
+      ]
+    },
     "ConflictException":{
       "type":"structure",
       "members":{
@@ -1210,7 +1512,7 @@
         },
         "AttachmentFieldMappings":{
           "shape":"ConfluenceAttachmentFieldMappingsList",
-          "documentation":"<p>Defines how attachment metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> operation.</p> <p>If you specify the <code>AttachentFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
+          "documentation":"<p>Defines how attachment metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> API.</p> <p>If you specify the <code>AttachentFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
         }
       },
       "documentation":"<p>Specifies the attachment settings for the Confluence data source. Attachment settings are optional, if you don't specify settings attachments, Amazon Kendra won't index them.</p>"
@@ -1242,7 +1544,7 @@
       "members":{
         "DataSourceFieldName":{
           "shape":"ConfluenceAttachmentFieldName",
-          "documentation":"<p>The name of the field in the data source. </p> <p>You must first create the index field using the <code>UpdateIndex</code> operation. </p>"
+          "documentation":"<p>The name of the field in the data source. </p> <p>You must first create the index field using the <code>UpdateIndex</code> API. </p>"
         },
         "DateFieldFormat":{
           "shape":"DataSourceDateFieldFormat",
@@ -1253,17 +1555,17 @@
           "documentation":"<p>The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.</p>"
         }
       },
-      "documentation":"<p>Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> operation. </p>"
+      "documentation":"<p>Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> API. </p>"
     },
     "ConfluenceBlogConfiguration":{
       "type":"structure",
       "members":{
         "BlogFieldMappings":{
           "shape":"ConfluenceBlogFieldMappingsList",
-          "documentation":"<p>Defines how blog metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> operation.</p> <p>If you specify the <code>BlogFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
+          "documentation":"<p>Defines how blog metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> API.</p> <p>If you specify the <code>BlogFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
         }
       },
-      "documentation":"<p>Specifies the blog settings for the Confluence data source. Blogs are always indexed unless filtered from the index by the <code>ExclusionPatterns</code> or <code>InclusionPatterns</code> fields in the <code>ConfluenceConfiguration</code> type.</p>"
+      "documentation":"<p>Specifies the blog settings for the Confluence data source. Blogs are always indexed unless filtered from the index by the <code>ExclusionPatterns</code> or <code>InclusionPatterns</code> fields in the <code>ConfluenceConfiguration</code> object.</p>"
     },
     "ConfluenceBlogFieldMappingsList":{
       "type":"list",
@@ -1301,7 +1603,7 @@
           "documentation":"<p>The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.</p>"
         }
       },
-      "documentation":"<p>Defines the mapping between a blog field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> operation. </p>"
+      "documentation":"<p>Defines the mapping between a blog field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> API. </p>"
     },
     "ConfluenceConfiguration":{
       "type":"structure",
@@ -1317,7 +1619,7 @@
         },
         "SecretArn":{
           "shape":"SecretArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of an Secrets Managersecret that contains the key/value pairs required to connect to your Confluence server. The secret must contain a JSON structure with the following keys:</p> <ul> <li> <p>username - The user name or email address of a user with administrative privileges for the Confluence server.</p> </li> <li> <p>password - The password associated with the user logging in to the Confluence server.</p> </li> </ul>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Secrets Manager secret that contains the key/value pairs required to connect to your Confluence server. The secret must contain a JSON structure with the following keys:</p> <ul> <li> <p>username - The user name or email address of a user with administrative privileges for the Confluence server.</p> </li> <li> <p>password - The password associated with the user logging in to the Confluence server.</p> </li> </ul>"
         },
         "Version":{
           "shape":"ConfluenceVersion",
@@ -1359,7 +1661,7 @@
       "members":{
         "PageFieldMappings":{
           "shape":"ConfluencePageFieldMappingsList",
-          "documentation":"<p>Defines how page metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> operation.</p> <p>If you specify the <code>PageFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
+          "documentation":"<p>Defines how page metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> API.</p> <p>If you specify the <code>PageFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
         }
       },
       "documentation":"<p>Specifies the page settings for the Confluence data source.</p>"
@@ -1403,7 +1705,7 @@
           "documentation":"<p>The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.</p>"
         }
       },
-      "documentation":"<p>Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> operation. </p>"
+      "documentation":"<p>Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> API.</p>"
     },
     "ConfluenceSpaceConfiguration":{
       "type":"structure",
@@ -1426,7 +1728,7 @@
         },
         "SpaceFieldMappings":{
           "shape":"ConfluenceSpaceFieldMappingsList",
-          "documentation":"<p>Defines how space metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> operation.</p> <p>If you specify the <code>SpaceFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
+          "documentation":"<p>Defines how space metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the <code>UpdateIndex</code> API.</p> <p>If you specify the <code>SpaceFieldMappings</code> parameter, you must specify at least one field mapping.</p>"
         }
       },
       "documentation":"<p>Specifies the configuration for indexing Confluence spaces.</p>"
@@ -1473,7 +1775,7 @@
           "documentation":"<p>The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.</p>"
         }
       },
-      "documentation":"<p>Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> operation. </p>"
+      "documentation":"<p>Defines the mapping between a field in the Confluence data source to an Amazon Kendra index field.</p> <p>You must first create the index field using the <code>UpdateIndex</code> API.</p>"
     },
     "ConfluenceVersion":{
       "type":"string",
@@ -1515,6 +1817,24 @@
       },
       "documentation":"<p>Provides the information necessary to connect to a database.</p>"
     },
+    "ContentSourceConfiguration":{
+      "type":"structure",
+      "members":{
+        "DataSourceIds":{
+          "shape":"DataSourceIdList",
+          "documentation":"<p>The identifier of the data sources you want to use for your Amazon Kendra experience.</p>"
+        },
+        "FaqIds":{
+          "shape":"FaqIdsList",
+          "documentation":"<p>The identifier of the FAQs that you want to use for your Amazon Kendra experience.</p>"
+        },
+        "DirectPutContent":{
+          "shape":"Boolean",
+          "documentation":"<p> <code>TRUE</code> to use documents you indexed directly using the <code>BatchPutDocument</code> API.</p>"
+        }
+      },
+      "documentation":"<p>Configuration information for your content sources, such as data sources, FAQs, and content indexed directly via <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_BatchPutDocument.html\">BatchPutDocument</a>.</p>"
+    },
     "ContentType":{
       "type":"string",
       "enum":[
@@ -1560,7 +1880,7 @@
         },
         "Schedule":{
           "shape":"ScanSchedule",
-          "documentation":"<p>Sets the frequency that Amazon Kendra will check the documents in your repository and update the index. If you don't set a schedule Amazon Kendra will not periodically update the index. You can call the <code>StartDataSourceSyncJob</code> operation to update the index.</p> <p>You can't specify the <code>Schedule</code> parameter when the <code>Type</code> parameter is set to <code>CUSTOM</code>. If you do, you receive a <code>ValidationException</code> exception.</p>"
+          "documentation":"<p>Sets the frequency for Amazon Kendra to check the documents in your repository and update the index. If you don't set a schedule Amazon Kendra will not periodically update the index. You can call the <code>StartDataSourceSyncJob</code> API to update the index.</p> <p>You can't specify the <code>Schedule</code> parameter when the <code>Type</code> parameter is set to <code>CUSTOM</code>. If you do, you receive a <code>ValidationException</code> exception.</p>"
         },
         "RoleArn":{
           "shape":"RoleArn",
@@ -1572,12 +1892,16 @@
         },
         "ClientToken":{
           "shape":"ClientTokenName",
-          "documentation":"<p>A token that you provide to identify the request to create a data source. Multiple calls to the <code>CreateDataSource</code> operation with the same client token will create only one data source.</p>",
+          "documentation":"<p>A token that you provide to identify the request to create a data source. Multiple calls to the <code>CreateDataSource</code> API with the same client token will create only one data source.</p>",
           "idempotencyToken":true
         },
         "LanguageCode":{
           "shape":"LanguageCode",
           "documentation":"<p>The code for a language. This allows you to support a language for all documents when creating the data source. English is supported by default. For more information on supported languages, including their codes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/in-adding-languages.html\">Adding documents in languages other than English</a>.</p>"
+        },
+        "CustomDocumentEnrichmentConfiguration":{
+          "shape":"CustomDocumentEnrichmentConfiguration",
+          "documentation":"<p>Configuration information for altering document metadata and content during the document ingestion process when you create a data source.</p> <p>For more information on how to create, modify and delete document metadata, or make other content alterations when you ingest documents into Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
         }
       }
     },
@@ -1591,6 +1915,50 @@
         }
       }
     },
+    "CreateExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "IndexId"
+      ],
+      "members":{
+        "Name":{
+          "shape":"ExperienceName",
+          "documentation":"<p>A name for your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a role with permission to access <code>Query</code> API, <code>QuerySuggestions</code> API, <code>SubmitFeedback</code> API, and Amazon Web Services SSO that stores your user and group information. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM roles for Amazon Kendra</a>.</p>"
+        },
+        "Configuration":{
+          "shape":"ExperienceConfiguration",
+          "documentation":"<p>Provides the configuration information for your Amazon Kendra experience. This includes <code>ContentSourceConfiguration</code>, which specifies the data source IDs and/or FAQ IDs, and <code>UserIdentityConfiguration</code>, which specifies the user or group information to grant access to your Amazon Kendra experience.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>A description for your Amazon Kendra experience.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientTokenName",
+          "documentation":"<p>A token that you provide to identify the request to create your Amazon Kendra experience. Multiple calls to the <code>CreateExperience</code> API with the same client token creates only one Amazon Kendra experience.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateExperienceResponse":{
+      "type":"structure",
+      "required":["Id"],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier for your created Amazon Kendra experience.</p>"
+        }
+      }
+    },
     "CreateFaqRequest":{
       "type":"structure",
       "required":[
@@ -1630,7 +1998,7 @@
         },
         "ClientToken":{
           "shape":"ClientTokenName",
-          "documentation":"<p>A token that you provide to identify the request to create a FAQ. Multiple calls to the <code>CreateFaqRequest</code> operation with the same client token will create only one FAQ. </p>",
+          "documentation":"<p>A token that you provide to identify the request to create a FAQ. Multiple calls to the <code>CreateFaqRequest</code> API with the same client token will create only one FAQ. </p>",
           "idempotencyToken":true
         },
         "LanguageCode":{
@@ -1665,7 +2033,7 @@
         },
         "RoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>An Identity and Access Management(IAM) role that gives Amazon Kendra permissions to access your Amazon CloudWatch logs and metrics. This is also the role used when you use the <code>BatchPutDocument</code> operation to index documents from an Amazon S3 bucket.</p>"
+          "documentation":"<p>An Identity and Access Management(IAM) role that gives Amazon Kendra permissions to access your Amazon CloudWatch logs and metrics. This is also the role used when you use the <code>BatchPutDocument</code> API to index documents from an Amazon S3 bucket.</p>"
         },
         "ServerSideEncryptionConfiguration":{
           "shape":"ServerSideEncryptionConfiguration",
@@ -1677,7 +2045,7 @@
         },
         "ClientToken":{
           "shape":"ClientTokenName",
-          "documentation":"<p>A token that you provide to identify the request to create an index. Multiple calls to the <code>CreateIndex</code> operation with the same client token will create only one index.</p>",
+          "documentation":"<p>A token that you provide to identify the request to create an index. Multiple calls to the <code>CreateIndex</code> API with the same client token will create only one index.</p>",
           "idempotencyToken":true
         },
         "Tags":{
@@ -1694,7 +2062,7 @@
         },
         "UserGroupResolutionConfiguration":{
           "shape":"UserGroupResolutionConfiguration",
-          "documentation":"<p>Enables fetching access levels of groups and users from an AWS Single Sign-On identity source. To configure this, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html\">UserGroupResolutionConfiguration</a>.</p>"
+          "documentation":"<p>Enables fetching access levels of groups and users from an Amazon Web Services Single Sign On identity source. To configure this, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html\">UserGroupResolutionConfiguration</a>.</p>"
         }
       }
     },
@@ -1739,7 +2107,7 @@
         },
         "RoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>The IAM (Identity and Access Management) role used by Amazon Kendra to access the block list text file in your S3 bucket.</p> <p>You need permissions to the role ARN (Amazon Resource Name). The role needs S3 read permissions to your file in S3 and needs to give STS (Security Token Service) assume role permissions to Amazon Kendra.</p>"
+          "documentation":"<p>The IAM (Identity and Access Management) role used by Amazon Kendra to access the block list text file in your S3 bucket.</p> <p>You need permissions to the role ARN (Amazon Web Services Resource Name). The role needs S3 read permissions to your file in S3 and needs to give STS (Security Token Service) assume role permissions to Amazon Kendra.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -1779,7 +2147,7 @@
         },
         "RoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>An AWS Identity and Access Management (IAM) role that gives Amazon Kendra permissions to access thesaurus file specified in <code>SourceS3Path</code>. </p>"
+          "documentation":"<p>An IAM role that gives Amazon Kendra permissions to access thesaurus file specified in <code>SourceS3Path</code>. </p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -1791,7 +2159,7 @@
         },
         "ClientToken":{
           "shape":"ClientTokenName",
-          "documentation":"<p>A token that you provide to identify the request to create a thesaurus. Multiple calls to the <code>CreateThesaurus</code> operation with the same client token will create only one thesaurus. </p>",
+          "documentation":"<p>A token that you provide to identify the request to create a thesaurus. Multiple calls to the <code>CreateThesaurus</code> API with the same client token will create only one thesaurus. </p>",
           "idempotencyToken":true
         }
       }
@@ -1805,6 +2173,28 @@
         }
       }
     },
+    "CustomDocumentEnrichmentConfiguration":{
+      "type":"structure",
+      "members":{
+        "InlineConfigurations":{
+          "shape":"InlineCustomDocumentEnrichmentConfigurationList",
+          "documentation":"<p>Configuration information to alter document attributes or metadata fields and content when ingesting documents into Amazon Kendra.</p>"
+        },
+        "PreExtractionHookConfiguration":{
+          "shape":"HookConfiguration",
+          "documentation":"<p>Configuration information for invoking a Lambda function in Lambda on the original or raw documents before extracting their metadata and text. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation\">Advanced data manipulation</a>.</p>"
+        },
+        "PostExtractionHookConfiguration":{
+          "shape":"HookConfiguration",
+          "documentation":"<p>Configuration information for invoking a Lambda function in Lambda on the structured documents with their metadata and text extracted. You can use a Lambda function to apply advanced logic for creating, modifying, or deleting document metadata and content. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#advanced-data-manipulation\">Advanced data manipulation</a>.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a role with permission to run <code>PreExtractionHookConfiguration</code> and <code>PostExtractionHookConfiguration</code> for altering document metadata and content during the document ingestion process. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM roles for Amazon Kendra</a>.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information for altering document metadata and content during the document ingestion process.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
+    },
     "DataSourceConfiguration":{
       "type":"structure",
       "members":{
@@ -1843,10 +2233,14 @@
         "WebCrawlerConfiguration":{"shape":"WebCrawlerConfiguration"},
         "WorkDocsConfiguration":{
           "shape":"WorkDocsConfiguration",
-          "documentation":"<p>Provides the configuration information to connect to WorkDocs as your data source.</p>"
+          "documentation":"<p>Provides the configuration information to connect to Amazon WorkDocs as your data source.</p>"
+        },
+        "FsxConfiguration":{
+          "shape":"FsxConfiguration",
+          "documentation":"<p>Provides the configuration information to connect to Amazon FSx as your data source.</p>"
         }
       },
-      "documentation":"<p>Configuration information for a Amazon Kendra data source.</p>"
+      "documentation":"<p>Configuration information for an Amazon Kendra data source.</p>"
     },
     "DataSourceDateFieldFormat":{
       "type":"string",
@@ -1890,6 +2284,12 @@
       "min":1,
       "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*"
     },
+    "DataSourceIdList":{
+      "type":"list",
+      "member":{"shape":"DataSourceId"},
+      "max":100,
+      "min":1
+    },
     "DataSourceInclusionsExclusionsStrings":{
       "type":"list",
       "member":{"shape":"DataSourceInclusionsExclusionsStringsMember"},
@@ -1949,7 +2349,7 @@
           "documentation":"<p>The code for a language. This shows a supported language for all documents in the data source. English is supported by default. For more information on supported languages, including their codes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/in-adding-languages.html\">Adding documents in languages other than English</a>.</p>"
         }
       },
-      "documentation":"<p>Summary information for a Amazon Kendra data source. Returned in a call to the <code>DescribeDataSource</code> operation.</p>"
+      "documentation":"<p>Summary information for an Amazon Kendra data source. Returned in a call to the <code>DescribeDataSource</code> API.</p>"
     },
     "DataSourceSummaryList":{
       "type":"list",
@@ -1964,11 +2364,11 @@
         },
         "StartTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The UNIX datetime that the synchronization job was started.</p>"
+          "documentation":"<p>The UNIX datetime that the synchronization job started.</p>"
         },
         "EndTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The UNIX datetime that the synchronization job was completed.</p>"
+          "documentation":"<p>The UNIX datetime that the synchronization job completed.</p>"
         },
         "Status":{
           "shape":"DataSourceSyncJobStatus",
@@ -1980,7 +2380,7 @@
         },
         "ErrorCode":{
           "shape":"ErrorCode",
-          "documentation":"<p>If the <code>Status</code> field is set to <code>FAILED</code>, the <code>ErrorCode</code> field contains a the reason that the synchronization failed.</p>"
+          "documentation":"<p>If the <code>Status</code> field is set to <code>FAILED</code>, the <code>ErrorCode</code> field indicates the reason the synchronization failed.</p>"
         },
         "DataSourceErrorCode":{
           "shape":"String",
@@ -1991,7 +2391,7 @@
           "documentation":"<p>Maps a batch delete document request to a specific data source sync job. This is optional and should only be supplied when documents are deleted by a data source connector.</p>"
         }
       },
-      "documentation":"<p>Provides information about a synchronization job.</p>"
+      "documentation":"<p>Provides information about a data source synchronization job.</p>"
     },
     "DataSourceSyncJobHistoryList":{
       "type":"list",
@@ -2076,7 +2476,7 @@
           "documentation":"<p>The name of the field in the index.</p>"
         }
       },
-      "documentation":"<p>Maps a column or attribute in the data source to an index field. You must first create the fields in the index using the <code>UpdateIndex</code> operation.</p>"
+      "documentation":"<p>Maps a column or attribute in the data source to an index field. You must first create the fields in the index using the <code>UpdateIndex</code> API.</p>"
     },
     "DataSourceToIndexFieldMappingList":{
       "type":"list",
@@ -2097,7 +2497,8 @@
         "CONFLUENCE",
         "GOOGLEDRIVE",
         "WEBCRAWLER",
-        "WORKDOCS"
+        "WORKDOCS",
+        "FSX"
       ]
     },
     "DataSourceVpcConfiguration":{
@@ -2192,6 +2593,28 @@
         }
       }
     },
+    "DeleteExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience you want to delete.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience you want to delete.</p>"
+        }
+      }
+    },
+    "DeleteExperienceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteFaqRequest":{
       "type":"structure",
       "required":[
@@ -2336,7 +2759,7 @@
         },
         "Schedule":{
           "shape":"ScanSchedule",
-          "documentation":"<p>The schedule that Amazon Kendra will update the data source.</p>"
+          "documentation":"<p>The schedule for Amazon Kendra to update the index.</p>"
         },
         "RoleArn":{
           "shape":"RoleArn",
@@ -2349,6 +2772,76 @@
         "LanguageCode":{
           "shape":"LanguageCode",
           "documentation":"<p>The code for a language. This shows a supported language for all documents in the data source. English is supported by default. For more information on supported languages, including their codes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/in-adding-languages.html\">Adding documents in languages other than English</a>.</p>"
+        },
+        "CustomDocumentEnrichmentConfiguration":{
+          "shape":"CustomDocumentEnrichmentConfiguration",
+          "documentation":"<p>Configuration information for altering document metadata and content during the document ingestion process when you describe a data source.</p> <p>For more information on how to create, modify and delete document metadata, or make other content alterations when you ingest documents into Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
+        }
+      }
+    },
+    "DescribeExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience you want to get information on.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience you want to get information on.</p>"
+        }
+      }
+    },
+    "DescribeExperienceResponse":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>Shows the identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>Shows the identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "Name":{
+          "shape":"ExperienceName",
+          "documentation":"<p>Shows the name of your Amazon Kendra experience.</p>"
+        },
+        "Endpoints":{
+          "shape":"ExperienceEndpoints",
+          "documentation":"<p>Shows the endpoint URLs for your Amazon Kendra experiences. The URLs are unique and fully hosted by Amazon Web Services.</p>"
+        },
+        "Configuration":{
+          "shape":"ExperienceConfiguration",
+          "documentation":"<p>Shows the configuration information for your Amazon Kendra experience. This includes <code>ContentSourceConfiguration</code>, which specifies the data source IDs and/or FAQ IDs, and <code>UserIdentityConfiguration</code>, which specifies the user or group information to grant access to your Amazon Kendra experience.</p>"
+        },
+        "CreatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>Shows the date-time your Amazon Kendra experience was created.</p>"
+        },
+        "UpdatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>Shows the date-time your Amazon Kendra experience was last updated.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>Shows the description for your Amazon Kendra experience.</p>"
+        },
+        "Status":{
+          "shape":"ExperienceStatus",
+          "documentation":"<p>The current processing status of your Amazon Kendra experience. When the status is <code>ACTIVE</code>, your Amazon Kendra experience is ready to use. When the status is <code>FAILED</code>, the <code>ErrorMessage</code> field contains the reason that this failed.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>Shows the Amazon Resource Name (ARN) of a role with permission to access <code>Query</code> API, <code>QuerySuggestions</code> API, <code>SubmitFeedback</code> API, and Amazon Web Services SSO that stores your user and group information.</p>"
+        },
+        "ErrorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The reason your Amazon Kendra experience could not properly process.</p>"
         }
       }
     },
@@ -2494,7 +2987,7 @@
         },
         "UserGroupResolutionConfiguration":{
           "shape":"UserGroupResolutionConfiguration",
-          "documentation":"<p>Shows whether you have enabled the configuration for fetching access levels of groups and users from an AWS Single Sign-On identity source.</p>"
+          "documentation":"<p>Shows whether you have enabled the configuration for fetching access levels of groups and users from an Amazon Web Services Single Sign On identity source.</p>"
         }
       }
     },
@@ -2625,7 +3118,7 @@
       "members":{
         "Mode":{
           "shape":"Mode",
-          "documentation":"<p>Shows whether query suggestions are currently in <code>ENABLED</code> mode or <code>LEARN_ONLY</code> mode.</p> <p>By default, Amazon Kendra enables query suggestions.<code>LEARN_ONLY</code> turns off query suggestions for your users. You can change the mode using the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UpdateQuerySuggestionsConfig.html\">UpdateQuerySuggestionsConfig</a> operation.</p>"
+          "documentation":"<p>Shows whether query suggestions are currently in <code>ENABLED</code> mode or <code>LEARN_ONLY</code> mode.</p> <p>By default, Amazon Kendra enables query suggestions.<code>LEARN_ONLY</code> turns off query suggestions for your users. You can change the mode using the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UpdateQuerySuggestionsConfig.html\">UpdateQuerySuggestionsConfig</a> API.</p>"
         },
         "Status":{
           "shape":"QuerySuggestionsStatus",
@@ -2715,7 +3208,7 @@
         },
         "RoleArn":{
           "shape":"RoleArn",
-          "documentation":"<p>An AWS Identity and Access Management (IAM) role that gives Amazon Kendra permissions to access thesaurus file specified in <code>SourceS3Path</code>. </p>"
+          "documentation":"<p>An IAM role that gives Amazon Kendra permissions to access thesaurus file specified in <code>SourceS3Path</code>. </p>"
         },
         "SourceS3Path":{"shape":"S3Path"},
         "FileSizeBytes":{
@@ -2738,6 +3231,74 @@
       "min":0,
       "pattern":"^\\P{C}*$"
     },
+    "DisassociateEntitiesFromExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId",
+        "EntityList"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "EntityList":{
+          "shape":"DisassociateEntityList",
+          "documentation":"<p>Lists users or groups in your Amazon Web Services SSO identity source.</p>"
+        }
+      }
+    },
+    "DisassociateEntitiesFromExperienceResponse":{
+      "type":"structure",
+      "members":{
+        "FailedEntityList":{
+          "shape":"FailedEntityList",
+          "documentation":"<p>Lists the users or groups in your Amazon Web Services SSO identity source that failed to properly remove access to your Amazon Kendra experience.</p>"
+        }
+      }
+    },
+    "DisassociateEntityList":{
+      "type":"list",
+      "member":{"shape":"EntityConfiguration"},
+      "max":40,
+      "min":1
+    },
+    "DisassociatePersonasFromEntitiesRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId",
+        "EntityIds"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "EntityIds":{
+          "shape":"EntityIdsList",
+          "documentation":"<p>The identifiers of users or groups in your Amazon Web Services SSO identity source. For example, user IDs could be user emails.</p>"
+        }
+      }
+    },
+    "DisassociatePersonasFromEntitiesResponse":{
+      "type":"structure",
+      "members":{
+        "FailedEntityList":{
+          "shape":"FailedEntityList",
+          "documentation":"<p>Lists the users or groups in your Amazon Web Services SSO identity source that failed to properly remove access to your Amazon Kendra experience.</p>"
+        }
+      }
+    },
     "Document":{
       "type":"structure",
       "required":["Id"],
@@ -2752,12 +3313,12 @@
         },
         "Blob":{
           "shape":"Blob",
-          "documentation":"<p>The contents of the document. </p> <p>Documents passed to the <code>Blob</code> parameter must be base64 encoded. Your code might not need to encode the document file bytes if you're using an Amazon Web Services SDK to call Amazon Kendra operations. If you are calling the Amazon Kendra endpoint directly using REST, you must base64 encode the contents before sending.</p>"
+          "documentation":"<p>The contents of the document. </p> <p>Documents passed to the <code>Blob</code> parameter must be base64 encoded. Your code might not need to encode the document file bytes if you're using an Amazon Web Services SDK to call Amazon Kendra APIs. If you are calling the Amazon Kendra endpoint directly using REST, you must base64 encode the contents before sending.</p>"
         },
         "S3Path":{"shape":"S3Path"},
         "Attributes":{
           "shape":"DocumentAttributeList",
-          "documentation":"<p>Custom attributes to apply to the document. Use the custom attributes to provide additional information for searching, to provide facets for refining searches, and to provide additional information in the query response.</p>"
+          "documentation":"<p>Custom attributes to apply to the document. Use the custom attributes to provide additional information for searching, to provide facets for refining searches, and to provide additional information in the query response.</p> <p>For example, 'DataSourceId' and 'DataSourceSyncJobId' are custom attributes that provide information on the synchronization of documents running on a data source. Note, 'DataSourceSyncJobId' could be an optional custom attribute as Amazon Kendra will use the ID of a running sync job.</p>"
         },
         "AccessControlList":{
           "shape":"PrincipalList",
@@ -2790,7 +3351,29 @@
           "documentation":"<p>The value of the attribute.</p>"
         }
       },
-      "documentation":"<p>A custom attribute value assigned to a document. </p>"
+      "documentation":"<p>A custom attribute value assigned to a document.</p> <p>For more information on how to create custom document attributes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-attributes.html\">Custom Attributes</a>.</p>"
+    },
+    "DocumentAttributeCondition":{
+      "type":"structure",
+      "required":[
+        "ConditionDocumentAttributeKey",
+        "Operator"
+      ],
+      "members":{
+        "ConditionDocumentAttributeKey":{
+          "shape":"DocumentAttributeKey",
+          "documentation":"<p>The identifier of the document attribute used for the condition.</p> <p>For example, 'Source_URI' could be an identifier for the attribute or metadata field that contains source URIs associated with the documents.</p> <p>Amazon Kendra currently does not support <code>_document_body</code> as an attribute key used for the condition.</p>"
+        },
+        "Operator":{
+          "shape":"ConditionOperator",
+          "documentation":"<p>The condition operator.</p> <p>For example, you can use 'Contains' to partially match a string.</p>"
+        },
+        "ConditionOnValue":{
+          "shape":"DocumentAttributeValue",
+          "documentation":"<p>The value used by the operator.</p> <p>For example, you can specify the value 'financial' for strings in the 'Source_URI' field that partially match or contain this value.</p>"
+        }
+      },
+      "documentation":"<p>The condition used for the target document attribute or metadata field when ingesting documents into Amazon Kendra. You use this with <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_DocumentAttributeTarget.html\">DocumentAttributeTarget to apply the condition</a>.</p> <p>For example, you can create the 'Department' target field and have it prefill department names associated with the documents based on information in the 'Source_URI' field. Set the condition that if the 'Source_URI' field contains 'financial' in its URI value, then prefill the target field 'Department' with the target value 'Finance' for the document.</p> <p>Amazon Kendra cannot create a target field if it has not already been created as an index field. After you create your index field, you can create a document metadata field using <code>DocumentAttributeTarget</code>. Amazon Kendra then will map your newly created metadata field to your index field.</p>"
     },
     "DocumentAttributeKey":{
       "type":"string",
@@ -2817,6 +3400,24 @@
       "max":2048,
       "min":1
     },
+    "DocumentAttributeTarget":{
+      "type":"structure",
+      "members":{
+        "TargetDocumentAttributeKey":{
+          "shape":"DocumentAttributeKey",
+          "documentation":"<p>The identifier of the target document attribute or metadata field.</p> <p>For example, 'Department' could be an identifier for the target attribute or metadata field that includes the department names associated with the documents.</p>"
+        },
+        "TargetDocumentAttributeValueDeletion":{
+          "shape":"Boolean",
+          "documentation":"<p> <code>TRUE</code> to delete the existing target value for your specified target attribute key. You cannot create a target value and set this to <code>TRUE</code>. To create a target value (<code>TargetDocumentAttributeValue</code>), set this to <code>FALSE</code>.</p>"
+        },
+        "TargetDocumentAttributeValue":{
+          "shape":"DocumentAttributeValue",
+          "documentation":"<p>The target value you want to create for the target attribute.</p> <p>For example, 'Finance' could be the target value for the target attribute key 'Department'.</p>"
+        }
+      },
+      "documentation":"<p>The target document attribute or metadata field you want to alter when ingesting documents into Amazon Kendra.</p> <p>For example, you can delete customer identification numbers associated with the documents, stored in the document metadata field called 'Customer_ID'. You set the target key as 'Customer_ID' and the deletion flag to <code>TRUE</code>. This removes all customer ID values in the field 'Customer_ID'. This would scrub personally identifiable information from each document's metadata.</p> <p>Amazon Kendra cannot create a target field if it has not already been created as an index field. After you create your index field, you can create a document metadata field using <code>DocumentAttributeTarget</code>. Amazon Kendra then will map your newly created metadata field to your index field.</p> <p>You can also use this with <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_DocumentAttributeCondition.html\">DocumentAttributeCondition</a>.</p>"
+    },
     "DocumentAttributeValue":{
       "type":"structure",
       "members":{
@@ -2834,7 +3435,7 @@
         },
         "DateValue":{
           "shape":"Timestamp",
-          "documentation":"<p>A date expressed as an ISO 8601 string.</p> <p>It is important for the time zone to be included in the ISO 8601 date-time format. For example, 20120325T123010+01:00 is the ISO 8601 date-time format for March 25th 2012 at 12:30PM (plus 10 seconds) in Central European Time.</p>"
+          "documentation":"<p>A date expressed as an ISO 8601 string.</p> <p>It is important for the time zone to be included in the ISO 8601 date-time format. For example, 2012-03-25T12:30:10+01:00 is the ISO 8601 date-time format for March 25th 2012 at 12:30PM (plus 10 seconds) in Central European Time.</p>"
         }
       },
       "documentation":"<p>The value of a custom document attribute. You can only provide one value for a custom attribute.</p>"
@@ -2994,6 +3595,103 @@
       "min":1,
       "pattern":"[0-9]+[s]"
     },
+    "Endpoint":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^\\P{C}*$"
+    },
+    "EndpointType":{
+      "type":"string",
+      "enum":["HOME"]
+    },
+    "EntityConfiguration":{
+      "type":"structure",
+      "required":[
+        "EntityId",
+        "EntityType"
+      ],
+      "members":{
+        "EntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The identifier of a user or group in your Amazon Web Services SSO identity source. For example, a user ID could be an email.</p>"
+        },
+        "EntityType":{
+          "shape":"EntityType",
+          "documentation":"<p>Specifies whether you are configuring a <code>User</code> or a <code>Group</code>.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information of users or groups in your Amazon Web Services SSO identity source to grant access your Amazon Kendra experience.</p>"
+    },
+    "EntityDisplayData":{
+      "type":"structure",
+      "members":{
+        "UserName":{
+          "shape":"NameType",
+          "documentation":"<p>The name of the user.</p>"
+        },
+        "GroupName":{
+          "shape":"NameType",
+          "documentation":"<p>The name of the group.</p>"
+        },
+        "IdentifiedUserName":{
+          "shape":"NameType",
+          "documentation":"<p>The user name of the user.</p>"
+        },
+        "FirstName":{
+          "shape":"NameType",
+          "documentation":"<p>The first name of the user.</p>"
+        },
+        "LastName":{
+          "shape":"NameType",
+          "documentation":"<p>The last name of the user.</p>"
+        }
+      },
+      "documentation":"<p>Information about the user entity.</p>"
+    },
+    "EntityId":{
+      "type":"string",
+      "max":47,
+      "min":1,
+      "pattern":"^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$"
+    },
+    "EntityIdsList":{
+      "type":"list",
+      "member":{"shape":"EntityId"},
+      "max":25,
+      "min":1
+    },
+    "EntityPersonaConfiguration":{
+      "type":"structure",
+      "required":[
+        "EntityId",
+        "Persona"
+      ],
+      "members":{
+        "EntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The identifier of a user or group in your Amazon Web Services SSO identity source. For example, a user ID could be an email.</p>"
+        },
+        "Persona":{
+          "shape":"Persona",
+          "documentation":"<p>The persona that defines the specific permissions of the user or group in your Amazon Web Services SSO identity source. The available personas or access roles are <code>Owner</code> and <code>Viewer</code>. For more information on these personas, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html#access-search-experience\">Providing access to your search page</a>.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information of users or groups in your Amazon Web Services SSO identity source for access to your Amazon Kendra experience. Specific permissions are defined for each user or group once they are granted access to your Amazon Kendra experience.</p>"
+    },
+    "EntityPersonaConfigurationList":{
+      "type":"list",
+      "member":{"shape":"EntityPersonaConfiguration"},
+      "max":25,
+      "min":1
+    },
+    "EntityType":{
+      "type":"string",
+      "enum":[
+        "USER",
+        "GROUP"
+      ]
+    },
     "ErrorCode":{
       "type":"string",
       "enum":[
@@ -3025,6 +3723,113 @@
       "max":100,
       "min":0
     },
+    "ExperienceConfiguration":{
+      "type":"structure",
+      "members":{
+        "ContentSourceConfiguration":{
+          "shape":"ContentSourceConfiguration",
+          "documentation":"<p>The identifiers of your data sources and FAQs. Or, you can specify that you want to use documents indexed via the <code>BatchPutDocument</code> API. This is the content you want to use for your Amazon Kendra experience.</p>"
+        },
+        "UserIdentityConfiguration":{
+          "shape":"UserIdentityConfiguration",
+          "documentation":"<p>The Amazon Web Services SSO field name that contains the identifiers of your users, such as their emails.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the configuration information for your Amazon Kendra experience. This includes the data source IDs and/or FAQ IDs, and user or group information to grant access to your Amazon Kendra experience.</p>"
+    },
+    "ExperienceEndpoint":{
+      "type":"structure",
+      "members":{
+        "EndpointType":{
+          "shape":"EndpointType",
+          "documentation":"<p>The type of endpoint for your Amazon Kendra experience. The type currently available is <code>HOME</code>, which is a unique and fully hosted URL to the home page of your Amazon Kendra experience.</p>"
+        },
+        "Endpoint":{
+          "shape":"Endpoint",
+          "documentation":"<p>The endpoint of your Amazon Kendra experience.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information of the endpoint for your Amazon Kendra experience.</p>"
+    },
+    "ExperienceEndpoints":{
+      "type":"list",
+      "member":{"shape":"ExperienceEndpoint"},
+      "max":2,
+      "min":1
+    },
+    "ExperienceEntitiesSummary":{
+      "type":"structure",
+      "members":{
+        "EntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The identifier of a user or group in your Amazon Web Services SSO identity source. For example, a user ID could be an email.</p>"
+        },
+        "EntityType":{
+          "shape":"EntityType",
+          "documentation":"<p>Shows the type as <code>User</code> or <code>Group</code>.</p>"
+        },
+        "DisplayData":{
+          "shape":"EntityDisplayData",
+          "documentation":"<p>Information about the user entity.</p>"
+        }
+      },
+      "documentation":"<p>Summary information for users or groups in your Amazon Web Services SSO identity source with granted access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "ExperienceEntitiesSummaryList":{
+      "type":"list",
+      "member":{"shape":"ExperienceEntitiesSummary"}
+    },
+    "ExperienceId":{
+      "type":"string",
+      "max":36,
+      "min":1,
+      "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*"
+    },
+    "ExperienceName":{
+      "type":"string",
+      "max":1000,
+      "min":1,
+      "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*"
+    },
+    "ExperienceStatus":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "ACTIVE",
+        "DELETING",
+        "FAILED"
+      ]
+    },
+    "ExperiencesSummary":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ExperienceName",
+          "documentation":"<p>The name of your Amazon Kendra experience.</p>"
+        },
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "CreatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date-time your Amazon Kendra experience was created.</p>"
+        },
+        "Status":{
+          "shape":"ExperienceStatus",
+          "documentation":"<p>The processing status of your Amazon Kendra experience.</p>"
+        },
+        "Endpoints":{
+          "shape":"ExperienceEndpoints",
+          "documentation":"<p>The endpoint URLs for your Amazon Kendra experiences. The URLs are unique and fully hosted by Amazon Web Services.</p>"
+        }
+      },
+      "documentation":"<p>Summary information for your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "ExperiencesSummaryList":{
+      "type":"list",
+      "member":{"shape":"ExperiencesSummary"}
+    },
     "Facet":{
       "type":"structure",
       "members":{
@@ -3061,6 +3866,26 @@
       "type":"list",
       "member":{"shape":"FacetResult"}
     },
+    "FailedEntity":{
+      "type":"structure",
+      "members":{
+        "EntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The identifier of the user or group in your Amazon Web Services SSO identity source. For example, a user ID could be an email.</p>"
+        },
+        "ErrorMessage":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The reason the user or group in your Amazon Web Services SSO identity source failed to properly configure with your Amazon Kendra experience.</p>"
+        }
+      },
+      "documentation":"<p>Information on the users or groups in your Amazon Web Services SSO identity source that failed to properly configure with your Amazon Kendra experience.</p>"
+    },
+    "FailedEntityList":{
+      "type":"list",
+      "member":{"shape":"FailedEntity"},
+      "max":25,
+      "min":1
+    },
     "FailureReason":{
       "type":"string",
       "max":2048,
@@ -3081,6 +3906,12 @@
       "min":1,
       "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*"
     },
+    "FaqIdsList":{
+      "type":"list",
+      "member":{"shape":"FaqId"},
+      "max":100,
+      "min":1
+    },
     "FaqName":{
       "type":"string",
       "max":100,
@@ -3152,6 +3983,55 @@
       "min":1,
       "pattern":"^\\P{C}*.\\P{C}*$"
     },
+    "FileSystemId":{
+      "type":"string",
+      "max":21,
+      "min":11,
+      "pattern":"^(fs-[0-9a-f]{8,})$"
+    },
+    "FsxConfiguration":{
+      "type":"structure",
+      "required":[
+        "FileSystemId",
+        "FileSystemType",
+        "VpcConfiguration"
+      ],
+      "members":{
+        "FileSystemId":{
+          "shape":"FileSystemId",
+          "documentation":"<p>The identifier of the Amazon FSx file system.</p> <p>You can find your file system ID on the file system dashboard in the Amazon FSx console. For information on how to create a file system in Amazon FSx console, using Windows File Server as an example, see <a href=\"https://docs.aws.amazon.com/fsx/latest/WindowsGuide/getting-started-step1.html\">Amazon FSx Getting started guide</a>.</p>"
+        },
+        "FileSystemType":{
+          "shape":"FsxFileSystemType",
+          "documentation":"<p>The Amazon FSx file system type. Windows is currently the only supported type.</p>"
+        },
+        "VpcConfiguration":{
+          "shape":"DataSourceVpcConfiguration",
+          "documentation":"<p>Provides the configuration information for connecting to an Amazon Virtual Private Cloud for your Amazon FSx. Your Amazon FSx instance must reside inside your VPC.</p>"
+        },
+        "SecretArn":{
+          "shape":"SecretArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of an Secrets Manager secret that contains the key-value pairs required to connect to your Amazon FSx file system. Windows is currently the only supported type. The secret must contain a JSON structure with the following keys:</p> <ul> <li> <p>username—The Active Directory user name, along with the Domain Name System (DNS) domain name. For example, <i>user@corp.example.com</i>. The Active Directory user account must have read and mounting access to the Amazon FSx file system for Windows.</p> </li> <li> <p>password—The password of the active directory user with read and mounting access Amazon FSx Windows file system.</p> </li> </ul>"
+        },
+        "InclusionPatterns":{
+          "shape":"DataSourceInclusionsExclusionsStrings",
+          "documentation":"<p>A list of regular expression patterns to include certain files in your Amazon FSx file system. Files that match the patterns are included in the index. Files that don't match the patterns are excluded from the index. If a file matches both an inclusion pattern and an exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index.</p>"
+        },
+        "ExclusionPatterns":{
+          "shape":"DataSourceInclusionsExclusionsStrings",
+          "documentation":"<p>A list of regular expression patterns to exclude certain files in your Amazon FSx file system. Files that match the patterns are excluded from the index. Files that don’t match the patterns are included in the index. If a file matches both an inclusion pattern and an exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index.</p>"
+        },
+        "FieldMappings":{
+          "shape":"DataSourceToIndexFieldMappingList",
+          "documentation":"<p>A list of <code>DataSourceToIndexFieldMapping</code> objects that map Amazon FSx data source attributes or field names to Amazon Kendra index field names in Amazon Kendra. To create custom fields, use the <code>UpdateIndex</code> API before you map to Amazon FSx fields. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html\">Mapping data source fields</a>. The Amazon FSx data source field names must exist in your Amazon FSx custom metadata.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information to connect to Amazon FSx as your data source.</p>"
+    },
+    "FsxFileSystemType":{
+      "type":"string",
+      "enum":["WINDOWS"]
+    },
     "GetQuerySuggestionsRequest":{
       "type":"structure",
       "required":[
@@ -3186,6 +4066,57 @@
         }
       }
     },
+    "GetSnapshotsRequest":{
+      "type":"structure",
+      "required":[
+        "IndexId",
+        "Interval",
+        "MetricType"
+      ],
+      "members":{
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index to get search metrics data.</p>"
+        },
+        "Interval":{
+          "shape":"Interval",
+          "documentation":"<p>The time interval or time window to get search metrics data. The time interval uses the time zone of your index. You can view data in the following time windows:</p> <ul> <li> <p> <code>THIS_WEEK</code>: The current week, starting on the Sunday and ending on the day before the current date.</p> </li> <li> <p> <code>ONE_WEEK_AGO</code>: The previous week, starting on the Sunday and ending on the following Saturday.</p> </li> <li> <p> <code>TWO_WEEKS_AGO</code>: The week before the previous week, starting on the Sunday and ending on the following Saturday.</p> </li> <li> <p> <code>THIS_MONTH</code>: The current month, starting on the first day of the month and ending on the day before the current date.</p> </li> <li> <p> <code>ONE_MONTH_AGO</code>: The previous month, starting on the first day of the month and ending on the last day of the month.</p> </li> <li> <p> <code>TWO_MONTHS_AGO</code>: The month before the previous month, starting on the first day of the month and ending on last day of the month.</p> </li> </ul>"
+        },
+        "MetricType":{
+          "shape":"MetricType",
+          "documentation":"<p>The metric you want to retrieve. You can specify only one metric per call.</p> <p>For more information about the metrics you can view, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/search-analytics.html\">Gaining insights with search analytics</a>.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more data to retrieve), Amazon Kendra returns a pagination token in the response. You can use this pagination token to retrieve the next set of search metrics data.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of returned data for the metric.</p>"
+        }
+      }
+    },
+    "GetSnapshotsResponse":{
+      "type":"structure",
+      "members":{
+        "SnapShotTimeFilter":{
+          "shape":"TimeRange",
+          "documentation":"<p>The date-time for the beginning and end of the time window for the search metrics data.</p>"
+        },
+        "SnapshotsDataHeader":{
+          "shape":"SnapshotsDataHeaderFields",
+          "documentation":"<p>The column headers for the search metrics data.</p>"
+        },
+        "SnapshotsData":{
+          "shape":"SnapshotsDataRecords",
+          "documentation":"<p>The search metrics data. The data returned depends on the metric type you requested.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, Amazon Kendra returns this token, which you can use in a later request to retrieve the next set of search metrics data.</p>"
+        }
+      }
+    },
     "GoogleDriveConfiguration":{
       "type":"structure",
       "required":["SecretArn"],
@@ -3204,7 +4135,7 @@
         },
         "FieldMappings":{
           "shape":"DataSourceToIndexFieldMappingList",
-          "documentation":"<p>Defines mapping between a field in the Google Drive and a Amazon Kendra index field.</p> <p>If you are using the console, you can define index fields when creating the mapping. If you are using the API, you must first create the field using the <code>UpdateIndex</code> operation.</p>"
+          "documentation":"<p>Defines mapping between a field in the Google Drive and a Amazon Kendra index field.</p> <p>If you are using the console, you can define index fields when creating the mapping. If you are using the API, you must first create the field using the <code>UpdateIndex</code> API.</p>"
         },
         "ExcludeMimeTypes":{
           "shape":"ExcludeMimeTypesList",
@@ -3357,12 +4288,40 @@
         "THESAURUS_SYNONYM"
       ]
     },
+    "HookConfiguration":{
+      "type":"structure",
+      "required":[
+        "LambdaArn",
+        "S3Bucket"
+      ],
+      "members":{
+        "InvocationCondition":{
+          "shape":"DocumentAttributeCondition",
+          "documentation":"<p>The condition used for when a Lambda function should be invoked.</p> <p>For example, you can specify a condition that if there are empty date-time values, then Amazon Kendra should invoke a function that inserts the current date-time.</p>"
+        },
+        "LambdaArn":{
+          "shape":"LambdaArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a role with permission to run a Lambda function during ingestion. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM roles for Amazon Kendra</a>.</p>"
+        },
+        "S3Bucket":{
+          "shape":"S3BucketName",
+          "documentation":"<p>Stores the original, raw documents or the structured, parsed documents before and after altering them. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html#cde-data-contracts-lambda\">Data contracts for Lambda functions</a>.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information for invoking a Lambda function in Lambda to alter document metadata and content when ingesting documents into Amazon Kendra. You can configure your Lambda function using <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_CustomDocumentEnrichmentConfiguration.html\">PreExtractionHookConfiguration</a> if you want to apply advanced alterations on the original or raw documents. If you want to apply advanced alterations on the Amazon Kendra structured documents, you must configure your Lambda function using <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_CustomDocumentEnrichmentConfiguration.html\">PostExtractionHookConfiguration</a>. You can only invoke one Lambda function. However, this function can invoke other functions it requires.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
+    },
     "Host":{
       "type":"string",
       "max":253,
       "min":1,
       "pattern":"([^\\s]*)"
     },
+    "IdentityAttributeName":{
+      "type":"string",
+      "max":1000,
+      "min":1,
+      "pattern":"[a-zA-Z0-9][a-zA-Z0-9_-]*"
+    },
     "Importance":{
       "type":"integer",
       "max":10,
@@ -3382,7 +4341,7 @@
         },
         "Id":{
           "shape":"IndexId",
-          "documentation":"<p>A unique identifier for the index. Use this to identify the index when you are using operations such as <code>Query</code>, <code>DescribeIndex</code>, <code>UpdateIndex</code>, and <code>DeleteIndex</code>.</p>"
+          "documentation":"<p>A unique identifier for the index. Use this to identify the index when you are using APIs such as <code>Query</code>, <code>DescribeIndex</code>, <code>UpdateIndex</code>, and <code>DeleteIndex</code>.</p>"
         },
         "Edition":{
           "shape":"IndexEdition",
@@ -3394,7 +4353,7 @@
         },
         "UpdatedAt":{
           "shape":"Timestamp",
-          "documentation":"<p>The Unix timestamp when the index was last updated by the <code>UpdateIndex</code> operation.</p>"
+          "documentation":"<p>The Unix timestamp when the index was last updated by the <code>UpdateIndex</code> API.</p>"
         },
         "Status":{
           "shape":"IndexStatus",
@@ -3473,6 +4432,30 @@
       "type":"integer",
       "min":0
     },
+    "InlineCustomDocumentEnrichmentConfiguration":{
+      "type":"structure",
+      "members":{
+        "Condition":{
+          "shape":"DocumentAttributeCondition",
+          "documentation":"<p>Configuration of the condition used for the target document attribute or metadata field when ingesting documents into Amazon Kendra.</p>"
+        },
+        "Target":{
+          "shape":"DocumentAttributeTarget",
+          "documentation":"<p>Configuration of the target document attribute or metadata field when ingesting documents into Amazon Kendra. You can also include a value.</p>"
+        },
+        "DocumentContentDeletion":{
+          "shape":"Boolean",
+          "documentation":"<p> <code>TRUE</code> to delete content if the condition used for the target attribute is met.</p>"
+        }
+      },
+      "documentation":"<p>Provides the configuration information for applying basic logic to alter document metadata and content when ingesting documents into Amazon Kendra. To apply advanced logic, to go beyond what you can do with basic logic, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_HookConfiguration.html\">HookConfiguration</a>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
+    },
+    "InlineCustomDocumentEnrichmentConfigurationList":{
+      "type":"list",
+      "member":{"shape":"InlineCustomDocumentEnrichmentConfiguration"},
+      "max":100,
+      "min":0
+    },
     "Integer":{"type":"integer"},
     "InternalServerException":{
       "type":"structure",
@@ -3483,6 +4466,25 @@
       "exception":true,
       "fault":true
     },
+    "Interval":{
+      "type":"string",
+      "enum":[
+        "THIS_MONTH",
+        "THIS_WEEK",
+        "ONE_WEEK_AGO",
+        "TWO_WEEKS_AGO",
+        "ONE_MONTH_AGO",
+        "TWO_MONTHS_AGO"
+      ]
+    },
+    "InvalidRequestException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The input to the request is not valid.</p>",
+      "exception":true
+    },
     "Issuer":{
       "type":"string",
       "max":65,
@@ -3555,6 +4557,12 @@
       "min":1,
       "sensitive":true
     },
+    "LambdaArn":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"/arn:aws[a-zA-Z-]*:lambda:[a-z]+-[a-z]+-[0-9]:[0-9]{12}:function:[a-zA-Z0-9-_]+(\\/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})?(:[a-zA-Z0-9-_]+)?/"
+    },
     "LanguageCode":{
       "type":"string",
       "documentation":"<p>The code for a language. The default language is English. For more information on supported languages, including their codes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/in-adding-languages.html\">Adding documents in languages other than English</a>.</p>",
@@ -3639,6 +4647,109 @@
         }
       }
     },
+    "ListEntityPersonasRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more data to retrieve), Amazon Kendra returns a pagination token in the response. You can use this pagination token to retrieve the next set of users or groups.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResultsIntegerForListEntityPersonasRequest",
+          "documentation":"<p>The maximum number of returned users or groups.</p>"
+        }
+      }
+    },
+    "ListEntityPersonasResponse":{
+      "type":"structure",
+      "members":{
+        "SummaryItems":{
+          "shape":"PersonasSummaryList",
+          "documentation":"<p>An array of summary information for one or more users or groups.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, Amazon Kendra returns this token, which you can use in a later request to retrieve the next set of users or groups.</p>"
+        }
+      }
+    },
+    "ListExperienceEntitiesRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more data to retrieve), Amazon Kendra returns a pagination token in the response. You can use this pagination token to retrieve the next set of users or groups.</p>"
+        }
+      }
+    },
+    "ListExperienceEntitiesResponse":{
+      "type":"structure",
+      "members":{
+        "SummaryItems":{
+          "shape":"ExperienceEntitiesSummaryList",
+          "documentation":"<p>An array of summary information for one or more users or groups.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, Amazon Kendra returns this token, which you can use in a later request to retrieve the next set of users or groups.</p>"
+        }
+      }
+    },
+    "ListExperiencesRequest":{
+      "type":"structure",
+      "required":["IndexId"],
+      "members":{
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more data to retrieve), Amazon Kendra returns a pagination token in the response. You can use this pagination token to retrieve the next set of Amazon Kendra experiences.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResultsIntegerForListExperiencesRequest",
+          "documentation":"<p>The maximum number of returned Amazon Kendra experiences.</p>"
+        }
+      }
+    },
+    "ListExperiencesResponse":{
+      "type":"structure",
+      "members":{
+        "SummaryItems":{
+          "shape":"ExperiencesSummaryList",
+          "documentation":"<p>An array of summary information for one or more Amazon Kendra experiences.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, Amazon Kendra returns this token, which you can use in a later request to retrieve the next set of Amazon Kendra experiences.</p>"
+        }
+      }
+    },
     "ListFaqsRequest":{
       "type":"structure",
       "required":["IndexId"],
@@ -3844,6 +4955,16 @@
       "max":100,
       "min":1
     },
+    "MaxResultsIntegerForListEntityPersonasRequest":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
+    "MaxResultsIntegerForListExperiencesRequest":{
+      "type":"integer",
+      "max":100,
+      "min":1
+    },
     "MaxResultsIntegerForListFaqsRequest":{
       "type":"integer",
       "max":100,
@@ -3912,6 +5033,17 @@
       "max":1000,
       "min":1
     },
+    "MetricType":{
+      "type":"string",
+      "enum":[
+        "QUERIES_BY_COUNT",
+        "QUERIES_BY_ZERO_CLICK_RATE",
+        "QUERIES_BY_ZERO_RESULT_RATE",
+        "DOCS_BY_CLICK_COUNT",
+        "AGG_QUERY_DOC_METRICS",
+        "TREND_QUERY_DOC_METRICS"
+      ]
+    },
     "MetricValue":{
       "type":"string",
       "pattern":"(([1-9][0-9]*)|0)"
@@ -3939,6 +5071,13 @@
         "LEARN_ONLY"
       ]
     },
+    "NameType":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^[\\S\\s]*$",
+      "sensitive":true
+    },
     "NextToken":{
       "type":"string",
       "max":800,
@@ -4023,6 +5162,39 @@
       "min":12,
       "pattern":"d-[0-9a-fA-F]{10}"
     },
+    "Persona":{
+      "type":"string",
+      "enum":[
+        "OWNER",
+        "VIEWER"
+      ]
+    },
+    "PersonasSummary":{
+      "type":"structure",
+      "members":{
+        "EntityId":{
+          "shape":"EntityId",
+          "documentation":"<p>The identifier of a user or group in your Amazon Web Services SSO identity source. For example, a user ID could be an email.</p>"
+        },
+        "Persona":{
+          "shape":"Persona",
+          "documentation":"<p>The persona that defines the specific permissions of the user or group in your Amazon Web Services SSO identity source. The available personas or access roles are <code>Owner</code> and <code>Viewer</code>. For more information on these personas, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html#access-search-experience\">Providing access to your search page</a>.</p>"
+        },
+        "CreatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date-time the summary information was created.</p>"
+        },
+        "UpdatedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date-time the summary information was last updated.</p>"
+        }
+      },
+      "documentation":"<p>Summary information for users or groups in your Amazon Web Services SSO identity source. This applies to users and groups with specific permissions that define their level of access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/deploying-search-experience-no-code.html\">Building a search experience with no code</a>.</p>"
+    },
+    "PersonasSummaryList":{
+      "type":"list",
+      "member":{"shape":"PersonasSummary"}
+    },
     "Port":{
       "type":"integer",
       "max":65535,
@@ -4104,7 +5276,7 @@
         },
         "Credentials":{
           "shape":"SecretArn",
-          "documentation":"<p>Your secret ARN, which you can create in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">AWS Secrets Manager</a> </p> <p>The credentials are optional. You use a secret if web proxy credentials are required to connect to a website host. Amazon Kendra currently support basic authentication to connect to a web proxy server. The secret stores your credentials.</p>"
+          "documentation":"<p>Your secret ARN, which you can create in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">Secrets Manager</a> </p> <p>The credentials are optional. You use a secret if web proxy credentials are required to connect to a website host. Amazon Kendra currently support basic authentication to connect to a web proxy server. The secret stores your credentials.</p>"
         }
       },
       "documentation":"<p>Provides the configuration information for a web proxy to connect to website hosts.</p>"
@@ -4162,14 +5334,11 @@
     },
     "QueryRequest":{
       "type":"structure",
-      "required":[
-        "IndexId",
-        "QueryText"
-      ],
+      "required":["IndexId"],
       "members":{
         "IndexId":{
           "shape":"IndexId",
-          "documentation":"<p>The unique identifier of the index to search. The identifier is returned in the response from the <code>CreateIndex</code> operation.</p>"
+          "documentation":"<p>The unique identifier of the index to search. The identifier is returned in the response from the <code>CreateIndex</code> API.</p>"
         },
         "QueryText":{
           "shape":"QueryText",
@@ -4235,6 +5404,10 @@
         "TotalNumberOfResults":{
           "shape":"Integer",
           "documentation":"<p>The total number of items found by the search; however, you can only retrieve up to 100 items. For example, if the search found 192 items, you can only retrieve the first 100 of the items.</p>"
+        },
+        "Warnings":{
+          "shape":"WarningList",
+          "documentation":"<p>A list of warning codes and their messages on problems with your query.</p> <p>Amazon Kendra currently only supports one type of warning, which is a warning on invalid syntax used in the query. For examples of invalid query syntax, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/searching-example.html#searching-index-query-syntax\">Searching with advanced query syntax</a>.</p>"
         }
       }
     },
@@ -4368,8 +5541,7 @@
     "QueryText":{
       "type":"string",
       "max":1000,
-      "min":1,
-      "pattern":"^\\P{C}*$"
+      "min":1
     },
     "ReadAccessType":{
       "type":"string",
@@ -4420,7 +5592,7 @@
           "documentation":"<p>Whether to document was relevant or not relevant to the search.</p>"
         }
       },
-      "documentation":"<p>Provides feedback on how relevant a document is to a search. Your application uses the <code>SubmitFeedback</code> operation to provide relevance information.</p>"
+      "documentation":"<p>Provides feedback on how relevant a document is to a search. Your application uses the <code>SubmitFeedback</code> API to provide relevance information.</p>"
     },
     "RelevanceFeedbackList":{
       "type":"list",
@@ -4473,7 +5645,7 @@
     "RoleArn":{
       "type":"string",
       "max":1284,
-      "min":1,
+      "min":0,
       "pattern":"arn:[a-z0-9-\\.]{1,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[a-z0-9-\\.]{0,63}:[^/].{0,1023}"
     },
     "S3BucketName":{
@@ -4848,7 +6020,7 @@
           "documentation":"<p>You can choose one of the following modes:</p> <ul> <li> <p> <code>HOST_ONLY</code> – crawl only the website host names. For example, if the seed URL is \"abc.example.com\", then only URLs with host name \"abc.example.com\" are crawled.</p> </li> <li> <p> <code>SUBDOMAINS</code> – crawl the website host names with subdomains. For example, if the seed URL is \"abc.example.com\", then \"a.abc.example.com\" and \"b.abc.example.com\" are also crawled.</p> </li> <li> <p> <code>EVERYTHING</code> – crawl the website host names with subdomains and other domains that the webpages link to.</p> </li> </ul> <p>The default mode is set to <code>HOST_ONLY</code>.</p>"
         }
       },
-      "documentation":"<p>Provides the configuration information of the seed or starting point URLs to crawl.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use the Amazon Kendra web crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
+      "documentation":"<p>Provides the configuration information of the seed or starting point URLs to crawl.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
     },
     "SeedUrlList":{
       "type":"list",
@@ -4910,7 +6082,7 @@
         },
         "AuthenticationType":{
           "shape":"ServiceNowAuthenticationType",
-          "documentation":"<p>Determines the type of authentication used to connect to the ServiceNow instance. If you choose <code>HTTP_BASIC</code>, Amazon Kendra is authenticated using the user name and password provided in the AWS Secrets Manager secret in the <code>SecretArn</code> field. When you choose <code>OAUTH2</code>, Amazon Kendra is authenticated using the OAuth token and secret provided in the Secrets Manager secret, and the user name and password are used to determine which information Amazon Kendra has access to.</p> <p>When you use <code>OAUTH2</code> authentication, you must generate a token and a client secret using the ServiceNow console. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/data-source-servicenow.html\">Using a ServiceNow data source</a>.</p>"
+          "documentation":"<p>Determines the type of authentication used to connect to the ServiceNow instance. If you choose <code>HTTP_BASIC</code>, Amazon Kendra is authenticated using the user name and password provided in the Secrets Manager secret in the <code>SecretArn</code> field. When you choose <code>OAUTH2</code>, Amazon Kendra is authenticated using the OAuth token and secret provided in the Secrets Manager secret, and the user name and password are used to determine which information Amazon Kendra has access to.</p> <p>When you use <code>OAUTH2</code> authentication, you must generate a token and a client secret using the ServiceNow console. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/data-source-servicenow.html\">Using a ServiceNow data source</a>.</p>"
         }
       },
       "documentation":"<p>Provides configuration information required to connect to a ServiceNow data source.</p>"
@@ -5019,7 +6191,7 @@
         },
         "SecretArn":{
           "shape":"SecretArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of credentials stored in Secrets Manager. The credentials should be a user/password pair. If you use SharePoint Server, you also need to provide the sever domain name as part of the credentials. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html\">Using a Microsoft SharePoint Data Source</a>. For more information about Secrets Manager, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\"> What Is Secrets Manager</a> in the <i>Secrets Manager </i> user guide.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of credentials stored in Secrets Manager. The credentials should be a user/password pair. If you use SharePoint Server, you also need to provide the sever domain name as part of the credentials. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html\">Using a Microsoft SharePoint Data Source</a>. For more information about Secrets Manager see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\"> What Is Secrets Manager</a> in the <i>Secrets Manager </i> user guide.</p>"
         },
         "CrawlAttachments":{
           "shape":"Boolean",
@@ -5040,7 +6212,7 @@
         "VpcConfiguration":{"shape":"DataSourceVpcConfiguration"},
         "FieldMappings":{
           "shape":"DataSourceToIndexFieldMappingList",
-          "documentation":"<p>A list of <code>DataSourceToIndexFieldMapping</code> objects that map Microsoft SharePoint attributes to custom fields in the Amazon Kendra index. You must first create the index fields using the <code>UpdateIndex</code> operation before you map SharePoint attributes. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html\">Mapping Data Source Fields</a>.</p>"
+          "documentation":"<p>A list of <code>DataSourceToIndexFieldMapping</code> objects that map Microsoft SharePoint attributes to custom fields in the Amazon Kendra index. You must first create the index fields using the <code>UpdateIndex</code> API before you map SharePoint attributes. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html\">Mapping Data Source Fields</a>.</p>"
         },
         "DocumentTitleFieldName":{
           "shape":"DataSourceFieldName",
@@ -5089,7 +6261,7 @@
           "documentation":"<p>The list of sitemap URLs of the websites you want to crawl.</p> <p>The list can include a maximum of three sitemap URLs.</p>"
         }
       },
-      "documentation":"<p>Provides the configuration information of the sitemap URLs to crawl.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use the Amazon Kendra web crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
+      "documentation":"<p>Provides the configuration information of the sitemap URLs to crawl.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
     },
     "SiteMapsList":{
       "type":"list",
@@ -5097,6 +6269,18 @@
       "max":3,
       "min":0
     },
+    "SnapshotsDataHeaderFields":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "SnapshotsDataRecord":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "SnapshotsDataRecords":{
+      "type":"list",
+      "member":{"shape":"SnapshotsDataRecord"}
+    },
     "SortOrder":{
       "type":"string",
       "enum":[
@@ -5219,7 +6403,7 @@
         },
         "QueryId":{
           "shape":"QueryId",
-          "documentation":"<p>The identifier of the specific query for which you are submitting feedback. The query ID is returned in the response to the <code>Query</code> operation.</p>"
+          "documentation":"<p>The identifier of the specific query for which you are submitting feedback. The query ID is returned in the response to the <code>Query</code> API.</p>"
         },
         "ClickFeedbackItems":{
           "shape":"ClickFeedbackList",
@@ -5537,7 +6721,10 @@
           "shape":"IndexId",
           "documentation":"<p>The identifier of the index that contains the data source to update.</p>"
         },
-        "Configuration":{"shape":"DataSourceConfiguration"},
+        "Configuration":{
+          "shape":"DataSourceConfiguration",
+          "documentation":"<p>Configuration information for an Amazon Kendra data source.</p>"
+        },
         "Description":{
           "shape":"Description",
           "documentation":"<p>The new description for the data source.</p>"
@@ -5553,6 +6740,43 @@
         "LanguageCode":{
           "shape":"LanguageCode",
           "documentation":"<p>The code for a language. This allows you to support a language for all documents when updating the data source. English is supported by default. For more information on supported languages, including their codes, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/in-adding-languages.html\">Adding documents in languages other than English</a>.</p>"
+        },
+        "CustomDocumentEnrichmentConfiguration":{
+          "shape":"CustomDocumentEnrichmentConfiguration",
+          "documentation":"<p>Configuration information for altering document metadata and content during the document ingestion process when you update a data source.</p> <p>For more information on how to create, modify and delete document metadata, or make other content alterations when you ingest documents into Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/custom-document-enrichment.html\">Customizing document metadata during the ingestion process</a>.</p>"
+        }
+      }
+    },
+    "UpdateExperienceRequest":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "IndexId"
+      ],
+      "members":{
+        "Id":{
+          "shape":"ExperienceId",
+          "documentation":"<p>The identifier of your Amazon Kendra experience you want to update.</p>"
+        },
+        "Name":{
+          "shape":"ExperienceName",
+          "documentation":"<p>The name of your Amazon Kendra experience you want to update.</p>"
+        },
+        "IndexId":{
+          "shape":"IndexId",
+          "documentation":"<p>The identifier of the index for your Amazon Kendra experience you want to update.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a role with permission to access <code>Query</code> API, <code>QuerySuggestions</code> API, <code>SubmitFeedback</code> API, and Amazon Web Services SSO that stores your user and group information. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html\">IAM roles for Amazon Kendra</a>.</p>"
+        },
+        "Configuration":{
+          "shape":"ExperienceConfiguration",
+          "documentation":"<p>Provides the user configuration information. This includes the Amazon Web Services SSO field name that contains the identifiers of your users, such as their emails.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of your Amazon Kendra experience you want to update.</p>"
         }
       }
     },
@@ -5594,7 +6818,7 @@
         },
         "UserGroupResolutionConfiguration":{
           "shape":"UserGroupResolutionConfiguration",
-          "documentation":"<p>Enables fetching access levels of groups and users from an AWS Single Sign-On identity source. To configure this, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html\">UserGroupResolutionConfiguration</a>.</p>"
+          "documentation":"<p>Enables fetching access levels of groups and users from an Amazon Web Services Single Sign On identity source. To configure this, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html\">UserGroupResolutionConfiguration</a>.</p>"
         }
       }
     },
@@ -5709,7 +6933,7 @@
           "documentation":"<p>Provides the configuration of the sitemap URLs of the websites you want to crawl.</p> <p>Only URLs belonging to the same website host names are crawled. You can list up to three sitemap URLs.</p>"
         }
       },
-      "documentation":"<p>Provides the configuration information of the URLs to crawl.</p> <p>You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use the Amazon Kendra web crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
+      "documentation":"<p>Provides the configuration information of the URLs to crawl.</p> <p>You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
     },
     "UserAccount":{
       "type":"string",
@@ -5752,10 +6976,10 @@
       "members":{
         "UserGroupResolutionMode":{
           "shape":"UserGroupResolutionMode",
-          "documentation":"<p>The identity store provider (mode) you want to use to fetch access levels of groups and users. AWS Single Sign-On is currently the only available mode. Your users and groups must exist in an AWS SSO identity source in order to use this mode.</p>"
+          "documentation":"<p>The identity store provider (mode) you want to use to fetch access levels of groups and users. Amazon Web Services Single Sign On is currently the only available mode. Your users and groups must exist in an Amazon Web Services SSO identity source in order to use this mode.</p>"
         }
       },
-      "documentation":"<p>Provides the configuration information to fetch access levels of groups and users from an AWS Single Sign-On identity source. This is useful for setting up user context filtering, where Amazon Kendra filters search results for different users based on their group's access to documents. You can also map your users to their groups for user context filtering using the <a href=\"https://docs.aws.amazon.com/latest/dg/API_PutPrincipalMapping.html\">PutPrincipalMapping operation</a>.</p> <p>To set up an AWS SSO identity source in the console to use with Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/getting-started-aws-sso.html\">Getting started with an AWS SSO identity source</a>. You must also grant the required permissions to use AWS SSO with Amazon Kendra. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html#iam-roles-aws-sso\">IAM roles for AWS Single Sign-On</a>.</p>"
+      "documentation":"<p>Provides the configuration information to fetch access levels of groups and users from an Amazon Web Services Single Sign On identity source. This is useful for setting up user context filtering, where Amazon Kendra filters search results for different users based on their group's access to documents. You can also map your users to their groups for user context filtering using the <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/API_PutPrincipalMapping.html\">PutPrincipalMapping API</a>.</p> <p>To set up an Amazon Web Services SSO identity source in the console to use with Amazon Kendra, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/getting-started-aws-sso.html\">Getting started with an Amazon Web Services SSO identity source</a>. You must also grant the required permissions to use Amazon Web Services SSO with Amazon Kendra. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html#iam-roles-aws-sso\">IAM roles for Amazon Web Services SSO</a>.</p> <p>Amazon Kendra currently does not support using <code>UserGroupResolutionConfiguration</code> with an Amazon Web Services organization member account for your Amazon Web Services SSO identify source. You must create your index in the management account for the organization in order to use <code>UserGroupResolutionConfiguration</code>.</p>"
     },
     "UserGroupResolutionMode":{
       "type":"string",
@@ -5770,6 +6994,16 @@
       "min":1,
       "pattern":"^\\P{C}*$"
     },
+    "UserIdentityConfiguration":{
+      "type":"structure",
+      "members":{
+        "IdentityAttributeName":{
+          "shape":"IdentityAttributeName",
+          "documentation":"<p>The Amazon Web Services SSO field name that contains the identifiers of your users, such as their emails. This is used for <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/user-context-filter.html\">user context filtering</a> and for granting access to your Amazon Kendra experience. You must set up Amazon Web Services SSO with Amazon Kendra. You must include your users and groups in your Access Control List when you ingest documents into your index. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/getting-started-aws-sso.html\">Getting started with an Amazon Web Services SSO identity source</a>.</p>"
+        }
+      },
+      "documentation":"<p>Configuration information for the identifiers of your users.</p>"
+    },
     "UserNameAttributeField":{
       "type":"string",
       "max":100,
@@ -5825,13 +7059,43 @@
       "min":1,
       "pattern":"[-0-9a-zA-Z]+"
     },
+    "Warning":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"WarningMessage",
+          "documentation":"<p>The message that explains the problem with the query.</p>"
+        },
+        "Code":{
+          "shape":"WarningCode",
+          "documentation":"<p>The code used to show the type of warning for the query.</p>"
+        }
+      },
+      "documentation":"<p>The warning code and message that explains a problem with a query.</p>"
+    },
+    "WarningCode":{
+      "type":"string",
+      "enum":["QUERY_LANGUAGE_INVALID_SYNTAX"]
+    },
+    "WarningList":{
+      "type":"list",
+      "member":{"shape":"Warning"},
+      "max":1,
+      "min":1
+    },
+    "WarningMessage":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^\\P{C}*$"
+    },
     "WebCrawlerConfiguration":{
       "type":"structure",
       "required":["Urls"],
       "members":{
         "Urls":{
           "shape":"Urls",
-          "documentation":"<p>Specifies the seed or starting point URLs of the websites or the sitemap URLs of the websites you want to crawl.</p> <p>You can include website subdomains. You can list up to 100 seed URLs and up to three sitemap URLs.</p> <p>You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use the Amazon Kendra web crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
+          "documentation":"<p>Specifies the seed or starting point URLs of the websites or the sitemap URLs of the websites you want to crawl.</p> <p>You can include website subdomains. You can list up to 100 seed URLs and up to three sitemap URLs.</p> <p>You can only crawl websites that use the secure communication protocol, Hypertext Transfer Protocol Secure (HTTPS). If you receive an error when crawling a website, it could be that the website is blocked from crawling.</p> <p> <i>When selecting websites to index, you must adhere to the <a href=\"https://aws.amazon.com/aup/\">Amazon Acceptable Use Policy</a> and all other Amazon terms. Remember that you must only use Amazon Kendra Web Crawler to index your own webpages, or webpages that you have authorization to index.</i> </p>"
         },
         "CrawlDepth":{
           "shape":"CrawlDepth",
@@ -5859,14 +7123,14 @@
         },
         "ProxyConfiguration":{
           "shape":"ProxyConfiguration",
-          "documentation":"<p>Provides configuration information required to connect to your internal websites via a web proxy.</p> <p>You must provide the website host name and port number. For example, the host name of https://a.example.com/page1.html is \"a.example.com\" and the port is 443, the standard port for HTTPS.</p> <p>Web proxy credentials are optional and you can use them to connect to a web proxy server that requires basic authentication. To store web proxy credentials, you use a secret in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">AWS Secrets Manager</a>.</p>"
+          "documentation":"<p>Provides configuration information required to connect to your internal websites via a web proxy.</p> <p>You must provide the website host name and port number. For example, the host name of https://a.example.com/page1.html is \"a.example.com\" and the port is 443, the standard port for HTTPS.</p> <p>Web proxy credentials are optional and you can use them to connect to a web proxy server that requires basic authentication. To store web proxy credentials, you use a secret in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">Secrets Manager</a>.</p>"
         },
         "AuthenticationConfiguration":{
           "shape":"AuthenticationConfiguration",
-          "documentation":"<p>Provides configuration information required to connect to websites using authentication.</p> <p>You can connect to websites using basic authentication of user name and password.</p> <p>You must provide the website host name and port number. For example, the host name of https://a.example.com/page1.html is \"a.example.com\" and the port is 443, the standard port for HTTPS. You use a secret in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">AWS Secrets Manager</a> to store your authentication credentials.</p>"
+          "documentation":"<p>Provides configuration information required to connect to websites using authentication.</p> <p>You can connect to websites using basic authentication of user name and password.</p> <p>You must provide the website host name and port number. For example, the host name of https://a.example.com/page1.html is \"a.example.com\" and the port is 443, the standard port for HTTPS. You use a secret in <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html\">Secrets Manager</a> to store your authentication credentials.</p>"
         }
       },
-      "documentation":"<p>Provides the configuration information required for Amazon Kendra web crawler.</p>"
+      "documentation":"<p>Provides the configuration information required for Amazon Kendra Web Crawler.</p>"
     },
     "WebCrawlerMode":{
       "type":"string",
@@ -5882,7 +7146,7 @@
       "members":{
         "OrganizationId":{
           "shape":"OrganizationId",
-          "documentation":"<p>The identifier of the directory corresponding to your Amazon WorkDocs site repository.</p> <p>You can find the organization ID in the <a href=\"https://console.aws.amazon.com/directoryservicev2/\">AWS Directory Service</a> by going to <b>Active Directory</b>, then <b>Directories</b>. Your Amazon WorkDocs site directory has an ID, which is the organization ID. You can also set up a new Amazon WorkDocs directory in the AWS Directory Service console and enable a Amazon WorkDocs site for the directory in the Amazon WorkDocs console.</p>"
+          "documentation":"<p>The identifier of the directory corresponding to your Amazon WorkDocs site repository.</p> <p>You can find the organization ID in the <a href=\"https://console.aws.amazon.com/directoryservicev2/\">Directory Service</a> by going to <b>Active Directory</b>, then <b>Directories</b>. Your Amazon WorkDocs site directory has an ID, which is the organization ID. You can also set up a new Amazon WorkDocs directory in the Directory Service console and enable a Amazon WorkDocs site for the directory in the Amazon WorkDocs console.</p>"
         },
         "CrawlComments":{
           "shape":"Boolean",
@@ -5902,7 +7166,7 @@
         },
         "FieldMappings":{
           "shape":"DataSourceToIndexFieldMappingList",
-          "documentation":"<p>A list of <code>DataSourceToIndexFieldMapping</code> objects that map Amazon WorkDocs field names to custom index field names in Amazon Kendra. You must first create the custom index fields using the <code>UpdateIndex</code> operation before you map to Amazon WorkDocs fields. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html\">Mapping Data Source Fields</a>. The Amazon WorkDocs data source field names need to exist in your Amazon WorkDocs custom metadata.</p>"
+          "documentation":"<p>A list of <code>DataSourceToIndexFieldMapping</code> objects that map Amazon WorkDocs field names to custom index field names in Amazon Kendra. You must first create the custom index fields using the <code>UpdateIndex</code> API before you map to Amazon WorkDocs fields. For more information, see <a href=\"https://docs.aws.amazon.com/kendra/latest/dg/field-mapping.html\">Mapping Data Source Fields</a>. The Amazon WorkDocs data source field names need to exist in your Amazon WorkDocs custom metadata.</p>"
         }
       },
       "documentation":"<p>Provides the configuration information to connect to Amazon WorkDocs as your data source.</p> <p>Amazon WorkDocs connector is available in Oregon, North Virginia, Sydney, Singapore and Ireland regions.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/kinesis/2013-12-02/service-2.json b/contrib/python/botocore/py3/botocore/data/kinesis/2013-12-02/service-2.json
index 13d67230f26..75a32fa3958 100644
--- a/contrib/python/botocore/py3/botocore/data/kinesis/2013-12-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/kinesis/2013-12-02/service-2.json
@@ -27,7 +27,7 @@
         {"shape":"InvalidArgumentException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Adds or updates tags for the specified Kinesis data stream. Each time you invoke this operation, you can specify up to 10 tags. If you want to add more than 10 tags to your stream, you can invoke this operation multiple times. In total, each stream can have up to 50 tags.</p> <p>If tags have already been assigned to the stream, <code>AddTagsToStream</code> overwrites any existing tags that correspond to the specified tag keys.</p> <p> <a>AddTagsToStream</a> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Adds or updates tags for the specified Kinesis data stream. You can assign up to 50 tags to a data stream.</p> <p>If tags have already been assigned to the stream, <code>AddTagsToStream</code> overwrites any existing tags that correspond to the specified tag keys.</p> <p> <a>AddTagsToStream</a> has a limit of five transactions per second per account.</p>"
     },
     "CreateStream":{
       "name":"CreateStream",
@@ -41,7 +41,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InvalidArgumentException"}
       ],
-      "documentation":"<p>Creates a Kinesis data stream. A stream captures and transports data records that are continuously emitted from different data sources or <i>producers</i>. Scale-out within a stream is explicitly supported by means of shards, which are uniquely identified groups of data records in a stream.</p> <p>You specify and control the number of shards that a stream is composed of. Each shard can support reads up to five transactions per second, up to a maximum data read total of 2 MiB per second. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second. If the amount of data input increases or decreases, you can add or remove shards.</p> <p>The stream name identifies the stream. The name is scoped to the AWS account used by the application. It is also scoped by AWS Region. That is, two streams in two different accounts can have the same name, and two streams in the same account, but in two different Regions, can have the same name.</p> <p> <code>CreateStream</code> is an asynchronous operation. Upon receiving a <code>CreateStream</code> request, Kinesis Data Streams immediately returns and sets the stream status to <code>CREATING</code>. After the stream is created, Kinesis Data Streams sets the stream status to <code>ACTIVE</code>. You should perform read and write operations only on an <code>ACTIVE</code> stream. </p> <p>You receive a <code>LimitExceededException</code> when making a <code>CreateStream</code> request when you try to do one of the following:</p> <ul> <li> <p>Have more than five streams in the <code>CREATING</code> state at any point in time.</p> </li> <li> <p>Create more shards than are authorized for your account.</p> </li> </ul> <p>For the default shard limit for an AWS account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Amazon Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To increase this limit, <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html\">contact AWS Support</a>.</p> <p>You can use <code>DescribeStream</code> to check the stream status, which is returned in <code>StreamStatus</code>.</p> <p> <a>CreateStream</a> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Creates a Kinesis data stream. A stream captures and transports data records that are continuously emitted from different data sources or <i>producers</i>. Scale-out within a stream is explicitly supported by means of shards, which are uniquely identified groups of data records in a stream.</p> <p>You specify and control the number of shards that a stream is composed of. Each shard can support reads up to five transactions per second, up to a maximum data read total of 2 MiB per second. Each shard can support writes up to 1,000 records per second, up to a maximum data write total of 1 MiB per second. If the amount of data input increases or decreases, you can add or remove shards.</p> <p>The stream name identifies the stream. The name is scoped to the Amazon Web Services account used by the application. It is also scoped by Amazon Web Services Region. That is, two streams in two different accounts can have the same name, and two streams in the same account, but in two different Regions, can have the same name.</p> <p> <code>CreateStream</code> is an asynchronous operation. Upon receiving a <code>CreateStream</code> request, Kinesis Data Streams immediately returns and sets the stream status to <code>CREATING</code>. After the stream is created, Kinesis Data Streams sets the stream status to <code>ACTIVE</code>. You should perform read and write operations only on an <code>ACTIVE</code> stream. </p> <p>You receive a <code>LimitExceededException</code> when making a <code>CreateStream</code> request when you try to do one of the following:</p> <ul> <li> <p>Have more than five streams in the <code>CREATING</code> state at any point in time.</p> </li> <li> <p>Create more shards than are authorized for your account.</p> </li> </ul> <p>For the default shard limit for an Amazon Web Services account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Amazon Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To increase this limit, <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html\">contact Amazon Web Services Support</a>.</p> <p>You can use <a>DescribeStreamSummary</a> to check the stream status, which is returned in <code>StreamStatus</code>.</p> <p> <a>CreateStream</a> has a limit of five transactions per second per account.</p>"
     },
     "DecreaseStreamRetentionPeriod":{
       "name":"DecreaseStreamRetentionPeriod",
@@ -70,7 +70,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Deletes a Kinesis data stream and all its shards and data. You must shut down any applications that are operating on the stream before you delete the stream. If an application attempts to operate on a deleted stream, it receives the exception <code>ResourceNotFoundException</code>.</p> <p>If the stream is in the <code>ACTIVE</code> state, you can delete it. After a <code>DeleteStream</code> request, the specified stream is in the <code>DELETING</code> state until Kinesis Data Streams completes the deletion.</p> <p> <b>Note:</b> Kinesis Data Streams might continue to accept data read and write operations, such as <a>PutRecord</a>, <a>PutRecords</a>, and <a>GetRecords</a>, on a stream in the <code>DELETING</code> state until the stream deletion is complete.</p> <p>When you delete a stream, any shards in that stream are also deleted, and any tags are dissociated from the stream.</p> <p>You can use the <a>DescribeStream</a> operation to check the state of the stream, which is returned in <code>StreamStatus</code>.</p> <p> <a>DeleteStream</a> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Deletes a Kinesis data stream and all its shards and data. You must shut down any applications that are operating on the stream before you delete the stream. If an application attempts to operate on a deleted stream, it receives the exception <code>ResourceNotFoundException</code>.</p> <p>If the stream is in the <code>ACTIVE</code> state, you can delete it. After a <code>DeleteStream</code> request, the specified stream is in the <code>DELETING</code> state until Kinesis Data Streams completes the deletion.</p> <p> <b>Note:</b> Kinesis Data Streams might continue to accept data read and write operations, such as <a>PutRecord</a>, <a>PutRecords</a>, and <a>GetRecords</a>, on a stream in the <code>DELETING</code> state until the stream deletion is complete.</p> <p>When you delete a stream, any shards in that stream are also deleted, and any tags are dissociated from the stream.</p> <p>You can use the <a>DescribeStreamSummary</a> operation to check the state of the stream, which is returned in <code>StreamStatus</code>.</p> <p> <a>DeleteStream</a> has a limit of five transactions per second per account.</p>"
     },
     "DeregisterStreamConsumer":{
       "name":"DeregisterStreamConsumer",
@@ -111,7 +111,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Describes the specified Kinesis data stream.</p> <p>The information returned includes the stream name, Amazon Resource Name (ARN), creation time, enhanced metric configuration, and shard map. The shard map is an array of shard objects. For each shard object, there is the hash key and sequence number ranges that the shard spans, and the IDs of any earlier shards that played in a role in creating the shard. Every record ingested in the stream is identified by a sequence number, which is assigned when the record is put into the stream.</p> <p>You can limit the number of shards returned by each call. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-retrieve-shards.html\">Retrieving Shards from a Stream</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>There are no guarantees about the chronological order shards returned. To process shards in chronological order, use the ID of the parent shard to track the lineage to the oldest shard.</p> <p>This operation has a limit of 10 transactions per second per account.</p>"
+      "documentation":"<p>Describes the specified Kinesis data stream.</p> <note> <p>This API has been revised. It's highly recommended that you use the <a>DescribeStreamSummary</a> API to get a summarized description of the specified Kinesis data stream and the <a>ListShards</a> API to list the shards in a specified data stream and obtain information about each shard. </p> </note> <p>The information returned includes the stream name, Amazon Resource Name (ARN), creation time, enhanced metric configuration, and shard map. The shard map is an array of shard objects. For each shard object, there is the hash key and sequence number ranges that the shard spans, and the IDs of any earlier shards that played in a role in creating the shard. Every record ingested in the stream is identified by a sequence number, which is assigned when the record is put into the stream.</p> <p>You can limit the number of shards returned by each call. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-retrieve-shards.html\">Retrieving Shards from a Stream</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>There are no guarantees about the chronological order shards returned. To process shards in chronological order, use the ID of the parent shard to track the lineage to the oldest shard.</p> <p>This operation has a limit of 10 transactions per second per account.</p>"
     },
     "DescribeStreamConsumer":{
       "name":"DescribeStreamConsumer",
@@ -194,7 +194,7 @@
         {"shape":"KMSOptInRequired"},
         {"shape":"KMSThrottlingException"}
       ],
-      "documentation":"<p>Gets data records from a Kinesis data stream's shard.</p> <p>Specify a shard iterator using the <code>ShardIterator</code> parameter. The shard iterator specifies the position in the shard from which you want to start reading data records sequentially. If there are no records available in the portion of the shard that the iterator points to, <a>GetRecords</a> returns an empty list. It might take multiple calls to get to a portion of the shard that contains records.</p> <p>You can scale by provisioning multiple shards per stream while considering service limits (for more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Amazon Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>). Your application should have one thread per shard, each reading continuously from its stream. To read from a stream continually, call <a>GetRecords</a> in a loop. Use <a>GetShardIterator</a> to get the shard iterator to specify in the first <a>GetRecords</a> call. <a>GetRecords</a> returns a new shard iterator in <code>NextShardIterator</code>. Specify the shard iterator returned in <code>NextShardIterator</code> in subsequent calls to <a>GetRecords</a>. If the shard has been closed, the shard iterator can't return more data and <a>GetRecords</a> returns <code>null</code> in <code>NextShardIterator</code>. You can terminate the loop when the shard is closed, or when the shard iterator reaches the record with the sequence number or other attribute that marks it as the last record to process.</p> <p>Each data record can be up to 1 MiB in size, and each shard can read up to 2 MiB per second. You can ensure that your calls don't exceed the maximum supported size or throughput by using the <code>Limit</code> parameter to specify the maximum number of records that <a>GetRecords</a> can return. Consider your average record size when determining this limit. The maximum number of records that can be returned per call is 10,000.</p> <p>The size of the data returned by <a>GetRecords</a> varies depending on the utilization of the shard. The maximum size of data that <a>GetRecords</a> can return is 10 MiB. If a call returns this amount of data, subsequent calls made within the next 5 seconds throw <code>ProvisionedThroughputExceededException</code>. If there is insufficient provisioned throughput on the stream, subsequent calls made within the next 1 second throw <code>ProvisionedThroughputExceededException</code>. <a>GetRecords</a> doesn't return any data when it throws an exception. For this reason, we recommend that you wait 1 second between calls to <a>GetRecords</a>. However, it's possible that the application will get exceptions for longer than 1 second.</p> <p>To detect whether the application is falling behind in processing, you can use the <code>MillisBehindLatest</code> response attribute. You can also monitor the stream using CloudWatch metrics and other mechanisms (see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/monitoring.html\">Monitoring</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>).</p> <p>Each Amazon Kinesis record includes a value, <code>ApproximateArrivalTimestamp</code>, that is set when a stream successfully receives and stores a record. This is commonly referred to as a server-side time stamp, whereas a client-side time stamp is set when a data producer creates or sends the record to a stream (a data producer is any data source putting data records into a stream, for example with <a>PutRecords</a>). The time stamp has millisecond precision. There are no guarantees about the time stamp accuracy, or that the time stamp is always increasing. For example, records in a shard or across a stream might have time stamps that are out of order.</p> <p>This operation has a limit of five transactions per second per shard.</p>"
+      "documentation":"<p>Gets data records from a Kinesis data stream's shard.</p> <p>Specify a shard iterator using the <code>ShardIterator</code> parameter. The shard iterator specifies the position in the shard from which you want to start reading data records sequentially. If there are no records available in the portion of the shard that the iterator points to, <a>GetRecords</a> returns an empty list. It might take multiple calls to get to a portion of the shard that contains records.</p> <p>You can scale by provisioning multiple shards per stream while considering service limits (for more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Amazon Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>). Your application should have one thread per shard, each reading continuously from its stream. To read from a stream continually, call <a>GetRecords</a> in a loop. Use <a>GetShardIterator</a> to get the shard iterator to specify in the first <a>GetRecords</a> call. <a>GetRecords</a> returns a new shard iterator in <code>NextShardIterator</code>. Specify the shard iterator returned in <code>NextShardIterator</code> in subsequent calls to <a>GetRecords</a>. If the shard has been closed, the shard iterator can't return more data and <a>GetRecords</a> returns <code>null</code> in <code>NextShardIterator</code>. You can terminate the loop when the shard is closed, or when the shard iterator reaches the record with the sequence number or other attribute that marks it as the last record to process.</p> <p>Each data record can be up to 1 MiB in size, and each shard can read up to 2 MiB per second. You can ensure that your calls don't exceed the maximum supported size or throughput by using the <code>Limit</code> parameter to specify the maximum number of records that <a>GetRecords</a> can return. Consider your average record size when determining this limit. The maximum number of records that can be returned per call is 10,000.</p> <p>The size of the data returned by <a>GetRecords</a> varies depending on the utilization of the shard. It is recommended that consumer applications retrieve records via the <code>GetRecords</code> command using the 5 TPS limit to remain caught up. Retrieving records less frequently can lead to consumer applications falling behind. The maximum size of data that <a>GetRecords</a> can return is 10 MiB. If a call returns this amount of data, subsequent calls made within the next 5 seconds throw <code>ProvisionedThroughputExceededException</code>. If there is insufficient provisioned throughput on the stream, subsequent calls made within the next 1 second throw <code>ProvisionedThroughputExceededException</code>. <a>GetRecords</a> doesn't return any data when it throws an exception. For this reason, we recommend that you wait 1 second between calls to <a>GetRecords</a>. However, it's possible that the application will get exceptions for longer than 1 second.</p> <p>To detect whether the application is falling behind in processing, you can use the <code>MillisBehindLatest</code> response attribute. You can also monitor the stream using CloudWatch metrics and other mechanisms (see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/monitoring.html\">Monitoring</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>).</p> <p>Each Amazon Kinesis record includes a value, <code>ApproximateArrivalTimestamp</code>, that is set when a stream successfully receives and stores a record. This is commonly referred to as a server-side time stamp, whereas a client-side time stamp is set when a data producer creates or sends the record to a stream (a data producer is any data source putting data records into a stream, for example with <a>PutRecords</a>). The time stamp has millisecond precision. There are no guarantees about the time stamp accuracy, or that the time stamp is always increasing. For example, records in a shard or across a stream might have time stamps that are out of order.</p> <p>This operation has a limit of five transactions per second per shard.</p>"
     },
     "GetShardIterator":{
       "name":"GetShardIterator",
@@ -224,7 +224,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InvalidArgumentException"}
       ],
-      "documentation":"<p>Increases the Kinesis data stream's retention period, which is the length of time data records are accessible after they are added to the stream. The maximum value of a stream's retention period is 168 hours (7 days).</p> <p>If you choose a longer stream retention period, this operation increases the time period during which records that have not yet expired are accessible. However, it does not make previous, expired data (older than the stream's previous retention period) accessible after the operation has been called. For example, if a stream's retention period is set to 24 hours and is increased to 168 hours, any data that is older than 24 hours remains inaccessible to consumer applications.</p>"
+      "documentation":"<p>Increases the Kinesis data stream's retention period, which is the length of time data records are accessible after they are added to the stream. The maximum value of a stream's retention period is 8760 hours (365 days).</p> <p>If you choose a longer stream retention period, this operation increases the time period during which records that have not yet expired are accessible. However, it does not make previous, expired data (older than the stream's previous retention period) accessible after the operation has been called. For example, if a stream's retention period is set to 24 hours and is increased to 168 hours, any data that is older than 24 hours remains inaccessible to consumer applications.</p>"
     },
     "ListShards":{
       "name":"ListShards",
@@ -241,7 +241,7 @@
         {"shape":"ExpiredNextTokenException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Lists the shards in a stream and provides information about each shard. This operation has a limit of 100 transactions per second per data stream.</p> <important> <p>This API is a new operation that is used by the Amazon Kinesis Client Library (KCL). If you have a fine-grained IAM policy that only allows specific operations, you must update your policy to allow calls to this API. For more information, see <a href=\"https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html\">Controlling Access to Amazon Kinesis Data Streams Resources Using IAM</a>.</p> </important>"
+      "documentation":"<p>Lists the shards in a stream and provides information about each shard. This operation has a limit of 1000 transactions per second per data stream.</p> <p>This action does not list expired shards. For information about expired shards, see <a href=\"https://docs.aws.amazon.com/streams/latest/dev/kinesis-using-sdk-java-after-resharding.html#kinesis-using-sdk-java-resharding-data-routing\">Data Routing, Data Persistence, and Shard State after a Reshard</a>. </p> <important> <p>This API is a new operation that is used by the Amazon Kinesis Client Library (KCL). If you have a fine-grained IAM policy that only allows specific operations, you must update your policy to allow calls to this API. For more information, see <a href=\"https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html\">Controlling Access to Amazon Kinesis Data Streams Resources Using IAM</a>.</p> </important>"
     },
     "ListStreamConsumers":{
       "name":"ListStreamConsumers",
@@ -271,7 +271,7 @@
       "errors":[
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Lists your Kinesis data streams.</p> <p>The number of streams may be too large to return from a single call to <code>ListStreams</code>. You can limit the number of returned streams using the <code>Limit</code> parameter. If you do not specify a value for the <code>Limit</code> parameter, Kinesis Data Streams uses the default limit, which is currently 10.</p> <p>You can detect if there are more streams available to list by using the <code>HasMoreStreams</code> flag from the returned output. If there are more streams available, you can request more streams by using the name of the last stream returned by the <code>ListStreams</code> request in the <code>ExclusiveStartStreamName</code> parameter in a subsequent request to <code>ListStreams</code>. The group of stream names returned by the subsequent request is then added to the list. You can continue this process until all the stream names have been collected in the list. </p> <p> <a>ListStreams</a> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Lists your Kinesis data streams.</p> <p>The number of streams may be too large to return from a single call to <code>ListStreams</code>. You can limit the number of returned streams using the <code>Limit</code> parameter. If you do not specify a value for the <code>Limit</code> parameter, Kinesis Data Streams uses the default limit, which is currently 100.</p> <p>You can detect if there are more streams available to list by using the <code>HasMoreStreams</code> flag from the returned output. If there are more streams available, you can request more streams by using the name of the last stream returned by the <code>ListStreams</code> request in the <code>ExclusiveStartStreamName</code> parameter in a subsequent request to <code>ListStreams</code>. The group of stream names returned by the subsequent request is then added to the list. You can continue this process until all the stream names have been collected in the list. </p> <p> <a>ListStreams</a> has a limit of five transactions per second per account.</p>"
     },
     "ListTagsForStream":{
       "name":"ListTagsForStream",
@@ -299,9 +299,10 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ResourceInUseException"},
         {"shape":"InvalidArgumentException"},
-        {"shape":"LimitExceededException"}
+        {"shape":"LimitExceededException"},
+        {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Merges two adjacent shards in a Kinesis data stream and combines them into a single shard to reduce the stream's capacity to ingest and transport data. Two shards are considered adjacent if the union of the hash key ranges for the two shards form a contiguous set with no gaps. For example, if you have two shards, one with a hash key range of 276...381 and the other with a hash key range of 382...454, then you could merge these two shards into a single shard that would have a hash key range of 276...454. After the merge, the single child shard receives data for all hash key values covered by the two parent shards.</p> <p> <code>MergeShards</code> is called when there is a need to reduce the overall capacity of a stream because of excess capacity that is not being used. You must specify the shard to be merged and the adjacent shard for a stream. For more information about merging shards, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-resharding-merge.html\">Merge Two Shards</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>If the stream is in the <code>ACTIVE</code> state, you can call <code>MergeShards</code>. If a stream is in the <code>CREATING</code>, <code>UPDATING</code>, or <code>DELETING</code> state, <code>MergeShards</code> returns a <code>ResourceInUseException</code>. If the specified stream does not exist, <code>MergeShards</code> returns a <code>ResourceNotFoundException</code>. </p> <p>You can use <a>DescribeStream</a> to check the state of the stream, which is returned in <code>StreamStatus</code>.</p> <p> <code>MergeShards</code> is an asynchronous operation. Upon receiving a <code>MergeShards</code> request, Amazon Kinesis Data Streams immediately returns a response and sets the <code>StreamStatus</code> to <code>UPDATING</code>. After the operation is completed, Kinesis Data Streams sets the <code>StreamStatus</code> to <code>ACTIVE</code>. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state. </p> <p>You use <a>DescribeStream</a> to determine the shard IDs that are specified in the <code>MergeShards</code> request. </p> <p>If you try to operate on too many streams in parallel using <a>CreateStream</a>, <a>DeleteStream</a>, <code>MergeShards</code>, or <a>SplitShard</a>, you receive a <code>LimitExceededException</code>. </p> <p> <code>MergeShards</code> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Merges two adjacent shards in a Kinesis data stream and combines them into a single shard to reduce the stream's capacity to ingest and transport data. Two shards are considered adjacent if the union of the hash key ranges for the two shards form a contiguous set with no gaps. For example, if you have two shards, one with a hash key range of 276...381 and the other with a hash key range of 382...454, then you could merge these two shards into a single shard that would have a hash key range of 276...454. After the merge, the single child shard receives data for all hash key values covered by the two parent shards.</p> <p> <code>MergeShards</code> is called when there is a need to reduce the overall capacity of a stream because of excess capacity that is not being used. You must specify the shard to be merged and the adjacent shard for a stream. For more information about merging shards, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-resharding-merge.html\">Merge Two Shards</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>If the stream is in the <code>ACTIVE</code> state, you can call <code>MergeShards</code>. If a stream is in the <code>CREATING</code>, <code>UPDATING</code>, or <code>DELETING</code> state, <code>MergeShards</code> returns a <code>ResourceInUseException</code>. If the specified stream does not exist, <code>MergeShards</code> returns a <code>ResourceNotFoundException</code>. </p> <p>You can use <a>DescribeStreamSummary</a> to check the state of the stream, which is returned in <code>StreamStatus</code>.</p> <p> <code>MergeShards</code> is an asynchronous operation. Upon receiving a <code>MergeShards</code> request, Amazon Kinesis Data Streams immediately returns a response and sets the <code>StreamStatus</code> to <code>UPDATING</code>. After the operation is completed, Kinesis Data Streams sets the <code>StreamStatus</code> to <code>ACTIVE</code>. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state. </p> <p>You use <a>DescribeStreamSummary</a> and the <a>ListShards</a> APIs to determine the shard IDs that are specified in the <code>MergeShards</code> request. </p> <p>If you try to operate on too many streams in parallel using <a>CreateStream</a>, <a>DeleteStream</a>, <code>MergeShards</code>, or <a>SplitShard</a>, you receive a <code>LimitExceededException</code>. </p> <p> <code>MergeShards</code> has a limit of five transactions per second per account.</p>"
     },
     "PutRecord":{
       "name":"PutRecord",
@@ -387,9 +388,10 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ResourceInUseException"},
         {"shape":"InvalidArgumentException"},
-        {"shape":"LimitExceededException"}
+        {"shape":"LimitExceededException"},
+        {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Splits a shard into two new shards in the Kinesis data stream, to increase the stream's capacity to ingest and transport data. <code>SplitShard</code> is called when there is a need to increase the overall capacity of a stream because of an expected increase in the volume of data records being ingested. </p> <p>You can also use <code>SplitShard</code> when a shard appears to be approaching its maximum utilization; for example, the producers sending data into the specific shard are suddenly sending more than previously anticipated. You can also call <code>SplitShard</code> to increase stream capacity, so that more Kinesis Data Streams applications can simultaneously read data from the stream for real-time processing. </p> <p>You must specify the shard to be split and the new hash key, which is the position in the shard where the shard gets split in two. In many cases, the new hash key might be the average of the beginning and ending hash key, but it can be any hash key value in the range being mapped into the shard. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-resharding-split.html\">Split a Shard</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>You can use <a>DescribeStream</a> to determine the shard ID and hash key values for the <code>ShardToSplit</code> and <code>NewStartingHashKey</code> parameters that are specified in the <code>SplitShard</code> request.</p> <p> <code>SplitShard</code> is an asynchronous operation. Upon receiving a <code>SplitShard</code> request, Kinesis Data Streams immediately returns a response and sets the stream status to <code>UPDATING</code>. After the operation is completed, Kinesis Data Streams sets the stream status to <code>ACTIVE</code>. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state. </p> <p>You can use <code>DescribeStream</code> to check the status of the stream, which is returned in <code>StreamStatus</code>. If the stream is in the <code>ACTIVE</code> state, you can call <code>SplitShard</code>. If a stream is in <code>CREATING</code> or <code>UPDATING</code> or <code>DELETING</code> states, <code>DescribeStream</code> returns a <code>ResourceInUseException</code>.</p> <p>If the specified stream does not exist, <code>DescribeStream</code> returns a <code>ResourceNotFoundException</code>. If you try to create more shards than are authorized for your account, you receive a <code>LimitExceededException</code>. </p> <p>For the default shard limit for an AWS account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To increase this limit, <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html\">contact AWS Support</a>.</p> <p>If you try to operate on too many streams simultaneously using <a>CreateStream</a>, <a>DeleteStream</a>, <a>MergeShards</a>, and/or <a>SplitShard</a>, you receive a <code>LimitExceededException</code>. </p> <p> <code>SplitShard</code> has a limit of five transactions per second per account.</p>"
+      "documentation":"<p>Splits a shard into two new shards in the Kinesis data stream, to increase the stream's capacity to ingest and transport data. <code>SplitShard</code> is called when there is a need to increase the overall capacity of a stream because of an expected increase in the volume of data records being ingested. </p> <p>You can also use <code>SplitShard</code> when a shard appears to be approaching its maximum utilization; for example, the producers sending data into the specific shard are suddenly sending more than previously anticipated. You can also call <code>SplitShard</code> to increase stream capacity, so that more Kinesis Data Streams applications can simultaneously read data from the stream for real-time processing. </p> <p>You must specify the shard to be split and the new hash key, which is the position in the shard where the shard gets split in two. In many cases, the new hash key might be the average of the beginning and ending hash key, but it can be any hash key value in the range being mapped into the shard. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/kinesis-using-sdk-java-resharding-split.html\">Split a Shard</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>.</p> <p>You can use <a>DescribeStreamSummary</a> and the <a>ListShards</a> APIs to determine the shard ID and hash key values for the <code>ShardToSplit</code> and <code>NewStartingHashKey</code> parameters that are specified in the <code>SplitShard</code> request.</p> <p> <code>SplitShard</code> is an asynchronous operation. Upon receiving a <code>SplitShard</code> request, Kinesis Data Streams immediately returns a response and sets the stream status to <code>UPDATING</code>. After the operation is completed, Kinesis Data Streams sets the stream status to <code>ACTIVE</code>. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state. </p> <p>You can use <a>DescribeStreamSummary</a> to check the status of the stream, which is returned in <code>StreamStatus</code>. If the stream is in the <code>ACTIVE</code> state, you can call <code>SplitShard</code>. </p> <p>If the specified stream does not exist, <a>DescribeStreamSummary</a> returns a <code>ResourceNotFoundException</code>. If you try to create more shards than are authorized for your account, you receive a <code>LimitExceededException</code>. </p> <p>For the default shard limit for an Amazon Web Services account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Kinesis Data Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To increase this limit, <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html\">contact Amazon Web Services Support</a>.</p> <p>If you try to operate on too many streams simultaneously using <a>CreateStream</a>, <a>DeleteStream</a>, <a>MergeShards</a>, and/or <a>SplitShard</a>, you receive a <code>LimitExceededException</code>. </p> <p> <code>SplitShard</code> has a limit of five transactions per second per account.</p>"
     },
     "StartStreamEncryption":{
       "name":"StartStreamEncryption",
@@ -410,7 +412,7 @@
         {"shape":"KMSOptInRequired"},
         {"shape":"KMSThrottlingException"}
       ],
-      "documentation":"<p>Enables or updates server-side encryption using an AWS KMS key for a specified stream. </p> <p>Starting encryption is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to <code>UPDATING</code>. After the update is complete, Kinesis Data Streams sets the status of the stream back to <code>ACTIVE</code>. Updating or applying encryption normally takes a few seconds to complete, but it can take minutes. You can continue to read and write data to your stream while its status is <code>UPDATING</code>. Once the status of the stream is <code>ACTIVE</code>, encryption begins for records written to the stream. </p> <p>API Limits: You can successfully apply a new AWS KMS key for server-side encryption 25 times in a rolling 24-hour period.</p> <p>Note: It can take up to 5 seconds after the stream is in an <code>ACTIVE</code> status before all records written to the stream are encrypted. After you enable encryption, you can verify that encryption is applied by inspecting the API response from <code>PutRecord</code> or <code>PutRecords</code>.</p>"
+      "documentation":"<p>Enables or updates server-side encryption using an Amazon Web Services KMS key for a specified stream. </p> <p>Starting encryption is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to <code>UPDATING</code>. After the update is complete, Kinesis Data Streams sets the status of the stream back to <code>ACTIVE</code>. Updating or applying encryption normally takes a few seconds to complete, but it can take minutes. You can continue to read and write data to your stream while its status is <code>UPDATING</code>. Once the status of the stream is <code>ACTIVE</code>, encryption begins for records written to the stream. </p> <p>API Limits: You can successfully apply a new Amazon Web Services KMS key for server-side encryption 25 times in a rolling 24-hour period.</p> <p>Note: It can take up to 5 seconds after the stream is in an <code>ACTIVE</code> status before all records written to the stream are encrypted. After you enable encryption, you can verify that encryption is applied by inspecting the API response from <code>PutRecord</code> or <code>PutRecords</code>.</p>"
     },
     "StopStreamEncryption":{
       "name":"StopStreamEncryption",
@@ -441,7 +443,7 @@
         {"shape":"ResourceInUseException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>This operation establishes an HTTP/2 connection between the consumer you specify in the <code>ConsumerARN</code> parameter and the shard you specify in the <code>ShardId</code> parameter. After the connection is successfully established, Kinesis Data Streams pushes records from the shard to the consumer over this connection. Before you call this operation, call <a>RegisterStreamConsumer</a> to register the consumer with Kinesis Data Streams.</p> <p>When the <code>SubscribeToShard</code> call succeeds, your consumer starts receiving events of type <a>SubscribeToShardEvent</a> over the HTTP/2 connection for up to 5 minutes, after which time you need to call <code>SubscribeToShard</code> again to renew the subscription if you want to continue to receive records.</p> <p>You can make one call to <code>SubscribeToShard</code> per second per registered consumer per shard. For example, if you have a 4000 shard stream and two registered stream consumers, you can make one <code>SubscribeToShard</code> request per second for each combination of shard and registered consumer, allowing you to subscribe both consumers to all 4000 shards in one second. </p> <p>If you call <code>SubscribeToShard</code> again with the same <code>ConsumerARN</code> and <code>ShardId</code> within 5 seconds of a successful call, you'll get a <code>ResourceInUseException</code>. If you call <code>SubscribeToShard</code> 5 seconds or more after a successful call, the first connection will expire and the second call will take over the subscription.</p> <p>For an example of how to use this operations, see <a href=\"/streams/latest/dev/building-enhanced-consumers-api.html\">Enhanced Fan-Out Using the Kinesis Data Streams API</a>.</p>"
+      "documentation":"<p>This operation establishes an HTTP/2 connection between the consumer you specify in the <code>ConsumerARN</code> parameter and the shard you specify in the <code>ShardId</code> parameter. After the connection is successfully established, Kinesis Data Streams pushes records from the shard to the consumer over this connection. Before you call this operation, call <a>RegisterStreamConsumer</a> to register the consumer with Kinesis Data Streams.</p> <p>When the <code>SubscribeToShard</code> call succeeds, your consumer starts receiving events of type <a>SubscribeToShardEvent</a> over the HTTP/2 connection for up to 5 minutes, after which time you need to call <code>SubscribeToShard</code> again to renew the subscription if you want to continue to receive records.</p> <p>You can make one call to <code>SubscribeToShard</code> per second per registered consumer per shard. For example, if you have a 4000 shard stream and two registered stream consumers, you can make one <code>SubscribeToShard</code> request per second for each combination of shard and registered consumer, allowing you to subscribe both consumers to all 4000 shards in one second. </p> <p>If you call <code>SubscribeToShard</code> again with the same <code>ConsumerARN</code> and <code>ShardId</code> within 5 seconds of a successful call, you'll get a <code>ResourceInUseException</code>. If you call <code>SubscribeToShard</code> 5 seconds or more after a successful call, the second call takes over the subscription and the previous connection expires or fails with a <code>ResourceInUseException</code>.</p> <p>For an example of how to use this operations, see <a href=\"/streams/latest/dev/building-enhanced-consumers-api.html\">Enhanced Fan-Out Using the Kinesis Data Streams API</a>.</p>"
     },
     "UpdateShardCount":{
       "name":"UpdateShardCount",
@@ -455,9 +457,25 @@
         {"shape":"InvalidArgumentException"},
         {"shape":"LimitExceededException"},
         {"shape":"ResourceInUseException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates the shard count of the specified stream to the specified number of shards.</p> <p>Updating the shard count is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to <code>UPDATING</code>. After the update is complete, Kinesis Data Streams sets the status of the stream back to <code>ACTIVE</code>. Depending on the size of the stream, the scaling action could take a few minutes to complete. You can continue to read and write data to your stream while its status is <code>UPDATING</code>.</p> <p>To update the shard count, Kinesis Data Streams performs splits or merges on individual shards. This can cause short-lived shards to be created, in addition to the final shards. These short-lived shards count towards your total shard limit for your account in the Region.</p> <p>When using this operation, we recommend that you specify a target shard count that is a multiple of 25% (25%, 50%, 75%, 100%). You can specify any target value within your shard limit. However, if you specify a target that isn't a multiple of 25%, the scaling action might take longer to complete. </p> <p>This operation has the following default limits. By default, you cannot do the following:</p> <ul> <li> <p>Scale more than ten times per rolling 24-hour period per stream</p> </li> <li> <p>Scale up to more than double your current shard count for a stream</p> </li> <li> <p>Scale down below half your current shard count for a stream</p> </li> <li> <p>Scale up to more than 10000 shards in a stream</p> </li> <li> <p>Scale a stream with more than 10000 shards down unless the result is less than 10000 shards</p> </li> <li> <p>Scale up to more than the shard limit for your account</p> </li> </ul> <p>For the default limits for an Amazon Web Services account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To request an increase in the call rate limit, the shard limit for this API, or your overall shard limit, use the <a href=\"https://console.aws.amazon.com/support/v1#/case/create?issueType=service-limit-increase&amp;limitType=service-code-kinesis\">limits form</a>.</p>"
+    },
+    "UpdateStreamMode":{
+      "name":"UpdateStreamMode",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateStreamModeInput"},
+      "errors":[
+        {"shape":"InvalidArgumentException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ResourceInUseException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Updates the shard count of the specified stream to the specified number of shards.</p> <p>Updating the shard count is an asynchronous operation. Upon receiving the request, Kinesis Data Streams returns immediately and sets the status of the stream to <code>UPDATING</code>. After the update is complete, Kinesis Data Streams sets the status of the stream back to <code>ACTIVE</code>. Depending on the size of the stream, the scaling action could take a few minutes to complete. You can continue to read and write data to your stream while its status is <code>UPDATING</code>.</p> <p>To update the shard count, Kinesis Data Streams performs splits or merges on individual shards. This can cause short-lived shards to be created, in addition to the final shards. These short-lived shards count towards your total shard limit for your account in the Region.</p> <p>When using this operation, we recommend that you specify a target shard count that is a multiple of 25% (25%, 50%, 75%, 100%). You can specify any target value within your shard limit. However, if you specify a target that isn't a multiple of 25%, the scaling action might take longer to complete. </p> <p>This operation has the following default limits. By default, you cannot do the following:</p> <ul> <li> <p>Scale more than ten times per rolling 24-hour period per stream</p> </li> <li> <p>Scale up to more than double your current shard count for a stream</p> </li> <li> <p>Scale down below half your current shard count for a stream</p> </li> <li> <p>Scale up to more than 500 shards in a stream</p> </li> <li> <p>Scale a stream with more than 500 shards down unless the result is less than 500 shards</p> </li> <li> <p>Scale up to more than the shard limit for your account</p> </li> </ul> <p>For the default limits for an AWS account, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>. To request an increase in the call rate limit, the shard limit for this API, or your overall shard limit, use the <a href=\"https://console.aws.amazon.com/support/v1#/case/create?issueType=service-limit-increase&amp;limitType=service-code-kinesis\">limits form</a>.</p>"
+      "documentation":"<p> Updates the capacity mode of the data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data stream. </p>"
     }
   },
   "shapes":{
@@ -488,10 +506,17 @@
         "HashKeyRange"
       ],
       "members":{
-        "ShardId":{"shape":"ShardId"},
-        "ParentShards":{"shape":"ShardIdList"},
+        "ShardId":{
+          "shape":"ShardId",
+          "documentation":"<p>The shard ID of the existing child shard of the current shard.</p>"
+        },
+        "ParentShards":{
+          "shape":"ShardIdList",
+          "documentation":"<p>The current shard that is the parent of the existing child shard.</p>"
+        },
         "HashKeyRange":{"shape":"HashKeyRange"}
-      }
+      },
+      "documentation":"<p>Output parameter of the GetRecords API. The existing child shard of the current shard.</p>"
     },
     "ChildShardList":{
       "type":"list",
@@ -589,18 +614,19 @@
     },
     "CreateStreamInput":{
       "type":"structure",
-      "required":[
-        "StreamName",
-        "ShardCount"
-      ],
+      "required":["StreamName"],
       "members":{
         "StreamName":{
           "shape":"StreamName",
-          "documentation":"<p>A name to identify the stream. The stream name is scoped to the AWS account used by the application that creates the stream. It is also scoped by AWS Region. That is, two streams in two different AWS accounts can have the same name. Two streams in the same AWS account but in two different Regions can also have the same name.</p>"
+          "documentation":"<p>A name to identify the stream. The stream name is scoped to the Amazon Web Services account used by the application that creates the stream. It is also scoped by Amazon Web Services Region. That is, two streams in two different Amazon Web Services accounts can have the same name. Two streams in the same Amazon Web Services account but in two different Regions can also have the same name.</p>"
         },
         "ShardCount":{
           "shape":"PositiveIntegerObject",
           "documentation":"<p>The number of shards that the stream will use. The throughput of the stream is a function of the number of shards; more shards are required for greater provisioned throughput.</p>"
+        },
+        "StreamModeDetails":{
+          "shape":"StreamModeDetails",
+          "documentation":"<p> Indicates the capacity mode of the data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data streams.</p>"
         }
       },
       "documentation":"<p>Represents the input for <code>CreateStream</code>.</p>"
@@ -648,7 +674,7 @@
       "members":{
         "StreamARN":{
           "shape":"StreamARN",
-          "documentation":"<p>The ARN of the Kinesis data stream that the consumer is registered with. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a>.</p>"
+          "documentation":"<p>The ARN of the Kinesis data stream that the consumer is registered with. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces</a>.</p>"
         },
         "ConsumerName":{
           "shape":"ConsumerName",
@@ -669,7 +695,9 @@
       "type":"structure",
       "required":[
         "ShardLimit",
-        "OpenShardCount"
+        "OpenShardCount",
+        "OnDemandStreamCount",
+        "OnDemandStreamCountLimit"
       ],
       "members":{
         "ShardLimit":{
@@ -679,6 +707,14 @@
         "OpenShardCount":{
           "shape":"ShardCountObject",
           "documentation":"<p>The number of open shards.</p>"
+        },
+        "OnDemandStreamCount":{
+          "shape":"OnDemandStreamCountObject",
+          "documentation":"<p> Indicates the number of data streams with the on-demand capacity mode.</p>"
+        },
+        "OnDemandStreamCountLimit":{
+          "shape":"OnDemandStreamCountLimitObject",
+          "documentation":"<p> The maximum number of data streams with the on-demand capacity mode. </p>"
         }
       }
     },
@@ -687,7 +723,7 @@
       "members":{
         "StreamARN":{
           "shape":"StreamARN",
-          "documentation":"<p>The ARN of the Kinesis data stream that the consumer is registered with. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a>.</p>"
+          "documentation":"<p>The ARN of the Kinesis data stream that the consumer is registered with. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces</a>.</p>"
         },
         "ConsumerName":{
           "shape":"ConsumerName",
@@ -719,11 +755,11 @@
         },
         "Limit":{
           "shape":"DescribeStreamInputLimit",
-          "documentation":"<p>The maximum number of shards to return in a single call. The default value is 100. If you specify a value greater than 100, at most 100 shards are returned.</p>"
+          "documentation":"<p>The maximum number of shards to return in a single call. The default value is 100. If you specify a value greater than 100, at most 100 results are returned.</p>"
         },
         "ExclusiveStartShardId":{
           "shape":"ShardId",
-          "documentation":"<p>The shard ID of the shard to start with.</p>"
+          "documentation":"<p>The shard ID of the shard to start with.</p> <p>Specify this parameter to indicate that you want to describe the stream starting with the shard whose ID immediately follows <code>ExclusiveStartShardId</code>.</p> <p>If you don't specify this parameter, the default behavior for <code>DescribeStream</code> is to describe the stream starting with the first shard in the stream.</p>"
         }
       },
       "documentation":"<p>Represents the input for <code>DescribeStream</code>.</p>"
@@ -896,7 +932,10 @@
           "shape":"MillisBehindLatest",
           "documentation":"<p>The number of milliseconds the <a>GetRecords</a> response is from the tip of the stream, indicating how far behind current time the consumer is. A value of zero indicates that record processing is caught up, and there are no new records to process at this moment.</p>"
         },
-        "ChildShards":{"shape":"ChildShardList"}
+        "ChildShards":{
+          "shape":"ChildShardList",
+          "documentation":"<p>The list of the current shard's child shards, returned in the <code>GetRecords</code> API's response only when the end of the current shard is reached.</p>"
+        }
       },
       "documentation":"<p>Represents the output for <a>GetRecords</a>.</p>"
     },
@@ -1031,7 +1070,7 @@
           "documentation":"<p>A message that provides information about the error.</p>"
         }
       },
-      "documentation":"<p>The request was rejected because the state of the specified resource isn't valid for this request. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>",
+      "documentation":"<p>The request was rejected because the state of the specified resource isn't valid for this request. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a> in the <i>Amazon Web Services Key Management Service Developer Guide</i>.</p>",
       "exception":true
     },
     "KMSNotFoundException":{
@@ -1053,7 +1092,7 @@
           "documentation":"<p>A message that provides information about the error.</p>"
         }
       },
-      "documentation":"<p>The AWS access key ID needs a subscription for the service.</p>",
+      "documentation":"<p>The Amazon Web Services access key ID needs a subscription for the service.</p>",
       "exception":true
     },
     "KMSThrottlingException":{
@@ -1064,7 +1103,7 @@
           "documentation":"<p>A message that provides information about the error.</p>"
         }
       },
-      "documentation":"<p>The request was denied due to request throttling. For more information about throttling, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#requests-per-second\">Limits</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>",
+      "documentation":"<p>The request was denied due to request throttling. For more information about throttling, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#requests-per-second\">Limits</a> in the <i>Amazon Web Services Key Management Service Developer Guide</i>.</p>",
       "exception":true
     },
     "KeyId":{
@@ -1100,13 +1139,16 @@
         },
         "MaxResults":{
           "shape":"ListShardsInputLimit",
-          "documentation":"<p>The maximum number of shards to return in a single call to <code>ListShards</code>. The minimum value you can specify for this parameter is 1, and the maximum is 10,000, which is also the default.</p> <p>When the number of shards to be listed is greater than the value of <code>MaxResults</code>, the response contains a <code>NextToken</code> value that you can use in a subsequent call to <code>ListShards</code> to list the next set of shards.</p>"
+          "documentation":"<p>The maximum number of shards to return in a single call to <code>ListShards</code>. The maximum number of shards to return in a single call. The default value is 1000. If you specify a value greater than 1000, at most 1000 results are returned. </p> <p>When the number of shards to be listed is greater than the value of <code>MaxResults</code>, the response contains a <code>NextToken</code> value that you can use in a subsequent call to <code>ListShards</code> to list the next set of shards.</p>"
         },
         "StreamCreationTimestamp":{
           "shape":"Timestamp",
           "documentation":"<p>Specify this input parameter to distinguish data streams that have the same name. For example, if you create a data stream and then delete it, and you later create another data stream with the same name, you can use this input parameter to specify which of the two streams you want to list the shards for.</p> <p>You cannot specify this parameter if you specify the <code>NextToken</code> parameter.</p>"
         },
-        "ShardFilter":{"shape":"ShardFilter"}
+        "ShardFilter":{
+          "shape":"ShardFilter",
+          "documentation":"<p>Enables you to filter out the response of the <code>ListShards</code> API. You can only specify one filter at a time. </p> <p>If you use the <code>ShardFilter</code> parameter when invoking the ListShards API, the <code>Type</code> is the required property and must be specified. If you specify the <code>AT_TRIM_HORIZON</code>, <code>FROM_TRIM_HORIZON</code>, or <code>AT_LATEST</code> types, you do not need to specify either the <code>ShardId</code> or the <code>Timestamp</code> optional properties. </p> <p>If you specify the <code>AFTER_SHARD_ID</code> type, you must also provide the value for the optional <code>ShardId</code> property. The <code>ShardId</code> property is identical in fuctionality to the <code>ExclusiveStartShardId</code> parameter of the <code>ListShards</code> API. When <code>ShardId</code> property is specified, the response includes the shards starting with the shard whose ID immediately follows the <code>ShardId</code> that you provided. </p> <p>If you specify the <code>AT_TIMESTAMP</code> or <code>FROM_TIMESTAMP_ID</code> type, you must also provide the value for the optional <code>Timestamp</code> property. If you specify the AT_TIMESTAMP type, then all shards that were open at the provided timestamp are returned. If you specify the FROM_TIMESTAMP type, then all shards starting from the provided timestamp to TIP are returned. </p>"
+        }
       }
     },
     "ListShardsInputLimit":{
@@ -1133,7 +1175,7 @@
       "members":{
         "StreamARN":{
           "shape":"StreamARN",
-          "documentation":"<p>The ARN of the Kinesis data stream for which you want to list the registered consumers. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a>.</p>"
+          "documentation":"<p>The ARN of the Kinesis data stream for which you want to list the registered consumers. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces</a>.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -1141,7 +1183,7 @@
         },
         "MaxResults":{
           "shape":"ListStreamConsumersInputLimit",
-          "documentation":"<p>The maximum number of consumers that you want a single call of <code>ListStreamConsumers</code> to return.</p>"
+          "documentation":"<p>The maximum number of consumers that you want a single call of <code>ListStreamConsumers</code> to return. The default value is 100. If you specify a value greater than 100, at most 100 results are returned. </p>"
         },
         "StreamCreationTimestamp":{
           "shape":"Timestamp",
@@ -1172,7 +1214,7 @@
       "members":{
         "Limit":{
           "shape":"ListStreamsInputLimit",
-          "documentation":"<p>The maximum number of streams to list.</p>"
+          "documentation":"<p>The maximum number of streams to list. The default value is 100. If you specify a value greater than 100, at most 100 results are returned.</p>"
         },
         "ExclusiveStartStreamName":{
           "shape":"StreamName",
@@ -1195,7 +1237,7 @@
       "members":{
         "StreamNames":{
           "shape":"StreamNameList",
-          "documentation":"<p>The names of the streams that are associated with the AWS account making the <code>ListStreams</code> request.</p>"
+          "documentation":"<p>The names of the streams that are associated with the Amazon Web Services account making the <code>ListStreams</code> request.</p>"
         },
         "HasMoreStreams":{
           "shape":"BooleanObject",
@@ -1297,6 +1339,16 @@
       "max":1048576,
       "min":1
     },
+    "OnDemandStreamCountLimitObject":{
+      "type":"integer",
+      "max":1000000,
+      "min":0
+    },
+    "OnDemandStreamCountObject":{
+      "type":"integer",
+      "max":1000000,
+      "min":0
+    },
     "PartitionKey":{
       "type":"string",
       "max":256,
@@ -1314,7 +1366,7 @@
           "documentation":"<p>A message that provides information about the error.</p>"
         }
       },
-      "documentation":"<p>The request rate for the stream is too high, or the requested data is too large for the available throughput. Reduce the frequency or size of your requests. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>, and <a href=\"https://docs.aws.amazon.com/general/latest/gr/api-retries.html\">Error Retries and Exponential Backoff in AWS</a> in the <i>AWS General Reference</i>.</p>",
+      "documentation":"<p>The request rate for the stream is too high, or the requested data is too large for the available throughput. Reduce the frequency or size of your requests. For more information, see <a href=\"https://docs.aws.amazon.com/kinesis/latest/dev/service-sizes-and-limits.html\">Streams Limits</a> in the <i>Amazon Kinesis Data Streams Developer Guide</i>, and <a href=\"https://docs.aws.amazon.com/general/latest/gr/api-retries.html\">Error Retries and Exponential Backoff in Amazon Web Services</a> in the <i>Amazon Web Services General Reference</i>.</p>",
       "exception":true
     },
     "PutRecordInput":{
@@ -1365,7 +1417,7 @@
         },
         "EncryptionType":{
           "shape":"EncryptionType",
-          "documentation":"<p>The encryption type to use on the record. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed AWS KMS key.</p> </li> </ul>"
+          "documentation":"<p>The encryption type to use on the record. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed Amazon Web Services KMS key.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Represents the output for <code>PutRecord</code>.</p>"
@@ -1398,11 +1450,11 @@
         },
         "Records":{
           "shape":"PutRecordsResultEntryList",
-          "documentation":"<p>An array of successfully and unsuccessfully processed record results, correlated with the request by natural ordering. A record that is successfully added to a stream includes <code>SequenceNumber</code> and <code>ShardId</code> in the result. A record that fails to be added to a stream includes <code>ErrorCode</code> and <code>ErrorMessage</code> in the result.</p>"
+          "documentation":"<p>An array of successfully and unsuccessfully processed record results. A record that is successfully added to a stream includes <code>SequenceNumber</code> and <code>ShardId</code> in the result. A record that fails to be added to a stream includes <code>ErrorCode</code> and <code>ErrorMessage</code> in the result.</p>"
         },
         "EncryptionType":{
           "shape":"EncryptionType",
-          "documentation":"<p>The encryption type used on the records. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records using a customer-managed AWS KMS key.</p> </li> </ul>"
+          "documentation":"<p>The encryption type used on the records. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records using a customer-managed Amazon Web Services KMS key.</p> </li> </ul>"
         }
       },
       "documentation":"<p> <code>PutRecords</code> results.</p>"
@@ -1489,7 +1541,7 @@
         },
         "EncryptionType":{
           "shape":"EncryptionType",
-          "documentation":"<p>The encryption type used on the record. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed AWS KMS key.</p> </li> </ul>"
+          "documentation":"<p>The encryption type used on the record. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed Amazon Web Services KMS key.</p> </li> </ul>"
         }
       },
       "documentation":"<p>The unit of data of the Kinesis data stream, which is composed of a sequence number, a partition key, and a data blob.</p>"
@@ -1507,7 +1559,7 @@
       "members":{
         "StreamARN":{
           "shape":"StreamARN",
-          "documentation":"<p>The ARN of the Kinesis data stream that you want to register the consumer with. For more info, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and AWS Service Namespaces</a>.</p>"
+          "documentation":"<p>The ARN of the Kinesis data stream that you want to register the consumer with. For more info, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kinesis-streams\">Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces</a>.</p>"
         },
         "ConsumerName":{
           "shape":"ConsumerName",
@@ -1629,10 +1681,20 @@
       "type":"structure",
       "required":["Type"],
       "members":{
-        "Type":{"shape":"ShardFilterType"},
-        "ShardId":{"shape":"ShardId"},
-        "Timestamp":{"shape":"Timestamp"}
-      }
+        "Type":{
+          "shape":"ShardFilterType",
+          "documentation":"<p>The shard type specified in the <code>ShardFilter</code> parameter. This is a required property of the <code>ShardFilter</code> parameter.</p> <p>You can specify the following valid values: </p> <ul> <li> <p> <code>AFTER_SHARD_ID</code> - the response includes all the shards, starting with the shard whose ID immediately follows the <code>ShardId</code> that you provided. </p> </li> <li> <p> <code>AT_TRIM_HORIZON</code> - the response includes all the shards that were open at <code>TRIM_HORIZON</code>.</p> </li> <li> <p> <code>FROM_TRIM_HORIZON</code> - (default), the response includes all the shards within the retention period of the data stream (trim to tip).</p> </li> <li> <p> <code>AT_LATEST</code> - the response includes only the currently open shards of the data stream.</p> </li> <li> <p> <code>AT_TIMESTAMP</code> - the response includes all shards whose start timestamp is less than or equal to the given timestamp and end timestamp is greater than or equal to the given timestamp or still open. </p> </li> <li> <p> <code>FROM_TIMESTAMP</code> - the response incldues all closed shards whose end timestamp is greater than or equal to the given timestamp and also all open shards. Corrected to <code>TRIM_HORIZON</code> of the data stream if <code>FROM_TIMESTAMP</code> is less than the <code>TRIM_HORIZON</code> value.</p> </li> </ul>"
+        },
+        "ShardId":{
+          "shape":"ShardId",
+          "documentation":"<p>The exclusive start <code>shardID</code> speified in the <code>ShardFilter</code> parameter. This property can only be used if the <code>AFTER_SHARD_ID</code> shard type is specified.</p>"
+        },
+        "Timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamps specified in the <code>ShardFilter</code> parameter. A timestamp is a Unix epoch date with precision in milliseconds. For example, 2016-04-04T19:58:46.480-00:00 or 1459799926.480. This property can only be used if <code>FROM_TIMESTAMP</code> or <code>AT_TIMESTAMP</code> shard types are specified.</p>"
+        }
+      },
+      "documentation":"<p>The request parameter used to filter out the response of the <code>ListShards</code> API.</p>"
     },
     "ShardFilterType":{
       "type":"string",
@@ -1715,7 +1777,7 @@
         },
         "KeyId":{
           "shape":"KeyId",
-          "documentation":"<p>The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
+          "documentation":"<p>The GUID for the customer-managed Amazon Web Services KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
         }
       }
     },
@@ -1736,7 +1798,7 @@
           "documentation":"<p>The time stamp of the data record from which to start reading. To specify a time stamp, set <code>StartingPosition</code> to <code>Type AT_TIMESTAMP</code>. A time stamp is the Unix epoch date with precision in milliseconds. For example, <code>2016-04-04T19:58:46.480-00:00</code> or <code>1459799926.480</code>. If a record with this exact time stamp does not exist, records will be streamed from the next (later) record. If the time stamp is older than the current trim horizon, records will be streamed from the oldest untrimmed data record (<code>TRIM_HORIZON</code>).</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>The starting position in the data stream from which to start streaming.</p>"
     },
     "StopStreamEncryptionInput":{
       "type":"structure",
@@ -1756,7 +1818,7 @@
         },
         "KeyId":{
           "shape":"KeyId",
-          "documentation":"<p>The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
+          "documentation":"<p>The GUID for the customer-managed Amazon Web Services KMS key to use for encryption. This value can be a globally unique identifier, a fully specified Amazon Resource Name (ARN) to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
         }
       }
     },
@@ -1791,6 +1853,10 @@
           "shape":"StreamStatus",
           "documentation":"<p>The current status of the stream being described. The stream status is one of the following states:</p> <ul> <li> <p> <code>CREATING</code> - The stream is being created. Kinesis Data Streams immediately returns and sets <code>StreamStatus</code> to <code>CREATING</code>.</p> </li> <li> <p> <code>DELETING</code> - The stream is being deleted. The specified stream is in the <code>DELETING</code> state until Kinesis Data Streams completes the deletion.</p> </li> <li> <p> <code>ACTIVE</code> - The stream exists and is ready for read and write operations or deletion. You should perform read and write operations only on an <code>ACTIVE</code> stream.</p> </li> <li> <p> <code>UPDATING</code> - Shards in the stream are being merged or split. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state.</p> </li> </ul>"
         },
+        "StreamModeDetails":{
+          "shape":"StreamModeDetails",
+          "documentation":"<p> Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data streams. </p>"
+        },
         "Shards":{
           "shape":"ShardList",
           "documentation":"<p>The shards that comprise the stream.</p>"
@@ -1813,11 +1879,11 @@
         },
         "EncryptionType":{
           "shape":"EncryptionType",
-          "documentation":"<p>The server-side encryption type used on the stream. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed AWS KMS key.</p> </li> </ul>"
+          "documentation":"<p>The server-side encryption type used on the stream. This parameter can be one of the following values:</p> <ul> <li> <p> <code>NONE</code>: Do not encrypt the records in the stream.</p> </li> <li> <p> <code>KMS</code>: Use server-side encryption on the records in the stream using a customer-managed Amazon Web Services KMS key.</p> </li> </ul>"
         },
         "KeyId":{
           "shape":"KeyId",
-          "documentation":"<p>The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
+          "documentation":"<p>The GUID for the customer-managed Amazon Web Services KMS key to use for encryption. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code>arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
         }
       },
       "documentation":"<p>Represents the output for <a>DescribeStream</a>.</p>"
@@ -1846,6 +1912,10 @@
           "shape":"StreamStatus",
           "documentation":"<p>The current status of the stream being described. The stream status is one of the following states:</p> <ul> <li> <p> <code>CREATING</code> - The stream is being created. Kinesis Data Streams immediately returns and sets <code>StreamStatus</code> to <code>CREATING</code>.</p> </li> <li> <p> <code>DELETING</code> - The stream is being deleted. The specified stream is in the <code>DELETING</code> state until Kinesis Data Streams completes the deletion.</p> </li> <li> <p> <code>ACTIVE</code> - The stream exists and is ready for read and write operations or deletion. You should perform read and write operations only on an <code>ACTIVE</code> stream.</p> </li> <li> <p> <code>UPDATING</code> - Shards in the stream are being merged or split. Read and write operations continue to work while the stream is in the <code>UPDATING</code> state.</p> </li> </ul>"
         },
+        "StreamModeDetails":{
+          "shape":"StreamModeDetails",
+          "documentation":"<p> Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> ycapacity mode and a <b>provisioned</b> capacity mode for your data streams. </p>"
+        },
         "RetentionPeriodHours":{
           "shape":"RetentionPeriodHours",
           "documentation":"<p>The current retention period, in hours.</p>"
@@ -1864,7 +1934,7 @@
         },
         "KeyId":{
           "shape":"KeyId",
-          "documentation":"<p>The GUID for the customer-managed AWS KMS key to use for encryption. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code> arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
+          "documentation":"<p>The GUID for the customer-managed Amazon Web Services KMS key to use for encryption. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by \"alias/\".You can also use a master key owned by Kinesis Data Streams by specifying the alias <code>aws/kinesis</code>.</p> <ul> <li> <p>Key ARN example: <code>arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias ARN example: <code> arn:aws:kms:us-east-1:123456789012:alias/MyAliasName</code> </p> </li> <li> <p>Globally unique key ID example: <code>12345678-1234-1234-1234-123456789012</code> </p> </li> <li> <p>Alias name example: <code>alias/MyAliasName</code> </p> </li> <li> <p>Master key owned by Kinesis Data Streams: <code>alias/aws/kinesis</code> </p> </li> </ul>"
         },
         "OpenShardCount":{
           "shape":"ShardCountObject",
@@ -1877,6 +1947,24 @@
       },
       "documentation":"<p>Represents the output for <a>DescribeStreamSummary</a> </p>"
     },
+    "StreamMode":{
+      "type":"string",
+      "enum":[
+        "PROVISIONED",
+        "ON_DEMAND"
+      ]
+    },
+    "StreamModeDetails":{
+      "type":"structure",
+      "required":["StreamMode"],
+      "members":{
+        "StreamMode":{
+          "shape":"StreamMode",
+          "documentation":"<p> Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data streams. </p>"
+        }
+      },
+      "documentation":"<p> Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data streams. </p>"
+    },
     "StreamName":{
       "type":"string",
       "max":128,
@@ -1916,7 +2004,10 @@
           "shape":"MillisBehindLatest",
           "documentation":"<p>The number of milliseconds the read records are from the tip of the stream, indicating how far behind current time the consumer is. A value of zero indicates that record processing is caught up, and there are no new records to process at this moment.</p>"
         },
-        "ChildShards":{"shape":"ChildShardList"}
+        "ChildShards":{
+          "shape":"ChildShardList",
+          "documentation":"<p>The list of the child shards of the current shard, returned only at the end of the current shard.</p>"
+        }
       },
       "documentation":"<p>After you call <a>SubscribeToShard</a>, Kinesis Data Streams sends events of this type over an HTTP/2 connection to your consumer.</p>",
       "event":true
@@ -1963,7 +2054,7 @@
         },
         "StartingPosition":{
           "shape":"StartingPosition",
-          "documentation":"<p/>"
+          "documentation":"<p>The starting position in the data stream from which to start streaming.</p>"
         }
       }
     },
@@ -2036,7 +2127,7 @@
         },
         "TargetShardCount":{
           "shape":"PositiveIntegerObject",
-          "documentation":"<p>The new number of shards. This value has the following default limits. By default, you cannot do the following: </p> <ul> <li> <p>Set this value to more than double your current shard count for a stream.</p> </li> <li> <p>Set this value below half your current shard count for a stream.</p> </li> <li> <p>Set this value to more than 500 shards in a stream (the default limit for shard count per stream is 500 per account per region), unless you request a limit increase.</p> </li> <li> <p>Scale a stream with more than 500 shards down unless you set this value to less than 500 shards.</p> </li> </ul>"
+          "documentation":"<p>The new number of shards. This value has the following default limits. By default, you cannot do the following: </p> <ul> <li> <p>Set this value to more than double your current shard count for a stream.</p> </li> <li> <p>Set this value below half your current shard count for a stream.</p> </li> <li> <p>Set this value to more than 10000 shards in a stream (the default limit for shard count per stream is 10000 per account per region), unless you request a limit increase.</p> </li> <li> <p>Scale a stream with more than 10000 shards down unless you set this value to less than 10000 shards.</p> </li> </ul>"
         },
         "ScalingType":{
           "shape":"ScalingType",
@@ -2060,6 +2151,31 @@
           "documentation":"<p>The updated number of shards.</p>"
         }
       }
+    },
+    "UpdateStreamModeInput":{
+      "type":"structure",
+      "required":[
+        "StreamARN",
+        "StreamModeDetails"
+      ],
+      "members":{
+        "StreamARN":{
+          "shape":"StreamARN",
+          "documentation":"<p> Specifies the ARN of the data stream whose capacity mode you want to update. </p>"
+        },
+        "StreamModeDetails":{
+          "shape":"StreamModeDetails",
+          "documentation":"<p> Specifies the capacity mode to which you want to set your data stream. Currently, in Kinesis Data Streams, you can choose between an <b>on-demand</b> capacity mode and a <b>provisioned</b> capacity mode for your data streams. </p>"
+        }
+      }
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p> </p>",
+      "exception":true
     }
   },
   "documentation":"<fullname>Amazon Kinesis Data Streams Service API Reference</fullname> <p>Amazon Kinesis Data Streams is a managed service that scales elastically for real-time processing of streaming big data.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.json b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.json
index ea142457a6a..006a98c89f7 100644
--- a/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.json
@@ -1,3 +1,34 @@
 {
-  "pagination": {}
+  "pagination": {
+    "GetWorkUnits": {
+      "input_token": "NextToken",
+      "limit_key": "PageSize",
+      "output_token": "NextToken",
+      "result_key": "WorkUnitRanges"
+    },
+    "ListDataCellsFilter": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "DataCellsFilters"
+    },
+    "ListLFTags": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "LFTags"
+    },
+    "SearchDatabasesByLFTags": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "DatabaseList"
+    },
+    "SearchTablesByLFTags": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "TableList"
+    }
+  }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json
new file mode 100644
index 00000000000..aea980d66c8
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json
@@ -0,0 +1,12 @@
+{
+  "version": 1.0,
+  "merge": {
+    "pagination": {
+      "GetWorkUnits": {
+        "non_aggregate_keys": [
+          "QueryId"
+        ]
+      }
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/service-2.json
index 7a226cb15f1..a0248d6b725 100644
--- a/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lakeformation/2017-03-31/service-2.json
@@ -4,12 +4,11 @@
     "apiVersion":"2017-03-31",
     "endpointPrefix":"lakeformation",
     "jsonVersion":"1.1",
-    "protocol":"json",
+    "protocol":"rest-json",
     "serviceFullName":"AWS Lake Formation",
     "serviceId":"LakeFormation",
     "signatureVersion":"v4",
     "signingName":"lakeformation",
-    "targetPrefix":"AWSLakeFormation",
     "uid":"lakeformation-2017-03-31"
   },
   "operations":{
@@ -17,7 +16,7 @@
       "name":"AddLFTagsToResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/AddLFTagsToResource"
       },
       "input":{"shape":"AddLFTagsToResourceRequest"},
       "output":{"shape":"AddLFTagsToResourceResponse"},
@@ -29,13 +28,13 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ConcurrentModificationException"}
       ],
-      "documentation":"<p>Attaches one or more tags to an existing resource.</p>"
+      "documentation":"<p>Attaches one or more LF-tags to an existing resource.</p>"
     },
     "BatchGrantPermissions":{
       "name":"BatchGrantPermissions",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/BatchGrantPermissions"
       },
       "input":{"shape":"BatchGrantPermissionsRequest"},
       "output":{"shape":"BatchGrantPermissionsResponse"},
@@ -49,7 +48,7 @@
       "name":"BatchRevokePermissions",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/BatchRevokePermissions"
       },
       "input":{"shape":"BatchRevokePermissionsRequest"},
       "output":{"shape":"BatchRevokePermissionsResponse"},
@@ -59,11 +58,67 @@
       ],
       "documentation":"<p>Batch operation to revoke permissions from the principal.</p>"
     },
+    "CancelTransaction":{
+      "name":"CancelTransaction",
+      "http":{
+        "method":"POST",
+        "requestUri":"/CancelTransaction"
+      },
+      "input":{"shape":"CancelTransactionRequest"},
+      "output":{"shape":"CancelTransactionResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"TransactionCommittedException"},
+        {"shape":"TransactionCommitInProgressException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Attempts to cancel the specified transaction. Returns an exception if the transaction was previously committed.</p>"
+    },
+    "CommitTransaction":{
+      "name":"CommitTransaction",
+      "http":{
+        "method":"POST",
+        "requestUri":"/CommitTransaction"
+      },
+      "input":{"shape":"CommitTransactionRequest"},
+      "output":{"shape":"CommitTransactionResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"TransactionCanceledException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Attempts to commit the specified transaction. Returns an exception if the transaction was previously aborted. This API action is idempotent if called multiple times for the same transaction.</p>"
+    },
+    "CreateDataCellsFilter":{
+      "name":"CreateDataCellsFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/CreateDataCellsFilter"
+      },
+      "input":{"shape":"CreateDataCellsFilterRequest"},
+      "output":{"shape":"CreateDataCellsFilterResponse"},
+      "errors":[
+        {"shape":"AlreadyExistsException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"ResourceNumberLimitExceededException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a data cell filter to allow one to grant access to certain columns on certain rows.</p>"
+    },
     "CreateLFTag":{
       "name":"CreateLFTag",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/CreateLFTag"
       },
       "input":{"shape":"CreateLFTagRequest"},
       "output":{"shape":"CreateLFTagResponse"},
@@ -75,13 +130,30 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Creates a tag with the specified name and values.</p>"
+      "documentation":"<p>Creates an LF-tag with the specified name and values.</p>"
+    },
+    "DeleteDataCellsFilter":{
+      "name":"DeleteDataCellsFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteDataCellsFilter"
+      },
+      "input":{"shape":"DeleteDataCellsFilterRequest"},
+      "output":{"shape":"DeleteDataCellsFilterResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes a data cell filter.</p>"
     },
     "DeleteLFTag":{
       "name":"DeleteLFTag",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/DeleteLFTag"
       },
       "input":{"shape":"DeleteLFTagRequest"},
       "output":{"shape":"DeleteLFTagResponse"},
@@ -92,13 +164,33 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Deletes the specified tag key name. If the attribute key does not exist or the tag does not exist, then the operation will not do anything. If the attribute key exists, then the operation checks if any resources are tagged with this attribute key, if yes, the API throws a 400 Exception with the message \"Delete not allowed\" as the tag key is still attached with resources. You can consider untagging resources with this tag key.</p>"
+      "documentation":"<p>Deletes the specified LF-tag key name. If the attribute key does not exist or the LF-tag does not exist, then the operation will not do anything. If the attribute key exists, then the operation checks if any resources are tagged with this attribute key, if yes, the API throws a 400 Exception with the message \"Delete not allowed\" as the LF-tag key is still attached with resources. You can consider untagging resources with this LF-tag key.</p>"
+    },
+    "DeleteObjectsOnCancel":{
+      "name":"DeleteObjectsOnCancel",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteObjectsOnCancel"
+      },
+      "input":{"shape":"DeleteObjectsOnCancelRequest"},
+      "output":{"shape":"DeleteObjectsOnCancelResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"TransactionCommittedException"},
+        {"shape":"TransactionCanceledException"},
+        {"shape":"ResourceNotReadyException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>For a specific governed table, provides a list of Amazon S3 objects that will be written during the current transaction and that can be automatically deleted if the transaction is canceled. Without this call, no Amazon S3 objects are automatically deleted when a transaction cancels. </p> <p> The Glue ETL library function <code>write_dynamic_frame.from_catalog()</code> includes an option to automatically call <code>DeleteObjectsOnCancel</code> before writes. For more information, see <a href=\"https://docs.aws.amazon.com/lake-formation/latest/dg/transactions-data-operations.html#rolling-back-writes\">Rolling Back Amazon S3 Writes</a>. </p>"
     },
     "DeregisterResource":{
       "name":"DeregisterResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/DeregisterResource"
       },
       "input":{"shape":"DeregisterResourceRequest"},
       "output":{"shape":"DeregisterResourceResponse"},
@@ -114,7 +206,7 @@
       "name":"DescribeResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/DescribeResource"
       },
       "input":{"shape":"DescribeResourceRequest"},
       "output":{"shape":"DescribeResourceResponse"},
@@ -124,13 +216,48 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"EntityNotFoundException"}
       ],
-      "documentation":"<p>Retrieves the current data access role for the given resource registered in AWS Lake Formation.</p>"
+      "documentation":"<p>Retrieves the current data access role for the given resource registered in Lake Formation.</p>"
+    },
+    "DescribeTransaction":{
+      "name":"DescribeTransaction",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DescribeTransaction"
+      },
+      "input":{"shape":"DescribeTransactionRequest"},
+      "output":{"shape":"DescribeTransactionResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"}
+      ],
+      "documentation":"<p>Returns the details of a single transaction.</p>"
+    },
+    "ExtendTransaction":{
+      "name":"ExtendTransaction",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ExtendTransaction"
+      },
+      "input":{"shape":"ExtendTransactionRequest"},
+      "output":{"shape":"ExtendTransactionResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"TransactionCommittedException"},
+        {"shape":"TransactionCanceledException"},
+        {"shape":"TransactionCommitInProgressException"}
+      ],
+      "documentation":"<p>Indicates to the service that the specified transaction is still active and should not be treated as idle and aborted.</p> <p>Write transactions that remain idle for a long period are automatically aborted unless explicitly extended.</p>"
     },
     "GetDataLakeSettings":{
       "name":"GetDataLakeSettings",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/GetDataLakeSettings"
       },
       "input":{"shape":"GetDataLakeSettingsRequest"},
       "output":{"shape":"GetDataLakeSettingsResponse"},
@@ -145,7 +272,7 @@
       "name":"GetEffectivePermissionsForPath",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/GetEffectivePermissionsForPath"
       },
       "input":{"shape":"GetEffectivePermissionsForPathRequest"},
       "output":{"shape":"GetEffectivePermissionsForPathResponse"},
@@ -161,7 +288,7 @@
       "name":"GetLFTag",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/GetLFTag"
       },
       "input":{"shape":"GetLFTagRequest"},
       "output":{"shape":"GetLFTagResponse"},
@@ -172,13 +299,50 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Returns a tag definition.</p>"
+      "documentation":"<p>Returns an LF-tag definition.</p>"
+    },
+    "GetQueryState":{
+      "name":"GetQueryState",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetQueryState",
+        "responseCode":200
+      },
+      "input":{"shape":"GetQueryStateRequest"},
+      "output":{"shape":"GetQueryStateResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the state of a query previously submitted. Clients are expected to poll <code>GetQueryState</code> to monitor the current state of the planning before retrieving the work units. A query state is only visible to the principal that made the initial call to <code>StartQueryPlanning</code>.</p>",
+      "endpoint":{"hostPrefix":"query-"}
+    },
+    "GetQueryStatistics":{
+      "name":"GetQueryStatistics",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetQueryStatistics",
+        "responseCode":200
+      },
+      "input":{"shape":"GetQueryStatisticsRequest"},
+      "output":{"shape":"GetQueryStatisticsResponse"},
+      "errors":[
+        {"shape":"StatisticsNotReadyYetException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ExpiredException"},
+        {"shape":"ThrottledException"}
+      ],
+      "documentation":"<p>Retrieves statistics on the planning and execution of a query.</p>",
+      "endpoint":{"hostPrefix":"query-"}
     },
     "GetResourceLFTags":{
       "name":"GetResourceLFTags",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/GetResourceLFTags"
       },
       "input":{"shape":"GetResourceLFTagsRequest"},
       "output":{"shape":"GetResourceLFTagsResponse"},
@@ -190,13 +354,106 @@
         {"shape":"GlueEncryptionException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Returns the tags applied to a resource.</p>"
+      "documentation":"<p>Returns the LF-tags applied to a resource.</p>"
+    },
+    "GetTableObjects":{
+      "name":"GetTableObjects",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetTableObjects"
+      },
+      "input":{"shape":"GetTableObjectsRequest"},
+      "output":{"shape":"GetTableObjectsResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"TransactionCommittedException"},
+        {"shape":"TransactionCanceledException"},
+        {"shape":"ResourceNotReadyException"}
+      ],
+      "documentation":"<p>Returns the set of Amazon S3 objects that make up the specified governed table. A transaction ID or timestamp can be specified for time-travel queries.</p>"
+    },
+    "GetTemporaryGluePartitionCredentials":{
+      "name":"GetTemporaryGluePartitionCredentials",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetTemporaryGluePartitionCredentials"
+      },
+      "input":{"shape":"GetTemporaryGluePartitionCredentialsRequest"},
+      "output":{"shape":"GetTemporaryGluePartitionCredentialsResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"PermissionTypeMismatchException"}
+      ],
+      "documentation":"<p>This API is identical to <code>GetTemporaryTableCredentials</code> except that this is used when the target Data Catalog resource is of type Partition. Lake Formation restricts the permission of the vended credentials with the same scope down policy which restricts access to a single Amazon S3 prefix.</p>"
+    },
+    "GetTemporaryGlueTableCredentials":{
+      "name":"GetTemporaryGlueTableCredentials",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetTemporaryGlueTableCredentials"
+      },
+      "input":{"shape":"GetTemporaryGlueTableCredentialsRequest"},
+      "output":{"shape":"GetTemporaryGlueTableCredentialsResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"PermissionTypeMismatchException"}
+      ],
+      "documentation":"<p>Allows a caller in a secure environment to assume a role with permission to access Amazon S3. In order to vend such credentials, Lake Formation assumes the role associated with a registered location, for example an Amazon S3 bucket, with a scope down policy which restricts the access to a single prefix.</p>"
+    },
+    "GetWorkUnitResults":{
+      "name":"GetWorkUnitResults",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetWorkUnitResults",
+        "responseCode":200
+      },
+      "input":{"shape":"GetWorkUnitResultsRequest"},
+      "output":{"shape":"GetWorkUnitResultsResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ExpiredException"},
+        {"shape":"ThrottledException"}
+      ],
+      "documentation":"<p>Returns the work units resulting from the query. Work units can be executed in any order and in parallel. </p>",
+      "endpoint":{"hostPrefix":"data-"}
+    },
+    "GetWorkUnits":{
+      "name":"GetWorkUnits",
+      "http":{
+        "method":"POST",
+        "requestUri":"/GetWorkUnits",
+        "responseCode":200
+      },
+      "input":{"shape":"GetWorkUnitsRequest"},
+      "output":{"shape":"GetWorkUnitsResponse"},
+      "errors":[
+        {"shape":"WorkUnitsNotReadyYetException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ExpiredException"}
+      ],
+      "documentation":"<p>Retrieves the work units generated by the <code>StartQueryPlanning</code> operation.</p>",
+      "endpoint":{"hostPrefix":"query-"}
     },
     "GrantPermissions":{
       "name":"GrantPermissions",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/GrantPermissions"
       },
       "input":{"shape":"GrantPermissionsRequest"},
       "output":{"shape":"GrantPermissionsResponse"},
@@ -207,11 +464,27 @@
       ],
       "documentation":"<p>Grants permissions to the principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3.</p> <p>For information about permissions, see <a href=\"https://docs-aws.amazon.com/lake-formation/latest/dg/security-data-access.html\">Security and Access Control to Metadata and Data</a>.</p>"
     },
+    "ListDataCellsFilter":{
+      "name":"ListDataCellsFilter",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ListDataCellsFilter"
+      },
+      "input":{"shape":"ListDataCellsFilterRequest"},
+      "output":{"shape":"ListDataCellsFilterResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the data cell filters on a table.</p>"
+    },
     "ListLFTags":{
       "name":"ListLFTags",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/ListLFTags"
       },
       "input":{"shape":"ListLFTagsRequest"},
       "output":{"shape":"ListLFTagsResponse"},
@@ -219,15 +492,16 @@
         {"shape":"EntityNotFoundException"},
         {"shape":"InvalidInputException"},
         {"shape":"InternalServiceException"},
-        {"shape":"OperationTimeoutException"}
+        {"shape":"OperationTimeoutException"},
+        {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Lists tags that the requester has permission to view. </p>"
+      "documentation":"<p>Lists LF-tags that the requester has permission to view. </p>"
     },
     "ListPermissions":{
       "name":"ListPermissions",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/ListPermissions"
       },
       "input":{"shape":"ListPermissionsRequest"},
       "output":{"shape":"ListPermissionsResponse"},
@@ -242,7 +516,7 @@
       "name":"ListResources",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/ListResources"
       },
       "input":{"shape":"ListResourcesRequest"},
       "output":{"shape":"ListResourcesResponse"},
@@ -253,11 +527,42 @@
       ],
       "documentation":"<p>Lists the resources registered to be managed by the Data Catalog.</p>"
     },
+    "ListTableStorageOptimizers":{
+      "name":"ListTableStorageOptimizers",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ListTableStorageOptimizers"
+      },
+      "input":{"shape":"ListTableStorageOptimizersRequest"},
+      "output":{"shape":"ListTableStorageOptimizersResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Returns the configuration of all storage optimizers associated with a specified table.</p>"
+    },
+    "ListTransactions":{
+      "name":"ListTransactions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ListTransactions"
+      },
+      "input":{"shape":"ListTransactionsRequest"},
+      "output":{"shape":"ListTransactionsResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"}
+      ],
+      "documentation":"<p>Returns metadata about transactions and their status. To prevent the response from growing indefinitely, only uncommitted transactions and those available for time-travel queries are returned.</p> <p>This operation can help you identify uncommitted transactions or to get information about transactions.</p>"
+    },
     "PutDataLakeSettings":{
       "name":"PutDataLakeSettings",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/PutDataLakeSettings"
       },
       "input":{"shape":"PutDataLakeSettingsRequest"},
       "output":{"shape":"PutDataLakeSettingsResponse"},
@@ -271,7 +576,7 @@
       "name":"RegisterResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/RegisterResource"
       },
       "input":{"shape":"RegisterResourceRequest"},
       "output":{"shape":"RegisterResourceResponse"},
@@ -279,15 +584,18 @@
         {"shape":"InvalidInputException"},
         {"shape":"InternalServiceException"},
         {"shape":"OperationTimeoutException"},
-        {"shape":"AlreadyExistsException"}
+        {"shape":"AlreadyExistsException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"ResourceNumberLimitExceededException"},
+        {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives AWS Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>"
+      "documentation":"<p>Registers the resource as managed by the Data Catalog.</p> <p>To add or update data, Lake Formation needs read/write access to the chosen Amazon S3 path. Choose a role that you know has permission to do this, or choose the AWSServiceRoleForLakeFormationDataAccess service-linked role. When you register the first Amazon S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.</p> <p>The following request registers a new location and gives Lake Formation permission to use the service-linked role to access that location.</p> <p> <code>ResourceArn = arn:aws:s3:::my-bucket UseServiceLinkedRole = true</code> </p> <p>If <code>UseServiceLinkedRole</code> is not set to true, you must provide or set the <code>RoleArn</code>:</p> <p> <code>arn:aws:iam::12345:role/my-data-access-role</code> </p>"
     },
     "RemoveLFTagsFromResource":{
       "name":"RemoveLFTagsFromResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/RemoveLFTagsFromResource"
       },
       "input":{"shape":"RemoveLFTagsFromResourceRequest"},
       "output":{"shape":"RemoveLFTagsFromResourceResponse"},
@@ -300,13 +608,13 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ConcurrentModificationException"}
       ],
-      "documentation":"<p>Removes a tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in <code>tableWithColumns</code> to specify column input.</p>"
+      "documentation":"<p>Removes an LF-tag from the resource. Only database, table, or tableWithColumns resource are allowed. To tag columns, use the column inclusion list in <code>tableWithColumns</code> to specify column input.</p>"
     },
     "RevokePermissions":{
       "name":"RevokePermissions",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/RevokePermissions"
       },
       "input":{"shape":"RevokePermissionsRequest"},
       "output":{"shape":"RevokePermissionsResponse"},
@@ -321,7 +629,7 @@
       "name":"SearchDatabasesByLFTags",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/SearchDatabasesByLFTags"
       },
       "input":{"shape":"SearchDatabasesByLFTagsRequest"},
       "output":{"shape":"SearchDatabasesByLFTagsResponse"},
@@ -339,7 +647,7 @@
       "name":"SearchTablesByLFTags",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/SearchTablesByLFTags"
       },
       "input":{"shape":"SearchTablesByLFTagsRequest"},
       "output":{"shape":"SearchTablesByLFTagsResponse"},
@@ -351,13 +659,45 @@
         {"shape":"GlueEncryptionException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>This operation allows a search on <code>TABLE</code> resources by <code>LFTag</code>s. This will be used by admins who want to grant user permissions on certain LFTags. Before making a grant, the admin can use <code>SearchTablesByLFTags</code> to find all resources where the given <code>LFTag</code>s are valid to verify whether the returned resources can be shared.</p>"
+      "documentation":"<p>This operation allows a search on <code>TABLE</code> resources by <code>LFTag</code>s. This will be used by admins who want to grant user permissions on certain LF-tags. Before making a grant, the admin can use <code>SearchTablesByLFTags</code> to find all resources where the given <code>LFTag</code>s are valid to verify whether the returned resources can be shared.</p>"
+    },
+    "StartQueryPlanning":{
+      "name":"StartQueryPlanning",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StartQueryPlanning",
+        "responseCode":200
+      },
+      "input":{"shape":"StartQueryPlanningRequest"},
+      "output":{"shape":"StartQueryPlanningResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottledException"}
+      ],
+      "documentation":"<p>Submits a request to process a query statement.</p> <p>This operation generates work units that can be retrieved with the <code>GetWorkUnits</code> operation as soon as the query state is WORKUNITS_AVAILABLE or FINISHED.</p>",
+      "endpoint":{"hostPrefix":"query-"}
+    },
+    "StartTransaction":{
+      "name":"StartTransaction",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StartTransaction"
+      },
+      "input":{"shape":"StartTransactionRequest"},
+      "output":{"shape":"StartTransactionResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"OperationTimeoutException"}
+      ],
+      "documentation":"<p>Starts a new transaction and returns its transaction ID. Transaction IDs are opaque objects that you can use to identify a transaction.</p>"
     },
     "UpdateLFTag":{
       "name":"UpdateLFTag",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/UpdateLFTag"
       },
       "input":{"shape":"UpdateLFTagRequest"},
       "output":{"shape":"UpdateLFTagResponse"},
@@ -369,13 +709,13 @@
         {"shape":"ConcurrentModificationException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Updates the list of possible values for the specified tag key. If the tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - \"Update not allowed\". Untag the attribute before deleting the tag key's value. </p>"
+      "documentation":"<p>Updates the list of possible values for the specified LF-tag key. If the LF-tag does not exist, the operation throws an EntityNotFoundException. The values in the delete key values will be deleted from list of possible values. If any value in the delete key values is attached to a resource, then API errors out with a 400 Exception - \"Update not allowed\". Untag the attribute before deleting the LF-tag key's value. </p>"
     },
     "UpdateResource":{
       "name":"UpdateResource",
       "http":{
         "method":"POST",
-        "requestUri":"/"
+        "requestUri":"/UpdateResource"
       },
       "input":{"shape":"UpdateResourceRequest"},
       "output":{"shape":"UpdateResourceResponse"},
@@ -385,7 +725,44 @@
         {"shape":"OperationTimeoutException"},
         {"shape":"EntityNotFoundException"}
       ],
-      "documentation":"<p>Updates the data access role used for vending access to the given (registered) resource in AWS Lake Formation. </p>"
+      "documentation":"<p>Updates the data access role used for vending access to the given (registered) resource in Lake Formation. </p>"
+    },
+    "UpdateTableObjects":{
+      "name":"UpdateTableObjects",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateTableObjects"
+      },
+      "input":{"shape":"UpdateTableObjectsRequest"},
+      "output":{"shape":"UpdateTableObjectsResponse"},
+      "errors":[
+        {"shape":"InternalServiceException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"OperationTimeoutException"},
+        {"shape":"EntityNotFoundException"},
+        {"shape":"TransactionCommittedException"},
+        {"shape":"TransactionCanceledException"},
+        {"shape":"TransactionCommitInProgressException"},
+        {"shape":"ResourceNotReadyException"},
+        {"shape":"ConcurrentModificationException"}
+      ],
+      "documentation":"<p>Updates the manifest of Amazon S3 objects that make up the specified governed table.</p>"
+    },
+    "UpdateTableStorageOptimizer":{
+      "name":"UpdateTableStorageOptimizer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateTableStorageOptimizer"
+      },
+      "input":{"shape":"UpdateTableStorageOptimizerRequest"},
+      "output":{"shape":"UpdateTableStorageOptimizerResponse"},
+      "errors":[
+        {"shape":"EntityNotFoundException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServiceException"}
+      ],
+      "documentation":"<p>Updates the configuration of the storage optimizers for a table.</p>"
     }
   },
   "shapes":{
@@ -398,8 +775,13 @@
         }
       },
       "documentation":"<p>Access to a resource was denied.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
       "exception":true
     },
+    "AccessKeyIdString":{"type":"string"},
     "AddLFTagsToResourceRequest":{
       "type":"structure",
       "required":[
@@ -409,15 +791,15 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Resource":{
           "shape":"Resource",
-          "documentation":"<p>The resource to which to attach a tag.</p>"
+          "documentation":"<p>The database, table, or column resource to which to attach an LF-tag.</p>"
         },
         "LFTags":{
           "shape":"LFTagsList",
-          "documentation":"<p>The tags to attach to the resource.</p>"
+          "documentation":"<p>The LF-tags to attach to the resource.</p>"
         }
       }
     },
@@ -430,6 +812,39 @@
         }
       }
     },
+    "AddObjectInput":{
+      "type":"structure",
+      "required":[
+        "Uri",
+        "ETag",
+        "Size"
+      ],
+      "members":{
+        "Uri":{
+          "shape":"URI",
+          "documentation":"<p>The Amazon S3 location of the object.</p>"
+        },
+        "ETag":{
+          "shape":"ETagString",
+          "documentation":"<p>The Amazon S3 ETag of the object. Returned by <code>GetTableObjects</code> for validation and used to identify changes to the underlying data.</p>"
+        },
+        "Size":{
+          "shape":"ObjectSize",
+          "documentation":"<p>The size of the Amazon S3 object in bytes.</p>"
+        },
+        "PartitionValues":{
+          "shape":"PartitionValuesList",
+          "documentation":"<p>A list of partition values for the object. A value must be specified for each partition key associated with the table.</p> <p>The supported data types are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss\"), string and decimal.</p>"
+        }
+      },
+      "documentation":"<p>A new object to add to the governed table.</p>"
+    },
+    "AllRowsWildcard":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>A structure that you pass to indicate you want all rows in a filter. </p>"
+    },
     "AlreadyExistsException":{
       "type":"structure",
       "members":{
@@ -441,13 +856,33 @@
       "documentation":"<p>A resource to be created or added already exists.</p>",
       "exception":true
     },
+    "AuditContext":{
+      "type":"structure",
+      "members":{
+        "AdditionalAuditContext":{
+          "shape":"AuditContextString",
+          "documentation":"<p>The filter engine can populate the 'AdditionalAuditContext' information with the request ID for you to track. This information will be displayed in CloudTrail log in your account.</p>"
+        }
+      },
+      "documentation":"<p>A structure used to include auditing information on the privileged API. </p>"
+    },
+    "AuditContextString":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
+    },
+    "AuthorizedSessionTagValueList":{
+      "type":"list",
+      "member":{"shape":"NameString"}
+    },
     "BatchGrantPermissionsRequest":{
       "type":"structure",
       "required":["Entries"],
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Entries":{
           "shape":"BatchPermissionsRequestEntryList",
@@ -519,7 +954,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Entries":{
           "shape":"BatchPermissionsRequestEntryList",
@@ -537,6 +972,21 @@
       }
     },
     "BooleanNullable":{"type":"boolean"},
+    "CancelTransactionRequest":{
+      "type":"structure",
+      "required":["TransactionId"],
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction to cancel.</p>"
+        }
+      }
+    },
+    "CancelTransactionResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "CatalogIdString":{
       "type":"string",
       "max":255,
@@ -558,10 +1008,10 @@
         },
         "LFTags":{
           "shape":"LFTagsList",
-          "documentation":"<p>The tags attached to a column resource.</p>"
+          "documentation":"<p>The LF-tags attached to a column resource.</p>"
         }
       },
-      "documentation":"<p>A structure containing the name of a column resource and the tags attached to it.</p>"
+      "documentation":"<p>A structure containing the name of a column resource and the LF-tags attached to it.</p>"
     },
     "ColumnLFTagsList":{
       "type":"list",
@@ -581,6 +1031,25 @@
       },
       "documentation":"<p>A wildcard object, consisting of an optional list of excluded column names or indexes.</p>"
     },
+    "CommitTransactionRequest":{
+      "type":"structure",
+      "required":["TransactionId"],
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction to commit.</p>"
+        }
+      }
+    },
+    "CommitTransactionResponse":{
+      "type":"structure",
+      "members":{
+        "TransactionStatus":{
+          "shape":"TransactionStatus",
+          "documentation":"<p>The status of the transaction.</p>"
+        }
+      }
+    },
     "ComparisonOperator":{
       "type":"string",
       "enum":[
@@ -608,6 +1077,21 @@
       "documentation":"<p>Two processes are trying to modify a resource simultaneously.</p>",
       "exception":true
     },
+    "CreateDataCellsFilterRequest":{
+      "type":"structure",
+      "required":["TableData"],
+      "members":{
+        "TableData":{
+          "shape":"DataCellsFilter",
+          "documentation":"<p>A <code>DataCellsFilter</code> structure containing information about the data cells filter.</p>"
+        }
+      }
+    },
+    "CreateDataCellsFilterResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "CreateLFTagRequest":{
       "type":"structure",
       "required":[
@@ -617,11 +1101,11 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         },
         "TagValues":{
           "shape":"TagValueList",
@@ -634,15 +1118,87 @@
       "members":{
       }
     },
+    "CredentialTimeoutDurationSecondInteger":{
+      "type":"integer",
+      "box":true,
+      "max":43200,
+      "min":900
+    },
+    "DataCellsFilter":{
+      "type":"structure",
+      "required":[
+        "TableCatalogId",
+        "DatabaseName",
+        "TableName",
+        "Name"
+      ],
+      "members":{
+        "TableCatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The ID of the catalog to which the table belongs.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>A database in the Glue Data Catalog.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>A table in the database.</p>"
+        },
+        "Name":{
+          "shape":"NameString",
+          "documentation":"<p>The name given by the user to the data filter cell.</p>"
+        },
+        "RowFilter":{
+          "shape":"RowFilter",
+          "documentation":"<p>A PartiQL predicate.</p>"
+        },
+        "ColumnNames":{
+          "shape":"ColumnNames",
+          "documentation":"<p>A list of column names.</p>"
+        },
+        "ColumnWildcard":{
+          "shape":"ColumnWildcard",
+          "documentation":"<p>A wildcard with exclusions.</p> <p>You must specify either a <code>ColumnNames</code> list or the <code>ColumnWildCard</code>. </p>"
+        }
+      },
+      "documentation":"<p>A structure that describes certain columns on certain rows.</p>"
+    },
+    "DataCellsFilterList":{
+      "type":"list",
+      "member":{"shape":"DataCellsFilter"}
+    },
+    "DataCellsFilterResource":{
+      "type":"structure",
+      "members":{
+        "TableCatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The ID of the catalog to which the table belongs.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>A database in the Glue Data Catalog.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>The name of the table.</p>"
+        },
+        "Name":{
+          "shape":"NameString",
+          "documentation":"<p>The name of the data cells filter. </p>"
+        }
+      },
+      "documentation":"<p>A structure for a data cells filter resource. </p>"
+    },
     "DataLakePrincipal":{
       "type":"structure",
       "members":{
         "DataLakePrincipalIdentifier":{
           "shape":"DataLakePrincipalString",
-          "documentation":"<p>An identifier for the AWS Lake Formation principal.</p>"
+          "documentation":"<p>An identifier for the Lake Formation principal.</p>"
         }
       },
-      "documentation":"<p>The AWS Lake Formation principal. Supported principals are IAM users or IAM roles.</p>"
+      "documentation":"<p>The Lake Formation principal. Supported principals are IAM users or IAM roles.</p>"
     },
     "DataLakePrincipalList":{
       "type":"list",
@@ -673,22 +1229,34 @@
       "members":{
         "DataLakeAdmins":{
           "shape":"DataLakePrincipalList",
-          "documentation":"<p>A list of AWS Lake Formation principals. Supported principals are IAM users or IAM roles.</p>"
+          "documentation":"<p>A list of Lake Formation principals. Supported principals are IAM users or IAM roles.</p>"
         },
         "CreateDatabaseDefaultPermissions":{
           "shape":"PrincipalPermissionsList",
-          "documentation":"<p>A structure representing a list of up to three principal permissions entries for default create database permissions.</p>"
+          "documentation":"<p>Specifies whether access control on newly created database is managed by Lake Formation permissions or exclusively by IAM permissions. You can override this default setting when you create a database.</p> <p>A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting \"Use only IAM access control,\" and is for backward compatibility with the Glue permission model implemented by IAM permissions.</p> <p>The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html\">Changing the Default Security Settings for Your Data Lake</a>.</p>"
         },
         "CreateTableDefaultPermissions":{
           "shape":"PrincipalPermissionsList",
-          "documentation":"<p>A structure representing a list of up to three principal permissions entries for default create table permissions.</p>"
+          "documentation":"<p>Specifies whether access control on newly created table is managed by Lake Formation permissions or exclusively by IAM permissions.</p> <p>A null value indicates access control by Lake Formation permissions. A value that assigns ALL to IAM_ALLOWED_PRINCIPALS indicates access control by IAM permissions. This is referred to as the setting \"Use only IAM access control,\" and is for backward compatibility with the Glue permission model implemented by IAM permissions.</p> <p>The only permitted values are an empty array or an array that contains a single JSON object that grants ALL to IAM_ALLOWED_PRINCIPALS.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html\">Changing the Default Security Settings for Your Data Lake</a>.</p>"
         },
         "TrustedResourceOwners":{
           "shape":"TrustedResourceOwners",
-          "documentation":"<p>A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's AWS CloudTrail log.</p> <p>You may want to specify this property when you are in a high-trust boundary, such as the same team or company. </p>"
+          "documentation":"<p>A list of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). The user ARNs can be logged in the resource owner's CloudTrail log.</p> <p>You may want to specify this property when you are in a high-trust boundary, such as the same team or company. </p>"
+        },
+        "AllowExternalDataFiltering":{
+          "shape":"NullableBoolean",
+          "documentation":"<p>Whether to allow Amazon EMR clusters to access data managed by Lake Formation. </p> <p>If true, you allow Amazon EMR clusters to access data in Amazon S3 locations that are registered with Lake Formation.</p> <p>If false or null, no Amazon EMR clusters will be able to access data in Amazon S3 locations that are registered with Lake Formation.</p> <p>For more information, see <a href=\"https://docs-aws.amazon.com/lake-formation/latest/dg/getting-started-setup.html#emr-switch\">(Optional) Allow Data Filtering on Amazon EMR</a>.</p>"
+        },
+        "ExternalDataFilteringAllowList":{
+          "shape":"DataLakePrincipalList",
+          "documentation":"<p>A list of the account IDs of Amazon Web Services accounts with Amazon EMR clusters that are to perform data filtering.&gt;</p>"
+        },
+        "AuthorizedSessionTagValueList":{
+          "shape":"AuthorizedSessionTagValueList",
+          "documentation":"<p>Lake Formation relies on a privileged process secured by Amazon EMR or the third party integrator to tag the user's role while assuming it. Lake Formation will publish the acceptable key-value pair, for example key = \"LakeFormationTrustedCaller\" and value = \"TRUE\" and the third party integrator must properly tag the temporary security credentials that will be used to call Lake Formation's administrative APIs.</p>"
         }
       },
-      "documentation":"<p>A structure representing a list of AWS Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.</p>"
+      "documentation":"<p>A structure representing a list of Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.</p>"
     },
     "DataLocationResource":{
       "type":"structure",
@@ -696,7 +1264,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog where the location is registered with AWS Lake Formation. By default, it is the account ID of the caller.</p>"
+          "documentation":"<p>The identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.</p>"
         },
         "ResourceArn":{
           "shape":"ResourceArnString",
@@ -724,17 +1292,47 @@
       },
       "documentation":"<p>A structure for the database object.</p>"
     },
+    "DateTime":{
+      "type":"timestamp",
+      "timestampFormat":"iso8601"
+    },
+    "DeleteDataCellsFilterRequest":{
+      "type":"structure",
+      "members":{
+        "TableCatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The ID of the catalog to which the table belongs.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>A database in the Glue Data Catalog.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>A table in the database.</p>"
+        },
+        "Name":{
+          "shape":"NameString",
+          "documentation":"<p>The name given by the user to the data filter cell.</p>"
+        }
+      }
+    },
+    "DeleteDataCellsFilterResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteLFTagRequest":{
       "type":"structure",
       "required":["TagKey"],
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag to delete.</p>"
+          "documentation":"<p>The key-name for the LF-tag to delete.</p>"
         }
       }
     },
@@ -743,6 +1341,61 @@
       "members":{
       }
     },
+    "DeleteObjectInput":{
+      "type":"structure",
+      "required":["Uri"],
+      "members":{
+        "Uri":{
+          "shape":"URI",
+          "documentation":"<p>The Amazon S3 location of the object to delete.</p>"
+        },
+        "ETag":{
+          "shape":"ETagString",
+          "documentation":"<p>The Amazon S3 ETag of the object. Returned by <code>GetTableObjects</code> for validation and used to identify changes to the underlying data.</p>"
+        },
+        "PartitionValues":{
+          "shape":"PartitionValuesList",
+          "documentation":"<p>A list of partition values for the object. A value must be specified for each partition key associated with the governed table.</p>"
+        }
+      },
+      "documentation":"<p>An object to delete from the governed table.</p>"
+    },
+    "DeleteObjectsOnCancelRequest":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName",
+        "TransactionId",
+        "Objects"
+      ],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The Glue data catalog that contains the governed table. Defaults to the current account ID.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>The database that contains the governed table.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>The name of the governed table.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>ID of the transaction that the writes occur in.</p>"
+        },
+        "Objects":{
+          "shape":"VirtualObjectList",
+          "documentation":"<p>A list of VirtualObject structures, which indicates the Amazon S3 objects to be deleted if the transaction cancels.</p>"
+        }
+      }
+    },
+    "DeleteObjectsOnCancelResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeregisterResourceRequest":{
       "type":"structure",
       "required":["ResourceArn"],
@@ -773,7 +1426,26 @@
       "members":{
         "ResourceInfo":{
           "shape":"ResourceInfo",
-          "documentation":"<p>A structure containing information about an AWS Lake Formation resource.</p>"
+          "documentation":"<p>A structure containing information about an Lake Formation resource.</p>"
+        }
+      }
+    },
+    "DescribeTransactionRequest":{
+      "type":"structure",
+      "required":["TransactionId"],
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction for which to return status.</p>"
+        }
+      }
+    },
+    "DescribeTransactionResponse":{
+      "type":"structure",
+      "members":{
+        "TransactionDescription":{
+          "shape":"TransactionDescription",
+          "documentation":"<p>Returns a <code>TransactionDescription</code> object containing information about the transaction.</p>"
         }
       }
     },
@@ -788,10 +1460,16 @@
       "members":{
         "ResourceShare":{
           "shape":"ResourceShareList",
-          "documentation":"<p>A resource share ARN for a catalog resource shared through AWS Resource Access Manager (AWS RAM).</p>"
+          "documentation":"<p>A resource share ARN for a catalog resource shared through RAM.</p>"
         }
       },
-      "documentation":"<p>A structure containing the additional details to be returned in the <code>AdditionalDetails</code> attribute of <code>PrincipalResourcePermissions</code>.</p> <p>If a catalog resource is shared through AWS Resource Access Manager (AWS RAM), then there will exist a corresponding RAM resource share ARN.</p>"
+      "documentation":"<p>A structure containing the additional details to be returned in the <code>AdditionalDetails</code> attribute of <code>PrincipalResourcePermissions</code>.</p> <p>If a catalog resource is shared through Resource Access Manager (RAM), then there will exist a corresponding RAM resource share ARN.</p>"
+    },
+    "ETagString":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"[\\p{L}\\p{N}\\p{P}]*"
     },
     "EntityNotFoundException":{
       "type":"structure",
@@ -818,12 +1496,61 @@
       },
       "documentation":"<p>Contains details about an error.</p>"
     },
+    "ErrorMessageString":{"type":"string"},
+    "ExecutionStatistics":{
+      "type":"structure",
+      "members":{
+        "AverageExecutionTimeMillis":{
+          "shape":"NumberOfMilliseconds",
+          "documentation":"<p>The average time the request took to be executed.</p>"
+        },
+        "DataScannedBytes":{
+          "shape":"NumberOfBytes",
+          "documentation":"<p>The amount of data that was scanned in bytes.</p>"
+        },
+        "WorkUnitsExecutedCount":{
+          "shape":"NumberOfItems",
+          "documentation":"<p>The number of work units executed.</p>"
+        }
+      },
+      "documentation":"<p>Statistics related to the processing of a query statement.</p>"
+    },
+    "ExpirationTimestamp":{"type":"timestamp"},
+    "ExpiredException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error where the query request expired.</p>",
+      "error":{
+        "httpStatusCode":410,
+        "senderFault":true
+      },
+      "exception":true
+    },
     "Expression":{
       "type":"list",
       "member":{"shape":"LFTag"},
       "max":5,
       "min":1
     },
+    "ExtendTransactionRequest":{
+      "type":"structure",
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction to extend.</p>"
+        }
+      }
+    },
+    "ExtendTransactionResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "FieldNameString":{
       "type":"string",
       "enum":[
@@ -861,7 +1588,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         }
       }
     },
@@ -870,7 +1597,7 @@
       "members":{
         "DataLakeSettings":{
           "shape":"DataLakeSettings",
-          "documentation":"<p>A structure representing a list of AWS Lake Formation principals designated as data lake administrators.</p>"
+          "documentation":"<p>A structure representing a list of Lake Formation principals designated as data lake administrators.</p>"
         }
       }
     },
@@ -880,7 +1607,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "ResourceArn":{
           "shape":"ResourceArnString",
@@ -915,11 +1642,11 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         }
       }
     },
@@ -928,11 +1655,11 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         },
         "TagValues":{
           "shape":"TagValueList",
@@ -940,21 +1667,83 @@
         }
       }
     },
+    "GetQueryStateRequest":{
+      "type":"structure",
+      "required":["QueryId"],
+      "members":{
+        "QueryId":{
+          "shape":"GetQueryStateRequestQueryIdString",
+          "documentation":"<p>The ID of the plan query operation.</p>"
+        }
+      }
+    },
+    "GetQueryStateRequestQueryIdString":{
+      "type":"string",
+      "max":36,
+      "min":36
+    },
+    "GetQueryStateResponse":{
+      "type":"structure",
+      "required":["State"],
+      "members":{
+        "Error":{
+          "shape":"ErrorMessageString",
+          "documentation":"<p>An error message when the operation fails.</p>"
+        },
+        "State":{
+          "shape":"QueryStateString",
+          "documentation":"<p>The state of a query previously submitted. The possible states are:</p> <ul> <li> <p>PENDING: the query is pending.</p> </li> <li> <p>WORKUNITS_AVAILABLE: some work units are ready for retrieval and execution.</p> </li> <li> <p>FINISHED: the query planning finished successfully, and all work units are ready for retrieval and execution.</p> </li> <li> <p>ERROR: an error occurred with the query, such as an invalid query ID or a backend error.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>A structure for the output.</p>"
+    },
+    "GetQueryStatisticsRequest":{
+      "type":"structure",
+      "required":["QueryId"],
+      "members":{
+        "QueryId":{
+          "shape":"GetQueryStatisticsRequestQueryIdString",
+          "documentation":"<p>The ID of the plan query operation.</p>"
+        }
+      }
+    },
+    "GetQueryStatisticsRequestQueryIdString":{
+      "type":"string",
+      "max":36,
+      "min":36
+    },
+    "GetQueryStatisticsResponse":{
+      "type":"structure",
+      "members":{
+        "ExecutionStatistics":{
+          "shape":"ExecutionStatistics",
+          "documentation":"<p>An <code>ExecutionStatistics</code> structure containing execution statistics.</p>"
+        },
+        "PlanningStatistics":{
+          "shape":"PlanningStatistics",
+          "documentation":"<p>A <code>PlanningStatistics</code> structure containing query planning statistics.</p>"
+        },
+        "QuerySubmissionTime":{
+          "shape":"DateTime",
+          "documentation":"<p>The time that the query was submitted.</p>"
+        }
+      }
+    },
     "GetResourceLFTagsRequest":{
       "type":"structure",
       "required":["Resource"],
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Resource":{
           "shape":"Resource",
-          "documentation":"<p>The resource for which you want to return tags.</p>"
+          "documentation":"<p>The database, table, or column resource for which you want to return LF-tags.</p>"
         },
         "ShowAssignedLFTags":{
           "shape":"BooleanNullable",
-          "documentation":"<p>Indicates whether to show the assigned tags.</p>"
+          "documentation":"<p>Indicates whether to show the assigned LF-tags.</p>"
         }
       }
     },
@@ -963,18 +1752,264 @@
       "members":{
         "LFTagOnDatabase":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags applied to a database resource.</p>"
+          "documentation":"<p>A list of LF-tags applied to a database resource.</p>"
         },
         "LFTagsOnTable":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags applied to a table resource.</p>"
+          "documentation":"<p>A list of LF-tags applied to a table resource.</p>"
         },
         "LFTagsOnColumns":{
           "shape":"ColumnLFTagsList",
-          "documentation":"<p>A list of tags applied to a column resource.</p>"
+          "documentation":"<p>A list of LF-tags applied to a column resource.</p>"
         }
       }
     },
+    "GetTableObjectsRequest":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName"
+      ],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The catalog containing the governed table. Defaults to the caller’s account.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>The database containing the governed table.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>The governed table for which to retrieve objects.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to read the governed table contents. If this transaction has aborted, an error is returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with <code>QueryAsOfTime</code>.</p>"
+        },
+        "QueryAsOfTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time as of when to read the governed table contents. If not set, the most recent transaction commit time is used. Cannot be specified along with <code>TransactionId</code>.</p>"
+        },
+        "PartitionPredicate":{
+          "shape":"PredicateString",
+          "documentation":"<p>A predicate to filter the objects returned based on the partition keys defined in the governed table.</p> <ul> <li> <p>The comparison operators supported are: =, &gt;, &lt;, &gt;=, &lt;=</p> </li> <li> <p>The logical operators supported are: AND</p> </li> <li> <p>The data types supported are integer, long, date(yyyy-MM-dd), timestamp(yyyy-MM-dd HH:mm:ssXXX or yyyy-MM-dd HH:mm:ss\"), string and decimal.</p> </li> </ul>"
+        },
+        "MaxResults":{
+          "shape":"PageSize",
+          "documentation":"<p>Specifies how many values to return in a page.</p>"
+        },
+        "NextToken":{
+          "shape":"TokenString",
+          "documentation":"<p>A continuation token if this is not the first call to retrieve these objects.</p>"
+        }
+      }
+    },
+    "GetTableObjectsResponse":{
+      "type":"structure",
+      "members":{
+        "Objects":{
+          "shape":"PartitionedTableObjectsList",
+          "documentation":"<p>A list of objects organized by partition keys.</p>"
+        },
+        "NextToken":{
+          "shape":"TokenString",
+          "documentation":"<p>A continuation token indicating whether additional data is available.</p>"
+        }
+      }
+    },
+    "GetTemporaryGluePartitionCredentialsRequest":{
+      "type":"structure",
+      "required":[
+        "TableArn",
+        "Partition",
+        "SupportedPermissionTypes"
+      ],
+      "members":{
+        "TableArn":{
+          "shape":"ResourceArnString",
+          "documentation":"<p>The ARN of the partitions' table.</p>"
+        },
+        "Partition":{
+          "shape":"PartitionValueList",
+          "documentation":"<p>A list of partition values identifying a single partition.</p>"
+        },
+        "Permissions":{
+          "shape":"PermissionList",
+          "documentation":"<p>Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).</p>"
+        },
+        "DurationSeconds":{
+          "shape":"CredentialTimeoutDurationSecondInteger",
+          "documentation":"<p>The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.</p>"
+        },
+        "AuditContext":{
+          "shape":"AuditContext",
+          "documentation":"<p>A structure representing context to access a resource (column names, query ID, etc).</p>"
+        },
+        "SupportedPermissionTypes":{
+          "shape":"PermissionTypeList",
+          "documentation":"<p>A list of supported permission types for the partition. Valid values are <code>COLUMN_PERMISSION</code> and <code>CELL_FILTER_PERMISSION</code>.</p>"
+        }
+      }
+    },
+    "GetTemporaryGluePartitionCredentialsResponse":{
+      "type":"structure",
+      "members":{
+        "AccessKeyId":{
+          "shape":"AccessKeyIdString",
+          "documentation":"<p>The access key ID for the temporary credentials.</p>"
+        },
+        "SecretAccessKey":{
+          "shape":"SecretAccessKeyString",
+          "documentation":"<p>The secret key for the temporary credentials.</p>"
+        },
+        "SessionToken":{
+          "shape":"SessionTokenString",
+          "documentation":"<p>The session token for the temporary credentials.</p>"
+        },
+        "Expiration":{
+          "shape":"ExpirationTimestamp",
+          "documentation":"<p>The date and time when the temporary credentials expire.</p>"
+        }
+      }
+    },
+    "GetTemporaryGlueTableCredentialsRequest":{
+      "type":"structure",
+      "required":[
+        "TableArn",
+        "SupportedPermissionTypes"
+      ],
+      "members":{
+        "TableArn":{
+          "shape":"ResourceArnString",
+          "documentation":"<p>The ARN identifying a table in the Data Catalog for the temporary credentials request.</p>"
+        },
+        "Permissions":{
+          "shape":"PermissionList",
+          "documentation":"<p>Filters the request based on the user having been granted a list of specified permissions on the requested resource(s).</p>"
+        },
+        "DurationSeconds":{
+          "shape":"CredentialTimeoutDurationSecondInteger",
+          "documentation":"<p>The time period, between 900 and 21,600 seconds, for the timeout of the temporary credentials.</p>"
+        },
+        "AuditContext":{
+          "shape":"AuditContext",
+          "documentation":"<p>A structure representing context to access a resource (column names, query ID, etc).</p>"
+        },
+        "SupportedPermissionTypes":{
+          "shape":"PermissionTypeList",
+          "documentation":"<p>A list of supported permission types for the table. Valid values are <code>COLUMN_PERMISSION</code> and <code>CELL_FILTER_PERMISSION</code>.</p>"
+        }
+      }
+    },
+    "GetTemporaryGlueTableCredentialsResponse":{
+      "type":"structure",
+      "members":{
+        "AccessKeyId":{
+          "shape":"AccessKeyIdString",
+          "documentation":"<p>The access key ID for the temporary credentials.</p>"
+        },
+        "SecretAccessKey":{
+          "shape":"SecretAccessKeyString",
+          "documentation":"<p>The secret key for the temporary credentials.</p>"
+        },
+        "SessionToken":{
+          "shape":"SessionTokenString",
+          "documentation":"<p>The session token for the temporary credentials.</p>"
+        },
+        "Expiration":{
+          "shape":"ExpirationTimestamp",
+          "documentation":"<p>The date and time when the temporary credentials expire.</p>"
+        }
+      }
+    },
+    "GetWorkUnitResultsRequest":{
+      "type":"structure",
+      "required":[
+        "QueryId",
+        "WorkUnitId",
+        "WorkUnitToken"
+      ],
+      "members":{
+        "QueryId":{
+          "shape":"GetWorkUnitResultsRequestQueryIdString",
+          "documentation":"<p>The ID of the plan query operation for which to get results.</p>"
+        },
+        "WorkUnitId":{
+          "shape":"GetWorkUnitResultsRequestWorkUnitIdLong",
+          "documentation":"<p>The work unit ID for which to get results. Value generated by enumerating <code>WorkUnitIdMin</code> to <code>WorkUnitIdMax</code> (inclusive) from the <code>WorkUnitRange</code> in the output of <code>GetWorkUnits</code>.</p>"
+        },
+        "WorkUnitToken":{
+          "shape":"SyntheticGetWorkUnitResultsRequestWorkUnitTokenString",
+          "documentation":"<p>A work token used to query the execution service. Token output from <code>GetWorkUnits</code>.</p>"
+        }
+      }
+    },
+    "GetWorkUnitResultsRequestQueryIdString":{
+      "type":"string",
+      "max":36,
+      "min":36
+    },
+    "GetWorkUnitResultsRequestWorkUnitIdLong":{
+      "type":"long",
+      "min":0
+    },
+    "GetWorkUnitResultsResponse":{
+      "type":"structure",
+      "members":{
+        "ResultStream":{
+          "shape":"ResultStream",
+          "documentation":"<p>Rows returned from the <code>GetWorkUnitResults</code> operation as a stream of Apache Arrow v1.0 messages.</p>"
+        }
+      },
+      "documentation":"<p>A structure for the output.</p>",
+      "payload":"ResultStream"
+    },
+    "GetWorkUnitsRequest":{
+      "type":"structure",
+      "required":["QueryId"],
+      "members":{
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token, if this is a continuation call.</p>"
+        },
+        "PageSize":{
+          "shape":"Integer",
+          "documentation":"<p>The size of each page to get in the Amazon Web Services service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the Amazon Web Services service, retrieving fewer items in each call. This can help prevent the Amazon Web Services service calls from timing out.</p>"
+        },
+        "QueryId":{
+          "shape":"GetWorkUnitsRequestQueryIdString",
+          "documentation":"<p>The ID of the plan query operation.</p>"
+        }
+      }
+    },
+    "GetWorkUnitsRequestQueryIdString":{
+      "type":"string",
+      "max":36,
+      "min":36
+    },
+    "GetWorkUnitsResponse":{
+      "type":"structure",
+      "required":[
+        "QueryId",
+        "WorkUnitRanges"
+      ],
+      "members":{
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.</p>"
+        },
+        "QueryId":{
+          "shape":"QueryIdString",
+          "documentation":"<p>The ID of the plan query operation.</p>"
+        },
+        "WorkUnitRanges":{
+          "shape":"WorkUnitRangeList",
+          "documentation":"<p>A <code>WorkUnitRangeList</code> object that specifies the valid range of work unit IDs for querying the execution service.</p>"
+        }
+      },
+      "documentation":"<p>A structure for the output.</p>"
+    },
     "GlueEncryptionException":{
       "type":"structure",
       "members":{
@@ -996,7 +2031,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Principal":{
           "shape":"DataLakePrincipal",
@@ -1004,11 +2039,11 @@
         },
         "Resource":{
           "shape":"Resource",
-          "documentation":"<p>The resource to which permissions are to be granted. Resources in AWS Lake Formation are the Data Catalog, databases, and tables.</p>"
+          "documentation":"<p>The resource to which permissions are to be granted. Resources in Lake Formation are the Data Catalog, databases, and tables.</p>"
         },
         "Permissions":{
           "shape":"PermissionList",
-          "documentation":"<p>The permissions granted to the principal on the resource. AWS Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. AWS Lake Formation requires that each principal be authorized to perform a specific task on AWS Lake Formation resources. </p>"
+          "documentation":"<p>The permissions granted to the principal on the resource. Lake Formation defines privileges to grant and revoke access to metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Lake Formation requires that each principal be authorized to perform a specific task on Lake Formation resources. </p>"
         },
         "PermissionsWithGrantOption":{
           "shape":"PermissionList",
@@ -1030,6 +2065,10 @@
       "max":255,
       "min":1
     },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
     "InternalServiceException":{
       "type":"structure",
       "members":{
@@ -1039,6 +2078,7 @@
         }
       },
       "documentation":"<p>An internal service error occurred.</p>",
+      "error":{"httpStatusCode":500},
       "exception":true,
       "fault":true
     },
@@ -1051,6 +2091,10 @@
         }
       },
       "documentation":"<p>The input provided was not valid.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
       "exception":true
     },
     "LFTag":{
@@ -1062,25 +2106,25 @@
       "members":{
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         },
         "TagValues":{
           "shape":"TagValueList",
           "documentation":"<p>A list of possible values an attribute can take.</p>"
         }
       },
-      "documentation":"<p>A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns not tagged 'PII' of tables tagged 'Prod'.</p>"
+      "documentation":"<p>A structure that allows an admin to grant user permissions on certain conditions. For example, granting a role access to all columns that do not have the LF-tag 'PII' in tables that have the LF-tag 'Prod'.</p>"
     },
     "LFTagError":{
       "type":"structure",
       "members":{
         "LFTag":{
           "shape":"LFTagPair",
-          "documentation":"<p>The key-name of the tag.</p>"
+          "documentation":"<p>The key-name of the LF-tag.</p>"
         },
         "Error":{
           "shape":"ErrorDetail",
-          "documentation":"<p>An error that occurred with the attachment or detachment of the tag.</p>"
+          "documentation":"<p>An error that occurred with the attachment or detachment of the LF-tag.</p>"
         }
       },
       "documentation":"<p>A structure containing an error related to a <code>TagResource</code> or <code>UnTagResource</code> operation.</p>"
@@ -1104,18 +2148,18 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"NameString",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         },
         "TagValues":{
           "shape":"TagValueList",
           "documentation":"<p>A list of possible values an attribute can take.</p>"
         }
       },
-      "documentation":"<p>A structure containing a tag key and values for a resource.</p>"
+      "documentation":"<p>A structure containing an LF-tag key and values for a resource.</p>"
     },
     "LFTagPair":{
       "type":"structure",
@@ -1126,18 +2170,18 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag.</p>"
+          "documentation":"<p>The key-name for the LF-tag.</p>"
         },
         "TagValues":{
           "shape":"TagValueList",
           "documentation":"<p>A list of possible values an attribute can take.</p>"
         }
       },
-      "documentation":"<p>A structure containing a tag key-value pair.</p>"
+      "documentation":"<p>A structure containing an LF-tag key-value pair.</p>"
     },
     "LFTagPolicyResource":{
       "type":"structure",
@@ -1148,18 +2192,18 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "ResourceType":{
           "shape":"ResourceType",
-          "documentation":"<p>The resource type for which the tag policy applies.</p>"
+          "documentation":"<p>The resource type for which the LF-tag policy applies.</p>"
         },
         "Expression":{
           "shape":"Expression",
-          "documentation":"<p>A list of tag conditions that apply to the resource's tag policy.</p>"
+          "documentation":"<p>A list of LF-tag conditions that apply to the resource's LF-tag policy.</p>"
         }
       },
-      "documentation":"<p>A structure containing a list of tag conditions that apply to a resource's tag policy.</p>"
+      "documentation":"<p>A structure containing a list of LF-tag conditions that apply to a resource's LF-tag policy.</p>"
     },
     "LFTagValue":{
       "type":"string",
@@ -1174,16 +2218,46 @@
       "min":1
     },
     "LastModifiedTimestamp":{"type":"timestamp"},
+    "ListDataCellsFilterRequest":{
+      "type":"structure",
+      "members":{
+        "Table":{
+          "shape":"TableResource",
+          "documentation":"<p>A table in the Glue Data Catalog.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token, if this is a continuation call.</p>"
+        },
+        "MaxResults":{
+          "shape":"PageSize",
+          "documentation":"<p>The maximum size of the response.</p>"
+        }
+      }
+    },
+    "ListDataCellsFilterResponse":{
+      "type":"structure",
+      "members":{
+        "DataCellsFilters":{
+          "shape":"DataCellsFilterList",
+          "documentation":"<p>A list of <code>DataCellFilter</code> structures.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token, if not all requested data cell filters have been returned.</p>"
+        }
+      }
+    },
     "ListLFTagsRequest":{
       "type":"structure",
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "ResourceShareType":{
           "shape":"ResourceShareType",
-          "documentation":"<p>If resource share type is <code>ALL</code>, returns both in-account tags and shared tags that the requester has permission to view. If resource share type is <code>FOREIGN</code>, returns all share tags that the requester can view. If no resource share type is passed, lists tags in the given catalog ID that the requester has permission to view.</p>"
+          "documentation":"<p>If resource share type is <code>ALL</code>, returns both in-account LF-tags and shared LF-tags that the requester has permission to view. If resource share type is <code>FOREIGN</code>, returns all share LF-tags that the requester can view. If no resource share type is passed, lists LF-tags in the given catalog ID that the requester has permission to view.</p>"
         },
         "MaxResults":{
           "shape":"PageSize",
@@ -1200,7 +2274,7 @@
       "members":{
         "LFTags":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags that the requested has permission to view.</p>"
+          "documentation":"<p>A list of LF-tags that the requested has permission to view.</p>"
         },
         "NextToken":{
           "shape":"Token",
@@ -1213,7 +2287,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Principal":{
           "shape":"DataLakePrincipal",
@@ -1234,6 +2308,10 @@
         "MaxResults":{
           "shape":"PageSize",
           "documentation":"<p>The maximum number of results to return.</p>"
+        },
+        "IncludeRelated":{
+          "shape":"TrueFalseString",
+          "documentation":"<p>Indicates that related permissions should be included in the results.</p>"
         }
       }
     },
@@ -1280,6 +2358,86 @@
         }
       }
     },
+    "ListTableStorageOptimizersRequest":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName"
+      ],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The Catalog ID of the table.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>Name of the database where the table is present.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>Name of the table.</p>"
+        },
+        "StorageOptimizerType":{
+          "shape":"OptimizerType",
+          "documentation":"<p>The specific type of storage optimizers to list. The supported value is <code>compaction</code>.</p>"
+        },
+        "MaxResults":{
+          "shape":"PageSize",
+          "documentation":"<p>The number of storage optimizers to return on each call.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token, if this is a continuation call.</p>"
+        }
+      }
+    },
+    "ListTableStorageOptimizersResponse":{
+      "type":"structure",
+      "members":{
+        "StorageOptimizerList":{
+          "shape":"StorageOptimizerList",
+          "documentation":"<p>A list of the storage optimizers associated with a table.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A continuation token for paginating the returned list of tokens, returned if the current segment of the list is not the last.</p>"
+        }
+      }
+    },
+    "ListTransactionsRequest":{
+      "type":"structure",
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The catalog for which to list transactions. Defaults to the account ID of the caller.</p>"
+        },
+        "StatusFilter":{
+          "shape":"TransactionStatusFilter",
+          "documentation":"<p> A filter indicating the status of transactions to return. Options are ALL | COMPLETED | COMMITTED | ABORTED | ACTIVE. The default is <code>ALL</code>.</p>"
+        },
+        "MaxResults":{
+          "shape":"PageSize",
+          "documentation":"<p>The maximum number of transactions to return in a single call.</p>"
+        },
+        "NextToken":{
+          "shape":"TokenString",
+          "documentation":"<p>A continuation token if this is not the first call to retrieve transactions.</p>"
+        }
+      }
+    },
+    "ListTransactionsResponse":{
+      "type":"structure",
+      "members":{
+        "Transactions":{
+          "shape":"TransactionDescriptionList",
+          "documentation":"<p>A list of transactions. The record for each transaction is a <code>TransactionDescription</code> object.</p>"
+        },
+        "NextToken":{
+          "shape":"TokenString",
+          "documentation":"<p>A continuation token indicating whether additional data is available.</p>"
+        }
+      }
+    },
     "MessageString":{"type":"string"},
     "NameString":{
       "type":"string",
@@ -1291,6 +2449,10 @@
       "type":"boolean",
       "box":true
     },
+    "NumberOfBytes":{"type":"long"},
+    "NumberOfItems":{"type":"long"},
+    "NumberOfMilliseconds":{"type":"long"},
+    "ObjectSize":{"type":"long"},
     "OperationTimeoutException":{
       "type":"structure",
       "members":{
@@ -1302,12 +2464,59 @@
       "documentation":"<p>The operation timed out.</p>",
       "exception":true
     },
+    "OptimizerType":{
+      "type":"string",
+      "enum":[
+        "COMPACTION",
+        "GARBAGE_COLLECTION",
+        "ALL"
+      ]
+    },
     "PageSize":{
       "type":"integer",
       "box":true,
       "max":1000,
       "min":1
     },
+    "PartitionObjects":{
+      "type":"structure",
+      "members":{
+        "PartitionValues":{
+          "shape":"PartitionValuesList",
+          "documentation":"<p>A list of partition values.</p>"
+        },
+        "Objects":{
+          "shape":"TableObjectList",
+          "documentation":"<p>A list of table objects</p>"
+        }
+      },
+      "documentation":"<p>A structure containing a list of partition values and table objects.</p>"
+    },
+    "PartitionValueList":{
+      "type":"structure",
+      "required":["Values"],
+      "members":{
+        "Values":{
+          "shape":"ValueStringList",
+          "documentation":"<p>The list of partition values.</p>"
+        }
+      },
+      "documentation":"<p>Contains a list of values defining partitions.</p>"
+    },
+    "PartitionValueString":{
+      "type":"string",
+      "max":1024
+    },
+    "PartitionValuesList":{
+      "type":"list",
+      "member":{"shape":"PartitionValueString"},
+      "max":100,
+      "min":1
+    },
+    "PartitionedTableObjectsList":{
+      "type":"list",
+      "member":{"shape":"PartitionObjects"}
+    },
     "Permission":{
       "type":"string",
       "enum":[
@@ -1332,6 +2541,58 @@
       "type":"list",
       "member":{"shape":"Permission"}
     },
+    "PermissionType":{
+      "type":"string",
+      "enum":[
+        "COLUMN_PERMISSION",
+        "CELL_FILTER_PERMISSION"
+      ]
+    },
+    "PermissionTypeList":{
+      "type":"list",
+      "member":{"shape":"PermissionType"},
+      "max":255,
+      "min":1
+    },
+    "PermissionTypeMismatchException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the problem.</p>"
+        }
+      },
+      "documentation":"<p>The engine does not support filtering data based on the enforced permissions. For example, if you call the <code>GetTemporaryGlueTableCredentials</code> operation with <code>SupportedPermissionType</code> equal to <code>ColumnPermission</code>, but cell-level permissions exist on the table, this exception is thrown.</p>",
+      "exception":true
+    },
+    "PlanningStatistics":{
+      "type":"structure",
+      "members":{
+        "EstimatedDataToScanBytes":{
+          "shape":"NumberOfBytes",
+          "documentation":"<p>An estimate of the data that was scanned in bytes.</p>"
+        },
+        "PlanningTimeMillis":{
+          "shape":"NumberOfMilliseconds",
+          "documentation":"<p>The time that it took to process the request.</p>"
+        },
+        "QueueTimeMillis":{
+          "shape":"NumberOfMilliseconds",
+          "documentation":"<p>The time the request was in queue to be processed.</p>"
+        },
+        "WorkUnitsGeneratedCount":{
+          "shape":"NumberOfItems",
+          "documentation":"<p>The number of work units generated.</p>"
+        }
+      },
+      "documentation":"<p>Statistics related to the processing of a query statement.</p>"
+    },
+    "PredicateString":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
+    },
     "PrincipalPermissions":{
       "type":"structure",
       "members":{
@@ -1386,11 +2647,11 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "DataLakeSettings":{
           "shape":"DataLakeSettings",
-          "documentation":"<p>A structure representing a list of AWS Lake Formation principals designated as data lake administrators.</p>"
+          "documentation":"<p>A structure representing a list of Lake Formation principals designated as data lake administrators.</p>"
         }
       }
     },
@@ -1399,6 +2660,54 @@
       "members":{
       }
     },
+    "QueryIdString":{"type":"string"},
+    "QueryParameterMap":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"String"}
+    },
+    "QueryPlanningContext":{
+      "type":"structure",
+      "required":["DatabaseName"],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The ID of the Data Catalog where the partition in question resides. If none is provided, the Amazon Web Services account ID is used by default.</p>"
+        },
+        "DatabaseName":{
+          "shape":"QueryPlanningContextDatabaseNameString",
+          "documentation":"<p>The database containing the table.</p>"
+        },
+        "QueryAsOfTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time as of when to read the table contents. If not set, the most recent transaction commit time will be used. Cannot be specified along with <code>TransactionId</code>.</p>"
+        },
+        "QueryParameters":{
+          "shape":"QueryParameterMap",
+          "documentation":"<p>A map consisting of key-value pairs.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction ID at which to read the table contents. If this transaction is not committed, the read will be treated as part of that transaction and will see its writes. If this transaction has aborted, an error will be returned. If not set, defaults to the most recent committed transaction. Cannot be specified along with <code>QueryAsOfTime</code>.</p>"
+        }
+      },
+      "documentation":"<p>A structure containing information about the query plan.</p>"
+    },
+    "QueryPlanningContextDatabaseNameString":{
+      "type":"string",
+      "min":1,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
+    },
+    "QueryStateString":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "WORKUNITS_AVAILABLE",
+        "ERROR",
+        "FINISHED",
+        "EXPIRED"
+      ]
+    },
     "RAMResourceShareArn":{"type":"string"},
     "RegisterResourceRequest":{
       "type":"structure",
@@ -1410,7 +2719,7 @@
         },
         "UseServiceLinkedRole":{
           "shape":"NullableBoolean",
-          "documentation":"<p>Designates an AWS Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.</p> <p>For more information, see <a href=\"https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html\">Using Service-Linked Roles for Lake Formation</a>.</p>"
+          "documentation":"<p>Designates an Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. A service-linked role is a unique type of IAM role that is linked directly to Lake Formation.</p> <p>For more information, see <a href=\"https://docs-aws.amazon.com/lake-formation/latest/dg/service-linked-roles.html\">Using Service-Linked Roles for Lake Formation</a>.</p>"
         },
         "RoleArn":{
           "shape":"IAMRoleArn",
@@ -1432,15 +2741,15 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Resource":{
           "shape":"Resource",
-          "documentation":"<p>The resource where you want to remove a tag.</p>"
+          "documentation":"<p>The database, table, or column resource where you want to remove an LF-tag.</p>"
         },
         "LFTags":{
           "shape":"LFTagsList",
-          "documentation":"<p>The tags to be removed from the resource.</p>"
+          "documentation":"<p>The LF-tags to be removed from the resource.</p>"
         }
       }
     },
@@ -1458,7 +2767,7 @@
       "members":{
         "Catalog":{
           "shape":"CatalogResource",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Database":{
           "shape":"DatabaseResource",
@@ -1476,13 +2785,17 @@
           "shape":"DataLocationResource",
           "documentation":"<p>The location of an Amazon S3 path where permissions are granted or revoked. </p>"
         },
+        "DataCellsFilter":{
+          "shape":"DataCellsFilterResource",
+          "documentation":"<p>A data cell filter.</p>"
+        },
         "LFTag":{
           "shape":"LFTagKeyResource",
-          "documentation":"<p>The tag key and values attached to a resource.</p>"
+          "documentation":"<p>The LF-tag key and values attached to a resource.</p>"
         },
         "LFTagPolicy":{
           "shape":"LFTagPolicyResource",
-          "documentation":"<p>A list of tag conditions that define a resource's tag policy.</p>"
+          "documentation":"<p>A list of LF-tag conditions that define a resource's LF-tag policy.</p>"
         }
       },
       "documentation":"<p>A structure for the resource.</p>"
@@ -1504,12 +2817,24 @@
           "documentation":"<p>The date and time the resource was last modified.</p>"
         }
       },
-      "documentation":"<p>A structure containing information about an AWS Lake Formation resource.</p>"
+      "documentation":"<p>A structure containing information about an Lake Formation resource.</p>"
     },
     "ResourceInfoList":{
       "type":"list",
       "member":{"shape":"ResourceInfo"}
     },
+    "ResourceNotReadyException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error related to a resource which is not ready for a transaction.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
     "ResourceNumberLimitExceededException":{
       "type":"structure",
       "members":{
@@ -1539,6 +2864,11 @@
         "TABLE"
       ]
     },
+    "Result":{"type":"string"},
+    "ResultStream":{
+      "type":"blob",
+      "streaming":true
+    },
     "RevokePermissionsRequest":{
       "type":"structure",
       "required":[
@@ -1549,7 +2879,7 @@
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Principal":{
           "shape":"DataLakePrincipal",
@@ -1574,6 +2904,20 @@
       "members":{
       }
     },
+    "RowFilter":{
+      "type":"structure",
+      "members":{
+        "FilterExpression":{
+          "shape":"PredicateString",
+          "documentation":"<p>A filter expression.</p>"
+        },
+        "AllRowsWildcard":{
+          "shape":"AllRowsWildcard",
+          "documentation":"<p>A wildcard for all rows.</p>"
+        }
+      },
+      "documentation":"<p>A PartiQL predicate.</p>"
+    },
     "SearchDatabasesByLFTagsRequest":{
       "type":"structure",
       "required":["Expression"],
@@ -1588,7 +2932,7 @@
         },
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Expression":{
           "shape":"Expression",
@@ -1605,7 +2949,7 @@
         },
         "DatabaseList":{
           "shape":"DatabaseLFTagsList",
-          "documentation":"<p>A list of databases that meet the tag conditions.</p>"
+          "documentation":"<p>A list of databases that meet the LF-tag conditions.</p>"
         }
       }
     },
@@ -1623,7 +2967,7 @@
         },
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "Expression":{
           "shape":"Expression",
@@ -1640,19 +2984,157 @@
         },
         "TableList":{
           "shape":"TableLFTagsList",
-          "documentation":"<p>A list of tables that meet the tag conditions.</p>"
+          "documentation":"<p>A list of tables that meet the LF-tag conditions.</p>"
+        }
+      }
+    },
+    "SecretAccessKeyString":{"type":"string"},
+    "SessionTokenString":{"type":"string"},
+    "StartQueryPlanningRequest":{
+      "type":"structure",
+      "required":[
+        "QueryPlanningContext",
+        "QueryString"
+      ],
+      "members":{
+        "QueryPlanningContext":{
+          "shape":"QueryPlanningContext",
+          "documentation":"<p>A structure containing information about the query plan.</p>"
+        },
+        "QueryString":{
+          "shape":"SyntheticStartQueryPlanningRequestQueryString",
+          "documentation":"<p>A PartiQL query statement used as an input to the planner service.</p>"
+        }
+      }
+    },
+    "StartQueryPlanningResponse":{
+      "type":"structure",
+      "required":["QueryId"],
+      "members":{
+        "QueryId":{
+          "shape":"QueryIdString",
+          "documentation":"<p>The ID of the plan query operation can be used to fetch the actual work unit descriptors that are produced as the result of the operation. The ID is also used to get the query state and as an input to the <code>Execute</code> operation.</p>"
+        }
+      },
+      "documentation":"<p>A structure for the output.</p>"
+    },
+    "StartTransactionRequest":{
+      "type":"structure",
+      "members":{
+        "TransactionType":{
+          "shape":"TransactionType",
+          "documentation":"<p>Indicates whether this transaction should be read only or read and write. Writes made using a read-only transaction ID will be rejected. Read-only transactions do not need to be committed. </p>"
         }
       }
     },
+    "StartTransactionResponse":{
+      "type":"structure",
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>An opaque identifier for the transaction.</p>"
+        }
+      }
+    },
+    "StatisticsNotReadyYetException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error related to statistics not being ready.</p>",
+      "error":{
+        "httpStatusCode":420,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "StorageOptimizer":{
+      "type":"structure",
+      "members":{
+        "StorageOptimizerType":{
+          "shape":"OptimizerType",
+          "documentation":"<p>The specific type of storage optimizer. The supported value is <code>compaction</code>.</p>"
+        },
+        "Config":{
+          "shape":"StorageOptimizerConfig",
+          "documentation":"<p>A map of the storage optimizer configuration. Currently contains only one key-value pair: <code>is_enabled</code> indicates true or false for acceleration.</p>"
+        },
+        "ErrorMessage":{
+          "shape":"MessageString",
+          "documentation":"<p>A message that contains information about any error (if present).</p> <p>When an acceleration result has an enabled status, the error message is empty.</p> <p>When an acceleration result has a disabled status, the message describes an error or simply indicates \"disabled by the user\".</p>"
+        },
+        "Warnings":{
+          "shape":"MessageString",
+          "documentation":"<p>A message that contains information about any warnings (if present).</p>"
+        },
+        "LastRunDetails":{
+          "shape":"MessageString",
+          "documentation":"<p>When an acceleration result has an enabled status, contains the details of the last job run.</p>"
+        }
+      },
+      "documentation":"<p>A structure describing the configuration and details of a storage optimizer.</p>"
+    },
+    "StorageOptimizerConfig":{
+      "type":"map",
+      "key":{"shape":"StorageOptimizerConfigKey"},
+      "value":{"shape":"StorageOptimizerConfigValue"}
+    },
+    "StorageOptimizerConfigKey":{"type":"string"},
+    "StorageOptimizerConfigMap":{
+      "type":"map",
+      "key":{"shape":"OptimizerType"},
+      "value":{"shape":"StorageOptimizerConfig"}
+    },
+    "StorageOptimizerConfigValue":{"type":"string"},
+    "StorageOptimizerList":{
+      "type":"list",
+      "member":{"shape":"StorageOptimizer"}
+    },
+    "String":{"type":"string"},
     "StringValue":{"type":"string"},
     "StringValueList":{
       "type":"list",
       "member":{"shape":"StringValue"}
     },
+    "SyntheticGetWorkUnitResultsRequestWorkUnitTokenString":{
+      "type":"string",
+      "min":1,
+      "sensitive":true
+    },
+    "SyntheticStartQueryPlanningRequestQueryString":{
+      "type":"string",
+      "min":1,
+      "sensitive":true
+    },
     "TableLFTagsList":{
       "type":"list",
       "member":{"shape":"TaggedTable"}
     },
+    "TableObject":{
+      "type":"structure",
+      "members":{
+        "Uri":{
+          "shape":"URI",
+          "documentation":"<p>The Amazon S3 location of the object.</p>"
+        },
+        "ETag":{
+          "shape":"ETagString",
+          "documentation":"<p>The Amazon S3 ETag of the object. Returned by <code>GetTableObjects</code> for validation and used to identify changes to the underlying data.</p>"
+        },
+        "Size":{
+          "shape":"ObjectSize",
+          "documentation":"<p>The size of the Amazon S3 object in bytes.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the details of a governed table.</p>"
+    },
+    "TableObjectList":{
+      "type":"list",
+      "member":{"shape":"TableObject"}
+    },
     "TableResource":{
       "type":"structure",
       "required":["DatabaseName"],
@@ -1723,61 +3205,188 @@
       "members":{
         "Database":{
           "shape":"DatabaseResource",
-          "documentation":"<p>A database that has tags attached to it.</p>"
+          "documentation":"<p>A database that has LF-tags attached to it.</p>"
         },
         "LFTags":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags attached to the database.</p>"
+          "documentation":"<p>A list of LF-tags attached to the database.</p>"
         }
       },
-      "documentation":"<p>A structure describing a database resource with tags.</p>"
+      "documentation":"<p>A structure describing a database resource with LF-tags.</p>"
     },
     "TaggedTable":{
       "type":"structure",
       "members":{
         "Table":{
           "shape":"TableResource",
-          "documentation":"<p>A table that has tags attached to it.</p>"
+          "documentation":"<p>A table that has LF-tags attached to it.</p>"
         },
         "LFTagOnDatabase":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags attached to the database where the table resides.</p>"
+          "documentation":"<p>A list of LF-tags attached to the database where the table resides.</p>"
         },
         "LFTagsOnTable":{
           "shape":"LFTagsList",
-          "documentation":"<p>A list of tags attached to the table.</p>"
+          "documentation":"<p>A list of LF-tags attached to the table.</p>"
         },
         "LFTagsOnColumns":{
           "shape":"ColumnLFTagsList",
-          "documentation":"<p>A list of tags attached to columns in the table.</p>"
+          "documentation":"<p>A list of LF-tags attached to columns in the table.</p>"
         }
       },
-      "documentation":"<p>A structure describing a table resource with tags.</p>"
+      "documentation":"<p>A structure describing a table resource with LF-tags.</p>"
     },
+    "ThrottledException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error where the query request was throttled.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true,
+      "retryable":{"throttling":true}
+    },
+    "Timestamp":{"type":"timestamp"},
     "Token":{"type":"string"},
+    "TokenString":{
+      "type":"string",
+      "max":4096
+    },
+    "TransactionCanceledException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error related to a transaction that was cancelled.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "TransactionCommitInProgressException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error related to a transaction commit that was in progress.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "TransactionCommittedException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error where the specified transaction has already been committed and cannot be used for <code>UpdateTableObjects</code>.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "TransactionDescription":{
+      "type":"structure",
+      "members":{
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The ID of the transaction.</p>"
+        },
+        "TransactionStatus":{
+          "shape":"TransactionStatus",
+          "documentation":"<p>A status of ACTIVE, COMMITTED, or ABORTED.</p>"
+        },
+        "TransactionStartTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the transaction started.</p>"
+        },
+        "TransactionEndTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the transaction committed or aborted, if it is not currently active.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about a transaction.</p>"
+    },
+    "TransactionDescriptionList":{
+      "type":"list",
+      "member":{"shape":"TransactionDescription"}
+    },
+    "TransactionIdString":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"[\\p{L}\\p{N}\\p{P}]*"
+    },
+    "TransactionStatus":{
+      "type":"string",
+      "enum":[
+        "ACTIVE",
+        "COMMITTED",
+        "ABORTED",
+        "COMMIT_IN_PROGRESS"
+      ]
+    },
+    "TransactionStatusFilter":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "COMPLETED",
+        "ACTIVE",
+        "COMMITTED",
+        "ABORTED"
+      ]
+    },
+    "TransactionType":{
+      "type":"string",
+      "enum":[
+        "READ_AND_WRITE",
+        "READ_ONLY"
+      ]
+    },
+    "TrueFalseString":{
+      "type":"string",
+      "max":5,
+      "min":1,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
+    },
     "TrustedResourceOwners":{
       "type":"list",
       "member":{"shape":"CatalogIdString"}
     },
+    "URI":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*"
+    },
     "UpdateLFTagRequest":{
       "type":"structure",
       "required":["TagKey"],
       "members":{
         "CatalogId":{
           "shape":"CatalogIdString",
-          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your AWS Lake Formation environment. </p>"
+          "documentation":"<p>The identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment. </p>"
         },
         "TagKey":{
           "shape":"LFTagKey",
-          "documentation":"<p>The key-name for the tag for which to add or delete values.</p>"
+          "documentation":"<p>The key-name for the LF-tag for which to add or delete values.</p>"
         },
         "TagValuesToDelete":{
           "shape":"TagValueList",
-          "documentation":"<p>A list of tag values to delete from the tag.</p>"
+          "documentation":"<p>A list of LF-tag values to delete from the LF-tag.</p>"
         },
         "TagValuesToAdd":{
           "shape":"TagValueList",
-          "documentation":"<p>A list of tag values to add from the tag.</p>"
+          "documentation":"<p>A list of LF-tag values to add from the LF-tag.</p>"
         }
       }
     },
@@ -1795,7 +3404,7 @@
       "members":{
         "RoleArn":{
           "shape":"IAMRoleArn",
-          "documentation":"<p>The new role to use for the given resource registered in AWS Lake Formation.</p>"
+          "documentation":"<p>The new role to use for the given resource registered in Lake Formation.</p>"
         },
         "ResourceArn":{
           "shape":"ResourceArnString",
@@ -1807,7 +3416,168 @@
       "type":"structure",
       "members":{
       }
+    },
+    "UpdateTableObjectsRequest":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName",
+        "WriteOperations"
+      ],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The catalog containing the governed table to update. Defaults to the caller’s account ID.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>The database containing the governed table to update.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>The governed table to update.</p>"
+        },
+        "TransactionId":{
+          "shape":"TransactionIdString",
+          "documentation":"<p>The transaction at which to do the write.</p>"
+        },
+        "WriteOperations":{
+          "shape":"WriteOperationList",
+          "documentation":"<p>A list of <code>WriteOperation</code> objects that define an object to add to or delete from the manifest for a governed table.</p>"
+        }
+      }
+    },
+    "UpdateTableObjectsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateTableStorageOptimizerRequest":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName",
+        "StorageOptimizerConfig"
+      ],
+      "members":{
+        "CatalogId":{
+          "shape":"CatalogIdString",
+          "documentation":"<p>The Catalog ID of the table.</p>"
+        },
+        "DatabaseName":{
+          "shape":"NameString",
+          "documentation":"<p>Name of the database where the table is present.</p>"
+        },
+        "TableName":{
+          "shape":"NameString",
+          "documentation":"<p>Name of the table for which to enable the storage optimizer.</p>"
+        },
+        "StorageOptimizerConfig":{
+          "shape":"StorageOptimizerConfigMap",
+          "documentation":"<p>Name of the table for which to enable the storage optimizer.</p>"
+        }
+      }
+    },
+    "UpdateTableStorageOptimizerResponse":{
+      "type":"structure",
+      "members":{
+        "Result":{
+          "shape":"Result",
+          "documentation":"<p>A response indicating the success of failure of the operation.</p>"
+        }
+      }
+    },
+    "ValueString":{"type":"string"},
+    "ValueStringList":{
+      "type":"list",
+      "member":{"shape":"ValueString"},
+      "min":1
+    },
+    "VirtualObject":{
+      "type":"structure",
+      "required":["Uri"],
+      "members":{
+        "Uri":{
+          "shape":"URI",
+          "documentation":"<p>The path to the Amazon S3 object. Must start with s3://</p>"
+        },
+        "ETag":{
+          "shape":"ETagString",
+          "documentation":"<p>The ETag of the Amazon S3 object.</p>"
+        }
+      },
+      "documentation":"<p>An object that defines an Amazon S3 object to be deleted if a transaction cancels, provided that <code>VirtualPut</code> was called before writing the object.</p>"
+    },
+    "VirtualObjectList":{
+      "type":"list",
+      "member":{"shape":"VirtualObject"},
+      "max":100,
+      "min":1
+    },
+    "WorkUnitIdLong":{"type":"long"},
+    "WorkUnitRange":{
+      "type":"structure",
+      "required":[
+        "WorkUnitIdMax",
+        "WorkUnitIdMin",
+        "WorkUnitToken"
+      ],
+      "members":{
+        "WorkUnitIdMax":{
+          "shape":"WorkUnitIdLong",
+          "documentation":"<p>Defines the maximum work unit ID in the range. The maximum value is inclusive.</p>"
+        },
+        "WorkUnitIdMin":{
+          "shape":"WorkUnitIdLong",
+          "documentation":"<p>Defines the minimum work unit ID in the range.</p>"
+        },
+        "WorkUnitToken":{
+          "shape":"WorkUnitTokenString",
+          "documentation":"<p>A work token used to query the execution service.</p>"
+        }
+      },
+      "documentation":"<p>Defines the valid range of work unit IDs for querying the execution service.</p>"
+    },
+    "WorkUnitRangeList":{
+      "type":"list",
+      "member":{"shape":"WorkUnitRange"}
+    },
+    "WorkUnitTokenString":{"type":"string"},
+    "WorkUnitsNotReadyYetException":{
+      "type":"structure",
+      "members":{
+        "Message":{
+          "shape":"MessageString",
+          "documentation":"<p>A message describing the error.</p>"
+        }
+      },
+      "documentation":"<p>Contains details about an error related to work units not being ready.</p>",
+      "error":{
+        "httpStatusCode":420,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "WriteOperation":{
+      "type":"structure",
+      "members":{
+        "AddObject":{
+          "shape":"AddObjectInput",
+          "documentation":"<p>A new object to add to the governed table.</p>"
+        },
+        "DeleteObject":{
+          "shape":"DeleteObjectInput",
+          "documentation":"<p>An object to delete from the governed table.</p>"
+        }
+      },
+      "documentation":"<p>Defines an object to add to or delete from a governed table.</p>"
+    },
+    "WriteOperationList":{
+      "type":"list",
+      "member":{"shape":"WriteOperation"},
+      "max":100,
+      "min":1
     }
   },
-  "documentation":"<fullname>AWS Lake Formation</fullname> <p>Defines the public endpoint for the AWS Lake Formation service.</p>"
+  "documentation":"<fullname>Lake Formation</fullname> <p>Defines the public endpoint for the Lake Formation service.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/lambda/2015-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/lambda/2015-03-31/service-2.json
index 6c2c04438e5..dfec8854f28 100644
--- a/contrib/python/botocore/py3/botocore/data/lambda/2015-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lambda/2015-03-31/service-2.json
@@ -99,7 +99,7 @@
         {"shape":"TooManyRequestsException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and triggers the function.</p> <p>For details about each event source type, see the following topics. </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping\"> Configuring a Dynamo DB stream as an event source</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping\"> Configuring a Kinesis stream as an event source</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource\"> Configuring an Amazon SQS queue as an event source</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping\"> Configuring an MQ broker as an event source</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html\"> Configuring MSK as an event source</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html\"> Configuring Self-Managed Apache Kafka as an event source</a> </p> </li> </ul> <p>The following error handling options are only available for stream sources (DynamoDB and Kinesis):</p> <ul> <li> <p> <code>BisectBatchOnFunctionError</code> - If the function returns an error, split the batch in two and retry.</p> </li> <li> <p> <code>DestinationConfig</code> - Send discarded records to an Amazon SQS queue or Amazon SNS topic.</p> </li> <li> <p> <code>MaximumRecordAgeInSeconds</code> - Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires</p> </li> <li> <p> <code>MaximumRetryAttempts</code> - Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.</p> </li> <li> <p> <code>ParallelizationFactor</code> - Process multiple batches from each shard concurrently.</p> </li> </ul>"
+      "documentation":"<p>Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and triggers the function.</p> <p>For details about how to configure different event sources, see the following topics. </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping\"> Amazon DynamoDB Streams</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping\"> Amazon Kinesis</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource\"> Amazon SQS</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping\"> Amazon MQ and RabbitMQ</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html\"> Amazon MSK</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html\"> Apache Kafka</a> </p> </li> </ul> <p>The following error handling options are only available for stream sources (DynamoDB and Kinesis):</p> <ul> <li> <p> <code>BisectBatchOnFunctionError</code> - If the function returns an error, split the batch in two and retry.</p> </li> <li> <p> <code>DestinationConfig</code> - Send discarded records to an Amazon SQS queue or Amazon SNS topic.</p> </li> <li> <p> <code>MaximumRecordAgeInSeconds</code> - Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires</p> </li> <li> <p> <code>MaximumRetryAttempts</code> - Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.</p> </li> <li> <p> <code>ParallelizationFactor</code> - Process multiple batches from each shard concurrently.</p> </li> </ul> <p>For information about which configuration parameters apply to each event source, see the following topics.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-params\"> Amazon DynamoDB Streams</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-params\"> Amazon Kinesis</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#services-sqs-params\"> Amazon SQS</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-params\"> Amazon MQ and RabbitMQ</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-parms\"> Amazon MSK</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-kafka-parms\"> Apache Kafka</a> </p> </li> </ul>"
     },
     "CreateFunction":{
       "name":"CreateFunction",
@@ -979,7 +979,7 @@
         {"shape":"ResourceConflictException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.</p> <p>The following error handling options are only available for stream sources (DynamoDB and Kinesis):</p> <ul> <li> <p> <code>BisectBatchOnFunctionError</code> - If the function returns an error, split the batch in two and retry.</p> </li> <li> <p> <code>DestinationConfig</code> - Send discarded records to an Amazon SQS queue or Amazon SNS topic.</p> </li> <li> <p> <code>MaximumRecordAgeInSeconds</code> - Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires</p> </li> <li> <p> <code>MaximumRetryAttempts</code> - Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.</p> </li> <li> <p> <code>ParallelizationFactor</code> - Process multiple batches from each shard concurrently.</p> </li> </ul>"
+      "documentation":"<p>Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.</p> <p>For details about how to configure different event sources, see the following topics. </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-dynamodb-eventsourcemapping\"> Amazon DynamoDB Streams</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-eventsourcemapping\"> Amazon Kinesis</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#events-sqs-eventsource\"> Amazon SQS</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-eventsourcemapping\"> Amazon MQ and RabbitMQ</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html\"> Amazon MSK</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/kafka-smaa.html\"> Apache Kafka</a> </p> </li> </ul> <p>The following error handling options are only available for stream sources (DynamoDB and Kinesis):</p> <ul> <li> <p> <code>BisectBatchOnFunctionError</code> - If the function returns an error, split the batch in two and retry.</p> </li> <li> <p> <code>DestinationConfig</code> - Send discarded records to an Amazon SQS queue or Amazon SNS topic.</p> </li> <li> <p> <code>MaximumRecordAgeInSeconds</code> - Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires</p> </li> <li> <p> <code>MaximumRetryAttempts</code> - Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.</p> </li> <li> <p> <code>ParallelizationFactor</code> - Process multiple batches from each shard concurrently.</p> </li> </ul> <p>For information about which configuration parameters apply to each event source, see the following topics.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-params\"> Amazon DynamoDB Streams</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-params\"> Amazon Kinesis</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-sqs.html#services-sqs-params\"> Amazon SQS</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-mq.html#services-mq-params\"> Amazon MQ and RabbitMQ</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-parms\"> Amazon MSK</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-kafka-parms\"> Apache Kafka</a> </p> </li> </ul>"
     },
     "UpdateFunctionCode":{
       "name":"UpdateFunctionCode",
@@ -1510,7 +1510,11 @@
         },
         "BatchSize":{
           "shape":"BatchSize",
-          "documentation":"<p>The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).</p> <ul> <li> <p> <b>Amazon Kinesis</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon DynamoDB Streams</b> - Default 100. Max 1,000.</p> </li> <li> <p> <b>Amazon Simple Queue Service</b> - Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.</p> </li> <li> <p> <b>Amazon Managed Streaming for Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Self-Managed Apache Kafka</b> - Default 100. Max 10,000.</p> </li> </ul>"
+          "documentation":"<p>The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).</p> <ul> <li> <p> <b>Amazon Kinesis</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon DynamoDB Streams</b> - Default 100. Max 1,000.</p> </li> <li> <p> <b>Amazon Simple Queue Service</b> - Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.</p> </li> <li> <p> <b>Amazon Managed Streaming for Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Self-Managed Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon MQ (ActiveMQ and RabbitMQ)</b> - Default 100. Max 10,000.</p> </li> </ul>"
+        },
+        "FilterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>(Streams and Amazon SQS) An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html\">Lambda event filtering</a>.</p>"
         },
         "MaximumBatchingWindowInSeconds":{
           "shape":"MaximumBatchingWindowInSeconds",
@@ -1566,7 +1570,7 @@
         },
         "FunctionResponseTypes":{
           "shape":"FunctionResponseTypeList",
-          "documentation":"<p>(Streams only) A list of current response type enums applied to the event source mapping.</p>"
+          "documentation":"<p>(Streams and Amazon SQS) A list of current response type enums applied to the event source mapping.</p>"
         }
       }
     },
@@ -1584,7 +1588,7 @@
         },
         "Runtime":{
           "shape":"Runtime",
-          "documentation":"<p>The identifier of the function's <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html\">runtime</a>.</p>"
+          "documentation":"<p>The identifier of the function's <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html\">runtime</a>. Runtime is required if the deployment package is a .zip file archive. </p>"
         },
         "Role":{
           "shape":"RoleArn",
@@ -1592,7 +1596,7 @@
         },
         "Handler":{
           "shape":"Handler",
-          "documentation":"<p>The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html\">Programming Model</a>.</p>"
+          "documentation":"<p>The name of the method within your code that Lambda calls to execute your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html\">Programming Model</a>.</p>"
         },
         "Code":{
           "shape":"FunctionCode",
@@ -1604,7 +1608,7 @@
         },
         "Timeout":{
           "shape":"Timeout",
-          "documentation":"<p>The amount of time that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For additional information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html\">Lambda execution environment</a>.</p>"
+          "documentation":"<p>The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For additional information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html\">Lambda execution environment</a>.</p>"
         },
         "MemorySize":{
           "shape":"MemorySize",
@@ -1660,7 +1664,7 @@
         },
         "Architectures":{
           "shape":"ArchitecturesList",
-          "documentation":"<p>The instruction set architecture that the function supports. Enter a string array with one of the valid values. The default value is <code>x86_64</code>.</p>"
+          "documentation":"<p>The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is <code>x86_64</code>.</p>"
         }
       }
     },
@@ -2041,6 +2045,10 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the event source.</p>"
         },
+        "FilterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>(Streams and Amazon SQS) An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html\">Lambda event filtering</a>.</p>"
+        },
         "FunctionArn":{
           "shape":"FunctionArn",
           "documentation":"<p>The ARN of the Lambda function.</p>"
@@ -2150,6 +2158,30 @@
       "member":{"shape":"FileSystemConfig"},
       "max":1
     },
+    "Filter":{
+      "type":"structure",
+      "members":{
+        "Pattern":{
+          "shape":"Pattern",
+          "documentation":"<p> A filter pattern. For more information on the syntax of a filter pattern, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-syntax\"> Filter rule syntax</a>. </p>"
+        }
+      },
+      "documentation":"<p> A structure within a <code>FilterCriteria</code> object that defines an event filtering pattern. </p>"
+    },
+    "FilterCriteria":{
+      "type":"structure",
+      "members":{
+        "Filters":{
+          "shape":"FilterList",
+          "documentation":"<p> A list of filters. </p>"
+        }
+      },
+      "documentation":"<p> An object that contains the filters for an event source. </p>"
+    },
+    "FilterList":{
+      "type":"list",
+      "member":{"shape":"Filter"}
+    },
     "FunctionArn":{
       "type":"string",
       "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_]+))?"
@@ -2271,7 +2303,7 @@
         },
         "KMSKeyArn":{
           "shape":"KMSKeyArn",
-          "documentation":"<p>The KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK.</p>"
+          "documentation":"<p>The KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed key.</p>"
         },
         "TracingConfig":{
           "shape":"TracingConfigResponse",
@@ -2279,7 +2311,7 @@
         },
         "MasterArn":{
           "shape":"FunctionArn",
-          "documentation":"<p>For Lambda@Edge functions, the ARN of the master function.</p>"
+          "documentation":"<p>For Lambda@Edge functions, the ARN of the main function.</p>"
         },
         "RevisionId":{
           "shape":"String",
@@ -2945,7 +2977,7 @@
         },
         "Payload":{
           "shape":"Blob",
-          "documentation":"<p>The JSON that you want to provide to your Lambda function as input.</p>"
+          "documentation":"<p>The JSON that you want to provide to your Lambda function as input.</p> <p>You can enter the JSON directly. For example, <code>--payload '{ \"key\": \"value\" }'</code>. You can also specify a file path. For example, <code>--payload file://payload.json</code>. </p>"
         },
         "Qualifier":{
           "shape":"Qualifier",
@@ -3810,6 +3842,12 @@
       "max":10,
       "min":1
     },
+    "Pattern":{
+      "type":"string",
+      "max":4096,
+      "min":0,
+      "pattern":".*"
+    },
     "PolicyLengthExceededException":{
       "type":"structure",
       "members":{
@@ -4386,7 +4424,7 @@
       "members":{
         "Type":{
           "shape":"SourceAccessType",
-          "documentation":"<p>The type of authentication protocol, VPC components, or virtual host for your event source. For example: <code>\"Type\":\"SASL_SCRAM_512_AUTH\"</code>.</p> <ul> <li> <p> <code>BASIC_AUTH</code> - (Amazon MQ) The Secrets Manager secret that stores your broker credentials.</p> </li> <li> <p> <code>BASIC_AUTH</code> - (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.</p> </li> <li> <p> <code>VPC_SUBNET</code> - The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.</p> </li> <li> <p> <code>VPC_SECURITY_GROUP</code> - The VPC security group used to manage access to your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>SASL_SCRAM_256_AUTH</code> - The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>SASL_SCRAM_512_AUTH</code> - The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>VIRTUAL_HOST</code> - (Amazon MQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source.</p> </li> </ul>"
+          "documentation":"<p>The type of authentication protocol, VPC components, or virtual host for your event source. For example: <code>\"Type\":\"SASL_SCRAM_512_AUTH\"</code>.</p> <ul> <li> <p> <code>BASIC_AUTH</code> - (Amazon MQ) The Secrets Manager secret that stores your broker credentials.</p> </li> <li> <p> <code>BASIC_AUTH</code> - (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key used for SASL/PLAIN authentication of your Apache Kafka brokers.</p> </li> <li> <p> <code>VPC_SUBNET</code> - The subnets associated with your VPC. Lambda connects to these subnets to fetch data from your self-managed Apache Kafka cluster.</p> </li> <li> <p> <code>VPC_SECURITY_GROUP</code> - The VPC security group used to manage access to your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>SASL_SCRAM_256_AUTH</code> - The Secrets Manager ARN of your secret key used for SASL SCRAM-256 authentication of your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>SASL_SCRAM_512_AUTH</code> - The Secrets Manager ARN of your secret key used for SASL SCRAM-512 authentication of your self-managed Apache Kafka brokers.</p> </li> <li> <p> <code>VIRTUAL_HOST</code> - (Amazon MQ) The name of the virtual host in your RabbitMQ broker. Lambda uses this RabbitMQ host as the event source. This property cannot be specified in an UpdateEventSourceMapping API call.</p> </li> <li> <p> <code>CLIENT_CERTIFICATE_TLS_AUTH</code> - (Amazon MSK, Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the certificate chain (X.509 PEM), private key (PKCS#8 PEM), and private key password (optional) used for mutual TLS authentication of your MSK/Apache Kafka brokers.</p> </li> <li> <p> <code>SERVER_ROOT_CA_CERTIFICATE</code> - (Self-managed Apache Kafka) The Secrets Manager ARN of your secret key containing the root CA certificate (X.509 PEM) used for TLS encryption of your Apache Kafka brokers. </p> </li> </ul>"
         },
         "URI":{
           "shape":"URI",
@@ -4409,7 +4447,9 @@
         "VPC_SECURITY_GROUP",
         "SASL_SCRAM_512_AUTH",
         "SASL_SCRAM_256_AUTH",
-        "VIRTUAL_HOST"
+        "VIRTUAL_HOST",
+        "CLIENT_CERTIFICATE_TLS_AUTH",
+        "SERVER_ROOT_CA_CERTIFICATE"
       ]
     },
     "SourceOwner":{
@@ -4711,7 +4751,11 @@
         },
         "BatchSize":{
           "shape":"BatchSize",
-          "documentation":"<p>The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).</p> <ul> <li> <p> <b>Amazon Kinesis</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon DynamoDB Streams</b> - Default 100. Max 1,000.</p> </li> <li> <p> <b>Amazon Simple Queue Service</b> - Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.</p> </li> <li> <p> <b>Amazon Managed Streaming for Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Self-Managed Apache Kafka</b> - Default 100. Max 10,000.</p> </li> </ul>"
+          "documentation":"<p>The maximum number of records in each batch that Lambda pulls from your stream or queue and sends to your function. Lambda passes all of the records in the batch to the function in a single call, up to the payload limit for synchronous invocation (6 MB).</p> <ul> <li> <p> <b>Amazon Kinesis</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon DynamoDB Streams</b> - Default 100. Max 1,000.</p> </li> <li> <p> <b>Amazon Simple Queue Service</b> - Default 10. For standard queues the max is 10,000. For FIFO queues the max is 10.</p> </li> <li> <p> <b>Amazon Managed Streaming for Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Self-Managed Apache Kafka</b> - Default 100. Max 10,000.</p> </li> <li> <p> <b>Amazon MQ (ActiveMQ and RabbitMQ)</b> - Default 100. Max 10,000.</p> </li> </ul>"
+        },
+        "FilterCriteria":{
+          "shape":"FilterCriteria",
+          "documentation":"<p>(Streams and Amazon SQS) An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html\">Lambda event filtering</a>.</p>"
         },
         "MaximumBatchingWindowInSeconds":{
           "shape":"MaximumBatchingWindowInSeconds",
@@ -4747,7 +4791,7 @@
         },
         "FunctionResponseTypes":{
           "shape":"FunctionResponseTypeList",
-          "documentation":"<p>(Streams only) A list of current response type enums applied to the event source mapping.</p>"
+          "documentation":"<p>(Streams and Amazon SQS) A list of current response type enums applied to the event source mapping.</p>"
         }
       }
     },
@@ -4795,7 +4839,7 @@
         },
         "Architectures":{
           "shape":"ArchitecturesList",
-          "documentation":"<p>The instruction set architecture that the function supports. Enter a string array with one of the valid values. The default value is <code>x86_64</code>.</p>"
+          "documentation":"<p>The instruction set architecture that the function supports. Enter a string array with one of the valid values (arm64 or x86_64). The default value is <code>x86_64</code>.</p>"
         }
       }
     },
@@ -4815,7 +4859,7 @@
         },
         "Handler":{
           "shape":"Handler",
-          "documentation":"<p>The name of the method within your code that Lambda calls to execute your function. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html\">Programming Model</a>.</p>"
+          "documentation":"<p>The name of the method within your code that Lambda calls to execute your function. Handler is required if the deployment package is a .zip file archive. The format includes the file name. It can also include namespaces and other qualifiers, depending on the runtime. For more information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/programming-model-v2.html\">Programming Model</a>.</p>"
         },
         "Description":{
           "shape":"Description",
@@ -4823,7 +4867,7 @@
         },
         "Timeout":{
           "shape":"Timeout",
-          "documentation":"<p>The amount of time that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For additional information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html\">Lambda execution environment</a>.</p>"
+          "documentation":"<p>The amount of time (in seconds) that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds. For additional information, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/runtimes-context.html\">Lambda execution environment</a>.</p>"
         },
         "MemorySize":{
           "shape":"MemorySize",
@@ -4839,7 +4883,7 @@
         },
         "Runtime":{
           "shape":"Runtime",
-          "documentation":"<p>The identifier of the function's <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html\">runtime</a>.</p>"
+          "documentation":"<p>The identifier of the function's <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html\">runtime</a>. Runtime is required if the deployment package is a .zip file archive. </p>"
         },
         "DeadLetterConfig":{
           "shape":"DeadLetterConfig",
@@ -4950,5 +4994,5 @@
       "max":1000
     }
   },
-  "documentation":"<fullname>Lambda</fullname> <p> <b>Overview</b> </p> <p>This is the <i>Lambda API Reference</i>. The Lambda Developer Guide provides additional information. For the service overview, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/welcome.html\">What is Lambda</a>, and for information about how the service works, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/lambda-introduction.html\">Lambda: How it Works</a> in the <b>Lambda Developer Guide</b>.</p>"
+  "documentation":"<fullname>Lambda</fullname> <p> <b>Overview</b> </p> <p>Lambda is a compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. With Lambda, you can run code for virtually any type of application or backend service. For more information about the Lambda service, see <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/welcome.html\">What is Lambda</a> in the <b>Lambda Developer Guide</b>.</p> <p>The <i>Lambda API Reference</i> provides information about each of the API methods, including details about the parameters in each API request and response. </p> <p/> <p>You can use Software Development Kits (SDKs), Integrated Development Environment (IDE) Toolkits, and command line tools to access the API. For installation instructions, see <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>. </p> <p>For a list of Region-specific endpoints that Lambda supports, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/lambda-service.html/\">Lambda endpoints and quotas </a> in the <i>Amazon Web Services General Reference.</i>. </p> <p>When making the API calls, you will need to authenticate your request by providing a signature. Lambda supports signature version 4. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 signing process</a> in the <i>Amazon Web Services General Reference.</i>. </p> <p> <b>CA certificates</b> </p> <p>Because Amazon Web Services SDKs use the CA certificates from your computer, changes to the certificates on the Amazon Web Services servers can cause connection failures when you attempt to use an SDK. You can prevent these failures by keeping your computer's CA certificates and operating system up-to-date. If you encounter this issue in a corporate environment and do not manage your own computer, you might need to ask an administrator to assist with the update process. The following list shows minimum operating system and Java versions:</p> <ul> <li> <p>Microsoft Windows versions that have updates from January 2005 or later installed contain at least one of the required CAs in their trust list. </p> </li> <li> <p>Mac OS X 10.4 with Java for Mac OS X 10.4 Release 5 (February 2007), Mac OS X 10.5 (October 2007), and later versions contain at least one of the required CAs in their trust list. </p> </li> <li> <p>Red Hat Enterprise Linux 5 (March 2007), 6, and 7 and CentOS 5, 6, and 7 all contain at least one of the required CAs in their default trusted CA list. </p> </li> <li> <p>Java 1.4.2_12 (May 2006), 5 Update 2 (March 2005), and all later versions, including Java 6 (December 2006), 7, and 8, contain at least one of the required CAs in their default trusted CA list. </p> </li> </ul> <p>When accessing the Lambda management console or Lambda API endpoints, whether through browsers or programmatically, you will need to ensure your client machines support any of the following CAs: </p> <ul> <li> <p>Amazon Root CA 1</p> </li> <li> <p>Starfield Services Root Certificate Authority - G2</p> </li> <li> <p>Starfield Class 2 Certification Authority</p> </li> </ul> <p>Root certificates from the first two authorities are available from <a href=\"https://www.amazontrust.com/repository/\">Amazon trust services</a>, but keeping your computer up-to-date is the more straightforward solution. To learn more about ACM-provided certificates, see <a href=\"http://aws.amazon.com/certificate-manager/faqs/#certificates\">Amazon Web Services Certificate Manager FAQs.</a> </p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/lexv2-models/2020-08-07/service-2.json b/contrib/python/botocore/py3/botocore/data/lexv2-models/2020-08-07/service-2.json
index b1cdc36240a..6ade36a0822 100644
--- a/contrib/python/botocore/py3/botocore/data/lexv2-models/2020-08-07/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lexv2-models/2020-08-07/service-2.json
@@ -315,7 +315,26 @@
         {"shape":"PreconditionFailedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes a specific version of a bot. To delete all version of a bot, use the <a>DeleteBot</a> operation.</p>"
+      "documentation":"<p>Deletes a specific version of a bot. To delete all version of a bot, use the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DeleteBot.html\">DeleteBot</a> operation.</p>"
+    },
+    "DeleteCustomVocabulary":{
+      "name":"DeleteCustomVocabulary",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/customvocabulary",
+        "responseCode":202
+      },
+      "input":{"shape":"DeleteCustomVocabularyRequest"},
+      "output":{"shape":"DeleteCustomVocabularyResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"PreconditionFailedException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Removes a custom vocabulary from the specified locale in the specified bot.</p>"
     },
     "DeleteExport":{
       "name":"DeleteExport",
@@ -455,7 +474,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deletes stored utterances.</p> <p>Amazon Lex stores the utterances that users send to your bot. Utterances are stored for 15 days for use with the operation, and then stored indefinitely for use in improving the ability of your bot to respond to user input..</p> <p>Use the <code>DeleteUtterances</code> operation to manually delete utterances for a specific session. When you use the <code>DeleteUtterances</code> operation, utterances stored for improving your bot's ability to respond to user input are deleted immediately. Utterances stored for use with the <code>ListAggregatedUtterances</code> operation are deleted after 15 days.</p>"
+      "documentation":"<p>Deletes stored utterances.</p> <p>Amazon Lex stores the utterances that users send to your bot. Utterances are stored for 15 days for use with the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListAggregatedUtterances.html\">ListAggregatedUtterances</a> operation, and then stored indefinitely for use in improving the ability of your bot to respond to user input..</p> <p>Use the <code>DeleteUtterances</code> operation to manually delete utterances for a specific session. When you use the <code>DeleteUtterances</code> operation, utterances stored for improving your bot's ability to respond to user input are deleted immediately. Utterances stored for use with the <code>ListAggregatedUtterances</code> operation are deleted after 15 days.</p>"
     },
     "DescribeBot":{
       "name":"DescribeBot",
@@ -511,6 +530,23 @@
       ],
       "documentation":"<p>Describes the settings that a bot has for a specific locale. </p>"
     },
+    "DescribeBotRecommendation":{
+      "name":"DescribeBotRecommendation",
+      "http":{
+        "method":"GET",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/{botRecommendationId}/",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeBotRecommendationRequest"},
+      "output":{"shape":"DescribeBotRecommendationResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Provides metadata information about a bot recommendation. This information will enable you to get a description on the request inputs, to download associated transcripts after processing is complete, and to download intents and slot-types generated by the bot recommendation.</p>"
+    },
     "DescribeBotVersion":{
       "name":"DescribeBotVersion",
       "http":{
@@ -529,6 +565,24 @@
       ],
       "documentation":"<p>Provides metadata about a version of a bot.</p>"
     },
+    "DescribeCustomVocabularyMetadata":{
+      "name":"DescribeCustomVocabularyMetadata",
+      "http":{
+        "method":"GET",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/customvocabulary/DEFAULT/metadata",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeCustomVocabularyMetadataRequest"},
+      "output":{"shape":"DescribeCustomVocabularyMetadataResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Provides metadata information about a custom vocabulary.</p>"
+    },
     "DescribeExport":{
       "name":"DescribeExport",
       "http":{
@@ -684,6 +738,23 @@
       ],
       "documentation":"<p>Gets a list of locales for the specified bot.</p>"
     },
+    "ListBotRecommendations":{
+      "name":"ListBotRecommendations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/",
+        "responseCode":200
+      },
+      "input":{"shape":"ListBotRecommendationsRequest"},
+      "output":{"shape":"ListBotRecommendationsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Get a list of bot recommendations that meet the specified criteria.</p>"
+    },
     "ListBotVersions":{
       "name":"ListBotVersions",
       "http":{
@@ -733,7 +804,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Gets a list of built-in intents provided by Amazon Lex that you can use in your bot. </p> <p>To use a built-in intent as a the base for your own intent, include the built-in intent signature in the <code>parentIntentSignature</code> parameter when you call the <code>CreateIntent</code> operation. For more information, see <a>CreateIntent</a>.</p>"
+      "documentation":"<p>Gets a list of built-in intents provided by Amazon Lex that you can use in your bot. </p> <p>To use a built-in intent as a the base for your own intent, include the built-in intent signature in the <code>parentIntentSignature</code> parameter when you call the <code>CreateIntent</code> operation. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_CreateIntent.html\">CreateIntent</a>.</p>"
     },
     "ListBuiltInSlotTypes":{
       "name":"ListBuiltInSlotTypes",
@@ -766,7 +837,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the exports for a bot or bot locale. Exports are kept in the list for 7 days.</p>"
+      "documentation":"<p>Lists the exports for a bot, bot locale, or custom vocabulary. Exports are kept in the list for 7 days.</p>"
     },
     "ListImports":{
       "name":"ListImports",
@@ -782,7 +853,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the imports for a bot or bot locale. Imports are kept in the list for 7 days.</p>"
+      "documentation":"<p>Lists the imports for a bot, bot locale, or custom vocabulary. Imports are kept in the list for 7 days.</p>"
     },
     "ListIntents":{
       "name":"ListIntents",
@@ -801,6 +872,24 @@
       ],
       "documentation":"<p>Get a list of intents that meet the specified criteria.</p>"
     },
+    "ListRecommendedIntents":{
+      "name":"ListRecommendedIntents",
+      "http":{
+        "method":"POST",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/{botRecommendationId}/intents",
+        "responseCode":200
+      },
+      "input":{"shape":"ListRecommendedIntentsRequest"},
+      "output":{"shape":"ListRecommendedIntentsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Gets a list of recommended intents provided by the bot recommendation that you can use in your bot.</p>"
+    },
     "ListSlotTypes":{
       "name":"ListSlotTypes",
       "http":{
@@ -852,6 +941,45 @@
       ],
       "documentation":"<p>Gets a list of tags associated with a resource. Only bots, bot aliases, and bot channels can have tags associated with them.</p>"
     },
+    "SearchAssociatedTranscripts":{
+      "name":"SearchAssociatedTranscripts",
+      "http":{
+        "method":"POST",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/{botRecommendationId}/associatedtranscripts",
+        "responseCode":200
+      },
+      "input":{"shape":"SearchAssociatedTranscriptsRequest"},
+      "output":{"shape":"SearchAssociatedTranscriptsResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Search for associated transcripts that meet the specified criteria.</p>"
+    },
+    "StartBotRecommendation":{
+      "name":"StartBotRecommendation",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/",
+        "responseCode":202
+      },
+      "input":{"shape":"StartBotRecommendationRequest"},
+      "output":{"shape":"StartBotRecommendationResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"PreconditionFailedException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Use this to provide your transcript data, and to start the bot recommendation process.</p>"
+    },
     "StartImport":{
       "name":"StartImport",
       "http":{
@@ -869,7 +997,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Starts importing a bot or bot locale from a zip archive that you uploaded to an S3 bucket.</p>"
+      "documentation":"<p>Starts importing a bot, bot locale, or custom vocabulary from a zip archive that you uploaded to an S3 bucket.</p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -962,6 +1090,27 @@
       ],
       "documentation":"<p>Updates the settings that a bot has for a specific locale.</p>"
     },
+    "UpdateBotRecommendation":{
+      "name":"UpdateBotRecommendation",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/bots/{botId}/botversions/{botVersion}/botlocales/{localeId}/botrecommendations/{botRecommendationId}/",
+        "responseCode":202
+      },
+      "input":{"shape":"UpdateBotRecommendationRequest"},
+      "output":{"shape":"UpdateBotRecommendationResponse"},
+      "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"PreconditionFailedException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates an existing bot recommendation request.</p>"
+    },
     "UpdateExport":{
       "name":"UpdateExport",
       "http":{
@@ -979,7 +1128,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Updates the password used to protect an export zip archive.</p> <p>The password is not required. If you don't supply a password, Amazon Lex generates a zip file that is not protected by a password. This is the archive that is available at the pre-signed S3 URL provided by the operation.</p>"
+      "documentation":"<p>Updates the password used to protect an export zip archive.</p> <p>The password is not required. If you don't supply a password, Amazon Lex generates a zip file that is not protected by a password. This is the archive that is available at the pre-signed S3 URL provided by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeExport.html\">DescribeExport</a> operation.</p>"
     },
     "UpdateIntent":{
       "name":"UpdateIntent",
@@ -1059,6 +1208,16 @@
     }
   },
   "shapes":{
+    "AdvancedRecognitionSetting":{
+      "type":"structure",
+      "members":{
+        "audioRecognitionStrategy":{
+          "shape":"AudioRecognitionStrategy",
+          "documentation":"<p>Enables using the slot values as a custom vocabulary for recognizing user utterances.</p>"
+        }
+      },
+      "documentation":"<p>Provides settings that enable advanced recognition settings for slot values.</p>"
+    },
     "AggregatedUtterancesFilter":{
       "type":"structure",
       "required":[
@@ -1163,6 +1322,51 @@
       "max":1011,
       "min":1
     },
+    "AssociatedTranscript":{
+      "type":"structure",
+      "members":{
+        "transcript":{
+          "shape":"Transcript",
+          "documentation":"<p>The content of the transcript that meets the search filter criteria. For the JSON format of the transcript, see <a href=\"https://docs.aws.amazon.com/lex/latest/dg/designing-output-format.html\">Output transcript format</a>.</p>"
+        }
+      },
+      "documentation":"<p>The object containing information that associates the recommended intent/slot type with a conversation.</p>"
+    },
+    "AssociatedTranscriptFilter":{
+      "type":"structure",
+      "required":[
+        "name",
+        "values"
+      ],
+      "members":{
+        "name":{
+          "shape":"AssociatedTranscriptFilterName",
+          "documentation":"<p>The name of the field to use for filtering. The allowed names are IntentId and SlotTypeId.</p>"
+        },
+        "values":{
+          "shape":"FilterValues",
+          "documentation":"<p>The values to use to filter the transcript.</p>"
+        }
+      },
+      "documentation":"<p>Filters to search for the associated transcript.</p>"
+    },
+    "AssociatedTranscriptFilterName":{
+      "type":"string",
+      "enum":[
+        "IntentId",
+        "SlotTypeId"
+      ]
+    },
+    "AssociatedTranscriptFilters":{
+      "type":"list",
+      "member":{"shape":"AssociatedTranscriptFilter"},
+      "max":1,
+      "min":1
+    },
+    "AssociatedTranscriptList":{
+      "type":"list",
+      "member":{"shape":"AssociatedTranscript"}
+    },
     "AttachmentTitle":{
       "type":"string",
       "max":250,
@@ -1179,7 +1383,7 @@
       "members":{
         "s3Bucket":{
           "shape":"S3BucketLogDestination",
-          "documentation":"<p>The Amazon S3 bucket where the audio log files are stored. The IAM role specified in the <code>roleArn</code> parameter of the <a>CreateBot</a> operation must have permission to write to this bucket.</p>"
+          "documentation":"<p>The Amazon S3 bucket where the audio log files are stored. The IAM role specified in the <code>roleArn</code> parameter of the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_CreateBot.html\">CreateBot</a> operation must have permission to write to this bucket.</p>"
         }
       },
       "documentation":"<p>The location of audio log files collected when conversation logging is enabled for a bot.</p>"
@@ -1205,6 +1409,10 @@
       "max":1,
       "min":1
     },
+    "AudioRecognitionStrategy":{
+      "type":"string",
+      "enum":["UseSlotValuesAsCustomVocabulary"]
+    },
     "Boolean":{"type":"boolean"},
     "BotAliasHistoryEvent":{
       "type":"structure",
@@ -1269,7 +1477,7 @@
       "members":{
         "botAliasId":{
           "shape":"BotAliasId",
-          "documentation":"<p>The unique identifier assigned to the bot alias. You can use this ID to get detailed information about the alias using the <a>DescribeBotAlias</a> operation.</p>"
+          "documentation":"<p>The unique identifier assigned to the bot alias. You can use this ID to get detailed information about the alias using the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeBotAlias.html\">DescribeBotAlias</a> operation.</p>"
         },
         "botAliasName":{
           "shape":"Name",
@@ -1296,7 +1504,7 @@
           "documentation":"<p>A timestamp of the date and time that the bot alias was last updated.</p>"
         }
       },
-      "documentation":"<p>Summary information about bot aliases returned from the <a>ListBotAliases</a> operation.</p>"
+      "documentation":"<p>Summary information about bot aliases returned from the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBotAliases.html\">ListBotAliases</a> operation.</p>"
     },
     "BotAliasSummaryList":{
       "type":"list",
@@ -1538,7 +1746,8 @@
         "Failed",
         "Deleting",
         "NotBuilt",
-        "Importing"
+        "Importing",
+        "Processing"
       ]
     },
     "BotLocaleSummary":{
@@ -1569,12 +1778,86 @@
           "documentation":"<p>A timestamp of the date and time that the bot locale was last built.</p>"
         }
       },
-      "documentation":"<p>Summary information about bot locales returned by the <a>ListBotLocales</a> operation.</p>"
+      "documentation":"<p>Summary information about bot locales returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBotLocales.html\">ListBotLocales</a> operation.</p>"
     },
     "BotLocaleSummaryList":{
       "type":"list",
       "member":{"shape":"BotLocaleSummary"}
     },
+    "BotRecommendationResultStatistics":{
+      "type":"structure",
+      "members":{
+        "intents":{
+          "shape":"IntentStatistics",
+          "documentation":"<p>Statistical information about about the intents associated with the bot recommendation results.</p>"
+        },
+        "slotTypes":{
+          "shape":"SlotTypeStatistics",
+          "documentation":"<p>Statistical information about the slot types associated with the bot recommendation results.</p>"
+        }
+      },
+      "documentation":"<p>A statistical summary of the bot recommendation results.</p>"
+    },
+    "BotRecommendationResults":{
+      "type":"structure",
+      "members":{
+        "botLocaleExportUrl":{
+          "shape":"PresignedS3Url",
+          "documentation":"<p>The presigned URL link of the recommended bot definition.</p>"
+        },
+        "associatedTranscriptsUrl":{
+          "shape":"PresignedS3Url",
+          "documentation":"<p>The presigned url link of the associated transcript.</p>"
+        },
+        "statistics":{
+          "shape":"BotRecommendationResultStatistics",
+          "documentation":"<p>The statistical summary of the bot recommendation results.</p>"
+        }
+      },
+      "documentation":"<p>The object representing the URL of the bot definition, the URL of the associated transcript and a statistical summary of the bot recommendation results.</p>"
+    },
+    "BotRecommendationStatus":{
+      "type":"string",
+      "enum":[
+        "Processing",
+        "Deleting",
+        "Deleted",
+        "Downloading",
+        "Updating",
+        "Available",
+        "Failed"
+      ]
+    },
+    "BotRecommendationSummary":{
+      "type":"structure",
+      "required":[
+        "botRecommendationStatus",
+        "botRecommendationId"
+      ],
+      "members":{
+        "botRecommendationStatus":{
+          "shape":"BotRecommendationStatus",
+          "documentation":"<p>The status of the bot recommendation.</p> <p>If the status is Failed, then the reasons for the failure are listed in the failureReasons field. </p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot recommendation to be updated.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp of the date and time that the bot recommendation was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp of the date and time that the bot recommendation was last updated.</p>"
+        }
+      },
+      "documentation":"<p>A summary of the bot recommendation.</p>"
+    },
+    "BotRecommendationSummaryList":{
+      "type":"list",
+      "member":{"shape":"BotRecommendationSummary"}
+    },
     "BotSortAttribute":{
       "type":"string",
       "enum":["BotName"]
@@ -1614,7 +1897,7 @@
       "members":{
         "botId":{
           "shape":"Id",
-          "documentation":"<p>The unique identifier assigned to the bot. Use this ID to get detailed information about the bot with the <a>DescribeBot</a> operation.</p>"
+          "documentation":"<p>The unique identifier assigned to the bot. Use this ID to get detailed information about the bot with the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeBot.html\">DescribeBot</a> operation.</p>"
         },
         "botName":{
           "shape":"Name",
@@ -1637,7 +1920,7 @@
           "documentation":"<p>The date and time that the bot was last updated.</p>"
         }
       },
-      "documentation":"<p>Summary information about a bot returned by the <a>ListBots</a> operation.</p>"
+      "documentation":"<p>Summary information about a bot returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBots.html\">ListBots</a> operation.</p>"
     },
     "BotSummaryList":{
       "type":"list",
@@ -1712,7 +1995,7 @@
           "documentation":"<p>A timestamp of the date and time that the version was created.</p>"
         }
       },
-      "documentation":"<p>Summary information about a bot version returned by the <a>ListBotVersions</a> operation.</p>"
+      "documentation":"<p>Summary information about a bot version returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBotVersions.html\">ListBotVersions</a> operation.</p>"
     },
     "BotVersionSummaryList":{
       "type":"list",
@@ -1732,7 +2015,7 @@
       "members":{
         "botId":{
           "shape":"Id",
-          "documentation":"<p>The identifier of the bot to build. The identifier is returned in the response from the operation.</p>",
+          "documentation":"<p>The identifier of the bot to build. The identifier is returned in the response from the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_CreateBot.html\">CreateBot</a> operation.</p>",
           "location":"uri",
           "locationName":"botId"
         },
@@ -1809,7 +2092,7 @@
           "documentation":"<p>The description of the intent.</p>"
         }
       },
-      "documentation":"<p>Provides summary information about a built-in intent for the <a>ListBuiltInIntents</a> operation.</p>"
+      "documentation":"<p>Provides summary information about a built-in intent for the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBuiltInIntents.html\"> ListBuiltInIntents </a> operation.</p>"
     },
     "BuiltInIntentSummaryList":{
       "type":"list",
@@ -1855,7 +2138,7 @@
           "documentation":"<p>The description of the built-in slot type.</p>"
         }
       },
-      "documentation":"<p>Provides summary information about a built-in slot type for the <a>ListBuiltInSlotTypes</a> operation.</p>"
+      "documentation":"<p>Provides summary information about a built-in slot type for the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListBuiltInSlotTypes.html\"> ListBuiltInSlotTypes </a> operation.</p>"
     },
     "BuiltInSlotTypeSummaryList":{
       "type":"list",
@@ -2005,6 +2288,7 @@
       },
       "documentation":"<p>Configures conversation logging that saves audio, text, and metadata for the conversations with your users.</p>"
     },
+    "Count":{"type":"integer"},
     "CreateBotAliasRequest":{
       "type":"structure",
       "required":[
@@ -2022,7 +2306,7 @@
         },
         "botVersion":{
           "shape":"NumericalBotVersion",
-          "documentation":"<p>The version of the bot that this alias points to. You can use the operation to change the bot version associated with the alias.</p>"
+          "documentation":"<p>The version of the bot that this alias points to. You can use the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_UpdateBotAlias.html\">UpdateBotAlias</a> operation to change the bot version associated with the alias.</p>"
         },
         "botAliasLocaleSettings":{
           "shape":"BotAliasLocaleSettingsMap",
@@ -2345,7 +2629,7 @@
         },
         "exportStatus":{
           "shape":"ExportStatus",
-          "documentation":"<p>The status of the export. When the status is <code>Completed</code>, you can use the operation to get the pre-signed S3 URL link to your exported bot or bot locale.</p>"
+          "documentation":"<p>The status of the export. When the status is <code>Completed</code>, you can use the <a href=\"https://docs.aws.amazon.com/latest/dg/API_DescribeExport.html\">DescribeExport</a> operation to get the pre-signed S3 URL link to your exported bot or bot locale.</p>"
         },
         "creationDateTime":{
           "shape":"Timestamp",
@@ -2703,7 +2987,6 @@
       "type":"structure",
       "required":[
         "slotTypeName",
-        "valueSelectionSetting",
         "botId",
         "botVersion",
         "localeId"
@@ -2746,6 +3029,10 @@
           "documentation":"<p>The identifier of the language and locale that the slot type will be used in. The string must match one of the supported locales. All of the bots, intents, and slots used by the slot type must have the same locale. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a>.</p>",
           "location":"uri",
           "locationName":"localeId"
+        },
+        "externalSourceSetting":{
+          "shape":"ExternalSourceSetting",
+          "documentation":"<p>Sets the type of external information used to create the slot type.</p>"
         }
       }
     },
@@ -2791,6 +3078,10 @@
         "creationDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>A timestamp of the date and time that the slot type was created.</p>"
+        },
+        "externalSourceSetting":{
+          "shape":"ExternalSourceSetting",
+          "documentation":"<p>The type of external information used to create the slot type.</p>"
         }
       }
     },
@@ -2804,7 +3095,7 @@
       "members":{
         "importId":{
           "shape":"Id",
-          "documentation":"<p>An identifier for a unique import job. Use it when you call the operation.</p>"
+          "documentation":"<p>An identifier for a unique import job. Use it when you call the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_StartImport.html\">StartImport</a> operation.</p>"
         },
         "uploadUrl":{
           "shape":"PresignedS3Url",
@@ -2828,6 +3119,62 @@
       "max":1000,
       "min":1
     },
+    "CustomVocabularyExportSpecification":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot that contains the custom vocabulary to export.</p>"
+        },
+        "botVersion":{
+          "shape":"BotVersion",
+          "documentation":"<p>The version of the bot that contains the custom vocabulary to export.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale of the bot that contains the custom vocabulary to export.</p>"
+        }
+      },
+      "documentation":"<p>Provides the parameters required for exporting a custom vocabulary.</p>"
+    },
+    "CustomVocabularyImportSpecification":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot to import the custom vocabulary to.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot to import the custom vocabulary to.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the local to import the custom vocabulary to. The value must be <code>en_GB</code>.</p>"
+        }
+      },
+      "documentation":"<p>Provides the parameters required for importing a custom vocabulary.</p>"
+    },
+    "CustomVocabularyStatus":{
+      "type":"string",
+      "enum":[
+        "Ready",
+        "Deleting",
+        "Exporting",
+        "Importing",
+        "Creating"
+      ]
+    },
     "DataPrivacy":{
       "type":"structure",
       "required":["childDirected"],
@@ -2839,6 +3186,24 @@
       },
       "documentation":"<p>By default, data stored by Amazon Lex is encrypted. The <code>DataPrivacy</code> structure provides settings that determine how Amazon Lex handles special cases of securing the data for your bot. </p>"
     },
+    "DateRangeFilter":{
+      "type":"structure",
+      "required":[
+        "startDateTime",
+        "endDateTime"
+      ],
+      "members":{
+        "startDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp indicating the start date for the date range filter.</p>"
+        },
+        "endDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp indicating the end date for the date range filter.</p>"
+        }
+      },
+      "documentation":"<p>The object used for specifying the data range that the customer wants Amazon Lex to read through in the input transcripts.</p>"
+    },
     "DeleteBotAliasRequest":{
       "type":"structure",
       "required":[
@@ -3007,6 +3372,55 @@
         }
       }
     },
+    "DeleteCustomVocabularyRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot to remove the custom vocabulary from.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot to remove the custom vocabulary from.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale identifier for the locale that contains the custom vocabulary to remove.</p>",
+          "location":"uri",
+          "locationName":"localeId"
+        }
+      }
+    },
+    "DeleteCustomVocabularyResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot that the custom vocabulary was removed from.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot that the custom vocabulary was removed from.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale identifier for the locale that the custom vocabulary was removed from.</p>"
+        },
+        "customVocabularyStatus":{
+          "shape":"CustomVocabularyStatus",
+          "documentation":"<p>The status of removing the custom vocabulary.</p>"
+        }
+      }
+    },
     "DeleteExportRequest":{
       "type":"structure",
       "required":["exportId"],
@@ -3028,7 +3442,7 @@
         },
         "exportStatus":{
           "shape":"ExportStatus",
-          "documentation":"<p>The current status of the deletion. When the deletion is complete, the export will no longer be returned by the operation and calls to the with the export identifier will fail.</p>"
+          "documentation":"<p>The current status of the deletion. When the deletion is complete, the export will no longer be returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListExports.html\">ListExports</a> operation and calls to the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeExport.html\"> DescribeExport</a> operation with the export identifier will fail.</p>"
         }
       }
     },
@@ -3053,7 +3467,7 @@
         },
         "importStatus":{
           "shape":"ImportStatus",
-          "documentation":"<p>The current status of the deletion. When the deletion is complete, the import will no longer be returned by the operation and calls to the with the import identifier will fail.</p>"
+          "documentation":"<p>The current status of the deletion. When the deletion is complete, the import will no longer be returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListImports.html\">ListImports</a> operation and calls to the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeImport.html\">DescribeImport</a> operation with the import identifier will fail.</p>"
         }
       }
     },
@@ -3264,7 +3678,7 @@
         },
         "sessionId":{
           "shape":"SessionId",
-          "documentation":"<p>The unique identifier of the session with the user. The ID is returned in the response from the and operations.</p>",
+          "documentation":"<p>The unique identifier of the session with the user. The ID is returned in the response from the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_runtime_RecognizeText.html\">RecognizeText</a> and <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_runtime_RecognizeUtterance.html\">RecognizeUtterance</a> operations.</p>",
           "location":"querystring",
           "locationName":"sessionId"
         }
@@ -3436,6 +3850,94 @@
         "botLocaleHistoryEvents":{
           "shape":"BotLocaleHistoryEventsList",
           "documentation":"<p>History of changes, such as when a locale is used in an alias, that have taken place for the locale.</p>"
+        },
+        "recommendedActions":{
+          "shape":"RecommendedActions",
+          "documentation":"<p>Recommended actions to take to resolve an error in the <code>failureReasons</code> field.</p>"
+        }
+      }
+    },
+    "DescribeBotRecommendationRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId",
+        "botRecommendationId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot associated with the bot recommendation.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot associated with the bot recommendation.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to describe. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a>.</p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot recommendation to describe.</p>",
+          "location":"uri",
+          "locationName":"botRecommendationId"
+        }
+      }
+    },
+    "DescribeBotRecommendationResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot associated with the bot recommendation.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot associated with the bot recommendation.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to describe.</p>"
+        },
+        "botRecommendationStatus":{
+          "shape":"BotRecommendationStatus",
+          "documentation":"<p>The status of the bot recommendation. If the status is Failed, then the reasons for the failure are listed in the failureReasons field. </p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot recommendation being described.</p>"
+        },
+        "failureReasons":{
+          "shape":"FailureReasons",
+          "documentation":"<p>If botRecommendationStatus is Failed, Amazon Lex explains why.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the bot recommendation was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the bot recommendation was last updated.</p>"
+        },
+        "transcriptSourceSetting":{
+          "shape":"TranscriptSourceSetting",
+          "documentation":"<p>The object representing the Amazon S3 bucket containing the transcript, as well as the associated metadata.</p>"
+        },
+        "encryptionSetting":{
+          "shape":"EncryptionSetting",
+          "documentation":"<p>The object representing the passwords that were used to encrypt the data related to the bot recommendation results, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
+        },
+        "botRecommendationResults":{
+          "shape":"BotRecommendationResults",
+          "documentation":"<p>The object representing the URL of the bot definition, the URL of the associated transcript and a statistical summary of the bot recommendation results.</p>"
         }
       }
     },
@@ -3558,6 +4060,63 @@
         }
       }
     },
+    "DescribeCustomVocabularyMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot that contains the custom vocabulary.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"BotVersion",
+          "documentation":"<p>The bot version of the bot to return metadata for.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale to return the custom vocabulary information for. The locale must be <code>en_GB</code>.</p>",
+          "location":"uri",
+          "locationName":"localeId"
+        }
+      }
+    },
+    "DescribeCustomVocabularyMetadataResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot that contains the custom vocabulary.</p>"
+        },
+        "botVersion":{
+          "shape":"BotVersion",
+          "documentation":"<p>The version of the bot that contains the custom vocabulary to describe.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale that contains the custom vocabulary to describe.</p>"
+        },
+        "customVocabularyStatus":{
+          "shape":"CustomVocabularyStatus",
+          "documentation":"<p>The status of the custom vocabulary. If the status is <code>Ready</code> the custom vocabulary is ready to use.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the custom vocabulary was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The date and time that the custom vocabulary was last updated.</p>"
+        }
+      }
+    },
     "DescribeExportRequest":{
       "type":"structure",
       "required":["exportId"],
@@ -3583,7 +4142,7 @@
         },
         "fileFormat":{
           "shape":"ImportExportFileFormat",
-          "documentation":"<p>The file format used in the files that describe the bot or bot locale.</p>"
+          "documentation":"<p>The file format used in the files that describe the resource. </p>"
         },
         "exportStatus":{
           "shape":"ExportStatus",
@@ -3628,7 +4187,7 @@
         },
         "resourceSpecification":{
           "shape":"ImportResourceSpecification",
-          "documentation":"<p>The specifications of the imported bot or bot locale.</p>"
+          "documentation":"<p>The specifications of the imported bot, bot locale, or custom vocabulary.</p>"
         },
         "importedResourceId":{
           "shape":"ImportedResourceId",
@@ -3981,7 +4540,8 @@
         "lastUpdatedDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>A timestamp of the date and time that the slot type was last updated.</p>"
-        }
+        },
+        "externalSourceSetting":{"shape":"ExternalSourceSetting"}
       }
     },
     "Description":{
@@ -4013,6 +4573,24 @@
         "Deny"
       ]
     },
+    "EncryptionSetting":{
+      "type":"structure",
+      "members":{
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The KMS key ARN used to encrypt the metadata associated with the bot recommendation.</p>"
+        },
+        "botLocaleExportPassword":{
+          "shape":"FilePassword",
+          "documentation":"<p>The password used to encrypt the recommended bot recommendation file.</p>"
+        },
+        "associatedTranscriptsPassword":{
+          "shape":"FilePassword",
+          "documentation":"<p>The password used to encrypt the associated transcript file.</p>"
+        }
+      },
+      "documentation":"<p>The object representing the passwords that were used to encrypt the data related to the bot recommendation, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
+    },
     "ExceptionMessage":{"type":"string"},
     "ExportFilter":{
       "type":"structure",
@@ -4028,14 +4606,14 @@
         },
         "values":{
           "shape":"FilterValues",
-          "documentation":"<p>The values to use to filter the response.</p>"
+          "documentation":"<p>The values to use to filter the response. The values must be <code>Bot</code>, <code>BotLocale</code>, or <code>CustomVocabulary</code>.</p>"
         },
         "operator":{
           "shape":"ExportFilterOperator",
           "documentation":"<p>The operator to use for the filter. Specify EQ when the <code>ListExports</code> operation should return only resource types that equal the specified value. Specify CO when the <code>ListExports</code> operation should return resource types that contain the specified value.</p>"
         }
       },
-      "documentation":"<p>Filters the response form the operation</p>"
+      "documentation":"<p>Filters the response form the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListExports.html\">ListExports</a> operation</p>"
     },
     "ExportFilterName":{
       "type":"string",
@@ -4064,6 +4642,10 @@
         "botLocaleExportSpecification":{
           "shape":"BotLocaleExportSpecification",
           "documentation":"<p>Parameters for exporting a bot locale.</p>"
+        },
+        "customVocabularyExportSpecification":{
+          "shape":"CustomVocabularyExportSpecification",
+          "documentation":"<p>The parameters required to export a custom vocabulary.</p>"
         }
       },
       "documentation":"<p>Provides information about the bot or bot locale that you want to export. You can specify the <code>botExportSpecification</code> or the <code>botLocaleExportSpecification</code>, but not both.</p>"
@@ -4133,11 +4715,27 @@
       "type":"list",
       "member":{"shape":"ExportSummary"}
     },
+    "ExternalSourceSetting":{
+      "type":"structure",
+      "members":{
+        "grammarSlotTypeSetting":{
+          "shape":"GrammarSlotTypeSetting",
+          "documentation":"<p>Settings required for a slot type based on a grammar that you provide.</p>"
+        }
+      },
+      "documentation":"<p>Provides information about the external source of the slot type's definition.</p>"
+    },
     "FailureReason":{"type":"string"},
     "FailureReasons":{
       "type":"list",
       "member":{"shape":"FailureReason"}
     },
+    "FilePassword":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "sensitive":true
+    },
     "FilterValue":{
       "type":"string",
       "max":100,
@@ -4251,6 +4849,38 @@
       },
       "documentation":"<p>Provides information for updating the user on the progress of fulfilling an intent.</p>"
     },
+    "GrammarSlotTypeSetting":{
+      "type":"structure",
+      "members":{
+        "source":{
+          "shape":"GrammarSlotTypeSource",
+          "documentation":"<p>The source of the grammar used to create the slot type.</p>"
+        }
+      },
+      "documentation":"<p>Settings requried for a slot type based on a grammar that you provide.</p>"
+    },
+    "GrammarSlotTypeSource":{
+      "type":"structure",
+      "required":[
+        "s3BucketName",
+        "s3ObjectKey"
+      ],
+      "members":{
+        "s3BucketName":{
+          "shape":"S3BucketName",
+          "documentation":"<p>The name of the S3 bucket that contains the grammar source.</p>"
+        },
+        "s3ObjectKey":{
+          "shape":"S3ObjectPath",
+          "documentation":"<p>The path to the grammar in the S3 bucket.</p>"
+        },
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Amazon KMS key required to decrypt the contents of the grammar, if any.</p>"
+        }
+      },
+      "documentation":"<p>Describes the Amazon S3 bucket name and location for the grammar that is the source for the slot type.</p>"
+    },
     "HitCount":{"type":"integer"},
     "Id":{
       "type":"string",
@@ -4283,7 +4913,10 @@
     },
     "ImportExportFileFormat":{
       "type":"string",
-      "enum":["LexJson"]
+      "enum":[
+        "LexJson",
+        "TSV"
+      ]
     },
     "ImportExportFilePassword":{
       "type":"string",
@@ -4305,14 +4938,14 @@
         },
         "values":{
           "shape":"FilterValues",
-          "documentation":"<p>The values to use to filter the response.</p>"
+          "documentation":"<p>The values to use to filter the response. The values must be <code>Bot</code>, <code>BotLocale</code>, or <code>CustomVocabulary</code>.</p>"
         },
         "operator":{
           "shape":"ImportFilterOperator",
           "documentation":"<p>The operator to use for the filter. Specify EQ when the <code>ListImports</code> operation should return only resource types that equal the specified value. Specify CO when the <code>ListImports</code> operation should return resource types that contain the specified value.</p>"
         }
       },
-      "documentation":"<p>Filters the response from the operation.</p>"
+      "documentation":"<p>Filters the response from the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_ListImports.html\">ListImports</a> operation.</p>"
     },
     "ImportFilterName":{
       "type":"string",
@@ -4341,10 +4974,19 @@
         "botLocaleImportSpecification":{
           "shape":"BotLocaleImportSpecification",
           "documentation":"<p>Parameters for importing a bot locale.</p>"
-        }
+        },
+        "customVocabularyImportSpecification":{"shape":"CustomVocabularyImportSpecification"}
       },
       "documentation":"<p>Provides information about the bot or bot locale that you want to import. You can specify the <code>botImportSpecification</code> or the <code>botLocaleImportSpecification</code>, but not both.</p>"
     },
+    "ImportResourceType":{
+      "type":"string",
+      "enum":[
+        "Bot",
+        "BotLocale",
+        "CustomVocabulary"
+      ]
+    },
     "ImportSortAttribute":{
       "type":"string",
       "enum":["LastUpdatedDateTime"]
@@ -4406,6 +5048,10 @@
         "lastUpdatedDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>The date and time that the import was last updated.</p>"
+        },
+        "importedResourceType":{
+          "shape":"ImportResourceType",
+          "documentation":"<p>The type of resource that was imported.</p>"
         }
       },
       "documentation":"<p>Provides summary information about an import in an import list.</p>"
@@ -4540,6 +5186,16 @@
       },
       "documentation":"<p>Specifies attributes for sorting a list of intents.</p>"
     },
+    "IntentStatistics":{
+      "type":"structure",
+      "members":{
+        "discoveredIntentCount":{
+          "shape":"Count",
+          "documentation":"<p>The number of recommended intents associated with the bot recommendation.</p>"
+        }
+      },
+      "documentation":"<p>The object that contains the statistical summary of recommended intents associated with the bot recommendation.</p>"
+    },
     "IntentSummary":{
       "type":"structure",
       "members":{
@@ -4643,6 +5299,16 @@
       },
       "documentation":"<p>Specifies a Lambda function that verifies requests to a bot or fulfills the user's request to a bot.</p>"
     },
+    "LexTranscriptFilter":{
+      "type":"structure",
+      "members":{
+        "dateRangeFilter":{
+          "shape":"DateRangeFilter",
+          "documentation":"<p>The object that contains a date range filter that will be applied to the transcript. Specify this object if you want Amazon Lex to only read the files that are within the date range.</p>"
+        }
+      },
+      "documentation":"<p>The object that contains transcript filter details that are associated with a bot recommendation.</p>"
+    },
     "ListAggregatedUtterancesRequest":{
       "type":"structure",
       "required":[
@@ -4831,6 +5497,67 @@
         }
       }
     },
+    "ListBotRecommendationsRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot that contains the bot recommendation list.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot that contains the bot recommendation list.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation list.</p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of bot recommendations to return in each page of results. If there are fewer results than the max page size, only the actual number of results are returned.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response from the ListBotRecommendation operation contains more results than specified in the maxResults parameter, a token is returned in the response. Use that token in the nextToken parameter to return the next page of results.</p>"
+        }
+      }
+    },
+    "ListBotRecommendationsResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot that contains the bot recommendation list.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot that contains the bot recommendation list.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation list.</p>"
+        },
+        "botRecommendationSummaries":{
+          "shape":"BotRecommendationSummaryList",
+          "documentation":"<p>Summary information for the bot recommendations that meet the filter specified in this request. The length of the list is specified in the maxResults parameter of the request. If there are more bot recommendations available, the nextToken field contains a token to get the next page of results.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token that indicates whether there are more results to return in a response to the ListBotRecommendations operation. If the nextToken field is present, you send the contents as the nextToken parameter of a ListBotRecommendations operation request to get the next page of results. </p>"
+        }
+      }
+    },
     "ListBotVersionsRequest":{
       "type":"structure",
       "required":["botId"],
@@ -4889,7 +5616,7 @@
         },
         "nextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the response from the <code>ListBots</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response. Use that token in the <code>nextToken</code> parameter to return the next page of results.</p>"
+          "documentation":"<p>If the response from the <code>ListBots</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response. </p> <p>Use the returned token in the <code>nextToken</code> parameter of a <code>ListBots</code> request to return the next page of results. For a complete set of results, call the <code>ListBots</code> operation until the <code>nextToken</code> returned in the response is null.</p>"
         }
       }
     },
@@ -5013,7 +5740,11 @@
         },
         "nextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the response from the <code>ListExports</code> operation contains more results that specified in the <code>maxResults</code> parameter, a token is returned in the response. Use that token in the <code>nextToken</code> parameter to return the next page of results.</p>"
+          "documentation":"<p>If the response from the <code>ListExports</code> operation contains more results that specified in the <code>maxResults</code> parameter, a token is returned in the response. </p> <p>Use the returned token in the <code>nextToken</code> parameter of a <code>ListExports</code> request to return the next page of results. For a complete set of results, call the <code>ListExports</code> operation until the <code>nextToken</code> returned in the response is null.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>Specifies the resources that should be exported. If you don't specify a resource type in the <code>filters</code> parameter, both bot locales and custom vocabularies are exported.</p>"
         }
       }
     },
@@ -5035,6 +5766,10 @@
         "nextToken":{
           "shape":"NextToken",
           "documentation":"<p>A token that indicates whether there are more results to return in a response to the <code>ListExports</code> operation. If the <code>nextToken</code> field is present, you send the contents as the <code>nextToken</code> parameter of a <code>ListExports</code> operation request to get the next page of results.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale specified in the request.</p>"
         }
       }
     },
@@ -5063,7 +5798,11 @@
         },
         "nextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the response from the <code>ListImports</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response. Use that token in the <code>nextToken</code> parameter to return the next page of results.</p>"
+          "documentation":"<p>If the response from the <code>ListImports</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response.</p> <p>Use the returned token in the <code>nextToken</code> parameter of a <code>ListImports</code> request to return the next page of results. For a complete set of results, call the <code>ListImports</code> operation until the <code>nextToken</code> returned in the response is null.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>Specifies the locale that should be present in the list. If you don't specify a resource type in the <code>filters</code> parameter, the list contains both bot locales and custom vocabularies.</p>"
         }
       }
     },
@@ -5085,6 +5824,10 @@
         "nextToken":{
           "shape":"NextToken",
           "documentation":"<p>A token that indicates whether there are more results to return in a response to the <code>ListImports</code> operation. If the <code>nextToken</code> field is present, you send the contents as the <code>nextToken</code> parameter of a <code>ListImports</code> operation request to get the next page of results.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The locale specified in the request.</p>"
         }
       }
     },
@@ -5128,7 +5871,7 @@
         },
         "nextToken":{
           "shape":"NextToken",
-          "documentation":"<p>If the response from the <code>ListIntents</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response. Use that token in the <code>nextToken</code> parameter to return the next page of results.</p>"
+          "documentation":"<p>If the response from the <code>ListIntents</code> operation contains more results than specified in the <code>maxResults</code> parameter, a token is returned in the response.</p> <p>Use the returned token in the <code>nextToken</code> parameter of a <code>ListIntents</code> request to return the next page of results. For a complete set of results, call the <code>ListIntents</code> operation until the <code>nextToken</code> returned in the response is null.</p>"
         }
       }
     },
@@ -5157,6 +5900,78 @@
         }
       }
     },
+    "ListRecommendedIntentsRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId",
+        "botRecommendationId"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot associated with the recommended intents.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot that contains the recommended intents.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the recommended intents.</p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot recommendation that contains the recommended intents.</p>",
+          "location":"uri",
+          "locationName":"botRecommendationId"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response from the ListRecommendedIntents operation contains more results than specified in the maxResults parameter, a token is returned in the response. Use that token in the nextToken parameter to return the next page of results.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of bot recommendations to return in each page of results. If there are fewer results than the max page size, only the actual number of results are returned.</p>"
+        }
+      }
+    },
+    "ListRecommendedIntentsResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot associated with the recommended intent.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot that contains the intent.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the intents to list. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a>.</p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot recommendation that contains the recommended intent.</p>"
+        },
+        "summaryList":{
+          "shape":"RecommendedIntentSummaryList",
+          "documentation":"<p>Summary information for the intents that meet the filter criteria specified in the request. The length of the list is specified in the maxResults parameter of the request. If there are more intents available, the nextToken field contains a token to get the next page of results.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token that indicates whether there are more results to return in a response to the ListRecommendedIntents operation. If the nextToken field is present, you send the contents as the nextToken parameter of a ListRecommendedIntents operation request to get the next page of results.</p>"
+        }
+      }
+    },
     "ListSlotTypesRequest":{
       "type":"structure",
       "required":[
@@ -5343,7 +6158,8 @@
       "type":"string",
       "enum":[
         "Overwrite",
-        "FailOnConflict"
+        "FailOnConflict",
+        "Append"
       ]
     },
     "Message":{
@@ -5412,6 +6228,12 @@
       "min":1,
       "pattern":"^([0-9a-zA-Z][_-]?)+$"
     },
+    "NextIndex":{
+      "type":"integer",
+      "box":true,
+      "max":10000000,
+      "min":0
+    },
     "NextToken":{"type":"string"},
     "NumericalBotVersion":{
       "type":"string",
@@ -5437,6 +6259,17 @@
         "DefaultObfuscation"
       ]
     },
+    "ObjectPrefix":{
+      "type":"string",
+      "min":1,
+      "pattern":"^[\\/]?+[a-zA-Z0-9!_.*'()-]+(\\/[a-zA-Z0-9!_.*'()-]+)*$"
+    },
+    "ObjectPrefixes":{
+      "type":"list",
+      "member":{"shape":"ObjectPrefix"},
+      "max":2,
+      "min":1
+    },
     "Operation":{
       "type":"string",
       "max":50,
@@ -5476,6 +6309,16 @@
       "max":10,
       "min":0
     },
+    "PathFormat":{
+      "type":"structure",
+      "members":{
+        "objectPrefixes":{
+          "shape":"ObjectPrefixes",
+          "documentation":"<p>A list of Amazon S3 prefixes that points to sub-folders in the Amazon S3 bucket. Specify this list if you only want Lex to read the files under this set of sub-folders.</p>"
+        }
+      },
+      "documentation":"<p>The object that contains a path format that will be applied when Amazon Lex reads the transcript file in the bucket you provide. Specify this object if you only want Lex to read a subset of files in your Amazon S3 bucket.</p>"
+    },
     "PlainTextMessage":{
       "type":"structure",
       "required":["value"],
@@ -5580,6 +6423,33 @@
       "max":5000,
       "min":1
     },
+    "RecommendedAction":{"type":"string"},
+    "RecommendedActions":{
+      "type":"list",
+      "member":{"shape":"RecommendedAction"}
+    },
+    "RecommendedIntentSummary":{
+      "type":"structure",
+      "members":{
+        "intentId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of a recommended intent associated with the bot recommendation.</p>"
+        },
+        "intentName":{
+          "shape":"Name",
+          "documentation":"<p>The name of a recommended intent associated with the bot recommendation.</p>"
+        },
+        "sampleUtterancesCount":{
+          "shape":"SampleUtterancesCount",
+          "documentation":"<p>The count of sample utterances of a recommended intent that is associated with a bot recommendation.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains a summary of a recommended intent.</p>"
+    },
+    "RecommendedIntentSummaryList":{
+      "type":"list",
+      "member":{"shape":"RecommendedIntentSummary"}
+    },
     "RegexPattern":{
       "type":"string",
       "max":300,
@@ -5669,6 +6539,48 @@
       },
       "documentation":"<p>Specifies an Amazon S3 bucket for logging audio conversations</p>"
     },
+    "S3BucketName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]$"
+    },
+    "S3BucketTranscriptSource":{
+      "type":"structure",
+      "required":[
+        "s3BucketName",
+        "transcriptFormat"
+      ],
+      "members":{
+        "s3BucketName":{
+          "shape":"S3BucketName",
+          "documentation":"<p>The name of the bucket containing the transcript and the associated metadata.</p>"
+        },
+        "pathFormat":{
+          "shape":"PathFormat",
+          "documentation":"<p>The object that contains a path format that will be applied when Amazon Lex reads the transcript file in the bucket you provide. Specify this object if you only want Lex to read a subset of files in your Amazon S3 bucket.</p>"
+        },
+        "transcriptFormat":{
+          "shape":"TranscriptFormat",
+          "documentation":"<p>The format of the transcript content. Currently, Genie only supports the Amazon Lex transcript format.</p>"
+        },
+        "transcriptFilter":{
+          "shape":"TranscriptFilter",
+          "documentation":"<p>The object that contains the filter which will be applied when Amazon Lex reads through the Amazon S3 bucket. Specify this object if you want Amazon Lex to read only a subset of the Amazon S3 bucket based on the filter you provide.</p>"
+        },
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The ARN of the KMS key that customer use to encrypt their Amazon S3 bucket. Only use this field if your bucket is encrypted using a customer managed KMS key.</p>"
+        }
+      },
+      "documentation":"<p>The object representing the Amazon S3 bucket containing the transcript, as well as the associated metadata.</p>"
+    },
+    "S3ObjectPath":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"[\\.\\-\\!\\*\\_\\'\\(\\)a-zA-Z0-9][\\.\\-\\!\\*\\_\\'\\(\\)\\/a-zA-Z0-9]*$"
+    },
     "SSMLMessage":{
       "type":"structure",
       "required":["value"],
@@ -5696,6 +6608,7 @@
       },
       "documentation":"<p>A sample utterance that invokes an intent or respond to a slot elicitation prompt.</p>"
     },
+    "SampleUtterancesCount":{"type":"integer"},
     "SampleUtterancesList":{
       "type":"list",
       "member":{"shape":"SampleUtterance"}
@@ -5711,6 +6624,98 @@
       },
       "documentation":"<p>Defines one of the values for a slot type.</p>"
     },
+    "SearchAssociatedTranscriptsRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId",
+        "botRecommendationId",
+        "filters"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot associated with the transcripts that you are searching.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"BotVersion",
+          "documentation":"<p>The version of the bot containing the transcripts that you are searching.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the transcripts to search. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot recommendation associated with the transcripts to search.</p>",
+          "location":"uri",
+          "locationName":"botRecommendationId"
+        },
+        "searchOrder":{
+          "shape":"SearchOrder",
+          "documentation":"<p>How SearchResults are ordered. Valid values are Ascending or Descending. The default is Descending.</p>"
+        },
+        "filters":{
+          "shape":"AssociatedTranscriptFilters",
+          "documentation":"<p>A list of filter objects.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of bot recommendations to return in each page of results. If there are fewer results than the max page size, only the actual number of results are returned.</p>"
+        },
+        "nextIndex":{
+          "shape":"NextIndex",
+          "documentation":"<p>If the response from the SearchAssociatedTranscriptsRequest operation contains more results than specified in the maxResults parameter, an index is returned in the response. Use that index in the nextIndex parameter to return the next page of results.</p>"
+        }
+      }
+    },
+    "SearchAssociatedTranscriptsResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot associated with the transcripts that you are searching.</p>"
+        },
+        "botVersion":{
+          "shape":"BotVersion",
+          "documentation":"<p>The version of the bot containing the transcripts that you are searching.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the transcripts to search. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p> The unique identifier of the bot recommendation associated with the transcripts to search.</p>"
+        },
+        "nextIndex":{
+          "shape":"NextIndex",
+          "documentation":"<p>A index that indicates whether there are more results to return in a response to the SearchAssociatedTranscripts operation. If the nextIndex field is present, you send the contents as the nextIndex parameter of a SearchAssociatedTranscriptsRequest operation to get the next page of results.</p>"
+        },
+        "associatedTranscripts":{
+          "shape":"AssociatedTranscriptList",
+          "documentation":"<p>The object that contains the associated transcript that meet the criteria you specified.</p>"
+        },
+        "totalResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The total number of transcripts returned by the search.</p>"
+        }
+      }
+    },
+    "SearchOrder":{
+      "type":"string",
+      "enum":[
+        "Ascending",
+        "Descending"
+      ]
+    },
     "SentimentAnalysisSettings":{
       "type":"structure",
       "required":["detectSentiment"],
@@ -5914,6 +6919,14 @@
       "type":"list",
       "member":{"shape":"SlotSummary"}
     },
+    "SlotTypeCategory":{
+      "type":"string",
+      "enum":[
+        "Custom",
+        "Extended",
+        "ExternalGrammar"
+      ]
+    },
     "SlotTypeFilter":{
       "type":"structure",
       "required":[
@@ -5939,7 +6952,10 @@
     },
     "SlotTypeFilterName":{
       "type":"string",
-      "enum":["SlotTypeName"]
+      "enum":[
+        "SlotTypeName",
+        "ExternalSourceType"
+      ]
     },
     "SlotTypeFilterOperator":{
       "type":"string",
@@ -5980,6 +6996,16 @@
       },
       "documentation":"<p>Specifies attributes for sorting a list of slot types.</p>"
     },
+    "SlotTypeStatistics":{
+      "type":"structure",
+      "members":{
+        "discoveredSlotTypeCount":{
+          "shape":"Count",
+          "documentation":"<p>The number of recommended slot types associated with the bot recommendation.</p>"
+        }
+      },
+      "documentation":"<p>The object that contains the statistical summary of the recommended slot type associated with the bot recommendation.</p>"
+    },
     "SlotTypeSummary":{
       "type":"structure",
       "members":{
@@ -6002,6 +7028,10 @@
         "lastUpdatedDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>A timestamp of the date and time that the slot type was last updated.</p>"
+        },
+        "slotTypeCategory":{
+          "shape":"SlotTypeCategory",
+          "documentation":"<p>Indicates the type of the slot type.</p> <ul> <li> <p> <code>Custom</code> - A slot type that you created using custom values. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/custom-slot-types.html\">Creating custom slot types</a>.</p> </li> <li> <p> <code>Extended</code> - A slot type created by extending the AMAZON.AlphaNumeric built-in slot type. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/built-in-slot-alphanumerice.html\">AMAZON.AlphaNumeric</a>.</p> </li> <li> <p> <code>ExternalGrammar</code> - A slot type using a custom GRXML grammar to define values. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/building-grxml.html\">Using a custom grammar slot type</a>.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Provides summary information about a slot type.</p>"
@@ -6083,6 +7113,10 @@
         "regexFilter":{
           "shape":"SlotValueRegexFilter",
           "documentation":"<p>A regular expression used to validate the value of a slot.</p>"
+        },
+        "advancedRecognitionSetting":{
+          "shape":"AdvancedRecognitionSetting",
+          "documentation":"<p>Provides settings that enable advanced recognition settings for slot values.</p>"
         }
       },
       "documentation":"<p>Contains settings used by Amazon Lex to select a slot value.</p>"
@@ -6094,6 +7128,80 @@
         "Descending"
       ]
     },
+    "StartBotRecommendationRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId",
+        "transcriptSourceSetting"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot containing the bot recommendation.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot containing the bot recommendation.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to start. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "transcriptSourceSetting":{
+          "shape":"TranscriptSourceSetting",
+          "documentation":"<p>The object representing the Amazon S3 bucket containing the transcript, as well as the associated metadata.</p>"
+        },
+        "encryptionSetting":{
+          "shape":"EncryptionSetting",
+          "documentation":"<p>The object representing the passwords that will be used to encrypt the data related to the bot recommendation results, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
+        }
+      }
+    },
+    "StartBotRecommendationResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot containing the bot recommendation.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot containing the bot recommendation.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to start. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>"
+        },
+        "botRecommendationStatus":{
+          "shape":"BotRecommendationStatus",
+          "documentation":"<p>The status of the bot recommendation.</p> <p>If the status is Failed, then the reasons for the failure are listed in the failureReasons field. </p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The identifier of the bot recommendation that you have created.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp of the date and time that the bot recommendation was created.</p>"
+        },
+        "transcriptSourceSetting":{
+          "shape":"TranscriptSourceSetting",
+          "documentation":"<p>The object representing the Amazon S3 bucket containing the transcript, as well as the associated metadata.</p>"
+        },
+        "encryptionSetting":{
+          "shape":"EncryptionSetting",
+          "documentation":"<p>The object representing the passwords that were used to encrypt the data related to the bot recommendation results, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
+        }
+      }
+    },
     "StartImportRequest":{
       "type":"structure",
       "required":[
@@ -6104,11 +7212,11 @@
       "members":{
         "importId":{
           "shape":"Id",
-          "documentation":"<p>The unique identifier for the import. It is included in the response from the operation.</p>"
+          "documentation":"<p>The unique identifier for the import. It is included in the response from the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_CreateUploadUrl.html\">CreateUploadUrl</a> operation.</p>"
         },
         "resourceSpecification":{
           "shape":"ImportResourceSpecification",
-          "documentation":"<p>Parameters for creating the bot or bot locale.</p>"
+          "documentation":"<p>Parameters for creating the bot, bot locale or custom vocabulary.</p>"
         },
         "mergeStrategy":{
           "shape":"MergeStrategy",
@@ -6116,7 +7224,7 @@
         },
         "filePassword":{
           "shape":"ImportExportFilePassword",
-          "documentation":"<p>The password used to encrypt the zip archive that contains the bot or bot locale definition. You should always encrypt the zip archive to protect it during transit between your site and Amazon Lex.</p>"
+          "documentation":"<p>The password used to encrypt the zip archive that contains the resource definition. You should always encrypt the zip archive to protect it during transit between your site and Amazon Lex.</p>"
         }
       }
     },
@@ -6129,7 +7237,7 @@
         },
         "resourceSpecification":{
           "shape":"ImportResourceSpecification",
-          "documentation":"<p>The parameters used when importing the bot or bot locale.</p>"
+          "documentation":"<p>The parameters used when importing the resource.</p>"
         },
         "mergeStrategy":{
           "shape":"MergeStrategy",
@@ -6137,7 +7245,7 @@
         },
         "importStatus":{
           "shape":"ImportStatus",
-          "documentation":"<p>The current status of the import. When the status is <code>Complete</code> the bot or bot alias is ready to use.</p>"
+          "documentation":"<p>The current status of the import. When the status is <code>Complete</code> the bot, bot alias, or custom vocabulary is ready to use.</p>"
         },
         "creationDateTime":{
           "shape":"Timestamp",
@@ -6295,6 +7403,36 @@
       "min":1
     },
     "Timestamp":{"type":"timestamp"},
+    "Transcript":{
+      "type":"string",
+      "max":6000000,
+      "min":1,
+      "pattern":".*"
+    },
+    "TranscriptFilter":{
+      "type":"structure",
+      "members":{
+        "lexTranscriptFilter":{
+          "shape":"LexTranscriptFilter",
+          "documentation":"<p>The object representing the filter that Amazon Lex will use to select the appropriate transcript when the transcript format is the Amazon Lex format.</p>"
+        }
+      },
+      "documentation":"<p>The object representing the filter that Amazon Lex will use to select the appropriate transcript.</p>"
+    },
+    "TranscriptFormat":{
+      "type":"string",
+      "enum":["Lex"]
+    },
+    "TranscriptSourceSetting":{
+      "type":"structure",
+      "members":{
+        "s3BucketTranscriptSource":{
+          "shape":"S3BucketTranscriptSource",
+          "documentation":"<p>Indicates the setting of the Amazon S3 bucket where the transcript is stored.</p>"
+        }
+      },
+      "documentation":"<p>Indicates the setting of the location where the transcript is stored.</p>"
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -6497,6 +7635,91 @@
         "lastUpdatedDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>A timestamp of the date and time that the locale was last updated.</p>"
+        },
+        "recommendedActions":{
+          "shape":"RecommendedActions",
+          "documentation":"<p>Recommended actions to take to resolve an error in the <code>failureReasons</code> field.</p>"
+        }
+      }
+    },
+    "UpdateBotRecommendationRequest":{
+      "type":"structure",
+      "required":[
+        "botId",
+        "botVersion",
+        "localeId",
+        "botRecommendationId",
+        "encryptionSetting"
+      ],
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot containing the bot recommendation to be updated.</p>",
+          "location":"uri",
+          "locationName":"botId"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot containing the bot recommendation to be updated.</p>",
+          "location":"uri",
+          "locationName":"botVersion"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to update. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>",
+          "location":"uri",
+          "locationName":"localeId"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot recommendation to be updated.</p>",
+          "location":"uri",
+          "locationName":"botRecommendationId"
+        },
+        "encryptionSetting":{
+          "shape":"EncryptionSetting",
+          "documentation":"<p>The object representing the passwords that will be used to encrypt the data related to the bot recommendation results, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
+        }
+      }
+    },
+    "UpdateBotRecommendationResponse":{
+      "type":"structure",
+      "members":{
+        "botId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot containing the bot recommendation that has been updated.</p>"
+        },
+        "botVersion":{
+          "shape":"DraftBotVersion",
+          "documentation":"<p>The version of the bot containing the bot recommendation that has been updated.</p>"
+        },
+        "localeId":{
+          "shape":"LocaleId",
+          "documentation":"<p>The identifier of the language and locale of the bot recommendation to update. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a> </p>"
+        },
+        "botRecommendationStatus":{
+          "shape":"BotRecommendationStatus",
+          "documentation":"<p>The status of the bot recommendation.</p> <p>If the status is Failed, then the reasons for the failure are listed in the failureReasons field. </p>"
+        },
+        "botRecommendationId":{
+          "shape":"Id",
+          "documentation":"<p>The unique identifier of the bot recommendation to be updated.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp of the date and time that the bot recommendation was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp of the date and time that the bot recommendation was last updated.</p>"
+        },
+        "transcriptSourceSetting":{
+          "shape":"TranscriptSourceSetting",
+          "documentation":"<p>The object representing the Amazon S3 bucket containing the transcript, as well as the associated metadata.</p>"
+        },
+        "encryptionSetting":{
+          "shape":"EncryptionSetting",
+          "documentation":"<p>The object representing the passwords that were used to encrypt the data related to the bot recommendation results, as well as the KMS key ARN used to encrypt the associated metadata.</p>"
         }
       }
     },
@@ -6512,7 +7735,7 @@
       "members":{
         "botId":{
           "shape":"Id",
-          "documentation":"<p>The unique identifier of the bot to update. This identifier is returned by the <a>CreateBot</a> operation.</p>",
+          "documentation":"<p>The unique identifier of the bot to update. This identifier is returned by the <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/API_CreateBot.html\">CreateBot</a> operation.</p>",
           "location":"uri",
           "locationName":"botId"
         },
@@ -6608,7 +7831,7 @@
         },
         "fileFormat":{
           "shape":"ImportExportFileFormat",
-          "documentation":"<p>The file format used for the files that define the resource.</p>"
+          "documentation":"<p>The file format used for the files that define the resource. The <code>TSV</code> format is required to export a custom vocabulary only; otherwise use <code>LexJson</code> format.</p>"
         },
         "exportStatus":{
           "shape":"ExportStatus",
@@ -6954,7 +8177,6 @@
       "required":[
         "slotTypeId",
         "slotTypeName",
-        "valueSelectionSetting",
         "botId",
         "botVersion",
         "localeId"
@@ -7003,7 +8225,8 @@
           "documentation":"<p>The identifier of the language and locale that contains the slot type. The string must match one of the supported locales. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/how-languages.html\">Supported languages</a>.</p>",
           "location":"uri",
           "locationName":"localeId"
-        }
+        },
+        "externalSourceSetting":{"shape":"ExternalSourceSetting"}
       }
     },
     "UpdateSlotTypeResponse":{
@@ -7052,7 +8275,8 @@
         "lastUpdatedDateTime":{
           "shape":"Timestamp",
           "documentation":"<p>A timestamp of the date and time that the slot type was last updated.</p>"
-        }
+        },
+        "externalSourceSetting":{"shape":"ExternalSourceSetting"}
       }
     },
     "Utterance":{"type":"string"},
@@ -7081,6 +8305,13 @@
       "max":140,
       "min":1
     },
+    "VoiceEngine":{
+      "type":"string",
+      "enum":[
+        "standard",
+        "neural"
+      ]
+    },
     "VoiceId":{"type":"string"},
     "VoiceSettings":{
       "type":"structure",
@@ -7089,6 +8320,10 @@
         "voiceId":{
           "shape":"VoiceId",
           "documentation":"<p>The identifier of the Amazon Polly voice to use.</p>"
+        },
+        "engine":{
+          "shape":"VoiceEngine",
+          "documentation":"<p>Indicates the type of Amazon Polly voice that Amazon Lex should use for voice interaction with the user. For more information, see the <a href=\"https://docs.aws.amazon.com/polly/latest/dg/API_SynthesizeSpeech.html#polly-SynthesizeSpeech-request-Engine\"> <code>engine</code> parameter of the <code>SynthesizeSpeech</code> operation</a> in the <i>Amazon Polly developer guide</i>.</p> <p>If you do not specify a value, the default is <code>standard</code>.</p>"
         }
       },
       "documentation":"<p>Defines settings for using an Amazon Polly voice to communicate with a user.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/lexv2-runtime/2020-08-07/service-2.json b/contrib/python/botocore/py3/botocore/data/lexv2-runtime/2020-08-07/service-2.json
index 9969d84ea05..ae9bd17571a 100644
--- a/contrib/python/botocore/py3/botocore/data/lexv2-runtime/2020-08-07/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lexv2-runtime/2020-08-07/service-2.json
@@ -490,6 +490,10 @@
         "slotToElicit":{
           "shape":"NonEmptyString",
           "documentation":"<p>The name of the slot that should be elicited from the user.</p>"
+        },
+        "slotElicitationStyle":{
+          "shape":"StyleType",
+          "documentation":"<p>Configures the slot to use spell-by-letter or spell-by-word style. When you use a style on a slot, users can spell out their input to make it clear to your bot.</p> <ul> <li> <p>Spell by letter - \"b\" \"o\" \"b\"</p> </li> <li> <p>Spell by word - \"b as in boy\" \"o as in oscar\" \"b as in boy\"</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/using-spelling.html\"> Using spelling to enter slot values </a>.</p>"
         }
       },
       "documentation":"<p>The next action that Amazon Lex V2 should take.</p>"
@@ -756,6 +760,12 @@
       "member":{"shape":"Message"},
       "max":10
     },
+    "Name":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"^([0-9a-zA-Z][_-]?)+$"
+    },
     "NonEmptyString":{
       "type":"string",
       "min":1
@@ -1107,6 +1117,49 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "RuntimeHintDetails":{
+      "type":"structure",
+      "required":["runtimeHintValues"],
+      "members":{
+        "runtimeHintValues":{
+          "shape":"RuntimeHintValuesList",
+          "documentation":"<p>One or more strings that Amazon Lex V2 should look for in the input to the bot. Each phrase is given preference when deciding on slot values.</p>"
+        }
+      },
+      "documentation":"<p>Provides an array of phrases that should be given preference when resolving values for a slot.</p>"
+    },
+    "RuntimeHintPhrase":{
+      "type":"string",
+      "max":140,
+      "min":1
+    },
+    "RuntimeHintValue":{
+      "type":"structure",
+      "required":["phrase"],
+      "members":{
+        "phrase":{
+          "shape":"RuntimeHintPhrase",
+          "documentation":"<p>The phrase that Amazon Lex V2 should look for in the user's input to the bot.</p>"
+        }
+      },
+      "documentation":"<p>Provides the phrase that Amazon Lex V2 should look for in the user's input to the bot.</p>"
+    },
+    "RuntimeHintValuesList":{
+      "type":"list",
+      "member":{"shape":"RuntimeHintValue"},
+      "max":100,
+      "min":1
+    },
+    "RuntimeHints":{
+      "type":"structure",
+      "members":{
+        "slotHints":{
+          "shape":"SlotHintsIntentMap",
+          "documentation":"<p>A list of the slots in the intent that should have runtime hints added, and the phrases that should be added for each slot.</p> <p>The first level of the <code>slotHints</code> map is the name of the intent. The second level is the name of the slot within the intent. For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/using-hints.xml\">Using hints to improve accuracy</a>.</p> <p>The intent name and slot name must exist.</p>"
+        }
+      },
+      "documentation":"<p>You can provide Amazon Lex V2 with hints to the phrases that a customer is likely to use for a slot. When a slot with hints is resolved, the phrases in the runtime hints are preferred in the resolution. You can provide hints for a maximum of 100 intents. You can provide a maximum of 100 slots.</p> <p>Before you can use runtime hints with an existing bot, you must first rebuild the bot.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/lexv2/latest/dg/using-hints.xml\">Using hints to improve accuracy</a>.</p>"
+    },
     "SensitiveNonEmptyString":{
       "type":"string",
       "sensitive":true
@@ -1180,7 +1233,11 @@
         },
         "originatingRequestId":{
           "shape":"NonEmptyString",
-          "documentation":"<p/>"
+          "documentation":"<p>A unique identifier for a specific request.</p>"
+        },
+        "runtimeHints":{
+          "shape":"RuntimeHints",
+          "documentation":"<p>Hints for phrases that a customer is likely to use for a slot. Amazon Lex V2 uses the hints to help determine the correct value of a slot.</p>"
         }
       },
       "documentation":"<p>The state of the user's session with Amazon Lex V2.</p>"
@@ -1210,6 +1267,16 @@
       },
       "documentation":"<p>A value that Amazon Lex V2 uses to fulfill an intent. </p>"
     },
+    "SlotHintsIntentMap":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"SlotHintsSlotMap"}
+    },
+    "SlotHintsSlotMap":{
+      "type":"map",
+      "key":{"shape":"Name"},
+      "value":{"shape":"RuntimeHintDetails"}
+    },
     "Slots":{
       "type":"map",
       "key":{"shape":"NonEmptyString"},
@@ -1355,6 +1422,14 @@
       "key":{"shape":"NonEmptyString"},
       "value":{"shape":"String"}
     },
+    "StyleType":{
+      "type":"string",
+      "enum":[
+        "Default",
+        "SpellByLetter",
+        "SpellByWord"
+      ]
+    },
     "Text":{
       "type":"string",
       "max":1024,
diff --git a/contrib/python/botocore/py3/botocore/data/location/2020-11-19/service-2.json b/contrib/python/botocore/py3/botocore/data/location/2020-11-19/service-2.json
index ec03d101cd1..58af9261ee3 100644
--- a/contrib/python/botocore/py3/botocore/data/location/2020-11-19/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/location/2020-11-19/service-2.json
@@ -87,7 +87,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Evaluates device positions against the geofence geometries from a given geofence collection.</p> <p>This operation always returns an empty response because geofences are asynchronously evaluated. The evaluation determines if the device has entered or exited a geofenced area, and then publishes one of the following events to Amazon EventBridge:</p> <ul> <li> <p> <code>ENTER</code> if Amazon Location determines that the tracked device has entered a geofenced area.</p> </li> <li> <p> <code>EXIT</code> if Amazon Location determines that the tracked device has exited a geofenced area.</p> </li> </ul> <note> <p>The last geofence that a device was observed within is tracked for 30 days after the most recent device position update.</p> </note>",
+      "documentation":"<p>Evaluates device positions against the geofence geometries from a given geofence collection.</p> <p>This operation always returns an empty response because geofences are asynchronously evaluated. The evaluation determines if the device has entered or exited a geofenced area, and then publishes one of the following events to Amazon EventBridge:</p> <ul> <li> <p> <code>ENTER</code> if Amazon Location determines that the tracked device has entered a geofenced area.</p> </li> <li> <p> <code>EXIT</code> if Amazon Location determines that the tracked device has exited a geofenced area.</p> </li> </ul> <note> <p>The last geofence that a device was observed within is tracked for 30 days after the most recent device position update.</p> </note> <note> <p>Geofence evaluation uses the given device position. It does not account for the optional <code>Accuracy</code> of a <code>DevicePositionUpdate</code>.</p> </note>",
       "endpoint":{"hostPrefix":"geofencing."}
     },
     "BatchGetDevicePosition":{
@@ -144,7 +144,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Uploads position update data for one or more devices to a tracker resource. Amazon Location uses the data when it reports the last known device position and position history. Amazon Location retains location data for 30 days.</p> <note> <p>Position updates are handled based on the <code>PositionFiltering</code> property of the tracker. When <code>PositionFiltering</code> is set to <code>TimeBased</code>, updates are evaluated against linked geofence collections, and location data is stored at a maximum of one position per 30 second interval. If your update frequency is more often than every 30 seconds, only one update per 30 seconds is stored for each unique device ID. When <code>PositionFiltering</code> is set to <code>DistanceBased</code> filtering, location data is stored and evaluated against linked geofence collections only if the device has moved more than 30 m (98.4 ft).</p> </note>",
+      "documentation":"<p>Uploads position update data for one or more devices to a tracker resource. Amazon Location uses the data when it reports the last known device position and position history. Amazon Location retains location data for 30 days.</p> <note> <p>Position updates are handled based on the <code>PositionFiltering</code> property of the tracker. When <code>PositionFiltering</code> is set to <code>TimeBased</code>, updates are evaluated against linked geofence collections, and location data is stored at a maximum of one position per 30 second interval. If your update frequency is more often than every 30 seconds, only one update per 30 seconds is stored for each unique device ID.</p> <p>When <code>PositionFiltering</code> is set to <code>DistanceBased</code> filtering, location data is stored and evaluated against linked geofence collections only if the device has moved more than 30 m (98.4 ft).</p> <p>When <code>PositionFiltering</code> is set to <code>AccuracyBased</code> filtering, location data is stored and evaluated against linked geofence collections only if the device has moved more than the measured accuracy. For example, if two consecutive updates from a device have a horizontal accuracy of 5 m and 10 m, the second update is neither stored or evaluated if the device has moved less than 15 m. If <code>PositionFiltering</code> is set to <code>AccuracyBased</code> filtering, Amazon Location uses the default value <code>{ \"Horizontal\": 0}</code> when accuracy is not provided on a <code>DevicePositionUpdate</code>.</p> </note>",
       "endpoint":{"hostPrefix":"tracking."}
     },
     "CalculateRoute":{
@@ -163,7 +163,26 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html\">Calculates a route</a> given the following required parameters: <code>DeparturePostiton</code> and <code>DestinationPosition</code>. Requires that you first <a href=\"https://docs.aws.amazon.com/location-routes/latest/APIReference/API_CreateRouteCalculator.html\">create a route calculator resource</a> </p> <p>By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating the route.</p> <p>Additional options include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#departure-time\">Specifying a departure time</a> using either <code>DepartureTime</code> or <code>DepartureNow</code>. This calculates a route based on predictive traffic data at the given time. </p> <note> <p>You can't specify both <code>DepartureTime</code> and <code>DepartureNow</code> in a single request. Specifying both parameters returns an error message.</p> </note> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#travel-mode\">Specifying a travel mode</a> using TravelMode. This lets you specify an additional route preference such as <code>CarModeOptions</code> if traveling by <code>Car</code>, or <code>TruckModeOptions</code> if traveling by <code>Truck</code>.</p> </li> </ul> <p> </p>",
+      "documentation":"<p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html\">Calculates a route</a> given the following required parameters: <code>DeparturePosition</code> and <code>DestinationPosition</code>. Requires that you first <a href=\"https://docs.aws.amazon.com/location-routes/latest/APIReference/API_CreateRouteCalculator.html\">create a route calculator resource</a>.</p> <p>By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating the route.</p> <p>Additional options include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/departure-time.html\">Specifying a departure time</a> using either <code>DepartureTime</code> or <code>DepartNow</code>. This calculates a route based on predictive traffic data at the given time. </p> <note> <p>You can't specify both <code>DepartureTime</code> and <code>DepartNow</code> in a single request. Specifying both parameters returns a validation error.</p> </note> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/travel-mode.html\">Specifying a travel mode</a> using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in <code>CarModeOptions</code> if traveling by <code>Car</code>, or <code>TruckModeOptions</code> if traveling by <code>Truck</code>.</p> </li> </ul>",
+      "endpoint":{"hostPrefix":"routes."}
+    },
+    "CalculateRouteMatrix":{
+      "name":"CalculateRouteMatrix",
+      "http":{
+        "method":"POST",
+        "requestUri":"/routes/v0/calculators/{CalculatorName}/calculate/route-matrix",
+        "responseCode":200
+      },
+      "input":{"shape":"CalculateRouteMatrixRequest"},
+      "output":{"shape":"CalculateRouteMatrixResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route-matrix.html\"> Calculates a route matrix</a> given the following required parameters: <code>DeparturePositions</code> and <code>DestinationPositions</code>. <code>CalculateRouteMatrix</code> calculates routes and returns the travel time and travel distance from each departure position to each destination position in the request. For example, given departure positions A and B, and destination positions X and Y, <code>CalculateRouteMatrix</code> will return time and distance for routes from A to X, A to Y, B to X, and B to Y (in that order). The number of results returned (and routes calculated) will be the number of <code>DeparturePositions</code> times the number of <code>DestinationPositions</code>.</p> <note> <p>Your account is charged for each route calculated, not the number of requests.</p> </note> <p>Requires that you first <a href=\"https://docs.aws.amazon.com/location-routes/latest/APIReference/API_CreateRouteCalculator.html\">create a route calculator resource</a>.</p> <p>By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating routes.</p> <p>Additional options include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/departure-time.html\"> Specifying a departure time</a> using either <code>DepartureTime</code> or <code>DepartNow</code>. This calculates routes based on predictive traffic data at the given time. </p> <note> <p>You can't specify both <code>DepartureTime</code> and <code>DepartNow</code> in a single request. Specifying both parameters returns a validation error.</p> </note> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/travel-mode.html\">Specifying a travel mode</a> using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in <code>CarModeOptions</code> if traveling by <code>Car</code>, or <code>TruckModeOptions</code> if traveling by <code>Truck</code>.</p> </li> </ul>",
       "endpoint":{"hostPrefix":"routes."}
     },
     "CreateGeofenceCollection":{
@@ -202,7 +221,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Creates a map resource in your AWS account, which provides map tiles of different styles sourced from global location data providers.</p>",
+      "documentation":"<p>Creates a map resource in your AWS account, which provides map tiles of different styles sourced from global location data providers.</p> <note> <p>If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you may only use HERE as your geolocation provider. See section 82 of the <a href=\"http://aws.amazon.com/service-terms\">AWS service terms</a> for more details.</p> </note>",
       "endpoint":{"hostPrefix":"maps."},
       "idempotent":true
     },
@@ -222,7 +241,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Creates a place index resource in your AWS account, which supports functions with geospatial data sourced from your chosen data provider.</p>",
+      "documentation":"<p>Creates a place index resource in your AWS account. Use a place index resource to geocode addresses and other text queries by using the <code>SearchPlaceIndexForText</code> operation, and reverse geocode coordinates by using the <code>SearchPlaceIndexForPosition</code> operation, and enable autosuggestions by using the <code>SearchPlaceIndexForSuggestions</code> operation.</p> <note> <p>If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you may only use HERE as your geolocation provider. See section 82 of the <a href=\"http://aws.amazon.com/service-terms\">AWS service terms</a> for more details.</p> </note>",
       "endpoint":{"hostPrefix":"places."},
       "idempotent":true
     },
@@ -242,7 +261,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Creates a route calculator resource in your AWS account.</p> <p>You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.</p>",
+      "documentation":"<p>Creates a route calculator resource in your AWS account.</p> <p>You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.</p> <note> <p>If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you may only use HERE as your geolocation provider. See section 82 of the <a href=\"http://aws.amazon.com/service-terms\">AWS service terms</a> for more details.</p> </note>",
       "endpoint":{"hostPrefix":"routes."},
       "idempotent":true
     },
@@ -817,6 +836,25 @@
       "documentation":"<p>Reverse geocodes a given coordinate and returns a legible address. Allows you to search for Places or points of interest near a given position.</p>",
       "endpoint":{"hostPrefix":"places."}
     },
+    "SearchPlaceIndexForSuggestions":{
+      "name":"SearchPlaceIndexForSuggestions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/places/v0/indexes/{IndexName}/search/suggestions",
+        "responseCode":200
+      },
+      "input":{"shape":"SearchPlaceIndexForSuggestionsRequest"},
+      "output":{"shape":"SearchPlaceIndexForSuggestionsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Generates suggestions for addresses and points of interest based on partial or misspelled free-form text. This operation is also known as autocomplete, autosuggest, or fuzzy matching.</p> <p>Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.</p> <note> <p>You can search for suggested place names near a specified position by using <code>BiasPosition</code>, or filter results within a bounding box by using <code>FilterBBox</code>. These parameters are mutually exclusive; using both <code>BiasPosition</code> and <code>FilterBBox</code> in the same command returns an error.</p> </note>",
+      "endpoint":{"hostPrefix":"places."}
+    },
     "SearchPlaceIndexForText":{
       "name":"SearchPlaceIndexForText",
       "http":{
@@ -833,7 +871,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Geocodes free-form text, such as an address, name, city, or region to allow you to search for Places or points of interest. </p> <p>Includes the option to apply additional parameters to narrow your list of results.</p> <note> <p>You can search for places near a given position using <code>BiasPosition</code>, or filter results within a bounding box using <code>FilterBBox</code>. Providing both parameters simultaneously returns an error.</p> </note>",
+      "documentation":"<p>Geocodes free-form text, such as an address, name, city, or region to allow you to search for Places or points of interest. </p> <p>Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.</p> <note> <p>You can search for places near a given position using <code>BiasPosition</code>, or filter results within a bounding box using <code>FilterBBox</code>. Providing both parameters simultaneously returns an error.</p> </note> <p>Search results are returned in order of highest to lowest relevance.</p>",
       "endpoint":{"hostPrefix":"places."}
     },
     "TagResource":{
@@ -1491,6 +1529,144 @@
       },
       "documentation":"<p>Contains details about additional route preferences for requests that specify <code>TravelMode</code> as <code>Car</code>.</p>"
     },
+    "CalculateRouteMatrixRequest":{
+      "type":"structure",
+      "required":[
+        "CalculatorName",
+        "DeparturePositions",
+        "DestinationPositions"
+      ],
+      "members":{
+        "CalculatorName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The name of the route calculator resource that you want to use to calculate the route matrix. </p>",
+          "location":"uri",
+          "locationName":"CalculatorName"
+        },
+        "CarModeOptions":{
+          "shape":"CalculateRouteCarModeOptions",
+          "documentation":"<p>Specifies route preferences when traveling by <code>Car</code>, such as avoiding routes that use ferries or tolls.</p> <p>Requirements: <code>TravelMode</code> must be specified as <code>Car</code>.</p>"
+        },
+        "DepartNow":{
+          "shape":"Boolean",
+          "documentation":"<p>Sets the time of departure as the current time. Uses the current time to calculate the route matrix. You can't set both <code>DepartureTime</code> and <code>DepartNow</code>. If neither is set, the best time of day to travel with the best traffic conditions is used to calculate the route matrix.</p> <p>Default Value: <code>false</code> </p> <p>Valid Values: <code>false</code> | <code>true</code> </p>"
+        },
+        "DeparturePositions":{
+          "shape":"CalculateRouteMatrixRequestDeparturePositionsList",
+          "documentation":"<p>The list of departure (origin) positions for the route matrix. An array of points, each of which is itself a 2-value array defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>. For example, <code>[-123.115, 49.285]</code>.</p> <important> <p>Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route-matrix.html#matrix-routing-position-limits\"> Position restrictions</a> in the <i>Amazon Location Service Developer Guide</i>.</p> </important> <note> <p>For route calculators that use Esri as the data provider, if you specify a departure that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\"> moves the position to the nearest road</a>. The snapped value is available in the result in <code>SnappedDeparturePositions</code>.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
+        },
+        "DepartureTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>Specifies the desired time of departure. Uses the given time to calculate the route matrix. You can't set both <code>DepartureTime</code> and <code>DepartNow</code>. If neither is set, the best time of day to travel with the best traffic conditions is used to calculate the route matrix.</p> <note> <p>Setting a departure time in the past returns a <code>400 ValidationException</code> error.</p> </note> <ul> <li> <p>In <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>. For example, <code>2020–07-2T12:15:20.000Z+01:00</code> </p> </li> </ul>"
+        },
+        "DestinationPositions":{
+          "shape":"CalculateRouteMatrixRequestDestinationPositionsList",
+          "documentation":"<p>The list of destination positions for the route matrix. An array of points, each of which is itself a 2-value array defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>. For example, <code>[-122.339, 47.615]</code> </p> <important> <p>Depending on the data provider selected in the route calculator resource there may be additional restrictions on the inputs you can choose. See <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route-matrix.html#matrix-routing-position-limits\"> Position restrictions</a> in the <i>Amazon Location Service Developer Guide</i>.</p> </important> <note> <p>For route calculators that use Esri as the data provider, if you specify a destination that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\"> moves the position to the nearest road</a>. The snapped value is available in the result in <code>SnappedDestinationPositions</code>.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
+        },
+        "DistanceUnit":{
+          "shape":"DistanceUnit",
+          "documentation":"<p>Set the unit system to specify the distance.</p> <p>Default Value: <code>Kilometers</code> </p>"
+        },
+        "TravelMode":{
+          "shape":"TravelMode",
+          "documentation":"<p>Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility.</p> <p>The <code>TravelMode</code> you specify also determines how you specify route preferences: </p> <ul> <li> <p>If traveling by <code>Car</code> use the <code>CarModeOptions</code> parameter.</p> </li> <li> <p>If traveling by <code>Truck</code> use the <code>TruckModeOptions</code> parameter.</p> </li> </ul> <p>Default Value: <code>Car</code> </p>"
+        },
+        "TruckModeOptions":{
+          "shape":"CalculateRouteTruckModeOptions",
+          "documentation":"<p>Specifies route preferences when traveling by <code>Truck</code>, such as avoiding routes that use ferries or tolls, and truck specifications to consider when choosing an optimal road.</p> <p>Requirements: <code>TravelMode</code> must be specified as <code>Truck</code>.</p>"
+        }
+      }
+    },
+    "CalculateRouteMatrixRequestDeparturePositionsList":{
+      "type":"list",
+      "member":{"shape":"Position"},
+      "max":350,
+      "min":1
+    },
+    "CalculateRouteMatrixRequestDestinationPositionsList":{
+      "type":"list",
+      "member":{"shape":"Position"},
+      "max":350,
+      "min":1
+    },
+    "CalculateRouteMatrixResponse":{
+      "type":"structure",
+      "required":[
+        "RouteMatrix",
+        "Summary"
+      ],
+      "members":{
+        "RouteMatrix":{
+          "shape":"RouteMatrix",
+          "documentation":"<p>The calculated route matrix containing the results for all pairs of <code>DeparturePositions</code> to <code>DestinationPositions</code>. Each row corresponds to one entry in <code>DeparturePositions</code>. Each entry in the row corresponds to the route from that entry in <code>DeparturePositions</code> to an entry in <code>DestinationPositions</code>. </p>"
+        },
+        "SnappedDeparturePositions":{
+          "shape":"CalculateRouteMatrixResponseSnappedDeparturePositionsList",
+          "documentation":"<p>For routes calculated using an Esri route calculator resource, departure positions are snapped to the closest road. For Esri route calculator resources, this returns the list of departure/origin positions used for calculation of the <code>RouteMatrix</code>.</p>"
+        },
+        "SnappedDestinationPositions":{
+          "shape":"CalculateRouteMatrixResponseSnappedDestinationPositionsList",
+          "documentation":"<p>The list of destination positions for the route matrix used for calculation of the <code>RouteMatrix</code>.</p>"
+        },
+        "Summary":{
+          "shape":"CalculateRouteMatrixSummary",
+          "documentation":"<p>Contains information about the route matrix, <code>DataSource</code>, <code>DistanceUnit</code>, <code>RouteCount</code> and <code>ErrorCount</code>.</p>"
+        }
+      },
+      "documentation":"<p>Returns the result of the route matrix calculation.</p>"
+    },
+    "CalculateRouteMatrixResponseSnappedDeparturePositionsList":{
+      "type":"list",
+      "member":{"shape":"Position"},
+      "max":350,
+      "min":1
+    },
+    "CalculateRouteMatrixResponseSnappedDestinationPositionsList":{
+      "type":"list",
+      "member":{"shape":"Position"},
+      "max":350,
+      "min":1
+    },
+    "CalculateRouteMatrixSummary":{
+      "type":"structure",
+      "required":[
+        "DataSource",
+        "DistanceUnit",
+        "ErrorCount",
+        "RouteCount"
+      ],
+      "members":{
+        "DataSource":{
+          "shape":"String",
+          "documentation":"<p>The data provider of traffic and road network data used to calculate the routes. Indicates one of the available providers:</p> <ul> <li> <p> <code>Esri</code> </p> </li> <li> <p> <code>Here</code> </p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+        },
+        "DistanceUnit":{
+          "shape":"DistanceUnit",
+          "documentation":"<p>The unit of measurement for route distances.</p>"
+        },
+        "ErrorCount":{
+          "shape":"CalculateRouteMatrixSummaryErrorCountInteger",
+          "documentation":"<p>The count of error results in the route matrix. If this number is 0, all routes were calculated successfully.</p>"
+        },
+        "RouteCount":{
+          "shape":"CalculateRouteMatrixSummaryRouteCountInteger",
+          "documentation":"<p>The count of cells in the route matrix. Equal to the number of <code>DeparturePositions</code> multiplied by the number of <code>DestinationPositions</code>.</p>"
+        }
+      },
+      "documentation":"<p>A summary of the calculated route matrix.</p>"
+    },
+    "CalculateRouteMatrixSummaryErrorCountInteger":{
+      "type":"integer",
+      "box":true,
+      "max":160000,
+      "min":1
+    },
+    "CalculateRouteMatrixSummaryRouteCountInteger":{
+      "type":"integer",
+      "box":true,
+      "max":160000,
+      "min":1
+    },
     "CalculateRouteRequest":{
       "type":"structure",
       "required":[
@@ -1501,7 +1677,7 @@
       "members":{
         "CalculatorName":{
           "shape":"ResourceName",
-          "documentation":"<p>The name of the route calculator resource that you want to use to calculate a route. </p>",
+          "documentation":"<p>The name of the route calculator resource that you want to use to calculate the route. </p>",
           "location":"uri",
           "locationName":"CalculatorName"
         },
@@ -1515,15 +1691,15 @@
         },
         "DeparturePosition":{
           "shape":"Position",
-          "documentation":"<p>The start position for the route. Defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>.</p> <ul> <li> <p>For example, <code>[-123.115, 49.285]</code> </p> </li> </ul> <note> <p>If you specify a departure that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">moves the position to the nearest road</a>. If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a <code>400 RoutesValidationException</code> error.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
+          "documentation":"<p>The start position for the route. Defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>.</p> <ul> <li> <p>For example, <code>[-123.115, 49.285]</code> </p> </li> </ul> <note> <p>If you specify a departure that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">moves the position to the nearest road</a>. If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a <code>400 RoutesValidationException</code> error.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
         },
         "DepartureTime":{
           "shape":"Timestamp",
-          "documentation":"<p>Specifies the desired time of departure. Uses the given time to calculate a route. Otherwise, the best time of day to travel with the best traffic conditions is used to calculate the route.</p> <note> <p>Setting a departure time in the past returns a <code>400 ValidationException</code> error.</p> </note> <ul> <li> <p>In <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>. For example, <code>2020–07-2T12:15:20.000Z+01:00</code> </p> </li> </ul>"
+          "documentation":"<p>Specifies the desired time of departure. Uses the given time to calculate the route. Otherwise, the best time of day to travel with the best traffic conditions is used to calculate the route.</p> <note> <p>Setting a departure time in the past returns a <code>400 ValidationException</code> error.</p> </note> <ul> <li> <p>In <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>. For example, <code>2020–07-2T12:15:20.000Z+01:00</code> </p> </li> </ul>"
         },
         "DestinationPosition":{
           "shape":"Position",
-          "documentation":"<p>The finish position for the route. Defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>.</p> <ul> <li> <p> For example, <code>[-122.339, 47.615]</code> </p> </li> </ul> <note> <p>If you specify a destination that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">moves the position to the nearest road</a>. </p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
+          "documentation":"<p>The finish position for the route. Defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[longitude, latitude]</code>.</p> <ul> <li> <p> For example, <code>[-122.339, 47.615]</code> </p> </li> </ul> <note> <p>If you specify a destination that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">moves the position to the nearest road</a>. </p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
         },
         "DistanceUnit":{
           "shape":"DistanceUnit",
@@ -1535,7 +1711,7 @@
         },
         "TravelMode":{
           "shape":"TravelMode",
-          "documentation":"<p>Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility.</p> <p>The <code>TravelMode</code> you specify determines how you specify route preferences: </p> <ul> <li> <p>If traveling by <code>Car</code> use the <code>CarModeOptions</code> parameter.</p> </li> <li> <p>If traveling by <code>Truck</code> use the <code>TruckModeOptions</code> parameter.</p> </li> </ul> <p>Default Value: <code>Car</code> </p>"
+          "documentation":"<p>Specifies the mode of transport when calculating a route. Used in estimating the speed of travel and road compatibility.</p> <p>The <code>TravelMode</code> you specify also determines how you specify route preferences: </p> <ul> <li> <p>If traveling by <code>Car</code> use the <code>CarModeOptions</code> parameter.</p> </li> <li> <p>If traveling by <code>Truck</code> use the <code>TruckModeOptions</code> parameter.</p> </li> </ul> <p>Default Value: <code>Car</code> </p>"
         },
         "TruckModeOptions":{
           "shape":"CalculateRouteTruckModeOptions",
@@ -1543,7 +1719,7 @@
         },
         "WaypointPositions":{
           "shape":"CalculateRouteRequestWaypointPositionsList",
-          "documentation":"<p>Specifies an ordered list of up to 23 intermediate positions to include along a route between the departure position and destination position. </p> <ul> <li> <p>For example, from the <code>DeparturePosition</code> <code>[-123.115, 49.285]</code>, the route follows the order that the waypoint positions are given <code>[[-122.757, 49.0021],[-122.349, 47.620]]</code> </p> </li> </ul> <note> <p>If you specify a waypoint position that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">moves the position to the nearest road</a>. </p> <p>Specifying more than 23 waypoints returns a <code>400 ValidationException</code> error.</p> <p>If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a <code>400 RoutesValidationException</code> error.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
+          "documentation":"<p>Specifies an ordered list of up to 23 intermediate positions to include along a route between the departure position and destination position. </p> <ul> <li> <p>For example, from the <code>DeparturePosition</code> <code>[-123.115, 49.285]</code>, the route follows the order that the waypoint positions are given <code>[[-122.757, 49.0021],[-122.349, 47.620]]</code> </p> </li> </ul> <note> <p>If you specify a waypoint position that's not located on a road, Amazon Location <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">moves the position to the nearest road</a>. </p> <p>Specifying more than 23 waypoints returns a <code>400 ValidationException</code> error.</p> <p>If Esri is the provider for your route calculator, specifying a route that is longer than 400 km returns a <code>400 RoutesValidationException</code> error.</p> </note> <p>Valid Values: <code>[-180 to 180,-90 to 90]</code> </p>"
         }
       }
     },
@@ -1562,7 +1738,7 @@
       "members":{
         "Legs":{
           "shape":"LegList",
-          "documentation":"<p>Contains details about each path between a pair of positions included along a route such as: <code>StartPosition</code>, <code>EndPosition</code>, <code>Distance</code>, <code>DurationSeconds</code>, <code>Geometry</code>, and <code>Steps</code>. The number of legs returned corresponds to one fewer than the total number of positions in the request. </p> <p>For example, a route with a departure position and destination position returns one leg with the positions <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">snapped to a nearby road</a>:</p> <ul> <li> <p>The <code>StartPosition</code> is the departure position.</p> </li> <li> <p>The <code>EndPosition</code> is the destination position.</p> </li> </ul> <p>A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:</p> <ul> <li> <p>Leg 1: The <code>StartPosition</code> is the departure position . The <code>EndPosition</code> is the waypoint positon.</p> </li> <li> <p>Leg 2: The <code>StartPosition</code> is the waypoint position. The <code>EndPosition</code> is the destination position.</p> </li> </ul>"
+          "documentation":"<p>Contains details about each path between a pair of positions included along a route such as: <code>StartPosition</code>, <code>EndPosition</code>, <code>Distance</code>, <code>DurationSeconds</code>, <code>Geometry</code>, and <code>Steps</code>. The number of legs returned corresponds to one fewer than the total number of positions in the request. </p> <p>For example, a route with a departure position and destination position returns one leg with the positions <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">snapped to a nearby road</a>:</p> <ul> <li> <p>The <code>StartPosition</code> is the departure position.</p> </li> <li> <p>The <code>EndPosition</code> is the destination position.</p> </li> </ul> <p>A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:</p> <ul> <li> <p>Leg 1: The <code>StartPosition</code> is the departure position . The <code>EndPosition</code> is the waypoint positon.</p> </li> <li> <p>Leg 2: The <code>StartPosition</code> is the waypoint position. The <code>EndPosition</code> is the destination position.</p> </li> </ul>"
         },
         "Summary":{
           "shape":"CalculateRouteSummary",
@@ -1591,7 +1767,7 @@
         },
         "DistanceUnit":{
           "shape":"DistanceUnit",
-          "documentation":"<p>The unit of measurement for the distance.</p>"
+          "documentation":"<p>The unit of measurement for route distances.</p>"
         },
         "DurationSeconds":{
           "shape":"CalculateRouteSummaryDurationSecondsDouble",
@@ -1664,10 +1840,7 @@
     },
     "CreateGeofenceCollectionRequest":{
       "type":"structure",
-      "required":[
-        "CollectionName",
-        "PricingPlan"
-      ],
+      "required":["CollectionName"],
       "members":{
         "CollectionName":{
           "shape":"ResourceName",
@@ -1683,15 +1856,19 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Specifies the pricing plan for the geofence collection.</p> <p>For additional details and restrictions on each pricing plan option, see the <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing page</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>Specifies the data provider for the geofence collection.</p> <ul> <li> <p>Required value for the following pricing plans: <code>MobileAssetTracking </code>| <code>MobileAssetManagement</code> </p> </li> </ul> <p>For more information about <a href=\"https://aws.amazon.com/location/data-providers/\">Data Providers</a>, and <a href=\"https://aws.amazon.com/location/pricing/\">Pricing plans</a>, see the Amazon Location Service product page.</p> <note> <p>Amazon Location Service only uses <code>PricingPlanDataSource</code> to calculate billing for your geofence collection. Your data won't be shared with the data provider, and will remain in your AWS account or Region unless you move it.</p> </note> <p>Valid Values: <code>Esri </code>| <code>Here</code> </p>"
+          "documentation":"<p>This parameter is no longer used.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. No longer allowed."
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         }
       }
     },
@@ -1721,8 +1898,7 @@
       "type":"structure",
       "required":[
         "Configuration",
-        "MapName",
-        "PricingPlan"
+        "MapName"
       ],
       "members":{
         "Configuration":{
@@ -1739,11 +1915,13 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Specifies the pricing plan for your map resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Applies one or more tags to the map resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to the map resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         }
       }
     },
@@ -1773,13 +1951,12 @@
       "type":"structure",
       "required":[
         "DataSource",
-        "IndexName",
-        "PricingPlan"
+        "IndexName"
       ],
       "members":{
         "DataSource":{
           "shape":"String",
-          "documentation":"<p>Specifies the data provider of geospatial data.</p> <note> <p>This field is case-sensitive. Enter the valid values as shown. For example, entering <code>HERE</code> returns an error.</p> </note> <p>Valid values include:</p> <ul> <li> <p> <code>Esri</code> – For additional information about <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/esri.html\">Esri</a>'s coverage in your region of interest, see <a href=\"https://developers.arcgis.com/rest/geocode/api-reference/geocode-coverage.htm\">Esri details on geocoding coverage</a>.</p> </li> <li> <p> <code>Here</code> – For additional information about <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/HERE.html\">HERE Technologies</a>' coverage in your region of interest, see <a href=\"https://developer.here.com/documentation/geocoder/dev_guide/topics/coverage-geocoder.html\">HERE details on goecoding coverage</a>.</p> <important> <p>Place index resources using HERE Technologies as a data provider can't <a href=\"https://docs.aws.amazon.com/location-places/latest/APIReference/API_DataSourceConfiguration.html\">store results</a> for locations in Japan. For more information, see the <a href=\"https://aws.amazon.com/service-terms/\">AWS Service Terms</a> for Amazon Location Service.</p> </important> </li> </ul> <p>For additional information , see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Data providers</a> on the <i>Amazon Location Service Developer Guide</i>.</p>"
+          "documentation":"<p>Specifies the geospatial data provider for the new place index.</p> <note> <p>This field is case-sensitive. Enter the valid values as shown. For example, entering <code>HERE</code> returns an error.</p> </note> <p>Valid values include:</p> <ul> <li> <p> <code>Esri</code> – For additional information about <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/esri.html\">Esri</a>'s coverage in your region of interest, see <a href=\"https://developers.arcgis.com/rest/geocode/api-reference/geocode-coverage.htm\">Esri details on geocoding coverage</a>.</p> </li> <li> <p> <code>Here</code> – For additional information about <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/HERE.html\">HERE Technologies</a>' coverage in your region of interest, see <a href=\"https://developer.here.com/documentation/geocoder/dev_guide/topics/coverage-geocoder.html\">HERE details on goecoding coverage</a>.</p> <important> <p>If you specify HERE Technologies (<code>Here</code>) as the data provider, you may not <a href=\"https://docs.aws.amazon.com/location-places/latest/APIReference/API_DataSourceConfiguration.html\">store results</a> for locations in Japan. For more information, see the <a href=\"https://aws.amazon.com/service-terms/\">AWS Service Terms</a> for Amazon Location Service.</p> </important> </li> </ul> <p>For additional information , see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Data providers</a> on the <i>Amazon Location Service Developer Guide</i>.</p>"
         },
         "DataSourceConfiguration":{
           "shape":"DataSourceConfiguration",
@@ -1795,11 +1972,13 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Specifies the pricing plan for your place index resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Applies one or more tags to the place index resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to the place index resource. A tag is a key-value pair that helps you manage, identify, search, and filter your resources.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource.</p> </li> <li> <p>Each tag key must be unique and must have exactly one associated value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8.</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8.</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @</p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         }
       }
     },
@@ -1829,8 +2008,7 @@
       "type":"structure",
       "required":[
         "CalculatorName",
-        "DataSource",
-        "PricingPlan"
+        "DataSource"
       ],
       "members":{
         "CalculatorName":{
@@ -1847,11 +2025,13 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Specifies the pricing plan for your route calculator resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Applies one or more tags to the route calculator resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <ul> <li> <p>For example: { <code>\"tag1\" : \"value1\"</code>, <code>\"tag2\" : \"value2\"</code>}</p> </li> </ul> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to the route calculator resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <ul> <li> <p>For example: { <code>\"tag1\" : \"value1\"</code>, <code>\"tag2\" : \"value2\"</code>}</p> </li> </ul> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         }
       }
     },
@@ -1879,10 +2059,7 @@
     },
     "CreateTrackerRequest":{
       "type":"structure",
-      "required":[
-        "PricingPlan",
-        "TrackerName"
-      ],
+      "required":["TrackerName"],
       "members":{
         "Description":{
           "shape":"ResourceDescription",
@@ -1894,19 +2071,23 @@
         },
         "PositionFiltering":{
           "shape":"PositionFiltering",
-          "documentation":"<p>Specifies the position filtering for the tracker resource.</p> <p>Valid values:</p> <ul> <li> <p> <code>TimeBased</code> - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID. </p> </li> <li> <p> <code>DistanceBased</code> - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and device positions to retrieve. Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map. </p> </li> </ul> <p>This field is optional. If not specified, the default value is <code>TimeBased</code>.</p>"
+          "documentation":"<p>Specifies the position filtering for the tracker resource.</p> <p>Valid values:</p> <ul> <li> <p> <code>TimeBased</code> - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID. </p> </li> <li> <p> <code>DistanceBased</code> - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this area are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and historical device positions to paginate through. Distance-based filtering can also reduce the effects of GPS noise when displaying device trajectories on a map. </p> </li> <li> <p> <code>AccuracyBased</code> - If the device has moved less than the measured accuracy, location updates are ignored. For example, if two consecutive updates from a device have a horizontal accuracy of 5 m and 10 m, the second update is ignored if the device has moved less than 15 m. Ignored location updates are neither evaluated against linked geofence collections, nor stored. This can reduce the effects of GPS noise when displaying device trajectories on a map, and can help control your costs by reducing the number of geofence evaluations. </p> </li> </ul> <p>This field is optional. If not specified, the default value is <code>TimeBased</code>.</p>"
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Specifies the pricing plan for the tracker resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>Specifies the data provider for the tracker resource.</p> <ul> <li> <p>Required value for the following pricing plans: <code>MobileAssetTracking </code>| <code>MobileAssetManagement</code> </p> </li> </ul> <p>For more information about <a href=\"https://aws.amazon.com/location/data-providers/\">Data Providers</a>, and <a href=\"https://aws.amazon.com/location/pricing/\">Pricing plans</a>, see the Amazon Location Service product page.</p> <note> <p>Amazon Location Service only uses <code>PricingPlanDataSource</code> to calculate billing for your tracker resource. Your data will not be shared with the data provider, and will remain in your AWS account or Region unless you move it.</p> </note> <p>Valid values: <code>Esri</code> | <code>Here</code> </p>"
+          "documentation":"<p>This parameter is no longer used.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. No longer allowed."
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Applies one or more tags to the tracker resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to the tracker resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource</p> </li> <li> <p>Each resource tag must be unique with a maximum of one value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @. </p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         },
         "TrackerName":{
           "shape":"ResourceName",
@@ -2050,7 +2231,6 @@
         "CollectionName",
         "CreateTime",
         "Description",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -2076,11 +2256,15 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan selected for the specified geofence collection.</p> <p>For additional details and restrictions on each pricing plan option, see the <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing page</a>.</p>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>The specified data provider for the geofence collection.</p>"
+          "documentation":"<p>No longer used. Always returns an empty string.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Unused."
         },
         "Tags":{
           "shape":"TagMap",
@@ -2113,7 +2297,6 @@
         "Description",
         "MapArn",
         "MapName",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -2143,7 +2326,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan selected for the specified map resource.</p> <pre><code> &lt;p&gt;For additional details and restrictions on each pricing plan option, see &lt;a href=&quot;https://aws.amazon.com/location/pricing/&quot;&gt;Amazon Location Service pricing&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
@@ -2176,7 +2361,6 @@
         "Description",
         "IndexArn",
         "IndexName",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -2186,7 +2370,7 @@
         },
         "DataSource":{
           "shape":"String",
-          "documentation":"<p>The data provider of geospatial data. Indicates one of the available providers:</p> <ul> <li> <p> <code>Esri</code> </p> </li> <li> <p> <code>Here</code> </p> </li> </ul> <p>For additional details on data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+          "documentation":"<p>The data provider of geospatial data. Values can be one of the following:</p> <ul> <li> <p> <code>Esri</code> </p> </li> <li> <p> <code>Here</code> </p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
         },
         "DataSourceConfiguration":{
           "shape":"DataSourceConfiguration",
@@ -2206,7 +2390,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan selected for the specified place index resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
@@ -2238,7 +2424,6 @@
         "CreateTime",
         "DataSource",
         "Description",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -2264,7 +2449,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan selected for the specified route calculator resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "Tags":{
           "shape":"TagMap",
@@ -2293,7 +2480,6 @@
       "required":[
         "CreateTime",
         "Description",
-        "PricingPlan",
         "TrackerArn",
         "TrackerName",
         "UpdateTime"
@@ -2317,11 +2503,15 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan selected for the specified tracker resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>The specified data provider for the tracker resource.</p>"
+          "documentation":"<p>No longer used. Always returns an empty string.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Unused."
         },
         "Tags":{
           "shape":"TagMap",
@@ -2349,6 +2539,10 @@
         "SampleTime"
       ],
       "members":{
+        "Accuracy":{
+          "shape":"PositionalAccuracy",
+          "documentation":"<p>The accuracy of the device position.</p>"
+        },
         "DeviceId":{
           "shape":"Id",
           "documentation":"<p>The device whose position you retrieved.</p>"
@@ -2357,6 +2551,10 @@
           "shape":"Position",
           "documentation":"<p>The last known device position.</p>"
         },
+        "PositionProperties":{
+          "shape":"PropertyMap",
+          "documentation":"<p>The properties associated with the position.</p>"
+        },
         "ReceivedTime":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp for when the tracker resource received the device position in <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\"> ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>. </p>"
@@ -2380,6 +2578,10 @@
         "SampleTime"
       ],
       "members":{
+        "Accuracy":{
+          "shape":"PositionalAccuracy",
+          "documentation":"<p>The accuracy of the device position.</p>"
+        },
         "DeviceId":{
           "shape":"Id",
           "documentation":"<p>The device associated to the position update.</p>"
@@ -2388,6 +2590,10 @@
           "shape":"Position",
           "documentation":"<p>The latest device position defined in <a href=\"https://earth-info.nga.mil/GandG/wgs84/index.html\">WGS 84</a> format: <code>[X or longitude, Y or latitude]</code>.</p>"
         },
+        "PositionProperties":{
+          "shape":"PropertyMap",
+          "documentation":"<p>Associates one of more properties with the position update. A property is a key-value pair stored with the position update and added to any geofence event the update may trigger.</p> <p>Format: <code>\"key\" : \"value\"</code> </p>"
+        },
         "SampleTime":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp at which the device's position was determined. Uses <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\">ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code> </p>"
@@ -2525,6 +2731,10 @@
         "SampleTime"
       ],
       "members":{
+        "Accuracy":{
+          "shape":"PositionalAccuracy",
+          "documentation":"<p>The accuracy of the device position.</p>"
+        },
         "DeviceId":{
           "shape":"Id",
           "documentation":"<p>The device whose position you retrieved.</p>"
@@ -2533,6 +2743,10 @@
           "shape":"Position",
           "documentation":"<p>The last known device position.</p>"
         },
+        "PositionProperties":{
+          "shape":"PropertyMap",
+          "documentation":"<p>The properties associated with the position.</p>"
+        },
         "ReceivedTime":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp for when the tracker resource received the device position in <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\"> ISO 8601 </a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>. </p>"
@@ -2782,6 +2996,10 @@
       "min":1,
       "pattern":"^[-._\\p{L}\\p{N}]+$"
     },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
     "IntendedUse":{
       "type":"string",
       "enum":[
@@ -2809,6 +3027,11 @@
       "max":2048,
       "min":1
     },
+    "LanguageTag":{
+      "type":"string",
+      "max":35,
+      "min":2
+    },
     "Leg":{
       "type":"structure",
       "required":[
@@ -2829,7 +3052,7 @@
         },
         "EndPosition":{
           "shape":"Position",
-          "documentation":"<p>The terminating position of the leg. Follows the format <code>[longitude,latitude]</code>.</p> <note> <p>If the <code>EndPosition</code> isn't located on a road, it's <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">snapped to a nearby road</a>. </p> </note>"
+          "documentation":"<p>The terminating position of the leg. Follows the format <code>[longitude,latitude]</code>.</p> <note> <p>If the <code>EndPosition</code> isn't located on a road, it's <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/nap-to-nearby-road.html\">snapped to a nearby road</a>. </p> </note>"
         },
         "Geometry":{
           "shape":"LegGeometry",
@@ -2837,14 +3060,14 @@
         },
         "StartPosition":{
           "shape":"Position",
-          "documentation":"<p>The starting position of the leg. Follows the format <code>[longitude,latitude]</code>.</p> <note> <p>If the <code>StartPosition</code> isn't located on a road, it's <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">snapped to a nearby road</a>. </p> </note>"
+          "documentation":"<p>The starting position of the leg. Follows the format <code>[longitude,latitude]</code>.</p> <note> <p>If the <code>StartPosition</code> isn't located on a road, it's <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">snapped to a nearby road</a>. </p> </note>"
         },
         "Steps":{
           "shape":"StepList",
           "documentation":"<p>Contains a list of steps, which represent subsections of a leg. Each step provides instructions for how to move to the next step in the leg such as the step's start position, end position, travel distance, travel duration, and geometry offset.</p>"
         }
       },
-      "documentation":"<p>Contains the calculated route's details for each path between a pair of positions. The number of legs returned corresponds to one fewer than the total number of positions in the request. </p> <p>For example, a route with a departure position and destination position returns one leg with the positions <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/calculate-route.html#snap-to-nearby-road\">snapped to a nearby road</a>:</p> <ul> <li> <p>The <code>StartPosition</code> is the departure position.</p> </li> <li> <p>The <code>EndPosition</code> is the destination position.</p> </li> </ul> <p>A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:</p> <ul> <li> <p>Leg 1: The <code>StartPosition</code> is the departure position . The <code>EndPosition</code> is the waypoint positon.</p> </li> <li> <p>Leg 2: The <code>StartPosition</code> is the waypoint position. The <code>EndPosition</code> is the destination position.</p> </li> </ul>"
+      "documentation":"<p>Contains the calculated route's details for each path between a pair of positions. The number of legs returned corresponds to one fewer than the total number of positions in the request. </p> <p>For example, a route with a departure position and destination position returns one leg with the positions <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/snap-to-nearby-road.html\">snapped to a nearby road</a>:</p> <ul> <li> <p>The <code>StartPosition</code> is the departure position.</p> </li> <li> <p>The <code>EndPosition</code> is the destination position.</p> </li> </ul> <p>A route with a waypoint between the departure and destination position returns two legs with the positions snapped to a nearby road:</p> <ul> <li> <p>Leg 1: The <code>StartPosition</code> is the departure position . The <code>EndPosition</code> is the waypoint positon.</p> </li> <li> <p>Leg 2: The <code>StartPosition</code> is the waypoint position. The <code>EndPosition</code> is the destination position.</p> </li> </ul>"
     },
     "LegDistanceDouble":{
       "type":"double",
@@ -2933,6 +3156,10 @@
         "SampleTime"
       ],
       "members":{
+        "Accuracy":{
+          "shape":"PositionalAccuracy",
+          "documentation":"<p>The accuracy of the device position.</p>"
+        },
         "DeviceId":{
           "shape":"Id",
           "documentation":"<p>The ID of the device for this position.</p>"
@@ -2941,6 +3168,10 @@
           "shape":"Position",
           "documentation":"<p>The last known device position. Empty if no positions currently stored.</p>"
         },
+        "PositionProperties":{
+          "shape":"PropertyMap",
+          "documentation":"<p>The properties associated with the position.</p>"
+        },
         "SampleTime":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp at which the device position was determined. Uses <a href=\"https://www.iso.org/iso-8601-date-and-time-format.html\"> ISO 8601</a> format: <code>YYYY-MM-DDThh:mm:ss.sssZ</code>.</p>"
@@ -2991,7 +3222,6 @@
         "CollectionName",
         "CreateTime",
         "Description",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -3009,11 +3239,15 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan for the specified geofence collection.</p> <p>For additional details and restrictions on each pricing plan option, see the <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing page</a>.</p>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>The specified data provider for the geofence collection.</p>"
+          "documentation":"<p>No longer used. Always returns an empty string.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Unused."
         },
         "UpdateTime":{
           "shape":"Timestamp",
@@ -3133,7 +3367,6 @@
         "DataSource",
         "Description",
         "MapName",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -3155,7 +3388,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan for the specified map resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "UpdateTime":{
           "shape":"Timestamp",
@@ -3197,7 +3432,7 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>A pagination token indicating there are additional pages available. You can use the token in a following request to fetch the next set of results.</p>"
+          "documentation":"<p>A pagination token indicating that there are additional pages available. You can use the token in a new request to fetch the next page of results.</p>"
         }
       }
     },
@@ -3208,7 +3443,6 @@
         "DataSource",
         "Description",
         "IndexName",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -3218,7 +3452,7 @@
         },
         "DataSource":{
           "shape":"String",
-          "documentation":"<p>The data provider of geospatial data. Indicates one of the available providers:</p> <ul> <li> <p> <code>Esri</code> </p> </li> <li> <p> <code>Here</code> </p> </li> </ul> <p>For additional details on data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+          "documentation":"<p>The data provider of geospatial data. Values can be one of the following:</p> <ul> <li> <p> <code>Esri</code> </p> </li> <li> <p> <code>Here</code> </p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
         },
         "Description":{
           "shape":"ResourceDescription",
@@ -3230,7 +3464,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan for the specified place index resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "UpdateTime":{
           "shape":"Timestamp",
@@ -3283,7 +3519,6 @@
         "CreateTime",
         "DataSource",
         "Description",
-        "PricingPlan",
         "UpdateTime"
       ],
       "members":{
@@ -3305,7 +3540,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan for the specified route calculator resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "UpdateTime":{
           "shape":"Timestamp",
@@ -3417,7 +3654,6 @@
       "required":[
         "CreateTime",
         "Description",
-        "PricingPlan",
         "TrackerName",
         "UpdateTime"
       ],
@@ -3432,11 +3668,15 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>The pricing plan for the specified tracker resource.</p> <p>For additional details and restrictions on each pricing plan option, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>Always returns <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Always returns RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>The specified data provider for the tracker resource.</p>"
+          "documentation":"<p>No longer used. Always returns an empty string.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. Unused."
         },
         "TrackerName":{
           "shape":"ResourceName",
@@ -3483,6 +3723,10 @@
           "documentation":"<p>A country/region specified using <a href=\"https://www.iso.org/iso-3166-country-codes.html\">ISO 3166</a> 3-digit country/region code. For example, <code>CAN</code>.</p>"
         },
         "Geometry":{"shape":"PlaceGeometry"},
+        "Interpolated":{
+          "shape":"Boolean",
+          "documentation":"<p> <code>True</code> if the result is interpolated from other known places.</p> <p> <code>False</code> if the Place is a known place.</p> <p>Not returned when the partner does not provide the information.</p> <p>For example, returns <code>False</code> for an address location that is found in the partner data, but returns <code>True</code> if an address does not exist in the partner data and its location is calculated by interpolating between other known addresses. </p>"
+        },
         "Label":{
           "shape":"String",
           "documentation":"<p>The full name and address of the point of interest such as a city, region, or country. For example, <code>123 Any Street, Any Town, USA</code>.</p>"
@@ -3509,7 +3753,11 @@
         },
         "SubRegion":{
           "shape":"String",
-          "documentation":"<p>A country, or an area that's part of a larger region . For example, <code>Metro Vancouver</code>.</p>"
+          "documentation":"<p>A country, or an area that's part of a larger region. For example, <code>Metro Vancouver</code>.</p>"
+        },
+        "TimeZone":{
+          "shape":"TimeZone",
+          "documentation":"<p>The time zone in which the <code>Place</code> is located. Returned only when using Here as the selected partner.</p>"
         }
       },
       "documentation":"<p>Contains details about addresses or points of interest that match the search criteria.</p>"
@@ -3540,9 +3788,27 @@
       "type":"string",
       "enum":[
         "TimeBased",
-        "DistanceBased"
+        "DistanceBased",
+        "AccuracyBased"
       ]
     },
+    "PositionalAccuracy":{
+      "type":"structure",
+      "required":["Horizontal"],
+      "members":{
+        "Horizontal":{
+          "shape":"PositionalAccuracyHorizontalDouble",
+          "documentation":"<p>Estimated maximum distance, in meters, between the measured position and the true position of a device, along the Earth's surface.</p>"
+        }
+      },
+      "documentation":"<p>Defines the level of certainty of the position.</p>"
+    },
+    "PositionalAccuracyHorizontalDouble":{
+      "type":"double",
+      "box":true,
+      "max":10000,
+      "min":0
+    },
     "PricingPlan":{
       "type":"string",
       "enum":[
@@ -3551,6 +3817,24 @@
         "MobileAssetManagement"
       ]
     },
+    "PropertyMap":{
+      "type":"map",
+      "key":{"shape":"PropertyMapKeyString"},
+      "value":{"shape":"PropertyMapValueString"},
+      "max":3,
+      "min":0,
+      "sensitive":true
+    },
+    "PropertyMapKeyString":{
+      "type":"string",
+      "max":20,
+      "min":1
+    },
+    "PropertyMapValueString":{
+      "type":"string",
+      "max":40,
+      "min":1
+    },
     "PutGeofenceRequest":{
       "type":"structure",
       "required":[
@@ -3626,36 +3910,144 @@
       },
       "exception":true
     },
+    "RouteMatrix":{
+      "type":"list",
+      "member":{"shape":"RouteMatrixRow"}
+    },
+    "RouteMatrixEntry":{
+      "type":"structure",
+      "members":{
+        "Distance":{
+          "shape":"RouteMatrixEntryDistanceDouble",
+          "documentation":"<p>The total distance of travel for the route.</p>"
+        },
+        "DurationSeconds":{
+          "shape":"RouteMatrixEntryDurationSecondsDouble",
+          "documentation":"<p>The expected duration of travel for the route.</p>"
+        },
+        "Error":{
+          "shape":"RouteMatrixEntryError",
+          "documentation":"<p>An error corresponding to the calculation of a route between the <code>DeparturePosition</code> and <code>DestinationPosition</code>.</p>"
+        }
+      },
+      "documentation":"<p>The result for one <code>SnappedDeparturePosition</code> <code>SnappedDestinationPosition</code> pair.</p>"
+    },
+    "RouteMatrixEntryDistanceDouble":{
+      "type":"double",
+      "box":true,
+      "min":0
+    },
+    "RouteMatrixEntryDurationSecondsDouble":{
+      "type":"double",
+      "box":true,
+      "min":0
+    },
+    "RouteMatrixEntryError":{
+      "type":"structure",
+      "required":["Code"],
+      "members":{
+        "Code":{
+          "shape":"RouteMatrixErrorCode",
+          "documentation":"<p>The type of error which occurred for the route calculation.</p>"
+        },
+        "Message":{
+          "shape":"String",
+          "documentation":"<p>A message about the error that occurred for the route calculation.</p>"
+        }
+      },
+      "documentation":"<p>An error corresponding to the calculation of a route between the <code>DeparturePosition</code> and <code>DestinationPosition</code>.</p> <p>The error code can be one of the following:</p> <ul> <li> <p> <code>RouteNotFound</code> - Unable to find a valid route with the given parameters.</p> </li> </ul> <ul> <li> <p> <code>RouteTooLong</code> - Route calculation went beyond the maximum size of a route and was terminated before completion.</p> </li> </ul> <ul> <li> <p> <code>PositionsNotFound</code> - One or more of the input positions were not found on the route network.</p> </li> </ul> <ul> <li> <p> <code>DestinationPositionNotFound</code> - The destination position was not found on the route network.</p> </li> </ul> <ul> <li> <p> <code>DeparturePositionNotFound</code> - The departure position was not found on the route network.</p> </li> </ul> <ul> <li> <p> <code>OtherValidationError</code> - The given inputs were not valid or a route was not found. More information is given in the error <code>Message</code> </p> </li> </ul>"
+    },
+    "RouteMatrixErrorCode":{
+      "type":"string",
+      "enum":[
+        "RouteNotFound",
+        "RouteTooLong",
+        "PositionsNotFound",
+        "DestinationPositionNotFound",
+        "DeparturePositionNotFound",
+        "OtherValidationError"
+      ]
+    },
+    "RouteMatrixRow":{
+      "type":"list",
+      "member":{"shape":"RouteMatrixEntry"}
+    },
     "SearchForPositionResult":{
       "type":"structure",
-      "required":["Place"],
+      "required":[
+        "Distance",
+        "Place"
+      ],
       "members":{
+        "Distance":{
+          "shape":"SearchForPositionResultDistanceDouble",
+          "documentation":"<p>The distance in meters of a great-circle arc between the query position and the result.</p> <note> <p>A great-circle arc is the shortest path on a sphere, in this case the Earth. This returns the shortest distance between two locations.</p> </note>"
+        },
         "Place":{
           "shape":"Place",
-          "documentation":"<p>Contains details about the relevant point of interest.</p>"
+          "documentation":"<p>Details about the search result, such as its address and position.</p>"
         }
       },
-      "documentation":"<p>Specifies a single point of interest, or Place as a result of a search query obtained from a dataset configured in the place index resource.</p>"
+      "documentation":"<p>Contains a search result from a position search query that is run on a place index resource.</p>"
+    },
+    "SearchForPositionResultDistanceDouble":{
+      "type":"double",
+      "box":true,
+      "min":0
     },
     "SearchForPositionResultList":{
       "type":"list",
       "member":{"shape":"SearchForPositionResult"}
     },
+    "SearchForSuggestionsResult":{
+      "type":"structure",
+      "required":["Text"],
+      "members":{
+        "Text":{
+          "shape":"String",
+          "documentation":"<p>The text of the place suggestion, typically formatted as an address string.</p>"
+        }
+      },
+      "documentation":"<p>Contains a place suggestion resulting from a place suggestion query that is run on a place index resource.</p>"
+    },
+    "SearchForSuggestionsResultList":{
+      "type":"list",
+      "member":{"shape":"SearchForSuggestionsResult"}
+    },
     "SearchForTextResult":{
       "type":"structure",
       "required":["Place"],
       "members":{
+        "Distance":{
+          "shape":"SearchForTextResultDistanceDouble",
+          "documentation":"<p>The distance in meters of a great-circle arc between the bias position specified and the result. <code>Distance</code> will be returned only if a bias position was specified in the query.</p> <note> <p>A great-circle arc is the shortest path on a sphere, in this case the Earth. This returns the shortest distance between two locations.</p> </note>"
+        },
         "Place":{
           "shape":"Place",
-          "documentation":"<p>Contains details about the relevant point of interest.</p>"
+          "documentation":"<p>Details about the search result, such as its address and position.</p>"
+        },
+        "Relevance":{
+          "shape":"SearchForTextResultRelevanceDouble",
+          "documentation":"<p>The relative confidence in the match for a result among the results returned. For example, if more fields for an address match (including house number, street, city, country/region, and postal code), the relevance score is closer to 1.</p> <p>Returned only when the partner selected is Esri.</p>"
         }
       },
-      "documentation":"<p>Contains relevant Places returned by calling <code>SearchPlaceIndexForText</code>.</p>"
+      "documentation":"<p>Contains a search result from a text search query that is run on a place index resource.</p>"
+    },
+    "SearchForTextResultDistanceDouble":{
+      "type":"double",
+      "box":true,
+      "min":0
     },
     "SearchForTextResultList":{
       "type":"list",
       "member":{"shape":"SearchForTextResult"}
     },
+    "SearchForTextResultRelevanceDouble":{
+      "type":"double",
+      "box":true,
+      "max":1,
+      "min":0
+    },
     "SearchPlaceIndexForPositionRequest":{
       "type":"structure",
       "required":[
@@ -3669,13 +4061,17 @@
           "location":"uri",
           "locationName":"IndexName"
         },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. The value must be a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p> <p>This setting affects the languages used in the results. It does not change which results are returned. If the language is not specified, or not supported for a particular result, the partner automatically chooses a language for the result.</p>"
+        },
         "MaxResults":{
           "shape":"PlaceIndexSearchResultLimit",
-          "documentation":"<p>An optional paramer. The maximum number of results returned per request. </p> <p>Default value: <code>50</code> </p>"
+          "documentation":"<p>An optional parameter. The maximum number of results returned per request.</p> <p>Default value: <code>50</code> </p>"
         },
         "Position":{
           "shape":"Position",
-          "documentation":"<p>Specifies a coordinate for the query defined by a longitude, and latitude.</p> <ul> <li> <p>The first position is the X coordinate, or longitude.</p> </li> <li> <p>The second position is the Y coordinate, or latitude. </p> </li> </ul> <p>For example, <code>position=xLongitude&amp;position=yLatitude</code> .</p>"
+          "documentation":"<p>Specifies the longitude and latitude of the position to query.</p> <p> This parameter must contain a pair of numbers. The first number represents the X coordinate, or longitude; the second number represents the Y coordinate, or latitude.</p> <p>For example, <code>[-123.1174, 49.2847]</code> represents a position with longitude <code>-123.1174</code> and latitude <code>49.2847</code>.</p>"
         }
       }
     },
@@ -3692,7 +4088,7 @@
         },
         "Summary":{
           "shape":"SearchPlaceIndexForPositionSummary",
-          "documentation":"<p>Contains a summary of the request.</p>"
+          "documentation":"<p>Contains a summary of the request. Echoes the input values for <code>Position</code>, <code>Language</code>, <code>MaxResults</code>, and the <code>DataSource</code> of the place index. </p>"
         }
       }
     },
@@ -3705,18 +4101,122 @@
       "members":{
         "DataSource":{
           "shape":"String",
-          "documentation":"<p>The data provider of geospatial data. Indicates one of the available providers:</p> <ul> <li> <p>Esri</p> </li> <li> <p>HERE</p> </li> </ul> <p>For additional details on data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+          "documentation":"<p>The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:</p> <ul> <li> <p>Esri</p> </li> <li> <p>Here</p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+        },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. Matches the language in the request. The value is a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p>"
         },
         "MaxResults":{
           "shape":"PlaceIndexSearchResultLimit",
-          "documentation":"<p>An optional parameter. The maximum number of results returned per request. </p> <p>Default value: <code>50</code> </p>"
+          "documentation":"<p>Contains the optional result count limit that is specified in the request.</p> <p>Default value: <code>50</code> </p>"
         },
         "Position":{
           "shape":"Position",
-          "documentation":"<p>The position given in the reverse geocoding request.</p>"
+          "documentation":"<p>The position specified in the request.</p>"
         }
       },
-      "documentation":"<p>A summary of the reverse geocoding request sent using <code>SearchPlaceIndexForPosition</code>.</p>"
+      "documentation":"<p>A summary of the request sent by using <code>SearchPlaceIndexForPosition</code>.</p>"
+    },
+    "SearchPlaceIndexForSuggestionsRequest":{
+      "type":"structure",
+      "required":[
+        "IndexName",
+        "Text"
+      ],
+      "members":{
+        "BiasPosition":{
+          "shape":"Position",
+          "documentation":"<p>An optional parameter that indicates a preference for place suggestions that are closer to a specified position.</p> <p> If provided, this parameter must contain a pair of numbers. The first number represents the X coordinate, or longitude; the second number represents the Y coordinate, or latitude.</p> <p>For example, <code>[-123.1174, 49.2847]</code> represents the position with longitude <code>-123.1174</code> and latitude <code>49.2847</code>.</p> <note> <p> <code>BiasPosition</code> and <code>FilterBBox</code> are mutually exclusive. Specifying both options results in an error. </p> </note>"
+        },
+        "FilterBBox":{
+          "shape":"BoundingBox",
+          "documentation":"<p>An optional parameter that limits the search results by returning only suggestions within a specified bounding box.</p> <p> If provided, this parameter must contain a total of four consecutive numbers in two pairs. The first pair of numbers represents the X and Y coordinates (longitude and latitude, respectively) of the southwest corner of the bounding box; the second pair of numbers represents the X and Y coordinates (longitude and latitude, respectively) of the northeast corner of the bounding box.</p> <p>For example, <code>[-12.7935, -37.4835, -12.0684, -36.9542]</code> represents a bounding box where the southwest corner has longitude <code>-12.7935</code> and latitude <code>-37.4835</code>, and the northeast corner has longitude <code>-12.0684</code> and latitude <code>-36.9542</code>.</p> <note> <p> <code>FilterBBox</code> and <code>BiasPosition</code> are mutually exclusive. Specifying both options results in an error. </p> </note>"
+        },
+        "FilterCountries":{
+          "shape":"CountryCodeList",
+          "documentation":"<p>An optional parameter that limits the search results by returning only suggestions within the provided list of countries.</p> <ul> <li> <p>Use the <a href=\"https://www.iso.org/iso-3166-country-codes.html\">ISO 3166</a> 3-digit country code. For example, Australia uses three upper-case characters: <code>AUS</code>.</p> </li> </ul>"
+        },
+        "IndexName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The name of the place index resource you want to use for the search.</p>",
+          "location":"uri",
+          "locationName":"IndexName"
+        },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. The value must be a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p> <p>This setting affects the languages used in the results. It does not change which results are returned. If the language is not specified, or not supported for a particular result, the partner automatically chooses a language for the result.</p> <p>Used only when the partner selected is Here.</p>"
+        },
+        "MaxResults":{
+          "shape":"SearchPlaceIndexForSuggestionsRequestMaxResultsInteger",
+          "documentation":"<p>An optional parameter. The maximum number of results returned per request. </p> <p>The default: <code>5</code> </p>"
+        },
+        "Text":{
+          "shape":"SyntheticSearchPlaceIndexForSuggestionsRequestString",
+          "documentation":"<p>The free-form partial text to use to generate place suggestions. For example, <code>eiffel tow</code>.</p>"
+        }
+      }
+    },
+    "SearchPlaceIndexForSuggestionsRequestMaxResultsInteger":{
+      "type":"integer",
+      "box":true,
+      "max":15,
+      "min":1
+    },
+    "SearchPlaceIndexForSuggestionsResponse":{
+      "type":"structure",
+      "required":[
+        "Results",
+        "Summary"
+      ],
+      "members":{
+        "Results":{
+          "shape":"SearchForSuggestionsResultList",
+          "documentation":"<p>A list of place suggestions that best match the search text.</p>"
+        },
+        "Summary":{
+          "shape":"SearchPlaceIndexForSuggestionsSummary",
+          "documentation":"<p>Contains a summary of the request. Echoes the input values for <code>BiasPosition</code>, <code>FilterBBox</code>, <code>FilterCountries</code>, <code>Language</code>, <code>MaxResults</code>, and <code>Text</code>. Also includes the <code>DataSource</code> of the place index. </p>"
+        }
+      }
+    },
+    "SearchPlaceIndexForSuggestionsSummary":{
+      "type":"structure",
+      "required":[
+        "DataSource",
+        "Text"
+      ],
+      "members":{
+        "BiasPosition":{
+          "shape":"Position",
+          "documentation":"<p>Contains the coordinates for the optional bias position specified in the request.</p> <p>This parameter contains a pair of numbers. The first number represents the X coordinate, or longitude; the second number represents the Y coordinate, or latitude.</p> <p>For example, <code>[-123.1174, 49.2847]</code> represents the position with longitude <code>-123.1174</code> and latitude <code>49.2847</code>.</p>"
+        },
+        "DataSource":{
+          "shape":"String",
+          "documentation":"<p>The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:</p> <ul> <li> <p>Esri</p> </li> <li> <p>Here</p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+        },
+        "FilterBBox":{
+          "shape":"BoundingBox",
+          "documentation":"<p>Contains the coordinates for the optional bounding box specified in the request.</p>"
+        },
+        "FilterCountries":{
+          "shape":"CountryCodeList",
+          "documentation":"<p>Contains the optional country filter specified in the request.</p>"
+        },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. Matches the language in the request. The value is a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p>"
+        },
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>Contains the optional result count limit specified in the request.</p>"
+        },
+        "Text":{
+          "shape":"SyntheticSearchPlaceIndexForSuggestionsSummaryString",
+          "documentation":"<p>The free-form partial text input specified in the request.</p>"
+        }
+      },
+      "documentation":"<p>A summary of the request sent by using <code>SearchPlaceIndexForSuggestions</code>.</p>"
     },
     "SearchPlaceIndexForTextRequest":{
       "type":"structure",
@@ -3727,15 +4227,15 @@
       "members":{
         "BiasPosition":{
           "shape":"Position",
-          "documentation":"<p>Searches for results closest to the given position. An optional parameter defined by longitude, and latitude.</p> <ul> <li> <p>The first <code>bias</code> position is the X coordinate, or longitude.</p> </li> <li> <p>The second <code>bias</code> position is the Y coordinate, or latitude. </p> </li> </ul> <p>For example, <code>bias=xLongitude&amp;bias=yLatitude</code>.</p>"
+          "documentation":"<p>An optional parameter that indicates a preference for places that are closer to a specified position.</p> <p> If provided, this parameter must contain a pair of numbers. The first number represents the X coordinate, or longitude; the second number represents the Y coordinate, or latitude.</p> <p>For example, <code>[-123.1174, 49.2847]</code> represents the position with longitude <code>-123.1174</code> and latitude <code>49.2847</code>.</p> <note> <p> <code>BiasPosition</code> and <code>FilterBBox</code> are mutually exclusive. Specifying both options results in an error. </p> </note>"
         },
         "FilterBBox":{
           "shape":"BoundingBox",
-          "documentation":"<p>Filters the results by returning only Places within the provided bounding box. An optional parameter.</p> <p>The first 2 <code>bbox</code> parameters describe the lower southwest corner:</p> <ul> <li> <p>The first <code>bbox</code> position is the X coordinate or longitude of the lower southwest corner.</p> </li> <li> <p>The second <code>bbox</code> position is the Y coordinate or latitude of the lower southwest corner.</p> </li> </ul> <p>For example, <code>bbox=xLongitudeSW&amp;bbox=yLatitudeSW</code>.</p> <p>The next <code>bbox</code> parameters describe the upper northeast corner:</p> <ul> <li> <p>The third <code>bbox</code> position is the X coordinate, or longitude of the upper northeast corner.</p> </li> <li> <p>The fourth <code>bbox</code> position is the Y coordinate, or longitude of the upper northeast corner.</p> </li> </ul> <p>For example, <code>bbox=xLongitudeNE&amp;bbox=yLatitudeNE</code> </p>"
+          "documentation":"<p>An optional parameter that limits the search results by returning only places that are within the provided bounding box.</p> <p> If provided, this parameter must contain a total of four consecutive numbers in two pairs. The first pair of numbers represents the X and Y coordinates (longitude and latitude, respectively) of the southwest corner of the bounding box; the second pair of numbers represents the X and Y coordinates (longitude and latitude, respectively) of the northeast corner of the bounding box.</p> <p>For example, <code>[-12.7935, -37.4835, -12.0684, -36.9542]</code> represents a bounding box where the southwest corner has longitude <code>-12.7935</code> and latitude <code>-37.4835</code>, and the northeast corner has longitude <code>-12.0684</code> and latitude <code>-36.9542</code>.</p> <note> <p> <code>FilterBBox</code> and <code>BiasPosition</code> are mutually exclusive. Specifying both options results in an error. </p> </note>"
         },
         "FilterCountries":{
           "shape":"CountryCodeList",
-          "documentation":"<p>Limits the search to the given a list of countries/regions. An optional parameter.</p> <ul> <li> <p>Use the <a href=\"https://www.iso.org/iso-3166-country-codes.html\">ISO 3166</a> 3-digit country code. For example, Australia uses three upper-case characters: <code>AUS</code>.</p> </li> </ul>"
+          "documentation":"<p>An optional parameter that limits the search results by returning only places that are in a specified list of countries.</p> <ul> <li> <p>Valid values include <a href=\"https://www.iso.org/iso-3166-country-codes.html\">ISO 3166</a> 3-digit country codes. For example, Australia uses three upper-case characters: <code>AUS</code>.</p> </li> </ul>"
         },
         "IndexName":{
           "shape":"ResourceName",
@@ -3743,13 +4243,17 @@
           "location":"uri",
           "locationName":"IndexName"
         },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. The value must be a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p> <p>This setting affects the languages used in the results. It does not change which results are returned. If the language is not specified, or not supported for a particular result, the partner automatically chooses a language for the result.</p>"
+        },
         "MaxResults":{
           "shape":"PlaceIndexSearchResultLimit",
           "documentation":"<p>An optional parameter. The maximum number of results returned per request. </p> <p>The default: <code>50</code> </p>"
         },
         "Text":{
           "shape":"SyntheticSearchPlaceIndexForTextRequestString",
-          "documentation":"<p>The address, name, city, or region to be used in the search. In free-form text format. For example, <code>123 Any Street</code>.</p>"
+          "documentation":"<p>The address, name, city, or region to be used in the search in free-form text format. For example, <code>123 Any Street</code>.</p>"
         }
       }
     },
@@ -3762,11 +4266,11 @@
       "members":{
         "Results":{
           "shape":"SearchForTextResultList",
-          "documentation":"<p>A list of Places closest to the specified position. Each result contains additional information about the specific point of interest. </p>"
+          "documentation":"<p>A list of Places matching the input text. Each result contains additional information about the specific point of interest. </p>"
         },
         "Summary":{
           "shape":"SearchPlaceIndexForTextSummary",
-          "documentation":"<p>Contains a summary of the request. Contains the <code>BiasPosition</code>, <code>DataSource</code>, <code>FilterBBox</code>, <code>FilterCountries</code>, <code>MaxResults</code>, <code>ResultBBox</code>, and <code>Text</code>.</p>"
+          "documentation":"<p>Contains a summary of the request. Echoes the input values for <code>BiasPosition</code>, <code>FilterBBox</code>, <code>FilterCountries</code>, <code>Language</code>, <code>MaxResults</code>, and <code>Text</code>. Also includes the <code>DataSource</code> of the place index and the bounding box, <code>ResultBBox</code>, which surrounds the search results. </p>"
         }
       }
     },
@@ -3779,34 +4283,38 @@
       "members":{
         "BiasPosition":{
           "shape":"Position",
-          "documentation":"<p>Contains the coordinates for the bias position entered in the geocoding request.</p>"
+          "documentation":"<p>Contains the coordinates for the optional bias position specified in the request.</p> <p>This parameter contains a pair of numbers. The first number represents the X coordinate, or longitude; the second number represents the Y coordinate, or latitude.</p> <p>For example, <code>[-123.1174, 49.2847]</code> represents the position with longitude <code>-123.1174</code> and latitude <code>49.2847</code>.</p>"
         },
         "DataSource":{
           "shape":"String",
-          "documentation":"<p>The data provider of geospatial data. Indicates one of the available providers:</p> <ul> <li> <p>Esri</p> </li> <li> <p>HERE</p> </li> </ul> <p>For additional details on data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
+          "documentation":"<p>The geospatial data provider attached to the place index resource specified in the request. Values can be one of the following:</p> <ul> <li> <p>Esri</p> </li> <li> <p>Here</p> </li> </ul> <p>For more information about data providers, see <a href=\"https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html\">Amazon Location Service data providers</a>.</p>"
         },
         "FilterBBox":{
           "shape":"BoundingBox",
-          "documentation":"<p>Contains the coordinates for the optional bounding box coordinated entered in the geocoding request.</p>"
+          "documentation":"<p>Contains the coordinates for the optional bounding box specified in the request.</p>"
         },
         "FilterCountries":{
           "shape":"CountryCodeList",
-          "documentation":"<p>Contains the country filter entered in the geocoding request.</p>"
+          "documentation":"<p>Contains the optional country filter specified in the request.</p>"
+        },
+        "Language":{
+          "shape":"LanguageTag",
+          "documentation":"<p>The preferred language used to return results. Matches the language in the request. The value is a valid <a href=\"https://tools.ietf.org/search/bcp47\">BCP 47</a> language tag, for example, <code>en</code> for English.</p>"
         },
         "MaxResults":{
           "shape":"PlaceIndexSearchResultLimit",
-          "documentation":"<p>Contains the maximum number of results indicated for the request.</p>"
+          "documentation":"<p>Contains the optional result count limit specified in the request.</p>"
         },
         "ResultBBox":{
           "shape":"BoundingBox",
-          "documentation":"<p>A bounding box that contains the search results within the specified area indicated by <code>FilterBBox</code>. A subset of bounding box specified using <code>FilterBBox</code>.</p>"
+          "documentation":"<p>The bounding box that fully contains all search results.</p> <note> <p>If you specified the optional <code>FilterBBox</code> parameter in the request, <code>ResultBBox</code> is contained within <code>FilterBBox</code>.</p> </note>"
         },
         "Text":{
           "shape":"SyntheticSearchPlaceIndexForTextSummaryString",
-          "documentation":"<p>The address, name, city or region to be used in the geocoding request. In free-form text format. For example, <code>Vancouver</code>.</p>"
+          "documentation":"<p>The search text specified in the request.</p>"
         }
       },
-      "documentation":"<p>A summary of the geocoding request sent using <code>SearchPlaceIndexForText</code>.</p>"
+      "documentation":"<p>A summary of the request sent by using <code>SearchPlaceIndexForText</code>.</p>"
     },
     "ServiceQuotaExceededException":{
       "type":"structure",
@@ -3877,6 +4385,16 @@
       "member":{"shape":"Step"}
     },
     "String":{"type":"string"},
+    "SyntheticSearchPlaceIndexForSuggestionsRequestString":{
+      "type":"string",
+      "max":200,
+      "min":1,
+      "sensitive":true
+    },
+    "SyntheticSearchPlaceIndexForSuggestionsSummaryString":{
+      "type":"string",
+      "sensitive":true
+    },
     "SyntheticSearchPlaceIndexForTextRequestString":{
       "type":"string",
       "max":200,
@@ -3891,7 +4409,7 @@
       "type":"string",
       "max":128,
       "min":1,
-      "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
+      "pattern":"^[a-zA-Z+-=._:/]+$"
     },
     "TagKeys":{
       "type":"list",
@@ -3921,7 +4439,7 @@
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>Tags that have been applied to the specified resource. Tags are mapped from the tag key to the tag value: <code>\"TagKey\" : \"TagValue\"</code>.</p> <ul> <li> <p>Format example: <code>{\"tag1\" : \"value1\", \"tag2\" : \"value2\"} </code> </p> </li> </ul>"
+          "documentation":"<p>Applies one or more tags to specific resource. A tag is a key-value pair that helps you manage, identify, search, and filter your resources.</p> <p>Format: <code>\"key\" : \"value\"</code> </p> <p>Restrictions:</p> <ul> <li> <p>Maximum 50 tags per resource.</p> </li> <li> <p>Each tag key must be unique and must have exactly one associated value.</p> </li> <li> <p>Maximum key length: 128 Unicode characters in UTF-8.</p> </li> <li> <p>Maximum value length: 256 Unicode characters in UTF-8.</p> </li> <li> <p>Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @</p> </li> <li> <p>Cannot use \"aws:\" as a prefix for a key.</p> </li> </ul>"
         }
       }
     },
@@ -3953,6 +4471,21 @@
       "exception":true,
       "retryable":{"throttling":false}
     },
+    "TimeZone":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>The name of the time zone, following the <a href=\"https://www.iana.org/time-zones\"> IANA time zone standard</a>. For example, <code>America/Los_Angeles</code>.</p>"
+        },
+        "Offset":{
+          "shape":"Integer",
+          "documentation":"<p>The time zone's offset, in seconds, from UTC.</p>"
+        }
+      },
+      "documentation":"<p>Information about a time zone. Includes the name of the time zone and the offset from UTC in seconds.</p>"
+    },
     "Timestamp":{
       "type":"timestamp",
       "timestampFormat":"iso8601"
@@ -4068,11 +4601,15 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Updates the pricing plan for the geofence collection.</p> <p>For more information about each pricing plan option restrictions, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>Updates the data provider for the geofence collection. </p> <p>A required value for the following pricing plans: <code>MobileAssetTracking</code>| <code>MobileAssetManagement</code> </p> <p>For more information about <a href=\"https://aws.amazon.com/location/data-providers/\">data providers</a> and <a href=\"https://aws.amazon.com/location/pricing/\">pricing plans</a>, see the Amazon Location Service product page.</p> <note> <p>This can only be updated when updating the <code>PricingPlan</code> in the same request.</p> <p>Amazon Location Service uses <code>PricingPlanDataSource</code> to calculate billing for your geofence collection. Your data won't be shared with the data provider, and will remain in your AWS account and Region unless you move it.</p> </note>"
+          "documentation":"<p>This parameter is no longer used.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. No longer allowed."
         }
       }
     },
@@ -4114,7 +4651,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Updates the pricing plan for the map resource.</p> <p>For more information about each pricing plan option restrictions, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         }
       }
     },
@@ -4160,7 +4699,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Updates the pricing plan for the place index resource.</p> <p>For more information about each pricing plan option restrictions, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         }
       }
     },
@@ -4202,7 +4743,9 @@
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Updates the pricing plan for the route calculator resource.</p> <p>For more information about each pricing plan option restrictions, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         }
       }
     },
@@ -4238,15 +4781,19 @@
         },
         "PositionFiltering":{
           "shape":"PositionFiltering",
-          "documentation":"<p>Updates the position filtering for the tracker resource.</p> <p>Valid values:</p> <ul> <li> <p> <code>TimeBased</code> - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID. </p> </li> <li> <p> <code>DistanceBased</code> - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and device positions to retrieve. Distance-based filtering can also reduce the jitter effect when displaying device trajectory on a map. </p> </li> </ul>"
+          "documentation":"<p>Updates the position filtering for the tracker resource.</p> <p>Valid values:</p> <ul> <li> <p> <code>TimeBased</code> - Location updates are evaluated against linked geofence collections, but not every location update is stored. If your update frequency is more often than 30 seconds, only one update per 30 seconds is stored for each unique device ID. </p> </li> <li> <p> <code>DistanceBased</code> - If the device has moved less than 30 m (98.4 ft), location updates are ignored. Location updates within this distance are neither evaluated against linked geofence collections, nor stored. This helps control costs by reducing the number of geofence evaluations and historical device positions to paginate through. Distance-based filtering can also reduce the effects of GPS noise when displaying device trajectories on a map. </p> </li> <li> <p> <code>AccuracyBased</code> - If the device has moved less than the measured accuracy, location updates are ignored. For example, if two consecutive updates from a device have a horizontal accuracy of 5 m and 10 m, the second update is ignored if the device has moved less than 15 m. Ignored location updates are neither evaluated against linked geofence collections, nor stored. This helps educe the effects of GPS noise when displaying device trajectories on a map, and can help control costs by reducing the number of geofence evaluations. </p> </li> </ul>"
         },
         "PricingPlan":{
           "shape":"PricingPlan",
-          "documentation":"<p>Updates the pricing plan for the tracker resource.</p> <p>For more information about each pricing plan option restrictions, see <a href=\"https://aws.amazon.com/location/pricing/\">Amazon Location Service pricing</a>.</p>"
+          "documentation":"<p>No longer used. If included, the only allowed value is <code>RequestBasedUsage</code>.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. If included, the only allowed value is RequestBasedUsage."
         },
         "PricingPlanDataSource":{
           "shape":"String",
-          "documentation":"<p>Updates the data provider for the tracker resource. </p> <p>A required value for the following pricing plans: <code>MobileAssetTracking</code>| <code>MobileAssetManagement</code> </p> <p>For more information about <a href=\"https://aws.amazon.com/location/data-providers/\">data providers</a> and <a href=\"https://aws.amazon.com/location/pricing/\">pricing plans</a>, see the Amazon Location Service product page</p> <note> <p>This can only be updated when updating the <code>PricingPlan</code> in the same request.</p> <p>Amazon Location Service uses <code>PricingPlanDataSource</code> to calculate billing for your tracker resource. Your data won't be shared with the data provider, and will remain in your AWS account and Region unless you move it.</p> </note>"
+          "documentation":"<p>This parameter is no longer used.</p>",
+          "deprecated":true,
+          "deprecatedMessage":"Deprecated. No longer allowed."
         },
         "TrackerName":{
           "shape":"ResourceName",
diff --git a/contrib/python/botocore/py3/botocore/data/logs/2014-03-28/service-2.json b/contrib/python/botocore/py3/botocore/data/logs/2014-03-28/service-2.json
index 0aa4815fad5..0f80e7d7409 100644
--- a/contrib/python/botocore/py3/botocore/data/logs/2014-03-28/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/logs/2014-03-28/service-2.json
@@ -519,6 +519,7 @@
       "output":{"shape":"PutQueryDefinitionResponse"},
       "errors":[
         {"shape":"InvalidParameterException"},
+        {"shape":"LimitExceededException"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceUnavailableException"}
       ],
@@ -1457,6 +1458,7 @@
       "type":"list",
       "member":{"shape":"FilteredLogEvent"}
     },
+    "ForceUpdate":{"type":"boolean"},
     "GetLogEventsRequest":{
       "type":"structure",
       "required":[
@@ -1965,6 +1967,10 @@
         "accessPolicy":{
           "shape":"AccessPolicy",
           "documentation":"<p>An IAM policy document that authorizes cross-account users to deliver their log events to the associated destination. This can be up to 5120 bytes.</p>"
+        },
+        "forceUpdate":{
+          "shape":"ForceUpdate",
+          "documentation":"<p>Specify true if you are updating an existing destination policy to grant permission to an organization ID instead of granting permission to individual AWS accounts. Before you update a destination policy this way, you must first update the subscription filters in the accounts that send logs to this destination. If you do not, the subscription filters might stop working. By specifying <code>true</code> for <code>forceUpdate</code>, you are affirming that you have already updated the subscription filters. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Cross-Account-Log_Subscription-Update.html\"> Updating an existing cross-account subscription</a> </p> <p>If you omit this parameter, the default of <code>false</code> is used.</p>"
         }
       }
     },
@@ -2108,7 +2114,7 @@
         },
         "policyDocument":{
           "shape":"PolicyDocument",
-          "documentation":"<p>Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.</p> <p>The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace <code>\"logArn\"</code> with the ARN of your CloudWatch Logs resource, such as a log group or log stream.</p> <p>CloudWatch Logs also supports <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn\">aws:SourceArn</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount\">aws:SourceAccount</a> condition context keys.</p> <p>In the example resource policy, you would replace the value of <code>SourceArn</code> with the resource making the call from Route 53 to CloudWatch Logs and replace the value of <code>SourceAccount</code> with the Amazon Web Services account ID making that call.</p> <p/> <p> <code>{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\": \"logs:PutLogEvents\", \"Resource\": \"logArn\", \"Condition\": { \"ArnLike\": { \"aws:SourceArn\": \"myRoute53ResourceArn\" }, \"StringEquals\": { \"aws:SourceAccount\": \"myAwsAccountId\" } } } ] }</code> </p>"
+          "documentation":"<p>Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.</p> <p>The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace <code>\"logArn\"</code> with the ARN of your CloudWatch Logs resource, such as a log group or log stream.</p> <p>CloudWatch Logs also supports <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn\">aws:SourceArn</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount\">aws:SourceAccount</a> condition context keys.</p> <p>In the example resource policy, you would replace the value of <code>SourceArn</code> with the resource making the call from Route 53 to CloudWatch Logs and replace the value of <code>SourceAccount</code> with the Amazon Web Services account ID making that call.</p> <p/> <p> <code>{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\": \"logs:PutLogEvents\", \"Resource\": \"logArn\", \"Condition\": { \"ArnLike\": { \"aws:SourceArn\": \"myRoute53ResourceArn\" }, \"StringEquals\": { \"aws:SourceAccount\": \"myAwsAccountId\" } } } ] }</code> </p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/lookoutmetrics/2017-07-25/service-2.json b/contrib/python/botocore/py3/botocore/data/lookoutmetrics/2017-07-25/service-2.json
index bc5fd576663..cdcfc107129 100644
--- a/contrib/python/botocore/py3/botocore/data/lookoutmetrics/2017-07-25/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lookoutmetrics/2017-07-25/service-2.json
@@ -105,6 +105,24 @@
       ],
       "documentation":"<p>Creates a dataset.</p>"
     },
+    "DeactivateAnomalyDetector":{
+      "name":"DeactivateAnomalyDetector",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeactivateAnomalyDetector"
+      },
+      "input":{"shape":"DeactivateAnomalyDetectorRequest"},
+      "output":{"shape":"DeactivateAnomalyDetectorResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"TooManyRequestsException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deactivates an anomaly detector.</p>"
+    },
     "DeleteAlert":{
       "name":"DeleteAlert",
       "http":{
@@ -293,6 +311,23 @@
       ],
       "documentation":"<p>Lists the detectors in the current AWS Region.</p> <p>Amazon Lookout for Metrics API actions are eventually consistent. If you do a read operation on a resource immediately after creating or modifying it, use retries to allow time for the write operation to complete.</p>"
     },
+    "ListAnomalyGroupRelatedMetrics":{
+      "name":"ListAnomalyGroupRelatedMetrics",
+      "http":{
+        "method":"POST",
+        "requestUri":"/ListAnomalyGroupRelatedMetrics"
+      },
+      "input":{"shape":"ListAnomalyGroupRelatedMetricsRequest"},
+      "output":{"shape":"ListAnomalyGroupRelatedMetricsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"TooManyRequestsException"}
+      ],
+      "documentation":"<p>Returns a list of measures that are potential causes or effects of an anomaly group.</p>"
+    },
     "ListAnomalyGroupSummaries":{
       "name":"ListAnomalyGroupSummaries",
       "http":{
@@ -439,7 +474,8 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"},
         {"shape":"AccessDeniedException"},
-        {"shape":"TooManyRequestsException"}
+        {"shape":"TooManyRequestsException"},
+        {"shape":"ServiceQuotaExceededException"}
       ],
       "documentation":"<p>Updates a dataset.</p>"
     }
@@ -650,6 +686,15 @@
       "min":1,
       "pattern":".*\\S.*"
     },
+    "AnomalyDetectorFailureType":{
+      "type":"string",
+      "enum":[
+        "ACTIVATION_FAILURE",
+        "BACK_TEST_ACTIVATION_FAILURE",
+        "DELETION_FAILURE",
+        "DEACTIVATION_FAILURE"
+      ]
+    },
     "AnomalyDetectorName":{
       "type":"string",
       "max":63,
@@ -667,7 +712,9 @@
         "LEARNING",
         "BACK_TEST_ACTIVATING",
         "BACK_TEST_ACTIVE",
-        "BACK_TEST_COMPLETE"
+        "BACK_TEST_COMPLETE",
+        "DEACTIVATED",
+        "DEACTIVATING"
       ]
     },
     "AnomalyDetectorSummary":{
@@ -826,10 +873,6 @@
     },
     "AppFlowConfig":{
       "type":"structure",
-      "required":[
-        "RoleArn",
-        "FlowName"
-      ],
       "members":{
         "RoleArn":{
           "shape":"Arn",
@@ -877,7 +920,6 @@
     },
     "CloudWatchConfig":{
       "type":"structure",
-      "required":["RoleArn"],
       "members":{
         "RoleArn":{
           "shape":"Arn",
@@ -1114,6 +1156,21 @@
       "max":63,
       "pattern":".*\\S.*"
     },
+    "DeactivateAnomalyDetectorRequest":{
+      "type":"structure",
+      "required":["AnomalyDetectorArn"],
+      "members":{
+        "AnomalyDetectorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the anomaly detector.</p>"
+        }
+      }
+    },
+    "DeactivateAnomalyDetectorResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteAlertRequest":{
       "type":"structure",
       "required":["AlertArn"],
@@ -1247,11 +1304,15 @@
         },
         "FailureReason":{
           "shape":"ErrorMessage",
-          "documentation":"<p>The reason that the detector failed, if any.</p>"
+          "documentation":"<p>The reason that the detector failed.</p>"
         },
         "KmsKeyArn":{
           "shape":"KmsKeyArn",
           "documentation":"<p>The ARN of the KMS key to use to encrypt your data.</p>"
+        },
+        "FailureType":{
+          "shape":"AnomalyDetectorFailureType",
+          "documentation":"<p>The process that caused the detector to fail.</p>"
         }
       }
     },
@@ -1550,6 +1611,32 @@
       "min":1
     },
     "Integer":{"type":"integer"},
+    "InterMetricImpactDetails":{
+      "type":"structure",
+      "members":{
+        "MetricName":{
+          "shape":"MetricName",
+          "documentation":"<p>The name of the measure.</p>"
+        },
+        "AnomalyGroupId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the anomaly group.</p>"
+        },
+        "RelationshipType":{
+          "shape":"RelationshipType",
+          "documentation":"<p>Whether a measure is a potential cause of the anomaly group (<code>CAUSE_OF_INPUT_ANOMALY_GROUP</code>), or whether the measure is impacted by the anomaly group (<code>EFFECT_OF_INPUT_ANOMALY_GROUP</code>).</p>"
+        },
+        "ContributionPercentage":{
+          "shape":"MetricChangePercentage",
+          "documentation":"<p>For potential causes (<code>CAUSE_OF_INPUT_ANOMALY_GROUP</code>), the percentage contribution the measure has in causing the anomalies.</p>"
+        }
+      },
+      "documentation":"<p>Aggregated details about the measures contributing to the anomaly group, and the measures potentially impacted by the anomaly group.</p> <p/>"
+    },
+    "InterMetricImpactList":{
+      "type":"list",
+      "member":{"shape":"InterMetricImpactDetails"}
+    },
     "InternalServerException":{
       "type":"structure",
       "required":["Message"],
@@ -1682,6 +1769,49 @@
         }
       }
     },
+    "ListAnomalyGroupRelatedMetricsRequest":{
+      "type":"structure",
+      "required":[
+        "AnomalyDetectorArn",
+        "AnomalyGroupId"
+      ],
+      "members":{
+        "AnomalyDetectorArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the anomaly detector.</p>"
+        },
+        "AnomalyGroupId":{
+          "shape":"UUID",
+          "documentation":"<p>The ID of the anomaly group.</p>"
+        },
+        "RelationshipTypeFilter":{
+          "shape":"RelationshipType",
+          "documentation":"<p>Filter for potential causes (<code>CAUSE_OF_INPUT_ANOMALY_GROUP</code>) or downstream effects (<code>EFFECT_OF_INPUT_ANOMALY_GROUP</code>) of the anomaly group.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "box":true
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Specify the pagination token that's returned by a previous request to retrieve the next page of results.</p>"
+        }
+      }
+    },
+    "ListAnomalyGroupRelatedMetricsResponse":{
+      "type":"structure",
+      "members":{
+        "InterMetricImpactList":{
+          "shape":"InterMetricImpactList",
+          "documentation":"<p>Aggregated details about the measures contributing to the anomaly group, and the measures potentially impacted by the anomaly group.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The pagination token that's included if more results are available.</p>"
+        }
+      }
+    },
     "ListAnomalyGroupSummariesRequest":{
       "type":"structure",
       "required":[
@@ -1862,6 +1992,11 @@
       },
       "documentation":"<p>A calculation made by contrasting a measure and a dimension from your source data.</p>"
     },
+    "MetricChangePercentage":{
+      "type":"double",
+      "max":100.0,
+      "min":0.0
+    },
     "MetricLevelImpact":{
       "type":"structure",
       "members":{
@@ -2036,16 +2171,6 @@
     },
     "RDSSourceConfig":{
       "type":"structure",
-      "required":[
-        "DBInstanceIdentifier",
-        "DatabaseHost",
-        "DatabasePort",
-        "SecretManagerArn",
-        "DatabaseName",
-        "TableName",
-        "RoleArn",
-        "VpcConfiguration"
-      ],
       "members":{
         "DBInstanceIdentifier":{
           "shape":"RDSDatabaseIdentifier",
@@ -2097,16 +2222,6 @@
     },
     "RedshiftSourceConfig":{
       "type":"structure",
-      "required":[
-        "ClusterIdentifier",
-        "DatabaseHost",
-        "DatabasePort",
-        "SecretManagerArn",
-        "DatabaseName",
-        "TableName",
-        "RoleArn",
-        "VpcConfiguration"
-      ],
       "members":{
         "ClusterIdentifier":{
           "shape":"RedshiftClusterIdentifier",
@@ -2144,6 +2259,13 @@
       },
       "documentation":"<p>Provides information about the Amazon Redshift database configuration.</p>"
     },
+    "RelationshipType":{
+      "type":"string",
+      "enum":[
+        "CAUSE_OF_INPUT_ANOMALY_GROUP",
+        "EFFECT_OF_INPUT_ANOMALY_GROUP"
+      ]
+    },
     "ResourceId":{"type":"string"},
     "ResourceNotFoundException":{
       "type":"structure",
@@ -2166,7 +2288,6 @@
     "ResourceType":{"type":"string"},
     "S3SourceConfig":{
       "type":"structure",
-      "required":["RoleArn"],
       "members":{
         "RoleArn":{
           "shape":"Arn",
diff --git a/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/paginators-1.json b/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/paginators-1.json
index 7f89a609b33..14c4ce73905 100644
--- a/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/paginators-1.json
@@ -17,6 +17,12 @@
       "output_token": "NextToken",
       "limit_key": "MaxResults",
       "result_key": "Projects"
+    },
+    "ListModelPackagingJobs": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ModelPackagingJobs"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/service-2.json b/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/service-2.json
index ad02799f0d1..5f91371524c 100644
--- a/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/lookoutvision/2020-11-20/service-2.json
@@ -107,7 +107,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Deletes an Amazon Lookout for Vision model. You can't delete a running model. To stop a running model, use the <a>StopModel</a> operation.</p> <p>It might take a few seconds to delete a model. To determine if a model has been deleted, call <a>ListProjects</a> and check if the version of the model (<code>ModelVersion</code>) is in the <code>Models</code> array. </p> <p>This operation requires permissions to perform the <code>lookoutvision:DeleteModel</code> operation.</p>"
+      "documentation":"<p>Deletes an Amazon Lookout for Vision model. You can't delete a running model. To stop a running model, use the <a>StopModel</a> operation.</p> <p>It might take a few seconds to delete a model. To determine if a model has been deleted, call <a>ListModels</a> and check if the version of the model (<code>ModelVersion</code>) is in the <code>Models</code> array. </p> <p/> <p>This operation requires permissions to perform the <code>lookoutvision:DeleteModel</code> operation.</p>"
     },
     "DeleteProject":{
       "name":"DeleteProject",
@@ -163,6 +163,23 @@
       ],
       "documentation":"<p>Describes a version of an Amazon Lookout for Vision model.</p> <p>This operation requires permissions to perform the <code>lookoutvision:DescribeModel</code> operation.</p>"
     },
+    "DescribeModelPackagingJob":{
+      "name":"DescribeModelPackagingJob",
+      "http":{
+        "method":"GET",
+        "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs/{jobName}"
+      },
+      "input":{"shape":"DescribeModelPackagingJobRequest"},
+      "output":{"shape":"DescribeModelPackagingJobResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Describes an Amazon Lookout for Vision model packaging job. </p> <p>This operation requires permissions to perform the <code>lookoutvision:DescribeModelPackagingJob</code> operation.</p> <p>For more information, see <i>Using your Amazon Lookout for Vision model on an edge device</i> in the Amazon Lookout for Vision Developer Guide. </p>"
+    },
     "DescribeProject":{
       "name":"DescribeProject",
       "http":{
@@ -217,6 +234,23 @@
       ],
       "documentation":"<p>Lists the JSON Lines within a dataset. An Amazon Lookout for Vision JSON Line contains the anomaly information for a single image, including the image location and the assigned label.</p> <p>This operation requires permissions to perform the <code>lookoutvision:ListDatasetEntries</code> operation.</p>"
     },
+    "ListModelPackagingJobs":{
+      "name":"ListModelPackagingJobs",
+      "http":{
+        "method":"GET",
+        "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs"
+      },
+      "input":{"shape":"ListModelPackagingJobsRequest"},
+      "output":{"shape":"ListModelPackagingJobsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p> Lists the model packaging jobs created for an Amazon Lookout for Vision project. </p> <p>This operation requires permissions to perform the <code>lookoutvision:ListModelPackagingJobs</code> operation. </p> <p>For more information, see <i>Using your Amazon Lookout for Vision model on an edge device</i> in the Amazon Lookout for Vision Developer Guide. </p>"
+    },
     "ListModels":{
       "name":"ListModels",
       "http":{
@@ -233,7 +267,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Lists the versions of a model in an Amazon Lookout for Vision project.</p> <p>This operation requires permissions to perform the <code>lookoutvision:ListModels</code> operation.</p>"
+      "documentation":"<p>Lists the versions of a model in an Amazon Lookout for Vision project.</p> <p>The <code>ListModels</code> operation is eventually consistent. Recent calls to <code>CreateModel</code> might take a while to appear in the response from <code>ListProjects</code>.</p> <p>This operation requires permissions to perform the <code>lookoutvision:ListModels</code> operation.</p>"
     },
     "ListProjects":{
       "name":"ListProjects",
@@ -251,7 +285,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Lists the Amazon Lookout for Vision projects in your AWS account.</p> <p>This operation requires permissions to perform the <code>lookoutvision:ListProjects</code> operation.</p>"
+      "documentation":"<p>Lists the Amazon Lookout for Vision projects in your AWS account.</p> <p>The <code>ListProjects</code> operation is eventually consistent. Recent calls to <code>CreateProject</code> and <code>DeleteProject</code> might take a while to appear in the response from <code>ListProjects</code>.</p> <p>This operation requires permissions to perform the <code>lookoutvision:ListProjects</code> operation.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -291,6 +325,25 @@
       ],
       "documentation":"<p>Starts the running of the version of an Amazon Lookout for Vision model. Starting a model takes a while to complete. To check the current state of the model, use <a>DescribeModel</a>.</p> <p>A model is ready to use when its status is <code>HOSTED</code>.</p> <p>Once the model is running, you can detect custom labels in new images by calling <a>DetectAnomalies</a>.</p> <note> <p>You are charged for the amount of time that the model is running. To stop a running model, call <a>StopModel</a>.</p> </note> <p>This operation requires permissions to perform the <code>lookoutvision:StartModel</code> operation.</p>"
     },
+    "StartModelPackagingJob":{
+      "name":"StartModelPackagingJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/2020-11-20/projects/{projectName}/modelpackagingjobs"
+      },
+      "input":{"shape":"StartModelPackagingJobRequest"},
+      "output":{"shape":"StartModelPackagingJobResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Starts an Amazon Lookout for Vision model packaging job. A model packaging job creates an AWS IoT Greengrass component for a Lookout for Vision model. You can use the component to deploy your model to an edge device managed by Greengrass. </p> <p>Use the <a>DescribeModelPackagingJob</a> API to determine the current status of the job. The model packaging job is complete if the value of <code>Status</code> is <code>SUCCEEDED</code>.</p> <p>To deploy the component to the target device, use the component name and component version with the AWS IoT Greengrass <a href=\"https://docs.aws.amazon.com/greengrass/v2/APIReference/API_CreateDeployment.html\">CreateDeployment</a> API.</p> <p>This operation requires the following permissions:</p> <ul> <li> <p> <code>lookoutvision:StartModelPackagingJob</code> </p> </li> <li> <p> <code>s3:PutObject</code> </p> </li> <li> <p> <code>s3:GetBucketLocation</code> </p> </li> <li> <p> <code>greengrass:CreateComponentVersion</code> </p> </li> <li> <p> <code>greengrass:DescribeComponent</code> </p> </li> <li> <p>(Optional) <code>greengrass:TagResource</code>. Only required if you want to tag the component.</p> </li> </ul> <p>For more information, see <i>Using your Amazon Lookout for Vision model on an edge device</i> in the Amazon Lookout for Vision Developer Guide. </p>"
+    },
     "StopModel":{
       "name":"StopModel",
       "http":{
@@ -364,7 +417,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Adds one or more JSON Line entries to a dataset. A JSON Line includes information about an image used for training or testing an Amazon Lookout for Vision model. The following is an example JSON Line.</p> <p>Updating a dataset might take a while to complete. To check the current status, call <a>DescribeDataset</a> and check the <code>Status</code> field in the response.</p> <p>This operation requires permissions to perform the <code>lookoutvision:UpdateDatasetEntries</code> operation.</p>"
+      "documentation":"<p>Adds or updates one or more JSON Line entries in a dataset. A JSON Line includes information about an image used for training or testing an Amazon Lookout for Vision model.</p> <p>To update an existing JSON Line, use the <code>source-ref</code> field to identify the JSON Line. The JSON line that you supply replaces the existing JSON line. Any existing annotations that are not in the new JSON line are removed from the dataset. </p> <p>For more information, see <i>Defining JSON lines for anomaly classification</i> in the Amazon Lookout for Vision Developer Guide. </p> <note> <p>The images you reference in the <code>source-ref</code> field of a JSON line, must be in the same S3 bucket as the existing images in the dataset. </p> </note> <p>Updating a dataset might take a while to complete. To check the current status, call <a>DescribeDataset</a> and check the <code>Status</code> field in the response.</p> <p>This operation requires permissions to perform the <code>lookoutvision:UpdateDatasetEntries</code> operation.</p>"
     }
   },
   "shapes":{
@@ -391,6 +444,34 @@
       "min":1,
       "pattern":"^[a-zA-Z0-9-]+$"
     },
+    "CompilerOptions":{
+      "type":"string",
+      "max":1024,
+      "min":3,
+      "pattern":".*"
+    },
+    "ComponentDescription":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z0-9-_. ()':,;?]+"
+    },
+    "ComponentName":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"[a-zA-Z0-9-_.]+"
+    },
+    "ComponentVersion":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^([0-9]{1,6})\\.([0-9]{1,6})\\.([0-9]{1,6})$"
+    },
+    "ComponentVersionArn":{
+      "type":"string",
+      "pattern":"arn:[^:]*:greengrass:[^:]*:aws:components:[^:]+"
+    },
     "ConflictException":{
       "type":"structure",
       "required":[
@@ -442,7 +523,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateDataset</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>CreateDataset</code>. In this case, safely retry your call to <code>CreateDataset</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateDataset</code>. An idempotency token is active for 8 hours. </p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateDataset</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>CreateDataset</code>. In this case, safely retry your call to <code>CreateDataset</code> by using the same <code>ClientToken</code> parameter value.</p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple dataset creation requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateDataset</code>. An idempotency token is active for 8 hours. </p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -477,7 +558,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateModel</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>CreateModel</code>. In this case, safely retry your call to <code>CreateModel</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateModel</code>. An idempotency token is active for 8 hours.</p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateModel</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>CreateModel</code>. In this case, safely retry your call to <code>CreateModel</code> by using the same <code>ClientToken</code> parameter value. </p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from starting multiple training jobs. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateModel</code>. An idempotency token is active for 8 hours.</p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -488,7 +569,7 @@
         },
         "KmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>The identifier for your AWS Key Management Service (AWS KMS) customer master key (CMK). The key is used to encrypt training and test images copied into the service for model training. Your source images are unaffected. If this parameter is not specified, the copied images are encrypted by a key that AWS owns and manages.</p>"
+          "documentation":"<p>The identifier for your AWS KMS key. The key is used to encrypt training and test images copied into the service for model training. Your source images are unaffected. If this parameter is not specified, the copied images are encrypted by a key that AWS owns and manages.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -515,7 +596,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateProject</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>CreateProject</code>. In this case, safely retry your call to <code>CreateProject</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateProject</code>. An idempotency token is active for 8 hours.</p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>CreateProject</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>CreateProject</code>. In this case, safely retry your call to <code>CreateProject</code> by using the same <code>ClientToken</code> parameter value. </p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple project creation requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>CreateProject</code>. An idempotency token is active for 8 hours.</p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -565,7 +646,7 @@
         },
         "ImageStats":{
           "shape":"DatasetImageStats",
-          "documentation":"<p/>"
+          "documentation":"<p>Statistics about the images in a dataset.</p>"
         }
       },
       "documentation":"<p>The description for a dataset. For more information, see <a>DescribeDataset</a>.</p>"
@@ -632,7 +713,7 @@
           "documentation":"<p>The status message for the dataset.</p>"
         }
       },
-      "documentation":"<p>Sumary information for an Amazon Lookout for Vision dataset.</p>"
+      "documentation":"<p>Summary information for an Amazon Lookout for Vision dataset. For more information, see <a>DescribeDataset</a> and <a>ProjectDescription</a>.</p>"
     },
     "DatasetMetadataList":{
       "type":"list",
@@ -692,7 +773,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteDataset</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>DeleteDataset</code>. In this case, safely retry your call to <code>DeleteDataset</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteDataset</code>. An idempotency token is active for 8 hours.</p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteDataset</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>DeleteDataset</code>. In this case, safely retry your call to <code>DeleteDataset</code> by using the same <code>ClientToken</code> parameter value. </p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple deletetion requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteDataset</code>. An idempotency token is active for 8 hours.</p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -718,14 +799,14 @@
           "locationName":"projectName"
         },
         "ModelVersion":{
-          "shape":"ModelVersion",
+          "shape":"ModelVersionNoLatest",
           "documentation":"<p>The version of the model that you want to delete.</p>",
           "location":"uri",
           "locationName":"modelVersion"
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteModel</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>DeleteModel</code>. In this case, safely retry your call to <code>DeleteModel</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteModel</code>. An idempotency token is active for 8 hours.</p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteModel</code> completes only once. You choose the value to pass. For example, an issue might prevent you from getting a response from <code>DeleteModel</code>. In this case, safely retry your call to <code>DeleteModel</code> by using the same <code>ClientToken</code> parameter value.</p> <p>If you don't supply a value for ClientToken, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple model deletion requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteModel</code>. An idempotency token is active for 8 hours.</p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -753,7 +834,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteProject</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>DeleteProject</code>. In this case, safely retry your call to <code>DeleteProject</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteProject</code>. An idempotency token is active for 8 hours.</p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>DeleteProject</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>DeleteProject</code>. In this case, safely retry your call to <code>DeleteProject</code> by using the same <code>ClientToken</code> parameter value. </p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple project deletion requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>DeleteProject</code>. An idempotency token is active for 8 hours.</p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -799,6 +880,36 @@
         }
       }
     },
+    "DescribeModelPackagingJobRequest":{
+      "type":"structure",
+      "required":[
+        "ProjectName",
+        "JobName"
+      ],
+      "members":{
+        "ProjectName":{
+          "shape":"ProjectName",
+          "documentation":"<p>The name of the project that contains the model packaging job that you want to describe. </p>",
+          "location":"uri",
+          "locationName":"projectName"
+        },
+        "JobName":{
+          "shape":"ModelPackagingJobName",
+          "documentation":"<p>The job name for the model packaging job. </p>",
+          "location":"uri",
+          "locationName":"jobName"
+        }
+      }
+    },
+    "DescribeModelPackagingJobResponse":{
+      "type":"structure",
+      "members":{
+        "ModelPackagingDescription":{
+          "shape":"ModelPackagingDescription",
+          "documentation":"<p>The description of the model packaging job. </p>"
+        }
+      }
+    },
     "DescribeModelRequest":{
       "type":"structure",
       "required":[
@@ -913,6 +1024,66 @@
     },
     "ExceptionString":{"type":"string"},
     "Float":{"type":"float"},
+    "GreengrassConfiguration":{
+      "type":"structure",
+      "required":[
+        "S3OutputLocation",
+        "ComponentName"
+      ],
+      "members":{
+        "CompilerOptions":{
+          "shape":"CompilerOptions",
+          "documentation":"<p>Additional compiler options for the Greengrass component. Currently, only NVIDIA Graphics Processing Units (GPU) are supported. If you specify <code>TargetPlatform</code>, you must specify <code>CompilerOptions</code>. If you specify <code>TargetDevice</code>, don't specify <code>CompilerOptions</code>.</p> <p>For more information, see <i>Compiler options</i> in the Amazon Lookout for Vision Developer Guide. </p>"
+        },
+        "TargetDevice":{
+          "shape":"TargetDevice",
+          "documentation":"<p>The target device for the model. Currently the only supported value is <code>jetson_xavier</code>. If you specify <code>TargetDevice</code>, you can't specify <code>TargetPlatform</code>. </p>"
+        },
+        "TargetPlatform":{
+          "shape":"TargetPlatform",
+          "documentation":"<p>The target platform for the model. If you specify <code>TargetPlatform</code>, you can't specify <code>TargetDevice</code>. </p>"
+        },
+        "S3OutputLocation":{
+          "shape":"S3Location",
+          "documentation":"<p> An S3 location in which Lookout for Vision stores the component artifacts. </p>"
+        },
+        "ComponentName":{
+          "shape":"ComponentName",
+          "documentation":"<p> A name for the AWS IoT Greengrass component. </p>"
+        },
+        "ComponentVersion":{
+          "shape":"ComponentVersion",
+          "documentation":"<p>A Version for the AWS IoT Greengrass component. If you don't provide a value, a default value of <code> <i>Model Version</i>.0.0</code> is used. </p>"
+        },
+        "ComponentDescription":{
+          "shape":"ComponentDescription",
+          "documentation":"<p> A description for the AWS IoT Greengrass component. </p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p> A set of tags (key-value pairs) that you want to attach to the AWS IoT Greengrass component. </p>"
+        }
+      },
+      "documentation":"<p>Configuration information for the AWS IoT Greengrass component created in a model packaging job. For more information, see <a>StartModelPackagingJob</a>. </p> <note> <p>You can't specify a component with the same <code>ComponentName</code> and <code>Componentversion</code> as an existing component with the same component name and component version.</p> </note>"
+    },
+    "GreengrassOutputDetails":{
+      "type":"structure",
+      "members":{
+        "ComponentVersionArn":{
+          "shape":"ComponentVersionArn",
+          "documentation":"<p> The Amazon Resource Name (ARN) of the component. </p>"
+        },
+        "ComponentName":{
+          "shape":"ComponentName",
+          "documentation":"<p> The name of the component. </p>"
+        },
+        "ComponentVersion":{
+          "shape":"ComponentVersion",
+          "documentation":"<p> The version of the component. </p>"
+        }
+      },
+      "documentation":"<p>Information about the AWS IoT Greengrass component created by a model packaging job. </p>"
+    },
     "ImageSource":{
       "type":"structure",
       "members":{
@@ -1054,6 +1225,43 @@
         }
       }
     },
+    "ListModelPackagingJobsRequest":{
+      "type":"structure",
+      "required":["ProjectName"],
+      "members":{
+        "ProjectName":{
+          "shape":"ProjectName",
+          "documentation":"<p> The name of the project for which you want to list the model packaging jobs. </p>",
+          "location":"uri",
+          "locationName":"projectName"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more results to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of results. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "MaxResults":{
+          "shape":"PageSize",
+          "documentation":"<p>The maximum number of results to return per paginated call. The largest value you can specify is 100. If you specify a value greater than 100, a ValidationException error occurs. The default value is 100. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        }
+      }
+    },
+    "ListModelPackagingJobsResponse":{
+      "type":"structure",
+      "members":{
+        "ModelPackagingJobs":{
+          "shape":"ModelPackagingJobsList",
+          "documentation":"<p> A list of the model packaging jobs created for the specified Amazon Lookout for Vision project. </p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>If the previous response was incomplete (because there is more results to retrieve), Amazon Lookout for Vision returns a pagination token in the response. You can use this pagination token to retrieve the next set of results. </p>"
+        }
+      }
+    },
     "ListModelsRequest":{
       "type":"structure",
       "required":["ProjectName"],
@@ -1251,6 +1459,151 @@
       "type":"list",
       "member":{"shape":"ModelMetadata"}
     },
+    "ModelPackagingConfiguration":{
+      "type":"structure",
+      "required":["Greengrass"],
+      "members":{
+        "Greengrass":{
+          "shape":"GreengrassConfiguration",
+          "documentation":"<p> Configuration information for the AWS IoT Greengrass component in a model packaging job. </p>"
+        }
+      },
+      "documentation":"<p> Configuration information for a Amazon Lookout for Vision model packaging job. For more information, see <a>StartModelPackagingJob</a>. </p>"
+    },
+    "ModelPackagingDescription":{
+      "type":"structure",
+      "members":{
+        "JobName":{
+          "shape":"ModelPackagingJobName",
+          "documentation":"<p> The name of the model packaging job. </p>"
+        },
+        "ProjectName":{
+          "shape":"ProjectName",
+          "documentation":"<p>The name of the project that's associated with a model that's in the model package. </p>"
+        },
+        "ModelVersion":{
+          "shape":"ModelVersion",
+          "documentation":"<p>The version of the model used in the model packaging job. </p>"
+        },
+        "ModelPackagingConfiguration":{
+          "shape":"ModelPackagingConfiguration",
+          "documentation":"<p> The configuration information used in the model packaging job. </p>"
+        },
+        "ModelPackagingJobDescription":{
+          "shape":"ModelPackagingJobDescription",
+          "documentation":"<p>The description for the model packaging job. </p>"
+        },
+        "ModelPackagingMethod":{
+          "shape":"ModelPackagingMethod",
+          "documentation":"<p>The AWS service used to package the job. Currently Lookout for Vision can package jobs with AWS IoT Greengrass. </p>"
+        },
+        "ModelPackagingOutputDetails":{
+          "shape":"ModelPackagingOutputDetails",
+          "documentation":"<p>Information about the output of the model packaging job. For more information, see <a>DescribeModelPackagingJob</a>. </p>"
+        },
+        "Status":{
+          "shape":"ModelPackagingJobStatus",
+          "documentation":"<p> The status of the model packaging job. </p>"
+        },
+        "StatusMessage":{
+          "shape":"ModelPackagingStatusMessage",
+          "documentation":"<p> The status message for the model packaging job. </p>"
+        },
+        "CreationTimestamp":{
+          "shape":"DateTime",
+          "documentation":"<p> The Unix timestamp for the time and date that the model packaging job was created. </p>"
+        },
+        "LastUpdatedTimestamp":{
+          "shape":"DateTime",
+          "documentation":"<p> The Unix timestamp for the time and date that the model packaging job was last updated. </p>"
+        }
+      },
+      "documentation":"<p> Information about a model packaging job. For more information, see <a>DescribeModelPackagingJob</a>. </p>"
+    },
+    "ModelPackagingJobDescription":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[a-zA-Z0-9-_. ()':,;?]+"
+    },
+    "ModelPackagingJobMetadata":{
+      "type":"structure",
+      "members":{
+        "JobName":{
+          "shape":"ModelPackagingJobName",
+          "documentation":"<p> The name of the model packaging job. </p>"
+        },
+        "ProjectName":{
+          "shape":"ProjectName",
+          "documentation":"<p> The project that contains the model that is in the model package. </p>"
+        },
+        "ModelVersion":{
+          "shape":"ModelVersion",
+          "documentation":"<p> The version of the model that is in the model package. </p>"
+        },
+        "ModelPackagingJobDescription":{
+          "shape":"ModelPackagingJobDescription",
+          "documentation":"<p> The description for the model packaging job. </p>"
+        },
+        "ModelPackagingMethod":{
+          "shape":"ModelPackagingMethod",
+          "documentation":"<p> The AWS service used to package the job. Currently Lookout for Vision can package jobs with AWS IoT Greengrass. </p>"
+        },
+        "Status":{
+          "shape":"ModelPackagingJobStatus",
+          "documentation":"<p>The status of the model packaging job. </p>"
+        },
+        "StatusMessage":{
+          "shape":"ModelPackagingStatusMessage",
+          "documentation":"<p>The status message for the model packaging job. </p>"
+        },
+        "CreationTimestamp":{
+          "shape":"DateTime",
+          "documentation":"<p>The Unix timestamp for the time and date that the model packaging job was created.</p>"
+        },
+        "LastUpdatedTimestamp":{
+          "shape":"DateTime",
+          "documentation":"<p>The Unix timestamp for the time and date that the model packaging job was last updated.</p>"
+        }
+      },
+      "documentation":"<p> Metadata for a model packaging job. For more information, see <a>ListModelPackagingJobs</a>. </p>"
+    },
+    "ModelPackagingJobName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"[a-zA-Z0-9-]+"
+    },
+    "ModelPackagingJobStatus":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "RUNNING",
+        "SUCCEEDED",
+        "FAILED"
+      ]
+    },
+    "ModelPackagingJobsList":{
+      "type":"list",
+      "member":{"shape":"ModelPackagingJobMetadata"}
+    },
+    "ModelPackagingMethod":{
+      "type":"string",
+      "max":32,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9]+"
+    },
+    "ModelPackagingOutputDetails":{
+      "type":"structure",
+      "members":{
+        "Greengrass":{
+          "shape":"GreengrassOutputDetails",
+          "documentation":"<p> Information about the AWS IoT Greengrass component in a model packaging job. </p>"
+        }
+      },
+      "documentation":"<p> Information about the output from a model packaging job. </p>"
+    },
+    "ModelPackagingStatusMessage":{"type":"string"},
     "ModelPerformance":{
       "type":"structure",
       "members":{
@@ -1290,6 +1643,12 @@
       "min":1,
       "pattern":"([1-9][0-9]*|latest)"
     },
+    "ModelVersionNoLatest":{
+      "type":"string",
+      "max":10,
+      "min":1,
+      "pattern":"([1-9][0-9]*)"
+    },
     "OutputConfig":{
       "type":"structure",
       "required":["S3Location"],
@@ -1414,7 +1773,8 @@
         "PROJECT",
         "DATASET",
         "MODEL",
-        "TRIAL"
+        "TRIAL",
+        "MODEL_PACKAGE_JOB"
       ]
     },
     "RetryAfterSeconds":{"type":"integer"},
@@ -1435,14 +1795,14 @@
       "members":{
         "Bucket":{
           "shape":"S3BucketName",
-          "documentation":"<p>The S3 bucket that contains the training output.</p>"
+          "documentation":"<p>The S3 bucket that contains the training or model packaging job output. If you are training a model, the bucket must in your AWS account. If you use an S3 bucket for a model packaging job, the S3 bucket must be in the same AWS Region and AWS account in which you use AWS IoT Greengrass.</p>"
         },
         "Prefix":{
           "shape":"S3KeyPrefix",
-          "documentation":"<p>The path of the folder, within the S3 bucket, that contains the training output.</p>"
+          "documentation":"<p>The path of the folder, within the S3 bucket, that contains the output.</p>"
         }
       },
-      "documentation":"<p>Information about the location training output.</p>"
+      "documentation":"<p>Information about the location of training output or the output of a model packaging job.</p>"
     },
     "S3ObjectKey":{
       "type":"string",
@@ -1486,6 +1846,54 @@
       "error":{"httpStatusCode":402},
       "exception":true
     },
+    "StartModelPackagingJobRequest":{
+      "type":"structure",
+      "required":[
+        "ProjectName",
+        "ModelVersion",
+        "Configuration"
+      ],
+      "members":{
+        "ProjectName":{
+          "shape":"ProjectName",
+          "documentation":"<p> The name of the project which contains the version of the model that you want to package. </p>",
+          "location":"uri",
+          "locationName":"projectName"
+        },
+        "ModelVersion":{
+          "shape":"ModelVersion",
+          "documentation":"<p> The version of the model within the project that you want to package. </p>"
+        },
+        "JobName":{
+          "shape":"ModelPackagingJobName",
+          "documentation":"<p>A name for the model packaging job. If you don't supply a value, the service creates a job name for you. </p>"
+        },
+        "Configuration":{
+          "shape":"ModelPackagingConfiguration",
+          "documentation":"<p>The configuration for the model packaging job. </p>"
+        },
+        "Description":{
+          "shape":"ModelPackagingJobDescription",
+          "documentation":"<p>A description for the model packaging job. </p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>StartModelPackagingJob</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>StartModelPackagingJob</code>. In this case, safely retry your call to <code>StartModelPackagingJob</code> by using the same <code>ClientToken</code> parameter value.</p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple dataset creation requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>StartModelPackagingJob</code>. An idempotency token is active for 8 hours. </p>",
+          "idempotencyToken":true,
+          "location":"header",
+          "locationName":"X-Amzn-Client-Token"
+        }
+      }
+    },
+    "StartModelPackagingJobResponse":{
+      "type":"structure",
+      "members":{
+        "JobName":{
+          "shape":"ModelPackagingJobName",
+          "documentation":"<p>The job name for the model packaging job. If you don't supply a job name in the <code>JobName</code> input parameter, the service creates a job name for you. </p>"
+        }
+      }
+    },
     "StartModelRequest":{
       "type":"structure",
       "required":[
@@ -1508,11 +1916,11 @@
         },
         "MinInferenceUnits":{
           "shape":"InferenceUnits",
-          "documentation":"<p>The minimum number of inference units to use. A single inference unit represents 1 hour of processing and can support up to 5 Transaction Pers Second (TPS). Use a higher number to increase the TPS throughput of your model. You are charged for the number of inference units that you use. </p>"
+          "documentation":"<p>The minimum number of inference units to use. A single inference unit represents 1 hour of processing. Use a higher number to increase the TPS throughput of your model. You are charged for the number of inference units that you use. </p>"
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>StartModel</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>StartModel</code>. In this case, safely retry your call to <code>StartModel</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>StartModel</code>. An idempotency token is active for 8 hours. </p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>StartModel</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>StartModel</code>. In this case, safely retry your call to <code>StartModel</code> by using the same <code>ClientToken</code> parameter value. </p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple start requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>StartModel</code>. An idempotency token is active for 8 hours. </p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -1549,7 +1957,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>StopModel</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>StopModel</code>. In this case, safely retry your call to <code>StopModel</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>StopModel</code>. An idempotency token is active for 8 hours. </p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>StopModel</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>StopModel</code>. In this case, safely retry your call to <code>StopModel</code> by using the same <code>ClientToken</code> parameter value.</p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple stop requests. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>StopModel</code>. An idempotency token is active for 8 hours. </p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
@@ -1641,6 +2049,48 @@
       "min":0,
       "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
     },
+    "TargetDevice":{
+      "type":"string",
+      "enum":["jetson_xavier"]
+    },
+    "TargetPlatform":{
+      "type":"structure",
+      "required":[
+        "Os",
+        "Arch",
+        "Accelerator"
+      ],
+      "members":{
+        "Os":{
+          "shape":"TargetPlatformOs",
+          "documentation":"<p>The target operating system for the model. Linux is the only operating system that is currently supported. </p>"
+        },
+        "Arch":{
+          "shape":"TargetPlatformArch",
+          "documentation":"<p>The target architecture for the model. The currently supported architectures are X86_64 (64-bit version of the x86 instruction set) and ARM_64 (ARMv8 64-bit CPU). </p>"
+        },
+        "Accelerator":{
+          "shape":"TargetPlatformAccelerator",
+          "documentation":"<p>The target accelerator for the model. NVIDIA (Nvidia graphics processing unit) is the only accelerator that is currently supported. You must also specify the <code>gpu-code</code>, <code>trt-ver</code>, and <code>cuda-ver</code> compiler options. </p>"
+        }
+      },
+      "documentation":"<p>The platform on which a model runs on an AWS IoT Greengrass core device.</p>"
+    },
+    "TargetPlatformAccelerator":{
+      "type":"string",
+      "enum":["NVIDIA"]
+    },
+    "TargetPlatformArch":{
+      "type":"string",
+      "enum":[
+        "ARM64",
+        "X86_64"
+      ]
+    },
+    "TargetPlatformOs":{
+      "type":"string",
+      "enum":["LINUX"]
+    },
     "ThrottlingException":{
       "type":"structure",
       "required":["Message"],
@@ -1717,7 +2167,7 @@
         },
         "ClientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>UpdateDatasetEntries</code> completes only once. You choose the value to pass. For example, An issue, such as an network outage, might prevent you from getting a response from <code>UpdateDatasetEntries</code>. In this case, safely retry your call to <code>UpdateDatasetEntries</code> by using the same <code>ClientToken</code> parameter value. An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>UpdateDatasetEntries</code>. An idempotency token is active for 8 hours. </p>",
+          "documentation":"<p>ClientToken is an idempotency token that ensures a call to <code>UpdateDatasetEntries</code> completes only once. You choose the value to pass. For example, An issue might prevent you from getting a response from <code>UpdateDatasetEntries</code>. In this case, safely retry your call to <code>UpdateDatasetEntries</code> by using the same <code>ClientToken</code> parameter value.</p> <p>If you don't supply a value for <code>ClientToken</code>, the AWS SDK you are using inserts a value for you. This prevents retries after a network error from making multiple updates with the same dataset entries. You'll need to provide your own value for other use cases. </p> <p>An error occurs if the other input parameters are not the same as in the first request. Using a different value for <code>ClientToken</code> is considered a new call to <code>UpdateDatasetEntries</code>. An idempotency token is active for 8 hours. </p>",
           "idempotencyToken":true,
           "location":"header",
           "locationName":"X-Amzn-Client-Token"
diff --git a/contrib/python/botocore/py3/botocore/data/macie2/2020-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/macie2/2020-01-01/service-2.json
index 34f6d77793f..8bdfa91a458 100644
--- a/contrib/python/botocore/py3/botocore/data/macie2/2020-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/macie2/2020-01-01/service-2.json
@@ -744,7 +744,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Retrieves the Amazon Macie configuration settings for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Retrieves the Amazon Macie configuration settings for an organization in Organizations.</p>"
     },
     "DisableMacie": {
       "name": "DisableMacie",
@@ -790,7 +790,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Disables an Amazon Macie account and deletes Macie resources for the account.</p>"
+      "documentation": "<p>Disables Amazon Macie and deletes all settings and resources for a Macie account.</p>"
     },
     "DisableOrganizationAdminAccount": {
       "name": "DisableOrganizationAdminAccount",
@@ -836,7 +836,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Disables an account as the delegated Amazon Macie administrator account for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Disables an account as the delegated Amazon Macie administrator account for an organization in Organizations.</p>"
     },
     "DisassociateFromAdministratorAccount": {
       "name": "DisassociateFromAdministratorAccount",
@@ -1065,7 +1065,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Designates an account as the delegated Amazon Macie administrator account for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Designates an account as the delegated Amazon Macie administrator account for an organization in Organizations.</p>"
     },
     "GetAdministratorAccount": {
       "name": "GetAdministratorAccount",
@@ -1156,7 +1156,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": " <p>Retrieves (queries) aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes.</p>"
+      "documentation": "<p>Retrieves (queries) aggregated statistical data about S3 buckets that Amazon Macie monitors and analyzes.</p>"
     },
     "GetClassificationExportConfiguration": {
       "name": "GetClassificationExportConfiguration",
@@ -2047,7 +2047,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Retrieves information about the delegated Amazon Macie administrator account for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Retrieves information about the delegated Amazon Macie administrator account for an organization in Organizations.</p>"
     },
     "ListTagsForResource": {
       "name": "ListTagsForResource",
@@ -2420,7 +2420,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Suspends or re-enables an Amazon Macie account, or updates the configuration settings for a Macie account.</p>"
+      "documentation": "<p>Suspends or re-enables Amazon Macie, or updates the configuration settings for a Macie account.</p>"
     },
     "UpdateMemberSession": {
       "name": "UpdateMemberSession",
@@ -2512,7 +2512,7 @@
           "documentation": "<p>The request failed because it conflicts with the current state of the specified resource.</p>"
         }
       ],
-      "documentation": "<p>Updates the Amazon Macie configuration settings for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Updates the Amazon Macie configuration settings for an organization in Organizations.</p>"
     }
   },
   "shapes": {
@@ -2616,14 +2616,14 @@
         "status": {
           "shape": "AdminStatus",
           "locationName": "status",
-          "documentation": "<p>The current status of the account as the delegated administrator of Amazon Macie for the organization.</p>"
+          "documentation": "<p>The current status of the account as the delegated Amazon Macie administrator account for the organization.</p>"
         }
       },
-      "documentation": "<p>Provides information about the delegated Amazon Macie administrator account for an Amazon Web Services organization.</p>"
+      "documentation": "<p>Provides information about the delegated Amazon Macie administrator account for an organization in Organizations.</p>"
     },
     "AdminStatus": {
       "type": "string",
-      "documentation": "<p>The current status of an account as the delegated Amazon Macie administrator account for an Amazon Web Services organization. Possible values are:</p>",
+      "documentation": "<p>The current status of an account as the delegated Amazon Macie administrator account for an organization in Organizations. Possible values are:</p>",
       "enum": [
         "ENABLED",
         "DISABLING_IN_PROGRESS"
@@ -3428,7 +3428,7 @@
         "description": {
           "shape": "__string",
           "locationName": "description",
-          "documentation": "<p>A custom description of the custom data identifier. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a custom data identifier. Other users of your account might be able to see the identifier's description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom description of the custom data identifier. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a custom data identifier. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "ignoreWords": {
           "shape": "__listOf__string",
@@ -3448,7 +3448,7 @@
         "name": {
           "shape": "__string",
           "locationName": "name",
-          "documentation": "<p>A custom name for the custom data identifier. The name can contain as many as 128 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a custom data identifier. Other users of your account might be able to see the identifier's name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom name for the custom data identifier. The name can contain as many as 128 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a custom data identifier. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "regex": {
           "shape": "__string",
@@ -3465,7 +3465,11 @@
           "locationName": "tags",
           "documentation": "<p>A map of key-value pairs that specifies the tags to associate with the custom data identifier.</p> <p>A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.</p>"
         }
-      }
+      },
+      "required": [
+        "name",
+        "regex"
+      ]
     },
     "CreateCustomDataIdentifierResponse": {
       "type": "structure",
@@ -3494,7 +3498,7 @@
         "description": {
           "shape": "__string",
           "locationName": "description",
-          "documentation": "<p>A custom description of the filter. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom description of the filter. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "findingCriteria": {
           "shape": "FindingCriteria",
@@ -3504,7 +3508,7 @@
         "name": {
           "shape": "__string",
           "locationName": "name",
-          "documentation": "<p>A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "position": {
           "shape": "__integer",
@@ -3549,12 +3553,12 @@
         "disableEmailNotification": {
           "shape": "__boolean",
           "locationName": "disableEmailNotification",
-          "documentation": "<p>Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in Personal Health Dashboard. To send an email notification to the root user of each account, set this value to true.</p>"
+          "documentation": "<p>Specifies whether to send the invitation as an email message. If this value is false, Amazon Macie sends the invitation (as an email message) to the email address that you specified for the recipient's account when you associated the account with your account. The default value is false.</p>"
         },
         "message": {
           "shape": "__string",
           "locationName": "message",
-          "documentation": "<p>A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.</p>"
+          "documentation": "<p>Custom text to include in the email message that contains the invitation. The text can contain as many as 80 alphanumeric characters.</p>"
         }
       },
       "required": [
@@ -4102,12 +4106,12 @@
         "autoEnable": {
           "shape": "__boolean",
           "locationName": "autoEnable",
-          "documentation": "<p>Specifies whether Amazon Macie is enabled automatically for accounts that are added to the Amazon Web Services organization.</p>"
+          "documentation": "<p>Specifies whether Amazon Macie is enabled automatically for accounts that are added to the organization.</p>"
         },
         "maxAccountLimitReached": {
           "shape": "__boolean",
           "locationName": "maxAccountLimitReached",
-          "documentation": "<p>Specifies whether the maximum number of Amazon Macie member accounts are part of the Amazon Web Services organization.</p>"
+          "documentation": "<p>Specifies whether the maximum number of Amazon Macie member accounts are part of the organization.</p>"
         }
       }
     },
@@ -4549,7 +4553,7 @@
         "administrator": {
           "shape": "Invitation",
           "locationName": "administrator",
-          "documentation": "<p>The Amazon Web Services account ID for the administrator account. If the accounts are associated by a Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.</p>"
+          "documentation": "<p>The Amazon Web Services account ID for the administrator account. If the accounts are associated by an Amazon Macie membership invitation, this object also provides details about the invitation that was sent to establish the relationship between the accounts.</p>"
         }
       }
     },
@@ -4894,22 +4898,22 @@
         "findingPublishingFrequency": {
           "shape": "FindingPublishingFrequency",
           "locationName": "findingPublishingFrequency",
-          "documentation": "<p>The frequency with which Macie publishes updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).</p>"
+          "documentation": "<p>The frequency with which Amazon Macie publishes updates to policy findings for the account. This includes publishing updates to Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events).</p>"
         },
         "serviceRole": {
           "shape": "__string",
           "locationName": "serviceRole",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in Amazon Web Services resources for the account.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the service-linked role that allows Amazon Macie to monitor and analyze data in Amazon Web Services resources for the account.</p>"
         },
         "status": {
           "shape": "MacieStatus",
           "locationName": "status",
-          "documentation": "<p>The current status of the Macie account. Possible values are: PAUSED, the account is enabled but all Macie activities are suspended (paused) for the account; and, ENABLED, the account is enabled and all Macie activities are enabled for the account.</p>"
+          "documentation": "<p>The current status of the Amazon Macie account. Possible values are: PAUSED, the account is enabled but all Macie activities are suspended (paused) for the account; and, ENABLED, the account is enabled and all Macie activities are enabled for the account.</p>"
         },
         "updatedAt": {
           "shape": "__timestampIso8601",
           "locationName": "updatedAt",
-          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Macie account.</p>"
+          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Amazon Macie account.</p>"
         }
       }
     },
@@ -4967,7 +4971,7 @@
         "invitedAt": {
           "shape": "__timestampIso8601",
           "locationName": "invitedAt",
-          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.</p>"
+          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if an invitation hasn't been sent to the account.</p>"
         },
         "masterAccountId": {
           "shape": "__string",
@@ -5144,7 +5148,7 @@
         "invitationId": {
           "shape": "__string",
           "locationName": "invitationId",
-          "documentation": "<p>The unique identifier for the invitation. Amazon Macie uses this identifier to validate the inviter account with the invitee account.</p>"
+          "documentation": "<p>The unique identifier for the invitation.</p>"
         },
         "invitedAt": {
           "shape": "__timestampIso8601",
@@ -5154,10 +5158,10 @@
         "relationshipStatus": {
           "shape": "RelationshipStatus",
           "locationName": "relationshipStatus",
-          "documentation": "<p>The status of the relationship between the account that sent the invitation (<i>inviter account</i>) and the account that received the invitation (<i>invitee account</i>).</p>"
+          "documentation": "<p>The status of the relationship between the account that sent the invitation and the account that received the invitation.</p>"
         }
       },
-      "documentation": "<p>Provides information about an Amazon Macie membership invitation that was received by an account.</p>"
+      "documentation": "<p>Provides information about an Amazon Macie membership invitation.</p>"
     },
     "IpAddressDetails": {
       "type": "structure",
@@ -5777,7 +5781,7 @@
         "members": {
           "shape": "__listOfMember",
           "locationName": "members",
-          "documentation": "<p>An array of objects, one for each account that's associated with the administrator account and meets the criteria specified by the onlyAssociated request parameter.</p>"
+          "documentation": "<p>An array of objects, one for each account that's associated with the administrator account and meets the criteria specified in the request.</p>"
         },
         "nextToken": {
           "shape": "__string",
@@ -5989,7 +5993,7 @@
         "invitedAt": {
           "shape": "__timestampIso8601",
           "locationName": "invitedAt",
-          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.</p>"
+          "documentation": "<p>The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if an invitation hasn't been sent to the account.</p>"
         },
         "masterAccountId": {
           "shape": "__string",
@@ -6253,7 +6257,7 @@
     },
     "RelationshipStatus": {
       "type": "string",
-      "documentation": "<p>The current status of the relationship between an account and an associated Amazon Macie administrator account (<i>inviter account</i>). Possible values are:</p>",
+      "documentation": "<p>The current status of the relationship between an account and an associated Amazon Macie administrator account. Possible values are:</p>",
       "enum": [
         "Enabled",
         "Paused",
@@ -6944,7 +6948,7 @@
         "severity": {
           "shape": "DataIdentifierSeverity",
           "locationName": "severity",
-          "documentation": "<p>The severity to assign to a finding if the number of occurrences is greater than or equal to the specified threshold (occurrencesThreshold) and, if applicable, is less than the threshold for the next consecutive severity level for the custom data identifier.</p>"
+          "documentation": "<p>The severity to assign to a finding: if the number of occurrences is greater than or equal to the specified threshold (occurrencesThreshold); and, if applicable, the number of occurrences is less than the threshold for the next consecutive severity level for the custom data identifier, moving from LOW to HIGH.</p>"
         }
       },
       "documentation": "<p>Specifies a severity level for findings that a custom data identifier produces. A severity level determines which severity is assigned to the findings, based on the number of occurrences of text that matches the custom data identifier's detection criteria.</p>",
@@ -7343,7 +7347,7 @@
         "description": {
           "shape": "__string",
           "locationName": "description",
-          "documentation": "<p>A custom description of the filter. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see the filter's description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom description of the filter. The description can contain as many as 512 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "findingCriteria": {
           "shape": "FindingCriteria",
@@ -7359,7 +7363,7 @@
         "name": {
           "shape": "__string",
           "locationName": "name",
-          "documentation": "<p>A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see the filter's name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
+          "documentation": "<p>A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.</p> <p>We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.</p>"
         },
         "position": {
           "shape": "__integer",
@@ -7441,7 +7445,7 @@
         "autoEnable": {
           "shape": "__boolean",
           "locationName": "autoEnable",
-          "documentation": "<p>Specifies whether to enable Amazon Macie automatically for each account, when the account is added to the Amazon Web Services organization.</p>"
+          "documentation": "<p>Specifies whether to enable Amazon Macie automatically for an account when the account is added to the organization in Organizations.</p>"
         }
       },
       "required": [
diff --git a/contrib/python/botocore/py3/botocore/data/mediaconnect/2018-11-14/service-2.json b/contrib/python/botocore/py3/botocore/data/mediaconnect/2018-11-14/service-2.json
index 8c5dfab296e..aade80949e1 100644
--- a/contrib/python/botocore/py3/botocore/data/mediaconnect/2018-11-14/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/mediaconnect/2018-11-14/service-2.json
@@ -1432,7 +1432,7 @@
         "MaxLatency": {
           "shape": "__integer",
           "locationName": "maxLatency",
-          "documentation": "The maximum latency in milliseconds for Zixi-based streams."
+          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams."
         },
         "MediaStreamOutputConfigurations": {
           "shape": "__listOfMediaStreamOutputConfigurationRequest",
@@ -1464,6 +1464,11 @@
           "locationName": "remoteId",
           "documentation": "The remote ID for the Zixi-pull output stream."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
         "SmoothingLatency": {
           "shape": "__integer",
           "locationName": "smoothingLatency",
@@ -1953,7 +1958,7 @@
           "locationName": "state"
         }
       },
-      "documentation": "The settings for source failover"
+      "documentation": "The settings for source failover."
     },
     "FailoverMode": {
       "type": "string",
@@ -2949,7 +2954,8 @@
         "rist",
         "st2110-jpegxs",
         "cdi",
-        "srt-listener"
+        "srt-listener",
+        "fujitsu-qos"
       ]
     },
     "PurchaseOfferingRequest": {
@@ -3373,7 +3379,7 @@
         "MaxLatency": {
           "shape": "__integer",
           "locationName": "maxLatency",
-          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams."
+          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams."
         },
         "MaxSyncBuffer": {
           "shape": "__integer",
@@ -3400,6 +3406,16 @@
           "locationName": "protocol",
           "documentation": "The protocol that is used by the source."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
+        "SenderIpAddress": {
+          "shape": "__string",
+          "locationName": "senderIpAddress",
+          "documentation": "The IP address that the flow communicates with to initiate connection with the sender."
+        },
         "StreamId": {
           "shape": "__string",
           "locationName": "streamId",
@@ -3461,6 +3477,16 @@
           "locationName": "name",
           "documentation": "The name of the source."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
+        "SenderIpAddress": {
+          "shape": "__string",
+          "locationName": "senderIpAddress",
+          "documentation": "The IP address that the flow communicates with to initiate connection with the sender."
+        },
         "SourceArn": {
           "shape": "__string",
           "locationName": "sourceArn",
@@ -3652,7 +3678,7 @@
         "MaxLatency": {
           "shape": "__integer",
           "locationName": "maxLatency",
-          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams."
+          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams."
         },
         "MaxSyncBuffer": {
           "shape": "__integer",
@@ -3674,6 +3700,16 @@
           "locationName": "remoteId",
           "documentation": "The remote ID for the Zixi-pull stream."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
+        "SenderIpAddress": {
+          "shape": "__string",
+          "locationName": "senderIpAddress",
+          "documentation": "The IP address that the flow communicates with to initiate connection with the sender."
+        },
         "SmoothingLatency": {
           "shape": "__integer",
           "locationName": "smoothingLatency",
@@ -3785,7 +3821,7 @@
           "locationName": "state"
         }
       },
-      "documentation": "The settings for source failover"
+      "documentation": "The settings for source failover."
     },
     "UpdateFlowEntitlementRequest": {
       "type": "structure",
@@ -3939,7 +3975,7 @@
         "MaxLatency": {
           "shape": "__integer",
           "locationName": "maxLatency",
-          "documentation": "The maximum latency in milliseconds for Zixi-based streams."
+          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams."
         },
         "MediaStreamOutputConfigurations": {
           "shape": "__listOfMediaStreamOutputConfigurationRequest",
@@ -3972,6 +4008,16 @@
           "locationName": "remoteId",
           "documentation": "The remote ID for the Zixi-pull stream."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
+        "SenderIpAddress": {
+          "shape": "__string",
+          "locationName": "senderIpAddress",
+          "documentation": "The IP address that the flow communicates with to initiate connection with the sender."
+        },
         "SmoothingLatency": {
           "shape": "__integer",
           "locationName": "smoothingLatency",
@@ -4074,7 +4120,7 @@
         "MaxLatency": {
           "shape": "__integer",
           "locationName": "maxLatency",
-          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based and Zixi-based streams."
+          "documentation": "The maximum latency in milliseconds. This parameter applies only to RIST-based, Zixi-based, and Fujitsu-based streams."
         },
         "MaxSyncBuffer": {
           "shape": "__integer",
@@ -4096,6 +4142,16 @@
           "locationName": "protocol",
           "documentation": "The protocol that is used by the source."
         },
+        "SenderControlPort": {
+          "shape": "__integer",
+          "locationName": "senderControlPort",
+          "documentation": "The port that the flow uses to send outbound requests to initiate connection with the sender."
+        },
+        "SenderIpAddress": {
+          "shape": "__string",
+          "locationName": "senderIpAddress",
+          "documentation": "The IP address that the flow communicates with to initiate connection with the sender."
+        },
         "SourceArn": {
           "shape": "__string",
           "location": "uri",
@@ -4145,7 +4201,7 @@
         "Name": {
           "shape": "__string",
           "locationName": "name",
-          "documentation": "Immutable and has to be a unique against other VpcInterfaces in this Flow"
+          "documentation": "Immutable and has to be a unique against other VpcInterfaces in this Flow."
         },
         "NetworkInterfaceIds": {
           "shape": "__listOf__string",
diff --git a/contrib/python/botocore/py3/botocore/data/mediaconvert/2017-08-29/service-2.json b/contrib/python/botocore/py3/botocore/data/mediaconvert/2017-08-29/service-2.json
index 769dc1b57fc..bb512383973 100644
--- a/contrib/python/botocore/py3/botocore/data/mediaconvert/2017-08-29/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/mediaconvert/2017-08-29/service-2.json
@@ -1808,7 +1808,7 @@
           "documentation": "Enable this setting on one audio selector to set it as the default for the job. The service uses this default for outputs where it can't find the specified input audio. If you don't set a default, those outputs have no audio."
         },
         "ExternalAudioFileInput": {
-          "shape": "__stringPatternS3MM2PPWWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSS",
+          "shape": "__stringPatternS3MM2PPWWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSOOGGGGaAHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSOOGGGGaA",
           "locationName": "externalAudioFileInput",
           "documentation": "Specifies audio data from an external file source."
         },
@@ -1928,6 +1928,14 @@
         "MAX"
       ]
     },
+    "Av1BitDepth": {
+      "type": "string",
+      "documentation": "Specify the Bit depth (Av1BitDepth). You can choose 8-bit (BIT_8) or 10-bit (BIT_10).",
+      "enum": [
+        "BIT_8",
+        "BIT_10"
+      ]
+    },
     "Av1FramerateControl": {
       "type": "string",
       "documentation": "If you are using the console, use the Framerate setting to specify the frame rate for this output. If you want to keep the same frame rate as the input video, choose Follow source. If you want to do frame rate conversion, choose a frame rate from the dropdown list or choose Custom. The framerates shown in the dropdown list are decimal approximations of fractions. If you choose Custom, specify your frame rate as a fraction. If you are creating your transcoding job specification as a JSON file without the console, use FramerateControl to specify which value the service uses for the frame rate for this output. Choose INITIALIZE_FROM_SOURCE if you want the service to use the frame rate from the input. Choose SPECIFIED if you want the service to use the frame rate you specify in the settings FramerateNumerator and FramerateDenominator.",
@@ -1976,6 +1984,11 @@
           "locationName": "adaptiveQuantization",
           "documentation": "Specify the strength of any adaptive quantization filters that you enable. The value that you choose here applies to Spatial adaptive quantization (spatialAdaptiveQuantization)."
         },
+        "BitDepth": {
+          "shape": "Av1BitDepth",
+          "locationName": "bitDepth",
+          "documentation": "Specify the Bit depth (Av1BitDepth). You can choose 8-bit (BIT_8) or 10-bit (BIT_10)."
+        },
         "FramerateControl": {
           "shape": "Av1FramerateControl",
           "locationName": "framerateControl",
@@ -2238,7 +2251,7 @@
         "BackgroundColor": {
           "shape": "BurninSubtitleBackgroundColor",
           "locationName": "backgroundColor",
-          "documentation": "Specify the color of the rectangle behind the captions. Leave background color (BackgroundColor) blank and set Style passthrough (StylePassthrough) to enabled to use the background color data from your input captions, if present. Within your job settings, all of your DVB-Sub settings must be identical."
+          "documentation": "Specify the color of the rectangle behind the captions. Leave background color (BackgroundColor) blank and set Style passthrough (StylePassthrough) to enabled to use the background color data from your input captions, if present."
         },
         "BackgroundOpacity": {
           "shape": "__integerMin0Max255",
@@ -2352,7 +2365,7 @@
     },
     "BurninSubtitleBackgroundColor": {
       "type": "string",
-      "documentation": "Specify the color of the rectangle behind the captions. Leave background color (BackgroundColor) blank and set Style passthrough (StylePassthrough) to enabled to use the background color data from your input captions, if present. Within your job settings, all of your DVB-Sub settings must be identical.",
+      "documentation": "Specify the color of the rectangle behind the captions. Leave background color (BackgroundColor) blank and set Style passthrough (StylePassthrough) to enabled to use the background color data from your input captions, if present.",
       "enum": [
         "NONE",
         "BLACK",
@@ -3106,7 +3119,7 @@
         "AudioRenditionSets": {
           "shape": "__string",
           "locationName": "audioRenditionSets",
-          "documentation": "List the audio rendition groups that you want included with this video rendition. Use a comma-separated list. For example, say you want to include the audio rendition groups that have the audio group IDs \"audio_aac_1\" and \"audio_dolby\". Then you would specify this value: \"audio_aac_1, audio_dolby\". Related setting: The rendition groups that you include in your comma-separated list should all match values that you specify in the setting Audio group ID (AudioGroupId) for audio renditions in the same output group as this video rendition. Default behavior: If you don't specify anything here and for Audio group ID, MediaConvert puts each audio variant in its own audio rendition group and associates it with every video variant. Each value in your list appears in your HLS parent manifest in the EXT-X-STREAM-INF tag as the value for the AUDIO attribute. To continue the previous example, say that the file name for the child manifest for your video rendition is \"amazing_video_1.m3u8\". Then, in your parent manifest, each value will appear on separate lines, like this: #EXT-X-STREAM-INF:AUDIO=\"audio_aac_1\"... amazing_video_1.m3u8 #EXT-X-STREAM-INF:AUDIO=\"audio_dolby\"... amazing_video_1.m3u8"
+          "documentation": "List the audio rendition groups that you want included with this video rendition. Use a comma-separated list. For example, say you want to include the audio rendition groups that have the audio group IDs \"audio_aac_1\" and \"audio_dolby\". Then you would specify this value: \"audio_aac_1,audio_dolby\". Related setting: The rendition groups that you include in your comma-separated list should all match values that you specify in the setting Audio group ID (AudioGroupId) for audio renditions in the same output group as this video rendition. Default behavior: If you don't specify anything here and for Audio group ID, MediaConvert puts each audio variant in its own audio rendition group and associates it with every video variant. Each value in your list appears in your HLS parent manifest in the EXT-X-STREAM-INF tag as the value for the AUDIO attribute. To continue the previous example, say that the file name for the child manifest for your video rendition is \"amazing_video_1.m3u8\". Then, in your parent manifest, each value will appear on separate lines, like this: #EXT-X-STREAM-INF:AUDIO=\"audio_aac_1\"... amazing_video_1.m3u8 #EXT-X-STREAM-INF:AUDIO=\"audio_dolby\"... amazing_video_1.m3u8"
         },
         "AudioTrackType": {
           "shape": "CmfcAudioTrackType",
@@ -3132,10 +3145,23 @@
           "shape": "CmfcScte35Source",
           "locationName": "scte35Source",
           "documentation": "Ignore this setting unless you have SCTE-35 markers in your input video file. Choose Passthrough (PASSTHROUGH) if you want SCTE-35 markers that appear in your input to also appear in this output. Choose None (NONE) if you don't want those SCTE-35 markers in this output."
+        },
+        "TimedMetadata": {
+          "shape": "CmfcTimedMetadata",
+          "locationName": "timedMetadata",
+          "documentation": "Applies to CMAF outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output."
         }
       },
       "documentation": "These settings relate to the fragmented MP4 container for the segments in your CMAF outputs."
     },
+    "CmfcTimedMetadata": {
+      "type": "string",
+      "documentation": "Applies to CMAF outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output.",
+      "enum": [
+        "PASSTHROUGH",
+        "NONE"
+      ]
+    },
     "ColorCorrector": {
       "type": "structure",
       "members": {
@@ -4231,7 +4257,7 @@
         "TeletextSpacing": {
           "shape": "DvbSubtitleTeletextSpacing",
           "locationName": "teletextSpacing",
-          "documentation": "Specify whether the Text spacing (TextSpacing) in your captions is set by the captions grid, or varies depending on letter width. Choose fixed grid (FIXED_GRID) to conform to the spacing specified in the captions file more accurately. Choose proportional (PROPORTIONAL) to make the text easier to read for closed captions. Within your job settings, all of your DVB-Sub settings must be identical."
+          "documentation": "Specify whether the Text spacing (TeletextSpacing) in your captions is set by the captions grid, or varies depending on letter width. Choose fixed grid (FIXED_GRID) to conform to the spacing specified in the captions file more accurately. Choose proportional (PROPORTIONAL) to make the text easier to read for closed captions. Within your job settings, all of your DVB-Sub settings must be identical."
         },
         "Width": {
           "shape": "__integerMin1Max2147483647",
@@ -4347,7 +4373,7 @@
     },
     "DvbSubtitleTeletextSpacing": {
       "type": "string",
-      "documentation": "Specify whether the Text spacing (TextSpacing) in your captions is set by the captions grid, or varies depending on letter width. Choose fixed grid (FIXED_GRID) to conform to the spacing specified in the captions file more accurately. Choose proportional (PROPORTIONAL) to make the text easier to read for closed captions. Within your job settings, all of your DVB-Sub settings must be identical.",
+      "documentation": "Specify whether the Text spacing (TeletextSpacing) in your captions is set by the captions grid, or varies depending on letter width. Choose fixed grid (FIXED_GRID) to conform to the spacing specified in the captions file more accurately. Choose proportional (PROPORTIONAL) to make the text easier to read for closed captions. Within your job settings, all of your DVB-Sub settings must be identical.",
       "enum": [
         "FIXED_GRID",
         "PROPORTIONAL",
@@ -5294,10 +5320,11 @@
     },
     "H264GopSizeUnits": {
       "type": "string",
-      "documentation": "Indicates if the GOP Size in H264 is specified in frames or seconds. If seconds the system will convert the GOP Size into a frame count at run time.",
+      "documentation": "Specify how the transcoder determines GOP size for this output. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, choose Auto (AUTO) and and leave GOP size (GopSize) blank. By default, if you don't specify GOP mode control (GopSizeUnits), MediaConvert will use automatic behavior. If your output group specifies HLS, DASH, or CMAF, set GOP mode control to Auto and leave GOP size blank in each output in your output group. To explicitly specify the GOP length, choose Specified, frames (FRAMES) or Specified, seconds (SECONDS) and then provide the GOP length in the related setting GOP size (GopSize).",
       "enum": [
         "FRAMES",
-        "SECONDS"
+        "SECONDS",
+        "AUTO"
       ]
     },
     "H264InterlaceMode": {
@@ -5454,17 +5481,17 @@
         "GopClosedCadence": {
           "shape": "__integerMin0Max2147483647",
           "locationName": "gopClosedCadence",
-          "documentation": "Frequency of closed GOPs. In streaming applications, it is recommended that this be set to 1 so a decoder joining mid-stream will receive an IDR frame as quickly as possible. Setting this value to 0 will break output segmenting."
+          "documentation": "Specify the relative frequency of open to closed GOPs in this output. For example, if you want to allow four open GOPs and then require a closed GOP, set this value to 5. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, keep the default value by leaving this setting out of your JSON job specification. In the console, do this by keeping the default empty value. If you do explicitly specify a value, for segmented outputs, don't set this value to 0."
         },
         "GopSize": {
           "shape": "__doubleMin0",
           "locationName": "gopSize",
-          "documentation": "GOP Length (keyframe interval) in frames or seconds. Must be greater than zero."
+          "documentation": "Use this setting only when you set GOP mode control (GopSizeUnits) to Specified, frames (FRAMES) or Specified, seconds (SECONDS). Specify the GOP length using a whole number of frames or a decimal value of seconds. MediaConvert will interpret this value as frames or seconds depending on the value you choose for GOP mode control (GopSizeUnits). If you want to allow MediaConvert to automatically determine GOP size, leave GOP size blank and set GOP mode control to Auto (AUTO). If your output group specifies HLS, DASH, or CMAF, leave GOP size blank and set GOP mode control to Auto in each output in your output group."
         },
         "GopSizeUnits": {
           "shape": "H264GopSizeUnits",
           "locationName": "gopSizeUnits",
-          "documentation": "Indicates if the GOP Size in H264 is specified in frames or seconds. If seconds the system will convert the GOP Size into a frame count at run time."
+          "documentation": "Specify how the transcoder determines GOP size for this output. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, choose Auto (AUTO) and and leave GOP size (GopSize) blank. By default, if you don't specify GOP mode control (GopSizeUnits), MediaConvert will use automatic behavior. If your output group specifies HLS, DASH, or CMAF, set GOP mode control to Auto and leave GOP size blank in each output in your output group. To explicitly specify the GOP length, choose Specified, frames (FRAMES) or Specified, seconds (SECONDS) and then provide the GOP length in the related setting GOP size (GopSize)."
         },
         "HrdBufferInitialFillPercentage": {
           "shape": "__integerMin0Max100",
@@ -5489,12 +5516,12 @@
         "MinIInterval": {
           "shape": "__integerMin0Max30",
           "locationName": "minIInterval",
-          "documentation": "Enforces separation between repeated (cadence) I-frames and I-frames inserted by Scene Change Detection. If a scene change I-frame is within I-interval frames of a cadence I-frame, the GOP is shrunk and/or stretched to the scene change I-frame. GOP stretch requires enabling lookahead as well as setting I-interval. The normal cadence resumes for the next GOP. This setting is only used when Scene Change Detect is enabled. Note: Maximum GOP stretch = GOP size + Min-I-interval - 1"
+          "documentation": "Use this setting only when you also enable Scene change detection (SceneChangeDetect). This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, keep the default value by leaving this setting out of your JSON job specification. In the console, do this by keeping the default empty value. When you explicitly specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval (minIInterval) to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs."
         },
         "NumberBFramesBetweenReferenceFrames": {
           "shape": "__integerMin0Max7",
           "locationName": "numberBFramesBetweenReferenceFrames",
-          "documentation": "Specify the number of B-frames that MediaConvert puts between reference frames in this output. Valid values are whole numbers from 0 through 7. When you don't specify a value, MediaConvert defaults to 2."
+          "documentation": "This setting to determines the number of B-frames that MediaConvert puts between reference frames in this output. We recommend that you use automatic behavior to allow the transcoder to choose the best value based on characteristics of your input video. In the console, choose AUTO to select this automatic behavior. When you manually edit your JSON job specification, leave this setting out to choose automatic behavior. When you want to specify this number explicitly, choose a whole number from 0 through 7."
         },
         "NumberReferenceFrames": {
           "shape": "__integerMin1Max6",
@@ -5640,14 +5667,15 @@
     },
     "H265AdaptiveQuantization": {
       "type": "string",
-      "documentation": "Specify the strength of any adaptive quantization filters that you enable. The value that you choose here applies to the following settings: Flicker adaptive quantization (flickerAdaptiveQuantization), Spatial adaptive quantization (spatialAdaptiveQuantization), and Temporal adaptive quantization (temporalAdaptiveQuantization).",
+      "documentation": "When you set Adaptive Quantization (H265AdaptiveQuantization) to Auto (AUTO), or leave blank, MediaConvert automatically applies quantization to improve the video quality of your output. Set Adaptive Quantization to Low (LOW), Medium (MEDIUM), High (HIGH), Higher (HIGHER), or Max (MAX) to manually control the strength of the quantization filter. When you do, you can specify a value for Spatial Adaptive Quantization (H265SpatialAdaptiveQuantization), Temporal Adaptive Quantization (H265TemporalAdaptiveQuantization), and Flicker Adaptive Quantization (H265FlickerAdaptiveQuantization), to further control the quantization filter. Set Adaptive Quantization to Off (OFF) to apply no quantization to your output.",
       "enum": [
         "OFF",
         "LOW",
         "MEDIUM",
         "HIGH",
         "HIGHER",
-        "MAX"
+        "MAX",
+        "AUTO"
       ]
     },
     "H265AlternateTransferFunctionSei": {
@@ -5735,10 +5763,11 @@
     },
     "H265GopSizeUnits": {
       "type": "string",
-      "documentation": "Indicates if the GOP Size in H265 is specified in frames or seconds. If seconds the system will convert the GOP Size into a frame count at run time.",
+      "documentation": "Specify how the transcoder determines GOP size for this output. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, choose Auto (AUTO) and and leave GOP size (GopSize) blank. By default, if you don't specify GOP mode control (GopSizeUnits), MediaConvert will use automatic behavior. If your output group specifies HLS, DASH, or CMAF, set GOP mode control to Auto and leave GOP size blank in each output in your output group. To explicitly specify the GOP length, choose Specified, frames (FRAMES) or Specified, seconds (SECONDS) and then provide the GOP length in the related setting GOP size (GopSize).",
       "enum": [
         "FRAMES",
-        "SECONDS"
+        "SECONDS",
+        "AUTO"
       ]
     },
     "H265InterlaceMode": {
@@ -5831,7 +5860,7 @@
         "AdaptiveQuantization": {
           "shape": "H265AdaptiveQuantization",
           "locationName": "adaptiveQuantization",
-          "documentation": "Specify the strength of any adaptive quantization filters that you enable. The value that you choose here applies to the following settings: Flicker adaptive quantization (flickerAdaptiveQuantization), Spatial adaptive quantization (spatialAdaptiveQuantization), and Temporal adaptive quantization (temporalAdaptiveQuantization)."
+          "documentation": "When you set Adaptive Quantization (H265AdaptiveQuantization) to Auto (AUTO), or leave blank, MediaConvert automatically applies quantization to improve the video quality of your output. Set Adaptive Quantization to Low (LOW), Medium (MEDIUM), High (HIGH), Higher (HIGHER), or Max (MAX) to manually control the strength of the quantization filter. When you do, you can specify a value for Spatial Adaptive Quantization (H265SpatialAdaptiveQuantization), Temporal Adaptive Quantization (H265TemporalAdaptiveQuantization), and Flicker Adaptive Quantization (H265FlickerAdaptiveQuantization), to further control the quantization filter. Set Adaptive Quantization to Off (OFF) to apply no quantization to your output."
         },
         "AlternateTransferFunctionSei": {
           "shape": "H265AlternateTransferFunctionSei",
@@ -5891,17 +5920,17 @@
         "GopClosedCadence": {
           "shape": "__integerMin0Max2147483647",
           "locationName": "gopClosedCadence",
-          "documentation": "Frequency of closed GOPs. In streaming applications, it is recommended that this be set to 1 so a decoder joining mid-stream will receive an IDR frame as quickly as possible. Setting this value to 0 will break output segmenting."
+          "documentation": "Specify the relative frequency of open to closed GOPs in this output. For example, if you want to allow four open GOPs and then require a closed GOP, set this value to 5. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, keep the default value by leaving this setting out of your JSON job specification. In the console, do this by keeping the default empty value. If you do explicitly specify a value, for segmented outputs, don't set this value to 0."
         },
         "GopSize": {
           "shape": "__doubleMin0",
           "locationName": "gopSize",
-          "documentation": "GOP Length (keyframe interval) in frames or seconds. Must be greater than zero."
+          "documentation": "Use this setting only when you set GOP mode control (GopSizeUnits) to Specified, frames (FRAMES) or Specified, seconds (SECONDS). Specify the GOP length using a whole number of frames or a decimal value of seconds. MediaConvert will interpret this value as frames or seconds depending on the value you choose for GOP mode control (GopSizeUnits). If you want to allow MediaConvert to automatically determine GOP size, leave GOP size blank and set GOP mode control to Auto (AUTO). If your output group specifies HLS, DASH, or CMAF, leave GOP size blank and set GOP mode control to Auto in each output in your output group."
         },
         "GopSizeUnits": {
           "shape": "H265GopSizeUnits",
           "locationName": "gopSizeUnits",
-          "documentation": "Indicates if the GOP Size in H265 is specified in frames or seconds. If seconds the system will convert the GOP Size into a frame count at run time."
+          "documentation": "Specify how the transcoder determines GOP size for this output. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, choose Auto (AUTO) and and leave GOP size (GopSize) blank. By default, if you don't specify GOP mode control (GopSizeUnits), MediaConvert will use automatic behavior. If your output group specifies HLS, DASH, or CMAF, set GOP mode control to Auto and leave GOP size blank in each output in your output group. To explicitly specify the GOP length, choose Specified, frames (FRAMES) or Specified, seconds (SECONDS) and then provide the GOP length in the related setting GOP size (GopSize)."
         },
         "HrdBufferInitialFillPercentage": {
           "shape": "__integerMin0Max100",
@@ -5926,7 +5955,7 @@
         "MinIInterval": {
           "shape": "__integerMin0Max30",
           "locationName": "minIInterval",
-          "documentation": "Enforces separation between repeated (cadence) I-frames and I-frames inserted by Scene Change Detection. If a scene change I-frame is within I-interval frames of a cadence I-frame, the GOP is shrunk and/or stretched to the scene change I-frame. GOP stretch requires enabling lookahead as well as setting I-interval. The normal cadence resumes for the next GOP. This setting is only used when Scene Change Detect is enabled. Note: Maximum GOP stretch = GOP size + Min-I-interval - 1"
+          "documentation": "Use this setting only when you also enable Scene change detection (SceneChangeDetect). This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, keep the default value by leaving this setting out of your JSON job specification. In the console, do this by keeping the default empty value. When you explicitly specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval (minIInterval) to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs."
         },
         "NumberBFramesBetweenReferenceFrames": {
           "shape": "__integerMin0Max7",
@@ -6768,9 +6797,22 @@
       },
       "documentation": "Use the image inserter feature to include a graphic overlay on your video. Enable or disable this feature for each input or output individually. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/graphic-overlay.html. This setting is disabled by default."
     },
+    "ImscAccessibilitySubs": {
+      "type": "string",
+      "documentation": "Specify whether to flag this caption track as accessibility in your HLS/CMAF parent manifest. When you choose ENABLED, MediaConvert includes the parameters CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, DISABLED, MediaConvert leaves this parameter out.",
+      "enum": [
+        "DISABLED",
+        "ENABLED"
+      ]
+    },
     "ImscDestinationSettings": {
       "type": "structure",
       "members": {
+        "Accessibility": {
+          "shape": "ImscAccessibilitySubs",
+          "locationName": "accessibility",
+          "documentation": "Specify whether to flag this caption track as accessibility in your HLS/CMAF parent manifest. When you choose ENABLED, MediaConvert includes the parameters CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, DISABLED, MediaConvert leaves this parameter out."
+        },
         "StylePassthrough": {
           "shape": "ImscStylePassthrough",
           "locationName": "stylePassthrough",
@@ -6825,6 +6867,11 @@
           "locationName": "denoiseFilter",
           "documentation": "Enable Denoise (InputDenoiseFilter) to filter noise from the input.  Default is disabled. Only applicable to MPEG2, H.264, H.265, and uncompressed video inputs."
         },
+        "DolbyVisionMetadataXml": {
+          "shape": "__stringMin14PatternS3XmlXMLHttpsXmlXML",
+          "locationName": "dolbyVisionMetadataXml",
+          "documentation": "Use this setting only when your video source has Dolby Vision studio mastering metadata that is carried in a separate XML file. Specify the Amazon S3 location for the metadata XML file. MediaConvert uses this file to provide global and frame-level metadata for Dolby Vision preprocessing. When you specify a file here and your input also has interleaved global and frame level metadata, MediaConvert ignores the interleaved metadata and uses only the the metadata from this external XML file. Note that your IAM service role must grant MediaConvert read permissions to this file. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/iam-role.html."
+        },
         "FileInput": {
           "shape": "__stringPatternS3MM2PPMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8WWEEBBMMLLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMXXMMLLOOGGGGaAAATTMMOOSSHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8WWEEBBMMLLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMXXMMLLOOGGGGaAAATTMMOOSS",
           "locationName": "fileInput",
@@ -7037,6 +7084,11 @@
           "locationName": "denoiseFilter",
           "documentation": "Enable Denoise (InputDenoiseFilter) to filter noise from the input.  Default is disabled. Only applicable to MPEG2, H.264, H.265, and uncompressed video inputs."
         },
+        "DolbyVisionMetadataXml": {
+          "shape": "__stringMin14PatternS3XmlXMLHttpsXmlXML",
+          "locationName": "dolbyVisionMetadataXml",
+          "documentation": "Use this setting only when your video source has Dolby Vision studio mastering metadata that is carried in a separate XML file. Specify the Amazon S3 location for the metadata XML file. MediaConvert uses this file to provide global and frame-level metadata for Dolby Vision preprocessing. When you specify a file here and your input also has interleaved global and frame level metadata, MediaConvert ignores the interleaved metadata and uses only the the metadata from this external XML file. Note that your IAM service role must grant MediaConvert read permissions to this file. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/iam-role.html."
+        },
         "FilterEnable": {
           "shape": "InputFilterEnable",
           "locationName": "filterEnable",
@@ -7831,7 +7883,8 @@
         "ZUL",
         "ORJ",
         "QPC",
-        "TNG"
+        "TNG",
+        "SRP"
       ]
     },
     "ListJobTemplatesRequest": {
@@ -8496,7 +8549,7 @@
         "TimedMetadata": {
           "shape": "TimedMetadata",
           "locationName": "timedMetadata",
-          "documentation": "Applies only to HLS outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output."
+          "documentation": "Applies to HLS outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output."
         },
         "TimedMetadataPid": {
           "shape": "__integerMin32Max8182",
@@ -8858,10 +8911,23 @@
           "shape": "MpdScte35Source",
           "locationName": "scte35Source",
           "documentation": "Ignore this setting unless you have SCTE-35 markers in your input video file. Choose Passthrough (PASSTHROUGH) if you want SCTE-35 markers that appear in your input to also appear in this output. Choose None (NONE) if you don't want those SCTE-35 markers in this output."
+        },
+        "TimedMetadata": {
+          "shape": "MpdTimedMetadata",
+          "locationName": "timedMetadata",
+          "documentation": "Applies to DASH outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output."
         }
       },
       "documentation": "These settings relate to the fragmented MP4 container for the segments in your DASH outputs."
     },
+    "MpdTimedMetadata": {
+      "type": "string",
+      "documentation": "Applies to DASH outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output.",
+      "enum": [
+        "PASSTHROUGH",
+        "NONE"
+      ]
+    },
     "Mpeg2AdaptiveQuantization": {
       "type": "string",
       "documentation": "Specify the strength of any adaptive quantization filters that you enable. The value that you choose here applies to the following settings: Spatial adaptive quantization (spatialAdaptiveQuantization), and Temporal adaptive quantization (temporalAdaptiveQuantization).",
@@ -9037,7 +9103,7 @@
         "GopClosedCadence": {
           "shape": "__integerMin0Max2147483647",
           "locationName": "gopClosedCadence",
-          "documentation": "Frequency of closed GOPs. In streaming applications, it is recommended that this be set to 1 so a decoder joining mid-stream will receive an IDR frame as quickly as possible. Setting this value to 0 will break output segmenting."
+          "documentation": "Specify the relative frequency of open to closed GOPs in this output. For example, if you want to allow four open GOPs and then require a closed GOP, set this value to 5. When you create a streaming output, we recommend that you keep the default value, 1, so that players starting mid-stream receive an IDR frame as quickly as possible. Don't set this value to 0; that would break output segmenting."
         },
         "GopSize": {
           "shape": "__doubleMin0",
@@ -9077,7 +9143,7 @@
         "MinIInterval": {
           "shape": "__integerMin0Max30",
           "locationName": "minIInterval",
-          "documentation": "Enforces separation between repeated (cadence) I-frames and I-frames inserted by Scene Change Detection. If a scene change I-frame is within I-interval frames of a cadence I-frame, the GOP is shrunk and/or stretched to the scene change I-frame. GOP stretch requires enabling lookahead as well as setting I-interval. The normal cadence resumes for the next GOP. This setting is only used when Scene Change Detect is enabled. Note: Maximum GOP stretch = GOP size + Min-I-interval - 1"
+          "documentation": "Use this setting only when you also enable Scene change detection (SceneChangeDetect). This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. When you specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval (minIInterval) to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs."
         },
         "NumberBFramesBetweenReferenceFrames": {
           "shape": "__integerMin0Max7",
@@ -9483,13 +9549,22 @@
     },
     "NoiseFilterPostTemporalSharpening": {
       "type": "string",
-      "documentation": "Optional. When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), you can use this setting to apply sharpening. The default behavior, Auto (AUTO), allows the transcoder to determine whether to apply filtering, depending on input type and quality. When you set Noise reducer to Temporal, your output bandwidth is reduced. When Post temporal sharpening is also enabled, that bandwidth reduction is smaller.",
+      "documentation": "When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), the sharpness of your output is reduced. You can optionally use Post temporal sharpening (PostTemporalSharpening) to apply sharpening to the edges of your output. The default behavior, Auto (AUTO), allows the transcoder to determine whether to apply sharpening, depending on your input type and quality. When you set Post temporal sharpening to Enabled (ENABLED), specify how much sharpening is applied using Post temporal sharpening strength (PostTemporalSharpeningStrength). Set Post temporal sharpening to Disabled (DISABLED) to not apply sharpening.",
       "enum": [
         "DISABLED",
         "ENABLED",
         "AUTO"
       ]
     },
+    "NoiseFilterPostTemporalSharpeningStrength": {
+      "type": "string",
+      "documentation": "Use Post temporal sharpening strength (PostTemporalSharpeningStrength) to define the amount of sharpening the transcoder applies to your output. Set Post temporal sharpening strength to Low (LOW), or leave blank, to apply a low amount of sharpening. Set Post temporal sharpening strength to Medium (MEDIUM) to apply medium amount of sharpening. Set Post temporal sharpening strength to High (HIGH) to apply a high amount of sharpening.",
+      "enum": [
+        "LOW",
+        "MEDIUM",
+        "HIGH"
+      ]
+    },
     "NoiseReducer": {
       "type": "structure",
       "members": {
@@ -9573,7 +9648,12 @@
         "PostTemporalSharpening": {
           "shape": "NoiseFilterPostTemporalSharpening",
           "locationName": "postTemporalSharpening",
-          "documentation": "Optional. When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), you can use this setting to apply sharpening. The default behavior, Auto (AUTO), allows the transcoder to determine whether to apply filtering, depending on input type and quality. When you set Noise reducer to Temporal, your output bandwidth is reduced. When Post temporal sharpening is also enabled, that bandwidth reduction is smaller."
+          "documentation": "When you set Noise reducer (noiseReducer) to Temporal (TEMPORAL), the sharpness of your output is reduced. You can optionally use Post temporal sharpening (PostTemporalSharpening) to apply sharpening to the edges of your output. The default behavior, Auto (AUTO), allows the transcoder to determine whether to apply sharpening, depending on your input type and quality. When you set Post temporal sharpening to Enabled (ENABLED), specify how much sharpening is applied using Post temporal sharpening strength (PostTemporalSharpeningStrength). Set Post temporal sharpening to Disabled (DISABLED) to not apply sharpening."
+        },
+        "PostTemporalSharpeningStrength": {
+          "shape": "NoiseFilterPostTemporalSharpeningStrength",
+          "locationName": "postTemporalSharpeningStrength",
+          "documentation": "Use Post temporal sharpening strength (PostTemporalSharpeningStrength) to define the amount of sharpening the transcoder applies to your output. Set Post temporal sharpening strength to Low (LOW), or leave blank, to apply a low amount of sharpening. Set Post temporal sharpening strength to Medium (MEDIUM) to apply medium amount of sharpening. Set Post temporal sharpening strength to High (HIGH) to apply a high amount of sharpening."
         },
         "Speed": {
           "shape": "__integerMinNegative1Max3",
@@ -10410,7 +10490,7 @@
           "documentation": "Optionally, specify the encryption context that you want to use alongside your KMS key. AWS KMS uses this encryption context as additional authenticated data (AAD) to support authenticated encryption. This value must be a base64-encoded UTF-8 string holding JSON which represents a string-string map. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption context, see: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context."
         },
         "KmsKeyArn": {
-          "shape": "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912",
+          "shape": "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932",
           "locationName": "kmsKeyArn",
           "documentation": "Optionally, specify the customer master key (CMK) that you want to use to encrypt the data key that AWS uses to encrypt your output content. Enter the Amazon Resource Name (ARN) of the CMK. To use this setting, you must also set Server-side encryption (S3ServerSideEncryptionType) to AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption to AWS KMS but don't specify a CMK here, AWS uses the AWS managed CMK associated with Amazon S3."
         }
@@ -10739,7 +10819,7 @@
     },
     "TimedMetadata": {
       "type": "string",
-      "documentation": "Applies only to HLS outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output.",
+      "documentation": "Applies to HLS outputs. Use this setting to specify whether the service inserts the ID3 timed metadata from the input in this output.",
       "enum": [
         "PASSTHROUGH",
         "NONE"
@@ -11679,9 +11759,22 @@
       },
       "documentation": "Required when you set (Codec) under (AudioDescriptions)>(CodecSettings) to the value WAV."
     },
+    "WebvttAccessibilitySubs": {
+      "type": "string",
+      "documentation": "Specify whether to flag this caption track as accessibility in your HLS/CMAF parent manifest. When you choose ENABLED, MediaConvert includes the parameters CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, DISABLED, MediaConvert leaves this parameter out.",
+      "enum": [
+        "DISABLED",
+        "ENABLED"
+      ]
+    },
     "WebvttDestinationSettings": {
       "type": "structure",
       "members": {
+        "Accessibility": {
+          "shape": "WebvttAccessibilitySubs",
+          "locationName": "accessibility",
+          "documentation": "Specify whether to flag this caption track as accessibility in your HLS/CMAF parent manifest. When you choose ENABLED, MediaConvert includes the parameters CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, DISABLED, MediaConvert leaves this parameter out."
+        },
         "StylePassthrough": {
           "shape": "WebvttStylePassthrough",
           "locationName": "stylePassthrough",
@@ -12897,6 +12990,11 @@
       "min": 14,
       "pattern": "^((s3://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI|vtt|VTT|webvtt|WEBVTT))|(https?://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI|vtt|VTT|webvtt|WEBVTT)(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
     },
+    "__stringMin14PatternS3XmlXMLHttpsXmlXML": {
+      "type": "string",
+      "min": 14,
+      "pattern": "^((s3://(.*?)\\.(xml|XML))|(https?://(.*?)\\.(xml|XML)(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
+    },
     "__stringMin16Max24PatternAZaZ0922AZaZ0916": {
       "type": "string",
       "min": 16,
@@ -13017,9 +13115,9 @@
       "type": "string",
       "pattern": "^arn:aws(-us-gov)?:acm:"
     },
-    "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912": {
+    "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932": {
       "type": "string",
-      "pattern": "^arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\\d{12}:key/[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$"
+      "pattern": "^arn:aws(-us-gov|-cn)?:kms:[a-z-]{2,6}-(east|west|central|((north|south)(east|west)?))-[1-9]{1,2}:\\d{12}:key/([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}|mrk-[a-fA-F0-9]{32})$"
     },
     "__stringPatternDD": {
       "type": "string",
@@ -13049,9 +13147,9 @@
       "type": "string",
       "pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[pP]|[mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[wW][eE][bB][mM]|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[xX][mM][lL]|[oO][gG][gGaA]|[aA][tT][mM][oO][sS]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[wW][eE][bB][mM]|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[xX][mM][lL]|[oO][gG][gGaA]|[aA][tT][mM][oO][sS])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
     },
-    "__stringPatternS3MM2PPWWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSS": {
+    "__stringPatternS3MM2PPWWEEBBMMMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSOOGGGGaAHttpsMM2VVMMPPEEGGMMPP3AAVVIIMMPP4FFLLVVMMPPTTMMPPGGMM4VVTTRRPPFF4VVMM2TTSSTTSS264HH264MMKKVVMMKKAAMMOOVVMMTTSSMM2TTWWMMVVaAAASSFFVVOOBB3GGPP3GGPPPPMMXXFFDDIIVVXXXXVVIIDDRRAAWWDDVVGGXXFFMM1VV3GG2VVMMFFMM3UU8LLCCHHGGXXFFMMPPEEGG2MMXXFFMMPPEEGG2MMXXFFHHDDWWAAVVYY4MMAAAACCAAIIFFFFMMPP2AACC3EECC3DDTTSSEEAATTMMOOSSOOGGGGaA": {
       "type": "string",
-      "pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[pP]|[wW][eE][bB][mM]|[mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]|[aA][tT][mM][oO][sS]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]|[aA][tT][mM][oO][sS])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
+      "pattern": "^((s3://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[pP]|[wW][eE][bB][mM]|[mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]|[aA][tT][mM][oO][sS]|[oO][gG][gGaA]))))|(https?://([^\\/]+\\/+)+([^\\/\\.]+|(([^\\/]*)\\.([mM]2[vV]|[mM][pP][eE][gG]|[mM][pP]3|[aA][vV][iI]|[mM][pP]4|[fF][lL][vV]|[mM][pP][tT]|[mM][pP][gG]|[mM]4[vV]|[tT][rR][pP]|[fF]4[vV]|[mM]2[tT][sS]|[tT][sS]|264|[hH]264|[mM][kK][vV]|[mM][kK][aA]|[mM][oO][vV]|[mM][tT][sS]|[mM]2[tT]|[wW][mM][vVaA]|[aA][sS][fF]|[vV][oO][bB]|3[gG][pP]|3[gG][pP][pP]|[mM][xX][fF]|[dD][iI][vV][xX]|[xX][vV][iI][dD]|[rR][aA][wW]|[dD][vV]|[gG][xX][fF]|[mM]1[vV]|3[gG]2|[vV][mM][fF]|[mM]3[uU]8|[lL][cC][hH]|[gG][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF]_[mM][pP][eE][gG]2|[mM][xX][fF][hH][dD]|[wW][aA][vV]|[yY]4[mM]|[aA][aA][cC]|[aA][iI][fF][fF]|[mM][pP]2|[aA][cC]3|[eE][cC]3|[dD][tT][sS][eE]|[aA][tT][mM][oO][sS]|[oO][gG][gGaA])))(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$"
     },
     "__stringPatternSNManifestConfirmConditionNotificationNS": {
       "type": "string",
diff --git a/contrib/python/botocore/py3/botocore/data/medialive/2017-10-14/service-2.json b/contrib/python/botocore/py3/botocore/data/medialive/2017-10-14/service-2.json
index bc0fa7a1f93..cb606f76431 100644
--- a/contrib/python/botocore/py3/botocore/data/medialive/2017-10-14/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/medialive/2017-10-14/service-2.json
@@ -8488,7 +8488,12 @@
         "ProgramDateTime": {
           "shape": "HlsProgramDateTime",
           "locationName": "programDateTime",
-          "documentation": "Includes or excludes EXT-X-PROGRAM-DATE-TIME tag in .m3u8 manifest files. The value is calculated as follows: either the program date and time are initialized using the input timecode source, or the time is initialized using the input timecode source and the date is initialized using the timestampOffset."
+          "documentation": "Includes or excludes EXT-X-PROGRAM-DATE-TIME tag in .m3u8 manifest files. The value is calculated using the program date time clock."
+        },
+        "ProgramDateTimeClock": {
+          "shape": "HlsProgramDateTimeClock",
+          "locationName": "programDateTimeClock",
+          "documentation": "Specifies the algorithm used to drive the HLS EXT-X-PROGRAM-DATE-TIME clock. Options include:\n\nINITIALIZE_FROM_OUTPUT_TIMECODE: The PDT clock is initialized as a function of the first output timecode, then incremented by the EXTINF duration of each encoded segment.\n\nSYSTEM_CLOCK: The PDT clock is initialized as a function of the UTC wall clock, then incremented by the EXTINF duration of each encoded segment. If the PDT clock diverges from the wall clock by more than 500ms, it is resynchronized to the wall clock."
         },
         "ProgramDateTimePeriod": {
           "shape": "__integerMin0Max3600",
@@ -8739,6 +8744,14 @@
         "INCLUDE"
       ]
     },
+    "HlsProgramDateTimeClock": {
+      "type": "string",
+      "documentation": "Hls Program Date Time Clock",
+      "enum": [
+        "INITIALIZE_FROM_OUTPUT_TIMECODE",
+        "SYSTEM_CLOCK"
+      ]
+    },
     "HlsRedundantManifest": {
       "type": "string",
       "documentation": "Hls Redundant Manifest",
@@ -9777,6 +9790,11 @@
           "locationName": "networkInputSettings",
           "documentation": "Input settings."
         },
+        "Scte35Pid": {
+          "shape": "__integerMin32Max8191",
+          "locationName": "scte35Pid",
+          "documentation": "PID from which to read SCTE-35 messages. If left undefined, EML will select the first SCTE-35 PID found in the input."
+        },
         "Smpte2038DataPreference": {
           "shape": "Smpte2038DataPreference",
           "locationName": "smpte2038DataPreference",
@@ -15656,6 +15674,12 @@
       "min": 30,
       "documentation": "Placeholder documentation for __integerMin30"
     },
+    "__integerMin32Max8191": {
+      "type": "integer",
+      "min": 32,
+      "max": 8191,
+      "documentation": "Placeholder documentation for __integerMin32Max8191"
+    },
     "__integerMin4Max20": {
       "type": "integer",
       "min": 4,
diff --git a/contrib/python/botocore/py3/botocore/data/mediatailor/2018-04-23/service-2.json b/contrib/python/botocore/py3/botocore/data/mediatailor/2018-04-23/service-2.json
index cb6edeffdfa..ae9bfd523db 100644
--- a/contrib/python/botocore/py3/botocore/data/mediatailor/2018-04-23/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/mediatailor/2018-04-23/service-2.json
@@ -830,7 +830,7 @@
           "shape": "__timestampUnix"
         },
         "FillerSlate": {
-          "documentation": "<p>Contains information about the slate used to fill gaps between programs in the schedule. You must configure FillerSlate if your channel uses an LINEAR PlaybackMode.</p>",
+          "documentation": "<p>The slate used to fill gaps between programs in the schedule. You must configure filler slate if your channel uses the LINEAR PlaybackMode. MediaTailor doesn't support filler slate for channels using the LOOP PlaybackMode.</p>",
           "shape": "SlateSource"
         },
         "LastModifiedTime": {
@@ -931,7 +931,7 @@
           "shape": "__string"
         },
         "FillerSlate": {
-          "documentation": "<p>The slate used to fill gaps between programs in the schedule. You must configure filler slate if your channel uses a LINEAR PlaybackMode.</p>",
+          "documentation": "<p>The slate used to fill gaps between programs in the schedule. You must configure filler slate if your channel uses the LINEAR PlaybackMode. MediaTailor doesn't support filler slate for channels using the LOOP PlaybackMode.</p>",
           "shape": "SlateSource"
         },
         "Outputs": {
@@ -1027,8 +1027,8 @@
       "required": [
         "Name",
         "PlaybackConfigurationName",
-        "Consumption",
-        "Retrieval"
+        "Retrieval",
+        "Consumption"
       ],
       "type": "structure"
     },
@@ -1096,8 +1096,8 @@
         "ChannelName",
         "ProgramName",
         "VodSourceName",
-        "ScheduleConfiguration",
-        "SourceLocationName"
+        "SourceLocationName",
+        "ScheduleConfiguration"
       ],
       "type": "structure"
     },
@@ -1152,6 +1152,9 @@
           "documentation": "<p>The source's HTTP package configurations.</p>",
           "shape": "HttpConfiguration"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The identifier for the source location you are working on.</p>",
           "location": "uri",
@@ -1196,6 +1199,9 @@
           "documentation": "<p>The timestamp that indicates when the source location was last modified.</p>",
           "shape": "__timestampUnix"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The name of the source location.</p>",
           "shape": "__string"
@@ -1638,6 +1644,9 @@
           "documentation": "<p>The timestamp that indicates when the source location was last modified.</p>",
           "shape": "__timestampUnix"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The name of the source location.</p>",
           "shape": "__string"
@@ -2771,8 +2780,8 @@
       },
       "required": [
         "VodSourceName",
-        "ChannelName",
         "SourceLocationName",
+        "ChannelName",
         "Arn",
         "ProgramName"
       ],
@@ -2803,6 +2812,17 @@
       },
       "type": "structure"
     },
+    "SegmentDeliveryConfiguration": {
+      "members": {
+        "BaseUrl": {
+          "shape": "__string"
+        },
+        "Name": {
+          "shape": "__string"
+        }
+      },
+      "type": "structure"
+    },
     "SlateSource": {
       "documentation": "<p>Slate VOD source configuration.</p>",
       "members": {
@@ -2844,6 +2864,9 @@
           "documentation": "<p>The timestamp that indicates when the source location was last modified.</p>",
           "shape": "__timestampUnix"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The name of the source location.</p>",
           "shape": "__string"
@@ -3001,6 +3024,10 @@
           "locationName": "channelName",
           "shape": "__string"
         },
+        "FillerSlate": {
+          "documentation": "<p>The slate used to fill gaps between programs in the schedule. You must configure filler slate if your channel uses the LINEAR PlaybackMode. MediaTailor doesn't support filler slate for channels using the LOOP PlaybackMode.</p>",
+          "shape": "SlateSource"
+        },
         "Outputs": {
           "documentation": "<p>The channel's output properties.</p>",
           "shape": "RequestOutputs"
@@ -3068,6 +3095,9 @@
           "documentation": "<p>The HTTP configuration for the source location.</p>",
           "shape": "HttpConfiguration"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The identifier for the source location you are working on.</p>",
           "location": "uri",
@@ -3107,6 +3137,9 @@
           "documentation": "<p>The timestamp that indicates when the source location was last modified.</p>",
           "shape": "__timestampUnix"
         },
+        "SegmentDeliveryConfigurations": {
+          "shape": "__listOfSegmentDeliveryConfiguration"
+        },
         "SourceLocationName": {
           "documentation": "<p>The name of the source location.</p>",
           "shape": "__string"
@@ -3283,6 +3316,12 @@
       },
       "type": "list"
     },
+    "__listOfSegmentDeliveryConfiguration": {
+      "member": {
+        "shape": "SegmentDeliveryConfiguration"
+      },
+      "type": "list"
+    },
     "__listOfSourceLocation": {
       "member": {
         "shape": "SourceLocation"
diff --git a/contrib/python/botocore/py3/botocore/data/meteringmarketplace/2016-01-14/service-2.json b/contrib/python/botocore/py3/botocore/data/meteringmarketplace/2016-01-14/service-2.json
index a414be5600d..1798fc0196d 100644
--- a/contrib/python/botocore/py3/botocore/data/meteringmarketplace/2016-01-14/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/meteringmarketplace/2016-01-14/service-2.json
@@ -32,7 +32,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"DisabledApiException"}
       ],
-      "documentation":"<p>BatchMeterUsage is called from a SaaS application listed on the AWS Marketplace to post metering records for a set of customers.</p> <p>For identical requests, the API is idempotent; requests can be retried with the same records or a subset of the input records.</p> <p>Every request to BatchMeterUsage is for one product. If you need to meter usage for multiple products, you must make multiple calls to BatchMeterUsage.</p> <p>BatchMeterUsage can process up to 25 UsageRecords at a time.</p> <p>A UsageRecord can optionally include multiple usage allocations, to provide customers with usagedata split into buckets by tags that you define (or allow the customer to define).</p> <p>BatchMeterUsage requests must be less than 1MB in size.</p>"
+      "documentation":"<p> <code>BatchMeterUsage</code> is called from a SaaS application listed on AWS Marketplace to post metering records for a set of customers.</p> <p>For identical requests, the API is idempotent; requests can be retried with the same records or a subset of the input records.</p> <p>Every request to <code>BatchMeterUsage</code> is for one product. If you need to meter usage for multiple products, you must make multiple calls to <code>BatchMeterUsage</code>.</p> <p>Usage records are expected to be submitted as quickly as possible after the event that is being recorded, and are not accepted more than 6 hours after the event.</p> <p> <code>BatchMeterUsage</code> can process up to 25 <code>UsageRecords</code> at a time.</p> <p>A <code>UsageRecord</code> can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).</p> <p> <code>BatchMeterUsage</code> returns a list of <code>UsageRecordResult</code> objects, showing the result for each <code>UsageRecord</code>, as well as a list of <code>UnprocessedRecords</code>, indicating errors in the service side that you should retry.</p> <p> <code>BatchMeterUsage</code> requests must be less than 1MB in size.</p> <note> <p>For an example of using <code>BatchMeterUsage</code>, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/saas-code-examples.html#saas-batchmeterusage-example\"> BatchMeterUsage code example</a> in the <i>AWS Marketplace Seller Guide</i>.</p> </note>"
     },
     "MeterUsage":{
       "name":"MeterUsage",
@@ -54,7 +54,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"CustomerNotEntitledException"}
       ],
-      "documentation":"<p>API to emit metering records. For identical requests, the API is idempotent. It simply returns the metering record ID.</p> <p>MeterUsage is authenticated on the buyer's AWS account using credentials from the EC2 instance, ECS task, or EKS pod.</p> <p>MeterUsage can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).</p>"
+      "documentation":"<p>API to emit metering records. For identical requests, the API is idempotent. It simply returns the metering record ID.</p> <p> <code>MeterUsage</code> is authenticated on the buyer's AWS account using credentials from the EC2 instance, ECS task, or EKS pod.</p> <p> <code>MeterUsage</code> can optionally include multiple usage allocations, to provide customers with usage data split into buckets by tags that you define (or allow the customer to define).</p> <p>Usage records are expected to be submitted as quickly as possible after the event that is being recorded, and are not accepted more than 6 hours after the event.</p>"
     },
     "RegisterUsage":{
       "name":"RegisterUsage",
@@ -74,7 +74,7 @@
         {"shape":"InternalServiceErrorException"},
         {"shape":"DisabledApiException"}
       ],
-      "documentation":"<p>Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you may choose to do so if you would like to receive usage data in your seller reports. The sections below explain the behavior of RegisterUsage. RegisterUsage performs two primary functions: metering and entitlement.</p> <ul> <li> <p> <i>Entitlement</i>: RegisterUsage allows you to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Your container image that integrates with RegisterUsage is only required to guard against unauthorized use at container startup, as such a CustomerNotSubscribedException/PlatformNotSupportedException will only be thrown on the initial call to RegisterUsage. Subsequent calls from the same Amazon ECS task instance (e.g. task-id) or Amazon EKS pod will not throw a CustomerNotSubscribedException, even if the customer unsubscribes while the Amazon ECS task or Amazon EKS pod is still running.</p> </li> <li> <p> <i>Metering</i>: RegisterUsage meters software use per ECS task, per hour, or per pod for Amazon EKS with usage prorated to the second. A minimum of 1 minute of usage applies to tasks that are short lived. For example, if a customer has a 10 node Amazon ECS or Amazon EKS cluster and a service configured as a Daemon Set, then Amazon ECS or Amazon EKS will launch a task on all 10 cluster nodes and the customer will be charged: (10 * hourly_rate). Metering for software use is automatically handled by the AWS Marketplace Metering Control Plane -- your software is not required to perform any metering specific actions, other than call RegisterUsage once for metering of software use to commence. The AWS Marketplace Metering Control Plane will also continue to bill customers for running ECS tasks and Amazon EKS pods, regardless of the customers subscription state, removing the need for your software to perform entitlement checks at runtime.</p> </li> </ul>"
+      "documentation":"<p>Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the <code>RegisterUsage</code> operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call <code>RegisterUsage</code>, but you may choose to do so if you would like to receive usage data in your seller reports. The sections below explain the behavior of <code>RegisterUsage</code>. <code>RegisterUsage</code> performs two primary functions: metering and entitlement.</p> <ul> <li> <p> <i>Entitlement</i>: <code>RegisterUsage</code> allows you to verify that the customer running your paid software is subscribed to your product on AWS Marketplace, enabling you to guard against unauthorized use. Your container image that integrates with <code>RegisterUsage</code> is only required to guard against unauthorized use at container startup, as such a <code>CustomerNotSubscribedException</code> or <code>PlatformNotSupportedException</code> will only be thrown on the initial call to <code>RegisterUsage</code>. Subsequent calls from the same Amazon ECS task instance (e.g. task-id) or Amazon EKS pod will not throw a <code>CustomerNotSubscribedException</code>, even if the customer unsubscribes while the Amazon ECS task or Amazon EKS pod is still running.</p> </li> <li> <p> <i>Metering</i>: <code>RegisterUsage</code> meters software use per ECS task, per hour, or per pod for Amazon EKS with usage prorated to the second. A minimum of 1 minute of usage applies to tasks that are short lived. For example, if a customer has a 10 node Amazon ECS or Amazon EKS cluster and a service configured as a Daemon Set, then Amazon ECS or Amazon EKS will launch a task on all 10 cluster nodes and the customer will be charged: (10 * hourly_rate). Metering for software use is automatically handled by the AWS Marketplace Metering Control Plane -- your software is not required to perform any metering specific actions, other than call <code>RegisterUsage</code> once for metering of software use to commence. The AWS Marketplace Metering Control Plane will also continue to bill customers for running ECS tasks and Amazon EKS pods, regardless of the customers subscription state, removing the need for your software to perform entitlement checks at runtime.</p> </li> </ul>"
     },
     "ResolveCustomer":{
       "name":"ResolveCustomer",
@@ -91,7 +91,7 @@
         {"shape":"InternalServiceErrorException"},
         {"shape":"DisabledApiException"}
       ],
-      "documentation":"<p>ResolveCustomer is called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a registration token through their browser. The registration token is resolved through this API to obtain a CustomerIdentifier and product code.</p>"
+      "documentation":"<p> <code>ResolveCustomer</code> is called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a registration token through their browser. The registration token is resolved through this API to obtain a <code>CustomerIdentifier</code> along with the <code>CustomerAWSAccountId</code> and <code>ProductCode</code>.</p> <note> <p>The API needs to called from the seller account id used to publish the SaaS application to successfully resolve the token.</p> <p>For an example of using <code>ResolveCustomer</code>, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/saas-code-examples.html#saas-resolvecustomer-example\"> ResolveCustomer code example</a> in the <i>AWS Marketplace Seller Guide</i>.</p> </note>"
     }
   },
   "shapes":{
@@ -109,30 +109,36 @@
       "members":{
         "UsageRecords":{
           "shape":"UsageRecordList",
-          "documentation":"<p>The set of UsageRecords to submit. BatchMeterUsage accepts up to 25 UsageRecords at a time.</p>"
+          "documentation":"<p>The set of <code>UsageRecords</code> to submit. <code>BatchMeterUsage</code> accepts up to 25 <code>UsageRecords</code> at a time.</p>"
         },
         "ProductCode":{
           "shape":"ProductCode",
           "documentation":"<p>Product code is used to uniquely identify a product in AWS Marketplace. The product code should be the same as the one used during the publishing of a new product.</p>"
         }
       },
-      "documentation":"<p>A BatchMeterUsageRequest contains UsageRecords, which indicate quantities of usage within your application.</p>"
+      "documentation":"<p>A <code>BatchMeterUsageRequest</code> contains <code>UsageRecords</code>, which indicate quantities of usage within your application.</p>"
     },
     "BatchMeterUsageResult":{
       "type":"structure",
       "members":{
         "Results":{
           "shape":"UsageRecordResultList",
-          "documentation":"<p>Contains all UsageRecords processed by BatchMeterUsage. These records were either honored by AWS Marketplace Metering Service or were invalid.</p>"
+          "documentation":"<p>Contains all <code>UsageRecords</code> processed by <code>BatchMeterUsage</code>. These records were either honored by AWS Marketplace Metering Service or were invalid. Invalid records should be fixed before being resubmitted.</p>"
         },
         "UnprocessedRecords":{
           "shape":"UsageRecordList",
-          "documentation":"<p>Contains all UsageRecords that were not processed by BatchMeterUsage. This is a list of UsageRecords. You can retry the failed request by making another BatchMeterUsage call with this list as input in the BatchMeterUsageRequest.</p>"
+          "documentation":"<p>Contains all <code>UsageRecords</code> that were not processed by <code>BatchMeterUsage</code>. This is a list of <code>UsageRecords</code>. You can retry the failed request by making another <code>BatchMeterUsage</code> call with this list as input in the <code>BatchMeterUsageRequest</code>.</p>"
         }
       },
-      "documentation":"<p>Contains the UsageRecords processed by BatchMeterUsage and any records that have failed due to transient error.</p>"
+      "documentation":"<p>Contains the <code>UsageRecords</code> processed by <code>BatchMeterUsage</code> and any records that have failed due to transient error.</p>"
     },
     "Boolean":{"type":"boolean"},
+    "CustomerAWSAccountId":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^[0-9]+$"
+    },
     "CustomerIdentifier":{
       "type":"string",
       "max":255,
@@ -160,7 +166,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>A metering record has already been emitted by the same EC2 instance, ECS task, or EKS pod for the given {usageDimension, timestamp} with a different usageQuantity.</p>",
+      "documentation":"<p>A metering record has already been emitted by the same EC2 instance, ECS task, or EKS pod for the given {<code>usageDimension</code>, <code>timestamp</code>} with a different <code>usageQuantity</code>.</p>",
       "exception":true
     },
     "ExpiredTokenException":{
@@ -185,7 +191,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>You have metered usage for a CustomerIdentifier that does not exist.</p>",
+      "documentation":"<p>You have metered usage for a <code>CustomerIdentifier</code> that does not exist.</p>",
       "exception":true
     },
     "InvalidEndpointRegionException":{
@@ -217,7 +223,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>RegisterUsage must be called in the same AWS Region the ECS task was launched in. This prevents a container from hardcoding a Region (e.g. withRegion(“us-east-1”) when calling RegisterUsage.</p>",
+      "documentation":"<p> <code>RegisterUsage</code> must be called in the same AWS Region the ECS task was launched in. This prevents a container from hardcoding a Region (e.g. withRegion(“us-east-1”) when calling <code>RegisterUsage</code>.</p>",
       "exception":true
     },
     "InvalidTagException":{
@@ -249,7 +255,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>The usage dimension does not match one of the UsageDimensions associated with products.</p>",
+      "documentation":"<p>The usage dimension does not match one of the <code>UsageDimensions</code> associated with products.</p>",
       "exception":true
     },
     "MeterUsageRequest":{
@@ -266,7 +272,7 @@
         },
         "Timestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Timestamp, in UTC, for which the usage is being reported. Your application can meter usage for up to one hour in the past. Make sure the timestamp value is not before the start of the software usage.</p>"
+          "documentation":"<p>Timestamp, in UTC, for which the usage is being reported. Your application can meter usage for up to one hour in the past. Make sure the <code>timestamp</code> value is not before the start of the software usage.</p>"
         },
         "UsageDimension":{
           "shape":"UsageDimension",
@@ -278,11 +284,11 @@
         },
         "DryRun":{
           "shape":"Boolean",
-          "documentation":"<p>Checks whether you have the permissions required for the action, but does not make the request. If you have the permissions, the request returns DryRunOperation; otherwise, it returns UnauthorizedException. Defaults to <code>false</code> if not specified.</p>"
+          "documentation":"<p>Checks whether you have the permissions required for the action, but does not make the request. If you have the permissions, the request returns <code>DryRunOperation</code>; otherwise, it returns <code>UnauthorizedException</code>. Defaults to <code>false</code> if not specified.</p>"
         },
         "UsageAllocations":{
           "shape":"UsageAllocations",
-          "documentation":"<p>The set of UsageAllocations to submit.</p> <p>The sum of all UsageAllocation quantities must equal the UsageQuantity of the MeterUsage request, and each UsageAllocation must have a unique set of tags (include no tags).</p>"
+          "documentation":"<p>The set of <code>UsageAllocations</code> to submit.</p> <p>The sum of all <code>UsageAllocation</code> quantities must equal the <code>UsageQuantity</code> of the <code>MeterUsage</code> request, and each <code>UsageAllocation</code> must have a unique set of tags (include no tags).</p>"
         }
       }
     },
@@ -316,7 +322,7 @@
       "type":"string",
       "max":255,
       "min":1,
-      "pattern":"[\\s\\S]+"
+      "pattern":"^[-a-zA-Z0-9/=:_.@]*$"
     },
     "RegisterUsageRequest":{
       "type":"structure",
@@ -358,24 +364,28 @@
       "members":{
         "RegistrationToken":{
           "shape":"NonEmptyString",
-          "documentation":"<p>When a buyer visits your website during the registration process, the buyer submits a registration token through the browser. The registration token is resolved to obtain a CustomerIdentifier and product code.</p>"
+          "documentation":"<p>When a buyer visits your website during the registration process, the buyer submits a registration token through the browser. The registration token is resolved to obtain a <code>CustomerIdentifier</code> along with the <code>CustomerAWSAccountId</code> and <code>ProductCode</code>.</p>"
         }
       },
-      "documentation":"<p>Contains input to the ResolveCustomer operation.</p>"
+      "documentation":"<p>Contains input to the <code>ResolveCustomer</code> operation.</p>"
     },
     "ResolveCustomerResult":{
       "type":"structure",
       "members":{
         "CustomerIdentifier":{
           "shape":"CustomerIdentifier",
-          "documentation":"<p>The CustomerIdentifier is used to identify an individual customer in your application. Calls to BatchMeterUsage require CustomerIdentifiers for each UsageRecord.</p>"
+          "documentation":"<p>The <code>CustomerIdentifier</code> is used to identify an individual customer in your application. Calls to <code>BatchMeterUsage</code> require <code>CustomerIdentifiers</code> for each <code>UsageRecord</code>.</p>"
         },
         "ProductCode":{
           "shape":"ProductCode",
-          "documentation":"<p>The product code is returned to confirm that the buyer is registering for your product. Subsequent BatchMeterUsage calls should be made using this product code.</p>"
+          "documentation":"<p>The product code is returned to confirm that the buyer is registering for your product. Subsequent <code>BatchMeterUsage</code> calls should be made using this product code.</p>"
+        },
+        "CustomerAWSAccountId":{
+          "shape":"CustomerAWSAccountId",
+          "documentation":"<p>The <code>CustomerAWSAccountId</code> provides the AWS account ID associated with the <code>CustomerIdentifier</code> for the individual customer.</p>"
         }
       },
-      "documentation":"<p>The result of the ResolveCustomer operation. Contains the CustomerIdentifier and product code.</p>"
+      "documentation":"<p>The result of the <code>ResolveCustomer</code> operation. Contains the <code>CustomerIdentifier</code> along with the <code>CustomerAWSAccountId</code> and <code>ProductCode</code>.</p>"
     },
     "String":{"type":"string"},
     "Tag":{
@@ -387,14 +397,14 @@
       "members":{
         "Key":{
           "shape":"TagKey",
-          "documentation":"<p>One part of a key-value pair that makes up a tag. A key is a label that acts like a category for the specific tag values.</p>"
+          "documentation":"<p>One part of a key-value pair that makes up a <code>tag</code>. A <code>key</code> is a label that acts like a category for the specific tag values.</p>"
         },
         "Value":{
           "shape":"TagValue",
-          "documentation":"<p>One part of a key-value pair that makes up a tag. A value acts as a descriptor within a tag category (key). The value can be empty or null.</p>"
+          "documentation":"<p>One part of a key-value pair that makes up a <code>tag</code>. A <code>value</code> acts as a descriptor within a tag category (key). The value can be empty or null.</p>"
         }
       },
-      "documentation":"<p>Metadata assigned to an allocation. Each tag is made up of a key and a value.</p>"
+      "documentation":"<p>Metadata assigned to an allocation. Each tag is made up of a <code>key</code> and a <code>value</code>.</p>"
     },
     "TagKey":{
       "type":"string",
@@ -428,7 +438,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>The timestamp value passed in the meterUsage() is out of allowed range.</p>",
+      "documentation":"<p>The <code>timestamp</code> value passed in the <code>UsageRecord</code> is out of allowed range.</p> <p>For <code>BatchMeterUsage</code>, if any of the records are outside of the allowed range, the entire batch is not processed. You must remove invalid records and try again.</p>",
       "exception":true
     },
     "UsageAllocation":{
@@ -444,12 +454,12 @@
           "documentation":"<p>The set of tags that define the bucket of usage. For the bucket of items with no tags, this parameter can be left out.</p>"
         }
       },
-      "documentation":"<p>Usage allocations allow you to split usage into buckets by tags.</p> <p>Each UsageAllocation indicates the usage quantity for a specific set of tags.</p>"
+      "documentation":"<p>Usage allocations allow you to split usage into buckets by tags.</p> <p>Each <code>UsageAllocation</code> indicates the usage quantity for a specific set of tags.</p>"
     },
     "UsageAllocations":{
       "type":"list",
       "member":{"shape":"UsageAllocation"},
-      "max":500,
+      "max":2500,
       "min":1
     },
     "UsageDimension":{
@@ -473,15 +483,15 @@
       "members":{
         "Timestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Timestamp, in UTC, for which the usage is being reported.</p> <p>Your application can meter usage for up to one hour in the past. Make sure the timestamp value is not before the start of the software usage.</p>"
+          "documentation":"<p>Timestamp, in UTC, for which the usage is being reported.</p> <p>Your application can meter usage for up to one hour in the past. Make sure the <code>timestamp</code> value is not before the start of the software usage.</p>"
         },
         "CustomerIdentifier":{
           "shape":"CustomerIdentifier",
-          "documentation":"<p>The CustomerIdentifier is obtained through the ResolveCustomer operation and represents an individual buyer in your application.</p>"
+          "documentation":"<p>The <code>CustomerIdentifier</code> is obtained through the <code>ResolveCustomer</code> operation and represents an individual buyer in your application.</p>"
         },
         "Dimension":{
           "shape":"UsageDimension",
-          "documentation":"<p>During the process of registering a product on AWS Marketplace, up to eight dimensions are specified. These represent different units of value in your application.</p>"
+          "documentation":"<p>During the process of registering a product on AWS Marketplace, dimensions are specified. These represent different units of value in your application.</p>"
         },
         "Quantity":{
           "shape":"UsageQuantity",
@@ -489,10 +499,10 @@
         },
         "UsageAllocations":{
           "shape":"UsageAllocations",
-          "documentation":"<p>The set of UsageAllocations to submit. The sum of all UsageAllocation quantities must equal the Quantity of the UsageRecord.</p>"
+          "documentation":"<p>The set of <code>UsageAllocations</code> to submit. The sum of all <code>UsageAllocation</code> quantities must equal the Quantity of the <code>UsageRecord</code>.</p>"
         }
       },
-      "documentation":"<p>A UsageRecord indicates a quantity of usage for a given product, customer, dimension and time.</p> <p>Multiple requests with the same UsageRecords as input will be deduplicated to prevent double charges.</p>"
+      "documentation":"<p>A <code>UsageRecord</code> indicates a quantity of usage for a given product, customer, dimension and time.</p> <p>Multiple requests with the same <code>UsageRecords</code> as input will be de-duplicated to prevent double charges.</p>"
     },
     "UsageRecordList":{
       "type":"list",
@@ -505,18 +515,18 @@
       "members":{
         "UsageRecord":{
           "shape":"UsageRecord",
-          "documentation":"<p>The UsageRecord that was part of the BatchMeterUsage request.</p>"
+          "documentation":"<p>The <code>UsageRecord</code> that was part of the <code>BatchMeterUsage</code> request.</p>"
         },
         "MeteringRecordId":{
           "shape":"String",
-          "documentation":"<p>The MeteringRecordId is a unique identifier for this metering event.</p>"
+          "documentation":"<p>The <code>MeteringRecordId</code> is a unique identifier for this metering event.</p>"
         },
         "Status":{
           "shape":"UsageRecordResultStatus",
-          "documentation":"<p>The UsageRecordResult Status indicates the status of an individual UsageRecord processed by BatchMeterUsage.</p> <ul> <li> <p> <i>Success</i>- The UsageRecord was accepted and honored by BatchMeterUsage.</p> </li> <li> <p> <i>CustomerNotSubscribed</i>- The CustomerIdentifier specified is not subscribed to your product. The UsageRecord was not honored. Future UsageRecords for this customer will fail until the customer subscribes to your product.</p> </li> <li> <p> <i>DuplicateRecord</i>- Indicates that the UsageRecord was invalid and not honored. A previously metered UsageRecord had the same customer, dimension, and time, but a different quantity.</p> </li> </ul>"
+          "documentation":"<p>The <code>UsageRecordResult</code> <code>Status</code> indicates the status of an individual <code>UsageRecord</code> processed by <code>BatchMeterUsage</code>.</p> <ul> <li> <p> <i>Success</i>- The <code>UsageRecord</code> was accepted and honored by <code>BatchMeterUsage</code>.</p> </li> <li> <p> <i>CustomerNotSubscribed</i>- The <code>CustomerIdentifier</code> specified is not able to use your product. The <code>UsageRecord</code> was not honored. There are three causes for this result:</p> <ul> <li> <p>The customer identifier is invalid.</p> </li> <li> <p>The customer identifier provided in the metering record does not have an active agreement or subscription with this product. Future <code>UsageRecords</code> for this customer will fail until the customer subscribes to your product.</p> </li> <li> <p>The customer's AWS account was suspended.</p> </li> </ul> </li> <li> <p> <i>DuplicateRecord</i>- Indicates that the <code>UsageRecord</code> was invalid and not honored. A previously metered <code>UsageRecord</code> had the same customer, dimension, and time, but a different quantity.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>A UsageRecordResult indicates the status of a given UsageRecord processed by BatchMeterUsage.</p>"
+      "documentation":"<p>A <code>UsageRecordResult</code> indicates the status of a given <code>UsageRecord</code> processed by <code>BatchMeterUsage</code>.</p>"
     },
     "UsageRecordResultList":{
       "type":"list",
@@ -536,5 +546,5 @@
     },
     "errorMessage":{"type":"string"}
   },
-  "documentation":"<fullname>AWS Marketplace Metering Service</fullname> <p>This reference provides descriptions of the low-level AWS Marketplace Metering Service API.</p> <p>AWS Marketplace sellers can use this API to submit usage data for custom usage dimensions.</p> <p>For information on the permissions you need to use this API, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/iam-user-policy-for-aws-marketplace-actions.html\">AWS Marketing metering and entitlement API permissions</a> in the <i>AWS Marketplace Seller Guide.</i> </p> <p> <b>Submitting Metering Records</b> </p> <ul> <li> <p> <i>MeterUsage</i>- Submits the metering record for a Marketplace product. MeterUsage is called from an EC2 instance or a container running on EKS or ECS.</p> </li> <li> <p> <i>BatchMeterUsage</i>- Submits the metering record for a set of customers. BatchMeterUsage is called from a software-as-a-service (SaaS) application.</p> </li> </ul> <p> <b>Accepting New Customers</b> </p> <ul> <li> <p> <i>ResolveCustomer</i>- Called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a Registration Token through the browser. The Registration Token is resolved through this API to obtain a CustomerIdentifier and Product Code.</p> </li> </ul> <p> <b>Entitlement and Metering for Paid Container Products</b> </p> <ul> <li> <p> Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the RegisterUsage operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call RegisterUsage, but you can do so if you want to receive usage data in your seller reports. For more information on using the RegisterUsage operation, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/container-based-products.html\">Container-Based Products</a>. </p> </li> </ul> <p>BatchMeterUsage API calls are captured by AWS CloudTrail. You can use Cloudtrail to verify that the SaaS metering records that you sent are accurate by searching for records with the eventName of BatchMeterUsage. You can also use CloudTrail to audit records over time. For more information, see the <i> <a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html\">AWS CloudTrail User Guide</a> </i>.</p>"
+  "documentation":"<fullname>AWS Marketplace Metering Service</fullname> <p>This reference provides descriptions of the low-level AWS Marketplace Metering Service API.</p> <p>AWS Marketplace sellers can use this API to submit usage data for custom usage dimensions.</p> <p>For information on the permissions you need to use this API, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/iam-user-policy-for-aws-marketplace-actions.html\">AWS Marketplace metering and entitlement API permissions</a> in the <i>AWS Marketplace Seller Guide.</i> </p> <p> <b>Submitting Metering Records</b> </p> <ul> <li> <p> <i>MeterUsage</i> - Submits the metering record for an AWS Marketplace product. <code>MeterUsage</code> is called from an EC2 instance or a container running on EKS or ECS.</p> </li> <li> <p> <i>BatchMeterUsage</i> - Submits the metering record for a set of customers. <code>BatchMeterUsage</code> is called from a software-as-a-service (SaaS) application.</p> </li> </ul> <p> <b>Accepting New Customers</b> </p> <ul> <li> <p> <i>ResolveCustomer</i> - Called by a SaaS application during the registration process. When a buyer visits your website during the registration process, the buyer submits a Registration Token through the browser. The Registration Token is resolved through this API to obtain a <code>CustomerIdentifier</code> along with the <code>CustomerAWSAccountId</code> and <code>ProductCode</code>.</p> </li> </ul> <p> <b>Entitlement and Metering for Paid Container Products</b> </p> <ul> <li> <p>Paid container software products sold through AWS Marketplace must integrate with the AWS Marketplace Metering Service and call the <code>RegisterUsage</code> operation for software entitlement and metering. Free and BYOL products for Amazon ECS or Amazon EKS aren't required to call <code>RegisterUsage</code>, but you can do so if you want to receive usage data in your seller reports. For more information on using the <code>RegisterUsage</code> operation, see <a href=\"https://docs.aws.amazon.com/marketplace/latest/userguide/container-based-products.html\">Container-Based Products</a>. </p> </li> </ul> <p> <code>BatchMeterUsage</code> API calls are captured by AWS CloudTrail. You can use Cloudtrail to verify that the SaaS metering records that you sent are accurate by searching for records with the <code>eventName</code> of <code>BatchMeterUsage</code>. You can also use CloudTrail to audit records over time. For more information, see the <i> <a href=\"http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html\">AWS CloudTrail User Guide</a>.</i> </p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/paginators-1.json b/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/paginators-1.json
index 4f56fb4c989..95c756cedfc 100644
--- a/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/paginators-1.json
@@ -23,6 +23,12 @@
       "output_token": "nextToken",
       "limit_key": "maxResults",
       "result_key": "items"
+    },
+    "DescribeVcenterClients": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "items"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/service-2.json b/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/service-2.json
index 6933ebabfe6..f171d45bb83 100644
--- a/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/mgn/2020-02-26/service-2.json
@@ -97,6 +97,22 @@
       "documentation":"<p>Deletes a single source server by ID.</p>",
       "idempotent":true
     },
+    "DeleteVcenterClient":{
+      "name":"DeleteVcenterClient",
+      "http":{
+        "method":"POST",
+        "requestUri":"/DeleteVcenterClient",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteVcenterClientRequest"},
+      "errors":[
+        {"shape":"UninitializedAccountException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes a single vCenter client by ID.</p>",
+      "idempotent":true
+    },
     "DescribeJobLogItems":{
       "name":"DescribeJobLogItems",
       "http":{
@@ -158,6 +174,22 @@
       ],
       "documentation":"<p>Retrieves all SourceServers or multiple SourceServers by ID.</p>"
     },
+    "DescribeVcenterClients":{
+      "name":"DescribeVcenterClients",
+      "http":{
+        "method":"GET",
+        "requestUri":"/DescribeVcenterClients",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeVcenterClientsRequest"},
+      "output":{"shape":"DescribeVcenterClientsResponse"},
+      "errors":[
+        {"shape":"UninitializedAccountException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists all vCenter clients.</p>"
+    },
     "DisconnectFromService":{
       "name":"DisconnectFromService",
       "http":{
@@ -302,6 +334,24 @@
       ],
       "documentation":"<p>Launches a Cutover Instance for specific Source Servers. This command starts a LAUNCH job whose initiatedBy property is StartCutover and changes the SourceServer.lifeCycle.state property to CUTTING_OVER.</p>"
     },
+    "StartReplication":{
+      "name":"StartReplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/StartReplication",
+        "responseCode":200
+      },
+      "input":{"shape":"StartReplicationRequest"},
+      "output":{"shape":"SourceServer"},
+      "errors":[
+        {"shape":"UninitializedAccountException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Starts replication on source server by ID.</p>"
+    },
     "StartTest":{
       "name":"StartTest",
       "http":{
@@ -423,6 +473,23 @@
         {"shape":"AccessDeniedException"}
       ],
       "documentation":"<p>Updates multiple ReplicationConfigurationTemplates by ID.</p>"
+    },
+    "UpdateSourceServerReplicationType":{
+      "name":"UpdateSourceServerReplicationType",
+      "http":{
+        "method":"POST",
+        "requestUri":"/UpdateSourceServerReplicationType",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateSourceServerReplicationTypeRequest"},
+      "output":{"shape":"SourceServer"},
+      "errors":[
+        {"shape":"UninitializedAccountException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Updates source server Replication Type by ID.</p>"
     }
   },
   "shapes":{
@@ -630,7 +697,9 @@
         "FAILED_TO_ATTACH_STAGING_DISKS",
         "FAILED_TO_PAIR_REPLICATION_SERVER_WITH_AGENT",
         "FAILED_TO_CONNECT_AGENT_TO_REPLICATION_SERVER",
-        "FAILED_TO_START_DATA_TRANSFER"
+        "FAILED_TO_START_DATA_TRANSFER",
+        "UNSUPPORTED_VM_CONFIGURATION",
+        "LAST_SNAPSHOT_JOB_FAILED"
       ]
     },
     "DataReplicationInfo":{
@@ -656,6 +725,10 @@
           "shape":"ISO8601DatetimeString",
           "documentation":"<p>Request to query data replication lag durating.</p>"
         },
+        "lastSnapshotDateTime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>Request to query data replication last snapshot time.</p>"
+        },
         "replicatedDisks":{
           "shape":"DataReplicationInfoReplicatedDisks",
           "documentation":"<p>Request to query disks replicated.</p>"
@@ -769,7 +842,9 @@
         "PAUSED",
         "RESCAN",
         "STALLED",
-        "DISCONNECTED"
+        "DISCONNECTED",
+        "PENDING_SNAPSHOT_SHIPPING",
+        "SHIPPING_SNAPSHOT"
       ]
     },
     "DeleteJobRequest":{
@@ -817,6 +892,16 @@
       "members":{
       }
     },
+    "DeleteVcenterClientRequest":{
+      "type":"structure",
+      "required":["vcenterClientID"],
+      "members":{
+        "vcenterClientID":{
+          "shape":"VcenterClientID",
+          "documentation":"<p>ID of resource to be deleted.</p>"
+        }
+      }
+    },
     "DescribeJobLogItemsRequest":{
       "type":"structure",
       "required":["jobID"],
@@ -959,6 +1044,14 @@
           "shape":"Boolean",
           "documentation":"<p>Request to filter Source Servers list by archived.</p>"
         },
+        "lifeCycleStates":{
+          "shape":"LifeCycleStates",
+          "documentation":"<p>Request to filter Source Servers list by life cycle states.</p>"
+        },
+        "replicationTypes":{
+          "shape":"ReplicationTypes",
+          "documentation":"<p>Request to filter Source Servers list by replication type.</p>"
+        },
         "sourceServerIDs":{
           "shape":"DescribeSourceServersRequestFiltersIDs",
           "documentation":"<p>Request to filter Source Servers list by Source Server ID.</p>"
@@ -985,6 +1078,36 @@
         }
       }
     },
+    "DescribeVcenterClientsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"StrictlyPositiveInteger",
+          "documentation":"<p>Maximum results to be returned in DescribeVcenterClients.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>Next pagination token to be provided for DescribeVcenterClients.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "DescribeVcenterClientsResponse":{
+      "type":"structure",
+      "members":{
+        "items":{
+          "shape":"VcenterClientList",
+          "documentation":"<p>List of items returned by DescribeVcenterClients.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>Next pagination token returned from DescribeVcenterClients.</p>"
+        }
+      }
+    },
     "DisconnectFromServiceRequest":{
       "type":"structure",
       "required":["sourceServerID"],
@@ -1090,6 +1213,10 @@
           "shape":"BoundedString",
           "documentation":"<p>Hostname identification hint.</p>"
         },
+        "vmPath":{
+          "shape":"BoundedString",
+          "documentation":"<p>vCenter VM path identification hint.</p>"
+        },
         "vmWareUuid":{
           "shape":"BoundedString",
           "documentation":"<p>vmWare UUID identification hint.</p>"
@@ -1501,9 +1628,16 @@
         "READY_FOR_CUTOVER",
         "CUTTING_OVER",
         "CUTOVER",
-        "DISCONNECTED"
+        "DISCONNECTED",
+        "DISCOVERED"
       ]
     },
+    "LifeCycleStates":{
+      "type":"list",
+      "member":{"shape":"LifeCycleState"},
+      "max":10,
+      "min":0
+    },
     "ListTagsForResourceRequest":{
       "type":"structure",
       "required":["resourceArn"],
@@ -1809,6 +1943,19 @@
       "max":32,
       "min":0
     },
+    "ReplicationType":{
+      "type":"string",
+      "enum":[
+        "AGENT_BASED",
+        "SNAPSHOT_SHIPPING"
+      ]
+    },
+    "ReplicationTypes":{
+      "type":"list",
+      "member":{"shape":"ReplicationType"},
+      "max":2,
+      "min":0
+    },
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
@@ -1846,6 +1993,35 @@
       "min":0,
       "pattern":"^sg-[0-9a-fA-F]{8,}$"
     },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "code":{"shape":"LargeBoundedString"},
+        "message":{"shape":"LargeBoundedString"},
+        "quotaCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Exceeded the service quota code.</p>"
+        },
+        "resourceId":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Exceeded the service quota resource Id.</p>"
+        },
+        "resourceType":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Exceeded the service quota resource type.</p>"
+        },
+        "serviceCode":{
+          "shape":"LargeBoundedString",
+          "documentation":"<p>Exceeded the service quota service code.</p>"
+        }
+      },
+      "documentation":"<p>The request could not be completed because its exceeded the service quota.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
     "SmallBoundedString":{
       "type":"string",
       "max":128,
@@ -1912,6 +2088,10 @@
           "shape":"LifeCycle",
           "documentation":"<p>Source server lifecycle state.</p>"
         },
+        "replicationType":{
+          "shape":"ReplicationType",
+          "documentation":"<p>Source server replication type.</p>"
+        },
         "sourceProperties":{
           "shape":"SourceProperties",
           "documentation":"<p>Source server properties.</p>"
@@ -1923,6 +2103,10 @@
         "tags":{
           "shape":"TagsMap",
           "documentation":"<p>Source server Tags.</p>"
+        },
+        "vcenterClientID":{
+          "shape":"VcenterClientID",
+          "documentation":"<p>Source server vCenter client id.</p>"
         }
       }
     },
@@ -1965,6 +2149,16 @@
         }
       }
     },
+    "StartReplicationRequest":{
+      "type":"structure",
+      "required":["sourceServerID"],
+      "members":{
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>ID of source server on which to start replication.</p>"
+        }
+      }
+    },
     "StartTestRequest":{
       "type":"structure",
       "required":["sourceServerIDs"],
@@ -2303,6 +2497,23 @@
         }
       }
     },
+    "UpdateSourceServerReplicationTypeRequest":{
+      "type":"structure",
+      "required":[
+        "replicationType",
+        "sourceServerID"
+      ],
+      "members":{
+        "replicationType":{
+          "shape":"ReplicationType",
+          "documentation":"<p>Replication type to which to update source server.</p>"
+        },
+        "sourceServerID":{
+          "shape":"SourceServerID",
+          "documentation":"<p>ID of source server on which to update replication type.</p>"
+        }
+      }
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
@@ -2350,6 +2561,54 @@
         "fieldValidationFailed",
         "other"
       ]
+    },
+    "VcenterClient":{
+      "type":"structure",
+      "members":{
+        "arn":{
+          "shape":"ARN",
+          "documentation":"<p>Arn of vCenter client.</p>"
+        },
+        "datacenterName":{
+          "shape":"BoundedString",
+          "documentation":"<p>Datacenter name of vCenter client.</p>"
+        },
+        "hostname":{
+          "shape":"BoundedString",
+          "documentation":"<p>Hostname of vCenter client .</p>"
+        },
+        "lastSeenDatetime":{
+          "shape":"ISO8601DatetimeString",
+          "documentation":"<p>Last seen time of vCenter client.</p>"
+        },
+        "sourceServerTags":{
+          "shape":"TagsMap",
+          "documentation":"<p>Tags for Source Server of vCenter client.</p>"
+        },
+        "tags":{
+          "shape":"TagsMap",
+          "documentation":"<p>Tags for vCenter client.</p>"
+        },
+        "vcenterClientID":{
+          "shape":"VcenterClientID",
+          "documentation":"<p>ID of vCenter client.</p>"
+        },
+        "vcenterUUID":{
+          "shape":"BoundedString",
+          "documentation":"<p>Vcenter UUID of vCenter client.</p>"
+        }
+      },
+      "documentation":"<p>vCenter client.</p>"
+    },
+    "VcenterClientID":{
+      "type":"string",
+      "max":21,
+      "min":21,
+      "pattern":"^vcc-[0-9a-zA-Z]{17}$"
+    },
+    "VcenterClientList":{
+      "type":"list",
+      "member":{"shape":"VcenterClient"}
     }
   },
   "documentation":"<p>The Application Migration Service service.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json b/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json
new file mode 100644
index 00000000000..79ae0ffa139
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json
@@ -0,0 +1,34 @@
+{
+  "pagination": {
+    "ListApplications": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ApplicationSummaryList"
+    },
+    "ListEnvironmentVpcs": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "EnvironmentVpcList"
+    },
+    "ListEnvironments": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "EnvironmentSummaryList"
+    },
+    "ListRoutes": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "RouteSummaryList"
+    },
+    "ListServices": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ServiceSummaryList"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json b/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json
new file mode 100644
index 00000000000..35c776aeb1a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json
@@ -0,0 +1,2787 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-10-26",
+    "endpointPrefix":"refactor-spaces",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"AWS Migration Hub Refactor Spaces",
+    "serviceId":"Migration Hub Refactor Spaces",
+    "signatureVersion":"v4",
+    "signingName":"refactor-spaces",
+    "uid":"migration-hub-refactor-spaces-2021-10-26"
+  },
+  "operations":{
+    "CreateApplication":{
+      "name":"CreateApplication",
+      "http":{
+        "method":"POST",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateApplicationRequest"},
+      "output":{"shape":"CreateApplicationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Amazon Web Services Migration Hub Refactor Spaces application. The account that owns the environment also owns the applications created inside the environment, regardless of the account that creates the application. Refactor Spaces provisions the Amazon API Gateway and Network Load Balancer for the application proxy inside your account.</p>"
+    },
+    "CreateEnvironment":{
+      "name":"CreateEnvironment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/environments",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateEnvironmentRequest"},
+      "output":{"shape":"CreateEnvironmentResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Amazon Web Services Migration Hub Refactor Spaces environment. The caller owns the environment resource, and they are referred to as the <i>environment owner</i>. The environment owner has cross-account visibility and control of Refactor Spaces resources that are added to the environment by other accounts that the environment is shared with. When creating an environment, Refactor Spaces provisions a transit gateway in your account.</p>"
+    },
+    "CreateRoute":{
+      "name":"CreateRoute",
+      "http":{
+        "method":"POST",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/routes",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateRouteRequest"},
+      "output":{"shape":"CreateRouteResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Amazon Web Services Migration Hub Refactor Spaces route. The account owner of the service resource is always the environment owner, regardless of which account creates the route. Routes target a service in the application. If an application does not have any routes, then the first route must be created as a <code>DEFAULT</code> <code>RouteType</code>.</p> <p>When you create a route, Refactor Spaces configures the Amazon API Gateway to send traffic to the target service as follows:</p> <ul> <li> <p>If the service has a URL endpoint, and the endpoint resolves to a private IP address, Refactor Spaces routes traffic using the API Gateway VPC link. </p> </li> <li> <p>If the service has a URL endpoint, and the endpoint resolves to a public IP address, Refactor Spaces routes traffic over the public internet.</p> </li> <li> <p>If the service has an Lambda function endpoint, then Refactor Spaces uses the API Gateway Lambda integration.</p> </li> </ul> <p>A health check is performed on the service when the route is created. If the health check fails, the route transitions to <code>FAILED</code>, and no traffic is sent to the service.</p> <p>For Lambda functions, the Lambda function state is checked. If the function is not active, the function configuration is updated so that Lambda resources are provisioned. If the Lambda state is <code>Failed</code>, then the route creation fails. For more information, see the <a href=\"https://docs.aws.amazon.com/lambda/latest/dg/API_GetFunctionConfiguration.html#SSS-GetFunctionConfiguration-response-State\">GetFunctionConfiguration's State response parameter</a> in the <i>Lambda Developer Guide</i>.</p> <p>For public URLs, a connection is opened to the public endpoint. If the URL is not reachable, the health check fails. For private URLs, a target group is created and the target group health check is run.</p> <p>The <code>HealthCheckProtocol</code>, <code>HealthCheckPort</code>, and <code>HealthCheckPath</code> are the same protocol, port, and path specified in the URL or health URL, if used. All other settings use the default values, as described in <a href=\"https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html\">Health checks for your target groups</a>. The health check is considered successful if at least one target within the target group transitions to a healthy state.</p>"
+    },
+    "CreateService":{
+      "name":"CreateService",
+      "http":{
+        "method":"POST",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/services",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateServiceRequest"},
+      "output":{"shape":"CreateServiceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates an Amazon Web Services Migration Hub Refactor Spaces service. The account owner of the service is always the environment owner, regardless of which account in the environment creates the service. Services have either a URL endpoint in a virtual private cloud (VPC), or a Lambda function endpoint.</p> <important> <p>If an Amazon Web Services resourceis launched in a service VPC, and you want it to be accessible to all of an environment’s services with VPCs and routes, apply the <code>RefactorSpacesSecurityGroup</code> to the resource. Alternatively, to add more cross-account constraints, apply your own security group.</p> </important>"
+    },
+    "DeleteApplication":{
+      "name":"DeleteApplication",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteApplicationRequest"},
+      "output":{"shape":"DeleteApplicationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Amazon Web Services Migration Hub Refactor Spaces application. Before you can delete an application, you must first delete any services or routes within the application.</p>",
+      "idempotent":true
+    },
+    "DeleteEnvironment":{
+      "name":"DeleteEnvironment",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/environments/{EnvironmentIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteEnvironmentRequest"},
+      "output":{"shape":"DeleteEnvironmentResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Amazon Web Services Migration Hub Refactor Spaces environment. Before you can delete an environment, you must first delete any applications and services within the environment.</p>",
+      "idempotent":true
+    },
+    "DeleteResourcePolicy":{
+      "name":"DeleteResourcePolicy",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/resourcepolicy/{Identifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteResourcePolicyRequest"},
+      "output":{"shape":"DeleteResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes the resource policy set for the environment. </p>",
+      "idempotent":true
+    },
+    "DeleteRoute":{
+      "name":"DeleteRoute",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/routes/{RouteIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteRouteRequest"},
+      "output":{"shape":"DeleteRouteResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Amazon Web Services Migration Hub Refactor Spaces route.</p>",
+      "idempotent":true
+    },
+    "DeleteService":{
+      "name":"DeleteService",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/services/{ServiceIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteServiceRequest"},
+      "output":{"shape":"DeleteServiceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an Amazon Web Services Migration Hub Refactor Spaces service. </p>",
+      "idempotent":true
+    },
+    "GetApplication":{
+      "name":"GetApplication",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetApplicationRequest"},
+      "output":{"shape":"GetApplicationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Gets an Amazon Web Services Migration Hub Refactor Spaces application.</p>"
+    },
+    "GetEnvironment":{
+      "name":"GetEnvironment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetEnvironmentRequest"},
+      "output":{"shape":"GetEnvironmentResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Gets an Amazon Web Services Migration Hub Refactor Spaces environment.</p>"
+    },
+    "GetResourcePolicy":{
+      "name":"GetResourcePolicy",
+      "http":{
+        "method":"GET",
+        "requestUri":"/resourcepolicy/{Identifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetResourcePolicyRequest"},
+      "output":{"shape":"GetResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Gets the resource-based permission policy that is set for the given environment. </p>"
+    },
+    "GetRoute":{
+      "name":"GetRoute",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/routes/{RouteIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetRouteRequest"},
+      "output":{"shape":"GetRouteResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Gets an Amazon Web Services Migration Hub Refactor Spaces route.</p>"
+    },
+    "GetService":{
+      "name":"GetService",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/services/{ServiceIdentifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetServiceRequest"},
+      "output":{"shape":"GetServiceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Gets an Amazon Web Services Migration Hub Refactor Spaces service. </p>"
+    },
+    "ListApplications":{
+      "name":"ListApplications",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications",
+        "responseCode":200
+      },
+      "input":{"shape":"ListApplicationsRequest"},
+      "output":{"shape":"ListApplicationsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the Amazon Web Services Migration Hub Refactor Spaces applications within an environment. </p>"
+    },
+    "ListEnvironmentVpcs":{
+      "name":"ListEnvironmentVpcs",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/vpcs",
+        "responseCode":200
+      },
+      "input":{"shape":"ListEnvironmentVpcsRequest"},
+      "output":{"shape":"ListEnvironmentVpcsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the virtual private clouds (VPCs) that are part of an Amazon Web Services Migration Hub Refactor Spaces environment. </p>"
+    },
+    "ListEnvironments":{
+      "name":"ListEnvironments",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments",
+        "responseCode":200
+      },
+      "input":{"shape":"ListEnvironmentsRequest"},
+      "output":{"shape":"ListEnvironmentsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists Amazon Web Services Migration Hub Refactor Spaces environments owned by a caller account or shared with the caller account. </p>"
+    },
+    "ListRoutes":{
+      "name":"ListRoutes",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/routes",
+        "responseCode":200
+      },
+      "input":{"shape":"ListRoutesRequest"},
+      "output":{"shape":"ListRoutesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the Amazon Web Services Migration Hub Refactor Spaces routes within an application. </p>"
+    },
+    "ListServices":{
+      "name":"ListServices",
+      "http":{
+        "method":"GET",
+        "requestUri":"/environments/{EnvironmentIdentifier}/applications/{ApplicationIdentifier}/services",
+        "responseCode":200
+      },
+      "input":{"shape":"ListServicesRequest"},
+      "output":{"shape":"ListServicesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the Amazon Web Services Migration Hub Refactor Spaces services within an application. </p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Lists the tags of a resource. The caller account must be the same as the resource’s <code>OwnerAccountId</code>. Listing tags in other accounts is not supported. </p>"
+    },
+    "PutResourcePolicy":{
+      "name":"PutResourcePolicy",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/resourcepolicy",
+        "responseCode":200
+      },
+      "input":{"shape":"PutResourcePolicyRequest"},
+      "output":{"shape":"PutResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidResourcePolicyException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Attaches a resource-based permission policy to the Amazon Web Services Migration Hub Refactor Spaces environment. The policy must contain the same actions and condition statements as the <code>arn:aws:ram::aws:permission/AWSRAMDefaultPermissionRefactorSpacesEnvironment</code> permission in Resource Access Manager. The policy must not contain new lines or blank lines. </p>",
+      "idempotent":true
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Removes the tags of a given resource. Tags are metadata which can be used to manage a resource. To tag a resource, the caller account must be the same as the resource’s <code>OwnerAccountId</code>. Tagging resources in other accounts is not supported.</p> <note> <p>Amazon Web Services Migration Hub Refactor Spaces does not propagate tags to orchestrated resources, such as an environment’s transit gateway.</p> </note>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource. To untag a resource, the caller account must be the same as the resource’s <code>OwnerAccountId</code>. Untagging resources across accounts is not supported. </p>",
+      "idempotent":true
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>The user does not have sufficient access to perform this action. </p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "AccountId":{
+      "type":"string",
+      "max":12,
+      "min":12,
+      "pattern":"^\\d{12}$"
+    },
+    "AdditionalDetails":{
+      "type":"map",
+      "key":{"shape":"AdditionalDetailsKey"},
+      "value":{"shape":"AdditionalDetailsValue"}
+    },
+    "AdditionalDetailsKey":{
+      "type":"string",
+      "max":50,
+      "min":1
+    },
+    "AdditionalDetailsValue":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
+    "ApiGatewayEndpointType":{
+      "type":"string",
+      "enum":[
+        "REGIONAL",
+        "PRIVATE"
+      ]
+    },
+    "ApiGatewayId":{
+      "type":"string",
+      "max":10,
+      "min":10,
+      "pattern":"^[a-z0-9]{10}$"
+    },
+    "ApiGatewayProxyConfig":{
+      "type":"structure",
+      "members":{
+        "ApiGatewayId":{
+          "shape":"ApiGatewayId",
+          "documentation":"<p>The resource ID of the API Gateway for the proxy. </p>"
+        },
+        "EndpointType":{
+          "shape":"ApiGatewayEndpointType",
+          "documentation":"<p>The type of API Gateway endpoint created. </p>"
+        },
+        "NlbArn":{
+          "shape":"NlbArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Network Load Balancer configured by the API Gateway proxy. </p>"
+        },
+        "NlbName":{
+          "shape":"NlbName",
+          "documentation":"<p>The name of the Network Load Balancer that is configured by the API Gateway proxy. </p>"
+        },
+        "ProxyUrl":{
+          "shape":"Uri",
+          "documentation":"<p>The endpoint URL of the API Gateway proxy. </p>"
+        },
+        "StageName":{
+          "shape":"StageName",
+          "documentation":"<p>The name of the API Gateway stage. The name defaults to <code>prod</code>. </p>"
+        },
+        "VpcLinkId":{
+          "shape":"VpcLinkId",
+          "documentation":"<p>The <code>VpcLink</code> ID of the API Gateway proxy. </p>"
+        }
+      },
+      "documentation":"<p>A wrapper object holding the Amazon API Gateway proxy configuration. </p>"
+    },
+    "ApiGatewayProxyInput":{
+      "type":"structure",
+      "members":{
+        "EndpointType":{
+          "shape":"ApiGatewayEndpointType",
+          "documentation":"<p>The type of endpoint to use for the API Gateway proxy. If no value is specified in the request, the value is set to <code>REGIONAL</code> by default.</p> <p>If the value is set to <code>PRIVATE</code> in the request, this creates a private API endpoint that is isolated from the public internet. The private endpoint can only be accessed by using Amazon Virtual Private Cloud (Amazon VPC) endpoints for Amazon API Gateway that have been granted access. </p>"
+        },
+        "StageName":{
+          "shape":"StageName",
+          "documentation":"<p>The name of the API Gateway stage. The name defaults to <code>prod</code>. </p>"
+        }
+      },
+      "documentation":"<p>A wrapper object holding the Amazon API Gateway endpoint input. </p>"
+    },
+    "ApiGatewayProxySummary":{
+      "type":"structure",
+      "members":{
+        "ApiGatewayId":{
+          "shape":"ApiGatewayId",
+          "documentation":"<p>The resource ID of the API Gateway for the proxy. </p>"
+        },
+        "EndpointType":{
+          "shape":"ApiGatewayEndpointType",
+          "documentation":"<p>The type of API Gateway endpoint created. </p>"
+        },
+        "NlbArn":{
+          "shape":"NlbArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Network Load Balancer configured by the API Gateway proxy. </p>"
+        },
+        "NlbName":{
+          "shape":"NlbName",
+          "documentation":"<p>The name of the Network Load Balancer that is configured by the API Gateway proxy. </p>"
+        },
+        "ProxyUrl":{
+          "shape":"Uri",
+          "documentation":"<p>The endpoint URL of the API Gateway proxy. </p>"
+        },
+        "StageName":{
+          "shape":"StageName",
+          "documentation":"<p>The name of the API Gateway stage. The name defaults to <code>prod</code>. </p>"
+        },
+        "VpcLinkId":{
+          "shape":"VpcLinkId",
+          "documentation":"<p>The <code>VpcLink</code> ID of the API Gateway proxy. </p>"
+        }
+      },
+      "documentation":"<p>A wrapper object holding the Amazon API Gateway proxy summary. </p>"
+    },
+    "ApplicationId":{
+      "type":"string",
+      "max":14,
+      "min":14,
+      "pattern":"^app-[0-9A-Za-z]{10}$"
+    },
+    "ApplicationName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^(?!app-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$"
+    },
+    "ApplicationState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "ACTIVE",
+        "DELETING",
+        "FAILED",
+        "UPDATING"
+      ]
+    },
+    "ApplicationSummaries":{
+      "type":"list",
+      "member":{"shape":"ApplicationSummary"}
+    },
+    "ApplicationSummary":{
+      "type":"structure",
+      "members":{
+        "ApiGatewayProxy":{
+          "shape":"ApiGatewayProxySummary",
+          "documentation":"<p>The endpoint URL of the Amazon API Gateway proxy. </p>"
+        },
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The unique identifier of the application. </p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>he Amazon Resource Name (ARN) of the application. </p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the application creator. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application is created. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the application resource. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ApplicationName",
+          "documentation":"<p>The name of the application. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the application owner.</p>"
+        },
+        "ProxyType":{
+          "shape":"ProxyType",
+          "documentation":"<p>The proxy type of the proxy created within the application. </p>"
+        },
+        "State":{
+          "shape":"ApplicationState",
+          "documentation":"<p>The current state of the application. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the application. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the virtual private cloud (VPC). </p>"
+        }
+      },
+      "documentation":"<p>The list of <code>ApplicationSummary</code> objects. </p>"
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "CidrBlock":{"type":"string"},
+    "CidrBlocks":{
+      "type":"list",
+      "member":{"shape":"CidrBlock"},
+      "min":1
+    },
+    "ClientToken":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^[\\x20-\\x7E]{1,64}$"
+    },
+    "ConflictException":{
+      "type":"structure",
+      "required":[
+        "Message",
+        "ResourceId",
+        "ResourceType"
+      ],
+      "members":{
+        "Message":{"shape":"String"},
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource. </p>"
+        },
+        "ResourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of resource. </p>"
+        }
+      },
+      "documentation":"<p>Updating or deleting a resource can cause an inconsistent state.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "CreateApplicationRequest":{
+      "type":"structure",
+      "required":[
+        "EnvironmentIdentifier",
+        "Name",
+        "ProxyType",
+        "VpcId"
+      ],
+      "members":{
+        "ApiGatewayProxy":{
+          "shape":"ApiGatewayProxyInput",
+          "documentation":"<p>A wrapper object holding the API Gateway endpoint type and stage name for the proxy. </p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken":true
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "Name":{
+          "shape":"ApplicationName",
+          "documentation":"<p>The name to use for the application. </p>"
+        },
+        "ProxyType":{
+          "shape":"ProxyType",
+          "documentation":"<p>The proxy type of the proxy created within the application. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the application. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair.</p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the virtual private cloud (VPC).</p>"
+        }
+      }
+    },
+    "CreateApplicationResponse":{
+      "type":"structure",
+      "members":{
+        "ApiGatewayProxy":{
+          "shape":"ApiGatewayProxyInput",
+          "documentation":"<p>A wrapper object holding the API Gateway endpoint type and stage name for the proxy. </p>"
+        },
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The unique identifier of the application.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is <code>arn:aws:refactor-spaces:<i>region</i>:<i>account-id</i>:<i>resource-type/resource-id</i> </code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of application creator.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application is created.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment in which the application is created.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ApplicationName",
+          "documentation":"<p>The name of the application.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the application owner.</p>"
+        },
+        "ProxyType":{
+          "shape":"ProxyType",
+          "documentation":"<p>The proxy type of the proxy created within the application. </p>"
+        },
+        "State":{
+          "shape":"ApplicationState",
+          "documentation":"<p>The current state of the application. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the application. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the Amazon VPC. </p>"
+        }
+      }
+    },
+    "CreateEnvironmentRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "NetworkFabricType"
+      ],
+      "members":{
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken":true
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the environment.</p>"
+        },
+        "Name":{
+          "shape":"EnvironmentName",
+          "documentation":"<p>The name of the environment.</p>"
+        },
+        "NetworkFabricType":{
+          "shape":"NetworkFabricType",
+          "documentation":"<p>The network fabric type of the environment.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the environment. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair.</p>"
+        }
+      }
+    },
+    "CreateEnvironmentResponse":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the environment.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment is created.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the environment.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment was last updated. </p>"
+        },
+        "Name":{
+          "shape":"EnvironmentName",
+          "documentation":"<p>The name of the environment.</p>"
+        },
+        "NetworkFabricType":{
+          "shape":"NetworkFabricType",
+          "documentation":"<p>The network fabric type of the environment.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of environment owner.</p>"
+        },
+        "State":{
+          "shape":"EnvironmentState",
+          "documentation":"<p>The current state of the environment. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the created environment. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair..</p>"
+        }
+      }
+    },
+    "CreateRouteRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "RouteType",
+        "ServiceIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application within which the route is being created.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken":true
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment in which the route is created.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "RouteType":{
+          "shape":"RouteType",
+          "documentation":"<p>The route type of the route. <code>DEFAULT</code> indicates that all traffic that does not match another route is forwarded to the default route. Applications must have a default route before any other routes can be created. <code>URI_PATH</code> indicates a route that is based on a URI path.</p>"
+        },
+        "ServiceIdentifier":{
+          "shape":"ServiceId",
+          "documentation":"<p>The ID of the service in which the route is created. Traffic that matches this route is forwarded to this service.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the route. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair.. </p>"
+        },
+        "UriPathRoute":{
+          "shape":"UriPathRouteInput",
+          "documentation":"<p>The configuration for the URI path route type. </p>"
+        }
+      }
+    },
+    "CreateRouteResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application in which the route is created.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the route. The format for this ARN is <code>arn:aws:refactor-spaces:<i>region</i>:<i>account-id</i>:<i>resource-type/resource-id</i> </code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route creator.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route is created.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route was last updated. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route owner.</p>"
+        },
+        "RouteId":{
+          "shape":"RouteId",
+          "documentation":"<p>The unique identifier of the route.</p>"
+        },
+        "RouteType":{
+          "shape":"RouteType",
+          "documentation":"<p>The route type of the route.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The ID of service in which the rute iscreated. Traffic that matches this route is forwarded to this service.</p>"
+        },
+        "State":{
+          "shape":"RouteState",
+          "documentation":"<p>he current state of the route. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the created route. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        },
+        "UriPathRoute":{
+          "shape":"UriPathRouteInput",
+          "documentation":"<p>onfiguration for the URI path route type. </p>"
+        }
+      }
+    },
+    "CreateServiceRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EndpointType",
+        "EnvironmentIdentifier",
+        "Name"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application which the service is created.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken":true
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the service.</p>"
+        },
+        "EndpointType":{
+          "shape":"ServiceEndpointType",
+          "documentation":"<p>The type of endpoint to use for the service. The type can be a URL in a VPC or an Lambda function.</p>"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment in which the service is created.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "LambdaEndpoint":{
+          "shape":"LambdaEndpointInput",
+          "documentation":"<p>The configuration for the Lambda endpoint type.</p>"
+        },
+        "Name":{
+          "shape":"ServiceName",
+          "documentation":"<p>The name of the service.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the service. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair.. </p>"
+        },
+        "UrlEndpoint":{
+          "shape":"UrlEndpointInput",
+          "documentation":"<p>The configuration for the URL endpoint type.</p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the VPC.</p>"
+        }
+      }
+    },
+    "CreateServiceResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application that the created service belongs to. </p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the service.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service creator.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service is created.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the created service.</p>"
+        },
+        "EndpointType":{
+          "shape":"ServiceEndpointType",
+          "documentation":"<p>The endpoint type of the service.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "LambdaEndpoint":{
+          "shape":"LambdaEndpointInput",
+          "documentation":"<p>The configuration for the Lambda endpoint type.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ServiceName",
+          "documentation":"<p>The name of the service.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service owner.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service.</p>"
+        },
+        "State":{
+          "shape":"ServiceState",
+          "documentation":"<p>The current state of the service. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the created service. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair.. </p>"
+        },
+        "UrlEndpoint":{
+          "shape":"UrlEndpointInput",
+          "documentation":"<p>The configuration for the URL endpoint type. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the VPC. </p>"
+        }
+      }
+    },
+    "DeleteApplicationRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        }
+      }
+    },
+    "DeleteApplicationResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the application’s environment.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ApplicationName",
+          "documentation":"<p>The name of the application.</p>"
+        },
+        "State":{
+          "shape":"ApplicationState",
+          "documentation":"<p>The current state of the application. </p>"
+        }
+      }
+    },
+    "DeleteEnvironmentRequest":{
+      "type":"structure",
+      "required":["EnvironmentIdentifier"],
+      "members":{
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        }
+      }
+    },
+    "DeleteEnvironmentResponse":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the environment.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment was last updated. </p>"
+        },
+        "Name":{
+          "shape":"EnvironmentName",
+          "documentation":"<p>The name of the environment.</p>"
+        },
+        "State":{
+          "shape":"EnvironmentState",
+          "documentation":"<p>The current state of the environment. </p>"
+        }
+      }
+    },
+    "DeleteResourcePolicyRequest":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"ResourcePolicyIdentifier",
+          "documentation":"<p>Amazon Resource Name (ARN) of the resource associated with the policy. </p>",
+          "location":"uri",
+          "locationName":"Identifier"
+        }
+      }
+    },
+    "DeleteResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteRouteRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "RouteIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application to delete the route from.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment to delete the route from.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "RouteIdentifier":{
+          "shape":"RouteId",
+          "documentation":"<p>The ID of the route to delete.</p>",
+          "location":"uri",
+          "locationName":"RouteIdentifier"
+        }
+      }
+    },
+    "DeleteRouteResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>he ID of the application that the route belongs to.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the route.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route was last updated. </p>"
+        },
+        "RouteId":{
+          "shape":"RouteId",
+          "documentation":"<p>The ID of the route to delete.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The ID of the service that the route belongs to.</p>"
+        },
+        "State":{
+          "shape":"RouteState",
+          "documentation":"<p>The current state of the route. </p>"
+        }
+      }
+    },
+    "DeleteServiceRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "ServiceIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>Deletes a Refactor Spaces service.</p> <note> <p>The <code>RefactorSpacesSecurityGroup</code> security group must be removed from all Amazon Web Services resources in the virtual private cloud (VPC) prior to deleting a service with a URL endpoint in a VPC.</p> </note>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment that the service is in.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "ServiceIdentifier":{
+          "shape":"ServiceId",
+          "documentation":"<p>The ID of the service to delete.</p>",
+          "location":"uri",
+          "locationName":"ServiceIdentifier"
+        }
+      }
+    },
+    "DeleteServiceResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application that the service is in.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the service.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ServiceName",
+          "documentation":"<p>The name of the service.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service.</p>"
+        },
+        "State":{
+          "shape":"ServiceState",
+          "documentation":"<p>The current state of the service. </p>"
+        }
+      }
+    },
+    "Description":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9-_\\s\\.\\!\\*\\#\\@\\']+$"
+    },
+    "Ec2TagValue":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^.*$"
+    },
+    "EnvironmentId":{
+      "type":"string",
+      "max":14,
+      "min":14,
+      "pattern":"^env-[0-9A-Za-z]{10}$"
+    },
+    "EnvironmentName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^(?!env-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$"
+    },
+    "EnvironmentState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "ACTIVE",
+        "DELETING",
+        "FAILED"
+      ]
+    },
+    "EnvironmentSummaries":{
+      "type":"list",
+      "member":{"shape":"EnvironmentSummary"}
+    },
+    "EnvironmentSummary":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the environment. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment is created. </p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the environment. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the environment resource. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment was last updated. </p>"
+        },
+        "Name":{
+          "shape":"EnvironmentName",
+          "documentation":"<p>The name of the environment. </p>"
+        },
+        "NetworkFabricType":{
+          "shape":"NetworkFabricType",
+          "documentation":"<p>The network fabric type of the environment. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the environment owner.</p>"
+        },
+        "State":{
+          "shape":"EnvironmentState",
+          "documentation":"<p>The current state of the environment. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the environment. </p>"
+        },
+        "TransitGatewayId":{
+          "shape":"TransitGatewayId",
+          "documentation":"<p>The ID of the transit gateway set up by the environment. </p>"
+        }
+      },
+      "documentation":"<p>The summary information for environments as a response to <code>ListEnvironments</code>. </p>"
+    },
+    "EnvironmentVpc":{
+      "type":"structure",
+      "members":{
+        "AccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the virtual private cloud (VPC) owner. </p>"
+        },
+        "CidrBlocks":{
+          "shape":"CidrBlocks",
+          "documentation":"<p>The list of Amazon Virtual Private Cloud (Amazon VPC) CIDR blocks. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the VPC is first added to the environment. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the VPC was last updated by the environment. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the VPC. </p>"
+        },
+        "VpcName":{
+          "shape":"Ec2TagValue",
+          "documentation":"<p>The name of the VPC at the time it is added to the environment. </p>"
+        }
+      },
+      "documentation":"<p>Provides summary information for the <code>EnvironmentVpc</code> resource as a response to <code>ListEnvironmentVpc</code>.</p>"
+    },
+    "EnvironmentVpcs":{
+      "type":"list",
+      "member":{"shape":"EnvironmentVpc"}
+    },
+    "ErrorCode":{
+      "type":"string",
+      "enum":[
+        "INVALID_RESOURCE_STATE",
+        "RESOURCE_LIMIT_EXCEEDED",
+        "RESOURCE_CREATION_FAILURE",
+        "RESOURCE_UPDATE_FAILURE",
+        "SERVICE_ENDPOINT_HEALTH_CHECK_FAILURE",
+        "RESOURCE_DELETION_FAILURE",
+        "RESOURCE_RETRIEVAL_FAILURE",
+        "RESOURCE_IN_USE",
+        "RESOURCE_NOT_FOUND",
+        "STATE_TRANSITION_FAILURE",
+        "REQUEST_LIMIT_EXCEEDED",
+        "NOT_AUTHORIZED"
+      ]
+    },
+    "ErrorMessage":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "pattern":"^[\\p{Alnum}\\p{Punct}\\p{Blank}]*$"
+    },
+    "ErrorResourceType":{
+      "type":"string",
+      "enum":[
+        "ENVIRONMENT",
+        "APPLICATION",
+        "ROUTE",
+        "SERVICE",
+        "TRANSIT_GATEWAY",
+        "TRANSIT_GATEWAY_ATTACHMENT",
+        "API_GATEWAY",
+        "NLB",
+        "TARGET_GROUP",
+        "LOAD_BALANCER_LISTENER",
+        "VPC_LINK",
+        "LAMBDA",
+        "VPC",
+        "SUBNET",
+        "ROUTE_TABLE",
+        "SECURITY_GROUP",
+        "VPC_ENDPOINT_SERVICE_CONFIGURATION",
+        "RESOURCE_SHARE",
+        "IAM_ROLE"
+      ]
+    },
+    "ErrorResponse":{
+      "type":"structure",
+      "members":{
+        "AccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the resource owner. </p>"
+        },
+        "AdditionalDetails":{
+          "shape":"AdditionalDetails",
+          "documentation":"<p>Additional details about the error. </p>"
+        },
+        "Code":{
+          "shape":"ErrorCode",
+          "documentation":"<p>The error code associated with the error. </p>"
+        },
+        "Message":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>The message associated with the error. </p>"
+        },
+        "ResourceIdentifier":{
+          "shape":"ResourceIdentifier",
+          "documentation":"<p>The ID of the resource. </p>"
+        },
+        "ResourceType":{
+          "shape":"ErrorResourceType",
+          "documentation":"<p>The type of resource. </p>"
+        }
+      },
+      "documentation":"<p>Error associated with a resource returned for a Get or List resource response. </p>"
+    },
+    "GetApplicationRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        }
+      }
+    },
+    "GetApplicationResponse":{
+      "type":"structure",
+      "members":{
+        "ApiGatewayProxy":{
+          "shape":"ApiGatewayProxyConfig",
+          "documentation":"<p>The endpoint URL of the API Gateway proxy. </p>"
+        },
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The unique identifier of the application.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the application creator. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application is created. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the application resource. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the application was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ApplicationName",
+          "documentation":"<p>The name of the application.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the application owner.</p>"
+        },
+        "ProxyType":{
+          "shape":"ProxyType",
+          "documentation":"<p>The proxy type of the proxy created within the application. </p>"
+        },
+        "State":{
+          "shape":"ApplicationState",
+          "documentation":"<p>The current state of the application. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the application. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the virtual private cloud (VPC). </p>"
+        }
+      }
+    },
+    "GetEnvironmentRequest":{
+      "type":"structure",
+      "required":["EnvironmentIdentifier"],
+      "members":{
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        }
+      }
+    },
+    "GetEnvironmentResponse":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the environment.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment is created. </p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the environment. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the environment resource. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the environment was last updated. </p>"
+        },
+        "Name":{
+          "shape":"EnvironmentName",
+          "documentation":"<p>The name of the environment.</p>"
+        },
+        "NetworkFabricType":{
+          "shape":"NetworkFabricType",
+          "documentation":"<p>The network fabric type of the environment. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the environment owner.</p>"
+        },
+        "State":{
+          "shape":"EnvironmentState",
+          "documentation":"<p>The current state of the environment. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the environment. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        },
+        "TransitGatewayId":{
+          "shape":"TransitGatewayId",
+          "documentation":"<p>The ID of the transit gateway set up by the environment. </p>"
+        }
+      }
+    },
+    "GetResourcePolicyRequest":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"ResourcePolicyIdentifier",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource associated with the policy. </p>",
+          "location":"uri",
+          "locationName":"Identifier"
+        }
+      }
+    },
+    "GetResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+        "Policy":{
+          "shape":"PolicyString",
+          "documentation":"<p>A JSON-formatted string for an Amazon Web Services resource-based policy. </p>"
+        }
+      }
+    },
+    "GetRouteRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "RouteIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application. </p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "RouteIdentifier":{
+          "shape":"RouteId",
+          "documentation":"<p>The ID of the route.</p>",
+          "location":"uri",
+          "locationName":"RouteIdentifier"
+        }
+      }
+    },
+    "GetRouteResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application that the route belongs to. </p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the route.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route creator.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of when the route is created. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>Unique identifier of the environment.</p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the route resource. </p>"
+        },
+        "IncludeChildPaths":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to match all subpaths of the given source path. If this value is <code>false</code>, requests must match the source path exactly before they are forwarded to this route's service. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route was last updated. </p>"
+        },
+        "Methods":{
+          "shape":"HttpMethods",
+          "documentation":"<p>A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route’s service. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route owner.</p>"
+        },
+        "PathResourceToId":{
+          "shape":"PathResourceToId",
+          "documentation":"<p>A mapping of Amazon API Gateway path resources to resource IDs. </p>"
+        },
+        "RouteId":{
+          "shape":"RouteId",
+          "documentation":"<p>The unique identifier of the route.</p> <p> <b>DEFAULT</b>: All traffic that does not match another route is forwarded to the default route. Applications must have a default route before any other routes can be created.</p> <p> <b>URI_PATH</b>: A route that is based on a URI path.</p>"
+        },
+        "RouteType":{
+          "shape":"RouteType",
+          "documentation":"<p>The type of route.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service.</p>"
+        },
+        "SourcePath":{
+          "shape":"UriPath",
+          "documentation":"<p>The path to use to match traffic. Paths must start with <code>/</code> and are relative to the base of the application. </p>"
+        },
+        "State":{
+          "shape":"RouteState",
+          "documentation":"<p>The current state of the route. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the route. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        }
+      }
+    },
+    "GetServiceRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier",
+        "ServiceIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application.</p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment.</p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "ServiceIdentifier":{
+          "shape":"ServiceId",
+          "documentation":"<p>The ID of the service.</p>",
+          "location":"uri",
+          "locationName":"ServiceIdentifier"
+        }
+      }
+    },
+    "GetServiceResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application.</p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the service.</p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service creator.</p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of when the service is created.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the service. </p>"
+        },
+        "EndpointType":{
+          "shape":"ServiceEndpointType",
+          "documentation":"<p>The endpoint type of the service.</p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment.</p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the service resource. </p>"
+        },
+        "LambdaEndpoint":{
+          "shape":"LambdaEndpointConfig",
+          "documentation":"<p>The configuration for the Lambda endpoint type.</p> <p>The <b>Arn</b> is the Amazon Resource Name (ARN) of the Lambda function associated with this service. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ServiceName",
+          "documentation":"<p>The name of the service.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service owner.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service.</p>"
+        },
+        "State":{
+          "shape":"ServiceState",
+          "documentation":"<p>The current state of the service. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the service. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key-value pair. </p>"
+        },
+        "UrlEndpoint":{
+          "shape":"UrlEndpointConfig",
+          "documentation":"<p>The configuration for the URL endpoint type.</p> <p>The <b>Url</b> isthe URL of the endpoint type.</p> <p>The <b>HealthUrl</b> is the health check URL of the endpoint type. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the virtual private cloud (VPC). </p>"
+        }
+      }
+    },
+    "HttpMethod":{
+      "type":"string",
+      "enum":[
+        "DELETE",
+        "GET",
+        "HEAD",
+        "OPTIONS",
+        "PATCH",
+        "POST",
+        "PUT"
+      ]
+    },
+    "HttpMethods":{
+      "type":"list",
+      "member":{"shape":"HttpMethod"}
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>An unexpected error occurred while processing the request.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "InvalidResourcePolicyException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>The resource policy is not valid.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "LambdaArn":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(: (\\$LATEST|[a-zA-Z0-9-_]+))?$"
+    },
+    "LambdaEndpointConfig":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"LambdaArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda endpoint. </p>"
+        }
+      },
+      "documentation":"<p>The configuration for the Lambda endpoint type. </p>"
+    },
+    "LambdaEndpointInput":{
+      "type":"structure",
+      "required":["Arn"],
+      "members":{
+        "Arn":{
+          "shape":"LambdaArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda endpoint. </p>"
+        }
+      },
+      "documentation":"<p>The input for the Lambda endpoint type. </p>"
+    },
+    "LambdaEndpointSummary":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"LambdaArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda endpoint. </p>"
+        }
+      },
+      "documentation":"<p>The summary for the Lambda endpoint type. </p>"
+    },
+    "ListApplicationsRequest":{
+      "type":"structure",
+      "required":["EnvironmentIdentifier"],
+      "members":{
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListApplicationsResponse":{
+      "type":"structure",
+      "members":{
+        "ApplicationSummaryList":{
+          "shape":"ApplicationSummaries",
+          "documentation":"<p>The list of <code>ApplicationSummary</code> objects. </p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListEnvironmentVpcsRequest":{
+      "type":"structure",
+      "required":["EnvironmentIdentifier"],
+      "members":{
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListEnvironmentVpcsResponse":{
+      "type":"structure",
+      "members":{
+        "EnvironmentVpcList":{
+          "shape":"EnvironmentVpcs",
+          "documentation":"<p>The list of <code>EnvironmentVpc</code> objects. </p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListEnvironmentsRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListEnvironmentsResponse":{
+      "type":"structure",
+      "members":{
+        "EnvironmentSummaryList":{
+          "shape":"EnvironmentSummaries",
+          "documentation":"<p>The list of <code>EnvironmentSummary</code> objects. </p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListRoutesRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application. </p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListRoutesResponse":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "RouteSummaryList":{
+          "shape":"RouteSummaries",
+          "documentation":"<p>The list of <code>RouteSummary</code> objects. </p>"
+        }
+      }
+    },
+    "ListServicesRequest":{
+      "type":"structure",
+      "required":[
+        "ApplicationIdentifier",
+        "EnvironmentIdentifier"
+      ],
+      "members":{
+        "ApplicationIdentifier":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The ID of the application. </p>",
+          "location":"uri",
+          "locationName":"ApplicationIdentifier"
+        },
+        "EnvironmentIdentifier":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The ID of the environment. </p>",
+          "location":"uri",
+          "locationName":"EnvironmentIdentifier"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListServicesResponse":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "ServiceSummaryList":{
+          "shape":"ServiceSummaries",
+          "documentation":"<p> The list of <code>ServiceSummary</code> objects. </p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource. </p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tags assigned to the resource. </p>"
+        }
+      }
+    },
+    "MaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "NetworkFabricType":{
+      "type":"string",
+      "enum":["TRANSIT_GATEWAY"]
+    },
+    "NextToken":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9/\\+\\=]{0,2048}$"
+    },
+    "NlbArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:aws:elasticloadbalancing:[a-zA-Z0-9\\-]+:\\w{12}:[a-zA-Z_0-9+=,.@\\-_/]+$"
+    },
+    "NlbName":{
+      "type":"string",
+      "max":32,
+      "min":1,
+      "pattern":"^(?!internal-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+.*[^-]$"
+    },
+    "PathResourceToId":{
+      "type":"map",
+      "key":{"shape":"PathResourceToIdKey"},
+      "value":{"shape":"PathResourceToIdValue"}
+    },
+    "PathResourceToIdKey":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
+    "PathResourceToIdValue":{
+      "type":"string",
+      "max":10,
+      "min":10,
+      "pattern":"^[a-z0-9]{10}$"
+    },
+    "PolicyString":{
+      "type":"string",
+      "max":300000,
+      "min":1,
+      "pattern":"^.*\\S.*$"
+    },
+    "ProxyType":{
+      "type":"string",
+      "enum":["API_GATEWAY"]
+    },
+    "PutResourcePolicyRequest":{
+      "type":"structure",
+      "required":[
+        "Policy",
+        "ResourceArn"
+      ],
+      "members":{
+        "Policy":{
+          "shape":"PolicyString",
+          "documentation":"<p>A JSON-formatted string for an Amazon Web Services resource-based policy. </p>"
+        },
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource to which the policy is being attached. </p>"
+        }
+      }
+    },
+    "PutResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "ResourceArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:aws:refactor-spaces:[a-zA-Z0-9\\-]+:\\w{12}:[a-zA-Z_0-9+=,.@\\-_/]+$"
+    },
+    "ResourceIdentifier":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"(^(env|svc|pxy|rte|app)-([0-9A-Za-z]{10}$))"
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "required":[
+        "Message",
+        "ResourceId",
+        "ResourceType"
+      ],
+      "members":{
+        "Message":{"shape":"String"},
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource. </p>"
+        },
+        "ResourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of resource. </p>"
+        }
+      },
+      "documentation":"<p>The request references a resource that does not exist. </p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourcePolicyIdentifier":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:aws:refactor-spaces:[a-zA-Z0-9\\-]+:\\w{12}:[a-zA-Z_0-9+=,.@\\-_/]+$"
+    },
+    "RetryAfterSeconds":{"type":"integer"},
+    "RouteActivationState":{
+      "type":"string",
+      "enum":["ACTIVE"]
+    },
+    "RouteId":{
+      "type":"string",
+      "max":14,
+      "min":14,
+      "pattern":"^rte-[0-9A-Za-z]{10}$"
+    },
+    "RouteState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "ACTIVE",
+        "DELETING",
+        "FAILED",
+        "UPDATING",
+        "INACTIVE"
+      ]
+    },
+    "RouteSummaries":{
+      "type":"list",
+      "member":{"shape":"RouteSummary"}
+    },
+    "RouteSummary":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The unique identifier of the application. </p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the route. </p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route creator. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route is created. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the route resource. </p>"
+        },
+        "IncludeChildPaths":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to match all subpaths of the given source path. If this value is <code>false</code>, requests must match the source path exactly before they are forwarded to this route's service.</p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the route was last updated. </p>"
+        },
+        "Methods":{
+          "shape":"HttpMethods",
+          "documentation":"<p>A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route’s service. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the route owner.</p>"
+        },
+        "PathResourceToId":{
+          "shape":"PathResourceToId",
+          "documentation":"<p>A mapping of Amazon API Gateway path resources to resource IDs. </p>"
+        },
+        "RouteId":{
+          "shape":"RouteId",
+          "documentation":"<p>The unique identifier of the route. </p>"
+        },
+        "RouteType":{
+          "shape":"RouteType",
+          "documentation":"<p>The route type of the route. </p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service. </p>"
+        },
+        "SourcePath":{
+          "shape":"UriPath",
+          "documentation":"<p>The path to use to match traffic. Paths must start with <code>/</code> and are relative to the base of the application.</p>"
+        },
+        "State":{
+          "shape":"RouteState",
+          "documentation":"<p>The current state of the route. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the route. </p>"
+        }
+      },
+      "documentation":"<p>The summary information for the routes as a response to <code>ListRoutes</code>. </p>"
+    },
+    "RouteType":{
+      "type":"string",
+      "enum":[
+        "DEFAULT",
+        "URI_PATH"
+      ]
+    },
+    "ServiceEndpointType":{
+      "type":"string",
+      "enum":[
+        "LAMBDA",
+        "URL"
+      ]
+    },
+    "ServiceId":{
+      "type":"string",
+      "max":14,
+      "min":14,
+      "pattern":"^svc-[0-9A-Za-z]{10}$"
+    },
+    "ServiceName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"^(?!svc-)[a-zA-Z0-9]+[a-zA-Z0-9-_ ]+$"
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "required":[
+        "Message",
+        "ResourceId",
+        "ResourceType",
+        "ServiceCode"
+      ],
+      "members":{
+        "Message":{"shape":"String"},
+        "QuotaCode":{
+          "shape":"String",
+          "documentation":"<p>Service quota requirement to identify originating quota. Reached throttling quota exception. </p>"
+        },
+        "ResourceId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the resource. </p>"
+        },
+        "ResourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of resource. </p>"
+        },
+        "ServiceCode":{
+          "shape":"String",
+          "documentation":"<p>Service quota requirement to identify originating service. Reached throttling quota exception service code. </p>"
+        }
+      },
+      "documentation":"<p>The request would cause a service quota to be exceeded. </p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ServiceState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "ACTIVE",
+        "DELETING",
+        "FAILED"
+      ]
+    },
+    "ServiceSummaries":{
+      "type":"list",
+      "member":{"shape":"ServiceSummary"}
+    },
+    "ServiceSummary":{
+      "type":"structure",
+      "members":{
+        "ApplicationId":{
+          "shape":"ApplicationId",
+          "documentation":"<p>The unique identifier of the application. </p>"
+        },
+        "Arn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the service. </p>"
+        },
+        "CreatedByAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service creator. </p>"
+        },
+        "CreatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service is created. </p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>A description of the service. </p>"
+        },
+        "EndpointType":{
+          "shape":"ServiceEndpointType",
+          "documentation":"<p>The endpoint type of the service. </p>"
+        },
+        "EnvironmentId":{
+          "shape":"EnvironmentId",
+          "documentation":"<p>The unique identifier of the environment. </p>"
+        },
+        "Error":{
+          "shape":"ErrorResponse",
+          "documentation":"<p>Any error associated with the service resource. </p>"
+        },
+        "LambdaEndpoint":{
+          "shape":"LambdaEndpointSummary",
+          "documentation":"<p>A summary of the configuration for the Lambda endpoint type. </p>"
+        },
+        "LastUpdatedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that indicates when the service was last updated. </p>"
+        },
+        "Name":{
+          "shape":"ServiceName",
+          "documentation":"<p>The name of the service. </p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID of the service owner.</p>"
+        },
+        "ServiceId":{
+          "shape":"ServiceId",
+          "documentation":"<p>The unique identifier of the service. </p>"
+        },
+        "State":{
+          "shape":"ServiceState",
+          "documentation":"<p>The current state of the service. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the service. </p>"
+        },
+        "UrlEndpoint":{
+          "shape":"UrlEndpointSummary",
+          "documentation":"<p>The summary of the configuration for the URL endpoint type. </p>"
+        },
+        "VpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The ID of the virtual private cloud (VPC). </p>"
+        }
+      },
+      "documentation":"<p>A summary for the service as a response to <code>ListServices</code>. </p>"
+    },
+    "StageName":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[-a-zA-Z0-9_]*$"
+    },
+    "String":{"type":"string"},
+    "TagKeys":{
+      "type":"list",
+      "member":{"shape":"String"},
+      "sensitive":true
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"TagMapKeyString"},
+      "value":{"shape":"TagMapValueString"},
+      "documentation":"<p>A collection of up to 50 unique tags</p>",
+      "max":50,
+      "min":0,
+      "sensitive":true
+    },
+    "TagMapKeyString":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:).+"
+    },
+    "TagMapValueString":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Tags"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource</p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The new or modified tags for the resource. </p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"},
+        "QuotaCode":{
+          "shape":"String",
+          "documentation":"<p>Service quota requirement to identify originating quota. Reached throttling quota exception. </p>"
+        },
+        "RetryAfterSeconds":{
+          "shape":"RetryAfterSeconds",
+          "documentation":"<p>The number of seconds to wait before retrying. </p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        },
+        "ServiceCode":{
+          "shape":"String",
+          "documentation":"<p>Service quota requirement to identify originating service. Reached throttling quota exception service code. </p>"
+        }
+      },
+      "documentation":"<p>Request was denied because the request was throttled. </p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Timestamp":{"type":"timestamp"},
+    "TransitGatewayId":{
+      "type":"string",
+      "max":21,
+      "min":21,
+      "pattern":"^tgw-[-a-f0-9]{17}$"
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "TagKeys"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource. </p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        },
+        "TagKeys":{
+          "shape":"TagKeys",
+          "documentation":"<p>The list of keys of the tags to be removed from the resource. </p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Uri":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^https?://[-a-zA-Z0-9+\\x38@#/%?=~_|!:,.;]*[-a-zA-Z0-9+\\x38@#/%=~_|]$"
+    },
+    "UriPath":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^(/[a-zA-Z0-9._-]+)+$"
+    },
+    "UriPathRouteInput":{
+      "type":"structure",
+      "required":[
+        "ActivationState",
+        "SourcePath"
+      ],
+      "members":{
+        "ActivationState":{
+          "shape":"RouteActivationState",
+          "documentation":"<p>Indicates whether traffic is forwarded to this route’s service after the route is created. </p>"
+        },
+        "IncludeChildPaths":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether to match all subpaths of the given source path. If this value is <code>false</code>, requests must match the source path exactly before they are forwarded to this route's service. </p>"
+        },
+        "Methods":{
+          "shape":"HttpMethods",
+          "documentation":"<p>A list of HTTP methods to match. An empty list matches all values. If a method is present, only HTTP requests using that method are forwarded to this route’s service. </p>"
+        },
+        "SourcePath":{
+          "shape":"UriPath",
+          "documentation":"<p>The path to use to match traffic. Paths must start with <code>/</code> and are relative to the base of the application.</p>"
+        }
+      },
+      "documentation":"<p>The configuration for the URI path route type. </p>"
+    },
+    "UrlEndpointConfig":{
+      "type":"structure",
+      "members":{
+        "HealthUrl":{
+          "shape":"Uri",
+          "documentation":"<p>The health check URL of the URL endpoint type. </p>"
+        },
+        "Url":{
+          "shape":"Uri",
+          "documentation":"<p>The HTTP URL endpoint. </p>"
+        }
+      },
+      "documentation":"<p>The configuration for the URL endpoint type. </p>"
+    },
+    "UrlEndpointInput":{
+      "type":"structure",
+      "required":["Url"],
+      "members":{
+        "HealthUrl":{
+          "shape":"Uri",
+          "documentation":"<p>The health check URL of the URL endpoint type. If the URL is a public endpoint, the <code>HealthUrl</code> must also be a public endpoint. If the URL is a private endpoint inside a virtual private cloud (VPC), the health URL must also be a private endpoint, and the host must be the same as the URL. </p>"
+        },
+        "Url":{
+          "shape":"Uri",
+          "documentation":"<p>The URL to route traffic to. The URL must be an <a href=\"https://datatracker.ietf.org/doc/html/rfc3986\">rfc3986-formatted URL</a>. If the host is a domain name, the name must be resolvable over the public internet. If the scheme is <code>https</code>, the top level domain of the host must be listed in the <a href=\"https://www.iana.org/domains/root/db\">IANA root zone database</a>. </p>"
+        }
+      },
+      "documentation":"<p>The configuration for the URL endpoint type. </p>"
+    },
+    "UrlEndpointSummary":{
+      "type":"structure",
+      "members":{
+        "HealthUrl":{
+          "shape":"Uri",
+          "documentation":"<p>The health check URL of the URL endpoint type. If the URL is a public endpoint, the <code>HealthUrl</code> must also be a public endpoint. If the URL is a private endpoint inside a virtual private cloud (VPC), the health URL must also be a private endpoint, and the host must be the same as the URL.</p>"
+        },
+        "Url":{
+          "shape":"Uri",
+          "documentation":"<p> The URL to route traffic to. The URL must be an <a href=\"https://datatracker.ietf.org/doc/html/rfc3986\">rfc3986-formatted URL</a>. If the host is a domain name, the name must be resolvable over the public internet. If the scheme is <code>https</code>, the top level domain of the host must be listed in the <a href=\"https://www.iana.org/domains/root/db\">IANA root zone database</a>. </p>"
+        }
+      },
+      "documentation":"<p>The summary of the configuration for the URL endpoint type. </p>"
+    },
+    "ValidationException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>The input does not satisfy the constraints specified by an Amazon Web Service. </p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "VpcId":{
+      "type":"string",
+      "max":21,
+      "min":12,
+      "pattern":"^vpc-[-a-f0-9]{8}([-a-f0-9]{9})?$"
+    },
+    "VpcLinkId":{
+      "type":"string",
+      "max":10,
+      "min":10,
+      "pattern":"^[a-z0-9]{10}$"
+    }
+  },
+  "documentation":"<p><fullname>Amazon Web Services Migration Hub Refactor Spaces</fullname></p> <pre><code> &lt;p&gt;This API reference provides descriptions, syntax, and other details about each of the actions and data types for Amazon Web Services Migration Hub Refactor Spaces (Refactor Spaces). The topic for each action shows the API request parameters and the response. Alternatively, you can use one of the Amazon Web Services SDKs to access an API that is tailored to the programming language or platform that you're using. For more information, see &lt;a href=&quot;http://aws.amazon.com/tools/#SDKs&quot;&gt;Amazon Web Services SDKs&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json
new file mode 100644
index 00000000000..5f446456d51
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json
@@ -0,0 +1,34 @@
+{
+  "pagination": {
+    "GetServerDetails": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "associatedApplications"
+    },
+    "ListApplicationComponents": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "applicationComponentInfos"
+    },
+    "ListCollectors": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "Collectors"
+    },
+    "ListImportFileTask": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "taskInfos"
+    },
+    "ListServers": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "serverInfos"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json
new file mode 100644
index 00000000000..2524463ac8a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json
@@ -0,0 +1,12 @@
+{
+    "version": 1.0,
+    "merge": {
+        "pagination": {
+            "GetServerDetails": {
+                "non_aggregate_keys": [
+                    "serverDetail"
+                ]
+            }
+        }
+    }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/service-2.json b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/service-2.json
new file mode 100644
index 00000000000..f8c69859a95
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/migrationhubstrategy/2020-02-19/service-2.json
@@ -0,0 +1,2424 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2020-02-19",
+    "endpointPrefix":"migrationhub-strategy",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"Migration Hub Strategy Recommendations",
+    "serviceId":"MigrationHubStrategy",
+    "signatureVersion":"v4",
+    "signingName":"migrationhub-strategy",
+    "uid":"migrationhubstrategy-2020-02-19"
+  },
+  "operations":{
+    "GetApplicationComponentDetails":{
+      "name":"GetApplicationComponentDetails",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-applicationcomponent-details/{applicationComponentId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetApplicationComponentDetailsRequest"},
+      "output":{"shape":"GetApplicationComponentDetailsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves details about an application component. </p>"
+    },
+    "GetApplicationComponentStrategies":{
+      "name":"GetApplicationComponentStrategies",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-applicationcomponent-strategies/{applicationComponentId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetApplicationComponentStrategiesRequest"},
+      "output":{"shape":"GetApplicationComponentStrategiesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves a list of all the recommended strategies and tools for an application component running on a server. </p>"
+    },
+    "GetAssessment":{
+      "name":"GetAssessment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-assessment/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetAssessmentRequest"},
+      "output":{"shape":"GetAssessmentResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves the status of an on-going assessment. </p>"
+    },
+    "GetImportFileTask":{
+      "name":"GetImportFileTask",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-import-file-task/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetImportFileTaskRequest"},
+      "output":{"shape":"GetImportFileTaskResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves the details about a specific import task. </p>"
+    },
+    "GetPortfolioPreferences":{
+      "name":"GetPortfolioPreferences",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-portfolio-preferences",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPortfolioPreferencesRequest"},
+      "output":{"shape":"GetPortfolioPreferencesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves your migration and modernization preferences. </p>"
+    },
+    "GetPortfolioSummary":{
+      "name":"GetPortfolioSummary",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-portfolio-summary",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPortfolioSummaryRequest"},
+      "output":{"shape":"GetPortfolioSummaryResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves overall summary including the number of servers to rehost and the overall number of anti-patterns. </p>"
+    },
+    "GetRecommendationReportDetails":{
+      "name":"GetRecommendationReportDetails",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-recommendation-report-details/{id}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetRecommendationReportDetailsRequest"},
+      "output":{"shape":"GetRecommendationReportDetailsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves detailed information about the specified recommendation report. </p>"
+    },
+    "GetServerDetails":{
+      "name":"GetServerDetails",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-server-details/{serverId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetServerDetailsRequest"},
+      "output":{"shape":"GetServerDetailsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves detailed information about a specified server. </p>"
+    },
+    "GetServerStrategies":{
+      "name":"GetServerStrategies",
+      "http":{
+        "method":"GET",
+        "requestUri":"/get-server-strategies/{serverId}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetServerStrategiesRequest"},
+      "output":{"shape":"GetServerStrategiesResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves recommended strategies and tools for the specified server. </p>"
+    },
+    "ListApplicationComponents":{
+      "name":"ListApplicationComponents",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-applicationcomponents",
+        "responseCode":200
+      },
+      "input":{"shape":"ListApplicationComponentsRequest"},
+      "output":{"shape":"ListApplicationComponentsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ServiceLinkedRoleLockClientException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves a list of all the application components (processes). </p>"
+    },
+    "ListCollectors":{
+      "name":"ListCollectors",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-collectors",
+        "responseCode":200
+      },
+      "input":{"shape":"ListCollectorsRequest"},
+      "output":{"shape":"ListCollectorsResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves a list of all the installed collectors. </p>"
+    },
+    "ListImportFileTask":{
+      "name":"ListImportFileTask",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-import-file-task",
+        "responseCode":200
+      },
+      "input":{"shape":"ListImportFileTaskRequest"},
+      "output":{"shape":"ListImportFileTaskResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Retrieves a list of all the imports performed. </p>"
+    },
+    "ListServers":{
+      "name":"ListServers",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-servers",
+        "responseCode":200
+      },
+      "input":{"shape":"ListServersRequest"},
+      "output":{"shape":"ListServersResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Returns a list of all the servers. </p>"
+    },
+    "PutPortfolioPreferences":{
+      "name":"PutPortfolioPreferences",
+      "http":{
+        "method":"POST",
+        "requestUri":"/put-portfolio-preferences",
+        "responseCode":200
+      },
+      "input":{"shape":"PutPortfolioPreferencesRequest"},
+      "output":{"shape":"PutPortfolioPreferencesResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Saves the specified migration and modernization preferences. </p>"
+    },
+    "StartAssessment":{
+      "name":"StartAssessment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/start-assessment",
+        "responseCode":200
+      },
+      "input":{"shape":"StartAssessmentRequest"},
+      "output":{"shape":"StartAssessmentResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Starts the assessment of an on-premises environment. </p>"
+    },
+    "StartImportFileTask":{
+      "name":"StartImportFileTask",
+      "http":{
+        "method":"POST",
+        "requestUri":"/start-import-file-task",
+        "responseCode":200
+      },
+      "input":{"shape":"StartImportFileTaskRequest"},
+      "output":{"shape":"StartImportFileTaskResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Starts a file import. </p>"
+    },
+    "StartRecommendationReportGeneration":{
+      "name":"StartRecommendationReportGeneration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/start-recommendation-report-generation",
+        "responseCode":200
+      },
+      "input":{"shape":"StartRecommendationReportGenerationRequest"},
+      "output":{"shape":"StartRecommendationReportGenerationResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Starts generating a recommendation report. </p>"
+    },
+    "StopAssessment":{
+      "name":"StopAssessment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/stop-assessment",
+        "responseCode":200
+      },
+      "input":{"shape":"StopAssessmentRequest"},
+      "output":{"shape":"StopAssessmentResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Stops the assessment of an on-premises environment. </p>"
+    },
+    "UpdateApplicationComponentConfig":{
+      "name":"UpdateApplicationComponentConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/update-applicationcomponent-config/",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateApplicationComponentConfigRequest"},
+      "output":{"shape":"UpdateApplicationComponentConfigResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Updates the configuration of an application component. </p>"
+    },
+    "UpdateServerConfig":{
+      "name":"UpdateServerConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/update-server-config/",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateServerConfigRequest"},
+      "output":{"shape":"UpdateServerConfigResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Updates the configuration of the specified server. </p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p> The AWS user account does not have permission to perform the action. Check the AWS Identity and Access Management (IAM) policy associated with this account.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "AntipatternReportStatus":{
+      "type":"string",
+      "enum":[
+        "FAILED",
+        "IN_PROGRESS",
+        "SUCCESS"
+      ]
+    },
+    "AntipatternSeveritySummary":{
+      "type":"structure",
+      "members":{
+        "count":{
+          "shape":"Integer",
+          "documentation":"<p> Contains the count of anti-patterns. </p>"
+        },
+        "severity":{
+          "shape":"Severity",
+          "documentation":"<p> Contains the severity of anti-patterns. </p>"
+        }
+      },
+      "documentation":"<p> Contains the summary of anti-patterns and their severity. </p>"
+    },
+    "AppType":{
+      "type":"string",
+      "enum":[
+        "DotNetFramework",
+        "Java",
+        "SQLServer",
+        "IIS",
+        "Oracle",
+        "Other"
+      ]
+    },
+    "ApplicationComponentCriteria":{
+      "type":"string",
+      "enum":[
+        "NOT_DEFINED",
+        "APP_NAME",
+        "SERVER_ID",
+        "APP_TYPE",
+        "STRATEGY",
+        "DESTINATION"
+      ]
+    },
+    "ApplicationComponentDetail":{
+      "type":"structure",
+      "members":{
+        "analysisStatus":{
+          "shape":"SrcCodeOrDbAnalysisStatus",
+          "documentation":"<p> The status of analysis, if the application component has source code or an associated database. </p>"
+        },
+        "antipatternReportS3Object":{
+          "shape":"S3Object",
+          "documentation":"<p> The S3 bucket name and the Amazon S3 key name for the anti-pattern report. </p>"
+        },
+        "antipatternReportStatus":{
+          "shape":"AntipatternReportStatus",
+          "documentation":"<p> The status of the anti-pattern report generation.</p>"
+        },
+        "antipatternReportStatusMessage":{
+          "shape":"StatusMessage",
+          "documentation":"<p> The status message for the anti-pattern. </p>"
+        },
+        "appType":{
+          "shape":"AppType",
+          "documentation":"<p> The type of application component. </p>"
+        },
+        "associatedServerId":{
+          "shape":"ServerId",
+          "documentation":"<p> The ID of the server that the application component is running on. </p>"
+        },
+        "databaseConfigDetail":{
+          "shape":"DatabaseConfigDetail",
+          "documentation":"<p> Configuration details for the database associated with the application component. </p>"
+        },
+        "id":{
+          "shape":"ResourceId",
+          "documentation":"<p> The ID of the application component. </p>"
+        },
+        "inclusionStatus":{
+          "shape":"InclusionStatus",
+          "documentation":"<p> Indicates whether the application component has been included for server recommendation or not. </p>"
+        },
+        "lastAnalyzedTimestamp":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The timestamp of when the application component was assessed. </p>"
+        },
+        "listAntipatternSeveritySummary":{
+          "shape":"ListAntipatternSeveritySummary",
+          "documentation":"<p> A list of anti-pattern severity summaries. </p>"
+        },
+        "moreServerAssociationExists":{
+          "shape":"Boolean",
+          "documentation":"<p> Set to true if the application component is running on multiple servers.</p>"
+        },
+        "name":{
+          "shape":"ResourceName",
+          "documentation":"<p> The name of application component. </p>"
+        },
+        "osDriver":{
+          "shape":"String",
+          "documentation":"<p> OS driver. </p>"
+        },
+        "osVersion":{
+          "shape":"String",
+          "documentation":"<p> OS version. </p>"
+        },
+        "recommendationSet":{
+          "shape":"RecommendationSet",
+          "documentation":"<p> The top recommendation set for the application component. </p>"
+        },
+        "resourceSubType":{
+          "shape":"ResourceSubType",
+          "documentation":"<p> The application component subtype.</p>"
+        },
+        "sourceCodeRepositories":{
+          "shape":"SourceCodeRepositories",
+          "documentation":"<p> Details about the source code repository associated with the application component. </p>"
+        },
+        "statusMessage":{
+          "shape":"StatusMessage",
+          "documentation":"<p> A detailed description of the analysis status and any failure message. </p>"
+        }
+      },
+      "documentation":"<p> Contains detailed information about an application component. </p>"
+    },
+    "ApplicationComponentDetails":{
+      "type":"list",
+      "member":{"shape":"ApplicationComponentDetail"}
+    },
+    "ApplicationComponentId":{
+      "type":"string",
+      "max":44,
+      "min":0,
+      "pattern":"[0-9a-zA-Z-]+"
+    },
+    "ApplicationComponentStrategies":{
+      "type":"list",
+      "member":{"shape":"ApplicationComponentStrategy"}
+    },
+    "ApplicationComponentStrategy":{
+      "type":"structure",
+      "members":{
+        "isPreferred":{
+          "shape":"Boolean",
+          "documentation":"<p> Set to true if the recommendation is set as preferred. </p>"
+        },
+        "recommendation":{
+          "shape":"RecommendationSet",
+          "documentation":"<p> Strategy recommendation for the application component. </p>"
+        },
+        "status":{
+          "shape":"StrategyRecommendation",
+          "documentation":"<p> The recommendation status of a strategy for an application component. </p>"
+        }
+      },
+      "documentation":"<p> Contains information about a strategy recommendation for an application component. </p>"
+    },
+    "ApplicationComponentSummary":{
+      "type":"structure",
+      "members":{
+        "appType":{
+          "shape":"AppType",
+          "documentation":"<p> Contains the name of application types. </p>"
+        },
+        "count":{
+          "shape":"Integer",
+          "documentation":"<p> Contains the count of application type. </p>"
+        }
+      },
+      "documentation":"<p> Contains the summary of application components. </p>"
+    },
+    "ApplicationPreferences":{
+      "type":"structure",
+      "members":{
+        "managementPreference":{
+          "shape":"ManagementPreference",
+          "documentation":"<p> Application preferences that you specify to prefer managed environment. </p>"
+        }
+      },
+      "documentation":"<p> Application preferences that you specify. </p>"
+    },
+    "AssessmentStatus":{
+      "type":"string",
+      "enum":[
+        "IN_PROGRESS",
+        "COMPLETE",
+        "FAILED",
+        "STOPPED"
+      ]
+    },
+    "AssessmentSummary":{
+      "type":"structure",
+      "members":{
+        "antipatternReportS3Object":{
+          "shape":"S3Object",
+          "documentation":"<p> The Amazon S3 object containing the anti-pattern report. </p>"
+        },
+        "antipatternReportStatus":{
+          "shape":"AntipatternReportStatus",
+          "documentation":"<p> The status of the anti-pattern report. </p>"
+        },
+        "antipatternReportStatusMessage":{
+          "shape":"StatusMessage",
+          "documentation":"<p> The status message of the anti-pattern report. </p>"
+        },
+        "lastAnalyzedTimestamp":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The time the assessment was performed. </p>"
+        },
+        "listAntipatternSeveritySummary":{
+          "shape":"ListAntipatternSeveritySummary",
+          "documentation":"<p> List of AntipatternSeveritySummary. </p>"
+        },
+        "listApplicationComponentStrategySummary":{
+          "shape":"ListStrategySummary",
+          "documentation":"<p> List of ApplicationComponentStrategySummary. </p>"
+        },
+        "listApplicationComponentSummary":{
+          "shape":"ListApplicationComponentSummary",
+          "documentation":"<p> List of ApplicationComponentSummary. </p>"
+        },
+        "listServerStrategySummary":{
+          "shape":"ListStrategySummary",
+          "documentation":"<p> List of ServerStrategySummary. </p>"
+        },
+        "listServerSummary":{
+          "shape":"ListServerSummary",
+          "documentation":"<p> List of ServerSummary. </p>"
+        }
+      },
+      "documentation":"<p> Contains the summary of the assessment results. </p>"
+    },
+    "AssociatedApplication":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"String",
+          "documentation":"<p> ID of the application as defined in Application Discovery Service. </p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p> Name of the application as defined in Application Discovery Service. </p>"
+        }
+      },
+      "documentation":"<p> Object containing details about applications as defined in Application Discovery Service. </p>"
+    },
+    "AssociatedApplications":{
+      "type":"list",
+      "member":{"shape":"AssociatedApplication"}
+    },
+    "AssociatedServerIDs":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "AsyncTaskId":{
+      "type":"string",
+      "max":52,
+      "min":0,
+      "pattern":"[0-9a-z-:]+"
+    },
+    "AwsManagedResources":{
+      "type":"structure",
+      "required":["targetDestination"],
+      "members":{
+        "targetDestination":{
+          "shape":"AwsManagedTargetDestinations",
+          "documentation":"<p> The choice of application destination that you specify. </p>"
+        }
+      },
+      "documentation":"<p> Object containing the choice of application destination that you specify. </p>"
+    },
+    "AwsManagedTargetDestination":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "AWS Elastic BeanStalk",
+        "AWS Fargate"
+      ]
+    },
+    "AwsManagedTargetDestinations":{
+      "type":"list",
+      "member":{"shape":"AwsManagedTargetDestination"},
+      "max":1,
+      "min":1
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "BusinessGoals":{
+      "type":"structure",
+      "members":{
+        "licenseCostReduction":{
+          "shape":"BusinessGoalsInteger",
+          "documentation":"<p> Business goal to reduce license costs. </p>"
+        },
+        "modernizeInfrastructureWithCloudNativeTechnologies":{
+          "shape":"BusinessGoalsInteger",
+          "documentation":"<p> Business goal to modernize infrastructure by moving to cloud native technologies. </p>"
+        },
+        "reduceOperationalOverheadWithManagedServices":{
+          "shape":"BusinessGoalsInteger",
+          "documentation":"<p> Business goal to reduce the operational overhead on the team by moving into managed services. </p>"
+        },
+        "speedOfMigration":{
+          "shape":"BusinessGoalsInteger",
+          "documentation":"<p> Business goal to achieve migration at a fast pace. </p>"
+        }
+      },
+      "documentation":"<p> Business goals that you specify. </p>"
+    },
+    "BusinessGoalsInteger":{
+      "type":"integer",
+      "box":true,
+      "max":5,
+      "min":1
+    },
+    "Collector":{
+      "type":"structure",
+      "members":{
+        "collectorHealth":{
+          "shape":"CollectorHealth",
+          "documentation":"<p> Indicates the health of a collector. </p>"
+        },
+        "collectorId":{
+          "shape":"String",
+          "documentation":"<p> The ID of the collector. </p>"
+        },
+        "collectorVersion":{
+          "shape":"String",
+          "documentation":"<p> Current version of the collector that is running in the environment that you specify. </p>"
+        },
+        "hostName":{
+          "shape":"String",
+          "documentation":"<p> Hostname of the server that is hosting the collector. </p>"
+        },
+        "ipAddress":{
+          "shape":"String",
+          "documentation":"<p> IP address of the server that is hosting the collector. </p>"
+        },
+        "lastActivityTimeStamp":{
+          "shape":"String",
+          "documentation":"<p> Time when the collector last pinged the service. </p>"
+        },
+        "registeredTimeStamp":{
+          "shape":"String",
+          "documentation":"<p> Time when the collector registered with the service. </p>"
+        }
+      },
+      "documentation":"<p> Process data collector that runs in the environment that you specify. </p>"
+    },
+    "CollectorHealth":{
+      "type":"string",
+      "enum":[
+        "COLLECTOR_HEALTHY",
+        "COLLECTOR_UNHEALTHY"
+      ]
+    },
+    "Collectors":{
+      "type":"list",
+      "member":{"shape":"Collector"}
+    },
+    "ConflictException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p> Exception to indicate that there is an ongoing task when a new task is created. Return when once the existing tasks are complete. </p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "DataCollectionDetails":{
+      "type":"structure",
+      "members":{
+        "completionTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The time the assessment completes. </p>"
+        },
+        "failed":{
+          "shape":"Integer",
+          "documentation":"<p> The number of failed servers in the assessment. </p>"
+        },
+        "inProgress":{
+          "shape":"Integer",
+          "documentation":"<p> The number of servers with the assessment status <code>IN_PROGESS</code>. </p>"
+        },
+        "servers":{
+          "shape":"Integer",
+          "documentation":"<p> The total number of servers in the assessment. </p>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The start time of assessment. </p>"
+        },
+        "status":{
+          "shape":"AssessmentStatus",
+          "documentation":"<p> The status of the assessment. </p>"
+        },
+        "success":{
+          "shape":"Integer",
+          "documentation":"<p> The number of successful servers in the assessment. </p>"
+        }
+      },
+      "documentation":"<p> Detailed information about an assessment. </p>"
+    },
+    "DataSourceType":{
+      "type":"string",
+      "enum":[
+        "ApplicationDiscoveryService",
+        "MPA"
+      ]
+    },
+    "DatabaseConfigDetail":{
+      "type":"structure",
+      "members":{
+        "secretName":{
+          "shape":"String",
+          "documentation":"<p> AWS Secrets Manager key that holds the credentials that you use to connect to a database. </p>"
+        }
+      },
+      "documentation":"<p> Configuration information used for assessing databases. </p>"
+    },
+    "DatabaseManagementPreference":{
+      "type":"string",
+      "enum":[
+        "AWS-managed",
+        "Self-manage",
+        "No preference"
+      ]
+    },
+    "DatabaseMigrationPreference":{
+      "type":"structure",
+      "members":{
+        "heterogeneous":{
+          "shape":"Heterogeneous",
+          "documentation":"<p> Indicates whether you are interested in moving from one type of database to another. For example, from SQL Server to Amazon Aurora MySQL-Compatible Edition. </p>"
+        },
+        "homogeneous":{
+          "shape":"Homogeneous",
+          "documentation":"<p> Indicates whether you are interested in moving to the same type of database into AWS. For example, from SQL Server in your environment to SQL Server on AWS. </p>"
+        },
+        "noPreference":{
+          "shape":"NoDatabaseMigrationPreference",
+          "documentation":"<p> Indicated that you do not prefer heterogeneous or homogeneous. </p>"
+        }
+      },
+      "documentation":"<p> Preferences for migrating a database to AWS. </p>",
+      "union":true
+    },
+    "DatabasePreferences":{
+      "type":"structure",
+      "members":{
+        "databaseManagementPreference":{
+          "shape":"DatabaseManagementPreference",
+          "documentation":"<p> Specifies whether you're interested in self-managed databases or databases managed by AWS. </p>"
+        },
+        "databaseMigrationPreference":{
+          "shape":"DatabaseMigrationPreference",
+          "documentation":"<p> Specifies your preferred migration path. </p>"
+        }
+      },
+      "documentation":"<p> Preferences on managing your databases on AWS. </p>"
+    },
+    "GetApplicationComponentDetailsRequest":{
+      "type":"structure",
+      "required":["applicationComponentId"],
+      "members":{
+        "applicationComponentId":{
+          "shape":"ApplicationComponentId",
+          "documentation":"<p> The ID of the application component. The ID is unique within an AWS account.</p>",
+          "location":"uri",
+          "locationName":"applicationComponentId"
+        }
+      }
+    },
+    "GetApplicationComponentDetailsResponse":{
+      "type":"structure",
+      "members":{
+        "applicationComponentDetail":{
+          "shape":"ApplicationComponentDetail",
+          "documentation":"<p> Detailed information about an application component. </p>"
+        },
+        "associatedApplications":{
+          "shape":"AssociatedApplications",
+          "documentation":"<p> The associated application group as defined in AWS Application Discovery Service. </p>"
+        },
+        "associatedServerIds":{
+          "shape":"AssociatedServerIDs",
+          "documentation":"<p> A list of the IDs of the servers on which the application component is running. </p>"
+        },
+        "moreApplicationResource":{
+          "shape":"Boolean",
+          "documentation":"<p> Set to true if the application component belongs to more than one application group. </p>"
+        }
+      }
+    },
+    "GetApplicationComponentStrategiesRequest":{
+      "type":"structure",
+      "required":["applicationComponentId"],
+      "members":{
+        "applicationComponentId":{
+          "shape":"ApplicationComponentId",
+          "documentation":"<p> The ID of the application component. The ID is unique within an AWS account.</p>",
+          "location":"uri",
+          "locationName":"applicationComponentId"
+        }
+      }
+    },
+    "GetApplicationComponentStrategiesResponse":{
+      "type":"structure",
+      "members":{
+        "applicationComponentStrategies":{
+          "shape":"ApplicationComponentStrategies",
+          "documentation":"<p> A list of application component strategy recommendations. </p>"
+        }
+      }
+    },
+    "GetAssessmentRequest":{
+      "type":"structure",
+      "required":["id"],
+      "members":{
+        "id":{
+          "shape":"AsyncTaskId",
+          "documentation":"<p> The <code>assessmentid</code> returned by <a>StartAssessment</a>.</p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "GetAssessmentResponse":{
+      "type":"structure",
+      "members":{
+        "dataCollectionDetails":{
+          "shape":"DataCollectionDetails",
+          "documentation":"<p> Detailed information about the assessment. </p>"
+        },
+        "id":{
+          "shape":"AsyncTaskId",
+          "documentation":"<p> The ID for the specific assessment task. </p>"
+        }
+      }
+    },
+    "GetImportFileTaskRequest":{
+      "type":"structure",
+      "required":["id"],
+      "members":{
+        "id":{
+          "shape":"String",
+          "documentation":"<p> The ID of the import file task. This ID is returned in the response of <a>StartImportFileTask</a>. </p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "GetImportFileTaskResponse":{
+      "type":"structure",
+      "members":{
+        "completionTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The time that the import task completed. </p>"
+        },
+        "id":{
+          "shape":"String",
+          "documentation":"<p> The import file task <code>id</code> returned in the response of <a>StartImportFileTask</a>. </p>"
+        },
+        "importName":{
+          "shape":"String",
+          "documentation":"<p> The name of the import task given in <a>StartImportFileTask</a>. </p>"
+        },
+        "inputS3Bucket":{
+          "shape":"importS3Bucket",
+          "documentation":"<p> The S3 bucket where import file is located. </p>"
+        },
+        "inputS3Key":{
+          "shape":"importS3Key",
+          "documentation":"<p> The Amazon S3 key name of the import file. </p>"
+        },
+        "numberOfRecordsFailed":{
+          "shape":"Integer",
+          "documentation":"<p> The number of records that failed to be imported. </p>"
+        },
+        "numberOfRecordsSuccess":{
+          "shape":"Integer",
+          "documentation":"<p> The number of records successfully imported. </p>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> Start time of the import task. </p>"
+        },
+        "status":{
+          "shape":"ImportFileTaskStatus",
+          "documentation":"<p> Status of import file task. </p>"
+        },
+        "statusReportS3Bucket":{
+          "shape":"importS3Bucket",
+          "documentation":"<p> The S3 bucket name for status report of import task. </p>"
+        },
+        "statusReportS3Key":{
+          "shape":"importS3Key",
+          "documentation":"<p> The Amazon S3 key name for status report of import task. The report contains details about whether each record imported successfully or why it did not.</p>"
+        }
+      }
+    },
+    "GetPortfolioPreferencesRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetPortfolioPreferencesResponse":{
+      "type":"structure",
+      "members":{
+        "applicationPreferences":{
+          "shape":"ApplicationPreferences",
+          "documentation":"<p> The transformation preferences for non-database applications. </p>"
+        },
+        "databasePreferences":{
+          "shape":"DatabasePreferences",
+          "documentation":"<p> The transformation preferences for database applications. </p>"
+        },
+        "prioritizeBusinessGoals":{
+          "shape":"PrioritizeBusinessGoals",
+          "documentation":"<p> The rank of business goals based on priority. </p>"
+        }
+      }
+    },
+    "GetPortfolioSummaryRequest":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "GetPortfolioSummaryResponse":{
+      "type":"structure",
+      "members":{
+        "assessmentSummary":{
+          "shape":"AssessmentSummary",
+          "documentation":"<p> An assessment summary for the portfolio including the number of servers to rehost and the overall number of anti-patterns. </p>"
+        }
+      }
+    },
+    "GetRecommendationReportDetailsRequest":{
+      "type":"structure",
+      "required":["id"],
+      "members":{
+        "id":{
+          "shape":"RecommendationTaskId",
+          "documentation":"<p> The recommendation report generation task <code>id</code> returned by <a>StartRecommendationReportGeneration</a>. </p>",
+          "location":"uri",
+          "locationName":"id"
+        }
+      }
+    },
+    "GetRecommendationReportDetailsResponse":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"RecommendationTaskId",
+          "documentation":"<p> The ID of the recommendation report generation task. See the response of <a>StartRecommendationReportGeneration</a>. </p>"
+        },
+        "recommendationReportDetails":{
+          "shape":"RecommendationReportDetails",
+          "documentation":"<p> Detailed information about the recommendation report. </p>"
+        }
+      }
+    },
+    "GetServerDetailsRequest":{
+      "type":"structure",
+      "required":["serverId"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxResult",
+          "documentation":"<p> The maximum number of items to include in the response. The maximum value is 100. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token from a previous call that you use to retrieve the next set of results. For example, if a previous call to this action returned 100 items, but you set <code>maxResults</code> to 10. You'll receive a set of 10 results along with a token. You then use the returned token to retrieve the next set of 10. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "serverId":{
+          "shape":"ServerId",
+          "documentation":"<p> The ID of the server. </p>",
+          "location":"uri",
+          "locationName":"serverId"
+        }
+      }
+    },
+    "GetServerDetailsResponse":{
+      "type":"structure",
+      "members":{
+        "associatedApplications":{
+          "shape":"AssociatedApplications",
+          "documentation":"<p> The associated application group the server belongs to, as defined in AWS Application Discovery Service. </p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p> The token you use to retrieve the next set of results, or null if there are no more results. </p>"
+        },
+        "serverDetail":{
+          "shape":"ServerDetail",
+          "documentation":"<p> Detailed information about the server. </p>"
+        }
+      }
+    },
+    "GetServerStrategiesRequest":{
+      "type":"structure",
+      "required":["serverId"],
+      "members":{
+        "serverId":{
+          "shape":"ServerId",
+          "documentation":"<p> The ID of the server. </p>",
+          "location":"uri",
+          "locationName":"serverId"
+        }
+      }
+    },
+    "GetServerStrategiesResponse":{
+      "type":"structure",
+      "members":{
+        "serverStrategies":{
+          "shape":"ServerStrategies",
+          "documentation":"<p> A list of strategy recommendations for the server. </p>"
+        }
+      }
+    },
+    "Group":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"GroupName",
+          "documentation":"<p> The key of the specific import group. </p>"
+        },
+        "value":{
+          "shape":"String",
+          "documentation":"<p> The value of the specific import group. </p>"
+        }
+      },
+      "documentation":"<p> The object containing information about distinct imports or groups for Strategy Recommendations. </p>"
+    },
+    "GroupIds":{
+      "type":"list",
+      "member":{"shape":"Group"}
+    },
+    "GroupName":{
+      "type":"string",
+      "enum":["ExternalId"]
+    },
+    "Heterogeneous":{
+      "type":"structure",
+      "required":["targetDatabaseEngine"],
+      "members":{
+        "targetDatabaseEngine":{
+          "shape":"HeterogeneousTargetDatabaseEngines",
+          "documentation":"<p> The target database engine for heterogeneous database migration preference. </p>"
+        }
+      },
+      "documentation":"<p> The object containing details about heterogeneous database preferences. </p>"
+    },
+    "HeterogeneousTargetDatabaseEngine":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "Amazon Aurora",
+        "AWS PostgreSQL",
+        "MySQL",
+        "Microsoft SQL Server",
+        "Oracle Database",
+        "MariaDB",
+        "SAP",
+        "Db2 LUW",
+        "MongoDB"
+      ]
+    },
+    "HeterogeneousTargetDatabaseEngines":{
+      "type":"list",
+      "member":{"shape":"HeterogeneousTargetDatabaseEngine"},
+      "max":1,
+      "min":1
+    },
+    "Homogeneous":{
+      "type":"structure",
+      "members":{
+        "targetDatabaseEngine":{
+          "shape":"HomogeneousTargetDatabaseEngines",
+          "documentation":"<p> The target database engine for homogeneous database migration preferences. </p>"
+        }
+      },
+      "documentation":"<p> The object containing details about homogeneous database preferences. </p>"
+    },
+    "HomogeneousTargetDatabaseEngine":{
+      "type":"string",
+      "enum":["None specified"]
+    },
+    "HomogeneousTargetDatabaseEngines":{
+      "type":"list",
+      "member":{"shape":"HomogeneousTargetDatabaseEngine"},
+      "max":1,
+      "min":0
+    },
+    "IPAddress":{
+      "type":"string",
+      "max":15,
+      "min":0,
+      "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
+    },
+    "ImportFileTaskInformation":{
+      "type":"structure",
+      "members":{
+        "completionTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The time that the import task completes. </p>"
+        },
+        "id":{
+          "shape":"String",
+          "documentation":"<p> The ID of the import file task. </p>"
+        },
+        "importName":{
+          "shape":"String",
+          "documentation":"<p> The name of the import task given in <code>StartImportFileTask</code>. </p>"
+        },
+        "inputS3Bucket":{
+          "shape":"importS3Bucket",
+          "documentation":"<p> The S3 bucket where the import file is located. </p>"
+        },
+        "inputS3Key":{
+          "shape":"importS3Key",
+          "documentation":"<p> The Amazon S3 key name of the import file. </p>"
+        },
+        "numberOfRecordsFailed":{
+          "shape":"Integer",
+          "documentation":"<p> The number of records that failed to be imported. </p>"
+        },
+        "numberOfRecordsSuccess":{
+          "shape":"Integer",
+          "documentation":"<p> The number of records successfully imported. </p>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p> Start time of the import task. </p>"
+        },
+        "status":{
+          "shape":"ImportFileTaskStatus",
+          "documentation":"<p> Status of import file task. </p>"
+        },
+        "statusReportS3Bucket":{
+          "shape":"importS3Bucket",
+          "documentation":"<p> The S3 bucket name for status report of import task. </p>"
+        },
+        "statusReportS3Key":{
+          "shape":"importS3Key",
+          "documentation":"<p> The Amazon S3 key name for status report of import task. The report contains details about whether each record imported successfully or why it did not. </p>"
+        }
+      },
+      "documentation":"<p> Information about the import file tasks you request. </p>"
+    },
+    "ImportFileTaskStatus":{
+      "type":"string",
+      "enum":[
+        "ImportInProgress",
+        "ImportFailed",
+        "ImportPartialSuccess",
+        "ImportSuccess",
+        "DeleteInProgress",
+        "DeleteFailed",
+        "DeletePartialSuccess",
+        "DeleteSuccess"
+      ]
+    },
+    "InclusionStatus":{
+      "type":"string",
+      "enum":[
+        "excludeFromAssessment",
+        "includeInAssessment"
+      ]
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InterfaceName":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*"
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p> The server experienced an internal error. Try again. </p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "ListAntipatternSeveritySummary":{
+      "type":"list",
+      "member":{"shape":"AntipatternSeveritySummary"}
+    },
+    "ListApplicationComponentSummary":{
+      "type":"list",
+      "member":{"shape":"ApplicationComponentSummary"}
+    },
+    "ListApplicationComponentsRequest":{
+      "type":"structure",
+      "members":{
+        "applicationComponentCriteria":{
+          "shape":"ApplicationComponentCriteria",
+          "documentation":"<p> Criteria for filtering the list of application components. </p>"
+        },
+        "filterValue":{
+          "shape":"ListApplicationComponentsRequestFilterValueString",
+          "documentation":"<p> Specify the value based on the application component criteria type. For example, if <code>applicationComponentCriteria</code> is set to <code>SERVER_ID</code> and <code>filterValue</code> is set to <code>server1</code>, then <a>ListApplicationComponents</a> returns all the application components running on server1. </p>"
+        },
+        "groupIdFilter":{
+          "shape":"GroupIds",
+          "documentation":"<p> The group ID specified in to filter on. </p>"
+        },
+        "maxResults":{
+          "shape":"MaxResult",
+          "documentation":"<p> The maximum number of items to include in the response. The maximum value is 100. </p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token from a previous call that you use to retrieve the next set of results. For example, if a previous call to this action returned 100 items, but you set <code>maxResults</code> to 10. You'll receive a set of 10 results along with a token. You then use the returned token to retrieve the next set of 10. </p>"
+        },
+        "sort":{
+          "shape":"SortOrder",
+          "documentation":"<p> Specifies whether to sort by ascending (<code>ASC</code>) or descending (<code>DESC</code>) order. </p>"
+        }
+      }
+    },
+    "ListApplicationComponentsRequestFilterValueString":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "ListApplicationComponentsResponse":{
+      "type":"structure",
+      "members":{
+        "applicationComponentInfos":{
+          "shape":"ApplicationComponentDetails",
+          "documentation":"<p> The list of application components with detailed information about each component. </p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token you use to retrieve the next set of results, or null if there are no more results. </p>"
+        }
+      }
+    },
+    "ListCollectorsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResult",
+          "documentation":"<p> The maximum number of items to include in the response. The maximum value is 100. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token from a previous call that you use to retrieve the next set of results. For example, if a previous call to this action returned 100 items, but you set <code>maxResults</code> to 10. You'll receive a set of 10 results along with a token. You then use the returned token to retrieve the next set of 10. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListCollectorsResponse":{
+      "type":"structure",
+      "members":{
+        "Collectors":{
+          "shape":"Collectors",
+          "documentation":"<p> The list of all the installed collectors. </p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token you use to retrieve the next set of results, or null if there are no more results. </p>"
+        }
+      }
+    },
+    "ListImportFileTaskInformation":{
+      "type":"list",
+      "member":{"shape":"ImportFileTaskInformation"}
+    },
+    "ListImportFileTaskRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"Integer",
+          "documentation":"<p> The total number of items to return. The maximum value is 100. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p> The token from a previous call that you use to retrieve the next set of results. For example, if a previous call to this action returned 100 items, but you set <code>maxResults</code> to 10. You'll receive a set of 10 results along with a token. You then use the returned token to retrieve the next set of 10. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListImportFileTaskResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p> The token you use to retrieve the next set of results, or null if there are no more results. </p>"
+        },
+        "taskInfos":{
+          "shape":"ListImportFileTaskInformation",
+          "documentation":"<p> Lists information about the files you import.</p>"
+        }
+      }
+    },
+    "ListServerSummary":{
+      "type":"list",
+      "member":{"shape":"ServerSummary"}
+    },
+    "ListServersRequest":{
+      "type":"structure",
+      "members":{
+        "filterValue":{
+          "shape":"String",
+          "documentation":"<p> Specifies the filter value, which is based on the type of server criteria. For example, if <code>serverCriteria</code> is <code>OS_NAME</code>, and the <code>filterValue</code> is equal to <code>WindowsServer</code>, then <code>ListServers</code> returns all of the servers matching the OS name <code>WindowsServer</code>. </p>"
+        },
+        "groupIdFilter":{
+          "shape":"GroupIds",
+          "documentation":"<p> Specifies the group ID to filter on. </p>"
+        },
+        "maxResults":{
+          "shape":"MaxResult",
+          "documentation":"<p> The maximum number of items to include in the response. The maximum value is 100. </p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token from a previous call that you use to retrieve the next set of results. For example, if a previous call to this action returned 100 items, but you set <code>maxResults</code> to 10. You'll receive a set of 10 results along with a token. You then use the returned token to retrieve the next set of 10. </p>"
+        },
+        "serverCriteria":{
+          "shape":"ServerCriteria",
+          "documentation":"<p> Criteria for filtering servers. </p>"
+        },
+        "sort":{
+          "shape":"SortOrder",
+          "documentation":"<p> Specifies whether to sort by ascending (<code>ASC</code>) or descending (<code>DESC</code>) order. </p>"
+        }
+      }
+    },
+    "ListServersResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p> The token you use to retrieve the next set of results, or null if there are no more results. </p>"
+        },
+        "serverInfos":{
+          "shape":"ServerDetails",
+          "documentation":"<p> The list of servers with detailed information about each server. </p>"
+        }
+      }
+    },
+    "ListStrategySummary":{
+      "type":"list",
+      "member":{"shape":"StrategySummary"}
+    },
+    "Location":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "MacAddress":{
+      "type":"string",
+      "max":17,
+      "min":0,
+      "pattern":"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})|([0-9a-fA-F]{4}\\\\.[0-9a-fA-F]{4}\\\\.[0-9a-fA-F]{4})$”$"
+    },
+    "ManagementPreference":{
+      "type":"structure",
+      "members":{
+        "awsManagedResources":{
+          "shape":"AwsManagedResources",
+          "documentation":"<p> Indicates interest in solutions that are managed by AWS. </p>"
+        },
+        "noPreference":{
+          "shape":"NoManagementPreference",
+          "documentation":"<p> No specific preference. </p>"
+        },
+        "selfManageResources":{
+          "shape":"SelfManageResources",
+          "documentation":"<p> Indicates interest in managing your own resources on AWS. </p>"
+        }
+      },
+      "documentation":"<p> Preferences for migrating an application to AWS. </p>",
+      "union":true
+    },
+    "MaxResult":{
+      "type":"integer",
+      "box":true
+    },
+    "NetMask":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*"
+    },
+    "NetworkInfo":{
+      "type":"structure",
+      "required":[
+        "interfaceName",
+        "ipAddress",
+        "macAddress",
+        "netMask"
+      ],
+      "members":{
+        "interfaceName":{
+          "shape":"InterfaceName",
+          "documentation":"<p> Information about the name of the interface of the server for which the assessment was run. </p>"
+        },
+        "ipAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p> Information about the IP address of the server for which the assessment was run. </p>"
+        },
+        "macAddress":{
+          "shape":"MacAddress",
+          "documentation":"<p> Information about the MAC address of the server for which the assessment was run. </p>"
+        },
+        "netMask":{
+          "shape":"NetMask",
+          "documentation":"<p> Information about the subnet mask of the server for which the assessment was run. </p>"
+        }
+      },
+      "documentation":"<p> Information about the server's network for which the assessment was run. </p>"
+    },
+    "NetworkInfoList":{
+      "type":"list",
+      "member":{"shape":"NetworkInfo"}
+    },
+    "NextToken":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "NoDatabaseMigrationPreference":{
+      "type":"structure",
+      "required":["targetDatabaseEngine"],
+      "members":{
+        "targetDatabaseEngine":{
+          "shape":"TargetDatabaseEngines",
+          "documentation":"<p> The target database engine for database migration preference that you specify. </p>"
+        }
+      },
+      "documentation":"<p> The object containing details about database migration preferences, when you have no particular preference. </p>"
+    },
+    "NoManagementPreference":{
+      "type":"structure",
+      "required":["targetDestination"],
+      "members":{
+        "targetDestination":{
+          "shape":"NoPreferenceTargetDestinations",
+          "documentation":"<p> The choice of application destination that you specify. </p>"
+        }
+      },
+      "documentation":"<p> Object containing the choice of application destination that you specify. </p>"
+    },
+    "NoPreferenceTargetDestination":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "AWS Elastic BeanStalk",
+        "AWS Fargate",
+        "Amazon Elastic Cloud Compute (EC2)",
+        "Amazon Elastic Container Service (ECS)",
+        "Amazon Elastic Kubernetes Service (EKS)"
+      ]
+    },
+    "NoPreferenceTargetDestinations":{
+      "type":"list",
+      "member":{"shape":"NoPreferenceTargetDestination"},
+      "max":1,
+      "min":1
+    },
+    "OSInfo":{
+      "type":"structure",
+      "members":{
+        "type":{
+          "shape":"OSType",
+          "documentation":"<p> Information about the type of operating system. </p>"
+        },
+        "version":{
+          "shape":"OSVersion",
+          "documentation":"<p> Information about the version of operating system. </p>"
+        }
+      },
+      "documentation":"<p> Information about the operating system. </p>"
+    },
+    "OSType":{
+      "type":"string",
+      "enum":[
+        "LINUX",
+        "WINDOWS"
+      ]
+    },
+    "OSVersion":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "OutputFormat":{
+      "type":"string",
+      "enum":[
+        "Excel",
+        "Json"
+      ]
+    },
+    "PrioritizeBusinessGoals":{
+      "type":"structure",
+      "members":{
+        "businessGoals":{
+          "shape":"BusinessGoals",
+          "documentation":"<p> Rank of business goals based on priority. </p>"
+        }
+      },
+      "documentation":"<p> Rank of business goals based on priority. </p>"
+    },
+    "PutPortfolioPreferencesRequest":{
+      "type":"structure",
+      "members":{
+        "applicationPreferences":{
+          "shape":"ApplicationPreferences",
+          "documentation":"<p> The transformation preferences for non-database applications. </p>"
+        },
+        "databasePreferences":{
+          "shape":"DatabasePreferences",
+          "documentation":"<p> The transformation preferences for database applications. </p>"
+        },
+        "prioritizeBusinessGoals":{
+          "shape":"PrioritizeBusinessGoals",
+          "documentation":"<p> The rank of the business goals based on priority. </p>"
+        }
+      }
+    },
+    "PutPortfolioPreferencesResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "RecommendationReportDetails":{
+      "type":"structure",
+      "members":{
+        "completionTime":{
+          "shape":"RecommendationReportTimeStamp",
+          "documentation":"<p> The time that the recommendation report generation task completes. </p>"
+        },
+        "s3Bucket":{
+          "shape":"String",
+          "documentation":"<p> The S3 bucket where the report file is located. </p>"
+        },
+        "s3Keys":{
+          "shape":"S3Keys",
+          "documentation":"<p> The Amazon S3 key name of the report file. </p>"
+        },
+        "startTime":{
+          "shape":"RecommendationReportTimeStamp",
+          "documentation":"<p> The time that the recommendation report generation task starts. </p>"
+        },
+        "status":{
+          "shape":"RecommendationReportStatus",
+          "documentation":"<p> The status of the recommendation report generation task. </p>"
+        },
+        "statusMessage":{
+          "shape":"RecommendationReportStatusMessage",
+          "documentation":"<p> The status message for recommendation report generation. </p>"
+        }
+      },
+      "documentation":"<p> Contains detailed information about a recommendation report. </p>"
+    },
+    "RecommendationReportStatus":{
+      "type":"string",
+      "enum":[
+        "FAILED",
+        "IN_PROGRESS",
+        "SUCCESS"
+      ]
+    },
+    "RecommendationReportStatusMessage":{
+      "type":"string",
+      "max":512,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "RecommendationReportTimeStamp":{"type":"timestamp"},
+    "RecommendationSet":{
+      "type":"structure",
+      "members":{
+        "strategy":{
+          "shape":"Strategy",
+          "documentation":"<p> The recommended strategy. </p>"
+        },
+        "targetDestination":{
+          "shape":"TargetDestination",
+          "documentation":"<p> The recommended target destination. </p>"
+        },
+        "transformationTool":{
+          "shape":"TransformationTool",
+          "documentation":"<p> The target destination for the recommendation set. </p>"
+        }
+      },
+      "documentation":"<p> Contains a recommendation set. </p>"
+    },
+    "RecommendationTaskId":{
+      "type":"string",
+      "max":52,
+      "min":0,
+      "pattern":"[0-9a-z-:]+"
+    },
+    "ResourceId":{
+      "type":"string",
+      "max":44,
+      "min":0,
+      "pattern":"^[0-9a-b]+"
+    },
+    "ResourceName":{"type":"string"},
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p> The specified ID in the request is not found. </p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceSubType":{
+      "type":"string",
+      "enum":[
+        "Database",
+        "Process",
+        "DatabaseProcess"
+      ]
+    },
+    "RunTimeAssessmentStatus":{
+      "type":"string",
+      "enum":[
+        "dataCollectionTaskToBeScheduled",
+        "dataCollectionTaskScheduled",
+        "dataCollectionTaskStarted",
+        "dataCollectionTaskStopped",
+        "dataCollectionTaskSuccess",
+        "dataCollectionTaskFailed",
+        "dataCollectionTaskPartialSuccess"
+      ]
+    },
+    "S3Bucket":{
+      "type":"string",
+      "max":63,
+      "min":0,
+      "pattern":"[0-9a-z]+[0-9a-z\\.\\-]*[0-9a-z]+"
+    },
+    "S3Key":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "S3Keys":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
+    "S3Object":{
+      "type":"structure",
+      "members":{
+        "s3Bucket":{
+          "shape":"S3Bucket",
+          "documentation":"<p> The S3 bucket name. </p>"
+        },
+        "s3key":{
+          "shape":"S3Key",
+          "documentation":"<p> The Amazon S3 key name. </p>"
+        }
+      },
+      "documentation":"<p> Contains the S3 bucket name and the Amazon S3 key name. </p>"
+    },
+    "SecretsManagerKey":{
+      "type":"string",
+      "max":512,
+      "min":1,
+      "pattern":".*",
+      "sensitive":true
+    },
+    "SelfManageResources":{
+      "type":"structure",
+      "required":["targetDestination"],
+      "members":{
+        "targetDestination":{
+          "shape":"SelfManageTargetDestinations",
+          "documentation":"<p> Self-managed resources target destination. </p>"
+        }
+      },
+      "documentation":"<p> Self-managed resources. </p>"
+    },
+    "SelfManageTargetDestination":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "Amazon Elastic Cloud Compute (EC2)",
+        "Amazon Elastic Container Service (ECS)",
+        "Amazon Elastic Kubernetes Service (EKS)"
+      ]
+    },
+    "SelfManageTargetDestinations":{
+      "type":"list",
+      "member":{"shape":"SelfManageTargetDestination"},
+      "max":1,
+      "min":1
+    },
+    "ServerCriteria":{
+      "type":"string",
+      "enum":[
+        "NOT_DEFINED",
+        "OS_NAME",
+        "STRATEGY",
+        "DESTINATION",
+        "SERVER_ID"
+      ]
+    },
+    "ServerDetail":{
+      "type":"structure",
+      "members":{
+        "antipatternReportS3Object":{
+          "shape":"S3Object",
+          "documentation":"<p> The S3 bucket name and Amazon S3 key name for anti-pattern report. </p>"
+        },
+        "antipatternReportStatus":{
+          "shape":"AntipatternReportStatus",
+          "documentation":"<p> The status of the anti-pattern report generation. </p>"
+        },
+        "antipatternReportStatusMessage":{
+          "shape":"StatusMessage",
+          "documentation":"<p> A message about the status of the anti-pattern report generation. </p>"
+        },
+        "applicationComponentStrategySummary":{
+          "shape":"ListStrategySummary",
+          "documentation":"<p> A list of strategy summaries. </p>"
+        },
+        "dataCollectionStatus":{
+          "shape":"RunTimeAssessmentStatus",
+          "documentation":"<p> The status of assessment for the server. </p>"
+        },
+        "id":{
+          "shape":"ResourceId",
+          "documentation":"<p> The server ID. </p>"
+        },
+        "lastAnalyzedTimestamp":{
+          "shape":"TimeStamp",
+          "documentation":"<p> The timestamp of when the server was assessed. </p>"
+        },
+        "listAntipatternSeveritySummary":{
+          "shape":"ListAntipatternSeveritySummary",
+          "documentation":"<p> A list of anti-pattern severity summaries. </p>"
+        },
+        "name":{
+          "shape":"ResourceName",
+          "documentation":"<p> The name of the server. </p>"
+        },
+        "recommendationSet":{
+          "shape":"RecommendationSet",
+          "documentation":"<p> A set of recommendations. </p>"
+        },
+        "serverType":{
+          "shape":"String",
+          "documentation":"<p> The type of server. </p>"
+        },
+        "statusMessage":{
+          "shape":"StatusMessage",
+          "documentation":"<p> A message about the status of data collection, which contains detailed descriptions of any error messages. </p>"
+        },
+        "systemInfo":{
+          "shape":"SystemInfo",
+          "documentation":"<p> System information about the server. </p>"
+        }
+      },
+      "documentation":"<p> Detailed information about a server. </p>"
+    },
+    "ServerDetails":{
+      "type":"list",
+      "member":{"shape":"ServerDetail"}
+    },
+    "ServerId":{
+      "type":"string",
+      "max":27,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "ServerOsType":{
+      "type":"string",
+      "enum":[
+        "WindowsServer",
+        "AmazonLinux",
+        "EndOfSupportWindowsServer",
+        "Redhat",
+        "Other"
+      ]
+    },
+    "ServerStrategies":{
+      "type":"list",
+      "member":{"shape":"ServerStrategy"}
+    },
+    "ServerStrategy":{
+      "type":"structure",
+      "members":{
+        "isPreferred":{
+          "shape":"Boolean",
+          "documentation":"<p> Set to true if the recommendation is set as preferred. </p>"
+        },
+        "numberOfApplicationComponents":{
+          "shape":"Integer",
+          "documentation":"<p> The number of application components with this strategy recommendation running on the server. </p>"
+        },
+        "recommendation":{
+          "shape":"RecommendationSet",
+          "documentation":"<p> Strategy recommendation for the server. </p>"
+        },
+        "status":{
+          "shape":"StrategyRecommendation",
+          "documentation":"<p> The recommendation status of the strategy for the server. </p>"
+        }
+      },
+      "documentation":"<p> Contains information about a strategy recommendation for a server. </p>"
+    },
+    "ServerSummary":{
+      "type":"structure",
+      "members":{
+        "ServerOsType":{
+          "shape":"ServerOsType",
+          "documentation":"<p> Type of operating system for the servers. </p>"
+        },
+        "count":{
+          "shape":"Integer",
+          "documentation":"<p> Number of servers. </p>"
+        }
+      },
+      "documentation":"<p> Object containing details about the servers imported by Application Discovery Service </p>"
+    },
+    "ServiceLinkedRoleLockClientException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p> Exception to indicate that the service-linked role (SLR) is locked. </p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p> The AWS account has reached its quota of imports. Contact AWS Support to increase the quota for this account. </p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Severity":{
+      "type":"string",
+      "enum":[
+        "HIGH",
+        "MEDIUM",
+        "LOW"
+      ]
+    },
+    "SortOrder":{
+      "type":"string",
+      "enum":[
+        "ASC",
+        "DESC"
+      ]
+    },
+    "SourceCode":{
+      "type":"structure",
+      "members":{
+        "location":{
+          "shape":"Location",
+          "documentation":"<p> The repository name for the source code. </p>"
+        },
+        "sourceVersion":{
+          "shape":"SourceVersion",
+          "documentation":"<p> The branch of the source code. </p>"
+        },
+        "versionControl":{
+          "shape":"VersionControl",
+          "documentation":"<p> The type of repository to use for the source code. </p>"
+        }
+      },
+      "documentation":"<p> Object containing source code information that is linked to an application component. </p>"
+    },
+    "SourceCodeList":{
+      "type":"list",
+      "member":{"shape":"SourceCode"}
+    },
+    "SourceCodeRepositories":{
+      "type":"list",
+      "member":{"shape":"SourceCodeRepository"}
+    },
+    "SourceCodeRepository":{
+      "type":"structure",
+      "members":{
+        "branch":{
+          "shape":"String",
+          "documentation":"<p> The branch of the source code. </p>"
+        },
+        "repository":{
+          "shape":"String",
+          "documentation":"<p> The repository name for the source code. </p>"
+        },
+        "versionControlType":{
+          "shape":"String",
+          "documentation":"<p> The type of repository to use for the source code. </p>"
+        }
+      },
+      "documentation":"<p> Object containing source code information that is linked to an application component. </p>"
+    },
+    "SourceVersion":{
+      "type":"string",
+      "max":40,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "SrcCodeOrDbAnalysisStatus":{
+      "type":"string",
+      "enum":[
+        "ANALYSIS_TO_BE_SCHEDULED",
+        "ANALYSIS_STARTED",
+        "ANALYSIS_SUCCESS",
+        "ANALYSIS_FAILED"
+      ]
+    },
+    "StartAssessmentRequest":{
+      "type":"structure",
+      "members":{
+        "s3bucketForAnalysisData":{
+          "shape":"StartAssessmentRequestS3bucketForAnalysisDataString",
+          "documentation":"<p> The S3 bucket used by the collectors to send analysis data to the service. The bucket name must begin with <code>migrationhub-strategy-</code>. </p>"
+        },
+        "s3bucketForReportData":{
+          "shape":"StartAssessmentRequestS3bucketForReportDataString",
+          "documentation":"<p> The S3 bucket where all the reports generated by the service are stored. The bucket name must begin with <code>migrationhub-strategy-</code>. </p>"
+        }
+      }
+    },
+    "StartAssessmentRequestS3bucketForAnalysisDataString":{
+      "type":"string",
+      "max":63,
+      "min":0,
+      "pattern":"[0-9a-z]+[0-9a-z\\.\\-]*[0-9a-z]+"
+    },
+    "StartAssessmentRequestS3bucketForReportDataString":{
+      "type":"string",
+      "max":63,
+      "min":0,
+      "pattern":"[0-9a-z]+[0-9a-z\\.\\-]*[0-9a-z]+"
+    },
+    "StartAssessmentResponse":{
+      "type":"structure",
+      "members":{
+        "assessmentId":{
+          "shape":"AsyncTaskId",
+          "documentation":"<p> The ID of the assessment. </p>"
+        }
+      }
+    },
+    "StartImportFileTaskRequest":{
+      "type":"structure",
+      "required":[
+        "S3Bucket",
+        "name",
+        "s3key"
+      ],
+      "members":{
+        "S3Bucket":{
+          "shape":"importS3Bucket",
+          "documentation":"<p> The S3 bucket where the import file is located. The bucket name is required to begin with <code>migrationhub-strategy-</code>.</p>"
+        },
+        "dataSourceType":{
+          "shape":"DataSourceType",
+          "documentation":"<p>Specifies the source that the servers are coming from. By default, Strategy Recommendations assumes that the servers specified in the import file are available in AWS Application Discovery Service. </p>"
+        },
+        "groupId":{
+          "shape":"GroupIds",
+          "documentation":"<p>Groups the resources in the import file together with a unique name. This ID can be as filter in <code>ListApplicationComponents</code> and <code>ListServers</code>. </p>"
+        },
+        "name":{
+          "shape":"StartImportFileTaskRequestNameString",
+          "documentation":"<p> A descriptive name for the request. </p>"
+        },
+        "s3bucketForReportData":{
+          "shape":"StartImportFileTaskRequestS3bucketForReportDataString",
+          "documentation":"<p> The S3 bucket where Strategy Recommendations uploads import results. The bucket name is required to begin with migrationhub-strategy-. </p>"
+        },
+        "s3key":{
+          "shape":"String",
+          "documentation":"<p> The Amazon S3 key name of the import file. </p>"
+        }
+      }
+    },
+    "StartImportFileTaskRequestNameString":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"[a-zA-Z0-9_-]+"
+    },
+    "StartImportFileTaskRequestS3bucketForReportDataString":{
+      "type":"string",
+      "max":63,
+      "min":0,
+      "pattern":"[0-9a-z]+[0-9a-z\\.\\-]*[0-9a-z]+"
+    },
+    "StartImportFileTaskResponse":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"String",
+          "documentation":"<p> The ID for a specific import task. The ID is unique within an AWS account. </p>"
+        }
+      }
+    },
+    "StartRecommendationReportGenerationRequest":{
+      "type":"structure",
+      "members":{
+        "groupIdFilter":{
+          "shape":"GroupIds",
+          "documentation":"<p> Groups the resources in the recommendation report with a unique name. </p>"
+        },
+        "outputFormat":{
+          "shape":"OutputFormat",
+          "documentation":"<p> The output format for the recommendation report file. The default format is Microsoft Excel. </p>"
+        }
+      }
+    },
+    "StartRecommendationReportGenerationResponse":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"RecommendationTaskId",
+          "documentation":"<p> The ID of the recommendation report generation task. </p>"
+        }
+      }
+    },
+    "StatusMessage":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "StopAssessmentRequest":{
+      "type":"structure",
+      "required":["assessmentId"],
+      "members":{
+        "assessmentId":{
+          "shape":"AsyncTaskId",
+          "documentation":"<p> The <code>assessmentId</code> returned by <a>StartAssessment</a>. </p>"
+        }
+      }
+    },
+    "StopAssessmentResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Strategy":{
+      "type":"string",
+      "enum":[
+        "Rehost",
+        "Retirement",
+        "Refactor",
+        "Replatform",
+        "Retain",
+        "Relocate",
+        "Repurchase"
+      ]
+    },
+    "StrategyOption":{
+      "type":"structure",
+      "members":{
+        "isPreferred":{
+          "shape":"Boolean",
+          "documentation":"<p> Indicates if a specific strategy is preferred for the application component. </p>"
+        },
+        "strategy":{
+          "shape":"Strategy",
+          "documentation":"<p> Type of transformation. For example, Rehost, Replatform, and so on. </p>"
+        },
+        "targetDestination":{
+          "shape":"TargetDestination",
+          "documentation":"<p> Destination information about where the application component can migrate to. For example, <code>EC2</code>, <code>ECS</code>, and so on. </p>"
+        },
+        "toolName":{
+          "shape":"TransformationToolName",
+          "documentation":"<p> The name of the tool that can be used to transform an application component using this strategy. </p>"
+        }
+      },
+      "documentation":"<p> Information about all the available strategy options for migrating and modernizing an application component. </p>"
+    },
+    "StrategyRecommendation":{
+      "type":"string",
+      "enum":[
+        "recommended",
+        "viableOption",
+        "notRecommended"
+      ]
+    },
+    "StrategySummary":{
+      "type":"structure",
+      "members":{
+        "count":{
+          "shape":"Integer",
+          "documentation":"<p> The count of recommendations per strategy. </p>"
+        },
+        "strategy":{
+          "shape":"Strategy",
+          "documentation":"<p> The name of recommended strategy. </p>"
+        }
+      },
+      "documentation":"<p> Object containing the summary of the strategy recommendations. </p>"
+    },
+    "String":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*\\S.*"
+    },
+    "SystemInfo":{
+      "type":"structure",
+      "members":{
+        "cpuArchitecture":{
+          "shape":"String",
+          "documentation":"<p> CPU architecture type for the server. </p>"
+        },
+        "fileSystemType":{
+          "shape":"String",
+          "documentation":"<p> File system type for the server. </p>"
+        },
+        "networkInfoList":{
+          "shape":"NetworkInfoList",
+          "documentation":"<p> Networking information related to a server. </p>"
+        },
+        "osInfo":{
+          "shape":"OSInfo",
+          "documentation":"<p> Operating system corresponding to a server. </p>"
+        }
+      },
+      "documentation":"<p> Information about the server that hosts application components. </p>"
+    },
+    "TargetDatabaseEngine":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "Amazon Aurora",
+        "AWS PostgreSQL",
+        "MySQL",
+        "Microsoft SQL Server",
+        "Oracle Database",
+        "MariaDB",
+        "SAP",
+        "Db2 LUW",
+        "MongoDB"
+      ]
+    },
+    "TargetDatabaseEngines":{
+      "type":"list",
+      "member":{"shape":"TargetDatabaseEngine"},
+      "max":1,
+      "min":1
+    },
+    "TargetDestination":{
+      "type":"string",
+      "enum":[
+        "None specified",
+        "AWS Elastic BeanStalk",
+        "AWS Fargate",
+        "Amazon Elastic Cloud Compute (EC2)",
+        "Amazon Elastic Container Service (ECS)",
+        "Amazon Elastic Kubernetes Service (EKS)",
+        "Aurora MySQL",
+        "Aurora PostgreSQL",
+        "Amazon Relational Database Service on MySQL",
+        "Amazon Relational Database Service on PostgreSQL",
+        "Amazon DocumentDB",
+        "Amazon DynamoDB",
+        "Amazon Relational Database Service"
+      ]
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p> The request was denied due to request throttling. </p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "TimeStamp":{"type":"timestamp"},
+    "TranformationToolDescription":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "TranformationToolInstallationLink":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "TransformationTool":{
+      "type":"structure",
+      "members":{
+        "description":{
+          "shape":"TranformationToolDescription",
+          "documentation":"<p> Description of the tool. </p>"
+        },
+        "name":{
+          "shape":"TransformationToolName",
+          "documentation":"<p> Name of the tool. </p>"
+        },
+        "tranformationToolInstallationLink":{
+          "shape":"TranformationToolInstallationLink",
+          "documentation":"<p> URL for installing the tool. </p>"
+        }
+      },
+      "documentation":"<p> Information of the transformation tool that can be used to migrate and modernize the application. </p>"
+    },
+    "TransformationToolName":{
+      "type":"string",
+      "enum":[
+        "App2Container",
+        "Porting Assistant For .NET",
+        "End of Support Migration",
+        "Windows Web Application Migration Assistant",
+        "Application Migration Service",
+        "Strategy Recommendation Support",
+        "In Place Operating System Upgrade",
+        "Schema Conversion Tool",
+        "Database Migration Service",
+        "Native SQL Server Backup/Restore"
+      ]
+    },
+    "UpdateApplicationComponentConfigRequest":{
+      "type":"structure",
+      "required":["applicationComponentId"],
+      "members":{
+        "applicationComponentId":{
+          "shape":"ApplicationComponentId",
+          "documentation":"<p> The ID of the application component. The ID is unique within an AWS account. </p>"
+        },
+        "inclusionStatus":{
+          "shape":"InclusionStatus",
+          "documentation":"<p> Indicates whether the application component has been included for server recommendation or not. </p>"
+        },
+        "secretsManagerKey":{
+          "shape":"SecretsManagerKey",
+          "documentation":"<p> Database credentials. </p>"
+        },
+        "sourceCodeList":{
+          "shape":"SourceCodeList",
+          "documentation":"<p> The list of source code configurations to update for the application component. </p>"
+        },
+        "strategyOption":{
+          "shape":"StrategyOption",
+          "documentation":"<p> The preferred strategy options for the application component. Use values from the <a>GetApplicationComponentStrategies</a> response. </p>"
+        }
+      }
+    },
+    "UpdateApplicationComponentConfigResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateServerConfigRequest":{
+      "type":"structure",
+      "required":["serverId"],
+      "members":{
+        "serverId":{
+          "shape":"ServerId",
+          "documentation":"<p> The ID of the server. </p>"
+        },
+        "strategyOption":{
+          "shape":"StrategyOption",
+          "documentation":"<p> The preferred strategy options for the application component. See the response from <a>GetServerStrategies</a>.</p>"
+        }
+      }
+    },
+    "UpdateServerConfigResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"errorMessage"}
+      },
+      "documentation":"<p> The request body isn't valid. </p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "VersionControl":{
+      "type":"string",
+      "enum":[
+        "GITHUB",
+        "GITHUB_ENTERPRISE"
+      ]
+    },
+    "errorMessage":{"type":"string"},
+    "importS3Bucket":{
+      "type":"string",
+      "max":63,
+      "min":0,
+      "pattern":"[0-9a-z]+[0-9a-z\\.\\-]*[0-9a-z]+"
+    },
+    "importS3Key":{
+      "type":"string",
+      "max":1024,
+      "min":0,
+      "pattern":".*\\S.*"
+    }
+  },
+  "documentation":"<p><fullname>Migration Hub Strategy Recommendations</fullname></p> <pre><code> &lt;p&gt;This API reference provides descriptions, syntax, and other details about each of the actions and data types for Migration Hub Strategy Recommendations (Strategy Recommendations). The topic for each action shows the API request parameters and the response. Alternatively, you can use one of the AWS SDKs to access an API that is tailored to the programming language or platform that you're using. For more information, see &lt;a href=&quot;http://aws.amazon.com/tools/#SDKs&quot;&gt;AWS SDKs&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/mwaa/2020-07-01/service-2.json b/contrib/python/botocore/py3/botocore/data/mwaa/2020-07-01/service-2.json
index 53fc3c36def..16b7ef00dbb 100644
--- a/contrib/python/botocore/py3/botocore/data/mwaa/2020-07-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/mwaa/2020-07-01/service-2.json
@@ -24,7 +24,7 @@
       "errors":[
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Create a CLI token to use Airflow CLI.</p>",
+      "documentation":"<p>Creates a CLI token for the Airflow CLI. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/call-mwaa-apis-cli.html\">Creating an Apache Airflow CLI token</a>.</p>",
       "endpoint":{"hostPrefix":"env."}
     },
     "CreateEnvironment":{
@@ -59,7 +59,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create a JWT token to be used to login to Airflow Web UI with claims based Authentication.</p>",
+      "documentation":"<p>Creates a web login token for the Airflow Web UI. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/call-mwaa-apis-web.html\">Creating an Apache Airflow web login token</a>.</p>",
       "endpoint":{"hostPrefix":"env."},
       "idempotent":true
     },
@@ -95,7 +95,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Retrieves the details of an Amazon Managed Workflows for Apache Airflow (MWAA) environment.</p>",
+      "documentation":"<p>Describes an Amazon Managed Workflows for Apache Airflow (MWAA) environment.</p>",
       "endpoint":{"hostPrefix":"api."}
     },
     "ListEnvironments":{
@@ -144,7 +144,7 @@
         {"shape":"ValidationException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>An operation for publishing metrics from the customers to the Ops plane.</p>",
+      "documentation":"<p> <b>Internal only</b>. Publishes environment health metrics to Amazon CloudWatch.</p>",
       "endpoint":{"hostPrefix":"ops."}
     },
     "TagResource":{
@@ -206,7 +206,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>Access to the Airflow Web UI or CLI has been Denied. Please follow the MWAA user guide to setup permissions to access the Web UI and CLI functionality.</p>",
+      "documentation":"<p>Access to the Apache Airflow Web UI or CLI has been denied due to insufficient permissions. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/access-policies.html\">Accessing an Amazon MWAA environment</a>.</p>",
       "error":{
         "httpStatusCode":403,
         "senderFault":true
@@ -234,13 +234,13 @@
       "type":"string",
       "max":64,
       "min":1,
-      "pattern":"^[a-z]+([a-z._]*[a-z]+)?$"
+      "pattern":"^[a-z]+([a-z0-9._]*[a-z0-9_]+)?$"
     },
     "ConfigValue":{
       "type":"string",
-      "max":256,
+      "max":65536,
       "min":1,
-      "pattern":".*"
+      "pattern":"^[ -~]+$"
     },
     "CreateCliTokenRequest":{
       "type":"structure",
@@ -248,7 +248,7 @@
       "members":{
         "Name":{
           "shape":"EnvironmentName",
-          "documentation":"<p>Create a CLI token request for a MWAA environment.</p>",
+          "documentation":"<p>The name of the Amazon MWAA environment. For example, <code>MyMWAAEnvironment</code>.</p>",
           "location":"uri",
           "locationName":"Name"
         }
@@ -259,11 +259,11 @@
       "members":{
         "CliToken":{
           "shape":"SyntheticCreateCliTokenResponseToken",
-          "documentation":"<p>Create an Airflow CLI login token response for the provided JWT token.</p>"
+          "documentation":"<p>An Airflow CLI login token.</p>"
         },
         "WebServerHostname":{
           "shape":"Hostname",
-          "documentation":"<p>Create an Airflow CLI login token response for the provided webserver hostname.</p>"
+          "documentation":"<p>The Airflow web server hostname for the environment.</p>"
         }
       }
     },
@@ -283,7 +283,7 @@
         },
         "AirflowVersion":{
           "shape":"AirflowVersion",
-          "documentation":"<p>The Apache Airflow version for your environment. For example, <code>v1.10.12</code>. If no value is specified, defaults to the latest version. Valid values: <code>v1.10.12</code>.</p>"
+          "documentation":"<p>The Apache Airflow version for your environment. If no value is specified, defaults to the latest version. Valid values: <code>1.10.12</code>, <code>2.0.2</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/airflow-versions.html\">Apache Airflow versions on Amazon Managed Workflows for Apache Airflow (MWAA)</a>.</p>"
         },
         "DagS3Path":{
           "shape":"RelativePath",
@@ -295,15 +295,15 @@
         },
         "ExecutionRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role for your environment. An execution role is an AWS Identity and Access Management (IAM) role that grants MWAA permission to access AWS services and resources used by your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role for your environment. An execution role is an Amazon Web Services Identity and Access Management (IAM) role that grants MWAA permission to access Amazon Web Services services and resources used by your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
         },
         "KmsKey":{
           "shape":"KmsKey",
-          "documentation":"<p>The AWS Key Management Service (KMS) key to encrypt the data in your environment. You can use an AWS owned CMK, or a Customer managed CMK (advanced). To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/get-started.html\">Get started with Amazon Managed Workflows for Apache Airflow</a>.</p>"
+          "documentation":"<p>The Amazon Web Services Key Management Service (KMS) key to encrypt the data in your environment. You can use an Amazon Web Services owned CMK, or a Customer managed CMK (advanced). To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/create-environment.html\">Create an Amazon MWAA environment</a>.</p>"
         },
         "LoggingConfiguration":{
           "shape":"LoggingConfigurationInput",
-          "documentation":"<p>Defines the Apache Airflow logs to send to CloudWatch Logs: <code>DagProcessingLogs</code>, <code>SchedulerLogs</code>, <code>TaskLogs</code>, <code>WebserverLogs</code>, <code>WorkerLogs</code>.</p>"
+          "documentation":"<p>Defines the Apache Airflow logs to send to CloudWatch Logs.</p>"
         },
         "MaxWorkers":{
           "shape":"MaxWorkers",
@@ -321,7 +321,7 @@
         },
         "NetworkConfiguration":{
           "shape":"NetworkConfiguration",
-          "documentation":"<p>The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+          "documentation":"<p>The VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
         },
         "PluginsS3ObjectVersion":{
           "shape":"S3ObjectVersion",
@@ -341,7 +341,7 @@
         },
         "Schedulers":{
           "shape":"Schedulers",
-          "documentation":"<p>The number of Apache Airflow schedulers to run in your environment.</p>"
+          "documentation":"<p>The number of Apache Airflow schedulers to run in your environment. Valid values:</p> <ul> <li> <p>v2.0.2 - Accepts between 2 to 5. Defaults to 2.</p> </li> <li> <p>v1.10.12 - Accepts 1.</p> </li> </ul>"
         },
         "SourceBucketArn":{
           "shape":"S3BucketArn",
@@ -349,7 +349,7 @@
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>The key-value tag pairs you want to associate to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging AWS resources</a>.</p>"
+          "documentation":"<p>The key-value tag pairs you want to associate to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>"
         },
         "WebserverAccessMode":{
           "shape":"WebserverAccessMode",
@@ -357,7 +357,7 @@
         },
         "WeeklyMaintenanceWindowStart":{
           "shape":"WeeklyMaintenanceWindowStart",
-          "documentation":"<p>The day and time of the week to start weekly maintenance updates of your environment in the following format: <code>DAY:HH:MM</code>. For example: <code>TUE:03:30</code>. You can specify a start time in 30 minute increments only. Supported input includes the following:</p> <ul> <li> <p>MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\\\d|2[0-3]):(00|30)</p> </li> </ul>"
+          "documentation":"<p>The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time to start weekly maintenance updates of your environment in the following format: <code>DAY:HH:MM</code>. For example: <code>TUE:03:30</code>. You can specify a start time in 30 minute increments only.</p>"
         }
       },
       "documentation":"<p>This section contains the Amazon Managed Workflows for Apache Airflow (MWAA) API reference documentation to create an environment. For more information, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/get-started.html\">Get started with Amazon Managed Workflows for Apache Airflow</a>.</p>"
@@ -377,7 +377,7 @@
       "members":{
         "Name":{
           "shape":"EnvironmentName",
-          "documentation":"<p>Create an Airflow Web UI login token request for a MWAA environment.</p>",
+          "documentation":"<p>The name of the Amazon MWAA environment. For example, <code>MyMWAAEnvironment</code>.</p>",
           "location":"uri",
           "locationName":"Name"
         }
@@ -388,11 +388,11 @@
       "members":{
         "WebServerHostname":{
           "shape":"Hostname",
-          "documentation":"<p>Create an Airflow Web UI login token response for the provided webserver hostname.</p>"
+          "documentation":"<p>The Airflow web server hostname for the environment.</p>"
         },
         "WebToken":{
           "shape":"SyntheticCreateWebLoginTokenResponseToken",
-          "documentation":"<p>Create an Airflow Web UI login token response for the provided JWT token.</p>"
+          "documentation":"<p>An Airflow web server login token.</p>"
         }
       }
     },
@@ -423,14 +423,14 @@
       "members":{
         "Name":{
           "shape":"String",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The name of the dimension.</p>"
         },
         "Value":{
           "shape":"String",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The value of the dimension.</p>"
         }
       },
-      "documentation":"<p>Internal only API.</p>"
+      "documentation":"<p> <b>Internal only</b>. Represents the dimensions of a metric. To learn more about the metrics published to Amazon CloudWatch, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/cw-metrics.html\">Amazon MWAA performance metrics in Amazon CloudWatch</a>.</p>"
     },
     "Dimensions":{
       "type":"list",
@@ -449,7 +449,7 @@
         },
         "AirflowVersion":{
           "shape":"AirflowVersion",
-          "documentation":"<p>The Apache Airflow version on your environment. For example, <code>v1.10.12</code>.</p>"
+          "documentation":"<p>The Apache Airflow version on your environment. Valid values: <code>1.10.12</code>, <code>2.0.2</code>.</p>"
         },
         "Arn":{
           "shape":"EnvironmentArn",
@@ -469,16 +469,19 @@
         },
         "ExecutionRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access AWS resources in your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access Amazon Web Services resources in your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
         },
         "KmsKey":{
           "shape":"KmsKey",
-          "documentation":"<p>The Key Management Service (KMS) encryption key used to encrypt the data in your environment.</p>"
+          "documentation":"<p>The Amazon Web Services Key Management Service (KMS) encryption key used to encrypt the data in your environment.</p>"
+        },
+        "LastUpdate":{
+          "shape":"LastUpdate",
+          "documentation":"<p>The status of the last update on the environment.</p>"
         },
-        "LastUpdate":{"shape":"LastUpdate"},
         "LoggingConfiguration":{
           "shape":"LoggingConfiguration",
-          "documentation":"<p>The Apache Airflow logs being sent to CloudWatch Logs: <code>DagProcessingLogs</code>, <code>SchedulerLogs</code>, <code>TaskLogs</code>, <code>WebserverLogs</code>, <code>WorkerLogs</code>.</p>"
+          "documentation":"<p>The Apache Airflow logs published to CloudWatch Logs.</p>"
         },
         "MaxWorkers":{
           "shape":"MaxWorkers",
@@ -492,7 +495,10 @@
           "shape":"EnvironmentName",
           "documentation":"<p>The name of the Amazon MWAA environment. For example, <code>MyMWAAEnvironment</code>.</p>"
         },
-        "NetworkConfiguration":{"shape":"NetworkConfiguration"},
+        "NetworkConfiguration":{
+          "shape":"NetworkConfiguration",
+          "documentation":"<p>Describes the VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+        },
         "PluginsS3ObjectVersion":{
           "shape":"S3ObjectVersion",
           "documentation":"<p>The version of the plugins.zip file on your Amazon S3 bucket. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import-plugins.html\">Installing custom plugins</a>.</p>"
@@ -527,7 +533,7 @@
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>The key-value tag pairs associated to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging AWS resources</a>.</p>"
+          "documentation":"<p>The key-value tag pairs associated to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>"
         },
         "WebserverAccessMode":{
           "shape":"WebserverAccessMode",
@@ -539,10 +545,10 @@
         },
         "WeeklyMaintenanceWindowStart":{
           "shape":"WeeklyMaintenanceWindowStart",
-          "documentation":"<p>The day and time of the week that weekly maintenance updates are scheduled. For example: <code>TUE:03:30</code>.</p>"
+          "documentation":"<p>The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time that weekly maintenance updates are scheduled. For example: <code>TUE:03:30</code>.</p>"
         }
       },
-      "documentation":"<p>The Amazon Managed Workflows for Apache Airflow (MWAA) environment.</p>"
+      "documentation":"<p>Describes an Amazon Managed Workflows for Apache Airflow (MWAA) environment.</p>"
     },
     "EnvironmentArn":{
       "type":"string",
@@ -649,12 +655,16 @@
           "shape":"UpdateError",
           "documentation":"<p>The error that was encountered during the last update of the environment.</p>"
         },
+        "Source":{
+          "shape":"UpdateSource",
+          "documentation":"<p>The source of the last update to the environment. Includes internal processes by Amazon MWAA, such as an environment maintenance update.</p>"
+        },
         "Status":{
           "shape":"UpdateStatus",
-          "documentation":"<p>The status of the last update on the environment. Valid values: <code>SUCCESS</code>, <code>PENDING</code>, <code>FAILED</code>.</p>"
+          "documentation":"<p>The status of the last update on the environment.</p>"
         }
       },
-      "documentation":"<p>The status of the last update on the environment, and any errors that were encountered.</p>"
+      "documentation":"<p>Describes the status of the last update on the environment, and any errors that were encountered.</p>"
     },
     "ListEnvironmentsInput":{
       "type":"structure",
@@ -685,7 +695,7 @@
       "members":{
         "Environments":{
           "shape":"EnvironmentList",
-          "documentation":"<p>Returns the list of Amazon MWAA environments.</p>"
+          "documentation":"<p>Returns a list of Amazon MWAA environments.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -710,31 +720,61 @@
       "members":{
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>The key-value tag pairs associated to your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging AWS resources</a>.</p>"
+          "documentation":"<p>The key-value tag pairs associated to your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>"
         }
       }
     },
     "LoggingConfiguration":{
       "type":"structure",
       "members":{
-        "DagProcessingLogs":{"shape":"ModuleLoggingConfiguration"},
-        "SchedulerLogs":{"shape":"ModuleLoggingConfiguration"},
-        "TaskLogs":{"shape":"ModuleLoggingConfiguration"},
-        "WebserverLogs":{"shape":"ModuleLoggingConfiguration"},
-        "WorkerLogs":{"shape":"ModuleLoggingConfiguration"}
+        "DagProcessingLogs":{
+          "shape":"ModuleLoggingConfiguration",
+          "documentation":"<p>The Airflow DAG processing logs published to CloudWatch Logs and the log level.</p>"
+        },
+        "SchedulerLogs":{
+          "shape":"ModuleLoggingConfiguration",
+          "documentation":"<p>The Airflow scheduler logs published to CloudWatch Logs and the log level.</p>"
+        },
+        "TaskLogs":{
+          "shape":"ModuleLoggingConfiguration",
+          "documentation":"<p>The Airflow task logs published to CloudWatch Logs and the log level.</p>"
+        },
+        "WebserverLogs":{
+          "shape":"ModuleLoggingConfiguration",
+          "documentation":"<p>The Airflow web server logs published to CloudWatch Logs and the log level.</p>"
+        },
+        "WorkerLogs":{
+          "shape":"ModuleLoggingConfiguration",
+          "documentation":"<p>The Airflow worker logs published to CloudWatch Logs and the log level.</p>"
+        }
       },
-      "documentation":"<p>Defines the Apache Airflow logs to send to CloudWatch Logs: <code>DagProcessingLogs</code>, <code>SchedulerLogs</code>, <code>TaskLogs</code>, <code>WebserverLogs</code>, <code>WorkerLogs</code>.</p>"
+      "documentation":"<p>Describes the Apache Airflow log types that are published to CloudWatch Logs.</p>"
     },
     "LoggingConfigurationInput":{
       "type":"structure",
       "members":{
-        "DagProcessingLogs":{"shape":"ModuleLoggingConfigurationInput"},
-        "SchedulerLogs":{"shape":"ModuleLoggingConfigurationInput"},
-        "TaskLogs":{"shape":"ModuleLoggingConfigurationInput"},
-        "WebserverLogs":{"shape":"ModuleLoggingConfigurationInput"},
-        "WorkerLogs":{"shape":"ModuleLoggingConfigurationInput"}
+        "DagProcessingLogs":{
+          "shape":"ModuleLoggingConfigurationInput",
+          "documentation":"<p>Publishes Airflow DAG processing logs to CloudWatch Logs.</p>"
+        },
+        "SchedulerLogs":{
+          "shape":"ModuleLoggingConfigurationInput",
+          "documentation":"<p>Publishes Airflow scheduler logs to CloudWatch Logs.</p>"
+        },
+        "TaskLogs":{
+          "shape":"ModuleLoggingConfigurationInput",
+          "documentation":"<p>Publishes Airflow task logs to CloudWatch Logs.</p>"
+        },
+        "WebserverLogs":{
+          "shape":"ModuleLoggingConfigurationInput",
+          "documentation":"<p>Publishes Airflow web server logs to CloudWatch Logs.</p>"
+        },
+        "WorkerLogs":{
+          "shape":"ModuleLoggingConfigurationInput",
+          "documentation":"<p>Publishes Airflow worker logs to CloudWatch Logs.</p>"
+        }
       },
-      "documentation":"<p>Defines the Apache Airflow logs to send to CloudWatch Logs: <code>DagProcessingLogs</code>, <code>SchedulerLogs</code>, <code>TaskLogs</code>, <code>WebserverLogs</code>, <code>WorkerLogs</code>.</p>"
+      "documentation":"<p>Defines the Apache Airflow log types to send to CloudWatch Logs.</p>"
     },
     "LoggingEnabled":{
       "type":"boolean",
@@ -768,27 +808,30 @@
       "members":{
         "Dimensions":{
           "shape":"Dimensions",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The dimensions associated with the metric.</p>"
         },
         "MetricName":{
           "shape":"String",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The name of the metric.</p>"
         },
         "StatisticValues":{
           "shape":"StatisticSet",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The statistical values for the metric.</p>"
         },
         "Timestamp":{
           "shape":"Timestamp",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The time the metric data was received.</p>"
+        },
+        "Unit":{
+          "shape":"Unit",
+          "documentation":"<p> <b>Internal only</b>. The unit used to store the metric.</p>"
         },
-        "Unit":{"shape":"Unit"},
         "Value":{
           "shape":"Double",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The value for the metric.</p>"
         }
       },
-      "documentation":"<p>Internal only API.</p>"
+      "documentation":"<p> <b>Internal only</b>. Collects Apache Airflow metrics. To learn more about the metrics published to Amazon CloudWatch, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/cw-metrics.html\">Amazon MWAA performance metrics in Amazon CloudWatch</a>.</p>"
     },
     "MinWorkers":{
       "type":"integer",
@@ -804,14 +847,14 @@
         },
         "Enabled":{
           "shape":"LoggingEnabled",
-          "documentation":"<p>Indicates whether to enable the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>) in CloudWatch Logs.</p>"
+          "documentation":"<p>Indicates whether the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>) is enabled.</p>"
         },
         "LogLevel":{
           "shape":"LoggingLevel",
-          "documentation":"<p>Defines the Apache Airflow logs to send for the log type (e.g. <code>DagProcessingLogs</code>) to CloudWatch Logs. Valid values: <code>CRITICAL</code>, <code>ERROR</code>, <code>WARNING</code>, <code>INFO</code>.</p>"
+          "documentation":"<p>The Apache Airflow log level for the log type (e.g. <code>DagProcessingLogs</code>). </p>"
         }
       },
-      "documentation":"<p>Defines the type of logs to send for the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>). Valid values: <code>CloudWatchLogGroupArn</code>, <code>Enabled</code>, <code>LogLevel</code>.</p>"
+      "documentation":"<p>Describes the Apache Airflow log details for the log type (e.g. <code>DagProcessingLogs</code>).</p>"
     },
     "ModuleLoggingConfigurationInput":{
       "type":"structure",
@@ -822,28 +865,28 @@
       "members":{
         "Enabled":{
           "shape":"LoggingEnabled",
-          "documentation":"<p>Indicates whether to enable the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>) in CloudWatch Logs.</p>"
+          "documentation":"<p>Indicates whether to enable the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>).</p>"
         },
         "LogLevel":{
           "shape":"LoggingLevel",
-          "documentation":"<p>Defines the Apache Airflow logs to send for the log type (e.g. <code>DagProcessingLogs</code>) to CloudWatch Logs. Valid values: <code>CRITICAL</code>, <code>ERROR</code>, <code>WARNING</code>, <code>INFO</code>.</p>"
+          "documentation":"<p>Defines the Apache Airflow log level (e.g. <code>INFO</code>) to send to CloudWatch Logs.</p>"
         }
       },
-      "documentation":"<p>Defines the type of logs to send for the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>). Valid values: <code>CloudWatchLogGroupArn</code>, <code>Enabled</code>, <code>LogLevel</code>.</p>"
+      "documentation":"<p>Enables the Apache Airflow log type (e.g. <code>DagProcessingLogs</code>) and defines the log level to send to CloudWatch Logs (e.g. <code>INFO</code>).</p>"
     },
     "NetworkConfiguration":{
       "type":"structure",
       "members":{
         "SecurityGroupIds":{
           "shape":"SecurityGroupList",
-          "documentation":"<p>A list of 1 or more security group IDs. Accepts up to 5 security group IDs. A security group must be attached to the same VPC as the subnets. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-security.html\">Security in your VPC on Amazon MWAA</a>.</p>"
+          "documentation":"<p>A list of security group IDs. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-security.html\">Security in your VPC on Amazon MWAA</a>.</p>"
         },
         "SubnetIds":{
           "shape":"SubnetList",
-          "documentation":"<p>A list of 2 subnet IDs. <b>Required</b> to create an environment. Must be private subnets in two different availability zones. A subnet must be attached to the same VPC as the security group.</p>"
+          "documentation":"<p>A list of subnet IDs. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
         }
       },
-      "documentation":"<p>The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+      "documentation":"<p>Describes the VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
     },
     "NextToken":{
       "type":"string",
@@ -859,13 +902,13 @@
       "members":{
         "EnvironmentName":{
           "shape":"EnvironmentName",
-          "documentation":"<p>Publishes environment metric data to Amazon CloudWatch.</p>",
+          "documentation":"<p> <b>Internal only</b>. The name of the environment.</p>",
           "location":"uri",
           "locationName":"EnvironmentName"
         },
         "MetricData":{
           "shape":"MetricData",
-          "documentation":"<p>Publishes metric data points to Amazon CloudWatch. CloudWatch associates the data points with the specified metrica.</p>"
+          "documentation":"<p> <b>Internal only</b>. Publishes metrics to Amazon CloudWatch. To learn more about the metrics published to Amazon CloudWatch, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/cw-metrics.html\">Amazon MWAA performance metrics in Amazon CloudWatch</a>.</p>"
         }
       }
     },
@@ -925,22 +968,22 @@
       "members":{
         "Maximum":{
           "shape":"Double",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The maximum value of the sample set.</p>"
         },
         "Minimum":{
           "shape":"Double",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The minimum value of the sample set.</p>"
         },
         "SampleCount":{
           "shape":"Integer",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The number of samples used for the statistic set.</p>"
         },
         "Sum":{
           "shape":"Double",
-          "documentation":"<p>Internal only API.</p>"
+          "documentation":"<p> <b>Internal only</b>. The sum of values for the sample set.</p>"
         }
       },
-      "documentation":"<p>Internal only API.</p>"
+      "documentation":"<p> <b>Internal only</b>. Represents a set of statistics that describe a specific metric. To learn more about the metrics published to Amazon CloudWatch, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/cw-metrics.html\">Amazon MWAA performance metrics in Amazon CloudWatch</a>.</p>"
     },
     "String":{"type":"string"},
     "SubnetId":{
@@ -1009,7 +1052,7 @@
         },
         "Tags":{
           "shape":"TagMap",
-          "documentation":"<p>The key-value tag pairs you want to associate to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging AWS resources</a>.</p>"
+          "documentation":"<p>The key-value tag pairs you want to associate to your environment. For example, <code>\"Environment\": \"Staging\"</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>"
         }
       }
     },
@@ -1027,7 +1070,6 @@
     "Timestamp":{"type":"timestamp"},
     "Unit":{
       "type":"string",
-      "documentation":"<p>Unit</p>",
       "enum":[
         "Seconds",
         "Microseconds",
@@ -1095,7 +1137,7 @@
         },
         "AirflowVersion":{
           "shape":"AirflowVersion",
-          "documentation":"<p>The Apache Airflow version for your environment. For example, <code>v1.10.12</code>. If no value is specified, defaults to the latest version. Valid values: <code>v1.10.12</code>.</p>"
+          "documentation":"<p>The Apache Airflow version for your environment. If no value is specified, defaults to the latest version. Valid values: <code>1.10.12</code>, <code>2.0.2</code>.</p>"
         },
         "DagS3Path":{
           "shape":"RelativePath",
@@ -1107,11 +1149,11 @@
         },
         "ExecutionRoleArn":{
           "shape":"IamRoleArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access AWS resources in your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access Amazon Web Services resources in your environment. For example, <code>arn:aws:iam::123456789:role/my-execution-role</code>. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html\">Amazon MWAA Execution role</a>.</p>"
         },
         "LoggingConfiguration":{
           "shape":"LoggingConfigurationInput",
-          "documentation":"<p>Defines the Apache Airflow logs to send to CloudWatch Logs: <code>DagProcessingLogs</code>, <code>SchedulerLogs</code>, <code>TaskLogs</code>, <code>WebserverLogs</code>, <code>WorkerLogs</code>.</p>"
+          "documentation":"<p>The Apache Airflow log types to send to CloudWatch Logs.</p>"
         },
         "MaxWorkers":{
           "shape":"MaxWorkers",
@@ -1129,7 +1171,7 @@
         },
         "NetworkConfiguration":{
           "shape":"UpdateNetworkConfigurationInput",
-          "documentation":"<p>The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+          "documentation":"<p>The VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
         },
         "PluginsS3ObjectVersion":{
           "shape":"S3ObjectVersion",
@@ -1161,7 +1203,7 @@
         },
         "WeeklyMaintenanceWindowStart":{
           "shape":"WeeklyMaintenanceWindowStart",
-          "documentation":"<p>The day and time of the week to start weekly maintenance updates of your environment in the following format: <code>DAY:HH:MM</code>. For example: <code>TUE:03:30</code>. You can specify a start time in 30 minute increments only. Supported input includes the following:</p> <ul> <li> <p>MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\\\d|2[0-3]):(00|30)</p> </li> </ul>"
+          "documentation":"<p>The day and time of the week in Coordinated Universal Time (UTC) 24-hour standard time to start weekly maintenance updates of your environment in the following format: <code>DAY:HH:MM</code>. For example: <code>TUE:03:30</code>. You can specify a start time in 30 minute increments only.</p>"
         }
       }
     },
@@ -1186,7 +1228,7 @@
           "documentation":"<p>The error message that corresponds to the error code.</p>"
         }
       },
-      "documentation":"<p>An object containing the error encountered with the last update: <code>ErrorCode</code>, <code>ErrorMessage</code>.</p>"
+      "documentation":"<p>Describes the error(s) encountered with the last update of the environment.</p>"
     },
     "UpdateNetworkConfigurationInput":{
       "type":"structure",
@@ -1194,10 +1236,16 @@
       "members":{
         "SecurityGroupIds":{
           "shape":"SecurityGroupList",
-          "documentation":"<p>A list of 1 or more security group IDs. Accepts up to 5 security group IDs. A security group must be attached to the same VPC as the subnets. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-security.html\">Security in your VPC on Amazon MWAA</a>.</p>"
+          "documentation":"<p>A list of security group IDs. A security group must be attached to the same VPC as the subnets. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-security.html\">Security in your VPC on Amazon MWAA</a>.</p>"
         }
       },
-      "documentation":"<p>The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+      "documentation":"<p>Defines the VPC networking components used to secure and enable network traffic between the Amazon Web Services resources for your environment. To learn more, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/networking-about.html\">About networking on Amazon MWAA</a>.</p>"
+    },
+    "UpdateSource":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^.+$"
     },
     "UpdateStatus":{
       "type":"string",
@@ -1239,5 +1287,5 @@
       "pattern":"(MON|TUE|WED|THU|FRI|SAT|SUN):([01]\\d|2[0-3]):(00|30)"
     }
   },
-  "documentation":"<p><fullname>Amazon Managed Workflows for Apache Airflow</fullname> <p>This section contains the Amazon Managed Workflows for Apache Airflow (MWAA) API reference documentation. For more information, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/what-is-mwaa.html\">What Is Amazon MWAA?</a>.</p></p>"
+  "documentation":"<p><fullname>Amazon Managed Workflows for Apache Airflow</fullname> <p>This section contains the Amazon Managed Workflows for Apache Airflow (MWAA) API reference documentation. For more information, see <a href=\"https://docs.aws.amazon.com/mwaa/latest/userguide/what-is-mwaa.html\">What Is Amazon MWAA?</a>.</p></p> <pre><code> &lt;p&gt; &lt;b&gt;Endpoints&lt;/b&gt; &lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt;api.airflow.{region}.amazonaws.com&lt;/code&gt; - This endpoint is used for environment management.&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_CreateEnvironment.html&quot;&gt;CreateEnvironment&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_DeleteEnvironment.html&quot;&gt;DeleteEnvironment&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_GetEnvironment.html&quot;&gt;GetEnvironment&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_ListEnvironments.html&quot;&gt;ListEnvironments&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_ListTagsForResource.html&quot;&gt;ListTagsForResource&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_TagResource.html&quot;&gt;TagResource&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_UntagResource.html&quot;&gt;UntagResource&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_UpdateEnvironment.html&quot;&gt;UpdateEnvironment&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt;env.airflow.{region}.amazonaws.com&lt;/code&gt; - This endpoint is used to operate the Airflow environment.&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_CreateCliToken.html &quot;&gt;CreateCliToken&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_CreateWebLoginToken.html&quot;&gt;CreateWebLoginToken&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;li&gt; &lt;p&gt; &lt;code&gt;ops.airflow.{region}.amazonaws.com&lt;/code&gt; - This endpoint is used to push environment metrics that track environment health.&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt; &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/API/API_PublishMetrics.html &quot;&gt;PublishMetrics&lt;/a&gt; &lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;b&gt;Regions&lt;/b&gt; &lt;/p&gt; &lt;p&gt;For a list of regions that Amazon MWAA supports, see &lt;a href=&quot;https://docs.aws.amazon.com/mwaa/latest/userguide/what-is-mwaa.html#regions-mwaa&quot;&gt;Region availability&lt;/a&gt; in the &lt;i&gt;Amazon MWAA User Guide&lt;/i&gt;.&lt;/p&gt; </code></pre>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/network-firewall/2020-11-12/service-2.json b/contrib/python/botocore/py3/botocore/data/network-firewall/2020-11-12/service-2.json
index ac8b05d0846..54011625321 100644
--- a/contrib/python/botocore/py3/botocore/data/network-firewall/2020-11-12/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/network-firewall/2020-11-12/service-2.json
@@ -254,6 +254,22 @@
       ],
       "documentation":"<p>Returns the data objects for the specified rule group. </p>"
     },
+    "DescribeRuleGroupMetadata":{
+      "name":"DescribeRuleGroupMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeRuleGroupMetadataRequest"},
+      "output":{"shape":"DescribeRuleGroupMetadataResponse"},
+      "errors":[
+        {"shape":"InvalidRequestException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerError"}
+      ],
+      "documentation":"<p>High-level information about a rule group, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a rule group. You can retrieve all objects for a rule group by calling <a>DescribeRuleGroup</a>. </p>"
+    },
     "DisassociateSubnets":{
       "name":"DisassociateSubnets",
       "http":{
@@ -326,6 +342,8 @@
       "input":{"shape":"ListTagsForResourceRequest"},
       "output":{"shape":"ListTagsForResourceResponse"},
       "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerError"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidRequestException"}
       ],
@@ -357,6 +375,8 @@
       "input":{"shape":"TagResourceRequest"},
       "output":{"shape":"TagResourceResponse"},
       "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerError"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidRequestException"}
       ],
@@ -371,6 +391,8 @@
       "input":{"shape":"UntagResourceRequest"},
       "output":{"shape":"UntagResourceResponse"},
       "errors":[
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerError"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidRequestException"}
       ],
@@ -444,7 +466,7 @@
         {"shape":"InvalidTokenException"},
         {"shape":"ResourceOwnerCheckException"}
       ],
-      "documentation":"<p/>"
+      "documentation":"<p>Modifies the flag, <code>ChangeProtection</code>, which indicates whether it is possible to change the firewall. If the flag is set to <code>TRUE</code>, the firewall is protected from changes. This setting helps protect against accidentally changing a firewall that's in use.</p>"
     },
     "UpdateLoggingConfiguration":{
       "name":"UpdateLoggingConfiguration",
@@ -1049,6 +1071,53 @@
         }
       }
     },
+    "DescribeRuleGroupMetadataRequest":{
+      "type":"structure",
+      "members":{
+        "RuleGroupName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p> <p>You must specify the ARN or the name, and you can specify both. </p>"
+        },
+        "RuleGroupArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p> <p>You must specify the ARN or the name, and you can specify both. </p>"
+        },
+        "Type":{
+          "shape":"RuleGroupType",
+          "documentation":"<p>Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules. </p> <note> <p>This setting is required for requests that do not include the <code>RuleGroupARN</code>.</p> </note>"
+        }
+      }
+    },
+    "DescribeRuleGroupMetadataResponse":{
+      "type":"structure",
+      "required":[
+        "RuleGroupArn",
+        "RuleGroupName"
+      ],
+      "members":{
+        "RuleGroupArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p> <p>You must specify the ARN or the name, and you can specify both. </p>"
+        },
+        "RuleGroupName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p> <p>You must specify the ARN or the name, and you can specify both. </p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>Returns the metadata objects for the specified rule group. </p>"
+        },
+        "Type":{
+          "shape":"RuleGroupType",
+          "documentation":"<p>Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules. </p> <note> <p>This setting is required for requests that do not include the <code>RuleGroupARN</code>.</p> </note>"
+        },
+        "Capacity":{
+          "shape":"RuleCapacity",
+          "documentation":"<p>The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group. </p> <p>You can retrieve the capacity that would be required for a rule group before you create the rule group by calling <a>CreateRuleGroup</a> with <code>DryRun</code> set to <code>TRUE</code>. </p>"
+        },
+        "StatefulRuleOptions":{"shape":"StatefulRuleOptions"}
+      }
+    },
     "DescribeRuleGroupRequest":{
       "type":"structure",
       "members":{
@@ -1269,7 +1338,7 @@
         },
         "StatefulDefaultActions":{
           "shape":"StatefulActions",
-          "documentation":"<p>The default actions to take on a packet that doesn't match any stateful rules.</p>"
+          "documentation":"<p>The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.</p> <p>Valid values of the stateful default action:</p> <ul> <li> <p>aws:drop_strict</p> </li> <li> <p>aws:drop_established</p> </li> <li> <p>aws:alert_strict</p> </li> <li> <p>aws:alert_established</p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html\">Strict evaluation order</a> in the <i>AWS Network Firewall Developer Guide</i>. </p>"
         },
         "StatefulEngineOptions":{
           "shape":"StatefulEngineOptions",
@@ -1580,6 +1649,10 @@
         "MaxResults":{
           "shape":"PaginationMaxResults",
           "documentation":"<p>The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>"
+        },
+        "Scope":{
+          "shape":"ResourceManagedStatus",
+          "documentation":"<p>The scope of the request. The default setting of <code>ACCOUNT</code> or a setting of <code>NULL</code> returns all of the rule groups in your account. A setting of <code>MANAGED</code> returns all available managed rule groups.</p>"
         }
       }
     },
@@ -1727,6 +1800,10 @@
       "documentation":"<p>Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags. </p>"
     },
     "NumberOfAssociations":{"type":"integer"},
+    "OverrideAction":{
+      "type":"string",
+      "enum":["DROP_TO_ALERT"]
+    },
     "PaginationMaxResults":{
       "type":"integer",
       "max":100,
@@ -1872,6 +1949,13 @@
       "min":36,
       "pattern":"^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$"
     },
+    "ResourceManagedStatus":{
+      "type":"string",
+      "enum":[
+        "MANAGED",
+        "ACCOUNT"
+      ]
+    },
     "ResourceName":{
       "type":"string",
       "max":128,
@@ -2097,7 +2181,7 @@
       "members":{
         "Targets":{
           "shape":"RuleTargets",
-          "documentation":"<p>The domains that you want to inspect for in your traffic flows. To provide multiple domains, separate them with commas. Valid domain specifications are the following:</p> <ul> <li> <p>Explicit names. For example, <code>abc.example.com</code> matches only the domain <code>abc.example.com</code>.</p> </li> <li> <p>Names that use a domain wildcard, which you indicate with an initial '<code>.</code>'. For example,<code>.example.com</code> matches <code>example.com</code> and matches all subdomains of <code>example.com</code>, such as <code>abc.example.com</code> and <code>www.example.com</code>. </p> </li> </ul>"
+          "documentation":"<p>The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:</p> <ul> <li> <p>Explicit names. For example, <code>abc.example.com</code> matches only the domain <code>abc.example.com</code>.</p> </li> <li> <p>Names that use a domain wildcard, which you indicate with an initial '<code>.</code>'. For example,<code>.example.com</code> matches <code>example.com</code> and matches all subdomains of <code>example.com</code>, such as <code>abc.example.com</code> and <code>www.example.com</code>. </p> </li> </ul>"
         },
         "TargetTypes":{
           "shape":"TargetTypes",
@@ -2148,7 +2232,7 @@
       "members":{
         "RuleOrder":{
           "shape":"RuleOrder",
-          "documentation":"<p>Indicates how to manage the order of stateful rule evaluation for the policy. By default, Network Firewall leaves the rule evaluation order up to the Suricata rule processing engine. If you set this to <code>STRICT_ORDER</code>, your rules are evaluated in the exact order that you provide them in the policy. With strict ordering, the rule groups are evaluated by order of priority, starting from the lowest number, and the rules in each rule group are processed in the order that they're defined. </p>"
+          "documentation":"<p>Indicates how to manage the order of stateful rule evaluation for the policy. <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html\">Evaluation order for stateful rules</a> in the <i>AWS Network Firewall Developer Guide</i>. </p>"
         }
       },
       "documentation":"<p>Configuration settings for the handling of the stateful rule groups in a firewall policy. </p>"
@@ -2183,6 +2267,16 @@
         "ANY"
       ]
     },
+    "StatefulRuleGroupOverride":{
+      "type":"structure",
+      "members":{
+        "Action":{
+          "shape":"OverrideAction",
+          "documentation":"<p>The action that changes the rule group from <code>DROP</code> to <code>ALERT</code>. This only applies to managed rule groups.</p>"
+        }
+      },
+      "documentation":"<p>The setting that allows the policy owner to change the behavior of the rule group within a policy. </p>"
+    },
     "StatefulRuleGroupReference":{
       "type":"structure",
       "required":["ResourceArn"],
@@ -2195,6 +2289,10 @@
           "shape":"Priority",
           "documentation":"<p>An integer setting that indicates the order in which to run the stateful rule groups in a single <a>FirewallPolicy</a>. This setting only applies to firewall policies that specify the <code>STRICT_ORDER</code> rule order in the stateful engine options settings.</p> <p>Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.</p> <p>You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on. </p>",
           "box":true
+        },
+        "Override":{
+          "shape":"StatefulRuleGroupOverride",
+          "documentation":"<p>The action that allows the policy owner to override the behavior of the rule group within a policy.</p>"
         }
       },
       "documentation":"<p>Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group. </p>"
@@ -2208,7 +2306,7 @@
       "members":{
         "RuleOrder":{
           "shape":"RuleOrder",
-          "documentation":"<p>Indicates how to manage the order of the rule evaluation for the rule group. By default, Network Firewall leaves the rule evaluation order up to the Suricata rule processing engine. If you set this to <code>STRICT_ORDER</code>, your rules are evaluated in the exact order that they're listed in your Suricata rules string. </p>"
+          "documentation":"<p>Indicates how to manage the order of the rule evaluation for the rule group. <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html\">Evaluation order for stateful rules</a> in the <i>AWS Network Firewall Developer Guide</i>. </p>"
         }
       },
       "documentation":"<p>Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.</p>"
@@ -2528,7 +2626,7 @@
         },
         "DeleteProtection":{
           "shape":"Boolean",
-          "documentation":"<p/>"
+          "documentation":"<p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p>"
         },
         "UpdateToken":{
           "shape":"UpdateToken",
diff --git a/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/paginators-1.json b/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/paginators-1.json
index 121cd233b7f..b4aa0530316 100644
--- a/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/paginators-1.json
@@ -77,6 +77,42 @@
       "output_token": "NextToken",
       "limit_key": "MaxResults",
       "result_key": "NetworkTelemetry"
+    },
+    "GetConnectPeerAssociations": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ConnectPeerAssociations"
+    },
+    "GetCoreNetworkChangeSet": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "CoreNetworkChanges"
+    },
+    "ListAttachments": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "Attachments"
+    },
+    "ListConnectPeers": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ConnectPeers"
+    },
+    "ListCoreNetworkPolicyVersions": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "CoreNetworkPolicyVersions"
+    },
+    "ListCoreNetworks": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "CoreNetworks"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/service-2.json b/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/service-2.json
index 453a23be493..b32f19bfba2 100644
--- a/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/networkmanager/2019-07-05/service-2.json
@@ -13,6 +13,43 @@
     "uid":"networkmanager-2019-07-05"
   },
   "operations":{
+    "AcceptAttachment":{
+      "name":"AcceptAttachment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/attachments/{attachmentId}/accept"
+      },
+      "input":{"shape":"AcceptAttachmentRequest"},
+      "output":{"shape":"AcceptAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Accepts a core network attachment request. </p> <p>Once the attachment request is accepted by a core network owner, the attachment is created and connected to a core network.</p>"
+    },
+    "AssociateConnectPeer":{
+      "name":"AssociateConnectPeer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/global-networks/{globalNetworkId}/connect-peer-associations"
+      },
+      "input":{"shape":"AssociateConnectPeerRequest"},
+      "output":{"shape":"AssociateConnectPeerResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Associates a core network Connect peer with a device and optionally, with a link. </p> <p>If you specify a link, it must be associated with the specified device. You can only associate core network Connect peers that have been created on a core network Connect attachment on a core network. </p>"
+    },
     "AssociateCustomerGateway":{
       "name":"AssociateCustomerGateway",
       "http":{
@@ -70,6 +107,42 @@
       ],
       "documentation":"<p>Associates a transit gateway Connect peer with a device, and optionally, with a link. If you specify a link, it must be associated with the specified device. </p> <p>You can only associate transit gateway Connect peers that have been created on a transit gateway that's registered in your global network.</p> <p>You cannot associate a transit gateway Connect peer with more than one device and link. </p>"
     },
+    "CreateConnectAttachment":{
+      "name":"CreateConnectAttachment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/connect-attachments"
+      },
+      "input":{"shape":"CreateConnectAttachmentRequest"},
+      "output":{"shape":"CreateConnectAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a core network Connect attachment from a specified core network attachment. </p> <p>A core network Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a core network and an appliance. A core network Connect attachment uses an existing VPC attachment as the underlying transport mechanism.</p>"
+    },
+    "CreateConnectPeer":{
+      "name":"CreateConnectPeer",
+      "http":{
+        "method":"POST",
+        "requestUri":"/connect-peers"
+      },
+      "input":{"shape":"CreateConnectPeerRequest"},
+      "output":{"shape":"CreateConnectPeerResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a core network connect peer for a specified core network connect attachment between a core network and an appliance. The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).</p>"
+    },
     "CreateConnection":{
       "name":"CreateConnection",
       "http":{
@@ -88,6 +161,25 @@
       ],
       "documentation":"<p>Creates a connection between two devices. The devices can be a physical or virtual appliance that connects to a third-party appliance in a VPC, or a physical appliance that connects to another physical appliance in an on-premises network.</p>"
     },
+    "CreateCoreNetwork":{
+      "name":"CreateCoreNetwork",
+      "http":{
+        "method":"POST",
+        "requestUri":"/core-networks"
+      },
+      "input":{"shape":"CreateCoreNetworkRequest"},
+      "output":{"shape":"CreateCoreNetworkResponse"},
+      "errors":[
+        {"shape":"CoreNetworkPolicyException"},
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a core network as part of your global network, and optionally, with a core network policy.</p>"
+    },
     "CreateDevice":{
       "name":"CreateDevice",
       "http":{
@@ -163,6 +255,78 @@
       ],
       "documentation":"<p>Creates a new site in a global network.</p>"
     },
+    "CreateSiteToSiteVpnAttachment":{
+      "name":"CreateSiteToSiteVpnAttachment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/site-to-site-vpn-attachments"
+      },
+      "input":{"shape":"CreateSiteToSiteVpnAttachmentRequest"},
+      "output":{"shape":"CreateSiteToSiteVpnAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a site-to-site VPN attachment on an edge location of a core network.</p>"
+    },
+    "CreateVpcAttachment":{
+      "name":"CreateVpcAttachment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/vpc-attachments"
+      },
+      "input":{"shape":"CreateVpcAttachmentRequest"},
+      "output":{"shape":"CreateVpcAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a VPC attachment on an edge location of a core network.</p>"
+    },
+    "DeleteAttachment":{
+      "name":"DeleteAttachment",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/attachments/{attachmentId}"
+      },
+      "input":{"shape":"DeleteAttachmentRequest"},
+      "output":{"shape":"DeleteAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes an attachment. Supports all attachment types.</p>"
+    },
+    "DeleteConnectPeer":{
+      "name":"DeleteConnectPeer",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/connect-peers/{connectPeerId}"
+      },
+      "input":{"shape":"DeleteConnectPeerRequest"},
+      "output":{"shape":"DeleteConnectPeerResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes a Connect peer.</p>"
+    },
     "DeleteConnection":{
       "name":"DeleteConnection",
       "http":{
@@ -181,6 +345,42 @@
       ],
       "documentation":"<p>Deletes the specified connection in your global network.</p>"
     },
+    "DeleteCoreNetwork":{
+      "name":"DeleteCoreNetwork",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/core-networks/{coreNetworkId}"
+      },
+      "input":{"shape":"DeleteCoreNetworkRequest"},
+      "output":{"shape":"DeleteCoreNetworkResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes a core network along with all core network policies. This can only be done if there are no attachments on a core network.</p>"
+    },
+    "DeleteCoreNetworkPolicyVersion":{
+      "name":"DeleteCoreNetworkPolicyVersion",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-policy-versions/{policyVersionId}"
+      },
+      "input":{"shape":"DeleteCoreNetworkPolicyVersionRequest"},
+      "output":{"shape":"DeleteCoreNetworkPolicyVersionResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes a policy version from a core network. You can't delete the current LIVE policy.</p>"
+    },
     "DeleteDevice":{
       "name":"DeleteDevice",
       "http":{
@@ -235,6 +435,23 @@
       ],
       "documentation":"<p>Deletes an existing link. You must first disassociate the link from any devices and customer gateways.</p>"
     },
+    "DeleteResourcePolicy":{
+      "name":"DeleteResourcePolicy",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/resource-policy/{resourceArn}"
+      },
+      "input":{"shape":"DeleteResourcePolicyRequest"},
+      "output":{"shape":"DeleteResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Deletes a resource policy for the specified resource. This revokes the access of the principals specified in the resource policy.</p>"
+    },
     "DeleteSite":{
       "name":"DeleteSite",
       "http":{
@@ -288,6 +505,24 @@
       ],
       "documentation":"<p>Describes one or more global networks. By default, all global networks are described. To describe the objects in your global network, you must use the appropriate <code>Get*</code> action. For example, to list the transit gateways in your global network, use <a>GetTransitGatewayRegistrations</a>.</p>"
     },
+    "DisassociateConnectPeer":{
+      "name":"DisassociateConnectPeer",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/global-networks/{globalNetworkId}/connect-peer-associations/{connectPeerId}"
+      },
+      "input":{"shape":"DisassociateConnectPeerRequest"},
+      "output":{"shape":"DisassociateConnectPeerResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Disassociates a core network Connect peer from a device and a link. </p>"
+    },
     "DisassociateCustomerGateway":{
       "name":"DisassociateCustomerGateway",
       "http":{
@@ -342,6 +577,76 @@
       ],
       "documentation":"<p>Disassociates a transit gateway Connect peer from a device and link.</p>"
     },
+    "ExecuteCoreNetworkChangeSet":{
+      "name":"ExecuteCoreNetworkChangeSet",
+      "http":{
+        "method":"POST",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-change-sets/{policyVersionId}/execute"
+      },
+      "input":{"shape":"ExecuteCoreNetworkChangeSetRequest"},
+      "output":{"shape":"ExecuteCoreNetworkChangeSetResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Executes a change set on your core network. Deploys changes globally based on the policy submitted..</p>"
+    },
+    "GetConnectAttachment":{
+      "name":"GetConnectAttachment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/connect-attachments/{attachmentId}"
+      },
+      "input":{"shape":"GetConnectAttachmentRequest"},
+      "output":{"shape":"GetConnectAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a core network Connect attachment.</p>"
+    },
+    "GetConnectPeer":{
+      "name":"GetConnectPeer",
+      "http":{
+        "method":"GET",
+        "requestUri":"/connect-peers/{connectPeerId}"
+      },
+      "input":{"shape":"GetConnectPeerRequest"},
+      "output":{"shape":"GetConnectPeerResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a core network Connect peer.</p>"
+    },
+    "GetConnectPeerAssociations":{
+      "name":"GetConnectPeerAssociations",
+      "http":{
+        "method":"GET",
+        "requestUri":"/global-networks/{globalNetworkId}/connect-peer-associations"
+      },
+      "input":{"shape":"GetConnectPeerAssociationsRequest"},
+      "output":{"shape":"GetConnectPeerAssociationsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a core network Connect peer associations.</p>"
+    },
     "GetConnections":{
       "name":"GetConnections",
       "http":{
@@ -359,6 +664,57 @@
       ],
       "documentation":"<p>Gets information about one or more of your connections in a global network.</p>"
     },
+    "GetCoreNetwork":{
+      "name":"GetCoreNetwork",
+      "http":{
+        "method":"GET",
+        "requestUri":"/core-networks/{coreNetworkId}"
+      },
+      "input":{"shape":"GetCoreNetworkRequest"},
+      "output":{"shape":"GetCoreNetworkResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a core network. By default it returns the LIVE policy.</p>"
+    },
+    "GetCoreNetworkChangeSet":{
+      "name":"GetCoreNetworkChangeSet",
+      "http":{
+        "method":"GET",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-change-sets/{policyVersionId}"
+      },
+      "input":{"shape":"GetCoreNetworkChangeSetRequest"},
+      "output":{"shape":"GetCoreNetworkChangeSetResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a change set between the LIVE core network policy and a submitted policy.</p>"
+    },
+    "GetCoreNetworkPolicy":{
+      "name":"GetCoreNetworkPolicy",
+      "http":{
+        "method":"GET",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-policy"
+      },
+      "input":{"shape":"GetCoreNetworkPolicyRequest"},
+      "output":{"shape":"GetCoreNetworkPolicyResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets details about a core network policy. You can get details about your current live policy or any previous policy version.</p>"
+    },
     "GetCustomerGatewayAssociations":{
       "name":"GetCustomerGatewayAssociations",
       "http":{
@@ -512,6 +868,22 @@
       ],
       "documentation":"<p>Gets the network telemetry of the specified global network.</p>"
     },
+    "GetResourcePolicy":{
+      "name":"GetResourcePolicy",
+      "http":{
+        "method":"GET",
+        "requestUri":"/resource-policy/{resourceArn}"
+      },
+      "input":{"shape":"GetResourcePolicyRequest"},
+      "output":{"shape":"GetResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a resource policy.</p>"
+    },
     "GetRouteAnalysis":{
       "name":"GetRouteAnalysis",
       "http":{
@@ -529,6 +901,23 @@
       ],
       "documentation":"<p>Gets information about the specified route analysis.</p>"
     },
+    "GetSiteToSiteVpnAttachment":{
+      "name":"GetSiteToSiteVpnAttachment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/site-to-site-vpn-attachments/{attachmentId}"
+      },
+      "input":{"shape":"GetSiteToSiteVpnAttachmentRequest"},
+      "output":{"shape":"GetSiteToSiteVpnAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a site-to-site VPN attachment.</p>"
+    },
     "GetSites":{
       "name":"GetSites",
       "http":{
@@ -581,6 +970,88 @@
       ],
       "documentation":"<p>Gets information about the transit gateway registrations in a specified global network.</p>"
     },
+    "GetVpcAttachment":{
+      "name":"GetVpcAttachment",
+      "http":{
+        "method":"GET",
+        "requestUri":"/vpc-attachments/{attachmentId}"
+      },
+      "input":{"shape":"GetVpcAttachmentRequest"},
+      "output":{"shape":"GetVpcAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns information about a VPC attachment.</p>"
+    },
+    "ListAttachments":{
+      "name":"ListAttachments",
+      "http":{
+        "method":"GET",
+        "requestUri":"/attachments"
+      },
+      "input":{"shape":"ListAttachmentsRequest"},
+      "output":{"shape":"ListAttachmentsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a list of core network attachments.</p>"
+    },
+    "ListConnectPeers":{
+      "name":"ListConnectPeers",
+      "http":{
+        "method":"GET",
+        "requestUri":"/connect-peers"
+      },
+      "input":{"shape":"ListConnectPeersRequest"},
+      "output":{"shape":"ListConnectPeersResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a list of core network Connect peers.</p>"
+    },
+    "ListCoreNetworkPolicyVersions":{
+      "name":"ListCoreNetworkPolicyVersions",
+      "http":{
+        "method":"GET",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-policy-versions"
+      },
+      "input":{"shape":"ListCoreNetworkPolicyVersionsRequest"},
+      "output":{"shape":"ListCoreNetworkPolicyVersionsResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a list of core network policy versions.</p>"
+    },
+    "ListCoreNetworks":{
+      "name":"ListCoreNetworks",
+      "http":{
+        "method":"GET",
+        "requestUri":"/core-networks"
+      },
+      "input":{"shape":"ListCoreNetworksRequest"},
+      "output":{"shape":"ListCoreNetworksResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Returns a list of owned and shared core networks.</p>"
+    },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
       "http":{
@@ -598,6 +1069,43 @@
       ],
       "documentation":"<p>Lists the tags for a specified resource.</p>"
     },
+    "PutCoreNetworkPolicy":{
+      "name":"PutCoreNetworkPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-policy"
+      },
+      "input":{"shape":"PutCoreNetworkPolicyRequest"},
+      "output":{"shape":"PutCoreNetworkPolicyResponse"},
+      "errors":[
+        {"shape":"CoreNetworkPolicyException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a new, immutable version of a core network policy. A subsequent change set is created showing the differences between the LIVE policy and the submitted policy.</p>"
+    },
+    "PutResourcePolicy":{
+      "name":"PutResourcePolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/resource-policy/{resourceArn}"
+      },
+      "input":{"shape":"PutResourcePolicyRequest"},
+      "output":{"shape":"PutResourcePolicyResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates or updates a resource policy.</p>"
+    },
     "RegisterTransitGateway":{
       "name":"RegisterTransitGateway",
       "http":{
@@ -616,6 +1124,42 @@
       ],
       "documentation":"<p>Registers a transit gateway in your global network. The transit gateway can be in any Amazon Web Services Region, but it must be owned by the same Amazon Web Services account that owns the global network. You cannot register a transit gateway in more than one global network.</p>"
     },
+    "RejectAttachment":{
+      "name":"RejectAttachment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/attachments/{attachmentId}/reject"
+      },
+      "input":{"shape":"RejectAttachmentRequest"},
+      "output":{"shape":"RejectAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Rejects a core network attachment request.</p>"
+    },
+    "RestoreCoreNetworkPolicyVersion":{
+      "name":"RestoreCoreNetworkPolicyVersion",
+      "http":{
+        "method":"POST",
+        "requestUri":"/core-networks/{coreNetworkId}/core-network-policy-versions/{policyVersionId}/restore"
+      },
+      "input":{"shape":"RestoreCoreNetworkPolicyVersionRequest"},
+      "output":{"shape":"RestoreCoreNetworkPolicyVersionResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Restores a previous policy version as a new, immutable version of a core network policy. A subsequent change set is created showing the differences between the LIVE policy and restored policy.</p>"
+    },
     "StartRouteAnalysis":{
       "name":"StartRouteAnalysis",
       "http":{
@@ -689,6 +1233,24 @@
       ],
       "documentation":"<p>Updates the information for an existing connection. To remove information for any of the parameters, specify an empty string.</p>"
     },
+    "UpdateCoreNetwork":{
+      "name":"UpdateCoreNetwork",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/core-networks/{coreNetworkId}"
+      },
+      "input":{"shape":"UpdateCoreNetworkRequest"},
+      "output":{"shape":"UpdateCoreNetworkResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates the description of a core network.</p>"
+    },
     "UpdateDevice":{
       "name":"UpdateDevice",
       "http":{
@@ -779,33 +1341,114 @@
         {"shape":"InternalServerException"}
       ],
       "documentation":"<p>Updates the information for an existing site. To remove information for any of the parameters, specify an empty string.</p>"
+    },
+    "UpdateVpcAttachment":{
+      "name":"UpdateVpcAttachment",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/vpc-attachments/{attachmentId}"
+      },
+      "input":{"shape":"UpdateVpcAttachmentRequest"},
+      "output":{"shape":"UpdateVpcAttachmentResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Updates a VPC attachment.</p>"
     }
   },
   "shapes":{
+    "AWSAccountId":{
+      "type":"string",
+      "max":12,
+      "min":12
+    },
     "AWSLocation":{
       "type":"structure",
       "members":{
         "Zone":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The Zone that the device is located in. Specify the ID of an Availability Zone, Local Zone, Wavelength Zone, or an Outpost.</p>"
         },
         "SubnetArn":{
-          "shape":"String",
+          "shape":"SubnetArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the subnet that the device is located in.</p>"
         }
       },
       "documentation":"<p>Specifies a location in Amazon Web Services.</p>"
     },
+    "AcceptAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment. </p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "AcceptAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>The response to the attachment request. </p>"
+        }
+      }
+    },
     "AccessDeniedException":{
       "type":"structure",
       "required":["Message"],
       "members":{
-        "Message":{"shape":"String"}
+        "Message":{"shape":"ServerSideString"}
       },
       "documentation":"<p>You do not have sufficient access to perform this action.</p>",
       "error":{"httpStatusCode":403},
       "exception":true
     },
+    "AssociateConnectPeerRequest":{
+      "type":"structure",
+      "required":[
+        "GlobalNetworkId",
+        "ConnectPeerId",
+        "DeviceId"
+      ],
+      "members":{
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of your global network.</p>",
+          "location":"uri",
+          "locationName":"globalNetworkId"
+        },
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the Connect peer.</p>"
+        },
+        "DeviceId":{
+          "shape":"DeviceId",
+          "documentation":"<p>The ID of the device.</p>"
+        },
+        "LinkId":{
+          "shape":"LinkId",
+          "documentation":"<p>The ID of the link.</p>"
+        }
+      }
+    },
+    "AssociateConnectPeerResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeerAssociation":{
+          "shape":"ConnectPeerAssociation",
+          "documentation":"<p>The response to the Connect peer request.</p>"
+        }
+      }
+    },
     "AssociateCustomerGatewayRequest":{
       "type":"structure",
       "required":[
@@ -815,21 +1458,21 @@
       ],
       "members":{
         "CustomerGatewayArn":{
-          "shape":"String",
+          "shape":"CustomerGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the customer gateway.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         }
       }
@@ -852,17 +1495,17 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         }
       }
@@ -885,21 +1528,21 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayConnectPeerArn":{
-          "shape":"String",
+          "shape":"TransitGatewayConnectPeerArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Connect peer.</p>"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         }
       }
@@ -913,6 +1556,100 @@
         }
       }
     },
+    "Attachment":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>A core network ID.</p>"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>The ARN of a core network.</p>"
+        },
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AWSAccountId",
+          "documentation":"<p>The ID of the attachment account owner.</p>"
+        },
+        "AttachmentType":{
+          "shape":"AttachmentType",
+          "documentation":"<p>The type of attachment.</p>"
+        },
+        "State":{
+          "shape":"AttachmentState",
+          "documentation":"<p>The state of the attachment.</p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where the edge is located.</p>"
+        },
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The attachment resource ARN.</p>"
+        },
+        "AttachmentPolicyRuleNumber":{
+          "shape":"Integer",
+          "documentation":"<p>The policy rule number associated with the attachment.</p>"
+        },
+        "SegmentName":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The name of the segment attachment.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with the attachment.</p>"
+        },
+        "ProposedSegmentChange":{
+          "shape":"ProposedSegmentChange",
+          "documentation":"<p>The attachment to move from one segment to another.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when the attachment was created.</p>"
+        },
+        "UpdatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when the attachment was last updated.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network attachment.</p>"
+    },
+    "AttachmentId":{
+      "type":"string",
+      "max":50,
+      "min":0,
+      "pattern":"^attachment-([0-9a-f]{8,17})$"
+    },
+    "AttachmentList":{
+      "type":"list",
+      "member":{"shape":"Attachment"}
+    },
+    "AttachmentState":{
+      "type":"string",
+      "enum":[
+        "REJECTED",
+        "PENDING_ATTACHMENT_ACCEPTANCE",
+        "CREATING",
+        "FAILED",
+        "AVAILABLE",
+        "UPDATING",
+        "PENDING_NETWORK_UPDATE",
+        "PENDING_TAG_ACCEPTANCE",
+        "DELETING"
+      ]
+    },
+    "AttachmentType":{
+      "type":"string",
+      "enum":[
+        "CONNECT",
+        "SITE_TO_SITE_VPN",
+        "VPC"
+      ]
+    },
     "Bandwidth":{
       "type":"structure",
       "members":{
@@ -927,7 +1664,51 @@
       },
       "documentation":"<p>Describes bandwidth information.</p>"
     },
+    "BgpOptions":{
+      "type":"structure",
+      "members":{
+        "PeerAsn":{
+          "shape":"Long",
+          "documentation":"<p>The Peer ASN of the BGP.</p>"
+        }
+      },
+      "documentation":"<p>Describes the BGP options.</p>"
+    },
     "Boolean":{"type":"boolean"},
+    "ChangeAction":{
+      "type":"string",
+      "enum":[
+        "ADD",
+        "MODIFY",
+        "REMOVE"
+      ]
+    },
+    "ChangeSetState":{
+      "type":"string",
+      "enum":[
+        "PENDING_GENERATION",
+        "FAILED_GENERATION",
+        "READY_TO_EXECUTE",
+        "EXECUTING",
+        "EXECUTION_SUCCEEDED",
+        "OUT_OF_DATE"
+      ]
+    },
+    "ChangeType":{
+      "type":"string",
+      "enum":[
+        "CORE_NETWORK_SEGMENT",
+        "CORE_NETWORK_EDGE",
+        "ATTACHMENT_MAPPING",
+        "ATTACHMENT_ROUTE_PROPAGATION",
+        "ATTACHMENT_ROUTE_STATIC"
+      ]
+    },
+    "ClientToken":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
     "ConflictException":{
       "type":"structure",
       "required":[
@@ -936,13 +1717,13 @@
         "ResourceType"
       ],
       "members":{
-        "Message":{"shape":"String"},
+        "Message":{"shape":"ServerSideString"},
         "ResourceId":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The ID of the resource.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The resource type.</p>"
         }
       },
@@ -950,39 +1731,253 @@
       "error":{"httpStatusCode":409},
       "exception":true
     },
+    "ConnectAttachment":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>The attachment details.</p>"
+        },
+        "TransportAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the transport attachment.</p>"
+        },
+        "Options":{
+          "shape":"ConnectAttachmentOptions",
+          "documentation":"<p>Options for connecting an attachment.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network Connect attachment.</p>"
+    },
+    "ConnectAttachmentOptions":{
+      "type":"structure",
+      "members":{
+        "Protocol":{
+          "shape":"TunnelProtocol",
+          "documentation":"<p>The protocol used for the attachment connection.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network Connect attachment options.</p>"
+    },
+    "ConnectPeer":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "ConnectAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment to connect.</p>"
+        },
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the Connect peer.</p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Connect peer Regions where edges are located.</p>"
+        },
+        "State":{
+          "shape":"ConnectPeerState",
+          "documentation":"<p>The state of the Connect peer.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when the Connect peer was created.</p>"
+        },
+        "Configuration":{
+          "shape":"ConnectPeerConfiguration",
+          "documentation":"<p>The configuration of the Connect peer.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with the Connect peer.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network Connect peer.</p>"
+    },
+    "ConnectPeerAssociation":{
+      "type":"structure",
+      "members":{
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the Connect peer.</p>"
+        },
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of the global network.</p>"
+        },
+        "DeviceId":{
+          "shape":"DeviceId",
+          "documentation":"<p>The ID of the device to connect to.</p>"
+        },
+        "LinkId":{
+          "shape":"LinkId",
+          "documentation":"<p>The ID of the link.</p>"
+        },
+        "State":{
+          "shape":"ConnectPeerAssociationState",
+          "documentation":"<p>The state of the Connect peer association.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network Connect peer association.</p>"
+    },
+    "ConnectPeerAssociationList":{
+      "type":"list",
+      "member":{"shape":"ConnectPeerAssociation"}
+    },
+    "ConnectPeerAssociationState":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "AVAILABLE",
+        "DELETING",
+        "DELETED"
+      ]
+    },
+    "ConnectPeerBgpConfiguration":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkAsn":{
+          "shape":"Long",
+          "documentation":"<p>The ASN of the Coret Network.</p>"
+        },
+        "PeerAsn":{
+          "shape":"Long",
+          "documentation":"<p>The ASN of the Connect peer.</p>"
+        },
+        "CoreNetworkAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>The address of a core network.</p>"
+        },
+        "PeerAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>The address of a core network Connect peer.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network BGP configuration.</p>"
+    },
+    "ConnectPeerBgpConfigurationList":{
+      "type":"list",
+      "member":{"shape":"ConnectPeerBgpConfiguration"}
+    },
+    "ConnectPeerConfiguration":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>The IP address of a core network.</p>"
+        },
+        "PeerAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>The IP address of the Connect peer.</p>"
+        },
+        "InsideCidrBlocks":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The inside IP addresses used for a Connect peer configuration.</p>"
+        },
+        "Protocol":{
+          "shape":"TunnelProtocol",
+          "documentation":"<p>The protocol used for a Connect peer configuration.</p>"
+        },
+        "BgpConfigurations":{
+          "shape":"ConnectPeerBgpConfigurationList",
+          "documentation":"<p>The Connect peer BGP configurations.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network Connect peer configuration.</p>"
+    },
+    "ConnectPeerId":{
+      "type":"string",
+      "max":50,
+      "min":0,
+      "pattern":"^connect-peer-([0-9a-f]{8,17})$"
+    },
+    "ConnectPeerIdList":{
+      "type":"list",
+      "member":{"shape":"ConnectPeerId"}
+    },
+    "ConnectPeerState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "FAILED",
+        "AVAILABLE",
+        "DELETING"
+      ]
+    },
+    "ConnectPeerSummary":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "ConnectAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of a Connect peer attachment.</p>"
+        },
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of a Connect peer.</p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where the edge is located.</p>"
+        },
+        "ConnectPeerState":{
+          "shape":"ConnectPeerState",
+          "documentation":"<p>The state of a Connect peer.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when a Connect peer was created.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with a Connect peer summary.</p>"
+        }
+      },
+      "documentation":"<p>Summary description of a Connect peer.</p>"
+    },
+    "ConnectPeerSummaryList":{
+      "type":"list",
+      "member":{"shape":"ConnectPeerSummary"}
+    },
     "Connection":{
       "type":"structure",
       "members":{
         "ConnectionId":{
-          "shape":"String",
+          "shape":"ConnectionId",
           "documentation":"<p>The ID of the connection.</p>"
         },
         "ConnectionArn":{
-          "shape":"String",
+          "shape":"ConnectionArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the connection.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the first device in the connection.</p>"
         },
         "ConnectedDeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the second device in the connection.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the first device in the connection.</p>"
         },
         "ConnectedLinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the second device in the connection.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The description of the connection.</p>"
         },
         "CreatedAt":{
@@ -1000,6 +1995,11 @@
       },
       "documentation":"<p>Describes a connection.</p>"
     },
+    "ConnectionArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
     "ConnectionHealth":{
       "type":"structure",
       "members":{
@@ -1018,6 +2018,15 @@
       },
       "documentation":"<p>Describes connection health.</p>"
     },
+    "ConnectionId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "ConnectionIdList":{
+      "type":"list",
+      "member":{"shape":"ConnectionId"}
+    },
     "ConnectionList":{
       "type":"list",
       "member":{"shape":"Connection"}
@@ -1045,6 +2054,455 @@
         "IPSEC"
       ]
     },
+    "ConstrainedString":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "ConstrainedStringList":{
+      "type":"list",
+      "member":{"shape":"ConstrainedString"}
+    },
+    "CoreNetwork":{
+      "type":"structure",
+      "members":{
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of the global network that your core network is a part of. </p>"
+        },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>The ARN of a core network.</p>"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of a core network.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when a core network was created.</p>"
+        },
+        "State":{
+          "shape":"CoreNetworkState",
+          "documentation":"<p>The current state of a core network.</p>"
+        },
+        "Segments":{
+          "shape":"CoreNetworkSegmentList",
+          "documentation":"<p>The segments within a core network.</p>"
+        },
+        "Edges":{
+          "shape":"CoreNetworkEdgeList",
+          "documentation":"<p>The edges within a core network.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with a core network.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network.</p>"
+    },
+    "CoreNetworkArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "CoreNetworkChange":{
+      "type":"structure",
+      "members":{
+        "Type":{
+          "shape":"ChangeType",
+          "documentation":"<p>The type of change.</p>"
+        },
+        "Action":{
+          "shape":"ChangeAction",
+          "documentation":"<p>The action to take for a core network.</p>"
+        },
+        "Identifier":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The resource identifier.</p>"
+        },
+        "PreviousValues":{
+          "shape":"CoreNetworkChangeValues",
+          "documentation":"<p>The previous values for a core network.</p>"
+        },
+        "NewValues":{
+          "shape":"CoreNetworkChangeValues",
+          "documentation":"<p>The new value for a core network</p>"
+        }
+      },
+      "documentation":"<p>Details describing a core network change.</p>"
+    },
+    "CoreNetworkChangeList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkChange"}
+    },
+    "CoreNetworkChangeValues":{
+      "type":"structure",
+      "members":{
+        "SegmentName":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The names of the segments in a core network.</p>"
+        },
+        "EdgeLocations":{
+          "shape":"ExternalRegionCodeList",
+          "documentation":"<p>The Regions where edges are located in a core network. </p>"
+        },
+        "Asn":{
+          "shape":"Long",
+          "documentation":"<p>The ASN of a core network.</p>"
+        },
+        "Cidr":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The IP addresses used for a core network.</p>"
+        },
+        "DestinationIdentifier":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The ID of the destination.</p>"
+        },
+        "InsideCidrBlocks":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The inside IP addresses used for core network change values.</p>"
+        },
+        "SharedSegments":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The shared segments for a core network change value. </p>"
+        }
+      },
+      "documentation":"<p>Describes a core network change.</p>"
+    },
+    "CoreNetworkEdge":{
+      "type":"structure",
+      "members":{
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where a core network edge is located.</p>"
+        },
+        "Asn":{
+          "shape":"Long",
+          "documentation":"<p>The ASN of a core network edge.</p>"
+        },
+        "InsideCidrBlocks":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The inside IP addresses used for core network edges.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network edge.</p>"
+    },
+    "CoreNetworkEdgeList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkEdge"}
+    },
+    "CoreNetworkId":{
+      "type":"string",
+      "max":50,
+      "min":0,
+      "pattern":"^core-network-([0-9a-f]{8,17})$"
+    },
+    "CoreNetworkPolicy":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of the policy version.</p>"
+        },
+        "Alias":{
+          "shape":"CoreNetworkPolicyAlias",
+          "documentation":"<p>Whether a core network policy is the current LIVE policy or the most recently submitted policy.</p>"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of a core network policy.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when a core network policy was created.</p>"
+        },
+        "ChangeSetState":{
+          "shape":"ChangeSetState",
+          "documentation":"<p>The state of a core network policy.</p>"
+        },
+        "PolicyErrors":{
+          "shape":"CoreNetworkPolicyErrorList",
+          "documentation":"<p>Describes any errors in a core network policy.</p>"
+        },
+        "PolicyDocument":{
+          "shape":"CoreNetworkPolicyDocument",
+          "documentation":"<p>Describes a core network policy.</p>",
+          "jsonvalue":true
+        }
+      },
+      "documentation":"<p>Describes a core network policy. You can have only one LIVE Core Policy.</p>"
+    },
+    "CoreNetworkPolicyAlias":{
+      "type":"string",
+      "enum":[
+        "LIVE",
+        "LATEST"
+      ]
+    },
+    "CoreNetworkPolicyDocument":{"type":"string"},
+    "CoreNetworkPolicyError":{
+      "type":"structure",
+      "required":[
+        "ErrorCode",
+        "Message"
+      ],
+      "members":{
+        "ErrorCode":{
+          "shape":"ServerSideString",
+          "documentation":"<p>The error code associated with a core network policy error.</p>"
+        },
+        "Message":{
+          "shape":"ServerSideString",
+          "documentation":"<p>The message associated with a core network policy error code.</p>"
+        },
+        "Path":{
+          "shape":"ServerSideString",
+          "documentation":"<p>The JSON path where the error was discovered in the policy document.</p>"
+        }
+      },
+      "documentation":"<p>Provides details about an error in a core network policy.</p>"
+    },
+    "CoreNetworkPolicyErrorList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkPolicyError"}
+    },
+    "CoreNetworkPolicyException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"ServerSideString"},
+        "Errors":{
+          "shape":"CoreNetworkPolicyErrorList",
+          "documentation":"<p>Describes a core network policy exception.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network policy exception.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "CoreNetworkPolicyVersion":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of the policy version.</p>"
+        },
+        "Alias":{
+          "shape":"CoreNetworkPolicyAlias",
+          "documentation":"<p>Whether a core network policy is the current policy or the most recently submitted policy.</p>"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of a core network policy version.</p>"
+        },
+        "CreatedAt":{
+          "shape":"DateTime",
+          "documentation":"<p>The timestamp when a core network policy version was created.</p>"
+        },
+        "ChangeSetState":{
+          "shape":"ChangeSetState",
+          "documentation":"<p>The status of the policy version change set.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network policy version.</p>"
+    },
+    "CoreNetworkPolicyVersionList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkPolicyVersion"}
+    },
+    "CoreNetworkSegment":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The name of a core network segment.</p>"
+        },
+        "EdgeLocations":{
+          "shape":"ExternalRegionCodeList",
+          "documentation":"<p>The Regions where the edges are located.</p>"
+        },
+        "SharedSegments":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The shared segments of a core network.</p>"
+        }
+      },
+      "documentation":"<p>Describes a core network segment, which are dedicated routes. Only attachments within this segment can communicate with each other.</p>"
+    },
+    "CoreNetworkSegmentEdgeIdentifier":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "SegmentName":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The name of the segment edge.</p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where the segment edge is located.</p>"
+        }
+      },
+      "documentation":"<p>Returns details about a core network edge.</p>"
+    },
+    "CoreNetworkSegmentList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkSegment"}
+    },
+    "CoreNetworkState":{
+      "type":"string",
+      "enum":[
+        "CREATING",
+        "UPDATING",
+        "AVAILABLE",
+        "DELETING"
+      ]
+    },
+    "CoreNetworkSummary":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
+        "CoreNetworkArn":{
+          "shape":"CoreNetworkArn",
+          "documentation":"<p>a core network ARN.</p>"
+        },
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The global network ID.</p>"
+        },
+        "OwnerAccountId":{
+          "shape":"AWSAccountId",
+          "documentation":"<p>The ID of the account owner.</p>"
+        },
+        "State":{
+          "shape":"CoreNetworkState",
+          "documentation":"<p>The state of a core network.</p>"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of a core network.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key-value tags associated with a core network summary.</p>"
+        }
+      },
+      "documentation":"<p>Returns summary information about a core network.</p>"
+    },
+    "CoreNetworkSummaryList":{
+      "type":"list",
+      "member":{"shape":"CoreNetworkSummary"}
+    },
+    "CreateConnectAttachmentRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "EdgeLocation",
+        "TransportAttachmentId",
+        "Options"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network where you want to create the attachment. </p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where the edge is located.</p>"
+        },
+        "TransportAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment between the two connections.</p>"
+        },
+        "Options":{
+          "shape":"ConnectAttachmentOptions",
+          "documentation":"<p>Options for creating an attachment.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The list of key-value tags associated with the request.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateConnectAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectAttachment":{
+          "shape":"ConnectAttachment",
+          "documentation":"<p>The response to a Connect attachment request.</p>"
+        }
+      }
+    },
+    "CreateConnectPeerRequest":{
+      "type":"structure",
+      "required":[
+        "ConnectAttachmentId",
+        "PeerAddress",
+        "InsideCidrBlocks"
+      ],
+      "members":{
+        "ConnectAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the connection attachment.</p>"
+        },
+        "CoreNetworkAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>A Connect peer core network address.</p>"
+        },
+        "PeerAddress":{
+          "shape":"IPAddress",
+          "documentation":"<p>The Connect peer address.</p>"
+        },
+        "BgpOptions":{
+          "shape":"BgpOptions",
+          "documentation":"<p>The Connect peer BGP options.</p>"
+        },
+        "InsideCidrBlocks":{
+          "shape":"ConstrainedStringList",
+          "documentation":"<p>The inside IP addresses used for BGP peering.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with the peer request.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateConnectPeerResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeer":{
+          "shape":"ConnectPeer",
+          "documentation":"<p>The response to the request.</p>"
+        }
+      }
+    },
     "CreateConnectionRequest":{
       "type":"structure",
       "required":[
@@ -1054,29 +2512,29 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the first device in the connection.</p>"
         },
         "ConnectedDeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the second device in the connection.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the first device.</p>"
         },
         "ConnectedLinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the second device.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the connection.</p> <p>Length Constraints: Maximum length of 256 characters.</p>"
         },
         "Tags":{
@@ -1094,12 +2552,48 @@
         }
       }
     },
+    "CreateCoreNetworkRequest":{
+      "type":"structure",
+      "required":["GlobalNetworkId"],
+      "members":{
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of the global network that a core network will be a part of. </p>"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of a core network.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Key-value tags associated with a core network request.</p>"
+        },
+        "PolicyDocument":{
+          "shape":"CoreNetworkPolicyDocument",
+          "documentation":"<p>The policy document for creating a core network.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with a core network request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateCoreNetworkResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetwork":{
+          "shape":"CoreNetwork",
+          "documentation":"<p>Returns details about a core network.</p>"
+        }
+      }
+    },
     "CreateDeviceRequest":{
       "type":"structure",
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
@@ -1109,23 +2603,23 @@
           "documentation":"<p>The Amazon Web Services location of the device, if applicable. For an on-premises device, you can omit this parameter.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the device.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The type of the device.</p>"
         },
         "Vendor":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The vendor of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "Model":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The model of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "SerialNumber":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The serial number of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "Location":{
@@ -1133,7 +2627,7 @@
           "documentation":"<p>The location of the device.</p>"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>"
         },
         "Tags":{
@@ -1155,7 +2649,7 @@
       "type":"structure",
       "members":{
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the global network.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Tags":{
@@ -1182,17 +2676,17 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the link.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The type of the link.</p> <p>Constraints: Maximum length of 128 characters. Cannot include the following characters: | \\ ^</p>"
         },
         "Bandwidth":{
@@ -1200,11 +2694,11 @@
           "documentation":"<p> The upload speed and download speed in Mbps. </p>"
         },
         "Provider":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The provider of the link.</p> <p>Constraints: Maximum length of 128 characters. Cannot include the following characters: | \\ ^</p>"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>"
         },
         "Tags":{
@@ -1227,13 +2721,13 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of your site.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Location":{
@@ -1255,23 +2749,111 @@
         }
       }
     },
+    "CreateSiteToSiteVpnAttachmentRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "VpnConnectionArn"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network where you're creating a site-to-site VPN attachment.</p>"
+        },
+        "VpnConnectionArn":{
+          "shape":"VpnConnectionArn",
+          "documentation":"<p>The ARN identifying the VPN attachment.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags associated with the request.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateSiteToSiteVpnAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "SiteToSiteVpnAttachment":{
+          "shape":"SiteToSiteVpnAttachment",
+          "documentation":"<p>Details about a site-to-site VPN attachment.</p>"
+        }
+      }
+    },
+    "CreateVpcAttachmentRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "VpcArn",
+        "SubnetArns"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network for the VPC attachment.</p>"
+        },
+        "VpcArn":{
+          "shape":"VpcArn",
+          "documentation":"<p>The ARN of the VPC.</p>"
+        },
+        "SubnetArns":{
+          "shape":"SubnetArnList",
+          "documentation":"<p>The subnet ARN of the VPC attachment.</p>"
+        },
+        "Options":{
+          "shape":"VpcOptions",
+          "documentation":"<p>Options for the VPC attachment.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key-value tags associated with the request.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateVpcAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "VpcAttachment":{
+          "shape":"VpcAttachment",
+          "documentation":"<p>Provides details about the VPC attachment.</p>"
+        }
+      }
+    },
+    "CustomerGatewayArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "CustomerGatewayArnList":{
+      "type":"list",
+      "member":{"shape":"CustomerGatewayArn"}
+    },
     "CustomerGatewayAssociation":{
       "type":"structure",
       "members":{
         "CustomerGatewayArn":{
-          "shape":"String",
+          "shape":"CustomerGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the customer gateway.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         },
         "State":{
@@ -1295,6 +2877,48 @@
       ]
     },
     "DateTime":{"type":"timestamp"},
+    "DeleteAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment to delete.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "DeleteAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>Information about the deleted attachment.</p>"
+        }
+      }
+    },
+    "DeleteConnectPeerRequest":{
+      "type":"structure",
+      "required":["ConnectPeerId"],
+      "members":{
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the deleted Connect peer.</p>",
+          "location":"uri",
+          "locationName":"connectPeerId"
+        }
+      }
+    },
+    "DeleteConnectPeerResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeer":{
+          "shape":"ConnectPeer",
+          "documentation":"<p>Information about the deleted Connect peer.</p>"
+        }
+      }
+    },
     "DeleteConnectionRequest":{
       "type":"structure",
       "required":[
@@ -1303,13 +2927,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "ConnectionId":{
-          "shape":"String",
+          "shape":"ConnectionId",
           "documentation":"<p>The ID of the connection.</p>",
           "location":"uri",
           "locationName":"connectionId"
@@ -1325,6 +2949,57 @@
         }
       }
     },
+    "DeleteCoreNetworkPolicyVersionRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "PolicyVersionId"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network for the deleted policy.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The version ID of the deleted policy.</p>",
+          "location":"uri",
+          "locationName":"policyVersionId"
+        }
+      }
+    },
+    "DeleteCoreNetworkPolicyVersionResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkPolicy":{
+          "shape":"CoreNetworkPolicy",
+          "documentation":"<p>Returns information about the deleted policy version. </p>"
+        }
+      }
+    },
+    "DeleteCoreNetworkRequest":{
+      "type":"structure",
+      "required":["CoreNetworkId"],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The network ID of the deleted core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        }
+      }
+    },
+    "DeleteCoreNetworkResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetwork":{
+          "shape":"CoreNetwork",
+          "documentation":"<p>Information about the deleted core network.</p>"
+        }
+      }
+    },
     "DeleteDeviceRequest":{
       "type":"structure",
       "required":[
@@ -1333,13 +3008,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>",
           "location":"uri",
           "locationName":"deviceId"
@@ -1360,7 +3035,7 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
@@ -1384,13 +3059,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>",
           "location":"uri",
           "locationName":"linkId"
@@ -1406,6 +3081,23 @@
         }
       }
     },
+    "DeleteResourcePolicyRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the policy to delete.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "DeleteResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteSiteRequest":{
       "type":"structure",
       "required":[
@@ -1414,13 +3106,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>",
           "location":"uri",
           "locationName":"siteId"
@@ -1444,13 +3136,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayArn":{
-          "shape":"String",
+          "shape":"TransitGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the transit gateway.</p>",
           "location":"uri",
           "locationName":"transitGatewayArn"
@@ -1470,7 +3162,7 @@
       "type":"structure",
       "members":{
         "GlobalNetworkIds":{
-          "shape":"StringList",
+          "shape":"GlobalNetworkIdList",
           "documentation":"<p>The IDs of one or more global networks. The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"globalNetworkIds"
@@ -1482,7 +3174,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1497,7 +3189,7 @@
           "documentation":"<p>Information about the global networks.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1506,15 +3198,15 @@
       "type":"structure",
       "members":{
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "DeviceArn":{
-          "shape":"String",
+          "shape":"DeviceArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the device.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "AWSLocation":{
@@ -1522,23 +3214,23 @@
           "documentation":"<p>The Amazon Web Services location of the device.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The description of the device.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The device type.</p>"
         },
         "Vendor":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The device vendor.</p>"
         },
         "Model":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The device model.</p>"
         },
         "SerialNumber":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The device serial number.</p>"
         },
         "Location":{
@@ -1546,7 +3238,7 @@
           "documentation":"<p>The site location.</p>"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The site ID.</p>"
         },
         "CreatedAt":{
@@ -1564,6 +3256,20 @@
       },
       "documentation":"<p>Describes a device.</p>"
     },
+    "DeviceArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "DeviceId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "DeviceIdList":{
+      "type":"list",
+      "member":{"shape":"DeviceId"}
+    },
     "DeviceList":{
       "type":"list",
       "member":{"shape":"Device"}
@@ -1577,6 +3283,36 @@
         "UPDATING"
       ]
     },
+    "DisassociateConnectPeerRequest":{
+      "type":"structure",
+      "required":[
+        "GlobalNetworkId",
+        "ConnectPeerId"
+      ],
+      "members":{
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of the global network.</p>",
+          "location":"uri",
+          "locationName":"globalNetworkId"
+        },
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the Connect peer to disassociate from a device.</p>",
+          "location":"uri",
+          "locationName":"connectPeerId"
+        }
+      }
+    },
+    "DisassociateConnectPeerResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeerAssociation":{
+          "shape":"ConnectPeerAssociation",
+          "documentation":"<p>Describes the Connect peer association.</p>"
+        }
+      }
+    },
     "DisassociateCustomerGatewayRequest":{
       "type":"structure",
       "required":[
@@ -1585,13 +3321,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "CustomerGatewayArn":{
-          "shape":"String",
+          "shape":"CustomerGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the customer gateway.</p>",
           "location":"uri",
           "locationName":"customerGatewayArn"
@@ -1616,19 +3352,19 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>",
           "location":"querystring",
           "locationName":"deviceId"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>",
           "location":"querystring",
           "locationName":"linkId"
@@ -1652,13 +3388,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayConnectPeerArn":{
-          "shape":"String",
+          "shape":"TransitGatewayConnectPeerArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the transit gateway Connect peer.</p>",
           "location":"uri",
           "locationName":"transitGatewayConnectPeerArn"
@@ -1681,6 +3417,41 @@
       "value":{"shape":"ExceptionContextValue"}
     },
     "ExceptionContextValue":{"type":"string"},
+    "ExecuteCoreNetworkChangeSetRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "PolicyVersionId"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of the policy version.</p>",
+          "location":"uri",
+          "locationName":"policyVersionId"
+        }
+      }
+    },
+    "ExecuteCoreNetworkChangeSetResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "ExternalRegionCode":{
+      "type":"string",
+      "max":63,
+      "min":1
+    },
+    "ExternalRegionCodeList":{
+      "type":"list",
+      "member":{"shape":"ExternalRegionCode"}
+    },
     "FilterMap":{
       "type":"map",
       "key":{"shape":"FilterName"},
@@ -1700,24 +3471,109 @@
       "type":"list",
       "member":{"shape":"FilterValue"}
     },
+    "GetConnectAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "GetConnectAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectAttachment":{
+          "shape":"ConnectAttachment",
+          "documentation":"<p>Details about the Connect attachment.</p>"
+        }
+      }
+    },
+    "GetConnectPeerAssociationsRequest":{
+      "type":"structure",
+      "required":["GlobalNetworkId"],
+      "members":{
+        "GlobalNetworkId":{
+          "shape":"GlobalNetworkId",
+          "documentation":"<p>The ID of the global network.</p>",
+          "location":"uri",
+          "locationName":"globalNetworkId"
+        },
+        "ConnectPeerIds":{
+          "shape":"ConnectPeerIdList",
+          "documentation":"<p>The IDs of the Connect peers.</p>",
+          "location":"querystring",
+          "locationName":"connectPeerIds"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetConnectPeerAssociationsResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeerAssociations":{
+          "shape":"ConnectPeerAssociationList",
+          "documentation":"<p>Displays a list of Connect peer associations.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "GetConnectPeerRequest":{
+      "type":"structure",
+      "required":["ConnectPeerId"],
+      "members":{
+        "ConnectPeerId":{
+          "shape":"ConnectPeerId",
+          "documentation":"<p>The ID of the Connect peer.</p>",
+          "location":"uri",
+          "locationName":"connectPeerId"
+        }
+      }
+    },
+    "GetConnectPeerResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeer":{
+          "shape":"ConnectPeer",
+          "documentation":"<p>Returns information about a core network Connect peer.</p>"
+        }
+      }
+    },
     "GetConnectionsRequest":{
       "type":"structure",
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "ConnectionIds":{
-          "shape":"StringList",
+          "shape":"ConnectionIdList",
           "documentation":"<p>One or more connection IDs.</p>",
           "location":"querystring",
           "locationName":"connectionIds"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>",
           "location":"querystring",
           "locationName":"deviceId"
@@ -1729,7 +3585,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1744,23 +3600,123 @@
           "documentation":"<p>Information about the connections.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token to use for the next page of results.</p>"
         }
       }
     },
+    "GetCoreNetworkChangeSetRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "PolicyVersionId"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of the policy version.</p>",
+          "location":"uri",
+          "locationName":"policyVersionId"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "GetCoreNetworkChangeSetResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkChanges":{
+          "shape":"CoreNetworkChangeList",
+          "documentation":"<p>Describes a core network changes.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "GetCoreNetworkPolicyRequest":{
+      "type":"structure",
+      "required":["CoreNetworkId"],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of a core network policy version.</p>",
+          "location":"querystring",
+          "locationName":"policyVersionId"
+        },
+        "Alias":{
+          "shape":"CoreNetworkPolicyAlias",
+          "documentation":"<p>The alias of a core network policy </p>",
+          "location":"querystring",
+          "locationName":"alias"
+        }
+      }
+    },
+    "GetCoreNetworkPolicyResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkPolicy":{
+          "shape":"CoreNetworkPolicy",
+          "documentation":"<p>The details about a core network policy.</p>"
+        }
+      }
+    },
+    "GetCoreNetworkRequest":{
+      "type":"structure",
+      "required":["CoreNetworkId"],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        }
+      }
+    },
+    "GetCoreNetworkResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetwork":{
+          "shape":"CoreNetwork",
+          "documentation":"<p>Details about a core network.</p>"
+        }
+      }
+    },
     "GetCustomerGatewayAssociationsRequest":{
       "type":"structure",
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "CustomerGatewayArns":{
-          "shape":"StringList",
+          "shape":"CustomerGatewayArnList",
           "documentation":"<p>One or more customer gateway Amazon Resource Names (ARNs). The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"customerGatewayArns"
@@ -1772,7 +3728,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1787,7 +3743,7 @@
           "documentation":"<p>The customer gateway associations.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1797,19 +3753,19 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceIds":{
-          "shape":"StringList",
+          "shape":"DeviceIdList",
           "documentation":"<p>One or more device IDs. The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"deviceIds"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>",
           "location":"querystring",
           "locationName":"siteId"
@@ -1821,7 +3777,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1836,7 +3792,7 @@
           "documentation":"<p>The devices.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1846,19 +3802,19 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>",
           "location":"querystring",
           "locationName":"deviceId"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>",
           "location":"querystring",
           "locationName":"linkId"
@@ -1870,7 +3826,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1885,7 +3841,7 @@
           "documentation":"<p>The link associations.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1895,31 +3851,31 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "LinkIds":{
-          "shape":"StringList",
+          "shape":"LinkIdList",
           "documentation":"<p>One or more link IDs. The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"linkIds"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>",
           "location":"querystring",
           "locationName":"siteId"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The link type.</p>",
           "location":"querystring",
           "locationName":"type"
         },
         "Provider":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The link provider.</p>",
           "location":"querystring",
           "locationName":"provider"
@@ -1931,7 +3887,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1946,7 +3902,7 @@
           "documentation":"<p>The links.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1956,13 +3912,13 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p> <p>The following are the supported resource types for Direct Connect:</p> <ul> <li> <p> <code>dxcon</code> </p> </li> <li> <p> <code>dx-gateway</code> </p> </li> <li> <p> <code>dx-vif</code> </p> </li> </ul> <p>The following are the supported resource types for Network Manager:</p> <ul> <li> <p> <code>connection</code> </p> </li> <li> <p> <code>device</code> </p> </li> <li> <p> <code>link</code> </p> </li> <li> <p> <code>site</code> </p> </li> </ul> <p>The following are the supported resource types for Amazon VPC:</p> <ul> <li> <p> <code>customer-gateway</code> </p> </li> <li> <p> <code>transit-gateway</code> </p> </li> <li> <p> <code>transit-gateway-attachment</code> </p> </li> <li> <p> <code>transit-gateway-connect-peer</code> </p> </li> <li> <p> <code>transit-gateway-route-table</code> </p> </li> <li> <p> <code>vpn-connection</code> </p> </li> </ul>",
           "location":"querystring",
           "locationName":"resourceType"
@@ -1974,7 +3930,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -1989,7 +3945,7 @@
           "documentation":"<p>The count of resources.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -1999,37 +3955,43 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"querystring",
+          "locationName":"coreNetworkId"
+        },
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the registered gateway.</p>",
           "location":"querystring",
           "locationName":"registeredGatewayArn"
         },
         "AwsRegion":{
-          "shape":"String",
+          "shape":"ExternalRegionCode",
           "documentation":"<p>The Amazon Web Services Region.</p>",
           "location":"querystring",
           "locationName":"awsRegion"
         },
         "AccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The Amazon Web Services account ID.</p>",
           "location":"querystring",
           "locationName":"accountId"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p> <p>The following are the supported resource types for Direct Connect:</p> <ul> <li> <p> <code>dxcon</code> </p> </li> <li> <p> <code>dx-gateway</code> </p> </li> <li> <p> <code>dx-vif</code> </p> </li> </ul> <p>The following are the supported resource types for Network Manager:</p> <ul> <li> <p> <code>connection</code> </p> </li> <li> <p> <code>device</code> </p> </li> <li> <p> <code>link</code> </p> </li> <li> <p> <code>site</code> </p> </li> </ul> <p>The following are the supported resource types for Amazon VPC:</p> <ul> <li> <p> <code>customer-gateway</code> </p> </li> <li> <p> <code>transit-gateway</code> </p> </li> <li> <p> <code>transit-gateway-attachment</code> </p> </li> <li> <p> <code>transit-gateway-connect-peer</code> </p> </li> <li> <p> <code>transit-gateway-route-table</code> </p> </li> <li> <p> <code>vpn-connection</code> </p> </li> </ul>",
           "location":"querystring",
           "locationName":"resourceType"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>",
           "location":"querystring",
           "locationName":"resourceArn"
@@ -2041,7 +4003,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2056,7 +4018,7 @@
           "documentation":"<p>The resource relationships.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -2066,37 +4028,43 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"querystring",
+          "locationName":"coreNetworkId"
+        },
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>",
           "location":"querystring",
           "locationName":"registeredGatewayArn"
         },
         "AwsRegion":{
-          "shape":"String",
+          "shape":"ExternalRegionCode",
           "documentation":"<p>The Amazon Web Services Region.</p>",
           "location":"querystring",
           "locationName":"awsRegion"
         },
         "AccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The Amazon Web Services account ID.</p>",
           "location":"querystring",
           "locationName":"accountId"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p> <p>The following are the supported resource types for Direct Connect:</p> <ul> <li> <p> <code>dxcon</code> - The definition model is <a href=\"https://docs.aws.amazon.com/directconnect/latest/APIReference/API_Connection.html\">Connection</a>.</p> </li> <li> <p> <code>dx-gateway</code> - The definition model is <a href=\"https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DirectConnectGateway.html\">DirectConnectGateway</a>.</p> </li> <li> <p> <code>dx-vif</code> - The definition model is <a href=\"https://docs.aws.amazon.com/directconnect/latest/APIReference/API_VirtualInterface.html\">VirtualInterface</a>.</p> </li> </ul> <p>The following are the supported resource types for Network Manager:</p> <ul> <li> <p> <code>connection</code> - The definition model is <a href=\"https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Connection.html\">Connection</a>.</p> </li> <li> <p> <code>device</code> - The definition model is <a href=\"https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Device.html\">Device</a>.</p> </li> <li> <p> <code>link</code> - The definition model is <a href=\"https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Link.html\">Link</a>.</p> </li> <li> <p> <code>site</code> - The definition model is <a href=\"https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Site.html\">Site</a>.</p> </li> </ul> <p>The following are the supported resource types for Amazon VPC:</p> <ul> <li> <p> <code>customer-gateway</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CustomerGateway.html\">CustomerGateway</a>.</p> </li> <li> <p> <code>transit-gateway</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGateway.html\">TransitGateway</a>.</p> </li> <li> <p> <code>transit-gateway-attachment</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayAttachment.html\">TransitGatewayAttachment</a>.</p> </li> <li> <p> <code>transit-gateway-connect-peer</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayConnectPeer.html\">TransitGatewayConnectPeer</a>.</p> </li> <li> <p> <code>transit-gateway-route-table</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayRouteTable.html\">TransitGatewayRouteTable</a>.</p> </li> <li> <p> <code>vpn-connection</code> - The definition model is <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnConnection.html\">VpnConnection</a>.</p> </li> </ul>",
           "location":"querystring",
           "locationName":"resourceType"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>",
           "location":"querystring",
           "locationName":"resourceArn"
@@ -2108,7 +4076,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2123,7 +4091,7 @@
           "documentation":"<p>The network resources.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -2136,7 +4104,7 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
@@ -2146,23 +4114,23 @@
           "documentation":"<p>The ID of the route table.</p>"
         },
         "ExactCidrMatches":{
-          "shape":"StringList",
+          "shape":"ConstrainedStringList",
           "documentation":"<p>An exact CIDR block.</p>"
         },
         "LongestPrefixMatches":{
-          "shape":"StringList",
+          "shape":"ConstrainedStringList",
           "documentation":"<p>The most specific route that matches the traffic (longest prefix match).</p>"
         },
         "SubnetOfMatches":{
-          "shape":"StringList",
+          "shape":"ConstrainedStringList",
           "documentation":"<p>The routes with a subnet that match the specified CIDR filter.</p>"
         },
         "SupernetOfMatches":{
-          "shape":"StringList",
+          "shape":"ConstrainedStringList",
           "documentation":"<p>The routes with a CIDR that encompasses the CIDR filter. Example: If you specify 10.0.1.0/30, then the result returns 10.0.1.0/29.</p>"
         },
         "PrefixListIds":{
-          "shape":"StringList",
+          "shape":"ConstrainedStringList",
           "documentation":"<p>The IDs of the prefix lists.</p>"
         },
         "States":{
@@ -2183,9 +4151,13 @@
       "type":"structure",
       "members":{
         "RouteTableArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the route table.</p>"
         },
+        "CoreNetworkSegmentEdge":{
+          "shape":"CoreNetworkSegmentEdgeIdentifier",
+          "documentation":"<p>Describes a core network segment edge.</p>"
+        },
         "RouteTableType":{
           "shape":"RouteTableType",
           "documentation":"<p>The route table type.</p>"
@@ -2205,37 +4177,43 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"querystring",
+          "locationName":"coreNetworkId"
+        },
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>",
           "location":"querystring",
           "locationName":"registeredGatewayArn"
         },
         "AwsRegion":{
-          "shape":"String",
+          "shape":"ExternalRegionCode",
           "documentation":"<p>The Amazon Web Services Region.</p>",
           "location":"querystring",
           "locationName":"awsRegion"
         },
         "AccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The Amazon Web Services account ID.</p>",
           "location":"querystring",
           "locationName":"accountId"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p> <p>The following are the supported resource types for Direct Connect:</p> <ul> <li> <p> <code>dxcon</code> </p> </li> <li> <p> <code>dx-gateway</code> </p> </li> <li> <p> <code>dx-vif</code> </p> </li> </ul> <p>The following are the supported resource types for Network Manager:</p> <ul> <li> <p> <code>connection</code> </p> </li> <li> <p> <code>device</code> </p> </li> <li> <p> <code>link</code> </p> </li> <li> <p> <code>site</code> </p> </li> </ul> <p>The following are the supported resource types for Amazon VPC:</p> <ul> <li> <p> <code>customer-gateway</code> </p> </li> <li> <p> <code>transit-gateway</code> </p> </li> <li> <p> <code>transit-gateway-attachment</code> </p> </li> <li> <p> <code>transit-gateway-connect-peer</code> </p> </li> <li> <p> <code>transit-gateway-route-table</code> </p> </li> <li> <p> <code>vpn-connection</code> </p> </li> </ul>",
           "location":"querystring",
           "locationName":"resourceType"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>",
           "location":"querystring",
           "locationName":"resourceArn"
@@ -2247,7 +4225,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2262,11 +4240,33 @@
           "documentation":"<p>The network telemetry.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
     },
+    "GetResourcePolicyRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the resource.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "GetResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+        "PolicyDocument":{
+          "shape":"ResourcePolicyDocument",
+          "documentation":"<p>The resource policy document.</p>",
+          "jsonvalue":true
+        }
+      }
+    },
     "GetRouteAnalysisRequest":{
       "type":"structure",
       "required":[
@@ -2275,13 +4275,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "RouteAnalysisId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the route analysis.</p>",
           "location":"uri",
           "locationName":"routeAnalysisId"
@@ -2297,18 +4297,39 @@
         }
       }
     },
+    "GetSiteToSiteVpnAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "GetSiteToSiteVpnAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "SiteToSiteVpnAttachment":{
+          "shape":"SiteToSiteVpnAttachment",
+          "documentation":"<p>Describes the site-to-site attachment.</p>"
+        }
+      }
+    },
     "GetSitesRequest":{
       "type":"structure",
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "SiteIds":{
-          "shape":"StringList",
+          "shape":"SiteIdList",
           "documentation":"<p>One or more site IDs. The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"siteIds"
@@ -2320,7 +4341,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2335,7 +4356,7 @@
           "documentation":"<p>The sites.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
@@ -2345,13 +4366,13 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayConnectPeerArns":{
-          "shape":"StringList",
+          "shape":"TransitGatewayConnectPeerArnList",
           "documentation":"<p>One or more transit gateway Connect peer Amazon Resource Names (ARNs).</p>",
           "location":"querystring",
           "locationName":"transitGatewayConnectPeerArns"
@@ -2363,7 +4384,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2378,7 +4399,7 @@
           "documentation":"<p>Information about the transit gateway Connect peer associations.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token to use for the next page of results.</p>"
         }
       }
@@ -2388,13 +4409,13 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayArns":{
-          "shape":"StringList",
+          "shape":"TransitGatewayArnList",
           "documentation":"<p>The Amazon Resource Names (ARNs) of one or more transit gateways. The maximum is 10.</p>",
           "location":"querystring",
           "locationName":"transitGatewayArns"
@@ -2406,7 +4427,7 @@
           "locationName":"maxResults"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>",
           "location":"querystring",
           "locationName":"nextToken"
@@ -2421,24 +4442,45 @@
           "documentation":"<p>The transit gateway registrations.</p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"NextToken",
           "documentation":"<p>The token for the next page of results.</p>"
         }
       }
     },
+    "GetVpcAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "GetVpcAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "VpcAttachment":{
+          "shape":"VpcAttachment",
+          "documentation":"<p>Returns details about a VPC attachment.</p>"
+        }
+      }
+    },
     "GlobalNetwork":{
       "type":"structure",
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "GlobalNetworkArn":{
-          "shape":"String",
+          "shape":"GlobalNetworkArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the global network.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The description of the global network.</p>"
         },
         "CreatedAt":{
@@ -2454,7 +4496,21 @@
           "documentation":"<p>The tags for the global network.</p>"
         }
       },
-      "documentation":"<p>Describes a global network.</p>"
+      "documentation":"<p>Describes a global network. This is a single private network acting as a high-level container for your network objects, including an Amazon Web Services-manged Core Network.</p>"
+    },
+    "GlobalNetworkArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "GlobalNetworkId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "GlobalNetworkIdList":{
+      "type":"list",
+      "member":{"shape":"GlobalNetworkId"}
     },
     "GlobalNetworkList":{
       "type":"list",
@@ -2469,12 +4525,17 @@
         "UPDATING"
       ]
     },
+    "IPAddress":{
+      "type":"string",
+      "max":50,
+      "min":1
+    },
     "Integer":{"type":"integer"},
     "InternalServerException":{
       "type":"structure",
       "required":["Message"],
       "members":{
-        "Message":{"shape":"String"},
+        "Message":{"shape":"ServerSideString"},
         "RetryAfterSeconds":{
           "shape":"RetryAfterSeconds",
           "documentation":"<p>Indicates when to retry the request.</p>",
@@ -2491,27 +4552,27 @@
       "type":"structure",
       "members":{
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         },
         "LinkArn":{
-          "shape":"String",
+          "shape":"LinkArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the link.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The description of the link.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The type of the link.</p>"
         },
         "Bandwidth":{
@@ -2519,7 +4580,7 @@
           "documentation":"<p>The bandwidth for the link.</p>"
         },
         "Provider":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The provider of the link.</p>"
         },
         "CreatedAt":{
@@ -2537,19 +4598,24 @@
       },
       "documentation":"<p>Describes a link.</p>"
     },
+    "LinkArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
     "LinkAssociation":{
       "type":"structure",
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The device ID for the link association.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         },
         "LinkAssociationState":{
@@ -2572,6 +4638,15 @@
         "DELETED"
       ]
     },
+    "LinkId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "LinkIdList":{
+      "type":"list",
+      "member":{"shape":"LinkId"}
+    },
     "LinkList":{
       "type":"list",
       "member":{"shape":"Link"}
@@ -2585,12 +4660,175 @@
         "UPDATING"
       ]
     },
+    "ListAttachmentsRequest":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"querystring",
+          "locationName":"coreNetworkId"
+        },
+        "AttachmentType":{
+          "shape":"AttachmentType",
+          "documentation":"<p>The type of attachment.</p>",
+          "location":"querystring",
+          "locationName":"attachmentType"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The Region where the edge is located.</p>",
+          "location":"querystring",
+          "locationName":"edgeLocation"
+        },
+        "State":{
+          "shape":"AttachmentState",
+          "documentation":"<p>The state of the attachment.</p>",
+          "location":"querystring",
+          "locationName":"state"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListAttachmentsResponse":{
+      "type":"structure",
+      "members":{
+        "Attachments":{
+          "shape":"AttachmentList",
+          "documentation":"<p>Describes the list of attachments.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListConnectPeersRequest":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"querystring",
+          "locationName":"coreNetworkId"
+        },
+        "ConnectAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"querystring",
+          "locationName":"connectAttachmentId"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListConnectPeersResponse":{
+      "type":"structure",
+      "members":{
+        "ConnectPeers":{
+          "shape":"ConnectPeerSummaryList",
+          "documentation":"<p>Describes the Connect peers.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListCoreNetworkPolicyVersionsRequest":{
+      "type":"structure",
+      "required":["CoreNetworkId"],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListCoreNetworkPolicyVersionsResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkPolicyVersions":{
+          "shape":"CoreNetworkPolicyVersionList",
+          "documentation":"<p>Describes core network policy versions.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
+    "ListCoreNetworksRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListCoreNetworksResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworks":{
+          "shape":"CoreNetworkSummaryList",
+          "documentation":"<p>Describes the list of core networks.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        }
+      }
+    },
     "ListTagsForResourceRequest":{
       "type":"structure",
       "required":["ResourceArn"],
       "members":{
         "ResourceArn":{
-          "shape":"ResourceARN",
+          "shape":"ResourceArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the resource.</p>",
           "location":"uri",
           "locationName":"resourceArn"
@@ -2610,21 +4848,22 @@
       "type":"structure",
       "members":{
         "Address":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The physical address.</p>"
         },
         "Latitude":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The latitude.</p>"
         },
         "Longitude":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The longitude.</p>"
         }
       },
       "documentation":"<p>Describes a location.</p>",
       "sensitive":true
     },
+    "Long":{"type":"long"},
     "MaxResults":{
       "type":"integer",
       "max":500,
@@ -2634,31 +4873,35 @@
       "type":"structure",
       "members":{
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>"
         },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>a core network ID.</p>"
+        },
         "AwsRegion":{
-          "shape":"String",
+          "shape":"ExternalRegionCode",
           "documentation":"<p>The Amazon Web Services Region.</p>"
         },
         "AccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The Amazon Web Services account ID.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p> <p>The following are the supported resource types for Direct Connect:</p> <ul> <li> <p> <code>dxcon</code> </p> </li> <li> <p> <code>dx-gateway</code> </p> </li> <li> <p> <code>dx-vif</code> </p> </li> </ul> <p>The following are the supported resource types for Network Manager:</p> <ul> <li> <p> <code>connection</code> </p> </li> <li> <p> <code>device</code> </p> </li> <li> <p> <code>link</code> </p> </li> <li> <p> <code>site</code> </p> </li> </ul> <p>The following are the supported resource types for Amazon VPC:</p> <ul> <li> <p> <code>customer-gateway</code> </p> </li> <li> <p> <code>transit-gateway</code> </p> </li> <li> <p> <code>transit-gateway-attachment</code> </p> </li> <li> <p> <code>transit-gateway-connect-peer</code> </p> </li> <li> <p> <code>transit-gateway-route-table</code> </p> </li> <li> <p> <code>vpn-connection</code> </p> </li> </ul>"
         },
         "ResourceId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the resource.</p>"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>"
         },
         "Definition":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>Information about the resource, in JSON format. Network Manager gets this information by describing the resource using its Describe API call.</p>"
         },
         "DefinitionTimestamp":{
@@ -2680,7 +4923,7 @@
       "type":"structure",
       "members":{
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p>"
         },
         "Count":{
@@ -2698,34 +4941,32 @@
       "type":"list",
       "member":{"shape":"NetworkResource"}
     },
-    "NetworkResourceMetadataKey":{"type":"string"},
     "NetworkResourceMetadataMap":{
       "type":"map",
-      "key":{"shape":"NetworkResourceMetadataKey"},
-      "value":{"shape":"NetworkResourceMetadataValue"}
+      "key":{"shape":"ConstrainedString"},
+      "value":{"shape":"ConstrainedString"}
     },
-    "NetworkResourceMetadataValue":{"type":"string"},
     "NetworkResourceSummary":{
       "type":"structure",
       "members":{
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p>"
         },
         "Definition":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>Information about the resource, in JSON format. Network Manager gets this information by describing the resource using its Describe API call.</p>"
         },
         "NameTag":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The value for the Name tag.</p>"
         },
         "IsMiddlebox":{
@@ -2739,7 +4980,7 @@
       "type":"structure",
       "members":{
         "DestinationCidrBlock":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A unique identifier for the route, such as a CIDR block.</p>"
         },
         "Destinations":{
@@ -2747,7 +4988,7 @@
           "documentation":"<p>The destinations.</p>"
         },
         "PrefixListId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the prefix list.</p>"
         },
         "State":{
@@ -2764,16 +5005,28 @@
     "NetworkRouteDestination":{
       "type":"structure",
       "members":{
+        "CoreNetworkAttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of a core network attachment.</p>"
+        },
         "TransitGatewayAttachmentId":{
-          "shape":"String",
+          "shape":"TransitGatewayAttachmentId",
           "documentation":"<p>The ID of the transit gateway attachment.</p>"
         },
+        "SegmentName":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The name of the segment.</p>"
+        },
+        "EdgeLocation":{
+          "shape":"ExternalRegionCode",
+          "documentation":"<p>The edge location for the network destination.</p>"
+        },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p>"
         },
         "ResourceId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the resource.</p>"
         }
       },
@@ -2791,31 +5044,35 @@
       "type":"structure",
       "members":{
         "RegisteredGatewayArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the gateway.</p>"
         },
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>"
+        },
         "AwsRegion":{
-          "shape":"String",
+          "shape":"ExternalRegionCode",
           "documentation":"<p>The Amazon Web Services Region.</p>"
         },
         "AccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The Amazon Web Services account ID.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The resource type.</p>"
         },
         "ResourceId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the resource.</p>"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>"
         },
         "Address":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The address.</p>"
         },
         "Health":{
@@ -2829,6 +5086,11 @@
       "type":"list",
       "member":{"shape":"NetworkTelemetry"}
     },
+    "NextToken":{
+      "type":"string",
+      "max":2048,
+      "min":0
+    },
     "PathComponent":{
       "type":"structure",
       "members":{
@@ -2841,7 +5103,7 @@
           "documentation":"<p>The resource.</p>"
         },
         "DestinationCidrBlock":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The destination CIDR block in the route table.</p>"
         }
       },
@@ -2851,6 +5113,91 @@
       "type":"list",
       "member":{"shape":"PathComponent"}
     },
+    "ProposedSegmentChange":{
+      "type":"structure",
+      "members":{
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The key-value tags that changed for the segment.</p>"
+        },
+        "AttachmentPolicyRuleNumber":{
+          "shape":"Integer",
+          "documentation":"<p>The rule number in the policy document that applies to this change.</p>"
+        },
+        "SegmentName":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The name of the segment to change.</p>"
+        }
+      },
+      "documentation":"<p>Describes a proposed segment change. In some cases, the segment change must first be evaluated and accepted. </p>"
+    },
+    "PutCoreNetworkPolicyRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "PolicyDocument"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyDocument":{
+          "shape":"CoreNetworkPolicyDocument",
+          "documentation":"<p>The policy document.</p>",
+          "jsonvalue":true
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>a core network policy description.</p>"
+        },
+        "LatestVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of a core network policy. </p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>The client token associated with the request.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "PutCoreNetworkPolicyResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkPolicy":{
+          "shape":"CoreNetworkPolicy",
+          "documentation":"<p>Describes the changed core network policy.</p>"
+        }
+      }
+    },
+    "PutResourcePolicyRequest":{
+      "type":"structure",
+      "required":[
+        "PolicyDocument",
+        "ResourceArn"
+      ],
+      "members":{
+        "PolicyDocument":{
+          "shape":"ResourcePolicyDocument",
+          "documentation":"<p>The JSON resource policy document.</p>",
+          "jsonvalue":true
+        },
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN of the resource policy. </p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "PutResourcePolicyResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "ReasonContextKey":{"type":"string"},
     "ReasonContextMap":{
       "type":"map",
@@ -2866,13 +5213,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "TransitGatewayArn":{
-          "shape":"String",
+          "shape":"TransitGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the transit gateway.</p>"
         }
       }
@@ -2886,15 +5233,36 @@
         }
       }
     },
+    "RejectAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        }
+      }
+    },
+    "RejectAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>Describes the rejected attachment request.</p>"
+        }
+      }
+    },
     "Relationship":{
       "type":"structure",
       "members":{
         "From":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ARN of the resource.</p>"
         },
         "To":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ARN of the resource.</p>"
         }
       },
@@ -2904,7 +5272,11 @@
       "type":"list",
       "member":{"shape":"Relationship"}
     },
-    "ResourceARN":{"type":"string"},
+    "ResourceArn":{
+      "type":"string",
+      "max":1500,
+      "min":0
+    },
     "ResourceNotFoundException":{
       "type":"structure",
       "required":[
@@ -2913,35 +5285,69 @@
         "ResourceType"
       ],
       "members":{
-        "Message":{"shape":"String"},
+        "Message":{"shape":"ServerSideString"},
         "ResourceId":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The ID of the resource.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The resource type.</p>"
         },
-        "Context":{"shape":"ExceptionContextMap"}
+        "Context":{
+          "shape":"ExceptionContextMap",
+          "documentation":"<p>The specified resource could not be found.</p>"
+        }
       },
       "documentation":"<p>The specified resource could not be found.</p>",
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "ResourcePolicyDocument":{"type":"string"},
+    "RestoreCoreNetworkPolicyVersionRequest":{
+      "type":"structure",
+      "required":[
+        "CoreNetworkId",
+        "PolicyVersionId"
+      ],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "PolicyVersionId":{
+          "shape":"Integer",
+          "documentation":"<p>The ID of the policy version to restore.</p>",
+          "location":"uri",
+          "locationName":"policyVersionId"
+        }
+      }
+    },
+    "RestoreCoreNetworkPolicyVersionResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetworkPolicy":{
+          "shape":"CoreNetworkPolicy",
+          "documentation":"<p>Describes the restored core network policy.</p>"
+        }
+      }
+    },
     "RetryAfterSeconds":{"type":"integer"},
     "RouteAnalysis":{
       "type":"structure",
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "OwnerAccountId":{
-          "shape":"String",
+          "shape":"AWSAccountId",
           "documentation":"<p>The ID of the AWS account that created the route analysis.</p>"
         },
         "RouteAnalysisId":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The ID of the route analysis.</p>"
         },
         "StartTimestamp":{
@@ -3024,15 +5430,15 @@
       "type":"structure",
       "members":{
         "TransitGatewayAttachmentArn":{
-          "shape":"String",
+          "shape":"TransitGatewayAttachmentArn",
           "documentation":"<p>The ARN of the transit gateway attachment.</p>"
         },
         "TransitGatewayArn":{
-          "shape":"String",
+          "shape":"TransitGatewayArn",
           "documentation":"<p>The ARN of the transit gateway.</p>"
         },
         "IpAddress":{
-          "shape":"String",
+          "shape":"IPAddress",
           "documentation":"<p>The IP address.</p>"
         }
       },
@@ -3042,11 +5448,11 @@
       "type":"structure",
       "members":{
         "TransitGatewayAttachmentArn":{
-          "shape":"String",
+          "shape":"TransitGatewayAttachmentArn",
           "documentation":"<p>The ARN of the transit gateway attachment.</p>"
         },
         "IpAddress":{
-          "shape":"String",
+          "shape":"IPAddress",
           "documentation":"<p>The IP address.</p>"
         }
       },
@@ -3089,15 +5495,22 @@
       "type":"structure",
       "members":{
         "TransitGatewayRouteTableArn":{
-          "shape":"String",
+          "shape":"TransitGatewayRouteTableArn",
           "documentation":"<p>The ARN of the transit gateway route table.</p>"
+        },
+        "CoreNetworkSegmentEdge":{
+          "shape":"CoreNetworkSegmentEdgeIdentifier",
+          "documentation":"<p>The segment edge in a core network.</p>"
         }
       },
       "documentation":"<p>Describes a route table.</p>"
     },
     "RouteTableType":{
       "type":"string",
-      "enum":["TRANSIT_GATEWAY_ROUTE_TABLE"]
+      "enum":[
+        "TRANSIT_GATEWAY_ROUTE_TABLE",
+        "CORE_NETWORK_SEGMENT"
+      ]
     },
     "RouteType":{
       "type":"string",
@@ -3110,6 +5523,7 @@
       "type":"list",
       "member":{"shape":"RouteType"}
     },
+    "ServerSideString":{"type":"string"},
     "ServiceQuotaExceededException":{
       "type":"structure",
       "required":[
@@ -3119,23 +5533,23 @@
       ],
       "members":{
         "Message":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The error message.</p>"
         },
         "ResourceId":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The ID of the resource.</p>"
         },
         "ResourceType":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The resource type.</p>"
         },
         "LimitCode":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The limit code.</p>"
         },
         "ServiceCode":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The service code.</p>"
         }
       },
@@ -3147,19 +5561,19 @@
       "type":"structure",
       "members":{
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>"
         },
         "SiteArn":{
-          "shape":"String",
+          "shape":"SiteArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the site.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The description of the site.</p>"
         },
         "Location":{
@@ -3181,6 +5595,20 @@
       },
       "documentation":"<p>Describes a site.</p>"
     },
+    "SiteArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "SiteId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "SiteIdList":{
+      "type":"list",
+      "member":{"shape":"SiteId"}
+    },
     "SiteList":{
       "type":"list",
       "member":{"shape":"Site"}
@@ -3194,6 +5622,20 @@
         "UPDATING"
       ]
     },
+    "SiteToSiteVpnAttachment":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>Provides details about a site-to-site VPN attachment.</p>"
+        },
+        "VpnConnectionArn":{
+          "shape":"VpnConnectionArn",
+          "documentation":"<p>The ARN of the site-to-site VPN attachment. </p>"
+        }
+      },
+      "documentation":"<p>Creates a site-to-site VPN attachment.</p>"
+    },
     "StartRouteAnalysisRequest":{
       "type":"structure",
       "required":[
@@ -3203,7 +5645,7 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
@@ -3235,10 +5677,15 @@
         }
       }
     },
-    "String":{"type":"string"},
-    "StringList":{
+    "SubnetArn":{
+      "type":"string",
+      "max":500,
+      "min":0,
+      "pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:subnet\\/subnet-[0-9a-f]{8,17}$"
+    },
+    "SubnetArnList":{
       "type":"list",
-      "member":{"shape":"String"}
+      "member":{"shape":"SubnetArn"}
     },
     "Tag":{
       "type":"structure",
@@ -3271,7 +5718,7 @@
       ],
       "members":{
         "ResourceArn":{
-          "shape":"ResourceARN",
+          "shape":"ResourceArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the resource.</p>",
           "location":"uri",
           "locationName":"resourceArn"
@@ -3292,7 +5739,7 @@
       "type":"structure",
       "required":["Message"],
       "members":{
-        "Message":{"shape":"String"},
+        "Message":{"shape":"ServerSideString"},
         "RetryAfterSeconds":{
           "shape":"RetryAfterSeconds",
           "documentation":"<p>Indicates when to retry the request.</p>",
@@ -3304,23 +5751,51 @@
       "error":{"httpStatusCode":429},
       "exception":true
     },
+    "TransitGatewayArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "TransitGatewayArnList":{
+      "type":"list",
+      "member":{"shape":"TransitGatewayArn"}
+    },
+    "TransitGatewayAttachmentArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "TransitGatewayAttachmentId":{
+      "type":"string",
+      "max":50,
+      "min":0
+    },
+    "TransitGatewayConnectPeerArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "TransitGatewayConnectPeerArnList":{
+      "type":"list",
+      "member":{"shape":"TransitGatewayConnectPeerArn"}
+    },
     "TransitGatewayConnectPeerAssociation":{
       "type":"structure",
       "members":{
         "TransitGatewayConnectPeerArn":{
-          "shape":"String",
+          "shape":"TransitGatewayConnectPeerArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the transit gateway Connect peer.</p>"
         },
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>"
         },
         "State":{
@@ -3347,11 +5822,11 @@
       "type":"structure",
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>"
         },
         "TransitGatewayArn":{
-          "shape":"String",
+          "shape":"TransitGatewayArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the transit gateway.</p>"
         },
         "State":{
@@ -3383,12 +5858,21 @@
           "documentation":"<p>The code for the state reason.</p>"
         },
         "Message":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The message for the state reason.</p>"
         }
       },
       "documentation":"<p>Describes the status of a transit gateway registration.</p>"
     },
+    "TransitGatewayRouteTableArn":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "TunnelProtocol":{
+      "type":"string",
+      "enum":["GRE"]
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -3397,7 +5881,7 @@
       ],
       "members":{
         "ResourceArn":{
-          "shape":"ResourceARN",
+          "shape":"ResourceArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the resource.</p>",
           "location":"uri",
           "locationName":"resourceArn"
@@ -3423,27 +5907,27 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "ConnectionId":{
-          "shape":"String",
+          "shape":"ConnectionId",
           "documentation":"<p>The ID of the connection.</p>",
           "location":"uri",
           "locationName":"connectionId"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the first device in the connection.</p>"
         },
         "ConnectedLinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link for the second device in the connection.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the connection.</p> <p>Length Constraints: Maximum length of 256 characters.</p>"
         }
       }
@@ -3457,6 +5941,31 @@
         }
       }
     },
+    "UpdateCoreNetworkRequest":{
+      "type":"structure",
+      "required":["CoreNetworkId"],
+      "members":{
+        "CoreNetworkId":{
+          "shape":"CoreNetworkId",
+          "documentation":"<p>The ID of a core network.</p>",
+          "location":"uri",
+          "locationName":"coreNetworkId"
+        },
+        "Description":{
+          "shape":"ConstrainedString",
+          "documentation":"<p>The description of the update.</p>"
+        }
+      }
+    },
+    "UpdateCoreNetworkResponse":{
+      "type":"structure",
+      "members":{
+        "CoreNetwork":{
+          "shape":"CoreNetwork",
+          "documentation":"<p>Returns information about a core network update.</p>"
+        }
+      }
+    },
     "UpdateDeviceRequest":{
       "type":"structure",
       "required":[
@@ -3465,13 +5974,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "DeviceId":{
-          "shape":"String",
+          "shape":"DeviceId",
           "documentation":"<p>The ID of the device.</p>",
           "location":"uri",
           "locationName":"deviceId"
@@ -3481,28 +5990,28 @@
           "documentation":"<p>The Amazon Web Services location of the device, if applicable. For an on-premises device, you can omit this parameter.</p>"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the device.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The type of the device.</p>"
         },
         "Vendor":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The vendor of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "Model":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The model of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "SerialNumber":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The serial number of the device.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "Location":{"shape":"Location"},
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of the site.</p>"
         }
       }
@@ -3521,13 +6030,13 @@
       "required":["GlobalNetworkId"],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of your global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the global network.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         }
       }
@@ -3549,23 +6058,23 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "LinkId":{
-          "shape":"String",
+          "shape":"LinkId",
           "documentation":"<p>The ID of the link.</p>",
           "location":"uri",
           "locationName":"linkId"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of the link.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Type":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The type of the link.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         },
         "Bandwidth":{
@@ -3573,7 +6082,7 @@
           "documentation":"<p>The upload and download speed in Mbps. </p>"
         },
         "Provider":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>The provider of the link.</p> <p>Constraints: Maximum length of 128 characters.</p>"
         }
       }
@@ -3596,13 +6105,13 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>",
           "location":"uri",
           "locationName":"resourceArn"
@@ -3617,7 +6126,7 @@
       "type":"structure",
       "members":{
         "ResourceArn":{
-          "shape":"String",
+          "shape":"ResourceArn",
           "documentation":"<p>The ARN of the resource.</p>"
         },
         "Metadata":{
@@ -3634,19 +6143,19 @@
       ],
       "members":{
         "GlobalNetworkId":{
-          "shape":"String",
+          "shape":"GlobalNetworkId",
           "documentation":"<p>The ID of the global network.</p>",
           "location":"uri",
           "locationName":"globalNetworkId"
         },
         "SiteId":{
-          "shape":"String",
+          "shape":"SiteId",
           "documentation":"<p>The ID of your site.</p>",
           "location":"uri",
           "locationName":"siteId"
         },
         "Description":{
-          "shape":"String",
+          "shape":"ConstrainedString",
           "documentation":"<p>A description of your site.</p> <p>Constraints: Maximum length of 256 characters.</p>"
         },
         "Location":{
@@ -3664,11 +6173,44 @@
         }
       }
     },
+    "UpdateVpcAttachmentRequest":{
+      "type":"structure",
+      "required":["AttachmentId"],
+      "members":{
+        "AttachmentId":{
+          "shape":"AttachmentId",
+          "documentation":"<p>The ID of the attachment.</p>",
+          "location":"uri",
+          "locationName":"attachmentId"
+        },
+        "AddSubnetArns":{
+          "shape":"SubnetArnList",
+          "documentation":"<p>Adds a subnet ARN to the VPC attachment.</p>"
+        },
+        "RemoveSubnetArns":{
+          "shape":"SubnetArnList",
+          "documentation":"<p>Removes a subnet ARN from the attachment.</p>"
+        },
+        "Options":{
+          "shape":"VpcOptions",
+          "documentation":"<p>Additional options for updating the VPC attachment. </p>"
+        }
+      }
+    },
+    "UpdateVpcAttachmentResponse":{
+      "type":"structure",
+      "members":{
+        "VpcAttachment":{
+          "shape":"VpcAttachment",
+          "documentation":"<p>Describes the updated VPC attachment.</p>"
+        }
+      }
+    },
     "ValidationException":{
       "type":"structure",
       "required":["Message"],
       "members":{
-        "Message":{"shape":"String"},
+        "Message":{"shape":"ServerSideString"},
         "Reason":{
           "shape":"ValidationExceptionReason",
           "documentation":"<p>The reason for the error.</p>"
@@ -3690,11 +6232,11 @@
       ],
       "members":{
         "Name":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The name of the field.</p>"
         },
         "Message":{
-          "shape":"String",
+          "shape":"ServerSideString",
           "documentation":"<p>The message for the field.</p>"
         }
       },
@@ -3712,6 +6254,46 @@
         "FieldValidationFailed",
         "Other"
       ]
+    },
+    "VpcArn":{
+      "type":"string",
+      "max":500,
+      "min":0,
+      "pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:vpc\\/vpc-[0-9a-f]{8,17}$"
+    },
+    "VpcAttachment":{
+      "type":"structure",
+      "members":{
+        "Attachment":{
+          "shape":"Attachment",
+          "documentation":"<p>Provides details about the VPC attachment.</p>"
+        },
+        "SubnetArns":{
+          "shape":"SubnetArnList",
+          "documentation":"<p>The subnet ARNs.</p>"
+        },
+        "Options":{
+          "shape":"VpcOptions",
+          "documentation":"<p>Provides details about the VPC attachment.</p>"
+        }
+      },
+      "documentation":"<p>Describes a VPC attachment.</p>"
+    },
+    "VpcOptions":{
+      "type":"structure",
+      "members":{
+        "Ipv6Support":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether IPv6 is supported.</p>"
+        }
+      },
+      "documentation":"<p>Describes the VPC options.</p>"
+    },
+    "VpnConnectionArn":{
+      "type":"string",
+      "max":500,
+      "min":0,
+      "pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:vpn-connection\\/vpn-[0-9a-f]{8,17}$"
     }
   },
   "documentation":"<p>Transit Gateway Network Manager (Network Manager) enables you to create a global network, in which you can monitor your Amazon Web Services and on-premises networks that are built around transit gateways.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/nimble/2020-08-01/service-2.json b/contrib/python/botocore/py3/botocore/data/nimble/2020-08-01/service-2.json
index 2db9188ad8b..448678cfd0c 100644
--- a/contrib/python/botocore/py3/botocore/data/nimble/2020-08-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/nimble/2020-08-01/service-2.json
@@ -438,7 +438,7 @@
         {"shape":"InternalServerErrorException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Gets StreamingSession resource.</p> <p>anvoke this operation to poll for a streaming session state while creating or deleting a session.</p>"
+      "documentation":"<p>Gets StreamingSession resource.</p> <p>Invoke this operation to poll for a streaming session state while creating or deleting a session.</p>"
     },
     "GetStreamingSessionStream":{
       "name":"GetStreamingSessionStream",
@@ -678,7 +678,7 @@
         {"shape":"InternalServerErrorException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Get all users in a given studio membership.</p>"
+      "documentation":"<p>Get all users in a given studio membership.</p> <note> <p> <code>ListStudioMembers</code> only returns admin members.</p> </note>"
     },
     "ListStudios":{
       "name":"ListStudios",
@@ -987,8 +987,7 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "AcceptEulasResponse":{
       "type":"structure",
@@ -997,8 +996,7 @@
           "shape":"EulaAcceptanceList",
           "documentation":"<p>A collection of EULA acceptances.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "AccessDeniedException":{
       "type":"structure",
@@ -1075,14 +1073,10 @@
       },
       "documentation":"<p>The configuration for a Microsoft Active Directory (Microsoft AD) studio resource.</p>"
     },
-    "ActiveDirectoryDnsIpAddress":{
-      "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
-    },
+    "ActiveDirectoryDnsIpAddress":{"type":"string"},
     "ActiveDirectoryDnsIpAddressList":{
       "type":"list",
       "member":{"shape":"ActiveDirectoryDnsIpAddress"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":10,
       "min":0
     },
@@ -1186,8 +1180,7 @@
           "shape":"Tags",
           "documentation":"<p>A collection of labels, in the form of key:value pairs, that apply to this resource.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateLaunchProfileResponse":{
       "type":"structure",
@@ -1196,8 +1189,7 @@
           "shape":"LaunchProfile",
           "documentation":"<p>The launch profile.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingImageRequest":{
       "type":"structure",
@@ -1236,8 +1228,7 @@
           "shape":"Tags",
           "documentation":"<p>A collection of labels, in the form of key:value pairs, that apply to this resource.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingImageResponse":{
       "type":"structure",
@@ -1246,8 +1237,7 @@
           "shape":"StreamingImage",
           "documentation":"<p>The streaming image.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingSessionRequest":{
       "type":"structure",
@@ -1270,7 +1260,7 @@
         },
         "ownedBy":{
           "shape":"String",
-          "documentation":"<p>The user ID of the user that owns the streaming session.</p>"
+          "documentation":"<p>The user ID of the user that owns the streaming session. The user that owns the session will be logging into the session and interacting with the virtual workstation.</p>"
         },
         "streamingImageId":{
           "shape":"StreamingImageId",
@@ -1286,8 +1276,7 @@
           "shape":"Tags",
           "documentation":"<p>A collection of labels, in the form of key:value pairs, that apply to this resource.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingSessionResponse":{
       "type":"structure",
@@ -1296,8 +1285,7 @@
           "shape":"StreamingSession",
           "documentation":"<p>The session.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingSessionStreamRequest":{
       "type":"structure",
@@ -1329,8 +1317,7 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStreamingSessionStreamResponse":{
       "type":"structure",
@@ -1339,8 +1326,7 @@
           "shape":"StreamingSessionStream",
           "documentation":"<p>The stream.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStudioComponentRequest":{
       "type":"structure",
@@ -1399,8 +1385,7 @@
           "shape":"StudioComponentType",
           "documentation":"<p>The type of the studio component.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStudioComponentResponse":{
       "type":"structure",
@@ -1409,8 +1394,7 @@
           "shape":"StudioComponent",
           "documentation":"<p>Information about the studio component.</p>"
         }
-      },
-      "documentation":"<p/>"
+      }
     },
     "CreateStudioRequest":{
       "type":"structure",
@@ -1452,8 +1436,7 @@
           "shape":"String",
           "documentation":"<p>The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "CreateStudioResponse":{
       "type":"structure",
@@ -1462,8 +1445,7 @@
           "shape":"Studio",
           "documentation":"<p>Information about a studio.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteLaunchProfileMemberRequest":{
       "type":"structure",
@@ -1503,8 +1485,7 @@
     "DeleteLaunchProfileMemberResponse":{
       "type":"structure",
       "members":{
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteLaunchProfileRequest":{
       "type":"structure",
@@ -1541,8 +1522,7 @@
           "shape":"LaunchProfile",
           "documentation":"<p>The launch profile.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteStreamingImageRequest":{
       "type":"structure",
@@ -1579,8 +1559,7 @@
           "shape":"StreamingImage",
           "documentation":"<p>The streaming image.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteStreamingSessionRequest":{
       "type":"structure",
@@ -1617,8 +1596,7 @@
           "shape":"StreamingSession",
           "documentation":"<p>The session.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteStudioComponentRequest":{
       "type":"structure",
@@ -1655,8 +1633,7 @@
           "shape":"StudioComponent",
           "documentation":"<p>Information about the studio component.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteStudioMemberRequest":{
       "type":"structure",
@@ -1689,8 +1666,7 @@
     "DeleteStudioMemberResponse":{
       "type":"structure",
       "members":{
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "DeleteStudioRequest":{
       "type":"structure",
@@ -1719,26 +1695,17 @@
           "shape":"Studio",
           "documentation":"<p>Information about a studio.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
-    },
-    "DirectoryId":{
-      "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
+    "DirectoryId":{"type":"string"},
     "EC2ImageId":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "pattern":"^ami-[0-9A-z]+$"
     },
-    "EC2SubnetId":{
-      "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
-    },
+    "EC2SubnetId":{"type":"string"},
     "EC2SubnetIdList":{
       "type":"list",
       "member":{"shape":"EC2SubnetId"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":6,
       "min":0
     },
@@ -1803,8 +1770,7 @@
     },
     "EulaAcceptanceList":{
       "type":"list",
-      "member":{"shape":"EulaAcceptance"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"EulaAcceptance"}
     },
     "EulaId":{
       "type":"string",
@@ -1815,17 +1781,14 @@
     },
     "EulaIdList":{
       "type":"list",
-      "member":{"shape":"String"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"String"}
     },
     "EulaList":{
       "type":"list",
-      "member":{"shape":"Eula"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"Eula"}
     },
     "EulaName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":0
     },
@@ -1854,8 +1817,7 @@
           "shape":"Eula",
           "documentation":"<p>The EULA.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetLaunchProfileDetailsRequest":{
       "type":"structure",
@@ -1893,8 +1855,7 @@
           "shape":"StudioComponentSummaryList",
           "documentation":"<p>A collection of studio component summaries.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetLaunchProfileInitializationRequest":{
       "type":"structure",
@@ -1945,8 +1906,7 @@
           "shape":"LaunchProfileInitialization",
           "documentation":"<p>The launch profile initialization.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetLaunchProfileMemberRequest":{
       "type":"structure",
@@ -1983,8 +1943,7 @@
           "shape":"LaunchProfileMembership",
           "documentation":"<p>The member.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetLaunchProfileRequest":{
       "type":"structure",
@@ -2014,8 +1973,7 @@
           "shape":"LaunchProfile",
           "documentation":"<p>The launch profile.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStreamingImageRequest":{
       "type":"structure",
@@ -2045,8 +2003,7 @@
           "shape":"StreamingImage",
           "documentation":"<p>The streaming image.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStreamingSessionRequest":{
       "type":"structure",
@@ -2076,8 +2033,7 @@
           "shape":"StreamingSession",
           "documentation":"<p>The session.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStreamingSessionStreamRequest":{
       "type":"structure",
@@ -2114,8 +2070,7 @@
           "shape":"StreamingSessionStream",
           "documentation":"<p>The stream.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStudioComponentRequest":{
       "type":"structure",
@@ -2145,8 +2100,7 @@
           "shape":"StudioComponent",
           "documentation":"<p>Information about the studio component.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStudioMemberRequest":{
       "type":"structure",
@@ -2176,8 +2130,7 @@
           "shape":"StudioMembership",
           "documentation":"<p>The member.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "GetStudioRequest":{
       "type":"structure",
@@ -2199,8 +2152,7 @@
           "shape":"Studio",
           "documentation":"<p>Information about a studio.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "InternalServerErrorException":{
       "type":"structure",
@@ -2290,6 +2242,10 @@
         "updatedBy":{
           "shape":"String",
           "documentation":"<p>The user ID of the user that most recently updated the resource.</p>"
+        },
+        "validationResults":{
+          "shape":"ValidationResults",
+          "documentation":"<p>The list of the latest validation results.</p>"
         }
       },
       "documentation":"<p>A launch profile controls your artist workforce’s access to studio components, like compute farms, shared file systems, managed file systems, and license server configurations, as well as instance types and Amazon Machine Images (AMIs). </p> <pre><code> &lt;p&gt;Studio administrators create launch profiles in the Nimble Studio console. Artists can use their launch profiles to launch an instance from the Nimble Studio portal. Each user’s launch profile defines how they can launch a streaming session. By default, studio admins can use all launch profiles.&lt;/p&gt; </code></pre>"
@@ -2303,7 +2259,6 @@
     },
     "LaunchProfileId":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":22,
       "min":0,
       "pattern":"^[a-zA-Z0-9-_]*$"
@@ -2348,7 +2303,7 @@
           "documentation":"<p>The user initializtion scripts.</p>"
         }
       },
-      "documentation":"<p>A Launch Profile Initialization contains information required for a workstation or server to connect to a launch profile</p> <p>This includes scripts, endpoints, security groups, subnets, and other configuration.</p>"
+      "documentation":"<p>A Launch Profile Initialization contains information required for a workstation or server to connect to a launch profile.</p> <p>This includes scripts, endpoints, security groups, subnets, and other configuration.</p>"
     },
     "LaunchProfileInitializationActiveDirectory":{
       "type":"structure",
@@ -2382,7 +2337,7 @@
           "documentation":"<p>The name for the studio component.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>The Launch Profile Initialization Active Directory contains information required for the launch profile to connect to the Active Directory.</p>"
     },
     "LaunchProfileInitializationScript":{
       "type":"structure",
@@ -2400,17 +2355,15 @@
           "documentation":"<p>The name for the studio component.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>The Launch Profile Initialization Script is used when start streaming session runs.</p>"
     },
     "LaunchProfileInitializationScriptList":{
       "type":"list",
-      "member":{"shape":"LaunchProfileInitializationScript"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"LaunchProfileInitializationScript"}
     },
     "LaunchProfileList":{
       "type":"list",
-      "member":{"shape":"LaunchProfile"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"LaunchProfile"}
     },
     "LaunchProfileMembership":{
       "type":"structure",
@@ -2432,30 +2385,26 @@
           "documentation":"<p>The Active Directory Security Identifier for this user, if available.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>Launch profile membership enables your studio admins to delegate launch profile access to other studio users in the Nimble Studio portal without needing to write or maintain complex IAM policies. A launch profile member is a user association from your studio identity source who is granted permissions to a launch profile.</p> <p>A launch profile member (type USER) provides the following permissions to that launch profile:</p> <ul> <li> <p>GetLaunchProfile</p> </li> <li> <p>GetLaunchProfileInitialization</p> </li> <li> <p>GetLaunchProfileMembers</p> </li> <li> <p>GetLaunchProfileMember</p> </li> <li> <p>CreateStreamingSession</p> </li> <li> <p>GetLaunchProfileDetails</p> </li> </ul>"
     },
     "LaunchProfileMembershipList":{
       "type":"list",
       "member":{"shape":"LaunchProfileMembership"},
-      "documentation":"<p/>",
       "max":20,
       "min":0
     },
     "LaunchProfileName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":1,
       "sensitive":true
     },
     "LaunchProfilePersona":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":["USER"]
     },
     "LaunchProfilePlatform":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "LINUX",
         "WINDOWS"
@@ -2470,18 +2419,15 @@
     },
     "LaunchProfileProtocolVersionList":{
       "type":"list",
-      "member":{"shape":"LaunchProfileProtocolVersion"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"LaunchProfileProtocolVersion"}
     },
     "LaunchProfileSecurityGroupIdList":{
       "type":"list",
       "member":{"shape":"SecurityGroupId"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "min":1
     },
     "LaunchProfileState":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "CREATE_IN_PROGRESS",
         "READY",
@@ -2493,9 +2439,12 @@
         "UPDATE_FAILED"
       ]
     },
+    "LaunchProfileStateList":{
+      "type":"list",
+      "member":{"shape":"LaunchProfileState"}
+    },
     "LaunchProfileStatusCode":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "LAUNCH_PROFILE_CREATED",
         "LAUNCH_PROFILE_UPDATED",
@@ -2515,10 +2464,43 @@
     "LaunchProfileStudioComponentIdList":{
       "type":"list",
       "member":{"shape":"String"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":100,
       "min":1
     },
+    "LaunchProfileValidationState":{
+      "type":"string",
+      "enum":[
+        "VALIDATION_NOT_STARTED",
+        "VALIDATION_IN_PROGRESS",
+        "VALIDATION_SUCCESS",
+        "VALIDATION_FAILED",
+        "VALIDATION_FAILED_INTERNAL_SERVER_ERROR"
+      ]
+    },
+    "LaunchProfileValidationStatusCode":{
+      "type":"string",
+      "enum":[
+        "VALIDATION_NOT_STARTED",
+        "VALIDATION_IN_PROGRESS",
+        "VALIDATION_SUCCESS",
+        "VALIDATION_FAILED_INVALID_SUBNET_ROUTE_TABLE_ASSOCIATION",
+        "VALIDATION_FAILED_SUBNET_NOT_FOUND",
+        "VALIDATION_FAILED_INVALID_SECURITY_GROUP_ASSOCIATION",
+        "VALIDATION_FAILED_INVALID_ACTIVE_DIRECTORY",
+        "VALIDATION_FAILED_UNAUTHORIZED",
+        "VALIDATION_FAILED_INTERNAL_SERVER_ERROR"
+      ]
+    },
+    "LaunchProfileValidationStatusMessage":{"type":"string"},
+    "LaunchProfileValidationType":{
+      "type":"string",
+      "enum":[
+        "VALIDATE_ACTIVE_DIRECTORY_STUDIO_COMPONENT",
+        "VALIDATE_SUBNET_ASSOCIATION",
+        "VALIDATE_NETWORK_ACL_ASSOCIATION",
+        "VALIDATE_SECURITY_GROUP_ASSOCIATION"
+      ]
+    },
     "LaunchPurpose":{
       "type":"string",
       "documentation":"<p>The launch purpose.</p>",
@@ -2538,7 +2520,6 @@
     },
     "LinuxMountPoint":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":128,
       "min":0,
       "pattern":"^(/?|(\\$HOME)?(/[^/\\n\\s\\\\]+)*)$",
@@ -2579,8 +2560,7 @@
           "shape":"String",
           "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
         }
-      },
-      "documentation":"<p/>"
+      }
     },
     "ListEulasRequest":{
       "type":"structure",
@@ -2610,8 +2590,7 @@
           "shape":"String",
           "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListLaunchProfileMembersRequest":{
       "type":"structure",
@@ -2657,8 +2636,7 @@
           "shape":"String",
           "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListLaunchProfilesRequest":{
       "type":"structure",
@@ -2683,7 +2661,7 @@
           "locationName":"principalId"
         },
         "states":{
-          "shape":"StringList",
+          "shape":"LaunchProfileStateList",
           "documentation":"<p>Filter this request to launch profiles in any of the given states.</p>",
           "location":"querystring",
           "locationName":"states"
@@ -2707,8 +2685,7 @@
           "shape":"String",
           "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListStreamingImagesRequest":{
       "type":"structure",
@@ -2745,8 +2722,7 @@
           "shape":"StreamingImageList",
           "documentation":"<p>A collection of streaming images.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListStreamingSessionsRequest":{
       "type":"structure",
@@ -2795,8 +2771,7 @@
           "shape":"StreamingSessionList",
           "documentation":"<p>A collection of streaming sessions.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListStudioComponentsRequest":{
       "type":"structure",
@@ -2815,7 +2790,7 @@
           "locationName":"nextToken"
         },
         "states":{
-          "shape":"StringList",
+          "shape":"StudioComponentStateList",
           "documentation":"<p>Filters the request to studio components that are in one of the given states. </p>",
           "location":"querystring",
           "locationName":"states"
@@ -2827,7 +2802,7 @@
           "locationName":"studioId"
         },
         "types":{
-          "shape":"StringList",
+          "shape":"StudioComponentTypeList",
           "documentation":"<p>Filters the request to studio components that are of one of the given types.</p>",
           "location":"querystring",
           "locationName":"types"
@@ -2845,8 +2820,7 @@
           "shape":"StudioComponentList",
           "documentation":"<p>A collection of studio components.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListStudioMembersRequest":{
       "type":"structure",
@@ -2877,14 +2851,13 @@
       "members":{
         "members":{
           "shape":"StudioMembershipList",
-          "documentation":"<p>A list of members.</p>"
+          "documentation":"<p>A list of admin members.</p>"
         },
         "nextToken":{
           "shape":"String",
           "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListStudiosRequest":{
       "type":"structure",
@@ -2909,8 +2882,7 @@
           "shape":"StudioList",
           "documentation":"<p>A collection of studios.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ListTagsForResourceRequest":{
       "type":"structure",
@@ -2931,8 +2903,7 @@
           "shape":"Tags",
           "documentation":"<p>A collection of labels, in the form of key:value pairs, that apply to this resource.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "MaxResults":{
       "type":"integer",
@@ -2955,12 +2926,11 @@
           "documentation":"<p>The principal ID.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>A new member that is added to a launch profile.</p>"
     },
     "NewLaunchProfileMemberList":{
       "type":"list",
       "member":{"shape":"NewLaunchProfileMember"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":20,
       "min":1
     },
@@ -2980,12 +2950,11 @@
           "documentation":"<p>The principal ID.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>A new studio user's membership.</p>"
     },
     "NewStudioMemberList":{
       "type":"list",
       "member":{"shape":"NewStudioMember"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":20,
       "min":1
     },
@@ -3025,8 +2994,7 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "PutLaunchProfileMembersResponse":{
       "type":"structure",
@@ -3062,18 +3030,15 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "PutStudioMembersResponse":{
       "type":"structure",
       "members":{
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "Region":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":50,
       "min":0,
       "pattern":"[a-z]{2}-?(iso|gov)?-{1}[a-z]*-{1}[0-9]"
@@ -3128,10 +3093,7 @@
       "max":256,
       "min":1
     },
-    "SecurityGroupId":{
-      "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
-    },
+    "SecurityGroupId":{"type":"string"},
     "ServiceQuotaExceededException":{
       "type":"structure",
       "members":{
@@ -3242,8 +3204,7 @@
           "shape":"Studio",
           "documentation":"<p>Information about a studio.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "StopStreamingSessionRequest":{
       "type":"structure",
@@ -3301,7 +3262,11 @@
         },
         "maxStoppedSessionLengthInMinutes":{
           "shape":"StreamConfigurationMaxStoppedSessionLengthInMinutes",
-          "documentation":"<p>Integer that determines if you can start and stop your sessions and how long a session can stay in the STOPPED state. The default value is 0. The maximum value is 5760.</p> <p>If the value is missing or set to 0, your sessions can’t be stopped. If you then call StopStreamingSession, the session fails. If the time that a session stays in the READY state exceeds the maxSessionLengthInMinutes value, the session will automatically be terminated by AWS (instead of stopped).</p> <p>If the value is set to a positive number, the session can be stopped. You can call StopStreamingSession to stop sessions in the READY state. If the time that a session stays in the READY state exceeds the maxSessionLengthInMinutes value, the session will automatically be stopped by AWS (instead of terminated).</p>"
+          "documentation":"<p>Integer that determines if you can start and stop your sessions and how long a session can stay in the STOPPED state. The default value is 0. The maximum value is 5760.</p> <p>If the value is missing or set to 0, your sessions can’t be stopped. If you then call <code>StopStreamingSession</code>, the session fails. If the time that a session stays in the READY state exceeds the <code>maxSessionLengthInMinutes</code> value, the session will automatically be terminated by AWS (instead of stopped).</p> <p>If the value is set to a positive number, the session can be stopped. You can call <code>StopStreamingSession</code> to stop sessions in the READY state. If the time that a session stays in the READY state exceeds the <code>maxSessionLengthInMinutes</code> value, the session will automatically be stopped by AWS (instead of terminated).</p>"
+        },
+        "sessionStorage":{
+          "shape":"StreamConfigurationSessionStorage",
+          "documentation":"<p>(Optional) The upload storage for a streaming session.</p>"
         },
         "streamingImageIds":{
           "shape":"StreamingImageIdList",
@@ -3332,7 +3297,11 @@
         },
         "maxStoppedSessionLengthInMinutes":{
           "shape":"StreamConfigurationMaxStoppedSessionLengthInMinutes",
-          "documentation":"<p>The length of time, in minutes, that a streaming session can be active before it is stopped or terminated. After this point, Nimble Studio automatically terminates or stops the session. The default length of time is 690 minutes, and the maximum length of time is 30 days.</p>"
+          "documentation":"<p>Integer that determines if you can start and stop your sessions and how long a session can stay in the STOPPED state. The default value is 0. The maximum value is 5760.</p> <p>If the value is missing or set to 0, your sessions can’t be stopped. If you then call <code>StopStreamingSession</code>, the session fails. If the time that a session stays in the READY state exceeds the <code>maxSessionLengthInMinutes</code> value, the session will automatically be terminated by AWS (instead of stopped).</p> <p>If the value is set to a positive number, the session can be stopped. You can call <code>StopStreamingSession</code> to stop sessions in the READY state. If the time that a session stays in the READY state exceeds the <code>maxSessionLengthInMinutes</code> value, the session will automatically be stopped by AWS (instead of terminated).</p>"
+        },
+        "sessionStorage":{
+          "shape":"StreamConfigurationSessionStorage",
+          "documentation":"<p>(Optional) The upload storage for a streaming workstation that is created using this launch profile.</p>"
         },
         "streamingImageIds":{
           "shape":"StreamingImageIdList",
@@ -3343,7 +3312,6 @@
     },
     "StreamConfigurationMaxSessionLengthInMinutes":{
       "type":"integer",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":43200,
       "min":1
     },
@@ -3352,9 +3320,23 @@
       "max":5760,
       "min":0
     },
+    "StreamConfigurationSessionStorage":{
+      "type":"structure",
+      "required":["mode"],
+      "members":{
+        "mode":{
+          "shape":"StreamingSessionStorageModeList",
+          "documentation":"<p>Allows artists to upload files to their workstations. The only valid option is <code>UPLOAD</code>.</p>"
+        },
+        "root":{
+          "shape":"StreamingSessionStorageRoot",
+          "documentation":"<p>The configuration for the upload storage root of the streaming session.</p>"
+        }
+      },
+      "documentation":"<p>The configuration for a streaming session’s upload storage.</p>"
+    },
     "StreamingClipboardMode":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "ENABLED",
         "DISABLED"
@@ -3435,18 +3417,15 @@
     },
     "StreamingImageEncryptionConfigurationKeyArn":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "min":4,
       "pattern":"^arn:.*"
     },
     "StreamingImageEncryptionConfigurationKeyType":{
       "type":"string",
-      "documentation":"<p/>",
       "enum":["CUSTOMER_MANAGED_KEY"]
     },
     "StreamingImageId":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":22,
       "min":0,
       "pattern":"^[a-zA-Z0-9-_]*$"
@@ -3460,8 +3439,7 @@
     },
     "StreamingImageList":{
       "type":"list",
-      "member":{"shape":"StreamingImage"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"StreamingImage"}
     },
     "StreamingImageOwner":{
       "type":"string",
@@ -3474,7 +3452,6 @@
     },
     "StreamingImageState":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "CREATE_IN_PROGRESS",
         "READY",
@@ -3495,12 +3472,12 @@
         "STREAMING_IMAGE_DELETE_IN_PROGRESS",
         "STREAMING_IMAGE_DELETED",
         "STREAMING_IMAGE_UPDATE_IN_PROGRESS",
-        "INTERNAL_ERROR"
+        "INTERNAL_ERROR",
+        "ACCESS_DENIED"
       ]
     },
     "StreamingInstanceType":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "g4dn.xlarge",
         "g4dn.2xlarge",
@@ -3542,7 +3519,7 @@
         },
         "ownedBy":{
           "shape":"String",
-          "documentation":"<p>The user ID of the user that owns the streaming session.</p>"
+          "documentation":"<p>The user ID of the user that owns the streaming session. The user that owns the session will be logging into the session and interacting with the virtual workstation.</p>"
         },
         "sessionId":{
           "shape":"StreamingSessionId",
@@ -3603,14 +3580,10 @@
       },
       "documentation":"<p>A streaming session is a virtual workstation created using a particular launch profile.</p>"
     },
-    "StreamingSessionId":{
-      "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
-    },
+    "StreamingSessionId":{"type":"string"},
     "StreamingSessionList":{
       "type":"list",
-      "member":{"shape":"StreamingSession"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"StreamingSession"}
     },
     "StreamingSessionState":{
       "type":"string",
@@ -3631,7 +3604,6 @@
     },
     "StreamingSessionStatusCode":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "STREAMING_SESSION_READY",
         "STREAMING_SESSION_DELETED",
@@ -3647,9 +3619,47 @@
         "STREAMING_SESSION_STOPPED",
         "STREAMING_SESSION_STARTED",
         "STREAMING_SESSION_STOP_IN_PROGRESS",
-        "STREAMING_SESSION_START_IN_PROGRESS"
+        "STREAMING_SESSION_START_IN_PROGRESS",
+        "AMI_VALIDATION_ERROR"
       ]
     },
+    "StreamingSessionStorageMode":{
+      "type":"string",
+      "enum":["UPLOAD"]
+    },
+    "StreamingSessionStorageModeList":{
+      "type":"list",
+      "member":{"shape":"StreamingSessionStorageMode"},
+      "min":1
+    },
+    "StreamingSessionStorageRoot":{
+      "type":"structure",
+      "members":{
+        "linux":{
+          "shape":"StreamingSessionStorageRootPathLinux",
+          "documentation":"<p>The folder path in Linux workstations where files are uploaded.</p>"
+        },
+        "windows":{
+          "shape":"StreamingSessionStorageRootPathWindows",
+          "documentation":"<p>The folder path in Windows workstations where files are uploaded.</p>"
+        }
+      },
+      "documentation":"<p>The upload storage root location (folder) on streaming workstations where files are uploaded.</p>"
+    },
+    "StreamingSessionStorageRootPathLinux":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(\\$HOME|/)[/]?([A-Za-z0-9-_]+/)*([A-Za-z0-9_-]+)$",
+      "sensitive":true
+    },
+    "StreamingSessionStorageRootPathWindows":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^((\\%HOMEPATH\\%)|[a-zA-Z]:)[\\\\/](?:[a-zA-Z0-9_-]+[\\\\/])*[a-zA-Z0-9_-]+$",
+      "sensitive":true
+    },
     "StreamingSessionStream":{
       "type":"structure",
       "members":{
@@ -3667,7 +3677,7 @@
         },
         "ownedBy":{
           "shape":"String",
-          "documentation":"<p>The user ID of the user that owns the streaming session.</p>"
+          "documentation":"<p>The user ID of the user that owns the streaming session. The user that owns the session will be logging into the session and interacting with the virtual workstation.</p>"
         },
         "state":{
           "shape":"StreamingSessionStreamState",
@@ -3690,13 +3700,11 @@
     },
     "StreamingSessionStreamExpirationInSeconds":{
       "type":"integer",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":3600,
       "min":60
     },
     "StreamingSessionStreamState":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "READY",
         "CREATE_IN_PROGRESS",
@@ -3708,7 +3716,6 @@
     },
     "StreamingSessionStreamStatusCode":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "STREAM_CREATE_IN_PROGRESS",
         "STREAM_READY",
@@ -3896,14 +3903,12 @@
     },
     "StudioComponentDescription":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":256,
       "min":0,
       "sensitive":true
     },
     "StudioComponentId":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":22,
       "min":0,
       "pattern":"^[a-zA-Z0-9-_]*$"
@@ -3932,19 +3937,16 @@
     },
     "StudioComponentInitializationScriptContent":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":5120,
       "min":1,
       "sensitive":true
     },
     "StudioComponentInitializationScriptList":{
       "type":"list",
-      "member":{"shape":"StudioComponentInitializationScript"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"StudioComponentInitializationScript"}
     },
     "StudioComponentInitializationScriptRunContext":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "SYSTEM_INITIALIZATION",
         "USER_INITIALIZATION"
@@ -3953,13 +3955,11 @@
     "StudioComponentList":{
       "type":"list",
       "member":{"shape":"StudioComponent"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":50,
       "min":0
     },
     "StudioComponentName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":0,
       "sensitive":true
@@ -3967,7 +3967,6 @@
     "StudioComponentScriptParameterKeyValueList":{
       "type":"list",
       "member":{"shape":"ScriptParameterKeyValue"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":30,
       "min":0,
       "sensitive":true
@@ -3975,9 +3974,8 @@
     "StudioComponentSecurityGroupIdList":{
       "type":"list",
       "member":{"shape":"SecurityGroupId"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":30,
-      "min":1
+      "min":0
     },
     "StudioComponentState":{
       "type":"string",
@@ -3993,6 +3991,10 @@
         "UPDATE_FAILED"
       ]
     },
+    "StudioComponentStateList":{
+      "type":"list",
+      "member":{"shape":"StudioComponentState"}
+    },
     "StudioComponentStatusCode":{
       "type":"string",
       "documentation":"<p>The current status of the studio component resource.</p> <p>When the resource is in the 'READY' state, the status code signals what the last mutation made to the resource was.</p> <p>When the resource is in a CREATE_FAILED/UPDATE_FAILED/DELETE_FAILED state, the status code signals what went wrong and why the mutation failed.</p>",
@@ -4011,7 +4013,6 @@
     },
     "StudioComponentSubtype":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "AWS_MANAGED_MICROSOFT_AD",
         "AMAZON_FSX_FOR_WINDOWS",
@@ -4059,16 +4060,14 @@
           "documentation":"<p>The user ID of the user that most recently updated the resource.</p>"
         }
       },
-      "documentation":"<p/>"
+      "documentation":"<p>The studio component's summary.</p>"
     },
     "StudioComponentSummaryList":{
       "type":"list",
-      "member":{"shape":"StudioComponentSummary"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"StudioComponentSummary"}
     },
     "StudioComponentType":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "ACTIVE_DIRECTORY",
         "SHARED_FILE_SYSTEM",
@@ -4077,6 +4076,10 @@
         "CUSTOM"
       ]
     },
+    "StudioComponentTypeList":{
+      "type":"list",
+      "member":{"shape":"StudioComponentType"}
+    },
     "StudioEncryptionConfiguration":{
       "type":"structure",
       "required":["keyType"],
@@ -4108,8 +4111,7 @@
     },
     "StudioList":{
       "type":"list",
-      "member":{"shape":"Studio"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "member":{"shape":"Studio"}
     },
     "StudioMembership":{
       "type":"structure",
@@ -4136,25 +4138,21 @@
     "StudioMembershipList":{
       "type":"list",
       "member":{"shape":"StudioMembership"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":20,
       "min":0
     },
     "StudioName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":3,
       "pattern":"^[a-z0-9]*$"
     },
     "StudioPersona":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":["ADMINISTRATOR"]
     },
     "StudioState":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "enum":[
         "CREATE_IN_PROGRESS",
         "READY",
@@ -4210,7 +4208,6 @@
     },
     "SyntheticCreateStudioRequestStudioDisplayName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":0,
       "sensitive":true
@@ -4243,7 +4240,6 @@
     },
     "SyntheticStudioStudioDisplayName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":0,
       "sensitive":true
@@ -4264,7 +4260,6 @@
     },
     "SyntheticUpdateStudioRequestStudioDisplayName":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "max":64,
       "min":0,
       "sensitive":true
@@ -4283,8 +4278,7 @@
           "shape":"Tags",
           "documentation":"<p>A collection of labels, in the form of key:value pairs, that apply to this resource.</p>"
         }
-      },
-      "documentation":"<p/>"
+      }
     },
     "TagResourceResponse":{
       "type":"structure",
@@ -4294,8 +4288,7 @@
     "Tags":{
       "type":"map",
       "key":{"shape":"String"},
-      "value":{"shape":"String"},
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      "value":{"shape":"String"}
     },
     "ThrottlingException":{
       "type":"structure",
@@ -4323,7 +4316,6 @@
     },
     "Timestamp":{
       "type":"timestamp",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "timestampFormat":"iso8601"
     },
     "UntagResourceRequest":{
@@ -4390,8 +4382,7 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<p/>"
+      }
     },
     "UpdateLaunchProfileMemberResponse":{
       "type":"structure",
@@ -4448,8 +4439,7 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateLaunchProfileResponse":{
       "type":"structure",
@@ -4458,8 +4448,7 @@
           "shape":"LaunchProfile",
           "documentation":"<p>The launch profile.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateStreamingImageRequest":{
       "type":"structure",
@@ -4495,18 +4484,13 @@
           "location":"uri",
           "locationName":"studioId"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateStreamingImageResponse":{
       "type":"structure",
       "members":{
-        "streamingImage":{
-          "shape":"StreamingImage",
-          "documentation":"<p/>"
-        }
-      },
-      "documentation":"<p/>"
+        "streamingImage":{"shape":"StreamingImage"}
+      }
     },
     "UpdateStudioComponentRequest":{
       "type":"structure",
@@ -4566,8 +4550,7 @@
           "shape":"StudioComponentType",
           "documentation":"<p>The type of the studio component.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateStudioComponentResponse":{
       "type":"structure",
@@ -4576,8 +4559,7 @@
           "shape":"StudioComponent",
           "documentation":"<p>Information about the studio component.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateStudioRequest":{
       "type":"structure",
@@ -4608,8 +4590,7 @@
           "shape":"String",
           "documentation":"<p>The IAM role that Studio Users will assume when logging in to the Nimble Studio portal.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "UpdateStudioResponse":{
       "type":"structure",
@@ -4619,8 +4600,7 @@
           "shape":"Studio",
           "documentation":"<p>Information about a studio.</p>"
         }
-      },
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>"
+      }
     },
     "ValidationException":{
       "type":"structure",
@@ -4645,9 +4625,40 @@
       },
       "exception":true
     },
+    "ValidationResult":{
+      "type":"structure",
+      "required":[
+        "state",
+        "statusCode",
+        "statusMessage",
+        "type"
+      ],
+      "members":{
+        "state":{
+          "shape":"LaunchProfileValidationState",
+          "documentation":"<p>The current state.</p>"
+        },
+        "statusCode":{
+          "shape":"LaunchProfileValidationStatusCode",
+          "documentation":"<p>The status code. This will contain the failure reason if the state is <code>VALIDATION_FAILED</code>.</p>"
+        },
+        "statusMessage":{
+          "shape":"LaunchProfileValidationStatusMessage",
+          "documentation":"<p>The status message for the validation result.</p>"
+        },
+        "type":{
+          "shape":"LaunchProfileValidationType",
+          "documentation":"<p>The type of the validation result.</p>"
+        }
+      },
+      "documentation":"<p>The launch profile validation result.</p>"
+    },
+    "ValidationResults":{
+      "type":"list",
+      "member":{"shape":"ValidationResult"}
+    },
     "WindowsMountDrive":{
       "type":"string",
-      "documentation":"<zonbook></zonbook><xhtml></xhtml>",
       "pattern":"^[A-Z]$"
     }
   },
diff --git a/contrib/python/botocore/py3/botocore/data/opensearch/2021-01-01/service-2.json b/contrib/python/botocore/py3/botocore/data/opensearch/2021-01-01/service-2.json
index 01f0384d2b7..54fa3aa69c2 100644
--- a/contrib/python/botocore/py3/botocore/data/opensearch/2021-01-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/opensearch/2021-01-01/service-2.json
@@ -222,6 +222,22 @@
       ],
       "documentation":"<p>Provides scheduled Auto-Tune action details for the domain, such as Auto-Tune action type, description, severity, and scheduled date. </p>"
     },
+    "DescribeDomainChangeProgress":{
+      "name":"DescribeDomainChangeProgress",
+      "http":{
+        "method":"GET",
+        "requestUri":"/2021-01-01/opensearch/domain/{DomainName}/progress"
+      },
+      "input":{"shape":"DescribeDomainChangeProgressRequest"},
+      "output":{"shape":"DescribeDomainChangeProgressResponse"},
+      "errors":[
+        {"shape":"BaseException"},
+        {"shape":"InternalException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Returns information about the current blue/green deployment happening on a domain, including a change ID, status, and progress stages.</p>"
+    },
     "DescribeDomainConfig":{
       "name":"DescribeDomainConfig",
       "http":{
@@ -786,6 +802,14 @@
         "SAMLOptions":{
           "shape":"SAMLOptionsOutput",
           "documentation":"<p>Describes the SAML application configured for a domain.</p>"
+        },
+        "AnonymousAuthDisableDate":{
+          "shape":"DisableTimestamp",
+          "documentation":"<p>Specifies the Anonymous Auth Disable Date when Anonymous Auth is enabled.</p>"
+        },
+        "AnonymousAuthEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.</p>"
         }
       },
       "documentation":"<p>The advanced security configuration: whether advanced security is enabled, whether the internal database option is enabled. </p>"
@@ -808,6 +832,10 @@
         "SAMLOptions":{
           "shape":"SAMLOptionsInput",
           "documentation":"<p>The SAML application configuration for the domain.</p>"
+        },
+        "AnonymousAuthEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>True if Anonymous auth is enabled. Anonymous auth can be enabled only when AdvancedSecurity is enabled on existing domains.</p>"
         }
       },
       "documentation":"<p>The advanced security configuration: whether advanced security is enabled, whether the internal database option is enabled, master username and password (if internal database is enabled), and master user ARN (if IAM is enabled). </p>"
@@ -1075,6 +1103,91 @@
       },
       "documentation":"<p>The result of a <code>CancelServiceSoftwareUpdate</code> operation. Contains the status of the update. </p>"
     },
+    "ChangeProgressDetails":{
+      "type":"structure",
+      "members":{
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The unique change identifier associated with a specific domain configuration change.</p>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Contains an optional message associated with the domain configuration change.</p>"
+        }
+      },
+      "documentation":"<p>Specifies change details of the domain configuration change.</p>"
+    },
+    "ChangeProgressStage":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"ChangeProgressStageName",
+          "documentation":"<p>The name of the specific progress stage.</p>"
+        },
+        "Status":{
+          "shape":"ChangeProgressStageStatus",
+          "documentation":"<p>The overall status of a specific progress stage.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the progress stage.</p>"
+        },
+        "LastUpdated":{
+          "shape":"LastUpdated",
+          "documentation":"<p>The last updated timestamp of the progress stage.</p>"
+        }
+      },
+      "documentation":"<p>A progress stage details of a specific domain configuration change.</p>"
+    },
+    "ChangeProgressStageList":{
+      "type":"list",
+      "member":{"shape":"ChangeProgressStage"},
+      "documentation":"<p>The list of progress stages of a specific domain configuration change.</p>"
+    },
+    "ChangeProgressStageName":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
+    "ChangeProgressStageStatus":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
+    "ChangeProgressStatusDetails":{
+      "type":"structure",
+      "members":{
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The unique change identifier associated with a specific domain configuration change.</p>"
+        },
+        "StartTime":{
+          "shape":"UpdateTimestamp",
+          "documentation":"<p>The time at which the configuration change is made on the domain.</p>"
+        },
+        "Status":{
+          "shape":"OverallChangeStatus",
+          "documentation":"<p>The overall status of the domain configuration change. This field can take the following values: <code>PENDING</code>, <code>PROCESSING</code>, <code>COMPLETED</code> and <code>FAILED</code></p>"
+        },
+        "PendingProperties":{
+          "shape":"StringList",
+          "documentation":"<p>The list of properties involved in the domain configuration change that are still in pending.</p>"
+        },
+        "CompletedProperties":{
+          "shape":"StringList",
+          "documentation":"<p>The list of properties involved in the domain configuration change that are completed.</p>"
+        },
+        "TotalNumberOfStages":{
+          "shape":"TotalNumberOfStages",
+          "documentation":"<p>The total number of stages required for the configuration change.</p>"
+        },
+        "ChangeProgressStages":{
+          "shape":"ChangeProgressStageList",
+          "documentation":"<p>The specific stages that the domain is going through to perform the configuration change.</p>"
+        }
+      },
+      "documentation":"<p>The progress details of a specific domain configuration change.</p>"
+    },
     "CloudWatchLogsLogGroupArn":{
       "type":"string",
       "documentation":"<p>ARN of the Cloudwatch log group to publish logs to.</p>",
@@ -1511,6 +1624,11 @@
         "ELIGIBLE"
       ]
     },
+    "DeploymentType":{
+      "type":"string",
+      "max":128,
+      "min":2
+    },
     "DescribeDomainAutoTunesRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1546,6 +1664,35 @@
       },
       "documentation":"<p>The result of a <code>DescribeDomainAutoTunes</code> request. See <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html\" target=\"_blank\"> Auto-Tune for Amazon OpenSearch Service </a> for more information. </p>"
     },
+    "DescribeDomainChangeProgressRequest":{
+      "type":"structure",
+      "required":["DomainName"],
+      "members":{
+        "DomainName":{
+          "shape":"DomainName",
+          "documentation":"<p>The domain you want to get the progress information about.</p>",
+          "location":"uri",
+          "locationName":"DomainName"
+        },
+        "ChangeId":{
+          "shape":"GUID",
+          "documentation":"<p>The specific change ID for which you want to get progress information. This is an optional parameter. If omitted, the service returns information about the most recent configuration change. </p>",
+          "location":"querystring",
+          "locationName":"changeid"
+        }
+      },
+      "documentation":"<p>Container for the parameters to the <code>DescribeDomainChangeProgress</code> operation. Specifies the domain name and optional change specific identity for which you want progress information. </p>"
+    },
+    "DescribeDomainChangeProgressResponse":{
+      "type":"structure",
+      "members":{
+        "ChangeProgressStatus":{
+          "shape":"ChangeProgressStatusDetails",
+          "documentation":"<p>Progress information for the configuration change that is requested in the <code>DescribeDomainChangeProgress</code> request. </p>"
+        }
+      },
+      "documentation":"<p>The result of a <code>DescribeDomainChangeProgress</code> request. Contains the progress information of the requested domain change. </p>"
+    },
     "DescribeDomainConfigRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1855,6 +2002,8 @@
       },
       "documentation":"<p>Container for results from <code>DescribeReservedInstances</code> </p>"
     },
+    "Description":{"type":"string"},
+    "DisableTimestamp":{"type":"timestamp"},
     "DisabledOperationException":{
       "type":"structure",
       "members":{
@@ -1953,6 +2102,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptionsStatus",
           "documentation":"<p>Specifies <code>AutoTuneOptions</code> for the domain. </p>"
+        },
+        "ChangeProgressDetails":{
+          "shape":"ChangeProgressDetails",
+          "documentation":"<p>Specifies change details of the domain configuration change.</p>"
         }
       },
       "documentation":"<p>The configuration of a domain.</p>"
@@ -2203,6 +2356,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptionsOutput",
           "documentation":"<p>The current status of the domain's Auto-Tune options.</p>"
+        },
+        "ChangeProgressDetails":{
+          "shape":"ChangeProgressDetails",
+          "documentation":"<p>Specifies change details of the domain configuration change.</p>"
         }
       },
       "documentation":"<p>The current status of a domain.</p>"
@@ -2213,6 +2370,20 @@
       "documentation":"<p>A list that contains the status of each requested domain.</p>"
     },
     "Double":{"type":"double"},
+    "DryRun":{"type":"boolean"},
+    "DryRunResults":{
+      "type":"structure",
+      "members":{
+        "DeploymentType":{
+          "shape":"DeploymentType",
+          "documentation":"<p> Specifies the way in which Amazon OpenSearch Service applies the update. Possible responses are <code>Blue/Green</code> (the update requires a blue/green deployment), <code>DynamicUpdate</code> (no blue/green required), <code>Undetermined</code> (the domain is undergoing an update and can't predict the deployment type; try again after the update is complete), and <code>None</code> (the request doesn't include any configuration changes). </p>"
+        },
+        "Message":{
+          "shape":"Message",
+          "documentation":"<p>Contains an optional message associated with the DryRunResults.</p>"
+        }
+      }
+    },
     "Duration":{
       "type":"structure",
       "members":{
@@ -2893,6 +3064,11 @@
       "type":"integer",
       "documentation":"<p> Maximum number of instances that can be instantiated for a given InstanceType. </p>"
     },
+    "Message":{
+      "type":"string",
+      "max":1024,
+      "min":0
+    },
     "MinimumInstanceCount":{
       "type":"integer",
       "documentation":"<p> Minimum number of instances that can be instantiated for a given InstanceType. </p>"
@@ -3142,6 +3318,16 @@
       "type":"list",
       "member":{"shape":"OutboundConnection"}
     },
+    "OverallChangeStatus":{
+      "type":"string",
+      "documentation":"<p>The overall status value of the domain configuration change.</p>",
+      "enum":[
+        "PENDING",
+        "PROCESSING",
+        "COMPLETED",
+        "FAILED"
+      ]
+    },
     "OwnerId":{
       "type":"string",
       "max":12,
@@ -3848,6 +4034,7 @@
       "documentation":"<p>The unit of a maintenance schedule duration. Valid value is HOUR. See <a href=\"https://docs.aws.amazon.com/opensearch-service/latest/developerguide/auto-tune.html\" target=\"_blank\"> Auto-Tune for Amazon OpenSearch Service </a> for more information. </p>",
       "enum":["HOURS"]
     },
+    "TotalNumberOfStages":{"type":"integer"},
     "UIntValue":{
       "type":"integer",
       "min":0
@@ -3913,6 +4100,10 @@
         "AutoTuneOptions":{
           "shape":"AutoTuneOptions",
           "documentation":"<p>Specifies Auto-Tune options.</p>"
+        },
+        "DryRun":{
+          "shape":"DryRun",
+          "documentation":"<p>This flag, when set to True, specifies whether the <code>UpdateDomain</code> request should return the results of validation checks (DryRunResults) without actually applying the change.</p>"
         }
       },
       "documentation":"<p>Container for the parameters to the <code> <a>UpdateDomain</a> </code> operation. Specifies the type and number of instances in the domain cluster. </p>"
@@ -3924,6 +4115,10 @@
         "DomainConfig":{
           "shape":"DomainConfig",
           "documentation":"<p>The status of the updated domain.</p>"
+        },
+        "DryRunResults":{
+          "shape":"DryRunResults",
+          "documentation":"<p>Contains result of DryRun. </p>"
         }
       },
       "documentation":"<p>The result of an <code>UpdateDomain</code> request. Contains the status of the domain being updated. </p>"
@@ -3995,7 +4190,8 @@
           "shape":"Boolean",
           "documentation":"<p> When true, indicates that an upgrade eligibility check needs to be performed. Does not actually perform the upgrade. </p>"
         },
-        "AdvancedOptions":{"shape":"AdvancedOptions"}
+        "AdvancedOptions":{"shape":"AdvancedOptions"},
+        "ChangeProgressDetails":{"shape":"ChangeProgressDetails"}
       },
       "documentation":"<p> Container for response returned by <code> <a>UpgradeDomain</a> </code> operation. </p>"
     },
diff --git a/contrib/python/botocore/py3/botocore/data/outposts/2019-12-03/service-2.json b/contrib/python/botocore/py3/botocore/data/outposts/2019-12-03/service-2.json
index 5f24c011932..dc36eeb451e 100644
--- a/contrib/python/botocore/py3/botocore/data/outposts/2019-12-03/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/outposts/2019-12-03/service-2.json
@@ -13,6 +13,23 @@
     "uid":"outposts-2019-12-03"
   },
   "operations":{
+    "CancelOrder":{
+      "name":"CancelOrder",
+      "http":{
+        "method":"POST",
+        "requestUri":"/orders/{OrderId}/cancel"
+      },
+      "input":{"shape":"CancelOrderInput"},
+      "output":{"shape":"CancelOrderOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"NotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Cancels an order for an Outpost. </p>"
+    },
     "CreateOrder":{
       "name":"CreateOrder",
       "http":{
@@ -49,6 +66,23 @@
       ],
       "documentation":"<p>Creates an Outpost.</p> <p>You can specify <code>AvailabilityZone</code> or <code>AvailabilityZoneId</code>.</p>"
     },
+    "CreateSite":{
+      "name":"CreateSite",
+      "http":{
+        "method":"POST",
+        "requestUri":"/sites"
+      },
+      "input":{"shape":"CreateSiteInput"},
+      "output":{"shape":"CreateSiteOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p> Creates a site for an Outpost. </p>"
+    },
     "DeleteOutpost":{
       "name":"DeleteOutpost",
       "http":{
@@ -83,6 +117,36 @@
       ],
       "documentation":"<p>Deletes the site.</p>"
     },
+    "GetCatalogItem":{
+      "name":"GetCatalogItem",
+      "http":{
+        "method":"GET",
+        "requestUri":"/catalog/item/{CatalogItemId}"
+      },
+      "input":{"shape":"GetCatalogItemInput"},
+      "output":{"shape":"GetCatalogItemOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"NotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets information about a catalog item.</p>"
+    },
+    "GetOrder":{
+      "name":"GetOrder",
+      "http":{
+        "method":"GET",
+        "requestUri":"/orders/{OrderId}"
+      },
+      "input":{"shape":"GetOrderInput"},
+      "output":{"shape":"GetOrderOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"NotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Gets an order.</p>"
+    },
     "GetOutpost":{
       "name":"GetOutpost",
       "http":{
@@ -115,6 +179,69 @@
       ],
       "documentation":"<p>Lists the instance types for the specified Outpost.</p>"
     },
+    "GetSite":{
+      "name":"GetSite",
+      "http":{
+        "method":"GET",
+        "requestUri":"/sites/{SiteId}"
+      },
+      "input":{"shape":"GetSiteInput"},
+      "output":{"shape":"GetSiteOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"NotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Gets information about the specified Outpost site. </p>"
+    },
+    "GetSiteAddress":{
+      "name":"GetSiteAddress",
+      "http":{
+        "method":"GET",
+        "requestUri":"/sites/{SiteId}/address"
+      },
+      "input":{"shape":"GetSiteAddressInput"},
+      "output":{"shape":"GetSiteAddressOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"NotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Gets the site address. </p>"
+    },
+    "ListCatalogItems":{
+      "name":"ListCatalogItems",
+      "http":{
+        "method":"GET",
+        "requestUri":"/catalog/items"
+      },
+      "input":{"shape":"ListCatalogItemsInput"},
+      "output":{"shape":"ListCatalogItemsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"NotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Use to create a list of every item in the catalog. Add filters to your request to return a more specific list of results. Use filters to match an item class, storage option, or EC2 family. </p> <p>If you specify multiple filters, the filters are joined with an <code>AND</code>, and the request returns only results that match all of the specified filters.</p>"
+    },
+    "ListOrders":{
+      "name":"ListOrders",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-orders"
+      },
+      "input":{"shape":"ListOrdersInput"},
+      "output":{"shape":"ListOrdersOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"NotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Create a list of the Outpost orders for your Amazon Web Services account. You can filter your request by Outpost to return a more specific list of results. </p>"
+    },
     "ListOutposts":{
       "name":"ListOutposts",
       "http":{
@@ -128,7 +255,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create a list of the Outposts for your AWS account. Add filters to your request to return a more specific list of results. Use filters to match an Outpost lifecycle status, Availibility Zone (<code>us-east-1a</code>), and AZ ID (<code>use1-az1</code>). </p> <p>If you specify multiple filters, the filters are joined with an <code>AND</code>, and the request returns only results that match all of the specified filters.</p>"
+      "documentation":"<p>Create a list of the Outposts for your Amazon Web Services account. Add filters to your request to return a more specific list of results. Use filters to match an Outpost lifecycle status, Availability Zone (<code>us-east-1a</code>), and AZ ID (<code>use1-az1</code>). </p> <p>If you specify multiple filters, the filters are joined with an <code>AND</code>, and the request returns only results that match all of the specified filters.</p>"
     },
     "ListSites":{
       "name":"ListSites",
@@ -143,7 +270,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Lists the sites for the specified AWS account.</p>"
+      "documentation":"<p>Lists the sites for your Amazon Web Services account.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -189,6 +316,74 @@
         {"shape":"NotFoundException"}
       ],
       "documentation":"<p>Removes tags from the specified resource.</p>"
+    },
+    "UpdateOutpost":{
+      "name":"UpdateOutpost",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/outposts/{OutpostId}"
+      },
+      "input":{"shape":"UpdateOutpostInput"},
+      "output":{"shape":"UpdateOutpostOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"NotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Updates an Outpost. </p>"
+    },
+    "UpdateSite":{
+      "name":"UpdateSite",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/sites/{SiteId}"
+      },
+      "input":{"shape":"UpdateSiteInput"},
+      "output":{"shape":"UpdateSiteOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"NotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Updates the site. </p>"
+    },
+    "UpdateSiteAddress":{
+      "name":"UpdateSiteAddress",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/sites/{SiteId}/address"
+      },
+      "input":{"shape":"UpdateSiteAddressInput"},
+      "output":{"shape":"UpdateSiteAddressOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"NotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p> Updates the site address. </p> <p> To update a site address with an order <code>IN_PROGRESS</code>, you must wait for the order to complete or cancel the order. </p> <p>You can update the operating address before you place an order at the site, or after all Outposts that belong to the site have been deactivated. </p>"
+    },
+    "UpdateSiteRackPhysicalProperties":{
+      "name":"UpdateSiteRackPhysicalProperties",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/sites/{SiteId}/rackPhysicalProperties"
+      },
+      "input":{"shape":"UpdateSiteRackPhysicalPropertiesInput"},
+      "output":{"shape":"UpdateSiteRackPhysicalPropertiesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"NotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Update the physical and logistical details for a rack at a site. For more information about hardware requirements for racks, see <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist\">Network readiness checklist</a> in the Amazon Web Services Outposts User Guide. </p> <p>To update a rack at a site with an order of <code>IN_PROGRESS</code>, you must wait for the order to complete or cancel the order.</p>"
     }
   },
   "shapes":{
@@ -203,11 +398,93 @@
     },
     "AccountId":{
       "type":"string",
-      "documentation":"<p>The ID of the AWS account.</p>",
+      "documentation":"<p>The ID of the Amazon Web Services account.</p>",
       "max":12,
       "min":12,
       "pattern":"\\d{12}"
     },
+    "Address":{
+      "type":"structure",
+      "required":[
+        "AddressLine1",
+        "City",
+        "StateOrRegion",
+        "PostalCode",
+        "CountryCode"
+      ],
+      "members":{
+        "ContactName":{
+          "shape":"ContactName",
+          "documentation":"<p>The name of the contact.</p>"
+        },
+        "ContactPhoneNumber":{
+          "shape":"ContactPhoneNumber",
+          "documentation":"<p>The phone number of the contact.</p>"
+        },
+        "AddressLine1":{
+          "shape":"AddressLine1",
+          "documentation":"<p>The first line of the address.</p>"
+        },
+        "AddressLine2":{
+          "shape":"AddressLine2",
+          "documentation":"<p>The second line of the address.</p>"
+        },
+        "AddressLine3":{
+          "shape":"AddressLine3",
+          "documentation":"<p>The third line of the address.</p>"
+        },
+        "City":{
+          "shape":"City",
+          "documentation":"<p>The city for the address.</p>"
+        },
+        "StateOrRegion":{
+          "shape":"StateOrRegion",
+          "documentation":"<p>The state for the address.</p>"
+        },
+        "DistrictOrCounty":{
+          "shape":"DistrictOrCounty",
+          "documentation":"<p>The district or county for the address.</p>"
+        },
+        "PostalCode":{
+          "shape":"PostalCode",
+          "documentation":"<p>The postal code for the address.</p>"
+        },
+        "CountryCode":{
+          "shape":"CountryCode",
+          "documentation":"<p>The ISO-3166 two-letter country code for the address.</p>"
+        },
+        "Municipality":{
+          "shape":"Municipality",
+          "documentation":"<p>The municipality for the address.</p>"
+        }
+      },
+      "documentation":"<p> Information about an address. </p>"
+    },
+    "AddressLine1":{
+      "type":"string",
+      "max":180,
+      "min":1,
+      "pattern":"^\\S[\\S ]*$"
+    },
+    "AddressLine2":{
+      "type":"string",
+      "max":60,
+      "min":0,
+      "pattern":"^\\S[\\S ]*$"
+    },
+    "AddressLine3":{
+      "type":"string",
+      "max":60,
+      "min":0,
+      "pattern":"^\\S[\\S ]*$"
+    },
+    "AddressType":{
+      "type":"string",
+      "enum":[
+        "SHIPPING_ADDRESS",
+        "OPERATING_ADDRESS"
+      ]
+    },
     "Arn":{
       "type":"string",
       "max":1011,
@@ -239,6 +516,93 @@
       "max":5,
       "min":1
     },
+    "CancelOrderInput":{
+      "type":"structure",
+      "required":["OrderId"],
+      "members":{
+        "OrderId":{
+          "shape":"OrderId",
+          "documentation":"<p> The ID of the order to cancel. </p>",
+          "location":"uri",
+          "locationName":"OrderId"
+        }
+      }
+    },
+    "CancelOrderOutput":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "CatalogItem":{
+      "type":"structure",
+      "members":{
+        "CatalogItemId":{
+          "shape":"SkuCode",
+          "documentation":"<p> The ID of the catalog item. </p>"
+        },
+        "ItemStatus":{
+          "shape":"CatalogItemStatus",
+          "documentation":"<p> The status of a catalog item. </p>"
+        },
+        "EC2Capacities":{
+          "shape":"EC2CapacityListDefinition",
+          "documentation":"<p> Information about the EC2 capacity of an item. </p>"
+        },
+        "PowerKva":{
+          "shape":"CatalogItemPowerKva",
+          "documentation":"<p> Information about the power draw of an item. </p>"
+        },
+        "WeightLbs":{
+          "shape":"CatalogItemWeightLbs",
+          "documentation":"<p> The weight of the item in pounds. </p>"
+        },
+        "SupportedUplinkGbps":{
+          "shape":"SupportedUplinkGbpsListDefinition",
+          "documentation":"<p> The uplink speed this catalog item requires for the connection to the Region. </p>"
+        },
+        "SupportedStorage":{
+          "shape":"SupportedStorageList",
+          "documentation":"<p> The supported storage options for the catalog item. </p>"
+        }
+      },
+      "documentation":"<p> Information about a catalog item. </p>"
+    },
+    "CatalogItemClass":{
+      "type":"string",
+      "enum":[
+        "RACK",
+        "SERVER"
+      ]
+    },
+    "CatalogItemClassList":{
+      "type":"list",
+      "member":{"shape":"CatalogItemClass"}
+    },
+    "CatalogItemListDefinition":{
+      "type":"list",
+      "member":{"shape":"CatalogItem"}
+    },
+    "CatalogItemPowerKva":{
+      "type":"float",
+      "box":true
+    },
+    "CatalogItemStatus":{
+      "type":"string",
+      "enum":[
+        "AVAILABLE",
+        "DISCONTINUED"
+      ]
+    },
+    "CatalogItemWeightLbs":{
+      "type":"integer",
+      "box":true
+    },
+    "City":{
+      "type":"string",
+      "max":50,
+      "min":1,
+      "pattern":"^\\S[\\S ]*$"
+    },
     "ConflictException":{
       "type":"structure",
       "members":{
@@ -256,6 +620,24 @@
       "error":{"httpStatusCode":409},
       "exception":true
     },
+    "ContactName":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^\\S[\\S ]*$"
+    },
+    "ContactPhoneNumber":{
+      "type":"string",
+      "max":20,
+      "min":1,
+      "pattern":"^[\\S ]+$"
+    },
+    "CountryCode":{
+      "type":"string",
+      "max":2,
+      "min":2,
+      "pattern":"^[A-Z]{2}$"
+    },
     "CreateOrderInput":{
       "type":"structure",
       "required":[
@@ -300,12 +682,19 @@
       "members":{
         "Name":{"shape":"OutpostName"},
         "Description":{"shape":"OutpostDescription"},
-        "SiteId":{"shape":"SiteId"},
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>"
+        },
         "AvailabilityZone":{"shape":"AvailabilityZone"},
         "AvailabilityZoneId":{"shape":"AvailabilityZoneId"},
         "Tags":{
           "shape":"TagMap",
           "documentation":"<p>The tags to apply to the Outpost.</p>"
+        },
+        "SupportedHardwareType":{
+          "shape":"SupportedHardwareType",
+          "documentation":"<p> The type of hardware for this Outpost. </p>"
         }
       }
     },
@@ -315,13 +704,47 @@
         "Outpost":{"shape":"Outpost"}
       }
     },
+    "CreateSiteInput":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{"shape":"SiteName"},
+        "Description":{"shape":"SiteDescription"},
+        "Notes":{
+          "shape":"SiteNotes",
+          "documentation":"<p>Additional information that you provide about site access requirements, electrician scheduling, personal protective equipment, or regulation of equipment materials that could affect your installation process. </p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p> The tags to apply to a site. </p>"
+        },
+        "OperatingAddress":{
+          "shape":"Address",
+          "documentation":"<p> The location to install and power on the hardware. This address might be different from the shipping address. </p>"
+        },
+        "ShippingAddress":{
+          "shape":"Address",
+          "documentation":"<p> The location to ship the hardware. This address might be different from the operating address. </p>"
+        },
+        "RackPhysicalProperties":{
+          "shape":"RackPhysicalProperties",
+          "documentation":"<p> Information about the physical and logistical details for the rack at this site. For more information about hardware requirements for racks, see <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist\">Network readiness checklist</a> in the Amazon Web Services Outposts User Guide. </p>"
+        }
+      }
+    },
+    "CreateSiteOutput":{
+      "type":"structure",
+      "members":{
+        "Site":{"shape":"Site"}
+      }
+    },
     "DeleteOutpostInput":{
       "type":"structure",
       "required":["OutpostId"],
       "members":{
         "OutpostId":{
           "shape":"OutpostId",
-          "documentation":"<p> The ID of the Outpost. </p>",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the Outpost. </p>",
           "location":"uri",
           "locationName":"OutpostId"
         }
@@ -338,6 +761,7 @@
       "members":{
         "SiteId":{
           "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
           "location":"uri",
           "locationName":"SiteId"
         }
@@ -348,19 +772,103 @@
       "members":{
       }
     },
+    "DistrictOrCounty":{
+      "type":"string",
+      "max":60,
+      "min":1,
+      "pattern":"^\\S[\\S ]*"
+    },
+    "EC2Capacity":{
+      "type":"structure",
+      "members":{
+        "Family":{
+          "shape":"Family",
+          "documentation":"<p> The family of the EC2 capacity. </p>"
+        },
+        "MaxSize":{
+          "shape":"MaxSize",
+          "documentation":"<p> The maximum size of the EC2 capacity. </p>"
+        },
+        "Quantity":{
+          "shape":"Quantity",
+          "documentation":"<p> The quantity of the EC2 capacity. </p>"
+        }
+      },
+      "documentation":"<p> Information about EC2 capacity. </p>"
+    },
+    "EC2CapacityListDefinition":{
+      "type":"list",
+      "member":{"shape":"EC2Capacity"}
+    },
+    "EC2FamilyList":{
+      "type":"list",
+      "member":{"shape":"Family"}
+    },
     "ErrorMessage":{
       "type":"string",
       "max":1000,
       "min":1,
       "pattern":"^[\\S \\n]+$"
     },
+    "Family":{
+      "type":"string",
+      "max":10,
+      "min":1,
+      "pattern":"[a-z0-9]+"
+    },
+    "FiberOpticCableType":{
+      "type":"string",
+      "enum":[
+        "SINGLE_MODE",
+        "MULTI_MODE"
+      ]
+    },
+    "GetCatalogItemInput":{
+      "type":"structure",
+      "required":["CatalogItemId"],
+      "members":{
+        "CatalogItemId":{
+          "shape":"SkuCode",
+          "documentation":"<p>The ID of the catalog item.</p>",
+          "location":"uri",
+          "locationName":"CatalogItemId"
+        }
+      }
+    },
+    "GetCatalogItemOutput":{
+      "type":"structure",
+      "members":{
+        "CatalogItem":{
+          "shape":"CatalogItem",
+          "documentation":"<p>Information about this catalog item.</p>"
+        }
+      }
+    },
+    "GetOrderInput":{
+      "type":"structure",
+      "required":["OrderId"],
+      "members":{
+        "OrderId":{
+          "shape":"OrderId",
+          "documentation":"<p>The ID of the order.</p>",
+          "location":"uri",
+          "locationName":"OrderId"
+        }
+      }
+    },
+    "GetOrderOutput":{
+      "type":"structure",
+      "members":{
+        "Order":{"shape":"Order"}
+      }
+    },
     "GetOutpostInput":{
       "type":"structure",
       "required":["OutpostId"],
       "members":{
         "OutpostId":{
           "shape":"OutpostId",
-          "documentation":"<p> The ID of the Outpost. </p>",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the Outpost. </p>",
           "location":"uri",
           "locationName":"OutpostId"
         }
@@ -372,7 +880,7 @@
       "members":{
         "OutpostId":{
           "shape":"OutpostId",
-          "documentation":"<p> The ID of the Outpost. </p>",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the Outpost. </p>",
           "location":"uri",
           "locationName":"OutpostId"
         },
@@ -406,6 +914,59 @@
         "Outpost":{"shape":"Outpost"}
       }
     },
+    "GetSiteAddressInput":{
+      "type":"structure",
+      "required":[
+        "SiteId",
+        "AddressType"
+      ],
+      "members":{
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
+          "location":"uri",
+          "locationName":"SiteId"
+        },
+        "AddressType":{
+          "shape":"AddressType",
+          "documentation":"<p> The type of the address you request. </p>",
+          "location":"querystring",
+          "locationName":"AddressType"
+        }
+      }
+    },
+    "GetSiteAddressOutput":{
+      "type":"structure",
+      "members":{
+        "SiteId":{"shape":"SiteId"},
+        "AddressType":{
+          "shape":"AddressType",
+          "documentation":"<p> The type of the address you receive. </p>"
+        },
+        "Address":{
+          "shape":"Address",
+          "documentation":"<p> Information about the address. </p>"
+        }
+      }
+    },
+    "GetSiteInput":{
+      "type":"structure",
+      "required":["SiteId"],
+      "members":{
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
+          "location":"uri",
+          "locationName":"SiteId"
+        }
+      }
+    },
+    "GetSiteOutput":{
+      "type":"structure",
+      "members":{
+        "Site":{"shape":"Site"}
+      }
+    },
     "ISO8601Timestamp":{"type":"timestamp"},
     "InstanceType":{
       "type":"string",
@@ -461,7 +1022,7 @@
           "documentation":"<p>The quantity of the line item.</p>"
         },
         "Status":{
-          "shape":"Status",
+          "shape":"LineItemStatus",
           "documentation":"<p>The status of the line item.</p>"
         }
       },
@@ -500,6 +1061,98 @@
       "max":20,
       "min":1
     },
+    "LineItemStatus":{
+      "type":"string",
+      "enum":[
+        "PREPARING",
+        "BUILDING",
+        "SHIPPED",
+        "DELIVERED",
+        "INSTALLING",
+        "INSTALLED",
+        "ERROR",
+        "CANCELLED"
+      ]
+    },
+    "LineItemStatusCounts":{
+      "type":"map",
+      "key":{"shape":"LineItemStatus"},
+      "value":{"shape":"LineItemQuantity"}
+    },
+    "ListCatalogItemsInput":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"Token",
+          "location":"querystring",
+          "locationName":"NextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResults1000",
+          "location":"querystring",
+          "locationName":"MaxResults"
+        },
+        "ItemClassFilter":{
+          "shape":"CatalogItemClassList",
+          "documentation":"<p> A filter for the class of items in the catalog. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
+          "location":"querystring",
+          "locationName":"ItemClassFilter"
+        },
+        "SupportedStorageFilter":{
+          "shape":"SupportedStorageList",
+          "documentation":"<p> A filter for the storage options of items in the catalog. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
+          "location":"querystring",
+          "locationName":"SupportedStorageFilter"
+        },
+        "EC2FamilyFilter":{
+          "shape":"EC2FamilyList",
+          "documentation":"<p> A filter for EC2 family options for items in the catalog. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
+          "location":"querystring",
+          "locationName":"EC2FamilyFilter"
+        }
+      }
+    },
+    "ListCatalogItemsOutput":{
+      "type":"structure",
+      "members":{
+        "CatalogItems":{
+          "shape":"CatalogItemListDefinition",
+          "documentation":"<p>Information about the catalog items.</p>"
+        },
+        "NextToken":{"shape":"Token"}
+      }
+    },
+    "ListOrdersInput":{
+      "type":"structure",
+      "members":{
+        "OutpostIdentifierFilter":{
+          "shape":"OutpostIdentifier",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the Outpost. </p>",
+          "location":"querystring",
+          "locationName":"OutpostIdentifierFilter"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "location":"querystring",
+          "locationName":"NextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResults1000",
+          "location":"querystring",
+          "locationName":"MaxResults"
+        }
+      }
+    },
+    "ListOrdersOutput":{
+      "type":"structure",
+      "members":{
+        "Orders":{
+          "shape":"OrderSummaryListDefinition",
+          "documentation":"<p> Information about the orders. </p>"
+        },
+        "NextToken":{"shape":"Token"}
+      }
+    },
     "ListOutpostsInput":{
       "type":"structure",
       "members":{
@@ -515,19 +1168,19 @@
         },
         "LifeCycleStatusFilter":{
           "shape":"LifeCycleStatusList",
-          "documentation":"<p> A filter for the lifecycle status of the Outpost. </p> <p> Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values. </p>",
+          "documentation":"<p> A filter for the lifecycle status of the Outpost. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
           "location":"querystring",
           "locationName":"LifeCycleStatusFilter"
         },
         "AvailabilityZoneFilter":{
           "shape":"AvailabilityZoneList",
-          "documentation":"<p> A filter for the Availibility Zone (<code>us-east-1a</code>) of the Outpost. </p> <p> Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values. </p>",
+          "documentation":"<p> A filter for the Availability Zone (<code>us-east-1a</code>) of the Outpost. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
           "location":"querystring",
           "locationName":"AvailabilityZoneFilter"
         },
         "AvailabilityZoneIdFilter":{
           "shape":"AvailabilityZoneIdList",
-          "documentation":"<p> A filter for the AZ IDs (<code>use1-az1</code>) of the Outpost. </p> <p> Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values. </p>",
+          "documentation":"<p> A filter for the AZ IDs (<code>use1-az1</code>) of the Outpost. </p> <p>Filter values are case sensitive. If you specify multiple values for a filter, the values are joined with an <code>OR</code>, and the request returns all results that match any of the specified values.</p>",
           "location":"querystring",
           "locationName":"AvailabilityZoneIdFilter"
         }
@@ -590,6 +1243,23 @@
       "max":1000,
       "min":1
     },
+    "MaxSize":{"type":"string"},
+    "MaximumSupportedWeightLbs":{
+      "type":"string",
+      "enum":[
+        "NO_LIMIT",
+        "MAX_1400_LBS",
+        "MAX_1600_LBS",
+        "MAX_1800_LBS",
+        "MAX_2000_LBS"
+      ]
+    },
+    "Municipality":{
+      "type":"string",
+      "max":180,
+      "min":0,
+      "pattern":"^\\S[\\S ]*$"
+    },
     "NotFoundException":{
       "type":"structure",
       "members":{
@@ -599,12 +1269,30 @@
       "error":{"httpStatusCode":404},
       "exception":true
     },
+    "OpticalStandard":{
+      "type":"string",
+      "enum":[
+        "OPTIC_10GBASE_SR",
+        "OPTIC_10GBASE_IR",
+        "OPTIC_10GBASE_LR",
+        "OPTIC_40GBASE_SR",
+        "OPTIC_40GBASE_ESR",
+        "OPTIC_40GBASE_IR4_LR4L",
+        "OPTIC_40GBASE_LR4",
+        "OPTIC_100GBASE_SR4",
+        "OPTIC_100GBASE_CWDM4",
+        "OPTIC_100GBASE_LR4",
+        "OPTIC_100G_PSM4_MSA",
+        "OPTIC_1000BASE_LX",
+        "OPTIC_1000BASE_SX"
+      ]
+    },
     "Order":{
       "type":"structure",
       "members":{
         "OutpostId":{
           "shape":"OutpostIdOnly",
-          "documentation":"<p> The ID of the Outpost. </p>"
+          "documentation":"<p> The ID of the Outpost in the order. </p>"
         },
         "OrderId":{
           "shape":"OrderId",
@@ -612,7 +1300,7 @@
         },
         "Status":{
           "shape":"OrderStatus",
-          "documentation":"<p>The status of the order</p>"
+          "documentation":"<p>The status of the order.</p> <ul> <li> <p> <code>PREPARING</code> - Order is received and being prepared.</p> </li> <li> <p> <code>IN_PROGRESS</code> - Order is either being built, shipped, or installed. To get more details, see the <code>LineItem</code> status.</p> </li> <li> <p> <code>COMPLETED</code> - Order is complete.</p> </li> <li> <p> <code>CANCELLED</code> - Order is cancelled.</p> </li> <li> <p> <code>ERROR</code> - Customer should contact support.</p> </li> </ul> <note> <p>The following status are deprecated: <code>RECEIVED</code>, <code>PENDING</code>, <code>PROCESSING</code>, <code>INSTALLING</code>, and <code>FULFILLED</code>. </p> </note>"
         },
         "LineItems":{
           "shape":"LineItemListDefinition",
@@ -647,7 +1335,56 @@
         "PROCESSING",
         "INSTALLING",
         "FULFILLED",
-        "CANCELLED"
+        "CANCELLED",
+        "PREPARING",
+        "IN_PROGRESS",
+        "COMPLETED",
+        "ERROR"
+      ]
+    },
+    "OrderSummary":{
+      "type":"structure",
+      "members":{
+        "OutpostId":{
+          "shape":"OutpostIdOnly",
+          "documentation":"<p> The ID of the Outpost. </p>"
+        },
+        "OrderId":{
+          "shape":"OrderId",
+          "documentation":"<p> The ID of the order. </p>"
+        },
+        "OrderType":{
+          "shape":"OrderType",
+          "documentation":"<p> The type of order. </p>"
+        },
+        "Status":{
+          "shape":"OrderStatus",
+          "documentation":"<p>The status of the order.</p> <ul> <li> <p> <code>PREPARING</code> - Order is received and is being prepared.</p> </li> <li> <p> <code>IN_PROGRESS</code> - Order is either being built, shipped, or installed. For more information, see the <code>LineItem</code> status.</p> </li> <li> <p> <code>COMPLETED</code> - Order is complete.</p> </li> <li> <p> <code>CANCELLED</code> - Order is cancelled.</p> </li> <li> <p> <code>ERROR</code> - Customer should contact support.</p> </li> </ul> <note> <p>The following statuses are deprecated: <code>RECEIVED</code>, <code>PENDING</code>, <code>PROCESSING</code>, <code>INSTALLING</code>, and <code>FULFILLED</code>. </p> </note>"
+        },
+        "LineItemCountsByStatus":{
+          "shape":"LineItemStatusCounts",
+          "documentation":"<p> The status of all line items in the order. </p>"
+        },
+        "OrderSubmissionDate":{
+          "shape":"ISO8601Timestamp",
+          "documentation":"<p> Submission date for the order. </p>"
+        },
+        "OrderFulfilledDate":{
+          "shape":"ISO8601Timestamp",
+          "documentation":"<p> Fulfilment date for the order. </p>"
+        }
+      },
+      "documentation":"<p> A summary of line items in your order. </p>"
+    },
+    "OrderSummaryListDefinition":{
+      "type":"list",
+      "member":{"shape":"OrderSummary"}
+    },
+    "OrderType":{
+      "type":"string",
+      "enum":[
+        "OUTPOST",
+        "REPLACEMENT"
       ]
     },
     "Outpost":{
@@ -669,7 +1406,11 @@
           "shape":"TagMap",
           "documentation":"<p>The Outpost tags.</p>"
         },
-        "SiteArn":{"shape":"SiteArn"}
+        "SiteArn":{"shape":"SiteArn"},
+        "SupportedHardwareType":{
+          "shape":"SupportedHardwareType",
+          "documentation":"<p> The hardware type. </p>"
+        }
       },
       "documentation":"<p>Information about an Outpost.</p>"
     },
@@ -714,7 +1455,7 @@
     },
     "OwnerId":{
       "type":"string",
-      "documentation":"<p>The AWS account ID of the Outpost owner.</p>",
+      "documentation":"<p>The Amazon Web Services account ID of the Outpost owner.</p>",
       "max":12,
       "min":12,
       "pattern":"\\d{12}"
@@ -731,9 +1472,92 @@
       "type":"string",
       "enum":["THREE_YEARS"]
     },
+    "PostalCode":{
+      "type":"string",
+      "max":20,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9 -]+$"
+    },
+    "PowerConnector":{
+      "type":"string",
+      "enum":[
+        "L6_30P",
+        "IEC309",
+        "AH530P7W",
+        "AH532P6W"
+      ]
+    },
+    "PowerDrawKva":{
+      "type":"string",
+      "enum":[
+        "POWER_5_KVA",
+        "POWER_10_KVA",
+        "POWER_15_KVA"
+      ]
+    },
+    "PowerFeedDrop":{
+      "type":"string",
+      "enum":[
+        "ABOVE_RACK",
+        "BELOW_RACK"
+      ]
+    },
+    "PowerPhase":{
+      "type":"string",
+      "enum":[
+        "SINGLE_PHASE",
+        "THREE_PHASE"
+      ]
+    },
+    "Quantity":{"type":"string"},
+    "RackPhysicalProperties":{
+      "type":"structure",
+      "members":{
+        "PowerDrawKva":{
+          "shape":"PowerDrawKva",
+          "documentation":"<p>The power draw available at the hardware placement position for the rack. </p>"
+        },
+        "PowerPhase":{
+          "shape":"PowerPhase",
+          "documentation":"<p>The power option that you can provide for hardware.</p>"
+        },
+        "PowerConnector":{
+          "shape":"PowerConnector",
+          "documentation":"<p>The power connector for the hardware. </p>"
+        },
+        "PowerFeedDrop":{
+          "shape":"PowerFeedDrop",
+          "documentation":"<p>The position of the power feed.</p>"
+        },
+        "UplinkGbps":{
+          "shape":"UplinkGbps",
+          "documentation":"<p>The uplink speed the rack supports for the connection to the Region. </p>"
+        },
+        "UplinkCount":{
+          "shape":"UplinkCount",
+          "documentation":"<p>The number of uplinks each Outpost network device.</p>"
+        },
+        "FiberOpticCableType":{
+          "shape":"FiberOpticCableType",
+          "documentation":"<p>The type of fiber used to attach the Outpost to the network. </p>"
+        },
+        "OpticalStandard":{
+          "shape":"OpticalStandard",
+          "documentation":"<p>The type of optical standard used to attach the Outpost to the network. This field is dependent on uplink speed, fiber type, and distance to the upstream device. For more information about networking requirements for racks, see <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#facility-networking\">Network</a> in the Amazon Web Services Outposts User Guide. </p>"
+        },
+        "MaximumSupportedWeightLbs":{
+          "shape":"MaximumSupportedWeightLbs",
+          "documentation":"<p>The maximum rack weight that this site can support. <code>NO_LIMIT</code> is over 2000 lbs (907 kg). </p>"
+        }
+      },
+      "documentation":"<p> Information about the physical and logistical details for racks at sites. For more information about hardware requirements for racks, see <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#checklist\">Network readiness checklist</a> in the Amazon Web Services Outposts User Guide. </p>"
+    },
     "ResourceType":{
       "type":"string",
-      "enum":["OUTPOST"]
+      "enum":[
+        "OUTPOST",
+        "ORDER"
+      ]
     },
     "ServiceQuotaExceededException":{
       "type":"structure",
@@ -755,7 +1579,27 @@
           "shape":"TagMap",
           "documentation":"<p>The site tags.</p>"
         },
-        "SiteArn":{"shape":"SiteArn"}
+        "SiteArn":{"shape":"SiteArn"},
+        "Notes":{
+          "shape":"SiteNotes",
+          "documentation":"<p> Notes about a site. </p>"
+        },
+        "OperatingAddressCountryCode":{
+          "shape":"CountryCode",
+          "documentation":"<p> The ISO-3166 two-letter country code where the hardware is installed and powered on. </p>"
+        },
+        "OperatingAddressStateOrRegion":{
+          "shape":"StateOrRegion",
+          "documentation":"<p> State or region where the hardware is installed and powered on. </p>"
+        },
+        "OperatingAddressCity":{
+          "shape":"City",
+          "documentation":"<p> City where the hardware is installed and powered on. </p>"
+        },
+        "RackPhysicalProperties":{
+          "shape":"RackPhysicalProperties",
+          "documentation":"<p> Information about the physical and logistical details for a rack at the site. </p>"
+        }
       },
       "documentation":"<p>Information about a site.</p>"
     },
@@ -775,7 +1619,7 @@
     },
     "SiteId":{
       "type":"string",
-      "documentation":"<p>The ID of the site.</p>",
+      "documentation":"<p> The ID of the site. </p>",
       "max":255,
       "min":1,
       "pattern":"^(arn:aws([a-z-]+)?:outposts:[a-z\\d-]+:\\d{12}:site/)?(os-[a-f0-9]{17})$"
@@ -787,17 +1631,23 @@
       "min":1,
       "pattern":"^[\\S ]+$"
     },
+    "SiteNotes":{
+      "type":"string",
+      "max":2000,
+      "min":1,
+      "pattern":"^[\\S \\n]+$"
+    },
     "SkuCode":{
       "type":"string",
       "max":10,
       "min":1,
       "pattern":"OR-[A-Z0-9]{7}"
     },
-    "Status":{
+    "StateOrRegion":{
       "type":"string",
-      "max":1000,
+      "max":50,
       "min":1,
-      "pattern":"^[\\S ]+$"
+      "pattern":"^\\S[\\S ]*$"
     },
     "String":{
       "type":"string",
@@ -805,6 +1655,29 @@
       "min":1,
       "pattern":"^[\\S \\n]+$"
     },
+    "SupportedHardwareType":{
+      "type":"string",
+      "enum":[
+        "RACK",
+        "SERVER"
+      ]
+    },
+    "SupportedStorageEnum":{
+      "type":"string",
+      "enum":[
+        "EBS",
+        "S3"
+      ]
+    },
+    "SupportedStorageList":{
+      "type":"list",
+      "member":{"shape":"SupportedStorageEnum"}
+    },
+    "SupportedUplinkGbps":{"type":"integer"},
+    "SupportedUplinkGbpsListDefinition":{
+      "type":"list",
+      "member":{"shape":"SupportedUplinkGbps"}
+    },
     "TagKey":{
       "type":"string",
       "max":128,
@@ -886,6 +1759,169 @@
       "members":{
       }
     },
+    "UpdateOutpostInput":{
+      "type":"structure",
+      "required":["OutpostId"],
+      "members":{
+        "OutpostId":{
+          "shape":"OutpostId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the Outpost. </p>",
+          "location":"uri",
+          "locationName":"OutpostId"
+        },
+        "Name":{"shape":"OutpostName"},
+        "Description":{"shape":"OutpostDescription"},
+        "SupportedHardwareType":{
+          "shape":"SupportedHardwareType",
+          "documentation":"<p> The type of hardware for this Outpost. </p>"
+        }
+      }
+    },
+    "UpdateOutpostOutput":{
+      "type":"structure",
+      "members":{
+        "Outpost":{"shape":"Outpost"}
+      }
+    },
+    "UpdateSiteAddressInput":{
+      "type":"structure",
+      "required":[
+        "SiteId",
+        "AddressType",
+        "Address"
+      ],
+      "members":{
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
+          "location":"uri",
+          "locationName":"SiteId"
+        },
+        "AddressType":{
+          "shape":"AddressType",
+          "documentation":"<p> The type of the address. </p>"
+        },
+        "Address":{
+          "shape":"Address",
+          "documentation":"<p> The address for the site. </p>"
+        }
+      }
+    },
+    "UpdateSiteAddressOutput":{
+      "type":"structure",
+      "members":{
+        "AddressType":{
+          "shape":"AddressType",
+          "documentation":"<p> The type of the address. </p>"
+        },
+        "Address":{
+          "shape":"Address",
+          "documentation":"<p> Information about an address. </p>"
+        }
+      }
+    },
+    "UpdateSiteInput":{
+      "type":"structure",
+      "required":["SiteId"],
+      "members":{
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
+          "location":"uri",
+          "locationName":"SiteId"
+        },
+        "Name":{"shape":"SiteName"},
+        "Description":{"shape":"SiteDescription"},
+        "Notes":{
+          "shape":"SiteNotes",
+          "documentation":"<p> Notes about a site. </p>"
+        }
+      }
+    },
+    "UpdateSiteOutput":{
+      "type":"structure",
+      "members":{
+        "Site":{"shape":"Site"}
+      }
+    },
+    "UpdateSiteRackPhysicalPropertiesInput":{
+      "type":"structure",
+      "required":["SiteId"],
+      "members":{
+        "SiteId":{
+          "shape":"SiteId",
+          "documentation":"<p> The ID or the Amazon Resource Name (ARN) of the site. </p>",
+          "location":"uri",
+          "locationName":"SiteId"
+        },
+        "PowerDrawKva":{
+          "shape":"PowerDrawKva",
+          "documentation":"<p>Specify in kVA the power draw available at the hardware placement position for the rack.</p>"
+        },
+        "PowerPhase":{
+          "shape":"PowerPhase",
+          "documentation":"<p> Specify the power option that you can provide for hardware. </p> <ul> <li> <p>Single-phase AC feed: 200 V to 277 V, 50 Hz or 60 Hz</p> </li> <li> <p>Three-phase AC feed: 346 V to 480 V, 50 Hz or 60 Hz</p> </li> </ul>"
+        },
+        "PowerConnector":{
+          "shape":"PowerConnector",
+          "documentation":"<p> Specify the power connector that Amazon Web Services should plan to provide for connections to the hardware. Note the correlation between <code>PowerPhase</code> and <code>PowerConnector</code>. </p> <ul> <li> <p>Single-phase AC feed</p> <ul> <li> <p> <b>L6-30P</b> – (common in US); 30A; single phase</p> </li> <li> <p> <b>IEC309 (blue)</b> – P+N+E, 6hr; 32 A; single phase</p> </li> </ul> </li> <li> <p>Three-phase AC feed</p> <ul> <li> <p> <b>AH530P7W (red)</b> – 3P+N+E, 7hr; 30A; three phase</p> </li> <li> <p> <b>AH532P6W (red)</b> – 3P+N+E, 6hr; 32A; three phase</p> </li> </ul> </li> </ul>"
+        },
+        "PowerFeedDrop":{
+          "shape":"PowerFeedDrop",
+          "documentation":"<p> Specify whether the power feed comes above or below the rack. </p>"
+        },
+        "UplinkGbps":{
+          "shape":"UplinkGbps",
+          "documentation":"<p> Specify the uplink speed the rack should support for the connection to the Region. </p>"
+        },
+        "UplinkCount":{
+          "shape":"UplinkCount",
+          "documentation":"<p>Racks come with two Outpost network devices. Depending on the supported uplink speed at the site, the Outpost network devices provide a variable number of uplinks. Specify the number of uplinks for each Outpost network device that you intend to use to connect the rack to your network. Note the correlation between <code>UplinkGbps</code> and <code>UplinkCount</code>. </p> <ul> <li> <p>1Gbps - Uplinks available: 1, 2, 4, 6, 8</p> </li> <li> <p>10Gbps - Uplinks available: 1, 2, 4, 8, 12, 16</p> </li> <li> <p>40 and 100 Gbps- Uplinks available: 1, 2, 4</p> </li> </ul>"
+        },
+        "FiberOpticCableType":{
+          "shape":"FiberOpticCableType",
+          "documentation":"<p> Specify the type of fiber that you will use to attach the Outpost to your network. </p>"
+        },
+        "OpticalStandard":{
+          "shape":"OpticalStandard",
+          "documentation":"<p>Specify the type of optical standard that you will use to attach the Outpost to your network. This field is dependent on uplink speed, fiber type, and distance to the upstream device. For more information about networking requirements for racks, see <a href=\"https://docs.aws.amazon.com/outposts/latest/userguide/outposts-requirements.html#facility-networking\">Network</a> in the Amazon Web Services Outposts User Guide. </p> <ul> <li> <p> <code>OPTIC_10GBASE_SR</code>: 10GBASE-SR</p> </li> <li> <p> <code>OPTIC_10GBASE_IR</code>: 10GBASE-IR</p> </li> <li> <p> <code>OPTIC_10GBASE_LR</code>: 10GBASE-LR</p> </li> <li> <p> <code>OPTIC_40GBASE_SR</code>: 40GBASE-SR</p> </li> <li> <p> <code>OPTIC_40GBASE_ESR</code>: 40GBASE-ESR</p> </li> <li> <p> <code>OPTIC_40GBASE_IR4_LR4L</code>: 40GBASE-IR (LR4L)</p> </li> <li> <p> <code>OPTIC_40GBASE_LR4</code>: 40GBASE-LR4</p> </li> <li> <p> <code>OPTIC_100GBASE_SR4</code>: 100GBASE-SR4</p> </li> <li> <p> <code>OPTIC_100GBASE_CWDM4</code>: 100GBASE-CWDM4</p> </li> <li> <p> <code>OPTIC_100GBASE_LR4</code>: 100GBASE-LR4</p> </li> <li> <p> <code>OPTIC_100G_PSM4_MSA</code>: 100G PSM4 MSA</p> </li> <li> <p> <code>OPTIC_1000BASE_LX</code>: 1000Base-LX</p> </li> <li> <p> <code>OPTIC_1000BASE_SX</code> : 1000Base-SX</p> </li> </ul>"
+        },
+        "MaximumSupportedWeightLbs":{
+          "shape":"MaximumSupportedWeightLbs",
+          "documentation":"<p> Specify the maximum rack weight that this site can support. <code>NO_LIMIT</code> is over 2000lbs. </p>"
+        }
+      }
+    },
+    "UpdateSiteRackPhysicalPropertiesOutput":{
+      "type":"structure",
+      "members":{
+        "Site":{"shape":"Site"}
+      }
+    },
+    "UplinkCount":{
+      "type":"string",
+      "enum":[
+        "UPLINK_COUNT_1",
+        "UPLINK_COUNT_2",
+        "UPLINK_COUNT_3",
+        "UPLINK_COUNT_4",
+        "UPLINK_COUNT_5",
+        "UPLINK_COUNT_6",
+        "UPLINK_COUNT_7",
+        "UPLINK_COUNT_8",
+        "UPLINK_COUNT_12",
+        "UPLINK_COUNT_16"
+      ]
+    },
+    "UplinkGbps":{
+      "type":"string",
+      "enum":[
+        "UPLINK_1G",
+        "UPLINK_10G",
+        "UPLINK_40G",
+        "UPLINK_100G"
+      ]
+    },
     "ValidationException":{
       "type":"structure",
       "members":{
@@ -906,5 +1942,5 @@
       "documentation":"<p>Information about the sites.</p>"
     }
   },
-  "documentation":"<p>AWS Outposts is a fully managed service that extends AWS infrastructure, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs.</p>"
+  "documentation":"<p>Amazon Web Services Outposts is a fully managed service that extends Amazon Web Services infrastructure, APIs, and tools to customer premises. By providing local access to Amazon Web Services managed infrastructure, Amazon Web Services Outposts enables customers to build and run applications on premises using the same programming interfaces as in Amazon Web Services Regions, while using local compute and storage resources for lower latency and local data processing needs.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/personalize-runtime/2018-05-22/service-2.json b/contrib/python/botocore/py3/botocore/data/personalize-runtime/2018-05-22/service-2.json
index c490049e2f8..36798c46273 100644
--- a/contrib/python/botocore/py3/botocore/data/personalize-runtime/2018-05-22/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/personalize-runtime/2018-05-22/service-2.json
@@ -39,7 +39,7 @@
         {"shape":"InvalidInputException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Returns a list of recommended items. The required input depends on the recipe type used to create the solution backing the campaign, as follows:</p> <ul> <li> <p>RELATED_ITEMS - <code>itemId</code> required, <code>userId</code> not used</p> </li> <li> <p>USER_PERSONALIZATION - <code>itemId</code> optional, <code>userId</code> required</p> </li> </ul> <note> <p>Campaigns that are backed by a solution created using a recipe of type PERSONALIZED_RANKING use the API.</p> </note>",
+      "documentation":"<p>Returns a list of recommended items. For campaigns, the campaign's Amazon Resource Name (ARN) is required and the required user and item input depends on the recipe type used to create the solution backing the campaign as follows:</p> <ul> <li> <p>USER_PERSONALIZATION - <code>userId</code> required, <code>itemId</code> not used</p> </li> <li> <p>RELATED_ITEMS - <code>itemId</code> required, <code>userId</code> not used</p> </li> </ul> <note> <p>Campaigns that are backed by a solution created using a recipe of type PERSONALIZED_RANKING use the API.</p> </note> <p> For recommenders, the recommender's ARN is required and the required item and user input depends on the use case (domain-based recipe) backing the recommender. For information on use case requirements see <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/domain-use-cases.html\">Choosing recommender use cases</a>. </p>",
       "idempotent":true
     }
   },
@@ -131,7 +131,6 @@
     },
     "GetRecommendationsRequest":{
       "type":"structure",
-      "required":["campaignArn"],
       "members":{
         "campaignArn":{
           "shape":"Arn",
@@ -160,6 +159,10 @@
         "filterValues":{
           "shape":"FilterValues",
           "documentation":"<p>The values to use when filtering recommendations. For each placeholder parameter in your filter expression, provide the parameter name (in matching case) as a key and the filter value(s) as the corresponding value. Separate multiple values for one parameter with a comma. </p> <p>For filter expressions that use an <code>INCLUDE</code> element to include items, you must provide values for all parameters that are defined in the expression. For filters with expressions that use an <code>EXCLUDE</code> element to exclude items, you can omit the <code>filter-values</code>.In this case, Amazon Personalize doesn't use that portion of the expression to filter recommendations.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/filter.html\">Filtering Recommendations</a>.</p>"
+        },
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender to use to get recommendations. Provide a recommender ARN if you created a Domain dataset group with a recommender for a domain use case.</p>"
         }
       }
     },
@@ -168,7 +171,7 @@
       "members":{
         "itemList":{
           "shape":"ItemList",
-          "documentation":"<p>A list of recommendations sorted in ascending order by prediction score. There can be a maximum of 500 items in the list.</p>"
+          "documentation":"<p>A list of recommendations sorted in descending order by prediction score. There can be a maximum of 500 items in the list.</p>"
         },
         "recommendationId":{
           "shape":"RecommendationID",
diff --git a/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/paginators-1.json b/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/paginators-1.json
index 0b602dfc5a4..1d9ac747f9d 100644
--- a/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/paginators-1.json
@@ -71,6 +71,18 @@
       "limit_key": "maxResults",
       "output_token": "nextToken",
       "result_key": "Filters"
+    },
+    "ListBatchSegmentJobs": {
+      "input_token": "nextToken",
+      "limit_key": "maxResults",
+      "output_token": "nextToken",
+      "result_key": "batchSegmentJobs"
+    },
+    "ListRecommenders": {
+      "input_token": "nextToken",
+      "limit_key": "maxResults",
+      "output_token": "nextToken",
+      "result_key": "recommenders"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/service-2.json b/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/service-2.json
index bdfd34eff7e..80f1eaf50ab 100644
--- a/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/personalize/2018-05-22/service-2.json
@@ -30,6 +30,23 @@
       ],
       "documentation":"<p>Creates a batch inference job. The operation can handle up to 50 million records and the input file must be in JSON format. For more information, see <a>recommendations-batch</a>.</p>"
     },
+    "CreateBatchSegmentJob":{
+      "name":"CreateBatchSegmentJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateBatchSegmentJobRequest"},
+      "output":{"shape":"CreateBatchSegmentJobResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Creates a batch segment job. The operation can handle up to 50 million records and the input file must be in JSON format. For more information, see <a>recommendations-batch</a>.</p>"
+    },
     "CreateCampaign":{
       "name":"CreateCampaign",
       "http":{
@@ -45,7 +62,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Creates a campaign by deploying a solution version. When a client calls the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> and <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetPersonalizedRanking.html\">GetPersonalizedRanking</a> APIs, a campaign is specified in the request.</p> <p> <b>Minimum Provisioned TPS and Auto-Scaling</b> </p> <p>A transaction is a single <code>GetRecommendations</code> or <code>GetPersonalizedRanking</code> call. Transactions per second (TPS) is the throughput and unit of billing for Amazon Personalize. The minimum provisioned TPS (<code>minProvisionedTPS</code>) specifies the baseline throughput provisioned by Amazon Personalize, and thus, the minimum billing charge. </p> <p> If your TPS increases beyond <code>minProvisionedTPS</code>, Amazon Personalize auto-scales the provisioned capacity up and down, but never below <code>minProvisionedTPS</code>. There's a short time delay while the capacity is increased that might cause loss of transactions.</p> <p>The actual TPS used is calculated as the average requests/second within a 5-minute window. You pay for maximum of either the minimum provisioned TPS or the actual TPS. We recommend starting with a low <code>minProvisionedTPS</code>, track your usage using Amazon CloudWatch metrics, and then increase the <code>minProvisionedTPS</code> as necessary.</p> <p> <b>Status</b> </p> <p>A campaign can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul> <p>To get the campaign status, call <a>DescribeCampaign</a>.</p> <note> <p>Wait until the <code>status</code> of the campaign is <code>ACTIVE</code> before asking the campaign for recommendations.</p> </note> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListCampaigns</a> </p> </li> <li> <p> <a>DescribeCampaign</a> </p> </li> <li> <p> <a>UpdateCampaign</a> </p> </li> <li> <p> <a>DeleteCampaign</a> </p> </li> </ul>",
+      "documentation":"<p>Creates a campaign that deploys a solution version. When a client calls the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> and <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetPersonalizedRanking.html\">GetPersonalizedRanking</a> APIs, a campaign is specified in the request.</p> <p> <b>Minimum Provisioned TPS and Auto-Scaling</b> </p> <p>A transaction is a single <code>GetRecommendations</code> or <code>GetPersonalizedRanking</code> call. Transactions per second (TPS) is the throughput and unit of billing for Amazon Personalize. The minimum provisioned TPS (<code>minProvisionedTPS</code>) specifies the baseline throughput provisioned by Amazon Personalize, and thus, the minimum billing charge. </p> <p> If your TPS increases beyond <code>minProvisionedTPS</code>, Amazon Personalize auto-scales the provisioned capacity up and down, but never below <code>minProvisionedTPS</code>. There's a short time delay while the capacity is increased that might cause loss of transactions.</p> <p>The actual TPS used is calculated as the average requests/second within a 5-minute window. You pay for maximum of either the minimum provisioned TPS or the actual TPS. We recommend starting with a low <code>minProvisionedTPS</code>, track your usage using Amazon CloudWatch metrics, and then increase the <code>minProvisionedTPS</code> as necessary.</p> <p> <b>Status</b> </p> <p>A campaign can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul> <p>To get the campaign status, call <a>DescribeCampaign</a>.</p> <note> <p>Wait until the <code>status</code> of the campaign is <code>ACTIVE</code> before asking the campaign for recommendations.</p> </note> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListCampaigns</a> </p> </li> <li> <p> <a>DescribeCampaign</a> </p> </li> <li> <p> <a>UpdateCampaign</a> </p> </li> <li> <p> <a>DeleteCampaign</a> </p> </li> </ul>",
       "idempotent":true
     },
     "CreateDataset":{
@@ -97,7 +114,7 @@
         {"shape":"ResourceAlreadyExistsException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates an empty dataset group. A dataset group contains related datasets that supply data for training a model. A dataset group can contain at most three datasets, one for each type of dataset:</p> <ul> <li> <p>Interactions</p> </li> <li> <p>Items</p> </li> <li> <p>Users</p> </li> </ul> <p>To train a model (create a solution), a dataset group that contains an <code>Interactions</code> dataset is required. Call <a>CreateDataset</a> to add a dataset to the group.</p> <p>A dataset group can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING</p> </li> </ul> <p>To get the status of the dataset group, call <a>DescribeDatasetGroup</a>. If the status shows as CREATE FAILED, the response includes a <code>failureReason</code> key, which describes why the creation failed.</p> <note> <p>You must wait until the <code>status</code> of the dataset group is <code>ACTIVE</code> before adding a dataset to the group.</p> </note> <p>You can specify an Key Management Service (KMS) key to encrypt the datasets in the group. If you specify a KMS key, you must also include an Identity and Access Management (IAM) role that has permission to access the key.</p> <p class=\"title\"> <b>APIs that require a dataset group ARN in the request</b> </p> <ul> <li> <p> <a>CreateDataset</a> </p> </li> <li> <p> <a>CreateEventTracker</a> </p> </li> <li> <p> <a>CreateSolution</a> </p> </li> </ul> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListDatasetGroups</a> </p> </li> <li> <p> <a>DescribeDatasetGroup</a> </p> </li> <li> <p> <a>DeleteDatasetGroup</a> </p> </li> </ul>"
+      "documentation":"<p>Creates an empty dataset group. A dataset group is a container for Amazon Personalize resources. A dataset group can contain at most three datasets, one for each type of dataset:</p> <ul> <li> <p>Interactions</p> </li> <li> <p>Items</p> </li> <li> <p>Users</p> </li> </ul> <p> A dataset group can be a Domain dataset group, where you specify a domain and use pre-configured resources like recommenders, or a Custom dataset group, where you use custom resources, such as a solution with a solution version, that you deploy with a campaign. If you start with a Domain dataset group, you can still add custom resources such as solutions and solution versions trained with recipes for custom use cases and deployed with campaigns. </p> <p>A dataset group can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING</p> </li> </ul> <p>To get the status of the dataset group, call <a>DescribeDatasetGroup</a>. If the status shows as CREATE FAILED, the response includes a <code>failureReason</code> key, which describes why the creation failed.</p> <note> <p>You must wait until the <code>status</code> of the dataset group is <code>ACTIVE</code> before adding a dataset to the group.</p> </note> <p>You can specify an Key Management Service (KMS) key to encrypt the datasets in the group. If you specify a KMS key, you must also include an Identity and Access Management (IAM) role that has permission to access the key.</p> <p class=\"title\"> <b>APIs that require a dataset group ARN in the request</b> </p> <ul> <li> <p> <a>CreateDataset</a> </p> </li> <li> <p> <a>CreateEventTracker</a> </p> </li> <li> <p> <a>CreateSolution</a> </p> </li> </ul> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListDatasetGroups</a> </p> </li> <li> <p> <a>DescribeDatasetGroup</a> </p> </li> <li> <p> <a>DeleteDatasetGroup</a> </p> </li> </ul>"
     },
     "CreateDatasetImportJob":{
       "name":"CreateDatasetImportJob",
@@ -150,6 +167,23 @@
       ],
       "documentation":"<p>Creates a recommendation filter. For more information, see <a>filter</a>.</p>"
     },
+    "CreateRecommender":{
+      "name":"CreateRecommender",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateRecommenderRequest"},
+      "output":{"shape":"CreateRecommenderResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"LimitExceededException"}
+      ],
+      "documentation":"<p>Creates a recommender with the recipe (a Domain dataset group use case) you specify. You create recommenders for a Domain dataset group and specify the recommender's Amazon Resource Name (ARN) when you make a <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> request. </p> <p> <b>Minimum recommendation requests per second</b> </p> <p>When you create a recommender, you can configure the recommender's minimum recommendation requests per second. The minimum recommendation requests per second (<code>minRecommendationRequestsPerSecond</code>) specifies the baseline recommendation request throughput provisioned by Amazon Personalize. The default minRecommendationRequestsPerSecond is <code>1</code>. A recommendation request is a single <code>GetRecommendations</code> operation. Request throughput is measured in requests per second and Amazon Personalize uses your requests per second to derive your requests per hour and the price of your recommender usage. </p> <p> If your requests per second increases beyond <code>minRecommendationRequestsPerSecond</code>, Amazon Personalize auto-scales the provisioned capacity up and down, but never below <code>minRecommendationRequestsPerSecond</code>. There's a short time delay while the capacity is increased that might cause loss of requests.</p> <p> Your bill is the greater of either the minimum requests per hour (based on minRecommendationRequestsPerSecond) or the actual number of requests. The actual request throughput used is calculated as the average requests/second within a one-hour window. We recommend starting with the default <code>minRecommendationRequestsPerSecond</code>, track your usage using Amazon CloudWatch metrics, and then increase the <code>minRecommendationRequestsPerSecond</code> as necessary. </p> <p> <b>Status</b> </p> <p>A recommender can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul> <p>To get the recommender status, call <a>DescribeRecommender</a>.</p> <note> <p>Wait until the <code>status</code> of the recommender is <code>ACTIVE</code> before asking the recommender for recommendations.</p> </note> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListRecommenders</a> </p> </li> <li> <p> <a>DescribeRecommender</a> </p> </li> <li> <p> <a>UpdateRecommender</a> </p> </li> <li> <p> <a>DeleteRecommender</a> </p> </li> </ul>",
+      "idempotent":true
+    },
     "CreateSchema":{
       "name":"CreateSchema",
       "http":{
@@ -163,7 +197,7 @@
         {"shape":"ResourceAlreadyExistsException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates an Amazon Personalize schema from the specified schema string. The schema you create must be in Avro JSON format.</p> <p>Amazon Personalize recognizes three schema variants. Each schema is associated with a dataset type and has a set of required field and keywords. You specify a schema when you call <a>CreateDataset</a>.</p> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListSchemas</a> </p> </li> <li> <p> <a>DescribeSchema</a> </p> </li> <li> <p> <a>DeleteSchema</a> </p> </li> </ul>",
+      "documentation":"<p>Creates an Amazon Personalize schema from the specified schema string. The schema you create must be in Avro JSON format.</p> <p>Amazon Personalize recognizes three schema variants. Each schema is associated with a dataset type and has a set of required field and keywords. If you are creating a schema for a dataset in a Domain dataset group, you provide the domain of the Domain dataset group. You specify a schema when you call <a>CreateDataset</a>.</p> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListSchemas</a> </p> </li> <li> <p> <a>DescribeSchema</a> </p> </li> <li> <p> <a>DeleteSchema</a> </p> </li> </ul>",
       "idempotent":true
     },
     "CreateSolution":{
@@ -197,7 +231,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Trains or retrains an active solution. A solution is created using the <a>CreateSolution</a> operation and must be in the ACTIVE state before calling <code>CreateSolutionVersion</code>. A new version of the solution is created every time you call this operation.</p> <p> <b>Status</b> </p> <p>A solution version can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING</p> </li> <li> <p>CREATE IN_PROGRESS</p> </li> <li> <p>ACTIVE</p> </li> <li> <p>CREATE FAILED</p> </li> <li> <p>CREATE STOPPING</p> </li> <li> <p>CREATE STOPPED</p> </li> </ul> <p>To get the status of the version, call <a>DescribeSolutionVersion</a>. Wait until the status shows as ACTIVE before calling <code>CreateCampaign</code>.</p> <p>If the status shows as CREATE FAILED, the response includes a <code>failureReason</code> key, which describes why the job failed.</p> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListSolutionVersions</a> </p> </li> <li> <p> <a>DescribeSolutionVersion</a> </p> </li> </ul> <ul> <li> <p> <a>ListSolutions</a> </p> </li> <li> <p> <a>CreateSolution</a> </p> </li> <li> <p> <a>DescribeSolution</a> </p> </li> <li> <p> <a>DeleteSolution</a> </p> </li> </ul>"
+      "documentation":"<p>Trains or retrains an active solution in a Custom dataset group. A solution is created using the <a>CreateSolution</a> operation and must be in the ACTIVE state before calling <code>CreateSolutionVersion</code>. A new version of the solution is created every time you call this operation.</p> <p> <b>Status</b> </p> <p>A solution version can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING</p> </li> <li> <p>CREATE IN_PROGRESS</p> </li> <li> <p>ACTIVE</p> </li> <li> <p>CREATE FAILED</p> </li> <li> <p>CREATE STOPPING</p> </li> <li> <p>CREATE STOPPED</p> </li> </ul> <p>To get the status of the version, call <a>DescribeSolutionVersion</a>. Wait until the status shows as ACTIVE before calling <code>CreateCampaign</code>.</p> <p>If the status shows as CREATE FAILED, the response includes a <code>failureReason</code> key, which describes why the job failed.</p> <p class=\"title\"> <b>Related APIs</b> </p> <ul> <li> <p> <a>ListSolutionVersions</a> </p> </li> <li> <p> <a>DescribeSolutionVersion</a> </p> </li> </ul> <ul> <li> <p> <a>ListSolutions</a> </p> </li> <li> <p> <a>CreateSolution</a> </p> </li> <li> <p> <a>DescribeSolution</a> </p> </li> <li> <p> <a>DeleteSolution</a> </p> </li> </ul>"
     },
     "DeleteCampaign":{
       "name":"DeleteCampaign",
@@ -273,6 +307,21 @@
       ],
       "documentation":"<p>Deletes a filter.</p>"
     },
+    "DeleteRecommender":{
+      "name":"DeleteRecommender",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteRecommenderRequest"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Deactivates and removes a recommender. A deleted recommender can no longer be specified in a <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> request.</p>",
+      "idempotent":true
+    },
     "DeleteSchema":{
       "name":"DeleteSchema",
       "http":{
@@ -333,6 +382,21 @@
       "documentation":"<p>Gets the properties of a batch inference job including name, Amazon Resource Name (ARN), status, input and output configurations, and the ARN of the solution version used to generate the recommendations.</p>",
       "idempotent":true
     },
+    "DescribeBatchSegmentJob":{
+      "name":"DescribeBatchSegmentJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeBatchSegmentJobRequest"},
+      "output":{"shape":"DescribeBatchSegmentJobResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Gets the properties of a batch segment job including name, Amazon Resource Name (ARN), status, input and output configurations, and the ARN of the solution version used to generate segments.</p>",
+      "idempotent":true
+    },
     "DescribeCampaign":{
       "name":"DescribeCampaign",
       "http":{
@@ -468,6 +532,21 @@
       "documentation":"<p>Describes a recipe.</p> <p>A recipe contains three items:</p> <ul> <li> <p>An algorithm that trains a model.</p> </li> <li> <p>Hyperparameters that govern the training.</p> </li> <li> <p>Feature transformation information for modifying the input data before training.</p> </li> </ul> <p>Amazon Personalize provides a set of predefined recipes. You specify a recipe when you create a solution with the <a>CreateSolution</a> API. <code>CreateSolution</code> trains a model by using the algorithm in the specified recipe and a training dataset. The solution, when deployed as a campaign, can provide recommendations using the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> API.</p>",
       "idempotent":true
     },
+    "DescribeRecommender":{
+      "name":"DescribeRecommender",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeRecommenderRequest"},
+      "output":{"shape":"DescribeRecommenderResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Describes the given recommender, including its status.</p> <p>A recommender can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul> <p>When the <code>status</code> is <code>CREATE FAILED</code>, the response includes the <code>failureReason</code> key, which describes why.</p> <p>For more information on recommenders, see <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_CreateRecommender.html\">CreateRecommender</a>.</p>",
+      "idempotent":true
+    },
     "DescribeSchema":{
       "name":"DescribeSchema",
       "http":{
@@ -543,6 +622,21 @@
       "documentation":"<p>Gets a list of the batch inference jobs that have been performed off of a solution version.</p>",
       "idempotent":true
     },
+    "ListBatchSegmentJobs":{
+      "name":"ListBatchSegmentJobs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListBatchSegmentJobsRequest"},
+      "output":{"shape":"ListBatchSegmentJobsResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"InvalidNextTokenException"}
+      ],
+      "documentation":"<p>Gets a list of the batch segment jobs that have been performed off of a solution version that you specify.</p>",
+      "idempotent":true
+    },
     "ListCampaigns":{
       "name":"ListCampaigns",
       "http":{
@@ -656,11 +750,27 @@
       "input":{"shape":"ListRecipesRequest"},
       "output":{"shape":"ListRecipesResponse"},
       "errors":[
-        {"shape":"InvalidNextTokenException"}
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"InvalidInputException"}
       ],
       "documentation":"<p>Returns a list of available recipes. The response provides the properties for each recipe, including the recipe's Amazon Resource Name (ARN).</p>",
       "idempotent":true
     },
+    "ListRecommenders":{
+      "name":"ListRecommenders",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListRecommendersRequest"},
+      "output":{"shape":"ListRecommendersResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"InvalidNextTokenException"}
+      ],
+      "documentation":"<p>Returns a list of recommenders in a given Domain dataset group. When a Domain dataset group is not specified, all the recommenders associated with the account are listed. The response provides the properties for each recommender, including the Amazon Resource Name (ARN). For more information on recommenders, see <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_CreateRecommender.html\">CreateRecommender</a>.</p>",
+      "idempotent":true
+    },
     "ListSchemas":{
       "name":"ListSchemas",
       "http":{
@@ -736,6 +846,22 @@
       ],
       "documentation":"<p>Updates a campaign by either deploying a new solution or changing the value of the campaign's <code>minProvisionedTPS</code> parameter.</p> <p>To update a campaign, the campaign status must be ACTIVE or CREATE FAILED. Check the campaign status using the <a>DescribeCampaign</a> API.</p> <note> <p>You must wait until the <code>status</code> of the updated campaign is <code>ACTIVE</code> before asking the campaign for recommendations.</p> </note> <p>For more information on campaigns, see <a>CreateCampaign</a>.</p>",
       "idempotent":true
+    },
+    "UpdateRecommender":{
+      "name":"UpdateRecommender",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateRecommenderRequest"},
+      "output":{"shape":"UpdateRecommenderResponse"},
+      "errors":[
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceInUseException"}
+      ],
+      "documentation":"<p>Updates the recommender to modify the recommender configuration.</p>",
+      "idempotent":true
     }
   },
   "shapes":{
@@ -971,6 +1097,115 @@
       "member":{"shape":"BatchInferenceJobSummary"},
       "max":100
     },
+    "BatchSegmentJob":{
+      "type":"structure",
+      "members":{
+        "jobName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the batch segment job.</p>"
+        },
+        "batchSegmentJobArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the batch segment job.</p>"
+        },
+        "filterArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the filter used on the batch segment job.</p>"
+        },
+        "failureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If the batch segment job failed, the reason for the failure.</p>"
+        },
+        "solutionVersionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the solution version used by the batch segment job to generate batch segments.</p>"
+        },
+        "numResults":{
+          "shape":"NumBatchResults",
+          "documentation":"<p>The number of predicted users generated by the batch segment job for each line of input data.</p>"
+        },
+        "jobInput":{
+          "shape":"BatchSegmentJobInput",
+          "documentation":"<p>The Amazon S3 path that leads to the input data used to generate the batch segment job.</p>"
+        },
+        "jobOutput":{
+          "shape":"BatchSegmentJobOutput",
+          "documentation":"<p>The Amazon S3 bucket that contains the output data generated by the batch segment job.</p>"
+        },
+        "roleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the Amazon Identity and Access Management (IAM) role that requested the batch segment job.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the batch segment job. The status is one of the following values:</p> <ul> <li> <p>PENDING</p> </li> <li> <p>IN PROGRESS</p> </li> <li> <p>ACTIVE</p> </li> <li> <p>CREATE FAILED</p> </li> </ul>"
+        },
+        "creationDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The time at which the batch segment job was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The time at which the batch segment job last updated.</p>"
+        }
+      },
+      "documentation":"<p>Contains information on a batch segment job.</p>"
+    },
+    "BatchSegmentJobInput":{
+      "type":"structure",
+      "required":["s3DataSource"],
+      "members":{
+        "s3DataSource":{"shape":"S3DataConfig"}
+      },
+      "documentation":"<p>The input configuration of a batch segment job.</p>"
+    },
+    "BatchSegmentJobOutput":{
+      "type":"structure",
+      "required":["s3DataDestination"],
+      "members":{
+        "s3DataDestination":{"shape":"S3DataConfig"}
+      },
+      "documentation":"<p>The output configuration parameters of a batch segment job.</p>"
+    },
+    "BatchSegmentJobSummary":{
+      "type":"structure",
+      "members":{
+        "batchSegmentJobArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the batch segment job.</p>"
+        },
+        "jobName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the batch segment job.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the batch segment job. The status is one of the following values:</p> <ul> <li> <p>PENDING</p> </li> <li> <p>IN PROGRESS</p> </li> <li> <p>ACTIVE</p> </li> <li> <p>CREATE FAILED</p> </li> </ul>"
+        },
+        "creationDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The time at which the batch segment job was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The time at which the batch segment job was last updated.</p>"
+        },
+        "failureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If the batch segment job failed, the reason for the failure.</p>"
+        },
+        "solutionVersionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the solution version used by the batch segment job to generate batch segments.</p>"
+        }
+      },
+      "documentation":"<p>A truncated version of the <a>BatchSegmentJob</a> datatype. The <a>ListBatchSegmentJobs</a> operation returns a list of batch segment job summaries.</p>"
+    },
+    "BatchSegmentJobs":{
+      "type":"list",
+      "member":{"shape":"BatchSegmentJobSummary"},
+      "max":100
+    },
     "Boolean":{"type":"boolean"},
     "Campaign":{
       "type":"structure",
@@ -1013,14 +1248,14 @@
         },
         "latestCampaignUpdate":{"shape":"CampaignUpdateSummary"}
       },
-      "documentation":"<p>Describes a deployed solution version, otherwise known as a campaign. For more information on campaigns, see <a>CreateCampaign</a>.</p>"
+      "documentation":"<p>An object that describes the deployment of a solution version. For more information on campaigns, see <a>CreateCampaign</a>.</p>"
     },
     "CampaignConfig":{
       "type":"structure",
       "members":{
         "itemExplorationConfig":{
           "shape":"HyperParameters",
-          "documentation":"<p>A string to string map specifying the exploration configuration hyperparameters, including <code>explorationWeight</code> and <code>explorationItemAgeCutOff</code>, you want to use to configure the amount of item exploration Amazon Personalize uses when recommending items. Provide <code>itemExplorationConfig</code> data only if your solution uses the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/native-recipe-new-item-USER_PERSONALIZATION.html\">User-Personalization</a> recipe.</p>"
+          "documentation":"<p>Specifies the exploration configuration hyperparameters, including <code>explorationWeight</code> and <code>explorationItemAgeCutOff</code>, you want to use to configure the amount of item exploration Amazon Personalize uses when recommending items. Provide <code>itemExplorationConfig</code> data only if your solution uses the <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/native-recipe-new-item-USER_PERSONALIZATION.html\">User-Personalization</a> recipe.</p>"
         }
       },
       "documentation":"<p>The configuration details of a campaign.</p>"
@@ -1203,6 +1438,55 @@
         }
       }
     },
+    "CreateBatchSegmentJobRequest":{
+      "type":"structure",
+      "required":[
+        "jobName",
+        "solutionVersionArn",
+        "jobInput",
+        "jobOutput",
+        "roleArn"
+      ],
+      "members":{
+        "jobName":{
+          "shape":"Name",
+          "documentation":"<p>The name of the batch segment job to create.</p>"
+        },
+        "solutionVersionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the solution version you want the batch segment job to use to generate batch segments.</p>"
+        },
+        "filterArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the filter to apply to the batch segment job. For more information on using filters, see <a>filter-batch</a>.</p>"
+        },
+        "numResults":{
+          "shape":"NumBatchResults",
+          "documentation":"<p>The number of predicted users generated by the batch segment job for each line of input data.</p>"
+        },
+        "jobInput":{
+          "shape":"BatchSegmentJobInput",
+          "documentation":"<p>The Amazon S3 path for the input data used to generate the batch segment job.</p>"
+        },
+        "jobOutput":{
+          "shape":"BatchSegmentJobOutput",
+          "documentation":"<p>The Amazon S3 path for the bucket where the job's output will be stored.</p>"
+        },
+        "roleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the Amazon Identity and Access Management role that has permissions to read and write to your input and output Amazon S3 buckets respectively.</p>"
+        }
+      }
+    },
+    "CreateBatchSegmentJobResponse":{
+      "type":"structure",
+      "members":{
+        "batchSegmentJobArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the batch segment job.</p>"
+        }
+      }
+    },
     "CreateCampaignRequest":{
       "type":"structure",
       "required":[
@@ -1292,6 +1576,10 @@
         "kmsKeyArn":{
           "shape":"KmsKeyArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of a Key Management Service (KMS) key used to encrypt the datasets.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of the dataset group. Specify a domain to create a Domain dataset group. The domain you specify determines the default schemas for datasets and the use cases available for recommenders. If you don't specify a domain, you create a Custom dataset group with solution versions that you deploy with a campaign. </p>"
         }
       }
     },
@@ -1301,6 +1589,10 @@
         "datasetGroupArn":{
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the new dataset group.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain for the new Domain dataset group.</p>"
         }
       }
     },
@@ -1437,6 +1729,41 @@
         }
       }
     },
+    "CreateRecommenderRequest":{
+      "type":"structure",
+      "required":[
+        "name",
+        "datasetGroupArn",
+        "recipeArn"
+      ],
+      "members":{
+        "name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the recommender.</p>"
+        },
+        "datasetGroupArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the destination domain dataset group for the recommender.</p>"
+        },
+        "recipeArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recipe that the recommender will use. For a recommender, a recipe is a Domain dataset group use case. Only Domain dataset group use cases can be used to create a recommender. For information about use cases see <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/domain-use-cases.html\">Choosing recommender use cases</a>. </p>"
+        },
+        "recommenderConfig":{
+          "shape":"RecommenderConfig",
+          "documentation":"<p>The configuration details of the recommender.</p>"
+        }
+      }
+    },
+    "CreateRecommenderResponse":{
+      "type":"structure",
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender.</p>"
+        }
+      }
+    },
     "CreateSchemaRequest":{
       "type":"structure",
       "required":[
@@ -1451,6 +1778,10 @@
         "schema":{
           "shape":"AvroSchema",
           "documentation":"<p>A schema in Avro JSON format.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain for the schema. If you are creating a schema for a dataset in a Domain dataset group, specify the domain you chose when you created the Domain dataset group.</p>"
         }
       }
     },
@@ -1703,6 +2034,10 @@
         "failureReason":{
           "shape":"FailureReason",
           "documentation":"<p>If creating a dataset group fails, provides the reason why.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of a Domain dataset group.</p>"
         }
       },
       "documentation":"<p>A dataset group is a collection of related datasets (Interactions, User, and Item). You create a dataset group by calling <a>CreateDatasetGroup</a>. You then create a dataset and add it to a dataset group by calling <a>CreateDataset</a>. The dataset group is used to create and train a solution by calling <a>CreateSolution</a>. A dataset group can contain only one of each type of dataset.</p> <p>You can specify an Key Management Service (KMS) key to encrypt the datasets in the group.</p>"
@@ -1733,6 +2068,10 @@
         "failureReason":{
           "shape":"FailureReason",
           "documentation":"<p>If creating a dataset group fails, the reason behind the failure.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of a Domain dataset group.</p>"
         }
       },
       "documentation":"<p>Provides a summary of the properties of a dataset group. For a complete listing, call the <a>DescribeDatasetGroup</a> API.</p>"
@@ -1841,6 +2180,10 @@
         "lastUpdatedDateTime":{
           "shape":"Date",
           "documentation":"<p>The date and time (in Unix time) that the schema was last updated.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of a schema that you created for a dataset in a Domain dataset group.</p>"
         }
       },
       "documentation":"<p>Describes the schema for a dataset. For more information on schemas, see <a>CreateSchema</a>.</p>"
@@ -1863,6 +2206,10 @@
         "lastUpdatedDateTime":{
           "shape":"Date",
           "documentation":"<p>The date and time (in Unix time) that the schema was last updated.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of a schema that you created for a dataset in a Domain dataset group.</p>"
         }
       },
       "documentation":"<p>Provides a summary of the properties of a dataset schema. For a complete listing, call the <a>DescribeSchema</a> API.</p>"
@@ -2052,6 +2399,16 @@
         }
       }
     },
+    "DeleteRecommenderRequest":{
+      "type":"structure",
+      "required":["recommenderArn"],
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender to delete.</p>"
+        }
+      }
+    },
     "DeleteSchemaRequest":{
       "type":"structure",
       "required":["schemaArn"],
@@ -2110,6 +2467,25 @@
         }
       }
     },
+    "DescribeBatchSegmentJobRequest":{
+      "type":"structure",
+      "required":["batchSegmentJobArn"],
+      "members":{
+        "batchSegmentJobArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the batch segment job to describe.</p>"
+        }
+      }
+    },
+    "DescribeBatchSegmentJobResponse":{
+      "type":"structure",
+      "members":{
+        "batchSegmentJob":{
+          "shape":"BatchSegmentJob",
+          "documentation":"<p>Information on the specified batch segment job.</p>"
+        }
+      }
+    },
     "DescribeCampaignRequest":{
       "type":"structure",
       "required":["campaignArn"],
@@ -2281,6 +2657,25 @@
         }
       }
     },
+    "DescribeRecommenderRequest":{
+      "type":"structure",
+      "required":["recommenderArn"],
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender to describe.</p>"
+        }
+      }
+    },
+    "DescribeRecommenderResponse":{
+      "type":"structure",
+      "members":{
+        "recommender":{
+          "shape":"Recommender",
+          "documentation":"<p>The properties of the recommender.</p>"
+        }
+      }
+    },
     "DescribeSchemaRequest":{
       "type":"structure",
       "required":["schemaArn"],
@@ -2343,6 +2738,13 @@
       "type":"string",
       "max":256
     },
+    "Domain":{
+      "type":"string",
+      "enum":[
+        "ECOMMERCE",
+        "VIDEO_ON_DEMAND"
+      ]
+    },
     "ErrorMessage":{"type":"string"},
     "EventTracker":{
       "type":"structure",
@@ -2714,6 +3116,7 @@
     },
     "KmsKeyArn":{
       "type":"string",
+      "max":2048,
       "pattern":"arn:aws.*:kms:.*:[0-9]{12}:key/.*"
     },
     "LimitExceededException":{
@@ -2754,6 +3157,36 @@
         }
       }
     },
+    "ListBatchSegmentJobsRequest":{
+      "type":"structure",
+      "members":{
+        "solutionVersionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the solution version that the batch segment jobs used to generate batch segments.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to request the next page of results.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of batch segment job results to return in each page. The default value is 100.</p>"
+        }
+      }
+    },
+    "ListBatchSegmentJobsResponse":{
+      "type":"structure",
+      "members":{
+        "batchSegmentJobs":{
+          "shape":"BatchSegmentJobs",
+          "documentation":"<p>A list containing information on each job that is returned.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. The value is <code>null</code> when there are no more results to return.</p>"
+        }
+      }
+    },
     "ListCampaignsRequest":{
       "type":"structure",
       "members":{
@@ -2974,6 +3407,10 @@
         "maxResults":{
           "shape":"MaxResults",
           "documentation":"<p>The maximum number of recipes to return.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p> Filters returned recipes by domain for a Domain dataset group. Only recipes (Domain dataset group use cases) for this domain are included in the response. If you don't specify a domain, only non-domain recipes are returned. </p>"
         }
       }
     },
@@ -2990,6 +3427,36 @@
         }
       }
     },
+    "ListRecommendersRequest":{
+      "type":"structure",
+      "members":{
+        "datasetGroupArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Domain dataset group to list the recommenders for. When a Domain dataset group is not specified, all the recommenders associated with the account are listed.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token returned from the previous call to <code>ListRecommenders</code> for getting the next set of recommenders (if they exist).</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of recommenders to return.</p>"
+        }
+      }
+    },
+    "ListRecommendersResponse":{
+      "type":"structure",
+      "members":{
+        "recommenders":{
+          "shape":"Recommenders",
+          "documentation":"<p>A list of the recommenders.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token for getting the next set of recommenders (if they exist).</p>"
+        }
+      }
+    },
     "ListSchemasRequest":{
       "type":"structure",
       "members":{
@@ -3104,7 +3571,7 @@
     },
     "NextToken":{
       "type":"string",
-      "max":1300
+      "max":1500
     },
     "NumBatchResults":{"type":"integer"},
     "ObjectiveSensitivity":{
@@ -3208,6 +3675,10 @@
         "lastUpdatedDateTime":{
           "shape":"Date",
           "documentation":"<p>The date and time (in Unix time) that the recipe was last updated.</p>"
+        },
+        "domain":{
+          "shape":"Domain",
+          "documentation":"<p>The domain of the recipe (if the recipe is a Domain dataset group use case).</p>"
         }
       },
       "documentation":"<p>Provides a summary of the properties of a recipe. For a complete listing, call the <a>DescribeRecipe</a> API.</p>"
@@ -3221,6 +3692,135 @@
       "member":{"shape":"RecipeSummary"},
       "max":100
     },
+    "Recommender":{
+      "type":"structure",
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender.</p>"
+        },
+        "datasetGroupArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Domain dataset group that contains the recommender.</p>"
+        },
+        "name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the recommender.</p>"
+        },
+        "recipeArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recipe (Domain dataset group use case) that the recommender was created for. </p>"
+        },
+        "recommenderConfig":{
+          "shape":"RecommenderConfig",
+          "documentation":"<p>The configuration details of the recommender.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix format) that the recommender was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix format) that the recommender was last updated.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the recommender.</p> <p>A recommender can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul>"
+        },
+        "failureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If a recommender fails, the reason behind the failure.</p>"
+        },
+        "latestRecommenderUpdate":{
+          "shape":"RecommenderUpdateSummary",
+          "documentation":"<p>Provides a summary of the latest updates to the recommender. </p>"
+        }
+      },
+      "documentation":"<p>Describes a recommendation generator for a Domain dataset group. You create a recommender in a Domain dataset group for a specific domain use case (domain recipe), and specify the recommender in a <a href=\"https://docs.aws.amazon.com/personalize/latest/dg/API_RS_GetRecommendations.html\">GetRecommendations</a> request.</p>"
+    },
+    "RecommenderConfig":{
+      "type":"structure",
+      "members":{
+        "itemExplorationConfig":{
+          "shape":"HyperParameters",
+          "documentation":"<p>Specifies the exploration configuration hyperparameters, including <code>explorationWeight</code> and <code>explorationItemAgeCutOff</code>, you want to use to configure the amount of item exploration Amazon Personalize uses when recommending items. Provide <code>itemExplorationConfig</code> data only if your recommenders generate personalized recommendations for a user (not popular items or similar items).</p>"
+        },
+        "minRecommendationRequestsPerSecond":{
+          "shape":"TransactionsPerSecond",
+          "documentation":"<p>Specifies the requested minimum provisioned recommendation requests per second that Amazon Personalize will support.</p>"
+        }
+      },
+      "documentation":"<p>The configuration details of the recommender.</p>"
+    },
+    "RecommenderSummary":{
+      "type":"structure",
+      "members":{
+        "name":{
+          "shape":"Name",
+          "documentation":"<p>The name of the recommender.</p>"
+        },
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender.</p>"
+        },
+        "datasetGroupArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Domain dataset group that contains the recommender.</p>"
+        },
+        "recipeArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recipe (Domain dataset group use case) that the recommender was created for.</p>"
+        },
+        "recommenderConfig":{
+          "shape":"RecommenderConfig",
+          "documentation":"<p>The configuration details of the recommender.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the recommender. A recommender can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul>"
+        },
+        "creationDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix format) that the recommender was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix format) that the recommender was last updated.</p>"
+        }
+      },
+      "documentation":"<p>Provides a summary of the properties of the recommender.</p>"
+    },
+    "RecommenderUpdateSummary":{
+      "type":"structure",
+      "members":{
+        "recommenderConfig":{
+          "shape":"RecommenderConfig",
+          "documentation":"<p>The configuration details of the recommender update.</p>"
+        },
+        "creationDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix format) that the recommender update was created.</p>"
+        },
+        "lastUpdatedDateTime":{
+          "shape":"Date",
+          "documentation":"<p>The date and time (in Unix time) that the recommender update was last updated.</p>"
+        },
+        "status":{
+          "shape":"Status",
+          "documentation":"<p>The status of the recommender update.</p> <p>A recommender can be in one of the following states:</p> <ul> <li> <p>CREATE PENDING &gt; CREATE IN_PROGRESS &gt; ACTIVE -or- CREATE FAILED</p> </li> <li> <p>DELETE PENDING &gt; DELETE IN_PROGRESS</p> </li> </ul>"
+        },
+        "failureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If a recommender update fails, the reason behind the failure.</p>"
+        }
+      },
+      "documentation":"<p>Provides a summary of the properties of a recommender update. For a complete listing, call the DescribeRecommender API operation.</p>"
+    },
+    "Recommenders":{
+      "type":"list",
+      "member":{"shape":"RecommenderSummary"},
+      "max":100
+    },
     "ResourceAlreadyExistsException":{
       "type":"structure",
       "members":{
@@ -3266,7 +3866,7 @@
         },
         "kmsKeyArn":{
           "shape":"KmsKeyArn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Key Management Service (KMS) key that Amazon Personalize uses to encrypt or decrypt the input and output files of a batch inference job.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Key Management Service (KMS) key that Amazon Personalize uses to encrypt or decrypt the input and output files.</p>"
         }
       },
       "documentation":"<p>The configuration details of an Amazon S3 input or output bucket.</p>"
@@ -3459,7 +4059,7 @@
           "documentation":"<p>The date and time (in Unix time) that the solution was last updated.</p>"
         }
       },
-      "documentation":"<p>An object that provides information about a specific version of a <a>Solution</a>.</p>"
+      "documentation":"<p>An object that provides information about a specific version of a <a>Solution</a> in a Custom dataset group.</p>"
     },
     "SolutionVersionSummary":{
       "type":"structure",
@@ -3575,6 +4175,32 @@
           "documentation":"<p>The same campaign ARN as given in the request.</p>"
         }
       }
+    },
+    "UpdateRecommenderRequest":{
+      "type":"structure",
+      "required":[
+        "recommenderArn",
+        "recommenderConfig"
+      ],
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommender to modify.</p>"
+        },
+        "recommenderConfig":{
+          "shape":"RecommenderConfig",
+          "documentation":"<p>The configuration details of the recommender.</p>"
+        }
+      }
+    },
+    "UpdateRecommenderResponse":{
+      "type":"structure",
+      "members":{
+        "recommenderArn":{
+          "shape":"Arn",
+          "documentation":"<p>The same recommender Amazon Resource Name (ARN) as given in the request.</p>"
+        }
+      }
     }
   },
   "documentation":"<p>Amazon Personalize is a machine learning service that makes it easy to add individualized recommendations to customers.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/pi/2018-02-27/service-2.json b/contrib/python/botocore/py3/botocore/data/pi/2018-02-27/service-2.json
index efeacb1839b..301996e5630 100644
--- a/contrib/python/botocore/py3/botocore/data/pi/2018-02-27/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/pi/2018-02-27/service-2.json
@@ -27,7 +27,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"NotAuthorizedException"}
       ],
-      "documentation":"<p>For a specific time period, retrieve the top <code>N</code> dimension keys for a metric.</p> <note> <p>Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned.</p> </note>"
+      "documentation":"<p>For a specific time period, retrieve the top <code>N</code> dimension keys for a metric. </p> <note> <p>Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned.</p> </note>"
     },
     "GetDimensionKeyDetails":{
       "name":"GetDimensionKeyDetails",
@@ -42,7 +42,22 @@
         {"shape":"InternalServiceError"},
         {"shape":"NotAuthorizedException"}
       ],
-      "documentation":"<p>Get the attributes of the specified dimension group for a DB instance or data source. For example, if you specify a SQL ID, <code>GetDimensionKeyDetails</code> retrieves the full text of the dimension <code>db.sql.statement</code> associated with this ID. This operation is useful because <code>GetResourceMetrics</code> and <code>DescribeDimensionKeys</code> don't support retrieval of large SQL statement text.</p>"
+      "documentation":"<p>Get the attributes of the specified dimension group for a DB instance or data source. For example, if you specify a SQL ID, <code>GetDimensionKeyDetails</code> retrieves the full text of the dimension <code>db.sql.statement</code>cassociated with this ID. This operation is useful because <code>GetResourceMetrics</code> and <code>DescribeDimensionKeys</code> don't support retrieval of large SQL statement text.</p>"
+    },
+    "GetResourceMetadata":{
+      "name":"GetResourceMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetResourceMetadataRequest"},
+      "output":{"shape":"GetResourceMetadataResponse"},
+      "errors":[
+        {"shape":"InvalidArgumentException"},
+        {"shape":"InternalServiceError"},
+        {"shape":"NotAuthorizedException"}
+      ],
+      "documentation":"<p>Retrieve the metadata for different features. For example, the metadata might indicate that a feature is turned on or off on a specific DB instance. </p>"
     },
     "GetResourceMetrics":{
       "name":"GetResourceMetrics",
@@ -58,9 +73,50 @@
         {"shape":"NotAuthorizedException"}
       ],
       "documentation":"<p>Retrieve Performance Insights metrics for a set of data sources, over a time period. You can provide specific dimension groups and dimensions, and provide aggregation and filtering criteria for each group.</p> <note> <p>Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned.</p> </note>"
+    },
+    "ListAvailableResourceDimensions":{
+      "name":"ListAvailableResourceDimensions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListAvailableResourceDimensionsRequest"},
+      "output":{"shape":"ListAvailableResourceDimensionsResponse"},
+      "errors":[
+        {"shape":"InvalidArgumentException"},
+        {"shape":"InternalServiceError"},
+        {"shape":"NotAuthorizedException"}
+      ],
+      "documentation":"<p>Retrieve the dimensions that can be queried for each specified metric type on a specified DB instance.</p>"
+    },
+    "ListAvailableResourceMetrics":{
+      "name":"ListAvailableResourceMetrics",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListAvailableResourceMetricsRequest"},
+      "output":{"shape":"ListAvailableResourceMetricsResponse"},
+      "errors":[
+        {"shape":"InvalidArgumentException"},
+        {"shape":"InternalServiceError"},
+        {"shape":"NotAuthorizedException"}
+      ],
+      "documentation":"<p>Retrieve metrics of the specified types that can be queried for a specified DB instance. </p>"
     }
   },
   "shapes":{
+    "AdditionalMetricsList":{
+      "type":"list",
+      "member":{"shape":"RequestString"},
+      "max":30,
+      "min":1
+    },
+    "AdditionalMetricsMap":{
+      "type":"map",
+      "key":{"shape":"RequestString"},
+      "value":{"shape":"Double"}
+    },
     "DataPoint":{
       "type":"structure",
       "required":[
@@ -96,15 +152,15 @@
       "members":{
         "ServiceType":{
           "shape":"ServiceType",
-          "documentation":"<p>The AWS service for which Performance Insights will return metrics. The only valid value for <i>ServiceType</i> is <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights will return metrics. The only valid value for <i>ServiceType</i> is <code>RDS</code>. </p>"
         },
         "Identifier":{
           "shape":"RequestString",
-          "documentation":"<p>An immutable, AWS Region-unique identifier for a data source. Performance Insights gathers metrics from this data source.</p> <p>To use an Amazon RDS instance as a data source, you specify its <code>DbiResourceId</code> value. For example, specify <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code> </p>"
+          "documentation":"<p>An immutable, Amazon Web Services Region-unique identifier for a data source. Performance Insights gathers metrics from this data source.</p> <p>To use an Amazon RDS instance as a data source, you specify its <code>DbiResourceId</code> value. For example, specify <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code>. </p>"
         },
         "StartTime":{
           "shape":"ISOTimestamp",
-          "documentation":"<p>The date and time specifying the beginning of the requested time series data. You must specify a <code>StartTime</code> within the past 7 days. The value specified is <i>inclusive</i>, which means that data points equal to or greater than <code>StartTime</code> are returned.</p> <p>The value for <code>StartTime</code> must be earlier than the value for <code>EndTime</code>.</p>"
+          "documentation":"<p>The date and time specifying the beginning of the requested time series data. You must specify a <code>StartTime</code> within the past 7 days. The value specified is <i>inclusive</i>, which means that data points equal to or greater than <code>StartTime</code> are returned. </p> <p>The value for <code>StartTime</code> must be earlier than the value for <code>EndTime</code>. </p>"
         },
         "EndTime":{
           "shape":"ISOTimestamp",
@@ -112,19 +168,23 @@
         },
         "Metric":{
           "shape":"RequestString",
-          "documentation":"<p>The name of a Performance Insights metric to be measured.</p> <p>Valid values for <code>Metric</code> are:</p> <ul> <li> <p> <code>db.load.avg</code> - a scaled representation of the number of active sessions for the database engine.</p> </li> <li> <p> <code>db.sampledload.avg</code> - the raw number of active sessions for the database engine.</p> </li> </ul> <p>If the number of active sessions is less than an internal Performance Insights threshold, <code>db.load.avg</code> and <code>db.sampledload.avg</code> are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with <code>db.load.avg</code> showing the scaled values, <code>db.sampledload.avg</code> showing the raw values, and <code>db.sampledload.avg</code> less than <code>db.load.avg</code>. For most use cases, you can query <code>db.load.avg</code> only. </p>"
+          "documentation":"<p>The name of a Performance Insights metric to be measured.</p> <p>Valid values for <code>Metric</code> are:</p> <ul> <li> <p> <code>db.load.avg</code> - a scaled representation of the number of active sessions for the database engine. </p> </li> <li> <p> <code>db.sampledload.avg</code> - the raw number of active sessions for the database engine. </p> </li> </ul> <p>If the number of active sessions is less than an internal Performance Insights threshold, <code>db.load.avg</code> and <code>db.sampledload.avg</code> are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with <code>db.load.avg</code> showing the scaled values, <code>db.sampledload.avg</code> showing the raw values, and <code>db.sampledload.avg</code> less than <code>db.load.avg</code>. For most use cases, you can query <code>db.load.avg</code> only. </p>"
         },
         "PeriodInSeconds":{
           "shape":"Integer",
-          "documentation":"<p>The granularity, in seconds, of the data points returned from Performance Insights. A period can be as short as one second, or as long as one day (86400 seconds). Valid values are:</p> <ul> <li> <p> <code>1</code> (one second)</p> </li> <li> <p> <code>60</code> (one minute)</p> </li> <li> <p> <code>300</code> (five minutes)</p> </li> <li> <p> <code>3600</code> (one hour)</p> </li> <li> <p> <code>86400</code> (twenty-four hours)</p> </li> </ul> <p>If you don't specify <code>PeriodInSeconds</code>, then Performance Insights chooses a value for you, with a goal of returning roughly 100-200 data points in the response.</p>"
+          "documentation":"<p>The granularity, in seconds, of the data points returned from Performance Insights. A period can be as short as one second, or as long as one day (86400 seconds). Valid values are: </p> <ul> <li> <p> <code>1</code> (one second)</p> </li> <li> <p> <code>60</code> (one minute)</p> </li> <li> <p> <code>300</code> (five minutes)</p> </li> <li> <p> <code>3600</code> (one hour)</p> </li> <li> <p> <code>86400</code> (twenty-four hours)</p> </li> </ul> <p>If you don't specify <code>PeriodInSeconds</code>, then Performance Insights chooses a value for you, with a goal of returning roughly 100-200 data points in the response. </p>"
         },
         "GroupBy":{
           "shape":"DimensionGroup",
-          "documentation":"<p>A specification for how to aggregate the data points from a query result. You must specify a valid dimension group. Performance Insights returns all dimensions within this group, unless you provide the names of specific dimensions within this group. You can also request that Performance Insights return a limited number of values for a dimension.</p>"
+          "documentation":"<p>A specification for how to aggregate the data points from a query result. You must specify a valid dimension group. Performance Insights returns all dimensions within this group, unless you provide the names of specific dimensions within this group. You can also request that Performance Insights return a limited number of values for a dimension. </p>"
+        },
+        "AdditionalMetrics":{
+          "shape":"AdditionalMetricsList",
+          "documentation":"<p>Additional metrics for the top <code>N</code> dimension keys. If the specified dimension group in the <code>GroupBy</code> parameter is <code>db.sql_tokenized</code>, you can specify per-SQL metrics to get the values for the top <code>N</code> SQL digests. The response syntax is <code>\"AdditionalMetrics\" : { \"<i>string</i>\" : \"<i>string</i>\" }</code>. </p> <p/>"
         },
         "PartitionBy":{
           "shape":"DimensionGroup",
-          "documentation":"<p>For each dimension specified in <code>GroupBy</code>, specify a secondary dimension to further subdivide the partition keys in the response.</p>"
+          "documentation":"<p>For each dimension specified in <code>GroupBy</code>, specify a secondary dimension to further subdivide the partition keys in the response. </p>"
         },
         "Filter":{
           "shape":"MetricQueryFilterMap",
@@ -136,7 +196,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>.</p>"
+          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>. </p>"
         }
       }
     },
@@ -145,15 +205,15 @@
       "members":{
         "AlignedStartTime":{
           "shape":"ISOTimestamp",
-          "documentation":"<p>The start time for the returned dimension keys, after alignment to a granular boundary (as specified by <code>PeriodInSeconds</code>). <code>AlignedStartTime</code> will be less than or equal to the value of the user-specified <code>StartTime</code>.</p>"
+          "documentation":"<p>The start time for the returned dimension keys, after alignment to a granular boundary (as specified by <code>PeriodInSeconds</code>). <code>AlignedStartTime</code> will be less than or equal to the value of the user-specified <code>StartTime</code>. </p>"
         },
         "AlignedEndTime":{
           "shape":"ISOTimestamp",
-          "documentation":"<p>The end time for the returned dimension keys, after alignment to a granular boundary (as specified by <code>PeriodInSeconds</code>). <code>AlignedEndTime</code> will be greater than or equal to the value of the user-specified <code>Endtime</code>.</p>"
+          "documentation":"<p>The end time for the returned dimension keys, after alignment to a granular boundary (as specified by <code>PeriodInSeconds</code>). <code>AlignedEndTime</code> will be greater than or equal to the value of the user-specified <code>Endtime</code>. </p>"
         },
         "PartitionKeys":{
           "shape":"ResponsePartitionKeyList",
-          "documentation":"<p>If <code>PartitionBy</code> was present in the request, <code>PartitionKeys</code> contains the breakdown of dimension keys by the specified partitions.</p>"
+          "documentation":"<p>If <code>PartitionBy</code> was present in the request, <code>PartitionKeys</code> contains the breakdown of dimension keys by the specified partitions. </p>"
         },
         "Keys":{
           "shape":"DimensionKeyDescriptionList",
@@ -161,10 +221,15 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>.</p>"
+          "documentation":"<p>A pagination token that indicates the response didn’t return all available records because <code>MaxRecords</code> was specified in the previous request. To get the remaining records, specify <code>NextToken</code> in a separate request with this value. </p>"
         }
       }
     },
+    "Description":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
     "DetailStatus":{
       "type":"string",
       "enum":[
@@ -173,17 +238,31 @@
         "UNAVAILABLE"
       ]
     },
+    "DimensionDetail":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier of a dimension.</p>"
+        }
+      },
+      "documentation":"<p>The information about a dimension.</p>"
+    },
+    "DimensionDetailList":{
+      "type":"list",
+      "member":{"shape":"DimensionDetail"}
+    },
     "DimensionGroup":{
       "type":"structure",
       "required":["Group"],
       "members":{
         "Group":{
           "shape":"RequestString",
-          "documentation":"<p>The name of the dimension group. Valid values are:</p> <ul> <li> <p> <code>db</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, RDS PostgreSQL, Aurora MySQL, RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.application</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.session_type</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql</code> - The SQL that is currently executing (all engines)</p> </li> <li> <p> <code>db.sql_tokenized</code> - The SQL digest (all engines)</p> </li> <li> <p> <code>db.wait_event</code> - The event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type</code> - The type of event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.user</code> - The user logged in to the database (all engines)</p> </li> </ul>"
+          "documentation":"<p>The name of the dimension group. Valid values are:</p> <ul> <li> <p> <code>db</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, Amazon RDS PostgreSQL, Aurora MySQL, Amazon RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.application</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.session_type</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql</code> - The SQL that is currently executing (all engines)</p> </li> <li> <p> <code>db.sql_tokenized</code> - The SQL digest (all engines)</p> </li> <li> <p> <code>db.wait_event</code> - The event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type</code> - The type of event for which the database backend is waiting (all engines)</p> </li> <li> <p> <code>db.user</code> - The user logged in to the database (all engines)</p> </li> </ul>"
         },
         "Dimensions":{
           "shape":"RequestStringList",
-          "documentation":"<p>A list of specific dimensions from a dimension group. If this parameter is not present, then it signifies that all of the dimensions in the group were requested, or are present in the response.</p> <p>Valid values for elements in the <code>Dimensions</code> array are:</p> <ul> <li> <p> <code>db.application.name</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host.id</code> - The host ID of the connected client (all engines)</p> </li> <li> <p> <code>db.host.name</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.name</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, RDS PostgreSQL, Aurora MySQL, RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.session_type.name</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql.id</code> - The SQL ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql.db_id</code> - The SQL ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql.statement</code> - The SQL text that is being executed (all engines)</p> </li> <li> <p> <code>db.sql.tokenized_id</code> </p> </li> <li> <p> <code>db.sql_tokenized.id</code> - The SQL digest ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.db_id</code> - SQL digest ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.statement</code> - The SQL digest text (all engines)</p> </li> <li> <p> <code>db.user.id</code> - The ID of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.user.name</code> - The name of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.wait_event.name</code> - The event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event.type</code> - The type of event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type.name</code> - The name of the event type for which the backend is waiting (all engines)</p> </li> </ul>"
+          "documentation":"<p>A list of specific dimensions from a dimension group. If this parameter is not present, then it signifies that all of the dimensions in the group were requested, or are present in the response.</p> <p>Valid values for elements in the <code>Dimensions</code> array are:</p> <ul> <li> <p> <code>db.application.name</code> - The name of the application that is connected to the database (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.host.id</code> - The host ID of the connected client (all engines)</p> </li> <li> <p> <code>db.host.name</code> - The host name of the connected client (all engines)</p> </li> <li> <p> <code>db.name</code> - The name of the database to which the client is connected (only Aurora PostgreSQL, Amazon RDS PostgreSQL, Aurora MySQL, Amazon RDS MySQL, and MariaDB)</p> </li> <li> <p> <code>db.session_type.name</code> - The type of the current session (only Aurora PostgreSQL and RDS PostgreSQL)</p> </li> <li> <p> <code>db.sql.id</code> - The SQL ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql.db_id</code> - The SQL ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql.statement</code> - The SQL text that is being executed (all engines)</p> </li> <li> <p> <code>db.sql.tokenized_id</code> </p> </li> <li> <p> <code>db.sql_tokenized.id</code> - The SQL digest ID generated by Performance Insights (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.db_id</code> - SQL digest ID generated by the database (all engines)</p> </li> <li> <p> <code>db.sql_tokenized.statement</code> - The SQL digest text (all engines)</p> </li> <li> <p> <code>db.user.id</code> - The ID of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.user.name</code> - The name of the user logged in to the database (all engines)</p> </li> <li> <p> <code>db.wait_event.name</code> - The event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event.type</code> - The type of event for which the backend is waiting (all engines)</p> </li> <li> <p> <code>db.wait_event_type.name</code> - The name of the event type for which the backend is waiting (all engines)</p> </li> </ul>"
         },
         "Limit":{
           "shape":"Limit",
@@ -192,6 +271,24 @@
       },
       "documentation":"<p>A logical grouping of Performance Insights metrics for a related subject area. For example, the <code>db.sql</code> dimension group consists of the following dimensions: <code>db.sql.id</code>, <code>db.sql.db_id</code>, <code>db.sql.statement</code>, and <code>db.sql.tokenized_id</code>.</p> <note> <p>Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned.</p> </note>"
     },
+    "DimensionGroupDetail":{
+      "type":"structure",
+      "members":{
+        "Group":{
+          "shape":"String",
+          "documentation":"<p>The name of the dimension group.</p>"
+        },
+        "Dimensions":{
+          "shape":"DimensionDetailList",
+          "documentation":"<p>The dimensions within a dimension group.</p>"
+        }
+      },
+      "documentation":"<p>Information about dimensions within a dimension group.</p>"
+    },
+    "DimensionGroupDetailList":{
+      "type":"list",
+      "member":{"shape":"DimensionGroupDetail"}
+    },
     "DimensionKeyDescription":{
       "type":"structure",
       "members":{
@@ -201,14 +298,18 @@
         },
         "Total":{
           "shape":"Double",
-          "documentation":"<p>The aggregated metric value for the dimension(s), over the requested time range.</p>"
+          "documentation":"<p>The aggregated metric value for the dimensions, over the requested time range.</p>"
+        },
+        "AdditionalMetrics":{
+          "shape":"AdditionalMetricsMap",
+          "documentation":"<p>A map that contains the value for each additional metric.</p>"
         },
         "Partitions":{
           "shape":"MetricValuesList",
           "documentation":"<p>If <code>PartitionBy</code> was specified, <code>PartitionKeys</code> contains the dimensions that were.</p>"
         }
       },
-      "documentation":"<p>An array of descriptions and aggregated values for each dimension within a dimension group.</p>"
+      "documentation":"<p>An object that includes the requested dimension key values and aggregated metric values within a dimension group.</p>"
     },
     "DimensionKeyDescriptionList":{
       "type":"list",
@@ -241,8 +342,40 @@
       "key":{"shape":"RequestString"},
       "value":{"shape":"RequestString"}
     },
+    "DimensionsMetricList":{
+      "type":"list",
+      "member":{"shape":"RequestString"},
+      "max":5,
+      "min":1
+    },
     "Double":{"type":"double"},
     "ErrorString":{"type":"string"},
+    "FeatureMetadata":{
+      "type":"structure",
+      "members":{
+        "Status":{
+          "shape":"FeatureStatus",
+          "documentation":"<p>The status of the feature on the DB instance. Possible values include the following: </p> <ul> <li> <p> <code>ENABLED</code>: the feature is enabled on the instance.</p> </li> <li> <p> <code>DISABLED</code>: the feature is disabled on the instance.</p> </li> <li> <p> <code>UNSUPPORTED</code>: the feature isn't supported on the instance.</p> </li> <li> <p> <code>ENABLED_PENDING_REBOOT</code>: the feature is enabled on the instance but requires a reboot to take effect.</p> </li> <li> <p> <code>DISABLED_PENDING_REBOOT</code>: the feature is disabled on the instance but requires a reboot to take effect.</p> </li> <li> <p> <code>UNKNOWN</code>: the feature status couldn't be determined.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>The metadata for a feature. For example, the metadata might indicate that a feature is turned on or off on a specific DB instance.</p>"
+    },
+    "FeatureMetadataMap":{
+      "type":"map",
+      "key":{"shape":"String"},
+      "value":{"shape":"FeatureMetadata"}
+    },
+    "FeatureStatus":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED",
+        "UNSUPPORTED",
+        "ENABLED_PENDING_REBOOT",
+        "DISABLED_PENDING_REBOOT",
+        "UNKNOWN"
+      ]
+    },
     "GetDimensionKeyDetailsRequest":{
       "type":"structure",
       "required":[
@@ -254,11 +387,11 @@
       "members":{
         "ServiceType":{
           "shape":"ServiceType",
-          "documentation":"<p>The AWS service for which Performance Insights returns data. The only valid value is <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights returns data. The only valid value is <code>RDS</code>.</p>"
         },
         "Identifier":{
           "shape":"IdentifierString",
-          "documentation":"<p>The ID for a data source from which to gather dimension data. This ID must be immutable and unique within an AWS Region. When a DB instance is the data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VW2X</code>. </p>"
+          "documentation":"<p>The ID for a data source from which to gather dimension data. This ID must be immutable and unique within an Amazon Web Services Region. When a DB instance is the data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VW2X</code>. </p>"
         },
         "Group":{
           "shape":"RequestString",
@@ -270,7 +403,7 @@
         },
         "RequestedDimensions":{
           "shape":"RequestedDimensionList",
-          "documentation":"<p>A list of dimensions to retrieve the detail data for within the given dimension group. For the dimension group <code>db.sql</code>, specify either the full dimension name <code>db.sql.statement</code> or the short dimension name <code>statement</code>. If you don't specify this parameter, Performance Insights returns all dimension data within the specified dimension group.</p>"
+          "documentation":"<p>A list of dimensions to retrieve the detail data for within the given dimension group. For the dimension group <code>db.sql</code>, specify either the full dimension name <code>db.sql.statement</code> or the short dimension name <code>statement</code>. If you don't specify this parameter, Performance Insights returns all dimension data within the specified dimension group. </p>"
         }
       }
     },
@@ -283,6 +416,36 @@
         }
       }
     },
+    "GetResourceMetadataRequest":{
+      "type":"structure",
+      "required":[
+        "ServiceType",
+        "Identifier"
+      ],
+      "members":{
+        "ServiceType":{
+          "shape":"ServiceType",
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights returns metrics.</p>"
+        },
+        "Identifier":{
+          "shape":"RequestString",
+          "documentation":"<p>An immutable identifier for a data source that is unique for an Amazon Web Services Region. Performance Insights gathers metrics from this data source. To use a DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VW2X</code>. </p>"
+        }
+      }
+    },
+    "GetResourceMetadataResponse":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"String",
+          "documentation":"<p>An immutable identifier for a data source that is unique for an Amazon Web Services Region. Performance Insights gathers metrics from this data source. To use a DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VW2X</code>. </p>"
+        },
+        "Features":{
+          "shape":"FeatureMetadataMap",
+          "documentation":"<p>The metadata for different features. For example, the metadata might indicate that a feature is turned on or off on a specific DB instance.</p>"
+        }
+      }
+    },
     "GetResourceMetricsRequest":{
       "type":"structure",
       "required":[
@@ -295,11 +458,11 @@
       "members":{
         "ServiceType":{
           "shape":"ServiceType",
-          "documentation":"<p>The AWS service for which Performance Insights returns metrics. The only valid value for <i>ServiceType</i> is <code>RDS</code>.</p>"
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights returns metrics. The only valid value for <i>ServiceType</i> is <code>RDS</code>.</p>"
         },
         "Identifier":{
           "shape":"RequestString",
-          "documentation":"<p>An immutable, AWS Region-unique identifier for a data source. Performance Insights gathers metrics from this data source.</p> <p>To use a DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code>.</p>"
+          "documentation":"<p>An immutable, Amazon Web Services Region-unique identifier for a data source. Performance Insights gathers metrics from this data source.</p> <p>To use a DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code>.</p>"
         },
         "MetricQueries":{
           "shape":"MetricQueryList",
@@ -340,7 +503,7 @@
         },
         "Identifier":{
           "shape":"String",
-          "documentation":"<p>An immutable, AWS Region-unique identifier for a data source. Performance Insights gathers metrics from this data source.</p> <p>To use a DB instance as a data source, you specify its <code>DbiResourceId</code> value - for example: <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code> </p>"
+          "documentation":"<p>An immutable, Amazon Web Services Region-unique identifier for a data source. Performance Insights gathers metrics from this data source. </p> <p>To use a DB instance as a data source, you specify its <code>DbiResourceId</code> value - for example: <code>db-FAIHNTYBKTGAUSUZQYPDS2GW4A</code> </p>"
         },
         "MetricList":{
           "shape":"MetricKeyDataPointsList",
@@ -348,7 +511,7 @@
         },
         "NextToken":{
           "shape":"NextToken",
-          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>.</p>"
+          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>. </p>"
         }
       }
     },
@@ -382,17 +545,121 @@
       "max":10,
       "min":1
     },
+    "ListAvailableResourceDimensionsRequest":{
+      "type":"structure",
+      "required":[
+        "ServiceType",
+        "Identifier",
+        "Metrics"
+      ],
+      "members":{
+        "ServiceType":{
+          "shape":"ServiceType",
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights returns metrics.</p>"
+        },
+        "Identifier":{
+          "shape":"RequestString",
+          "documentation":"<p>An immutable identifier for a data source that is unique within an Amazon Web Services Region. Performance Insights gathers metrics from this data source. To use an Amazon RDS DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VWZ</code>. </p>"
+        },
+        "Metrics":{
+          "shape":"DimensionsMetricList",
+          "documentation":"<p>The types of metrics for which to retrieve dimensions. Valid values include <code>db.load</code>.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of items to return in the response. If more items exist than the specified <code>MaxRecords</code> value, a pagination token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>. </p>"
+        }
+      }
+    },
+    "ListAvailableResourceDimensionsResponse":{
+      "type":"structure",
+      "members":{
+        "MetricDimensions":{
+          "shape":"MetricDimensionsList",
+          "documentation":"<p>The dimension information returned for requested metric types.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>.</p>"
+        }
+      }
+    },
+    "ListAvailableResourceMetricsRequest":{
+      "type":"structure",
+      "required":[
+        "ServiceType",
+        "Identifier",
+        "MetricTypes"
+      ],
+      "members":{
+        "ServiceType":{
+          "shape":"ServiceType",
+          "documentation":"<p>The Amazon Web Services service for which Performance Insights returns metrics.</p>"
+        },
+        "Identifier":{
+          "shape":"RequestString",
+          "documentation":"<p>An immutable identifier for a data source that is unique within an Amazon Web Services Region. Performance Insights gathers metrics from this data source. To use an Amazon RDS DB instance as a data source, specify its <code>DbiResourceId</code> value. For example, specify <code>db-ABCDEFGHIJKLMNOPQRSTU1VWZ</code>. </p>"
+        },
+        "MetricTypes":{
+          "shape":"MetricTypeList",
+          "documentation":"<p>The types of metrics to return in the response. Valid values in the array include the following:</p> <ul> <li> <p> <code>os</code> (OS counter metrics)</p> </li> <li> <p> <code>db</code> (DB load metrics)</p> </li> <li> <p> <code>db.sql.stats</code> (per-SQL metrics)</p> </li> <li> <p> <code>db.sql_tokenized.stats</code> (per-SQL digest metrics)</p> </li> </ul>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>An optional pagination token provided by a previous request. If this parameter is specified, the response includes only records beyond the token, up to the value specified by <code>MaxRecords</code>. </p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of items to return. If the <code>MaxRecords</code> value is less than the number of existing items, the response includes a pagination token. </p>"
+        }
+      }
+    },
+    "ListAvailableResourceMetricsResponse":{
+      "type":"structure",
+      "members":{
+        "Metrics":{
+          "shape":"ResponseResourceMetricList",
+          "documentation":"<p>An array of metrics available to query. Each array element contains the full name, description, and unit of the metric. </p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A pagination token that indicates the response didn’t return all available records because <code>MaxRecords</code> was specified in the previous request. To get the remaining records, specify <code>NextToken</code> in a separate request with this value. </p>"
+        }
+      }
+    },
     "MaxResults":{
       "type":"integer",
       "max":20,
       "min":0
     },
+    "MetricDimensionGroups":{
+      "type":"structure",
+      "members":{
+        "Metric":{
+          "shape":"String",
+          "documentation":"<p>The metric type to which the dimension information belongs.</p>"
+        },
+        "Groups":{
+          "shape":"DimensionGroupDetailList",
+          "documentation":"<p>The available dimension groups for a metric type.</p>"
+        }
+      },
+      "documentation":"<p>The available dimension information for a metric type.</p>"
+    },
+    "MetricDimensionsList":{
+      "type":"list",
+      "member":{"shape":"MetricDimensionGroups"}
+    },
     "MetricKeyDataPoints":{
       "type":"structure",
       "members":{
         "Key":{
           "shape":"ResponseResourceMetricKey",
-          "documentation":"<p>The dimension(s) to which the data points apply.</p>"
+          "documentation":"<p>The dimensions to which the data points apply.</p>"
         },
         "DataPoints":{
           "shape":"DataPointsList",
@@ -422,7 +689,7 @@
           "documentation":"<p>One or more filters to apply in the request. Restrictions:</p> <ul> <li> <p>Any number of filters by the same dimension, as specified in the <code>GroupBy</code> parameter.</p> </li> <li> <p>A single filter for any other dimension in this dimension group.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>A single query to be processed. You must provide the metric to query. If no other parameters are specified, Performance Insights returns all of the data points for that metric. You can optionally request that the data points be aggregated by dimension group ( <code>GroupBy</code>), and return only those data points that match your criteria (<code>Filter</code>).</p>"
+      "documentation":"<p>A single query to be processed. You must provide the metric to query. If no other parameters are specified, Performance Insights returns all data points for the specified metric. Optionally, you can request that the data points be aggregated by dimension group (<code>GroupBy</code>), and return only those data points that match your criteria (<code>Filter</code>).</p>"
     },
     "MetricQueryFilterMap":{
       "type":"map",
@@ -435,6 +702,10 @@
       "max":15,
       "min":1
     },
+    "MetricTypeList":{
+      "type":"list",
+      "member":{"shape":"RequestString"}
+    },
     "MetricValuesList":{
       "type":"list",
       "member":{"shape":"Double"}
@@ -477,7 +748,7 @@
       "members":{
         "Dimensions":{
           "shape":"DimensionMap",
-          "documentation":"<p>A dimension map that contains the dimension(s) for this partition.</p>"
+          "documentation":"<p>A dimension map that contains the dimensions for this partition.</p>"
         }
       },
       "documentation":"<p>If <code>PartitionBy</code> was specified in a <code>DescribeDimensionKeys</code> request, the dimensions are returned in an array. Each element in the array specifies one dimension. </p>"
@@ -486,6 +757,24 @@
       "type":"list",
       "member":{"shape":"ResponsePartitionKey"}
     },
+    "ResponseResourceMetric":{
+      "type":"structure",
+      "members":{
+        "Metric":{
+          "shape":"String",
+          "documentation":"<p>The full name of the metric.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The description of the metric.</p>"
+        },
+        "Unit":{
+          "shape":"String",
+          "documentation":"<p>The unit of the metric.</p>"
+        }
+      },
+      "documentation":"<p>An object that contains the full name, description, and unit of a metric. </p>"
+    },
     "ResponseResourceMetricKey":{
       "type":"structure",
       "required":["Metric"],
@@ -501,9 +790,16 @@
       },
       "documentation":"<p>An object describing a Performance Insights metric and one or more dimensions for that metric.</p>"
     },
+    "ResponseResourceMetricList":{
+      "type":"list",
+      "member":{"shape":"ResponseResourceMetric"}
+    },
     "ServiceType":{
       "type":"string",
-      "enum":["RDS"]
+      "enum":[
+        "RDS",
+        "DOCDB"
+      ]
     },
     "String":{
       "type":"string",
@@ -512,5 +808,5 @@
       "pattern":".*\\S.*"
     }
   },
-  "documentation":"<fullname>Amazon RDS Performance Insights</fullname> <p>Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. The guide provides detailed information about Performance Insights data types, parameters and errors.</p> <p>When Performance Insights is enabled, the Amazon RDS Performance Insights API provides visibility into the performance of your DB instance. Amazon CloudWatch provides the authoritative source for AWS service-vended monitoring metrics. Performance Insights offers a domain-specific view of DB load. </p> <p>DB load is measured as Average Active Sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host.</p> <ul> <li> <p>To learn more about Performance Insights and Amazon Aurora DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.html\">Amazon Aurora User Guide</a>.</p> </li> <li> <p>To learn more about Performance Insights and Amazon RDS DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\">Amazon RDS User Guide</a>.</p> </li> </ul>"
+  "documentation":"<fullname>Amazon RDS Performance Insights</fullname> <p>Amazon RDS Performance Insights enables you to monitor and explore different dimensions of database load based on data captured from a running DB instance. The guide provides detailed information about Performance Insights data types, parameters and errors. </p> <p>When Performance Insights is enabled, the Amazon RDS Performance Insights API provides visibility into the performance of your DB instance. Amazon CloudWatch provides the authoritative source for Amazon Web Services service-vended monitoring metrics. Performance Insights offers a domain-specific view of DB load. </p> <p>DB load is measured as average active sessions. Performance Insights provides the data to API consumers as a two-dimensional time-series dataset. The time dimension provides DB load data for each time point in the queried time range. Each time point decomposes overall load in relation to the requested dimensions, measured at that time point. Examples include SQL, Wait event, User, and Host. </p> <ul> <li> <p>To learn more about Performance Insights and Amazon Aurora DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PerfInsights.html\"> Amazon Aurora User Guide</a>. </p> </li> <li> <p>To learn more about Performance Insights and Amazon RDS DB instances, go to the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Amazon RDS User Guide</a>. </p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/pinpoint/2016-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/pinpoint/2016-12-01/service-2.json
index 381e1b33951..0ad3557e5a2 100644
--- a/contrib/python/botocore/py3/botocore/data/pinpoint/2016-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/pinpoint/2016-12-01/service-2.json
@@ -4075,6 +4075,52 @@
       ],
       "documentation": "<p>Creates and sends a direct message.</p>"
     },
+    "SendOTPMessage": {
+      "name": "SendOTPMessage",
+      "http": {
+        "method": "POST",
+        "requestUri": "/v1/apps/{application-id}/otp",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "SendOTPMessageRequest"
+      },
+      "output": {
+        "shape": "SendOTPMessageResponse",
+        "documentation": "<p>200 response</p>"
+      },
+      "errors": [
+        {
+          "shape": "BadRequestException",
+          "documentation": "<p>400 response</p>"
+        },
+        {
+          "shape": "InternalServerErrorException",
+          "documentation": "<p>500 response</p>"
+        },
+        {
+          "shape": "PayloadTooLargeException",
+          "documentation": "<p>413 response</p>"
+        },
+        {
+          "shape": "ForbiddenException",
+          "documentation": "<p>403 response</p>"
+        },
+        {
+          "shape": "NotFoundException",
+          "documentation": "<p>404 response</p>"
+        },
+        {
+          "shape": "MethodNotAllowedException",
+          "documentation": "<p>405 response</p>"
+        },
+        {
+          "shape": "TooManyRequestsException",
+          "documentation": "<p>429 response</p>"
+        }
+      ],
+      "documentation": "<p>Send an OTP message</p>"
+    },
     "SendUsersMessages": {
       "name": "SendUsersMessages",
       "http": {
@@ -5254,6 +5300,52 @@
         }
       ],
       "documentation": "<p>Updates an existing message template for messages that are sent through the voice channel.</p>"
+  },
+  "VerifyOTPMessage": {
+    "name": "VerifyOTPMessage",
+    "http": {
+      "method": "POST",
+      "requestUri": "/v1/apps/{application-id}/verify-otp",
+      "responseCode": 200
+    },
+    "input": {
+      "shape": "VerifyOTPMessageRequest"
+    },
+    "output": {
+      "shape": "VerifyOTPMessageResponse",
+      "documentation": "<p>200 response</p>"
+    },
+    "errors": [
+      {
+        "shape": "BadRequestException",
+        "documentation": "<p>400 response</p>"
+      },
+      {
+        "shape": "InternalServerErrorException",
+        "documentation": "<p>500 response</p>"
+      },
+      {
+        "shape": "PayloadTooLargeException",
+        "documentation": "<p>413 response</p>"
+      },
+      {
+        "shape": "ForbiddenException",
+        "documentation": "<p>403 response</p>"
+      },
+      {
+        "shape": "NotFoundException",
+        "documentation": "<p>404 response</p>"
+      },
+      {
+        "shape": "MethodNotAllowedException",
+        "documentation": "<p>405 response</p>"
+      },
+      {
+        "shape": "TooManyRequestsException",
+        "documentation": "<p>429 response</p>"
+      }
+    ],
+    "documentation": "<p>Verify an OTP</p>"
     }
   },
   "shapes": {
@@ -6164,6 +6256,10 @@
           "shape": "MapOf__string",
           "locationName": "tags",
           "documentation": "<p>A string-to-string map of key-value pairs that identifies the tags that are associated with the application. Each tag consists of a required tag key and an associated tag value.</p>"
+        },
+        "CreationDate": {
+          "shape": "__string",
+          "documentation": "<p>The date and time when the Application was created.</p>"
         }
       },
       "documentation": "<p>Provides information about an application.</p>",
@@ -13521,6 +13617,94 @@
       ],
       "payload": "MessageResponse"
     },
+    "SendOTPMessageRequest": {
+      "type": "structure",
+      "members": {
+        "ApplicationId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "application-id",
+          "documentation": "<p>The unique ID of your Amazon Pinpoint application.</p>"
+        },
+        "SendOTPMessageRequestParameters": {
+          "shape": "SendOTPMessageRequestParameters"
+        }
+      },
+      "required": [
+        "ApplicationId",
+        "SendOTPMessageRequestParameters"
+      ],
+      "payload": "SendOTPMessageRequestParameters"
+    },
+    "SendOTPMessageRequestParameters": {
+      "type": "structure",
+      "members": {
+        "AllowedAttempts": {
+          "shape": "__integer",
+          "documentation": "<p>The attempts allowed to validate an OTP.</p>"
+        },
+        "BrandName": {
+          "shape": "__string",
+          "documentation": "<p>The brand name that will be substituted into the OTP message body. Should be owned by calling AWS account.</p>"
+        },
+        "Channel": {
+          "shape": "__string",
+          "documentation": "<p>Channel type for the OTP message. Supported values: [SMS].</p>"
+        },
+        "CodeLength": {
+          "shape": "__integer",
+          "documentation": "<p>The number of characters in the generated OTP.</p>"
+        },
+        "DestinationIdentity": {
+          "shape": "__string",
+          "documentation": "<p>The destination identity to send OTP to.</p>"
+        },
+        "EntityId": {
+          "shape": "__string",
+          "documentation": "<p>A unique Entity ID received from DLT after entity registration is approved.</p>"
+        },
+        "Language": {
+          "shape": "__string",
+          "documentation": "<p>The language to be used for the outgoing message body containing the OTP.</p>"
+        },
+        "OriginationIdentity": {
+          "shape": "__string",
+          "documentation": "<p>The origination identity used to send OTP from.</p>"
+        },
+        "ReferenceId": {
+          "shape": "__string",
+          "documentation": "<p>Developer-specified reference identifier. Required to match during OTP verification.</p>"
+        },
+        "TemplateId": {
+          "shape": "__string",
+          "documentation": "<p>A unique Template ID received from DLT after entity registration is approved.</p>"
+        },
+        "ValidityPeriod": {
+          "shape": "__integer",
+          "documentation": "<p>The time in minutes before the OTP is no longer valid.</p>"
+        }
+      },
+      "documentation": "<p>Send OTP message request parameters.</p>",
+      "required": [
+        "BrandName",
+        "ReferenceId",
+        "Channel",
+        "DestinationIdentity",
+        "OriginationIdentity"
+      ]
+    },
+    "SendOTPMessageResponse": {
+      "type": "structure",
+      "members": {
+        "MessageResponse": {
+          "shape": "MessageResponse"
+        }
+      },
+      "required": [
+        "MessageResponse"
+      ],
+      "payload": "MessageResponse"
+    },
     "SendUsersMessageRequest": {
       "type": "structure",
       "members": {
@@ -14966,6 +15150,70 @@
       ],
       "payload": "MessageBody"
     },
+    "VerificationResponse": {
+      "type": "structure",
+      "members": {
+        "Valid": {
+          "shape": "__boolean",
+          "documentation": "<p>Specifies whether the OTP is valid or not.</p>"
+        }
+      },
+      "documentation": "<p>Verify OTP Message Response.</p>"
+    },
+    "VerifyOTPMessageRequest": {
+      "type": "structure",
+      "members": {
+        "ApplicationId": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "application-id",
+          "documentation": "<p>The unique ID of your Amazon Pinpoint application.</p>"
+        },
+        "VerifyOTPMessageRequestParameters": {
+          "shape": "VerifyOTPMessageRequestParameters"
+        }
+      },
+      "required": [
+        "ApplicationId",
+        "VerifyOTPMessageRequestParameters"
+      ],
+      "payload": "VerifyOTPMessageRequestParameters"
+    },
+    "VerifyOTPMessageRequestParameters": {
+      "type": "structure",
+      "members": {
+        "DestinationIdentity": {
+          "shape": "__string",
+          "documentation": "<p>The destination identity to send OTP to.</p>"
+        },
+        "Otp": {
+          "shape": "__string",
+          "documentation": "<p>The OTP the end user provided for verification.</p>"
+        },
+        "ReferenceId": {
+          "shape": "__string",
+          "documentation": "<p>The reference identifier provided when the OTP was previously sent.</p>"
+        }
+      },
+      "documentation": "<p>Verify OTP message request.</p>",
+      "required": [
+        "ReferenceId",
+        "Otp",
+        "DestinationIdentity"
+      ]
+    },
+    "VerifyOTPMessageResponse": {
+      "type": "structure",
+      "members": {
+        "VerificationResponse": {
+          "shape": "VerificationResponse"
+        }
+      },
+      "required": [
+        "VerificationResponse"
+      ],
+      "payload": "VerificationResponse"
+    },
     "VoiceChannelRequest": {
       "type": "structure",
       "members": {
@@ -15347,6 +15595,10 @@
         "RefreshOnSegmentUpdate": {
             "shape": "__boolean",
             "documentation": "<p>Specifies whether a journey should be refreshed on segment update.</p>"
+        },
+        "JourneyChannelSettings": {
+            "shape": "JourneyChannelSettings",
+            "documentation": "<p>The channel-specific configurations for the journey.</p>"
         }
       },
       "documentation": "<p>Specifies the configuration and other settings for a journey.</p>",
diff --git a/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/paginators-1.json b/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/paginators-1.json
index 0551934f0ca..9f835e49c56 100644
--- a/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/paginators-1.json
@@ -53,6 +53,47 @@
       "output_token": "nextToken",
       "limit_key": "maxResults",
       "result_key": "tags"
+    },
+    "ListEnvironmentOutputs": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "outputs"
+    },
+    "ListEnvironmentProvisionedResources": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "provisionedResources"
+    },
+    "ListRepositories": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "limit_key": "maxResults",
+      "result_key": "repositories"
+    },
+    "ListRepositorySyncDefinitions": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "syncDefinitions"
+    },
+    "ListServiceInstanceOutputs": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "outputs"
+    },
+    "ListServiceInstanceProvisionedResources": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "provisionedResources"
+    },
+    "ListServicePipelineOutputs": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "outputs"
+    },
+    "ListServicePipelineProvisionedResources": {
+      "input_token": "nextToken",
+      "output_token": "nextToken",
+      "result_key": "provisionedResources"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/service-2.json b/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/service-2.json
index 5c6dfbc7d3a..cc40e2fa816 100644
--- a/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/proton/2020-07-20/service-2.json
@@ -29,7 +29,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>In a management account, an environment account connection request is accepted. When the environment account connection request is accepted, AWS Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>",
+      "documentation":"<p>In a management account, an environment account connection request is accepted. When the environment account connection request is accepted, Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>",
       "idempotent":true
     },
     "CancelEnvironmentDeployment":{
@@ -48,7 +48,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Attempts to cancel an environment deployment on an <a>UpdateEnvironment</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-update.html\">Update an environment</a> in the <i>AWS Proton Administrator guide</i>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateEnvironment</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
+      "documentation":"<p>Attempts to cancel an environment deployment on an <a>UpdateEnvironment</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-update.html\">Update an environment</a> in the <i>Proton Administrator guide</i>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateEnvironment</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
     },
     "CancelServiceInstanceDeployment":{
       "name":"CancelServiceInstanceDeployment",
@@ -66,7 +66,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Attempts to cancel a service instance deployment on an <a>UpdateServiceInstance</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <i>Update a service instance</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-instance-update.html\">AWS Proton Administrator guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-instance-update.html\">AWS Proton User guide</a>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateServiceInstance</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
+      "documentation":"<p>Attempts to cancel a service instance deployment on an <a>UpdateServiceInstance</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <i>Update a service instance</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-instance-update.html\">Proton Administrator guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-instance-update.html\">Proton User guide</a>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateServiceInstance</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
     },
     "CancelServicePipelineDeployment":{
       "name":"CancelServicePipelineDeployment",
@@ -84,7 +84,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Attempts to cancel a service pipeline deployment on an <a>UpdateServicePipeline</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <i>Update a service pipeline</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-pipeline-update.html\">AWS Proton Administrator guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-pipeline-update.html\">AWS Proton User guide</a>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateServicePipeline</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
+      "documentation":"<p>Attempts to cancel a service pipeline deployment on an <a>UpdateServicePipeline</a> action, if the deployment is <code>IN_PROGRESS</code>. For more information, see <i>Update a service pipeline</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-pipeline-update.html\">Proton Administrator guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-pipeline-update.html\">Proton User guide</a>.</p> <p>The following list includes potential cancellation scenarios.</p> <ul> <li> <p>If the cancellation attempt succeeds, the resulting deployment state is <code>CANCELLED</code>.</p> </li> <li> <p>If the cancellation attempt fails, the resulting deployment state is <code>FAILED</code>.</p> </li> <li> <p>If the current <a>UpdateServicePipeline</a> action succeeds before the cancellation attempt starts, the resulting deployment state is <code>SUCCEEDED</code> and the cancellation attempt has no effect.</p> </li> </ul>"
     },
     "CreateEnvironment":{
       "name":"CreateEnvironment",
@@ -103,7 +103,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Deploy a new environment. An AWS Proton environment is created from an environment template that defines infrastructure and resources that can be shared across services. For more information, see the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-environments.html\">Environments</a> in the <i>AWS Proton Administrator Guide.</i> </p>",
+      "documentation":"<p>Deploy a new environment. An Proton environment is created from an environment template that defines infrastructure and resources that can be shared across services.</p> <p class=\"title\"> <b>You can provision environments using the following methods:</b> </p> <ul> <li> <p>Standard provisioning: Proton makes direct calls to provision your resources.</p> </li> <li> <p>Pull request provisioning: Proton makes pull requests on your repository to provide compiled infrastructure as code (IaC) files that your IaC engine uses to provision resources.</p> </li> </ul> <p>For more information, see the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-environments.html\">Environments</a> in the <i>Proton Administrator Guide.</i> </p>",
       "idempotent":true
     },
     "CreateEnvironmentAccountConnection":{
@@ -122,7 +122,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create an environment account connection in an environment account so that environment infrastructure resources can be provisioned in the environment account from a management account.</p> <p>An environment account connection is a secure bi-directional connection between a <i>management account</i> and an <i>environment account</i> that maintains authorization and permissions. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>",
+      "documentation":"<p>Create an environment account connection in an environment account so that environment infrastructure resources can be provisioned in the environment account from a management account.</p> <p>An environment account connection is a secure bi-directional connection between a <i>management account</i> and an <i>environment account</i> that maintains authorization and permissions. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>",
       "idempotent":true
     },
     "CreateEnvironmentTemplate":{
@@ -141,7 +141,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create an environment template for AWS Proton. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-templates.html\">Environment Templates</a> in the <i>AWS Proton Administrator Guide</i>.</p> <p>You can create an environment template in one of the two following ways:</p> <ul> <li> <p>Register and publish a <i>standard</i> environment template that instructs AWS Proton to deploy and manage environment infrastructure.</p> </li> <li> <p>Register and publish a <i>customer managed</i> environment template that connects AWS Proton to your existing provisioned infrastructure that you manage. AWS Proton <i>doesn't</i> manage your existing provisioned infrastructure. To create an environment template for customer provisioned and managed infrastructure, include the <code>provisioning</code> parameter and set the value to <code>CUSTOMER_MANAGED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/template-create.html\">Register and publish an environment template</a> in the <i>AWS Proton Administrator Guide</i>.</p> </li> </ul>",
+      "documentation":"<p>Create an environment template for Proton. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-templates.html\">Environment Templates</a> in the <i>Proton Administrator Guide</i>.</p> <p>You can create an environment template in one of the two following ways:</p> <ul> <li> <p>Register and publish a <i>standard</i> environment template that instructs Proton to deploy and manage environment infrastructure.</p> </li> <li> <p>Register and publish a <i>customer managed</i> environment template that connects Proton to your existing provisioned infrastructure that you manage. Proton <i>doesn't</i> manage your existing provisioned infrastructure. To create an environment template for customer provisioned and managed infrastructure, include the <code>provisioning</code> parameter and set the value to <code>CUSTOMER_MANAGED</code>. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/template-create.html\">Register and publish an environment template</a> in the <i>Proton Administrator Guide</i>.</p> </li> </ul>",
       "idempotent":true
     },
     "CreateEnvironmentTemplateVersion":{
@@ -164,6 +164,25 @@
       "documentation":"<p>Create a new major or minor version of an environment template. A major version of an environment template is a version that <i>isn't</i> backwards compatible. A minor version of an environment template is a version that's backwards compatible within its major version.</p>",
       "idempotent":true
     },
+    "CreateRepository":{
+      "name":"CreateRepository",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateRepositoryInput"},
+      "output":{"shape":"CreateRepositoryOutput"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Create and register a link to a repository that can be used with pull request provisioning or template sync configurations. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-bundles.html\">Template bundles</a> and <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-sync-configs.html\">Template sync configurations</a> in the <i>Proton Administrator Guide</i>.</p>",
+      "idempotent":true
+    },
     "CreateService":{
       "name":"CreateService",
       "http":{
@@ -181,7 +200,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create an AWS Proton service. An AWS Proton service is an instantiation of a service template and often includes several service instances and pipeline. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-services.html\">Services</a> in the <i>AWS Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-service.html\">Services</a> in the <i>AWS Proton User Guide</i>.</p>",
+      "documentation":"<p>Create an Proton service. An Proton service is an instantiation of a service template and often includes several service instances and pipeline. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-services.html\">Services</a> in the <i>Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-service.html\">Services</a> in the <i>Proton User Guide</i>.</p>",
       "idempotent":true
     },
     "CreateServiceTemplate":{
@@ -200,7 +219,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create a service template. The administrator creates a service template to define standardized infrastructure and an optional CICD service pipeline. Developers, in turn, select the service template from AWS Proton. If the selected service template includes a service pipeline definition, they provide a link to their source code repository. AWS Proton then deploys and manages the infrastructure defined by the selected service template. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/managing-svc-templates.html\">Service Templates</a> in the <i>AWS Proton Administrator Guide</i>.</p>",
+      "documentation":"<p>Create a service template. The administrator creates a service template to define standardized infrastructure and an optional CICD service pipeline. Developers, in turn, select the service template from Proton. If the selected service template includes a service pipeline definition, they provide a link to their source code repository. Proton then deploys and manages the infrastructure defined by the selected service template. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/managing-svc-templates.html\">Service Templates</a> in the <i>Proton Administrator Guide</i>.</p>",
       "idempotent":true
     },
     "CreateServiceTemplateVersion":{
@@ -220,7 +239,26 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Create a new major or minor version of a service template. A major version of a service template is a version that <i>isn't</i> backwards compatible. A minor version of a service template is a version that's backwards compatible within its major version.</p>",
+      "documentation":"<p>Create a new major or minor version of a service template. A major version of a service template is a version that <i>isn't</i> backward compatible. A minor version of a service template is a version that's backward compatible within its major version.</p>",
+      "idempotent":true
+    },
+    "CreateTemplateSyncConfig":{
+      "name":"CreateTemplateSyncConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateTemplateSyncConfigInput"},
+      "output":{"shape":"CreateTemplateSyncConfigOutput"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Set up a template for automated template version creation. When a commit is pushed to your registered <a href=\"https://docs.aws.amazon.com/proton/latest/APIReference/API_Repository.html\">repository</a>, Proton checks for changes to your repository template bundles. If it detects a template bundle change, a new minor or major version of its template is created, if the version doesn’t already exist. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-sync-configs.html\">Template sync configurations</a> in the <i>Proton Administrator Guide</i>.</p>",
       "idempotent":true
     },
     "DeleteEnvironment":{
@@ -258,7 +296,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>In an environment account, delete an environment account connection.</p> <p>After you delete an environment account connection that’s in use by an AWS Proton environment, AWS Proton <i>can’t</i> manage the environment infrastructure resources until a new environment account connection is accepted for the environment account and associated environment. You're responsible for cleaning up provisioned resources that remain without an environment connection.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>",
+      "documentation":"<p>In an environment account, delete an environment account connection.</p> <p>After you delete an environment account connection that’s in use by an Proton environment, Proton <i>can’t</i> manage the environment infrastructure resources until a new environment account connection is accepted for the environment account and associated environment. You're responsible for cleaning up provisioned resources that remain without an environment connection.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>",
       "idempotent":true
     },
     "DeleteEnvironmentTemplate":{
@@ -296,7 +334,26 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>If no other minor versions of an environment template exist, delete a major version of the environment template if it's not the <code>Recommended</code> version. Delete the <code>Recommended</code> version of the environment template if no other major versions or minor versions of the environment template exist. A major version of an environment template is a version that's not backwards compatible.</p> <p>Delete a minor version of an environment template if it <i>isn't</i> the <code>Recommended</code> version. Delete a <code>Recommended</code> minor version of the environment template if no other minor versions of the environment template exist. A minor version of an environment template is a version that's backwards compatible.</p>",
+      "documentation":"<p>If no other minor versions of an environment template exist, delete a major version of the environment template if it's not the <code>Recommended</code> version. Delete the <code>Recommended</code> version of the environment template if no other major versions or minor versions of the environment template exist. A major version of an environment template is a version that's not backward compatible.</p> <p>Delete a minor version of an environment template if it <i>isn't</i> the <code>Recommended</code> version. Delete a <code>Recommended</code> minor version of the environment template if no other minor versions of the environment template exist. A minor version of an environment template is a version that's backward compatible.</p>",
+      "idempotent":true
+    },
+    "DeleteRepository":{
+      "name":"DeleteRepository",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteRepositoryInput"},
+      "output":{"shape":"DeleteRepositoryOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>De-register and unlink your repository.</p>",
       "idempotent":true
     },
     "DeleteService":{
@@ -356,6 +413,25 @@
       "documentation":"<p>If no other minor versions of a service template exist, delete a major version of the service template if it's not the <code>Recommended</code> version. Delete the <code>Recommended</code> version of the service template if no other major versions or minor versions of the service template exist. A major version of a service template is a version that <i>isn't</i> backwards compatible.</p> <p>Delete a minor version of a service template if it's not the <code>Recommended</code> version. Delete a <code>Recommended</code> minor version of the service template if no other minor versions of the service template exist. A minor version of a service template is a version that's backwards compatible.</p>",
       "idempotent":true
     },
+    "DeleteTemplateSyncConfig":{
+      "name":"DeleteTemplateSyncConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteTemplateSyncConfigInput"},
+      "output":{"shape":"DeleteTemplateSyncConfigOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Delete a template sync configuration.</p>",
+      "idempotent":true
+    },
     "GetAccountSettings":{
       "name":"GetAccountSettings",
       "http":{
@@ -371,7 +447,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Get detail data for the AWS Proton pipeline service role.</p>"
+      "documentation":"<p>Get detail data for the Proton pipeline service role.</p>"
     },
     "GetEnvironment":{
       "name":"GetEnvironment",
@@ -405,7 +481,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>In an environment account, view the detail data for an environment account connection.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>"
+      "documentation":"<p>In an environment account, view the detail data for an environment account connection.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>"
     },
     "GetEnvironmentTemplate":{
       "name":"GetEnvironmentTemplate",
@@ -441,6 +517,40 @@
       ],
       "documentation":"<p>View detail data for a major or minor version of an environment template.</p>"
     },
+    "GetRepository":{
+      "name":"GetRepository",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetRepositoryInput"},
+      "output":{"shape":"GetRepositoryOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Get detail data for a repository.</p>"
+    },
+    "GetRepositorySyncStatus":{
+      "name":"GetRepositorySyncStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetRepositorySyncStatusInput"},
+      "output":{"shape":"GetRepositorySyncStatusOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Get the repository sync status.</p>"
+    },
     "GetService":{
       "name":"GetService",
       "http":{
@@ -509,6 +619,40 @@
       ],
       "documentation":"<p>View detail data for a major or minor version of a service template.</p>"
     },
+    "GetTemplateSyncConfig":{
+      "name":"GetTemplateSyncConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetTemplateSyncConfigInput"},
+      "output":{"shape":"GetTemplateSyncConfigOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Get detail data for a template sync configuration.</p>"
+    },
+    "GetTemplateSyncStatus":{
+      "name":"GetTemplateSyncStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetTemplateSyncStatusInput"},
+      "output":{"shape":"GetTemplateSyncStatusOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Get the status of a template sync.</p>"
+    },
     "ListEnvironmentAccountConnections":{
       "name":"ListEnvironmentAccountConnections",
       "http":{
@@ -523,7 +667,41 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>View a list of environment account connections.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>"
+      "documentation":"<p>View a list of environment account connections.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>"
+    },
+    "ListEnvironmentOutputs":{
+      "name":"ListEnvironmentOutputs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEnvironmentOutputsInput"},
+      "output":{"shape":"ListEnvironmentOutputsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List the infrastructure as code outputs for your environment.</p>"
+    },
+    "ListEnvironmentProvisionedResources":{
+      "name":"ListEnvironmentProvisionedResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListEnvironmentProvisionedResourcesInput"},
+      "output":{"shape":"ListEnvironmentProvisionedResourcesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List the provisioned resources for your environment.</p>"
     },
     "ListEnvironmentTemplateVersions":{
       "name":"ListEnvironmentTemplateVersions",
@@ -575,6 +753,73 @@
       ],
       "documentation":"<p>List environments with detail data summaries.</p>"
     },
+    "ListRepositories":{
+      "name":"ListRepositories",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListRepositoriesInput"},
+      "output":{"shape":"ListRepositoriesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List repositories with detail data.</p>"
+    },
+    "ListRepositorySyncDefinitions":{
+      "name":"ListRepositorySyncDefinitions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListRepositorySyncDefinitionsInput"},
+      "output":{"shape":"ListRepositorySyncDefinitionsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List repository sync definitions with detail data.</p>"
+    },
+    "ListServiceInstanceOutputs":{
+      "name":"ListServiceInstanceOutputs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListServiceInstanceOutputsInput"},
+      "output":{"shape":"ListServiceInstanceOutputsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>View a list service instance infrastructure as code outputs with detail data.</p>"
+    },
+    "ListServiceInstanceProvisionedResources":{
+      "name":"ListServiceInstanceProvisionedResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListServiceInstanceProvisionedResourcesInput"},
+      "output":{"shape":"ListServiceInstanceProvisionedResourcesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List provisioned resources for a service instance with details.</p>"
+    },
     "ListServiceInstances":{
       "name":"ListServiceInstances",
       "http":{
@@ -592,6 +837,40 @@
       ],
       "documentation":"<p>List service instances with summaries of detail data.</p>"
     },
+    "ListServicePipelineOutputs":{
+      "name":"ListServicePipelineOutputs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListServicePipelineOutputsInput"},
+      "output":{"shape":"ListServicePipelineOutputsOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>View a list service pipeline infrastructure as code outputs with detail.</p>"
+    },
+    "ListServicePipelineProvisionedResources":{
+      "name":"ListServicePipelineProvisionedResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListServicePipelineProvisionedResourcesInput"},
+      "output":{"shape":"ListServicePipelineProvisionedResourcesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>List provisioned resources for a service and pipeline with details.</p>"
+    },
     "ListServiceTemplateVersions":{
       "name":"ListServiceTemplateVersions",
       "http":{
@@ -656,7 +935,26 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>List tags for a resource. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>"
+      "documentation":"<p>List tags for a resource. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>"
+    },
+    "NotifyResourceDeploymentStatusChange":{
+      "name":"NotifyResourceDeploymentStatusChange",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"NotifyResourceDeploymentStatusChangeInput"},
+      "output":{"shape":"NotifyResourceDeploymentStatusChangeOutput"},
+      "errors":[
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Notify Proton of status changes to a provisioned resource when you use pull request provisioning. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-bundles.html\">Template bundles</a>.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
     },
     "RejectEnvironmentAccountConnection":{
       "name":"RejectEnvironmentAccountConnection",
@@ -674,7 +972,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>In a management account, reject an environment account connection from another environment account.</p> <p>After you reject an environment account connection request, you <i>won’t</i> be able to accept or use the rejected environment account connection.</p> <p>You <i>can’t</i> reject an environment account connection that is connected to an environment.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>",
+      "documentation":"<p>In a management account, reject an environment account connection from another environment account.</p> <p>After you reject an environment account connection request, you <i>won’t</i> be able to accept or use the rejected environment account connection.</p> <p>You <i>can’t</i> reject an environment account connection that is connected to an environment.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>",
       "idempotent":true
     },
     "TagResource":{
@@ -693,7 +991,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Tag a resource. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>",
+      "documentation":"<p>Tag a resource. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>",
       "idempotent":true
     },
     "UntagResource":{
@@ -712,7 +1010,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Remove a tag from a resource. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>",
+      "documentation":"<p>Remove a tag from a resource. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>",
       "idempotent":true
     },
     "UpdateAccountSettings":{
@@ -730,7 +1028,7 @@
         {"shape":"ConflictException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Update the AWS Proton pipeline service account settings.</p>"
+      "documentation":"<p>Update the Proton service pipeline role or repository settings.</p>"
     },
     "UpdateEnvironment":{
       "name":"UpdateEnvironment",
@@ -748,7 +1046,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>Update an environment.</p> <p>If the environment is associated with an environment account connection, <i>don't</i> update or include the <code>protonServiceRoleArn</code> parameter to update or connect to an environment account connection. </p> <p>You can only update to a new environment account connection if it was created in the same environment account that the current environment account connection was created in and is associated with the current environment.</p> <p>If the environment <i>isn't</i> associated with an environment account connection, <i>don't</i> update or include the <code>environmentAccountConnectionId</code> parameter to update or connect to an environment account connection.</p> <p>You can update either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value. You can’t update both.</p> <p>There are four modes for updating an environment as described in the following. The <code>deploymentType</code> field defines the mode.</p> <dl> <dt/> <dd> <p> <code>NONE</code> </p> <p>In this mode, a deployment <i>doesn't</i> occur. Only the requested metadata parameters are updated.</p> </dd> <dt/> <dd> <p> <code>CURRENT_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the new spec that you provide. Only requested parameters are updated. <i>Don’t</i> include minor or major version parameters when you use this <code>deployment-type</code>.</p> </dd> <dt/> <dd> <p> <code>MINOR_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can also specify a different minor version of the current major version in use.</p> </dd> <dt/> <dd> <p> <code>MAJOR_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the published, recommended (latest) major and minor version of the current template, by default. You can also specify a different major version that's higher than the major version in use and a minor version (optional).</p> </dd> </dl>"
+      "documentation":"<p>Update an environment.</p> <p>If the environment is associated with an environment account connection, <i>don't</i> update or include the <code>protonServiceRoleArn</code> and <code>provisioningRepository</code> parameter to update or connect to an environment account connection.</p> <p>You can only update to a new environment account connection if it was created in the same environment account that the current environment account connection was created in and is associated with the current environment.</p> <p>If the environment <i>isn't</i> associated with an environment account connection, <i>don't</i> update or include the <code>environmentAccountConnectionId</code> parameter to update or connect to an environment account connection.</p> <p>You can update either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value. You can’t update both.</p> <p>If the environment was provisioned with pull request provisioning, include the <code>provisioningRepository</code> parameter and omit the <code>protonServiceRoleArn</code> and <code>environmentAccountConnectionId</code> parameters.</p> <p>If the environment wasn't provisioned with pull request provisioning, omit the <code>provisioningRepository</code> parameter.</p> <p>There are four modes for updating an environment as described in the following. The <code>deploymentType</code> field defines the mode.</p> <dl> <dt/> <dd> <p> <code>NONE</code> </p> <p>In this mode, a deployment <i>doesn't</i> occur. Only the requested metadata parameters are updated.</p> </dd> <dt/> <dd> <p> <code>CURRENT_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the new spec that you provide. Only requested parameters are updated. <i>Don’t</i> include minor or major version parameters when you use this <code>deployment-type</code>.</p> </dd> <dt/> <dd> <p> <code>MINOR_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the published, recommended (latest) minor version of the current major version in use, by default. You can also specify a different minor version of the current major version in use.</p> </dd> <dt/> <dd> <p> <code>MAJOR_VERSION</code> </p> <p>In this mode, the environment is deployed and updated with the published, recommended (latest) major and minor version of the current template, by default. You can also specify a different major version that's higher than the major version in use and a minor version (optional).</p> </dd> </dl>"
     },
     "UpdateEnvironmentAccountConnection":{
       "name":"UpdateEnvironmentAccountConnection",
@@ -766,7 +1064,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalServerException"}
       ],
-      "documentation":"<p>In an environment account, update an environment account connection to use a new IAM role.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>",
+      "documentation":"<p>In an environment account, update an environment account connection to use a new IAM role.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>",
       "idempotent":true
     },
     "UpdateEnvironmentTemplate":{
@@ -895,6 +1193,24 @@
         {"shape":"InternalServerException"}
       ],
       "documentation":"<p>Update a major or minor version of a service template.</p>"
+    },
+    "UpdateTemplateSyncConfig":{
+      "name":"UpdateTemplateSyncConfig",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateTemplateSyncConfigInput"},
+      "output":{"shape":"UpdateTemplateSyncConfigOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Update template sync configuration parameters, except for the <code>templateName</code> and <code>templateType</code>.</p>"
     }
   },
   "shapes":{
@@ -914,7 +1230,7 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment account connection data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment account connection data that's returned by Proton.</p>"
         }
       }
     },
@@ -930,12 +1246,16 @@
     "AccountSettings":{
       "type":"structure",
       "members":{
+        "pipelineProvisioningRepository":{
+          "shape":"RepositoryBranch",
+          "documentation":"<p>The repository that you provide with pull request provisioning.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+        },
         "pipelineServiceRoleArn":{
-          "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton pipeline service role.</p>"
+          "shape":"PipelineRoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton pipeline service role.</p>"
         }
       },
-      "documentation":"<p>The AWS Proton pipeline service role data.</p>"
+      "documentation":"<p>The Proton pipeline service role and repository data.</p>"
     },
     "Arn":{
       "type":"string",
@@ -962,7 +1282,7 @@
       "members":{
         "environment":{
           "shape":"Environment",
-          "documentation":"<p>The environment summary data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment summary data that's returned by Proton.</p>"
         }
       }
     },
@@ -989,7 +1309,7 @@
       "members":{
         "serviceInstance":{
           "shape":"ServiceInstance",
-          "documentation":"<p>The service instance summary data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service instance summary data that's returned by Proton.</p>"
         }
       }
     },
@@ -1009,7 +1329,7 @@
       "members":{
         "pipeline":{
           "shape":"ServicePipeline",
-          "documentation":"<p>The service pipeline detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service pipeline detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1084,20 +1404,24 @@
       "members":{
         "clientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>When included, if two identicial requests are made with the same client token, AWS Proton returns the environment account connection that the first request created.</p>",
+          "documentation":"<p>When included, if two identical requests are made with the same client token, Proton returns the environment account connection that the first request created.</p>",
           "idempotencyToken":true
         },
         "environmentName":{
           "shape":"ResourceName",
-          "documentation":"<p>The name of the AWS Proton environment that's created in the associated management account.</p>"
+          "documentation":"<p>The name of the Proton environment that's created in the associated management account.</p>"
         },
         "managementAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The ID of the management account that accepts or rejects the environment account connection. You create an manage the AWS Proton environment in this account. If the management account accepts the environment account connection, AWS Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account.</p>"
+          "documentation":"<p>The ID of the management account that accepts or rejects the environment account connection. You create an manage the Proton environment in this account. If the management account accepts the environment account connection, Proton can use the associated IAM role to provision environment infrastructure resources in the associated environment account.</p>"
         },
         "roleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM service role that's created in the environment account. AWS Proton uses this role to provision infrastructure resources in the associated environment account.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM service role that's created in the environment account. Proton uses this role to provision infrastructure resources in the associated environment account.</p>"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>Tags for your environment account connection. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton resources and tagging</a> in the <i>Proton Administrator Guide</i>.</p>"
         }
       }
     },
@@ -1107,7 +1431,7 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment account connection detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment account connection detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1126,7 +1450,7 @@
         },
         "environmentAccountConnectionId":{
           "shape":"EnvironmentAccountConnectionId",
-          "documentation":"<p>The ID of the environment account connection that you provide if you're provisioning your environment infrastructure resources to an environment account. You must include either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>AWS Proton Administrator guide</i>.</p>"
+          "documentation":"<p>The ID of the environment account connection that you provide if you're provisioning your environment infrastructure resources to an environment account. You must include either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value and omit the <code>provisioningRepository</code> parameter and values. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-env-account-connections.html\">Environment account connections</a> in the <i>Proton Administrator guide</i>.</p>"
         },
         "name":{
           "shape":"ResourceName",
@@ -1134,27 +1458,31 @@
         },
         "protonServiceRoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton service role that allows AWS Proton to make calls to other services on your behalf. You must include either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton service role that allows Proton to make calls to other services on your behalf. You must include either the <code>environmentAccountConnectionId</code> or <code>protonServiceRoleArn</code> parameter and value and omit the <code>provisioningRepository</code> parameter when you use standard provisioning.</p>"
+        },
+        "provisioningRepository":{
+          "shape":"RepositoryBranchInput",
+          "documentation":"<p>The repository that you provide with pull request provisioning. If you provide this parameter, you must omit the <code>environmentAccountConnectionId</code> and <code>protonServiceRoleArn</code> parameters.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
         },
         "spec":{
           "shape":"SpecContents",
-          "documentation":"<p>A link to a YAML formatted spec file that provides inputs as defined in the environment template bundle schema file. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-environments.html\">Environments</a> in the <i>AWS Proton Administrator Guide</i>.</p>"
+          "documentation":"<p>A link to a YAML formatted spec file that provides inputs as defined in the environment template bundle schema file. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-environments.html\">Environments</a> in the <i>Proton Administrator Guide</i>.</p>"
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>Create tags for your environment. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>"
+          "documentation":"<p>Create tags for your environment. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>"
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the environment template.</p>"
+          "documentation":"<p>The major version of the environment template.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the environment template.</p>"
+          "documentation":"<p>The minor version of the environment template.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
-          "documentation":"<p>The name of the environment template. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-templates.html\">Environment Templates</a> in the <i>AWS Proton Administrator Guide</i>.</p>"
+          "documentation":"<p>The name of the environment template. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-templates.html\">Environment Templates</a> in the <i>Proton Administrator Guide</i>.</p>"
         }
       }
     },
@@ -1164,7 +1492,7 @@
       "members":{
         "environment":{
           "shape":"Environment",
-          "documentation":"<p>The environment detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1182,7 +1510,7 @@
         },
         "encryptionKey":{
           "shape":"Arn",
-          "documentation":"<p>A customer provided encryption key that AWS Proton uses to encrypt data.</p>"
+          "documentation":"<p>A customer provided encryption key that Proton uses to encrypt data.</p>"
         },
         "name":{
           "shape":"ResourceName",
@@ -1194,7 +1522,7 @@
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>Create tags for your environment template. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>"
+          "documentation":"<p>Create tags for your environment template. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>"
         }
       }
     },
@@ -1204,7 +1532,7 @@
       "members":{
         "environmentTemplate":{
           "shape":"EnvironmentTemplate",
-          "documentation":"<p>The environment template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1217,7 +1545,7 @@
       "members":{
         "clientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>When included, if two identicial requests are made with the same client token, AWS Proton returns the environment template version that the first request created.</p>",
+          "documentation":"<p>When included, if two identical requests are made with the same client token, Proton returns the environment template version that the first request created.</p>",
           "idempotencyToken":true
         },
         "description":{
@@ -1226,7 +1554,7 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To create a new minor version of the environment template, include a <code>majorVersion</code>.</p> <p>To create a new major and minor version of the environment template, <i>exclude</i> <code>majorVersion</code>.</p>"
+          "documentation":"<p>To create a new minor version of the environment template, include a <code>major Version</code>.</p> <p>To create a new major and minor version of the environment template, <i>exclude</i> <code>major Version</code>.</p>"
         },
         "source":{
           "shape":"TemplateVersionSourceInput",
@@ -1248,7 +1576,43 @@
       "members":{
         "environmentTemplateVersion":{
           "shape":"EnvironmentTemplateVersion",
-          "documentation":"<p>The environment template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "CreateRepositoryInput":{
+      "type":"structure",
+      "required":[
+        "connectionArn",
+        "name",
+        "provider"
+      ],
+      "members":{
+        "connectionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of your Amazon Web Services CodeStar connection. For more information, see <a href=\"https://docs.aws.amazon.com/setting-up-for-service\">Setting up for Proton</a> in the <i>Proton Administrator Guide</i>.</p>"
+        },
+        "encryptionKey":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of your customer Amazon Web Services Key Management Service (Amazon Web Services KMS) key.</p>"
+        },
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name, for example <code>myrepos/myrepo</code>.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      }
+    },
+    "CreateRepositoryOutput":{
+      "type":"structure",
+      "required":["repository"],
+      "members":{
+        "repository":{
+          "shape":"Repository",
+          "documentation":"<p>The repository detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1263,11 +1627,11 @@
       "members":{
         "branchName":{
           "shape":"GitBranchName",
-          "documentation":"<p>The name of the code repository branch that holds the code that's deployed in AWS Proton. <i>Don't</i> include this parameter if your service template <i>doesn't</i> include a service pipeline.</p>"
+          "documentation":"<p>The name of the code repository branch that holds the code that's deployed in Proton. <i>Don't</i> include this parameter if your service template <i>doesn't</i> include a service pipeline.</p>"
         },
         "description":{
           "shape":"Description",
-          "documentation":"<p>A description of the AWS Proton service.</p>"
+          "documentation":"<p>A description of the Proton service.</p>"
         },
         "name":{
           "shape":"ResourceName",
@@ -1275,7 +1639,7 @@
         },
         "repositoryConnectionArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the repository connection. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/setting-up-for-service.html#setting-up-vcontrol\">Set up repository connection</a> in the <i>AWS Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/proton-setup.html#setup-repo-connection\">Setting up with AWS Proton</a> in the <i>AWS Proton User Guide</i>. <i>Don't</i> include this parameter if your service template <i>doesn't</i> include a service pipeline.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the repository connection. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/setting-up-for-service.html#setting-up-vcontrol\">Set up repository connection</a> in the <i>Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/proton-setup.html#setup-repo-connection\">Setting up with Proton</a> in the <i>Proton User Guide</i>. <i>Don't</i> include this parameter if your service template <i>doesn't</i> include a service pipeline.</p>"
         },
         "repositoryId":{
           "shape":"RepositoryId",
@@ -1283,19 +1647,19 @@
         },
         "spec":{
           "shape":"SpecContents",
-          "documentation":"<p>A link to a spec file that provides inputs as defined in the service template bundle schema file. The spec file is in YAML format. Don’t include pipeline inputs in the spec if your service template <i>doesn’t</i> include a service pipeline. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-create-svc.html.html\">Create a service</a> in the <i>AWS Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-create.html\">Create a service</a> in the <i>AWS Proton User Guide</i>.</p>"
+          "documentation":"<p>A link to a spec file that provides inputs as defined in the service template bundle schema file. The spec file is in YAML format. Don’t include pipeline inputs in the spec if your service template <i>doesn’t</i> include a service pipeline. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-create-svc.html.html\">Create a service</a> in the <i>Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-create.html\">Create a service</a> in the <i>Proton User Guide</i>.</p>"
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>Create tags for your service. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>"
+          "documentation":"<p>Create tags for your service. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>"
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the service template that was used to create the service.</p>"
+          "documentation":"<p>The major version of the service template that was used to create the service.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the service template that was used to create the service.</p>"
+          "documentation":"<p>The minor version of the service template that was used to create the service.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
@@ -1309,7 +1673,7 @@
       "members":{
         "service":{
           "shape":"Service",
-          "documentation":"<p>The service detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1335,11 +1699,11 @@
         },
         "pipelineProvisioning":{
           "shape":"Provisioning",
-          "documentation":"<p>AWS Proton includes a service pipeline for your service by default. When included, this parameter indicates that an AWS Proton service pipeline <i>won't</i> be included for your service. Once specified, this parameter <i>can't</i> be changed. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-bundles.html\">Service template bundles</a> in the <i>AWS Proton Administrator Guide</i>.</p>"
+          "documentation":"<p>Proton includes a service pipeline for your service by default. When included, this parameter indicates that an Proton service pipeline <i>won't</i> be included for your service. Once specified, this parameter <i>can't</i> be changed. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-template-bundles.html\">Service template bundles</a> in the <i>Proton Administrator Guide</i>.</p>"
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>Create tags for your service template. For more information, see <i>AWS Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">AWS Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">AWS Proton User Guide</a>.</p>"
+          "documentation":"<p>Create tags for your service template. For more information, see <i>Proton resources and tagging</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/resources.html\">Proton Administrator Guide</a> or <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/resources.html\">Proton User Guide</a>.</p>"
         }
       }
     },
@@ -1349,7 +1713,7 @@
       "members":{
         "serviceTemplate":{
           "shape":"ServiceTemplate",
-          "documentation":"<p>The service template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1363,7 +1727,7 @@
       "members":{
         "clientToken":{
           "shape":"ClientToken",
-          "documentation":"<p>When included, if two identicial requests are made with the same client token, AWS Proton returns the service template version that the first request created.</p>",
+          "documentation":"<p>When included, if two identical requests are made with the same client token, Proton returns the service template version that the first request created.</p>",
           "idempotencyToken":true
         },
         "compatibleEnvironmentTemplates":{
@@ -1376,7 +1740,7 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To create a new minor version of the service template, include a <code>majorVersion</code>.</p> <p>To create a new major and minor version of the service template, <i>exclude</i> <code>majorVersion</code>.</p>"
+          "documentation":"<p>To create a new minor version of the service template, include a <code>major Version</code>.</p> <p>To create a new major and minor version of the service template, <i>exclude</i> <code>major Version</code>.</p>"
         },
         "source":{
           "shape":"TemplateVersionSourceInput",
@@ -1398,7 +1762,52 @@
       "members":{
         "serviceTemplateVersion":{
           "shape":"ServiceTemplateVersion",
-          "documentation":"<p>The service template version summary of detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template version summary of detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "CreateTemplateSyncConfigInput":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "repositoryName",
+        "repositoryProvider",
+        "templateName",
+        "templateType"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The branch of the registered repository for your template.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of your repository, for example <code>myrepos/myrepo</code>.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The provider type for your repository.</p>"
+        },
+        "subdirectory":{
+          "shape":"Subdirectory",
+          "documentation":"<p>A repository subdirectory path to your template bundle directory. When included, Proton limits the template bundle search to this repository directory.</p>"
+        },
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The name of your registered template.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The type of the registered template.</p>"
+        }
+      }
+    },
+    "CreateTemplateSyncConfigOutput":{
+      "type":"structure",
+      "members":{
+        "templateSyncConfig":{
+          "shape":"TemplateSyncConfig",
+          "documentation":"<p>The template sync configuration detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1417,7 +1826,7 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment account connection detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment account connection detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1436,7 +1845,7 @@
       "members":{
         "environment":{
           "shape":"Environment",
-          "documentation":"<p>The environment detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1455,7 +1864,7 @@
       "members":{
         "environmentTemplate":{
           "shape":"EnvironmentTemplate",
-          "documentation":"<p>The environment template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1486,7 +1895,33 @@
       "members":{
         "environmentTemplateVersion":{
           "shape":"EnvironmentTemplateVersion",
-          "documentation":"<p>The environment template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template version detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "DeleteRepositoryInput":{
+      "type":"structure",
+      "required":[
+        "name",
+        "provider"
+      ],
+      "members":{
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      }
+    },
+    "DeleteRepositoryOutput":{
+      "type":"structure",
+      "members":{
+        "repository":{
+          "shape":"Repository",
+          "documentation":"<p>The repository detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1505,7 +1940,7 @@
       "members":{
         "service":{
           "shape":"Service",
-          "documentation":"<p>The service detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1524,7 +1959,7 @@
       "members":{
         "serviceTemplate":{
           "shape":"ServiceTemplate",
-          "documentation":"<p>The service template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -1555,10 +1990,40 @@
       "members":{
         "serviceTemplateVersion":{
           "shape":"ServiceTemplateVersion",
-          "documentation":"<p>The service template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template version detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "DeleteTemplateSyncConfigInput":{
+      "type":"structure",
+      "required":[
+        "templateName",
+        "templateType"
+      ],
+      "members":{
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The template name.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The template type.</p>"
         }
       }
     },
+    "DeleteTemplateSyncConfigOutput":{
+      "type":"structure",
+      "members":{
+        "templateSyncConfig":{
+          "shape":"TemplateSyncConfig",
+          "documentation":"<p>The template sync configuration detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "DeploymentId":{
+      "type":"string",
+      "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+    },
     "DeploymentStatus":{
       "type":"string",
       "enum":[
@@ -1593,6 +2058,11 @@
       "min":1,
       "sensitive":true
     },
+    "EmptyNextToken":{
+      "type":"string",
+      "max":0,
+      "min":0
+    },
     "Environment":{
       "type":"structure",
       "required":[
@@ -1649,12 +2119,16 @@
         },
         "protonServiceRoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton service role that allows AWS Proton to make calls to other services on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton service role that allows Proton to make calls to other services on your behalf.</p>"
         },
         "provisioning":{
           "shape":"Provisioning",
           "documentation":"<p>When included, indicates that the environment template is for customer provisioned and managed infrastructure.</p>"
         },
+        "provisioningRepository":{
+          "shape":"RepositoryBranch",
+          "documentation":"<p>The repository that you provide with pull request provisioning.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+        },
         "spec":{
           "shape":"SpecContents",
           "documentation":"<p>The environment spec.</p>"
@@ -1672,7 +2146,7 @@
           "documentation":"<p>The Amazon Resource Name (ARN) of the environment template.</p>"
         }
       },
-      "documentation":"<p>The environment detail data. An AWS Proton environment is a set resources shared across an AWS Proton service.</p>"
+      "documentation":"<p>The environment detail data. An Proton environment is a set resources shared across an Proton service.</p>"
     },
     "EnvironmentAccountConnection":{
       "type":"structure",
@@ -1865,7 +2339,7 @@
         },
         "protonServiceRoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton service role that allows AWS Proton to make calls to other services on your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton service role that allows Proton to make calls to other services on your behalf.</p>"
         },
         "provisioning":{
           "shape":"Provisioning",
@@ -1873,11 +2347,11 @@
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the environment template.</p>"
+          "documentation":"<p>The major version of the environment template.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the environment template.</p>"
+          "documentation":"<p>The minor version of the environment template.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
@@ -2000,7 +2474,7 @@
         },
         "recommendedVersion":{
           "shape":"FullTemplateVersionNumber",
-          "documentation":"<p>The ID of the recommended version of the environment template.</p>"
+          "documentation":"<p>The recommended version of the environment template.</p>"
         }
       },
       "documentation":"<p>The environment template data.</p>"
@@ -2039,15 +2513,15 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the latest major version that's associated with the version of an environment template.</p>"
+          "documentation":"<p>The latest major version that's associated with the version of an environment template.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of an environment template.</p>"
+          "documentation":"<p>The minor version of an environment template.</p>"
         },
         "recommendedMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the recommended minor version of the environment template.</p>"
+          "documentation":"<p>The recommended minor version of the environment template.</p>"
         },
         "schema":{
           "shape":"TemplateSchema",
@@ -2099,15 +2573,15 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the latest major version that's associated with the version of an environment template.</p>"
+          "documentation":"<p>The latest major version that's associated with the version of an environment template.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the version of an environment template.</p>"
+          "documentation":"<p>The version of an environment template.</p>"
         },
         "recommendedMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the recommended minor version of the environment template.</p>"
+          "documentation":"<p>The recommended minor version of the environment template.</p>"
         },
         "status":{
           "shape":"TemplateVersionStatus",
@@ -2148,7 +2622,7 @@
       "members":{
         "accountSettings":{
           "shape":"AccountSettings",
-          "documentation":"<p>The AWS Proton pipeline service role detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The Proton pipeline service role detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2168,7 +2642,7 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment account connection detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment account connection detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2188,7 +2662,7 @@
       "members":{
         "environment":{
           "shape":"Environment",
-          "documentation":"<p>The environment detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2208,7 +2682,7 @@
       "members":{
         "environmentTemplate":{
           "shape":"EnvironmentTemplate",
-          "documentation":"<p>The environment template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2222,7 +2696,7 @@
       "members":{
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To view environment template major version detail data, include <code>majorVersion</code>.</p>"
+          "documentation":"<p>To view environment template major version detail data, include <code>major Version</code>.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
@@ -2240,7 +2714,70 @@
       "members":{
         "environmentTemplateVersion":{
           "shape":"EnvironmentTemplateVersion",
-          "documentation":"<p>The environment template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template version detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "GetRepositoryInput":{
+      "type":"structure",
+      "required":[
+        "name",
+        "provider"
+      ],
+      "members":{
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name, for example <code>myrepos/myrepo</code>.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      }
+    },
+    "GetRepositoryOutput":{
+      "type":"structure",
+      "required":["repository"],
+      "members":{
+        "repository":{
+          "shape":"Repository",
+          "documentation":"<p>The repository detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "GetRepositorySyncStatusInput":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "repositoryName",
+        "repositoryProvider",
+        "syncType"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        },
+        "syncType":{
+          "shape":"SyncType",
+          "documentation":"<p>The repository sync type.</p>"
+        }
+      }
+    },
+    "GetRepositorySyncStatusOutput":{
+      "type":"structure",
+      "members":{
+        "latestSync":{
+          "shape":"RepositorySyncAttempt",
+          "documentation":"<p>The repository sync status detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2277,7 +2814,7 @@
       "members":{
         "serviceInstance":{
           "shape":"ServiceInstance",
-          "documentation":"<p>The service instance detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service instance detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2286,7 +2823,7 @@
       "members":{
         "service":{
           "shape":"Service",
-          "documentation":"<p>The service detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2306,7 +2843,7 @@
       "members":{
         "serviceTemplate":{
           "shape":"ServiceTemplate",
-          "documentation":"<p>The service template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -2320,7 +2857,7 @@
       "members":{
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To view service template major version detail data, include <code>majorVersion</code>.</p>"
+          "documentation":"<p>To view service template major version detail data, include <code>major Version</code>.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
@@ -2338,7 +2875,72 @@
       "members":{
         "serviceTemplateVersion":{
           "shape":"ServiceTemplateVersion",
-          "documentation":"<p>The service template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template version detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "GetTemplateSyncConfigInput":{
+      "type":"structure",
+      "required":[
+        "templateName",
+        "templateType"
+      ],
+      "members":{
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The template name.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The template type.</p>"
+        }
+      }
+    },
+    "GetTemplateSyncConfigOutput":{
+      "type":"structure",
+      "members":{
+        "templateSyncConfig":{
+          "shape":"TemplateSyncConfig",
+          "documentation":"<p>The template sync configuration detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "GetTemplateSyncStatusInput":{
+      "type":"structure",
+      "required":[
+        "templateName",
+        "templateType",
+        "templateVersion"
+      ],
+      "members":{
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The template name.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The template type.</p>"
+        },
+        "templateVersion":{
+          "shape":"TemplateVersionPart",
+          "documentation":"<p>The template version.</p>"
+        }
+      }
+    },
+    "GetTemplateSyncStatusOutput":{
+      "type":"structure",
+      "members":{
+        "desiredState":{
+          "shape":"Revision",
+          "documentation":"<p>The template sync desired state that's returned by Proton.</p>"
+        },
+        "latestSuccessfulSync":{
+          "shape":"ResourceSyncAttempt",
+          "documentation":"<p>The details of the last successful sync that's returned by Proton.</p>"
+        },
+        "latestSync":{
+          "shape":"ResourceSyncAttempt",
+          "documentation":"<p>The details of the last sync that's returned by Proton.</p>"
         }
       }
     },
@@ -2390,7 +2992,7 @@
       "members":{
         "environmentAccountConnections":{
           "shape":"EnvironmentAccountConnectionSummaryList",
-          "documentation":"<p>An array of environment account connections with details that's returned by AWS Proton. </p>"
+          "documentation":"<p>An array of environment account connections with details that's returned by Proton. </p>"
         },
         "nextToken":{
           "shape":"NextToken",
@@ -2398,13 +3000,69 @@
         }
       }
     },
+    "ListEnvironmentOutputsInput":{
+      "type":"structure",
+      "required":["environmentName"],
+      "members":{
+        "environmentName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The environment name.</p>"
+        },
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next environment output in the array of environment outputs, after the list of environment outputs that was previously requested.</p>"
+        }
+      }
+    },
+    "ListEnvironmentOutputsOutput":{
+      "type":"structure",
+      "required":["outputs"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next environment output in the array of environment outputs, after the current requested list of environment outputs.</p>"
+        },
+        "outputs":{
+          "shape":"OutputsList",
+          "documentation":"<p>An array of environment outputs with detail data.</p>"
+        }
+      }
+    },
+    "ListEnvironmentProvisionedResourcesInput":{
+      "type":"structure",
+      "required":["environmentName"],
+      "members":{
+        "environmentName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The environment name.</p>"
+        },
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next environment provisioned resource in the array of environment provisioned resources, after the list of environment provisioned resources that was previously requested.</p>"
+        }
+      }
+    },
+    "ListEnvironmentProvisionedResourcesOutput":{
+      "type":"structure",
+      "required":["provisionedResources"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next environment provisioned resource in the array of provisioned resources, after the current requested list of environment provisioned resources.</p>"
+        },
+        "provisionedResources":{
+          "shape":"ProvisionedResourceList",
+          "documentation":"<p>An array of environment provisioned resources.</p>"
+        }
+      }
+    },
     "ListEnvironmentTemplateVersionsInput":{
       "type":"structure",
       "required":["templateName"],
       "members":{
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To view a list of minor of versions under a major version of an environment template, include <code>majorVersion</code>.</p> <p>To view a list of major versions of an environment template, <i>exclude</i> <code>majorVersion</code>.</p>"
+          "documentation":"<p>To view a list of minor of versions under a major version of an environment template, include <code>major Version</code>.</p> <p>To view a list of major versions of an environment template, <i>exclude</i> <code>major Version</code>.</p>"
         },
         "maxResults":{
           "shape":"MaxPageResults",
@@ -2492,6 +3150,143 @@
         }
       }
     },
+    "ListRepositoriesInput":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxPageResults",
+          "documentation":"<p>The maximum number of repositories to list.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to indicate the location of the next repository in the array of repositories, after the list of repositories previously requested.</p>"
+        }
+      }
+    },
+    "ListRepositoriesOutput":{
+      "type":"structure",
+      "required":["repositories"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token to indicate the location of the next repository in the array of repositories, after the current requested list of repositories. </p>"
+        },
+        "repositories":{
+          "shape":"RepositorySummaryList",
+          "documentation":"<p>An array of repositories.</p>"
+        }
+      }
+    },
+    "ListRepositorySyncDefinitionsInput":{
+      "type":"structure",
+      "required":[
+        "repositoryName",
+        "repositoryProvider",
+        "syncType"
+      ],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next repository sync definition in the array of repository sync definitions, after the list of repository sync definitions previously requested.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        },
+        "syncType":{
+          "shape":"SyncType",
+          "documentation":"<p>The sync type. The only supported value is <code>TEMPLATE_SYNC</code>.</p>"
+        }
+      }
+    },
+    "ListRepositorySyncDefinitionsOutput":{
+      "type":"structure",
+      "required":["syncDefinitions"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next repository sync definition in the array of repository sync definitions, after the current requested list of repository sync definitions.</p>"
+        },
+        "syncDefinitions":{
+          "shape":"RepositorySyncDefinitionList",
+          "documentation":"<p>An array of repository sync definitions.</p>"
+        }
+      }
+    },
+    "ListServiceInstanceOutputsInput":{
+      "type":"structure",
+      "required":[
+        "serviceInstanceName",
+        "serviceName"
+      ],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next output in the array of outputs, after the list of outputs that was previously requested.</p>"
+        },
+        "serviceInstanceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service instance name.</p>"
+        },
+        "serviceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service name.</p>"
+        }
+      }
+    },
+    "ListServiceInstanceOutputsOutput":{
+      "type":"structure",
+      "required":["outputs"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next output in the array of outputs, after the current requested list of outputs.</p>"
+        },
+        "outputs":{
+          "shape":"OutputsList",
+          "documentation":"<p>An array of service instance infrastructure as code outputs.</p>"
+        }
+      }
+    },
+    "ListServiceInstanceProvisionedResourcesInput":{
+      "type":"structure",
+      "required":[
+        "serviceInstanceName",
+        "serviceName"
+      ],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next provisioned resource in the array of provisioned resources, after the list of provisioned resources that was previously requested.</p>"
+        },
+        "serviceInstanceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service instance name.</p>"
+        },
+        "serviceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service name.</p>"
+        }
+      }
+    },
+    "ListServiceInstanceProvisionedResourcesOutput":{
+      "type":"structure",
+      "required":["provisionedResources"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next provisioned resource in the array of provisioned resources, after the current requested list of provisioned resources.</p>"
+        },
+        "provisionedResources":{
+          "shape":"ProvisionedResourceList",
+          "documentation":"<p>An array of provisioned resources for a service instance.</p>"
+        }
+      }
+    },
     "ListServiceInstancesInput":{
       "type":"structure",
       "members":{
@@ -2523,13 +3318,69 @@
         }
       }
     },
+    "ListServicePipelineOutputsInput":{
+      "type":"structure",
+      "required":["serviceName"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next output in the array of outputs, after the list of outputs that was previously requested.</p>"
+        },
+        "serviceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service name.</p>"
+        }
+      }
+    },
+    "ListServicePipelineOutputsOutput":{
+      "type":"structure",
+      "required":["outputs"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next output in the array of outputs, after the current requested list of outputs.</p>"
+        },
+        "outputs":{
+          "shape":"OutputsList",
+          "documentation":"<p>An array of outputs.</p>"
+        }
+      }
+    },
+    "ListServicePipelineProvisionedResourcesInput":{
+      "type":"structure",
+      "required":["serviceName"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next provisioned resource in the array of provisioned resources, after the list of provisioned resources that was previously requested.</p>"
+        },
+        "serviceName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The service name.</p>"
+        }
+      }
+    },
+    "ListServicePipelineProvisionedResourcesOutput":{
+      "type":"structure",
+      "required":["provisionedResources"],
+      "members":{
+        "nextToken":{
+          "shape":"EmptyNextToken",
+          "documentation":"<p>A token to indicate the location of the next provisioned resource in the array of provisioned resources, after the current requested list of provisioned resources.</p>"
+        },
+        "provisionedResources":{
+          "shape":"ProvisionedResourceList",
+          "documentation":"<p>An array of provisioned resources for a service and pipeline.</p>"
+        }
+      }
+    },
     "ListServiceTemplateVersionsInput":{
       "type":"structure",
       "required":["templateName"],
       "members":{
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To view a list of minor of versions under a major version of a service template, include <code>majorVersion</code>.</p> <p>To view a list of major versions of a service template, <i>exclude</i> <code>majorVersion</code>.</p>"
+          "documentation":"<p>To view a list of minor of versions under a major version of a service template, include <code>major Version</code>.</p> <p>To view a list of major versions of a service template, <i>exclude</i> <code>major Version</code>.</p>"
         },
         "maxResults":{
           "shape":"MaxPageResults",
@@ -2551,7 +3402,7 @@
       "members":{
         "nextToken":{
           "shape":"NextToken",
-          "documentation":"<p>A token to indicate the location of the next major or minor version in the array of major or minor versions of a service template, after the list of major or minor versions that was previously requested.</p>"
+          "documentation":"<p>A token to indicate the location of the next major or minor version in the array of major or minor versions of a service template, after the current requested list of service major or minor versions.</p>"
         },
         "templateVersions":{
           "shape":"ServiceTemplateVersionSummaryList",
@@ -2655,6 +3506,121 @@
       "type":"string",
       "pattern":"^[A-Za-z0-9+=/]+$"
     },
+    "NotifyResourceDeploymentStatusChangeInput":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "status"
+      ],
+      "members":{
+        "deploymentId":{
+          "shape":"DeploymentId",
+          "documentation":"<p>The deployment ID for your provisioned resource.</p>"
+        },
+        "outputs":{
+          "shape":"NotifyResourceDeploymentStatusChangeInputOutputsList",
+          "documentation":"<p>The provisioned resource state change detail data that's returned by Proton.</p>"
+        },
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The provisioned resource Amazon Resource Name (ARN).</p>"
+        },
+        "status":{
+          "shape":"ResourceDeploymentStatus",
+          "documentation":"<p>The status of your provisioned resource.</p>"
+        },
+        "statusMessage":{
+          "shape":"SyntheticNotifyResourceDeploymentStatusChangeInputString",
+          "documentation":"<p>The deployment status message for your provisioned resource.</p>"
+        }
+      }
+    },
+    "NotifyResourceDeploymentStatusChangeInputOutputsList":{
+      "type":"list",
+      "member":{"shape":"Output"},
+      "max":50,
+      "min":0
+    },
+    "NotifyResourceDeploymentStatusChangeOutput":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Output":{
+      "type":"structure",
+      "members":{
+        "key":{
+          "shape":"OutputKey",
+          "documentation":"<p>The output key.</p>"
+        },
+        "valueString":{
+          "shape":"OutputValueString",
+          "documentation":"<p>The output value.</p>"
+        }
+      },
+      "documentation":"<p>An infrastructure as code defined resource output.</p>",
+      "sensitive":true
+    },
+    "OutputKey":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "OutputValueString":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "OutputsList":{
+      "type":"list",
+      "member":{"shape":"Output"}
+    },
+    "PipelineRoleArn":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"(^$)|(^arn:[a-zA-Z-]+:[a-zA-Z0-9-]+:[a-zA-Z0-9-]*:\\d*:[\\w+=\\/:,\\.@-]*)"
+    },
+    "ProvisionedResource":{
+      "type":"structure",
+      "members":{
+        "identifier":{
+          "shape":"ProvisionedResourceIdentifier",
+          "documentation":"<p>The provisioned resource identifier.</p>"
+        },
+        "name":{
+          "shape":"ProvisionedResourceName",
+          "documentation":"<p>The provisioned resource name.</p>"
+        },
+        "provisioningEngine":{
+          "shape":"ProvisionedResourceEngine",
+          "documentation":"<p>The resource provisioning engine.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+        }
+      },
+      "documentation":"<p>Detail data for a provisioned resource.</p>"
+    },
+    "ProvisionedResourceEngine":{
+      "type":"string",
+      "documentation":"<p>List of provisioning engines</p>",
+      "enum":[
+        "CLOUDFORMATION",
+        "TERRAFORM"
+      ]
+    },
+    "ProvisionedResourceIdentifier":{
+      "type":"string",
+      "max":200,
+      "min":1
+    },
+    "ProvisionedResourceList":{
+      "type":"list",
+      "member":{"shape":"ProvisionedResource"}
+    },
+    "ProvisionedResourceName":{
+      "type":"string",
+      "max":200,
+      "min":1
+    },
     "Provisioning":{
       "type":"string",
       "enum":["CUSTOMER_MANAGED"]
@@ -2675,15 +3641,245 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment connection account detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment connection account detail data that's returned by Proton.</p>"
         }
       }
     },
+    "Repository":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "connectionArn",
+        "name",
+        "provider"
+      ],
+      "members":{
+        "arn":{
+          "shape":"RepositoryArn",
+          "documentation":"<p>The repository Amazon Resource Name (ARN).</p>"
+        },
+        "connectionArn":{
+          "shape":"Arn",
+          "documentation":"<p>The repository Amazon Web Services CodeStar connection that connects Proton to your repository.</p>"
+        },
+        "encryptionKey":{
+          "shape":"Arn",
+          "documentation":"<p>Your customer Amazon Web Services KMS encryption key.</p>"
+        },
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      },
+      "documentation":"<p>Detail date for a repository that has been registered with Proton.</p>"
+    },
+    "RepositoryArn":{"type":"string"},
+    "RepositoryBranch":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "branch",
+        "name",
+        "provider"
+      ],
+      "members":{
+        "arn":{
+          "shape":"RepositoryArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the repository branch.</p>"
+        },
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      },
+      "documentation":"<p>Detail data for a repository branch.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+    },
+    "RepositoryBranchInput":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "name",
+        "provider"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      },
+      "documentation":"<p>Detail input data for a repository branch.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+    },
     "RepositoryId":{
       "type":"string",
       "max":200,
       "min":1
     },
+    "RepositoryName":{
+      "type":"string",
+      "max":100,
+      "min":1,
+      "pattern":"[A-Za-z0-9_.-].*/[A-Za-z0-9_.-].*"
+    },
+    "RepositoryProvider":{
+      "type":"string",
+      "enum":[
+        "GITHUB",
+        "GITHUB_ENTERPRISE",
+        "BITBUCKET"
+      ]
+    },
+    "RepositorySummary":{
+      "type":"structure",
+      "required":[
+        "arn",
+        "name",
+        "provider"
+      ],
+      "members":{
+        "arn":{
+          "shape":"RepositoryArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a repository.</p>"
+        },
+        "name":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "provider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        }
+      },
+      "documentation":"<p>A summary of detail data for a registered repository.</p>"
+    },
+    "RepositorySummaryList":{
+      "type":"list",
+      "member":{"shape":"RepositorySummary"}
+    },
+    "RepositorySyncAttempt":{
+      "type":"structure",
+      "required":[
+        "events",
+        "startedAt",
+        "status"
+      ],
+      "members":{
+        "events":{
+          "shape":"RepositorySyncEvents",
+          "documentation":"<p>Detail data for sync attempt events.</p>"
+        },
+        "startedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the sync attempt started.</p>"
+        },
+        "status":{
+          "shape":"RepositorySyncStatus",
+          "documentation":"<p>The sync attempt status.</p>"
+        }
+      },
+      "documentation":"<p>Detail data for a repository sync attempt activated by a push to a repository.</p>"
+    },
+    "RepositorySyncDefinition":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "directory",
+        "parent",
+        "target"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "directory":{
+          "shape":"String",
+          "documentation":"<p>The directory in the repository.</p>"
+        },
+        "parent":{
+          "shape":"String",
+          "documentation":"<p>The resource that is synced from.</p>"
+        },
+        "target":{
+          "shape":"String",
+          "documentation":"<p>The resource that is synced to.</p>"
+        }
+      },
+      "documentation":"<p>The repository sync definition.</p>"
+    },
+    "RepositorySyncDefinitionList":{
+      "type":"list",
+      "member":{"shape":"RepositorySyncDefinition"}
+    },
+    "RepositorySyncEvent":{
+      "type":"structure",
+      "required":[
+        "event",
+        "time",
+        "type"
+      ],
+      "members":{
+        "event":{
+          "shape":"String",
+          "documentation":"<p>Event detail for a repository sync attempt.</p>"
+        },
+        "externalId":{
+          "shape":"String",
+          "documentation":"<p>The external ID of the sync event.</p>"
+        },
+        "time":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time that the sync event occurred.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>The type of event.</p>"
+        }
+      },
+      "documentation":"<p>Repository sync event detail data for a sync attempt.</p>"
+    },
+    "RepositorySyncEvents":{
+      "type":"list",
+      "member":{"shape":"RepositorySyncEvent"}
+    },
+    "RepositorySyncStatus":{
+      "type":"string",
+      "enum":[
+        "INITIATED",
+        "IN_PROGRESS",
+        "SUCCEEDED",
+        "FAILED",
+        "QUEUED"
+      ]
+    },
+    "ResourceDeploymentStatus":{
+      "type":"string",
+      "documentation":"<p>The state that a PR-based deployment can be updated to.</p>",
+      "enum":[
+        "IN_PROGRESS",
+        "FAILED",
+        "SUCCEEDED"
+      ]
+    },
     "ResourceName":{
       "type":"string",
       "max":100,
@@ -2699,6 +3895,117 @@
       "documentation":"<p>The requested resource <i>wasn't</i> found.</p>",
       "exception":true
     },
+    "ResourceSyncAttempt":{
+      "type":"structure",
+      "required":[
+        "events",
+        "initialRevision",
+        "startedAt",
+        "status",
+        "target",
+        "targetRevision"
+      ],
+      "members":{
+        "events":{
+          "shape":"ResourceSyncEvents",
+          "documentation":"<p>An array of events with detail data.</p>"
+        },
+        "initialRevision":{
+          "shape":"Revision",
+          "documentation":"<p>Detail data for the initial repository commit, path and push.</p>"
+        },
+        "startedAt":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the sync attempt started.</p>"
+        },
+        "status":{
+          "shape":"ResourceSyncStatus",
+          "documentation":"<p>The status of the sync attempt.</p>"
+        },
+        "target":{
+          "shape":"String",
+          "documentation":"<p>The resource that is synced to.</p>"
+        },
+        "targetRevision":{
+          "shape":"Revision",
+          "documentation":"<p>Detail data for the target revision.</p>"
+        }
+      },
+      "documentation":"<p>Detail data for a resource sync attempt activated by a push to a repository.</p>"
+    },
+    "ResourceSyncEvent":{
+      "type":"structure",
+      "required":[
+        "event",
+        "time",
+        "type"
+      ],
+      "members":{
+        "event":{
+          "shape":"String",
+          "documentation":"<p>A resource sync event.</p>"
+        },
+        "externalId":{
+          "shape":"String",
+          "documentation":"<p>The external ID for the event.</p>"
+        },
+        "time":{
+          "shape":"Timestamp",
+          "documentation":"<p>The time when the event occurred.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>The type of event.</p>"
+        }
+      },
+      "documentation":"<p>Detail data for a resource sync event.</p>"
+    },
+    "ResourceSyncEvents":{
+      "type":"list",
+      "member":{"shape":"ResourceSyncEvent"}
+    },
+    "ResourceSyncStatus":{
+      "type":"string",
+      "enum":[
+        "INITIATED",
+        "IN_PROGRESS",
+        "SUCCEEDED",
+        "FAILED"
+      ]
+    },
+    "Revision":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "directory",
+        "repositoryName",
+        "repositoryProvider",
+        "sha"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "directory":{
+          "shape":"String",
+          "documentation":"<p>The repository directory changed by a commit and push that activated the sync attempt.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The repository name.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        },
+        "sha":{
+          "shape":"SHA",
+          "documentation":"<p>The secure hash algorithm (SHA) hash for the revision.</p>"
+        }
+      },
+      "documentation":"<p>Revision detail data for a commit and push that activates a sync attempt</p>"
+    },
     "S3Bucket":{
       "type":"string",
       "max":63,
@@ -2728,6 +4035,11 @@
       },
       "documentation":"<p>Template bundle S3 bucket data.</p>"
     },
+    "SHA":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
     "Service":{
       "type":"structure",
       "required":[
@@ -2746,7 +4058,7 @@
         },
         "branchName":{
           "shape":"GitBranchName",
-          "documentation":"<p>The name of the code repository branch that holds the code that's deployed in AWS Proton.</p>"
+          "documentation":"<p>The name of the code repository branch that holds the code that's deployed in Proton.</p>"
         },
         "createdAt":{
           "shape":"Timestamp",
@@ -2770,11 +4082,11 @@
         },
         "repositoryConnectionArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the repository connection. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/setting-up-for-service.html#setting-up-vcontrol\">Set up a repository connection</a> in the <i>AWS Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/proton-setup.html#setup-repo-connection\">Setting up with AWS Proton</a> in the <i>AWS Proton User Guide</i>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the repository connection. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/setting-up-for-service.html#setting-up-vcontrol\">Set up a repository connection</a> in the <i>Proton Administrator Guide</i> and <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/proton-setup.html#setup-repo-connection\">Setting up with Proton</a> in the <i>Proton User Guide</i>.</p>"
         },
         "repositoryId":{
           "shape":"RepositoryId",
-          "documentation":"<p>The ID of the code repository.</p>"
+          "documentation":"<p>The ID of the source code repository.</p>"
         },
         "spec":{
           "shape":"SpecContents",
@@ -2854,11 +4166,11 @@
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the service template that was used to create the service instance.</p>"
+          "documentation":"<p>The major version of the service template that was used to create the service instance.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the service template that was used to create the service instance.</p>"
+          "documentation":"<p>The minor version of the service template that was used to create the service instance.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
@@ -2922,11 +4234,11 @@
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of a service template.</p>"
+          "documentation":"<p>The service instance template major version.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of a service template.</p>"
+          "documentation":"<p>The service instance template minor version.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
@@ -2982,11 +4294,11 @@
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the service template that was used to create the service pipeline.</p>"
+          "documentation":"<p>The major version of the service template that was used to create the service pipeline.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the service template that was used to create the service pipeline.</p>"
+          "documentation":"<p>The minor version of the service template that was used to create the service pipeline.</p>"
         },
         "templateName":{
           "shape":"ResourceName",
@@ -3001,7 +4313,7 @@
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>A quota was exceeded. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-limits.html\">AWS Proton Quotas</a> in the <i>AWS Proton Administrator Guide</i>.</p>",
+      "documentation":"<p>A quota was exceeded. For more information, see <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-limits.html\">Proton Quotas</a> in the <i>Proton Administrator Guide</i>.</p>",
       "exception":true
     },
     "ServiceStatus":{
@@ -3116,7 +4428,7 @@
         },
         "recommendedVersion":{
           "shape":"FullTemplateVersionNumber",
-          "documentation":"<p>The ID of the recommended version of the service template.</p>"
+          "documentation":"<p>The recommended version of the service template.</p>"
         }
       },
       "documentation":"<p>The service template detail data.</p>"
@@ -3161,7 +4473,7 @@
         },
         "recommendedVersion":{
           "shape":"FullTemplateVersionNumber",
-          "documentation":"<p>The ID of the recommended version of the service template.</p>"
+          "documentation":"<p>The recommended version of the service template.</p>"
         }
       },
       "documentation":"<p>The service template summary data.</p>"
@@ -3205,15 +4517,15 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the latest major version that's associated with the version of a service template.</p>"
+          "documentation":"<p>The latest major version that's associated with the version of a service template.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of a service template.</p>"
+          "documentation":"<p>The minor version of a service template.</p>"
         },
         "recommendedMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the recommended minor version of the service template.</p>"
+          "documentation":"<p>The recommended minor version of the service template.</p>"
         },
         "schema":{
           "shape":"TemplateSchema",
@@ -3265,15 +4577,15 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the latest major version that's associated with the version of a service template.</p>"
+          "documentation":"<p>The latest major version that's associated with the version of a service template.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of a service template.</p>"
+          "documentation":"<p>The minor version of a service template.</p>"
         },
         "recommendedMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the recommended minor version of the service template.</p>"
+          "documentation":"<p>The recommended minor version of the service template.</p>"
         },
         "status":{
           "shape":"TemplateVersionStatus",
@@ -3305,6 +4617,21 @@
       "sensitive":true
     },
     "String":{"type":"string"},
+    "Subdirectory":{
+      "type":"string",
+      "max":4096,
+      "min":1
+    },
+    "SyncType":{
+      "type":"string",
+      "enum":["TEMPLATE_SYNC"]
+    },
+    "SyntheticNotifyResourceDeploymentStatusChangeInputString":{
+      "type":"string",
+      "max":5000,
+      "min":0,
+      "sensitive":true
+    },
     "Tag":{
       "type":"structure",
       "required":[
@@ -3373,6 +4700,50 @@
       "min":1,
       "sensitive":true
     },
+    "TemplateSyncConfig":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "repositoryName",
+        "repositoryProvider",
+        "templateName",
+        "templateType"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository, for example <code>myrepos/myrepo</code>.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        },
+        "subdirectory":{
+          "shape":"Subdirectory",
+          "documentation":"<p>A subdirectory path to your template bundle version.</p>"
+        },
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The template name.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The template type.</p>"
+        }
+      },
+      "documentation":"<p>The detail data for a template sync configuration.</p>"
+    },
+    "TemplateType":{
+      "type":"string",
+      "enum":[
+        "ENVIRONMENT",
+        "SERVICE"
+      ]
+    },
     "TemplateVersionPart":{
       "type":"string",
       "max":20,
@@ -3435,9 +4806,13 @@
     "UpdateAccountSettingsInput":{
       "type":"structure",
       "members":{
+        "pipelineProvisioningRepository":{
+          "shape":"RepositoryBranchInput",
+          "documentation":"<p>The repository that you provide with pull request provisioning.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
+        },
         "pipelineServiceRoleArn":{
-          "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton pipeline service role.</p>"
+          "shape":"PipelineRoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton pipeline service role.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
         }
       }
     },
@@ -3447,7 +4822,7 @@
       "members":{
         "accountSettings":{
           "shape":"AccountSettings",
-          "documentation":"<p>The AWS Proton pipeline service role detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The Proton pipeline service role repository detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3474,7 +4849,7 @@
       "members":{
         "environmentAccountConnection":{
           "shape":"EnvironmentAccountConnection",
-          "documentation":"<p>The environment account connection detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment account connection detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3503,7 +4878,11 @@
         },
         "protonServiceRoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the AWS Proton service role that allows AWS Proton to make API calls to other services your behalf.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Proton service role that allows Proton to make API calls to other services your behalf.</p>"
+        },
+        "provisioningRepository":{
+          "shape":"RepositoryBranchInput",
+          "documentation":"<p>The repository that you provide with pull request provisioning.</p> <important> <p>Provisioning by pull request is currently in feature preview and is only usable with Terraform based Proton Templates. To learn more about <a href=\"https://aws.amazon.com/service-terms\">Amazon Web Services Feature Preview terms</a>, see section 2 on Beta and Previews.</p> </important>"
         },
         "spec":{
           "shape":"SpecContents",
@@ -3511,11 +4890,11 @@
         },
         "templateMajorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the major version of the environment to update.</p>"
+          "documentation":"<p>The major version of the environment to update.</p>"
         },
         "templateMinorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>The ID of the minor version of the environment to update.</p>"
+          "documentation":"<p>The minor version of the environment to update.</p>"
         }
       }
     },
@@ -3525,7 +4904,7 @@
       "members":{
         "environment":{
           "shape":"Environment",
-          "documentation":"<p>The environment detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3553,7 +4932,7 @@
       "members":{
         "environmentTemplate":{
           "shape":"EnvironmentTemplate",
-          "documentation":"<p>The environment template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3571,7 +4950,7 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To update a major version of an environment template, include <code>majorVersion</code>.</p>"
+          "documentation":"<p>To update a major version of an environment template, include <code>major Version</code>.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
@@ -3593,7 +4972,7 @@
       "members":{
         "environmentTemplateVersion":{
           "shape":"EnvironmentTemplateVersion",
-          "documentation":"<p>The environment template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The environment template version detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3611,7 +4990,7 @@
         },
         "spec":{
           "shape":"SpecContents",
-          "documentation":"<p>Lists the service instances to add and the existing service instances to remain. Omit the existing service instances to delete from the list. <i>Don't</i> include edits to the existing service instances or pipeline. For more information, see <i>Edit a service</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-update.html\">AWS Proton Administrator Guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-update.html\">AWS Proton User Guide</a>.</p>"
+          "documentation":"<p>Lists the service instances to add and the existing service instances to remain. Omit the existing service instances to delete from the list. <i>Don't</i> include edits to the existing service instances or pipeline. For more information, see <i>Edit a service</i> in the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/ag-svc-update.html\">Proton Administrator Guide</a> or the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/ug-svc-update.html\">Proton User Guide</a>.</p>"
         }
       }
     },
@@ -3655,7 +5034,7 @@
       "members":{
         "serviceInstance":{
           "shape":"ServiceInstance",
-          "documentation":"<p>The service instance summary data returned by AWS Proton.</p>"
+          "documentation":"<p>The service instance summary data returned by Proton.</p>"
         }
       }
     },
@@ -3665,7 +5044,7 @@
       "members":{
         "service":{
           "shape":"Service",
-          "documentation":"<p>The service detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3705,7 +5084,7 @@
       "members":{
         "pipeline":{
           "shape":"ServicePipeline",
-          "documentation":"<p>The pipeline details returned by AWS Proton.</p>"
+          "documentation":"<p>The pipeline details returned by Proton.</p>"
         }
       }
     },
@@ -3733,7 +5112,7 @@
       "members":{
         "serviceTemplate":{
           "shape":"ServiceTemplate",
-          "documentation":"<p>The service template detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3755,7 +5134,7 @@
         },
         "majorVersion":{
           "shape":"TemplateVersionPart",
-          "documentation":"<p>To update a major version of a service template, include <code>majorVersion</code>.</p>"
+          "documentation":"<p>To update a major version of a service template, include <code>major Version</code>.</p>"
         },
         "minorVersion":{
           "shape":"TemplateVersionPart",
@@ -3777,7 +5156,52 @@
       "members":{
         "serviceTemplateVersion":{
           "shape":"ServiceTemplateVersion",
-          "documentation":"<p>The service template version detail data that's returned by AWS Proton.</p>"
+          "documentation":"<p>The service template version detail data that's returned by Proton.</p>"
+        }
+      }
+    },
+    "UpdateTemplateSyncConfigInput":{
+      "type":"structure",
+      "required":[
+        "branch",
+        "repositoryName",
+        "repositoryProvider",
+        "templateName",
+        "templateType"
+      ],
+      "members":{
+        "branch":{
+          "shape":"GitBranchName",
+          "documentation":"<p>The repository branch.</p>"
+        },
+        "repositoryName":{
+          "shape":"RepositoryName",
+          "documentation":"<p>The name of the repository, for example <code>myrepos/myrepo</code>.</p>"
+        },
+        "repositoryProvider":{
+          "shape":"RepositoryProvider",
+          "documentation":"<p>The repository provider.</p>"
+        },
+        "subdirectory":{
+          "shape":"Subdirectory",
+          "documentation":"<p>A subdirectory path to your template bundle version. When included, limits the template bundle search to this repository directory.</p>"
+        },
+        "templateName":{
+          "shape":"ResourceName",
+          "documentation":"<p>The synced template name.</p>"
+        },
+        "templateType":{
+          "shape":"TemplateType",
+          "documentation":"<p>The synced template type.</p>"
+        }
+      }
+    },
+    "UpdateTemplateSyncConfigOutput":{
+      "type":"structure",
+      "members":{
+        "templateSyncConfig":{
+          "shape":"TemplateSyncConfig",
+          "documentation":"<p>The template sync configuration detail data that's returned by Proton.</p>"
         }
       }
     },
@@ -3791,5 +5215,5 @@
       "exception":true
     }
   },
-  "documentation":"<p>This is the AWS Proton Service API Reference. It provides descriptions, syntax and usage examples for each of the <a href=\"https://docs.aws.amazon.com/proton/latest/APIReference/API_Operations.html\">actions</a> and <a href=\"https://docs.aws.amazon.com/proton/latest/APIReference/API_Types.html\">data types</a> for the AWS Proton service.</p> <p>The documentation for each action shows the Query API request parameters and the XML response.</p> <p>Alternatively, you can use the AWS CLI to access an API. For more information, see the <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html\">AWS Command Line Interface User Guide</a>.</p> <p>The AWS Proton service is a two-pronged automation framework. Administrators create service templates to provide standardized infrastructure and deployment tooling for serverless and container based applications. Developers, in turn, select from the available service templates to automate their application or service deployments.</p> <p>Because administrators define the infrastructure and tooling that AWS Proton deploys and manages, they need permissions to use all of the listed API operations.</p> <p>When developers select a specific infrastructure and tooling set, AWS Proton deploys their applications. To monitor their applications that are running on AWS Proton, developers need permissions to the service <i>create</i>, <i>list</i>, <i>update</i> and <i>delete</i> API operations and the service instance <i>list</i> and <i>update</i> API operations.</p> <p>To learn more about AWS Proton administration, see the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/Welcome.html\">AWS Proton Administrator Guide</a>.</p> <p>To learn more about deploying serverless and containerized applications on AWS Proton, see the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/Welcome.html\">AWS Proton User Guide</a>.</p> <p> <b>Ensuring Idempotency</b> </p> <p>When you make a mutating API request, the request typically returns a result before the asynchronous workflows of the operation are complete. Operations might also time out or encounter other server issues before they're complete, even if the request already returned a result. This might make it difficult to determine whether the request succeeded. Moreover, you might need to retry the request multiple times to ensure that the operation completes successfully. However, if the original request and the subsequent retries are successful, the operation occurs multiple times. This means that you might create more resources than you intended.</p> <p> <i>Idempotency</i> ensures that an API request action completes no more than one time. With an idempotent request, if the original request action completes successfully, any subsequent retries complete successfully without performing any further actions. However, the result might contain updated information, such as the current creation status.</p> <p>The following lists of APIs are grouped according to methods that ensure idempotency.</p> <p> <b>Idempotent create APIs with a client token</b> </p> <p>The API actions in this list support idempotency with the use of a <i>client token</i>. The corresponding AWS CLI commands also support idempotency using a client token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request using one of these actions, specify a client token in the request. We recommend that you <i>don't</i> reuse the same client token for other API requests. If you don’t provide a client token for these APIs, a default client token is automatically provided by SDKs.</p> <p>Given a request action that has succeeded:</p> <p>If you retry the request using the same client token and the same parameters, the retry succeeds without performing any further actions other than returning the original resource detail data in the response.</p> <p>If you retry the request using the same client token, but one or more of the parameters are different, the retry throws a <code>ValidationException</code> with an <code>IdempotentParameterMismatch</code> error.</p> <p>Client tokens expire eight hours after a request is made. If you retry the request with the expired token, a new resource is created.</p> <p>If the original resource is deleted and you retry the request, a new resource is created.</p> <p>Idempotent create APIs with a client token:</p> <ul> <li> <p>CreateEnvironmentTemplateVersion</p> </li> <li> <p>CreateServiceTemplateVersion</p> </li> <li> <p>CreateEnvironmentAccountConnection</p> </li> </ul> <p> <b>Idempotent create APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>If you retry the request with an API from this group, and the original resource <i>hasn't</i> been modified, the retry succeeds without performing any further actions other than returning the original resource detail data in the response.</p> <p>If the original resource has been modified, the retry throws a <code>ConflictException</code>.</p> <p>If you retry with different input parameters, the retry throws a <code>ValidationException</code> with an <code>IdempotentParameterMismatch</code> error.</p> <p>Idempotent create APIs:</p> <ul> <li> <p>CreateEnvironmentTemplate</p> </li> <li> <p>CreateServiceTemplate</p> </li> <li> <p>CreateEnvironment</p> </li> <li> <p>CreateService</p> </li> </ul> <p> <b>Idempotent delete APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>When you retry the request with an API from this group and the resource was deleted, its metadata is returned in the response.</p> <p>If you retry and the resource doesn't exist, the response is empty.</p> <p>In both cases, the retry succeeds.</p> <p>Idempotent delete APIs:</p> <ul> <li> <p>DeleteEnvironmentTemplate</p> </li> <li> <p>DeleteEnvironmentTemplateVersion</p> </li> <li> <p>DeleteServiceTemplate</p> </li> <li> <p>DeleteServiceTemplateVersion</p> </li> <li> <p>DeleteEnvironmentAccountConnection</p> </li> </ul> <p> <b>Asynchronous idempotent delete APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>If you retry the request with an API from this group, if the original request delete operation status is <code>DELETE_IN_PROGRESS</code>, the retry returns the resource detail data in the response without performing any further actions.</p> <p>If the original request delete operation is complete, a retry returns an empty response.</p> <p>Asynchronous idempotent delete APIs:</p> <ul> <li> <p>DeleteEnvironment</p> </li> <li> <p>DeleteService</p> </li> </ul>"
+  "documentation":"<p>This is the Proton Service API Reference. It provides descriptions, syntax and usage examples for each of the <a href=\"https://docs.aws.amazon.com/proton/latest/APIReference/API_Operations.html\">actions</a> and <a href=\"https://docs.aws.amazon.com/proton/latest/APIReference/API_Types.html\">data types</a> for the Proton service.</p> <p>The documentation for each action shows the Query API request parameters and the XML response.</p> <p>Alternatively, you can use the Amazon Web Services CLI to access an API. For more information, see the <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html\">Amazon Web Services Command Line Interface User Guide</a>.</p> <p>The Proton service is a two-pronged automation framework. Administrators create service templates to provide standardized infrastructure and deployment tooling for serverless and container based applications. Developers, in turn, select from the available service templates to automate their application or service deployments.</p> <p>Because administrators define the infrastructure and tooling that Proton deploys and manages, they need permissions to use all of the listed API operations.</p> <p>When developers select a specific infrastructure and tooling set, Proton deploys their applications. To monitor their applications that are running on Proton, developers need permissions to the service <i>create</i>, <i>list</i>, <i>update</i> and <i>delete</i> API operations and the service instance <i>list</i> and <i>update</i> API operations.</p> <p>To learn more about Proton administration, see the <a href=\"https://docs.aws.amazon.com/proton/latest/adminguide/Welcome.html\">Proton Administrator Guide</a>.</p> <p>To learn more about deploying serverless and containerized applications on Proton, see the <a href=\"https://docs.aws.amazon.com/proton/latest/userguide/Welcome.html\">Proton User Guide</a>.</p> <p> <b>Ensuring Idempotency</b> </p> <p>When you make a mutating API request, the request typically returns a result before the asynchronous workflows of the operation are complete. Operations might also time out or encounter other server issues before they're complete, even if the request already returned a result. This might make it difficult to determine whether the request succeeded. Moreover, you might need to retry the request multiple times to ensure that the operation completes successfully. However, if the original request and the subsequent retries are successful, the operation occurs multiple times. This means that you might create more resources than you intended.</p> <p> <i>Idempotency</i> ensures that an API request action completes no more than one time. With an idempotent request, if the original request action completes successfully, any subsequent retries complete successfully without performing any further actions. However, the result might contain updated information, such as the current creation status.</p> <p>The following lists of APIs are grouped according to methods that ensure idempotency.</p> <p> <b>Idempotent create APIs with a client token</b> </p> <p>The API actions in this list support idempotency with the use of a <i>client token</i>. The corresponding Amazon Web Services CLI commands also support idempotency using a client token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request using one of these actions, specify a client token in the request. We recommend that you <i>don't</i> reuse the same client token for other API requests. If you don’t provide a client token for these APIs, a default client token is automatically provided by SDKs.</p> <p>Given a request action that has succeeded:</p> <p>If you retry the request using the same client token and the same parameters, the retry succeeds without performing any further actions other than returning the original resource detail data in the response.</p> <p>If you retry the request using the same client token, but one or more of the parameters are different, the retry throws a <code>ValidationException</code> with an <code>IdempotentParameterMismatch</code> error.</p> <p>Client tokens expire eight hours after a request is made. If you retry the request with the expired token, a new resource is created.</p> <p>If the original resource is deleted and you retry the request, a new resource is created.</p> <p>Idempotent create APIs with a client token:</p> <ul> <li> <p>CreateEnvironmentTemplateVersion</p> </li> <li> <p>CreateServiceTemplateVersion</p> </li> <li> <p>CreateEnvironmentAccountConnection</p> </li> </ul> <p> <b>Idempotent create APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>If you retry the request with an API from this group, and the original resource <i>hasn't</i> been modified, the retry succeeds without performing any further actions other than returning the original resource detail data in the response.</p> <p>If the original resource has been modified, the retry throws a <code>ConflictException</code>.</p> <p>If you retry with different input parameters, the retry throws a <code>ValidationException</code> with an <code>IdempotentParameterMismatch</code> error.</p> <p>Idempotent create APIs:</p> <ul> <li> <p>CreateEnvironmentTemplate</p> </li> <li> <p>CreateServiceTemplate</p> </li> <li> <p>CreateEnvironment</p> </li> <li> <p>CreateService</p> </li> </ul> <p> <b>Idempotent delete APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>When you retry the request with an API from this group and the resource was deleted, its metadata is returned in the response.</p> <p>If you retry and the resource doesn't exist, the response is empty.</p> <p>In both cases, the retry succeeds.</p> <p>Idempotent delete APIs:</p> <ul> <li> <p>DeleteEnvironmentTemplate</p> </li> <li> <p>DeleteEnvironmentTemplateVersion</p> </li> <li> <p>DeleteServiceTemplate</p> </li> <li> <p>DeleteServiceTemplateVersion</p> </li> <li> <p>DeleteEnvironmentAccountConnection</p> </li> </ul> <p> <b>Asynchronous idempotent delete APIs</b> </p> <p>Given a request action that has succeeded:</p> <p>If you retry the request with an API from this group, if the original request delete operation status is <code>DELETE_IN_PROGRESS</code>, the retry returns the resource detail data in the response without performing any further actions.</p> <p>If the original request delete operation is complete, a retry returns an empty response.</p> <p>Asynchronous idempotent delete APIs:</p> <ul> <li> <p>DeleteEnvironment</p> </li> <li> <p>DeleteService</p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/qldb/2019-01-02/service-2.json b/contrib/python/botocore/py3/botocore/data/qldb/2019-01-02/service-2.json
index 995a2751977..44c96d4e635 100644
--- a/contrib/python/botocore/py3/botocore/data/qldb/2019-01-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/qldb/2019-01-02/service-2.json
@@ -42,7 +42,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceInUseException"}
       ],
-      "documentation":"<p>Creates a new ledger in your account in the current Region.</p>"
+      "documentation":"<p>Creates a new ledger in your Amazon Web Services account in the current Region.</p>"
     },
     "DeleteLedger":{
       "name":"DeleteLedger",
@@ -113,7 +113,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ResourcePreconditionNotMetException"}
       ],
-      "documentation":"<p>Exports journal contents within a date and time range from a ledger into a specified Amazon Simple Storage Service (Amazon S3) bucket. The data is written as files in Amazon Ion format.</p> <p>If the ledger with the given <code>Name</code> doesn't exist, then throws <code>ResourceNotFoundException</code>.</p> <p>If the ledger with the given <code>Name</code> is in <code>CREATING</code> status, then throws <code>ResourcePreconditionNotMetException</code>.</p> <p>You can initiate up to two concurrent journal export requests for each ledger. Beyond this limit, journal export requests throw <code>LimitExceededException</code>.</p>"
+      "documentation":"<p>Exports journal contents within a date and time range from a ledger into a specified Amazon Simple Storage Service (Amazon S3) bucket. A journal export job can write the data objects in either the text or binary representation of Amazon Ion format, or in <i>JSON Lines</i> text format.</p> <p>In JSON Lines format, each journal block in the exported data object is a valid JSON object that is delimited by a newline. You can use this format to easily integrate JSON exports with analytics tools such as Glue and Amazon Athena because these services can parse newline-delimited JSON automatically. For more information about the format, see <a href=\"https://jsonlines.org/\">JSON Lines</a>.</p> <p>If the ledger with the given <code>Name</code> doesn't exist, then throws <code>ResourceNotFoundException</code>.</p> <p>If the ledger with the given <code>Name</code> is in <code>CREATING</code> status, then throws <code>ResourcePreconditionNotMetException</code>.</p> <p>You can initiate up to two concurrent journal export requests for each ledger. Beyond this limit, journal export requests throw <code>LimitExceededException</code>.</p>"
     },
     "GetBlock":{
       "name":"GetBlock",
@@ -183,7 +183,7 @@
       },
       "input":{"shape":"ListJournalS3ExportsRequest"},
       "output":{"shape":"ListJournalS3ExportsResponse"},
-      "documentation":"<p>Returns an array of journal export job descriptions for all ledgers that are associated with the current account and Region.</p> <p>This action returns a maximum of <code>MaxResults</code> items, and is paginated so that you can retrieve all the items by calling <code>ListJournalS3Exports</code> multiple times.</p> <p>This action does not return any expired export jobs. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/export-journal.request.html#export-journal.request.expiration\">Export job expiration</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
+      "documentation":"<p>Returns an array of journal export job descriptions for all ledgers that are associated with the current Amazon Web Services account and Region.</p> <p>This action returns a maximum of <code>MaxResults</code> items, and is paginated so that you can retrieve all the items by calling <code>ListJournalS3Exports</code> multiple times.</p> <p>This action does not return any expired export jobs. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/export-journal.request.html#export-journal.request.expiration\">Export job expiration</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
     },
     "ListJournalS3ExportsForLedger":{
       "name":"ListJournalS3ExportsForLedger",
@@ -203,7 +203,7 @@
       },
       "input":{"shape":"ListLedgersRequest"},
       "output":{"shape":"ListLedgersResponse"},
-      "documentation":"<p>Returns an array of ledger summaries that are associated with the current account and Region.</p> <p>This action returns a maximum of 100 items and is paginated so that you can retrieve all the items by calling <code>ListLedgers</code> multiple times.</p>"
+      "documentation":"<p>Returns an array of ledger summaries that are associated with the current Amazon Web Services account and Region.</p> <p>This action returns a maximum of 100 items and is paginated so that you can retrieve all the items by calling <code>ListLedgers</code> multiple times.</p>"
     },
     "ListTagsForResource":{
       "name":"ListTagsForResource",
@@ -337,7 +337,7 @@
       "members":{
         "Name":{
           "shape":"LedgerName",
-          "documentation":"<p>The name of the ledger that you want to create. The name must be unique among all of the ledgers in your account in the current Region.</p> <p>Naming constraints for ledger names are defined in <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/limits.html#limits.naming\">Quotas in Amazon QLDB</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
+          "documentation":"<p>The name of the ledger that you want to create. The name must be unique among all of the ledgers in your Amazon Web Services account in the current Region.</p> <p>Naming constraints for ledger names are defined in <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/limits.html#limits.naming\">Quotas in Amazon QLDB</a> in the <i>Amazon QLDB Developer Guide</i>.</p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -353,7 +353,7 @@
         },
         "KmsKey":{
           "shape":"KmsKey",
-          "documentation":"<p>The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html\">Encryption at rest</a> in the <i>Amazon QLDB Developer Guide</i>.</p> <p>Use one of the following options to specify this parameter:</p> <ul> <li> <p> <code>AWS_OWNED_KMS_KEY</code>: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.</p> </li> <li> <p> <b>Undefined</b>: By default, use an Amazon Web Services owned KMS key.</p> </li> <li> <p> <b>A valid symmetric customer managed KMS key</b>: Use the specified KMS key in your account that you create, own, and manage.</p> <p>Amazon QLDB does not support asymmetric keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Key Management Service Developer Guide</i>.</p> </li> </ul> <p>To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a key in a different account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id\">Key identifiers (KeyId)</a> in the <i>Key Management Service Developer Guide</i>.</p>"
+          "documentation":"<p>The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html\">Encryption at rest</a> in the <i>Amazon QLDB Developer Guide</i>.</p> <p>Use one of the following options to specify this parameter:</p> <ul> <li> <p> <code>AWS_OWNED_KMS_KEY</code>: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.</p> </li> <li> <p> <b>Undefined</b>: By default, use an Amazon Web Services owned KMS key.</p> </li> <li> <p> <b>A valid symmetric customer managed KMS key</b>: Use the specified KMS key in your account that you create, own, and manage.</p> <p>Amazon QLDB does not support asymmetric keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Key Management Service Developer Guide</i>.</p> </li> </ul> <p>To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id\">Key identifiers (KeyId)</a> in the <i>Key Management Service Developer Guide</i>.</p>"
         }
       }
     },
@@ -560,7 +560,11 @@
         },
         "RoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:</p> <ul> <li> <p>Write objects into your Amazon Simple Storage Service (Amazon S3) bucket.</p> </li> <li> <p>(Optional) Use your customer master key (CMK) in Key Management Service (KMS) for server-side encryption of your exported data.</p> </li> </ul>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:</p> <ul> <li> <p>Write objects into your Amazon Simple Storage Service (Amazon S3) bucket.</p> </li> <li> <p>(Optional) Use your customer managed key in Key Management Service (KMS) for server-side encryption of your exported data.</p> </li> </ul> <p>To pass a role to QLDB when requesting a journal export, you must have permissions to perform the <code>iam:PassRole</code> action on the IAM role resource. This is required for all journal export requests.</p>"
+        },
+        "OutputFormat":{
+          "shape":"OutputFormat",
+          "documentation":"<p>The output format of your exported journal data. If this parameter is not specified, the exported data defaults to <code>ION_TEXT</code> format.</p>"
         }
       }
     },
@@ -802,16 +806,20 @@
         },
         "InclusiveStartTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The inclusive start date and time for the range of journal contents that are specified in the original export request.</p>"
+          "documentation":"<p>The inclusive start date and time for the range of journal contents that was specified in the original export request.</p>"
         },
         "ExclusiveEndTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The exclusive end date and time for the range of journal contents that are specified in the original export request.</p>"
+          "documentation":"<p>The exclusive end date and time for the range of journal contents that was specified in the original export request.</p>"
         },
         "S3ExportConfiguration":{"shape":"S3ExportConfiguration"},
         "RoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:</p> <ul> <li> <p>Write objects into your Amazon Simple Storage Service (Amazon S3) bucket.</p> </li> <li> <p>(Optional) Use your customer master key (CMK) in Key Management Service (KMS) for server-side encryption of your exported data.</p> </li> </ul>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal export job to do the following:</p> <ul> <li> <p>Write objects into your Amazon Simple Storage Service (Amazon S3) bucket.</p> </li> <li> <p>(Optional) Use your customer managed key in Key Management Service (KMS) for server-side encryption of your exported data.</p> </li> </ul>"
+        },
+        "OutputFormat":{
+          "shape":"OutputFormat",
+          "documentation":"<p>The output format of the exported journal data.</p>"
         }
       },
       "documentation":"<p>Information about a journal export job, including the ledger name, export ID, creation time, current status, and the parameters of the original export creation request.</p>"
@@ -1007,7 +1015,7 @@
       "members":{
         "JournalS3Exports":{
           "shape":"JournalS3ExportList",
-          "documentation":"<p>The array of journal export job descriptions for all ledgers that are associated with the current account and Region.</p>"
+          "documentation":"<p>The array of journal export job descriptions for all ledgers that are associated with the current Amazon Web Services account and Region.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -1037,7 +1045,7 @@
       "members":{
         "Ledgers":{
           "shape":"LedgerList",
-          "documentation":"<p>The array of ledger summaries that are associated with the current account and Region.</p>"
+          "documentation":"<p>The array of ledger summaries that are associated with the current Amazon Web Services account and Region.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -1077,6 +1085,14 @@
       "min":4,
       "pattern":"^[A-Za-z-0-9+/=]+$"
     },
+    "OutputFormat":{
+      "type":"string",
+      "enum":[
+        "ION_BINARY",
+        "ION_TEXT",
+        "JSON"
+      ]
+    },
     "ParameterName":{"type":"string"},
     "PermissionsMode":{
       "type":"string",
@@ -1171,7 +1187,7 @@
         },
         "KmsKeyArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) in Key Management Service (KMS). Amazon S3 does not support asymmetric CMKs.</p> <p>You must provide a <code>KmsKeyArn</code> if you specify <code>SSE_KMS</code> as the <code>ObjectEncryptionType</code>.</p> <p> <code>KmsKeyArn</code> is not required if you specify <code>SSE_S3</code> as the <code>ObjectEncryptionType</code>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of a symmetric key in Key Management Service (KMS). Amazon S3 does not support asymmetric KMS keys.</p> <p>You must provide a <code>KmsKeyArn</code> if you specify <code>SSE_KMS</code> as the <code>ObjectEncryptionType</code>.</p> <p> <code>KmsKeyArn</code> is not required if you specify <code>SSE_S3</code> as the <code>ObjectEncryptionType</code>.</p>"
         }
       },
       "documentation":"<p>The encryption settings that are used by a journal export job to write data in an Amazon Simple Storage Service (Amazon S3) bucket.</p>"
@@ -1230,7 +1246,7 @@
         },
         "RoleArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal stream to write data records to a Kinesis Data Streams resource.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role that grants QLDB permissions for a journal stream to write data records to a Kinesis Data Streams resource.</p> <p>To pass a role to QLDB when requesting a journal stream, you must have permissions to perform the <code>iam:PassRole</code> action on the IAM role resource. This is required for all journal stream requests.</p>"
         },
         "Tags":{
           "shape":"Tags",
@@ -1411,7 +1427,7 @@
         },
         "KmsKey":{
           "shape":"KmsKey",
-          "documentation":"<p>The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html\">Encryption at rest</a> in the <i>Amazon QLDB Developer Guide</i>.</p> <p>Use one of the following options to specify this parameter:</p> <ul> <li> <p> <code>AWS_OWNED_KMS_KEY</code>: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.</p> </li> <li> <p> <b>Undefined</b>: Make no changes to the KMS key of the ledger.</p> </li> <li> <p> <b>A valid symmetric customer managed KMS key</b>: Use the specified KMS key in your account that you create, own, and manage.</p> <p>Amazon QLDB does not support asymmetric keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Key Management Service Developer Guide</i>.</p> </li> </ul> <p>To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a key in a different account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id\">Key identifiers (KeyId)</a> in the <i>Key Management Service Developer Guide</i>.</p>"
+          "documentation":"<p>The key in Key Management Service (KMS) to use for encryption of data at rest in the ledger. For more information, see <a href=\"https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html\">Encryption at rest</a> in the <i>Amazon QLDB Developer Guide</i>.</p> <p>Use one of the following options to specify this parameter:</p> <ul> <li> <p> <code>AWS_OWNED_KMS_KEY</code>: Use an KMS key that is owned and managed by Amazon Web Services on your behalf.</p> </li> <li> <p> <b>Undefined</b>: Make no changes to the KMS key of the ledger.</p> </li> <li> <p> <b>A valid symmetric customer managed KMS key</b>: Use the specified KMS key in your account that you create, own, and manage.</p> <p>Amazon QLDB does not support asymmetric keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Key Management Service Developer Guide</i>.</p> </li> </ul> <p>To specify a customer managed KMS key, you can use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with <code>\"alias/\"</code>. To specify a key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Alias name: <code>alias/ExampleAlias</code> </p> </li> <li> <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id\">Key identifiers (KeyId)</a> in the <i>Key Management Service Developer Guide</i>.</p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/quicksight/2018-04-01/service-2.json b/contrib/python/botocore/py3/botocore/data/quicksight/2018-04-01/service-2.json
index e44f0f9892d..93aae43d7de 100644
--- a/contrib/python/botocore/py3/botocore/data/quicksight/2018-04-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/quicksight/2018-04-01/service-2.json
@@ -39,6 +39,7 @@
       "output":{"shape":"CreateAccountCustomizationResponse"},
       "errors":[
         {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"ResourceExistsException"},
         {"shape":"ResourceNotFoundException"},
@@ -46,7 +47,7 @@
         {"shape":"InternalFailureException"},
         {"shape":"ResourceUnavailableException"}
       ],
-      "documentation":"<p>Creates Amazon QuickSight customizations the current Amazon Web Services Region. Currently, you can add a custom default theme by using the <code>CreateAccountCustomization</code> or <code>UpdateAccountCustomization</code> API operation. To further customize Amazon QuickSight by removing Amazon QuickSight sample assets and videos for all new users, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-quicksight.html\">Customizing Amazon QuickSight</a> in the <i>Amazon QuickSight User Guide.</i> </p> <p>You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a Amazon QuickSight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the <code>DescribeAccountCustomization</code> API operation.</p> <p>Before you use the <code>CreateAccountCustomization</code> API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the <code> <a>DescribeThemePermissions</a> </code> API operation. To share the theme, grant permissions by using the <code> <a>UpdateThemePermissions</a> </code> API operation. </p>"
+      "documentation":"<p>Creates Amazon QuickSight customizations the current Amazon Web Services Region. Currently, you can add a custom default theme by using the <code>CreateAccountCustomization</code> or <code>UpdateAccountCustomization</code> API operation. To further customize Amazon QuickSight by removing Amazon QuickSight sample assets and videos for all new users, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-quicksight.html\">Customizing Amazon QuickSight</a> in the <i>Amazon QuickSight User Guide.</i> </p> <p>You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a QuickSight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the <code>DescribeAccountCustomization</code> API operation.</p> <p>Before you use the <code>CreateAccountCustomization</code> API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeThemePermissions.html\">DescribeThemePermissions</a> </code> API operation. To share the theme, grant permissions by using the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateThemePermissions.html\">UpdateThemePermissions</a> </code> API operation. </p>"
     },
     "CreateAnalysis":{
       "name":"CreateAnalysis",
@@ -84,7 +85,7 @@
         {"shape":"UnsupportedUserEditionException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates a dashboard from a template. To first create a template, see the <code> <a>CreateTemplate</a> </code> API operation.</p> <p>A dashboard is an entity in Amazon QuickSight that identifies Amazon QuickSight reports, created from analyses. You can share Amazon QuickSight dashboards. With the right permissions, you can create scheduled email reports from them. If you have the correct permissions, you can create a dashboard from a template that exists in a different Amazon Web Services account.</p>"
+      "documentation":"<p>Creates a dashboard from a template. To first create a template, see the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_CreateTemplate.html\">CreateTemplate</a> </code> API operation.</p> <p>A dashboard is an entity in Amazon QuickSight that identifies Amazon QuickSight reports, created from analyses. You can share Amazon QuickSight dashboards. With the right permissions, you can create scheduled email reports from them. If you have the correct permissions, you can create a dashboard from a template that exists in a different Amazon Web Services account.</p>"
     },
     "CreateDataSet":{
       "name":"CreateDataSet",
@@ -105,7 +106,7 @@
         {"shape":"UnsupportedUserEditionException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates a dataset.</p>"
+      "documentation":"<p>Creates a dataset. This operation doesn't support datasets that include uploaded files as a source.</p>"
     },
     "CreateDataSource":{
       "name":"CreateDataSource",
@@ -225,7 +226,7 @@
         {"shape":"ConcurrentUpdatingException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates an assignment with one specified IAMpolicy, identified by its Amazon Resource Name (ARN). This policy assignment is attached to the specified groups or users of Amazon QuickSight. Assignment names are unique per Amazon Web Services account. To avoid overwriting rules in other namespaces, use assignment names that are unique.</p>"
+      "documentation":"<p>Creates an assignment with one specified IAM policy, identified by its Amazon Resource Name (ARN). This policy assignment is attached to the specified groups or users of Amazon QuickSight. Assignment names are unique per Amazon Web Services account. To avoid overwriting rules in other namespaces, use assignment names that are unique.</p>"
     },
     "CreateIngestion":{
       "name":"CreateIngestion",
@@ -244,7 +245,7 @@
         {"shape":"ResourceExistsException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Creates and starts a new SPICE ingestion on a dataset</p> <p>Any ingestions operating on tagged datasets inherit the same tags automatically for use in access control. For an example, see <a href=\"http://aws.amazon.com/premiumsupport/knowledge-center/iam-ec2-resource-tags/\">How do I create an IAM policy to control access to Amazon EC2 resources using tags?</a> in the Amazon Web Services Knowledge Center. Tags are visible on the tagged dataset, but not on the ingestion resource.</p>"
+      "documentation":"<p>Creates and starts a new SPICE ingestion for a dataset. You can manually refresh datasets in an Enterprise edition account 32 times in a 24-hour period. You can manually refresh datasets in a Standard edition account 8 times in a 24-hour period. Each 24-hour period is measured starting 24 hours before the current date and time.</p> <p>Any ingestions operating on tagged datasets inherit the same tags automatically for use in access control. For an example, see <a href=\"http://aws.amazon.com/premiumsupport/knowledge-center/iam-ec2-resource-tags/\">How do I create an IAM policy to control access to Amazon EC2 resources using tags?</a> in the Amazon Web Services Knowledge Center. Tags are visible on the tagged dataset, but not on the ingestion resource.</p>"
     },
     "CreateNamespace":{
       "name":"CreateNamespace",
@@ -359,6 +360,7 @@
       "output":{"shape":"DeleteAccountCustomizationResponse"},
       "errors":[
         {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"},
@@ -530,7 +532,7 @@
         {"shape":"ConcurrentUpdatingException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Deletes an existing IAMpolicy assignment.</p>"
+      "documentation":"<p>Deletes an existing IAM policy assignment.</p>"
     },
     "DeleteNamespace":{
       "name":"DeleteNamespace",
@@ -678,7 +680,7 @@
         {"shape":"InternalFailureException"},
         {"shape":"ResourceUnavailableException"}
       ],
-      "documentation":"<p>Describes the customizations associated with the provided Amazon Web Services account and Amazon Amazon QuickSight namespace in an Amazon Web Services Region. The Amazon QuickSight console evaluates which customizations to apply by running this API operation with the <code>Resolved</code> flag included. </p> <p>To determine what customizations display when you run this command, it can help to visualize the relationship of the entities involved. </p> <ul> <li> <p> <code>Amazon Web Services account</code> - The Amazon Web Services account exists at the top of the hierarchy. It has the potential to use all of the Amazon Web Services Regions and AWS Services. When you subscribe to Amazon QuickSight, you choose one Amazon Web Services Region to use as your home Region. That's where your free SPICE capacity is located. You can use Amazon QuickSight in any supported Amazon Web Services Region. </p> </li> <li> <p> <code>Amazon Web Services Region</code> - In each Amazon Web Services Region where you sign in to Amazon QuickSight at least once, Amazon QuickSight acts as a separate instance of the same service. If you have a user directory, it resides in us-east-1, which is the US East (N. Virginia). Generally speaking, these users have access to Amazon QuickSight in any Amazon Web Services Region, unless they are constrained to a namespace. </p> <p>To run the command in a different Amazon Web Services Region, you change your Region settings. If you're using the AWS CLI, you can use one of the following options:</p> <ul> <li> <p>Use <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html\">command line options</a>. </p> </li> <li> <p>Use <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html\">named profiles</a>. </p> </li> <li> <p>Run <code>aws configure</code> to change your default Amazon Web Services Region. Use Enter to key the same settings for your keys. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\">Configuring the AWS CLI</a>.</p> </li> </ul> </li> <li> <p> <code>Namespace</code> - A Amazon QuickSight namespace is a partition that contains users and assets (data sources, datasets, dashboards, and so on). To access assets that are in a specific namespace, users and groups must also be part of the same namespace. People who share a namespace are completely isolated from users and assets in other namespaces, even if they are in the same Amazon Web Services account and Amazon Web Services Region.</p> </li> <li> <p> <code>Applied customizations</code> - Within an Amazon Web Services Region, a set of Amazon QuickSight customizations can apply to an Amazon Web Services account or to a namespace. Settings that you apply to a namespace override settings that you apply to an Amazon Web Services account. All settings are isolated to a single Amazon Web Services Region. To apply them in other Amazon Web Services Regions, run the <code>CreateAccountCustomization</code> command in each Amazon Web Services Region where you want to apply the same customizations. </p> </li> </ul>"
+      "documentation":"<p>Describes the customizations associated with the provided Amazon Web Services account and Amazon Amazon QuickSight namespace in an Amazon Web Services Region. The Amazon QuickSight console evaluates which customizations to apply by running this API operation with the <code>Resolved</code> flag included. </p> <p>To determine what customizations display when you run this command, it can help to visualize the relationship of the entities involved. </p> <ul> <li> <p> <code>Amazon Web Services account</code> - The Amazon Web Services account exists at the top of the hierarchy. It has the potential to use all of the Amazon Web Services Regions and Amazon Web Services Services. When you subscribe to Amazon QuickSight, you choose one Amazon Web Services Region to use as your home Region. That's where your free SPICE capacity is located. You can use Amazon QuickSight in any supported Amazon Web Services Region. </p> </li> <li> <p> <code>Amazon Web Services Region</code> - In each Amazon Web Services Region where you sign in to Amazon QuickSight at least once, Amazon QuickSight acts as a separate instance of the same service. If you have a user directory, it resides in us-east-1, which is the US East (N. Virginia). Generally speaking, these users have access to Amazon QuickSight in any Amazon Web Services Region, unless they are constrained to a namespace. </p> <p>To run the command in a different Amazon Web Services Region, you change your Region settings. If you're using the CLI, you can use one of the following options:</p> <ul> <li> <p>Use <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-options.html\">command line options</a>. </p> </li> <li> <p>Use <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html\">named profiles</a>. </p> </li> <li> <p>Run <code>aws configure</code> to change your default Amazon Web Services Region. Use Enter to key the same settings for your keys. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html\">Configuring the CLI</a>.</p> </li> </ul> </li> <li> <p> <code>Namespace</code> - A QuickSight namespace is a partition that contains users and assets (data sources, datasets, dashboards, and so on). To access assets that are in a specific namespace, users and groups must also be part of the same namespace. People who share a namespace are completely isolated from users and assets in other namespaces, even if they are in the same Amazon Web Services account and Amazon Web Services Region.</p> </li> <li> <p> <code>Applied customizations</code> - Within an Amazon Web Services Region, a set of Amazon QuickSight customizations can apply to an Amazon Web Services account or to a namespace. Settings that you apply to a namespace override settings that you apply to an Amazon Web Services account. All settings are isolated to a single Amazon Web Services Region. To apply them in other Amazon Web Services Regions, run the <code>CreateAccountCustomization</code> command in each Amazon Web Services Region where you want to apply the same customizations. </p> </li> </ul>"
     },
     "DescribeAccountSettings":{
       "name":"DescribeAccountSettings",
@@ -783,7 +785,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Describes a dataset. </p>"
+      "documentation":"<p>Describes a dataset. This operation doesn't support datasets that include uploaded files as a source.</p>"
     },
     "DescribeDataSetPermissions":{
       "name":"DescribeDataSetPermissions",
@@ -925,7 +927,7 @@
         {"shape":"InvalidNextTokenException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Describes an existing IAMpolicy assignment, as specified by the assignment name.</p>"
+      "documentation":"<p>Describes an existing IAM policy assignment, as specified by the assignment name.</p>"
     },
     "DescribeIngestion":{
       "name":"DescribeIngestion",
@@ -960,7 +962,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Provides a summary and status of IP Rules.</p>"
+      "documentation":"<p>Provides a summary and status of IP rules.</p>"
     },
     "DescribeNamespace":{
       "name":"DescribeNamespace",
@@ -1192,7 +1194,7 @@
         {"shape":"UnsupportedUserEditionException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Generates a session URL and authorization code that you can use to embed the Amazon Amazon QuickSight console in your web server code. Use <code>GetSessionEmbedUrl</code> where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon QuickSight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the <code> <a>UpdateUser</a> </code> API operation. Use <code> <a>RegisterUser</a> </code> API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the <i>Amazon QuickSight User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics.html\">Embedding Analytics</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> </p> </li> </ul>"
+      "documentation":"<p>Generates a session URL and authorization code that you can use to embed the Amazon Amazon QuickSight console in your web server code. Use <code>GetSessionEmbedUrl</code> where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon QuickSight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateUser.html\">UpdateUser</a> </code> API operation. Use <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_RegisterUser.html\">RegisterUser</a> </code> API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the <i>Amazon QuickSight User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics.html\">Embedding Analytics</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> </p> </li> </ul>"
     },
     "ListAnalyses":{
       "name":"ListAnalyses",
@@ -1372,7 +1374,7 @@
         {"shape":"InvalidNextTokenException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Lists IAMpolicy assignments in the current Amazon QuickSight account.</p>"
+      "documentation":"<p>Lists IAM policy assignments in the current Amazon QuickSight account.</p>"
     },
     "ListIAMPolicyAssignmentsForUser":{
       "name":"ListIAMPolicyAssignmentsForUser",
@@ -1391,7 +1393,7 @@
         {"shape":"ConcurrentUpdatingException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Lists all the IAMpolicy assignments, including the Amazon Resource Names (ARNs) for the IAM policies assigned to the specified user and group or groups that the user belongs to.</p>"
+      "documentation":"<p>Lists all the IAM policy assignments, including the Amazon Resource Names (ARNs) for the IAM policies assigned to the specified user and group or groups that the user belongs to.</p>"
     },
     "ListIngestions":{
       "name":"ListIngestions",
@@ -1617,7 +1619,7 @@
         {"shape":"InternalFailureException"},
         {"shape":"ResourceUnavailableException"}
       ],
-      "documentation":"<p>Creates an Amazon QuickSight user, whose identity is associated with the AWS Identity and Access Management (IAM) identity or role specified in the request. </p>"
+      "documentation":"<p>Creates an Amazon QuickSight user, whose identity is associated with the Identity and Access Management (IAM) identity or role specified in the request. </p>"
     },
     "RestoreAnalysis":{
       "name":"RestoreAnalysis",
@@ -1708,7 +1710,7 @@
         {"shape":"ThrottlingException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource. </p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the <code>TagResource</code> operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.</p> <p>You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, and template. </p> <p>Tagging for Amazon QuickSight works in a similar way to tagging for other AWS services, except for the following:</p> <ul> <li> <p>You can't use tags to track AWS costs for Amazon QuickSight. This restriction is because Amazon QuickSight costs are based on users and SPICE capacity, which aren't taggable resources.</p> </li> <li> <p>Amazon QuickSight doesn't currently support the Tag Editor for Resource Groups.</p> </li> </ul>"
+      "documentation":"<p>Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource. </p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the <code>TagResource</code> operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.</p> <p>You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, and template. </p> <p>Tagging for Amazon QuickSight works in a similar way to tagging for other Amazon Web Services services, except for the following:</p> <ul> <li> <p>You can't use tags to track costs for Amazon QuickSight. This isn't possible because you can't tag the resources that Amazon QuickSight costs are based on, for example Amazon QuickSight storage capacity (SPICE), number of users, type of users, and usage metrics.</p> </li> <li> <p>Amazon QuickSight doesn't currently support the tag editor for Resource Groups.</p> </li> </ul>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -1737,6 +1739,7 @@
       "output":{"shape":"UpdateAccountCustomizationResponse"},
       "errors":[
         {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
         {"shape":"InvalidParameterValueException"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottlingException"},
@@ -1817,7 +1820,7 @@
         {"shape":"UnsupportedUserEditionException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Updates a dashboard in an Amazon Web Services account.</p> <note> <p>Updating a Dashboard creates a new dashboard version but does not immediately publish the new version. You can update the published version of a dashboard by using the <a>UpdateDashboardPublishedVersion</a> API operation.</p> </note>"
+      "documentation":"<p>Updates a dashboard in an Amazon Web Services account.</p> <note> <p>Updating a Dashboard creates a new dashboard version but does not immediately publish the new version. You can update the published version of a dashboard by using the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateDashboardPublishedVersion.html\">UpdateDashboardPublishedVersion</a> </code> API operation.</p> </note>"
     },
     "UpdateDashboardPermissions":{
       "name":"UpdateDashboardPermissions",
@@ -1873,7 +1876,7 @@
         {"shape":"UnsupportedUserEditionException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Updates a dataset.</p>"
+      "documentation":"<p>Updates a dataset. This operation doesn't support datasets that include uploaded files as a source.</p>"
     },
     "UpdateDataSetPermissions":{
       "name":"UpdateDataSetPermissions",
@@ -2004,7 +2007,7 @@
         {"shape":"ConcurrentUpdatingException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Updates an existing IAMpolicy assignment. This operation updates only the optional parameter or parameters that are specified in the request. This overwrites all of the users included in <code>Identities</code>. </p>"
+      "documentation":"<p>Updates an existing IAM policy assignment. This operation updates only the optional parameter or parameters that are specified in the request. This overwrites all of the users included in <code>Identities</code>. </p>"
     },
     "UpdateIpRestriction":{
       "name":"UpdateIpRestriction",
@@ -2022,7 +2025,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InternalFailureException"}
       ],
-      "documentation":"<p>Updates content and status of IP Rules.</p>"
+      "documentation":"<p>Updates the content and status of IP rules. To use this operation, you need to provide the entire map of rules. You can use the <code>DescribeIpRestriction</code> operation to get the current rule map.</p>"
     },
     "UpdateTemplate":{
       "name":"UpdateTemplate",
@@ -2177,9 +2180,13 @@
         "DefaultTheme":{
           "shape":"Arn",
           "documentation":"<p>The default theme for this Amazon QuickSight subscription.</p>"
+        },
+        "DefaultEmailCustomizationTemplate":{
+          "shape":"Arn",
+          "documentation":"<p>The default email customization template.</p>"
         }
       },
-      "documentation":"<p>The Amazon QuickSight customizations associated with your Amazon Web Services account or a Amazon QuickSight namespace in a specific Amazon Web Services Region.</p>"
+      "documentation":"<p>The Amazon QuickSight customizations associated with your Amazon Web Services account or a QuickSight namespace in a specific Amazon Web Services Region.</p>"
     },
     "AccountSettings":{
       "type":"structure",
@@ -2214,7 +2221,7 @@
       "members":{
         "AssignmentName":{
           "shape":"IAMPolicyAssignmentName",
-          "documentation":"<p>A name for the IAMpolicy assignment.</p>"
+          "documentation":"<p>A name for the IAM policy assignment.</p>"
         },
         "PolicyArn":{
           "shape":"Arn",
@@ -2264,8 +2271,12 @@
       "type":"structure",
       "required":["Domain"],
       "members":{
-        "Domain":{"shape":"Domain"}
-      }
+        "Domain":{
+          "shape":"Domain",
+          "documentation":"<p>The OpenSearch domain.</p>"
+        }
+      },
+      "documentation":"<p>The parameters for OpenSearch.</p>"
     },
     "Analysis":{
       "type":"structure",
@@ -2459,10 +2470,10 @@
       "members":{
         "Dashboard":{
           "shape":"AnonymousUserDashboardEmbeddingConfiguration",
-          "documentation":"<p>The type of embedding experience. In this case, an Amazon QuickSight dashboard.</p>"
+          "documentation":"<p>The type of embedding experience. In this case, Amazon QuickSight dashboards.</p>"
         }
       },
-      "documentation":"<p>The type of experience you want to embed. For anonymous users, you can embed an Amazon QuickSight dashboard.</p>"
+      "documentation":"<p>The type of experience you want to embed. For anonymous users, you can embed Amazon QuickSight dashboards.</p>"
     },
     "Arn":{"type":"string"},
     "ArnList":{
@@ -2839,7 +2850,7 @@
           "documentation":"<p>A description for a column.</p>"
         }
       },
-      "documentation":"<p>A tag for a column in a <a>TagColumnOperation</a> structure. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.</p>"
+      "documentation":"<p>A tag for a column in a <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_TagColumnOperation.html\">TagColumnOperation</a> </code> structure. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.</p>"
     },
     "ColumnTagList":{
       "type":"list",
@@ -2906,7 +2917,7 @@
         },
         "AccountCustomization":{
           "shape":"AccountCustomization",
-          "documentation":"<p>The Amazon QuickSight customizations you're adding in the current Amazon Web Services Region. You can add these to an Amazon Web Services account and a Amazon QuickSight namespace. </p> <p>For example, you can add a default theme by setting <code>AccountCustomization</code> to the midnight theme: <code>\"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight::aws:theme/MIDNIGHT\" }</code>. Or, you can add a custom theme by specifying <code>\"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight:us-west-2:111122223333:theme/bdb844d0-0fe9-4d9d-b520-0fe602d93639\" }</code>. </p>"
+          "documentation":"<p>The Amazon QuickSight customizations you're adding in the current Amazon Web Services Region. You can add these to an Amazon Web Services account and a QuickSight namespace. </p> <p>For example, you can add a default theme by setting <code>AccountCustomization</code> to the midnight theme: <code>\"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight::aws:theme/MIDNIGHT\" }</code>. Or, you can add a custom theme by specifying <code>\"AccountCustomization\": { \"DefaultTheme\": \"arn:aws:quicksight:us-west-2:111122223333:theme/bdb844d0-0fe9-4d9d-b520-0fe602d93639\" }</code>. </p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -3045,7 +3056,7 @@
         },
         "DashboardId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The ID for the dashboard, also added to the IAMpolicy.</p>",
+          "documentation":"<p>The ID for the dashboard, also added to the IAM policy.</p>",
           "location":"uri",
           "locationName":"DashboardId"
         },
@@ -3059,11 +3070,11 @@
         },
         "Permissions":{
           "shape":"ResourcePermissionList",
-          "documentation":"<p>A structure that contains the permissions of the dashboard. You can use this structure for granting permissions by providing a list of IAMaction information for each principal ARN. </p> <p>To specify no permissions, omit the permissions list.</p>"
+          "documentation":"<p>A structure that contains the permissions of the dashboard. You can use this structure for granting permissions by providing a list of IAM action information for each principal ARN. </p> <p>To specify no permissions, omit the permissions list.</p>"
         },
         "SourceEntity":{
           "shape":"DashboardSourceEntity",
-          "documentation":"<p>The entity that you are using as a source when you create the dashboard. In <code>SourceEntity</code>, you specify the type of object you're using as source. You can only create a dashboard from a template, so you use a <code>SourceTemplate</code> entity. If you need to create a dashboard from an analysis, first convert the analysis to a template by using the <a>CreateTemplate</a> API operation. For <code>SourceTemplate</code>, specify the Amazon Resource Name (ARN) of the source template. The <code>SourceTemplate</code>ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region. </p> <p>Use the <code>DataSetReferences</code> entity within <code>SourceTemplate</code> to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder. </p>"
+          "documentation":"<p>The entity that you are using as a source when you create the dashboard. In <code>SourceEntity</code>, you specify the type of object you're using as source. You can only create a dashboard from a template, so you use a <code>SourceTemplate</code> entity. If you need to create a dashboard from an analysis, first convert the analysis to a template by using the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_CreateTemplate.html\">CreateTemplate</a> </code> API operation. For <code>SourceTemplate</code>, specify the Amazon Resource Name (ARN) of the source template. The <code>SourceTemplate</code>ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region. </p> <p>Use the <code>DataSetReferences</code> entity within <code>SourceTemplate</code> to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder. </p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -3171,7 +3182,7 @@
         },
         "ColumnLevelPermissionRules":{
           "shape":"ColumnLevelPermissionRuleList",
-          "documentation":"<p>A set of one or more definitions of a <code> <a>ColumnLevelPermissionRule</a> </code>.</p>"
+          "documentation":"<p>A set of one or more definitions of a <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ColumnLevelPermissionRule.html\">ColumnLevelPermissionRule</a> </code>.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -3300,13 +3311,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS Account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         },
@@ -3329,7 +3340,7 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of the folder membership. If succeeded, the status is <code>SC_OK (200)</code>.</p>"
+          "documentation":"<p>The HTTP status of the request.</p>"
         },
         "FolderMember":{
           "shape":"FolderMember",
@@ -3337,7 +3348,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -3350,13 +3361,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS Account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account where you want to create the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         },
@@ -3387,7 +3398,7 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of the newly created folder. If succeeded, the status is <code>SC_OK (200)</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "Arn":{
@@ -3518,7 +3529,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The ID of the Amazon Web Services account where you want to assign an IAMpolicy to Amazon QuickSight users or groups.</p>",
+          "documentation":"<p>The ID of the Amazon Web Services account where you want to assign an IAM policy to Amazon QuickSight users or groups.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -3532,7 +3543,7 @@
         },
         "PolicyArn":{
           "shape":"Arn",
-          "documentation":"<p>The ARN for the IAMpolicy to apply to the Amazon QuickSight users and groups specified in this assignment.</p>"
+          "documentation":"<p>The ARN for the IAM policy to apply to the Amazon QuickSight users and groups specified in this assignment.</p>"
         },
         "Identities":{
           "shape":"IdentityMap",
@@ -3563,11 +3574,11 @@
         },
         "PolicyArn":{
           "shape":"Arn",
-          "documentation":"<p>The ARN for the IAMpolicy that is applied to the Amazon QuickSight users and groups specified in this assignment.</p>"
+          "documentation":"<p>The ARN for the IAM policy that is applied to the Amazon QuickSight users and groups specified in this assignment.</p>"
         },
         "Identities":{
           "shape":"IdentityMap",
-          "documentation":"<p>The Amazon QuickSight users, groups, or both that the IAMpolicy is assigned to.</p>"
+          "documentation":"<p>The Amazon QuickSight users, groups, or both that the IAM policy is assigned to.</p>"
         },
         "RequestId":{
           "shape":"String",
@@ -3902,7 +3913,7 @@
         },
         "BaseThemeId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use <code>ListThemes</code> or choose <b>Themes</b> from within a Amazon QuickSight analysis. </p>"
+          "documentation":"<p>The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use <code>ListThemes</code> or choose <b>Themes</b> from within an analysis. </p>"
         },
         "VersionDescription":{
           "shape":"VersionDescription",
@@ -4367,7 +4378,7 @@
         },
         "ColumnLevelPermissionRules":{
           "shape":"ColumnLevelPermissionRuleList",
-          "documentation":"<p>A set of one or more definitions of a <code> <a>ColumnLevelPermissionRule</a> </code>.</p>"
+          "documentation":"<p>A set of one or more definitions of a <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ColumnLevelPermissionRule.html\">ColumnLevelPermissionRule</a> </code>.</p>"
         },
         "DataSetUsageConfiguration":{
           "shape":"DataSetUsageConfiguration",
@@ -4568,7 +4579,7 @@
       "members":{
         "CredentialPair":{
           "shape":"CredentialPair",
-          "documentation":"<p>Credential pair. For more information, see <a>CredentialPair</a>.</p>"
+          "documentation":"<p>Credential pair. For more information, see <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_CredentialPair.html\">CredentialPair</a> </code>.</p>"
         },
         "CopySourceArn":{
           "shape":"CopySourceArn",
@@ -4692,7 +4703,14 @@
           "shape":"TwitterParameters",
           "documentation":"<p>The parameters for Twitter.</p>"
         },
-        "AmazonOpenSearchParameters":{"shape":"AmazonOpenSearchParameters"}
+        "AmazonOpenSearchParameters":{
+          "shape":"AmazonOpenSearchParameters",
+          "documentation":"<p>The parameters for OpenSearch.</p>"
+        },
+        "ExasolParameters":{
+          "shape":"ExasolParameters",
+          "documentation":"<p>The parameters for Exasol.</p>"
+        }
       },
       "documentation":"<p>The parameters that Amazon QuickSight uses to connect to your underlying data source. This is a variant type structure. For this structure to be valid, only one of the attributes can be non-null.</p>"
     },
@@ -4728,7 +4746,8 @@
         "TERADATA",
         "TWITTER",
         "TIMESTREAM",
-        "AMAZON_OPENSEARCH"
+        "AMAZON_OPENSEARCH",
+        "EXASOL"
       ]
     },
     "Database":{
@@ -5019,7 +5038,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS Account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -5048,11 +5067,11 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of deleting the asset. If succeeded, the status is <code>SC_OK (200)</code>.</p>"
+          "documentation":"<p>The HTTP status of the request.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -5065,13 +5084,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS Account ID for the folder.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         }
@@ -5082,7 +5101,7 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of deleting the folder. If succeeded, the status is <code>SC_OK (200)</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "Arn":{
@@ -5091,11 +5110,11 @@
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -5200,7 +5219,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The Amazon Web Services account ID where you want to delete the IAMpolicy assignment.</p>",
+          "documentation":"<p>The Amazon Web Services account ID where you want to delete the IAM policy assignment.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -5638,7 +5657,7 @@
       "members":{
         "AccountSettings":{
           "shape":"AccountSettings",
-          "documentation":"<p>The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription. In the Amazon QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a Amazon QuickSight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.</p>"
+          "documentation":"<p>The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription. In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.</p>"
         },
         "RequestId":{
           "shape":"String",
@@ -5752,7 +5771,7 @@
         },
         "DashboardId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The ID for the dashboard, also added to the IAMpolicy.</p>",
+          "documentation":"<p>The ID for the dashboard, also added to the IAM policy.</p>",
           "location":"uri",
           "locationName":"DashboardId"
         }
@@ -5781,6 +5800,10 @@
         "RequestId":{
           "shape":"String",
           "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
+        },
+        "LinkSharingConfiguration":{
+          "shape":"LinkSharingConfiguration",
+          "documentation":"<p>A structure that contains the configuration of a shareable link that grants access to the dashboard. Your users can use the link to view and interact with the dashboard, if the dashboard has been shared with them. For more information about sharing dashboards, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/sharing-a-dashboard.html\">Sharing Dashboards</a>.</p>"
         }
       }
     },
@@ -6016,13 +6039,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS Account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         }
@@ -6033,12 +6056,12 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "Arn":{
           "shape":"Arn",
@@ -6050,7 +6073,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -6063,13 +6086,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         }
@@ -6084,13 +6107,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         }
@@ -6101,24 +6124,24 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code> </p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the folder.</p>"
         },
         "Permissions":{
           "shape":"ResourcePermissionList",
-          "documentation":"<p>Information about the permissions on the dashboard.</p>"
+          "documentation":"<p>Information about the permissions for the folder.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -6127,7 +6150,7 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK (200)</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "Folder":{
@@ -6136,7 +6159,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -6219,7 +6242,7 @@
       "members":{
         "IAMPolicyAssignment":{
           "shape":"IAMPolicyAssignment",
-          "documentation":"<p>Information describing the IAMpolicy assignment.</p>"
+          "documentation":"<p>Information describing the IAM policy assignment.</p>"
         },
         "RequestId":{
           "shape":"String",
@@ -6284,7 +6307,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>Your AWS account ID.</p>",
+          "documentation":"<p>The ID of the Amazon Web Services account that contains the IP rules.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         }
@@ -6295,23 +6318,23 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>Your AWS account ID.</p>"
+          "documentation":"<p>The ID of the Amazon Web Services account that contains the IP rules.</p>"
         },
         "IpRestrictionRuleMap":{
           "shape":"IpRestrictionRuleMap",
-          "documentation":"<p>Describes the IP rules with CIDR range and description.</p>"
+          "documentation":"<p>A map that describes the IP rules with CIDR range and description.</p>"
         },
         "Enabled":{
           "shape":"NullableBoolean",
-          "documentation":"<p>Whether or not IP rules are enabled.</p>"
+          "documentation":"<p>A value that specifies whether IP rules are turned on.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The ID of the describe request.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         },
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of a set of IP restrictions. A successful request returns a 200 status code.</p>",
+          "documentation":"<p>The HTTP status of the request. </p>",
           "location":"statusCode"
         }
       }
@@ -6755,6 +6778,24 @@
       },
       "documentation":"<p>Error information for the SPICE ingestion of a dataset.</p>"
     },
+    "ExasolParameters":{
+      "type":"structure",
+      "required":[
+        "Host",
+        "Port"
+      ],
+      "members":{
+        "Host":{
+          "shape":"Host",
+          "documentation":"<p>The hostname or IP address of the Exasol data source.</p>"
+        },
+        "Port":{
+          "shape":"Port",
+          "documentation":"<p>The port for the Exasol data source.</p>"
+        }
+      },
+      "documentation":"<p>The required parameters for connecting to an Exasol data source.</p>"
+    },
     "ExceptionResourceType":{
       "type":"string",
       "enum":[
@@ -6843,11 +6884,11 @@
       "members":{
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The folder Amazon Resource Name (ARN).</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the folder.</p>"
         },
         "Name":{
           "shape":"FolderName",
@@ -6855,11 +6896,11 @@
         },
         "FolderType":{
           "shape":"FolderType",
-          "documentation":"<p>The type of the folder.</p>"
+          "documentation":"<p>The type of folder it is.</p>"
         },
         "FolderPath":{
           "shape":"Path",
-          "documentation":"<p>An array of ancestor folder ARN strings.</p>"
+          "documentation":"<p>An array of ancestor ARN strings for the folder.</p>"
         },
         "CreatedTime":{
           "shape":"Timestamp",
@@ -6870,7 +6911,7 @@
           "documentation":"<p>The time that the folder was last updated.</p>"
         }
       },
-      "documentation":"<p>A folder.</p>"
+      "documentation":"<p>A folder in Amazon QuickSight.</p>"
     },
     "FolderColumnList":{
       "type":"list",
@@ -6886,14 +6927,14 @@
       "members":{
         "MemberId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The ID of the asset.</p>"
+          "documentation":"<p>The ID of an asset in the folder.</p>"
         },
         "MemberType":{
           "shape":"MemberType",
-          "documentation":"<p>The type of the asset.</p>"
+          "documentation":"<p>The type of asset that it is.</p>"
         }
       },
-      "documentation":"<p>An asset in a folder, such as a dashboard, analysis, or dataset.</p>"
+      "documentation":"<p>An asset in a Amazon QuickSight folder, such as a dashboard, analysis, or dataset.</p>"
     },
     "FolderMemberList":{
       "type":"list",
@@ -6910,18 +6951,18 @@
       "members":{
         "Operator":{
           "shape":"FilterOperator",
-          "documentation":"<p>The comparison operator that you want to use as a filter. For example, <code>\"Operator\": \"StringEquals\"</code>.</p>"
+          "documentation":"<p>The comparison operator that you want to use in the filter. For example, <code>\"Operator\": \"StringEquals\"</code>.</p>"
         },
         "Name":{
           "shape":"FolderFilterAttribute",
-          "documentation":"<p>The name of the value that you want to use as a filter. For example, <code>\"Name\": \"PARENT_FOLDER_ARN\"</code>.</p>"
+          "documentation":"<p>The name of a value that you want to use in the filter. For example, <code>\"Name\": \"PARENT_FOLDER_ARN\"</code>.</p>"
         },
         "Value":{
           "shape":"String",
           "documentation":"<p>The value of the named item (in this example, <code>PARENT_FOLDER_ARN</code>), that you want to use as a filter. For example, <code>\"Value\": \"arn:aws:quicksight:us-east-1:1:folder/folderId\"</code>.</p>"
         }
       },
-      "documentation":"<p>Searches a folder by a filter.</p>"
+      "documentation":"<p>A filter to use to search a Amazon QuickSight folder.</p>"
     },
     "FolderSearchFilterList":{
       "type":"list",
@@ -6933,11 +6974,11 @@
       "members":{
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the folder.</p>"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "Name":{
           "shape":"FolderName",
@@ -6956,7 +6997,7 @@
           "documentation":"<p>The time that the folder was last updated.</p>"
         }
       },
-      "documentation":"<p>A summary of the folder. </p>"
+      "documentation":"<p>A summary of information about an existing Amazon QuickSight folder. </p>"
     },
     "FolderSummaryList":{
       "type":"list",
@@ -7051,7 +7092,7 @@
         },
         "ExperienceConfiguration":{
           "shape":"RegisteredUserEmbeddingExperienceConfiguration",
-          "documentation":"<p>The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards, the entire Amazon QuickSight console, or the Amazon QuickSight Q search bar.</p>"
+          "documentation":"<p>The experience you are embedding. For registered users, you can embed Amazon QuickSight dashboards or the entire Amazon QuickSight console.</p>"
         }
       }
     },
@@ -7065,7 +7106,7 @@
       "members":{
         "EmbedUrl":{
           "shape":"EmbeddingUrl",
-          "documentation":"<p>The embed URL for the Amazon QuickSight dashboard, console, or Q search bar.</p>"
+          "documentation":"<p>The embed URL for the Amazon QuickSight dashboard or console.</p>"
         },
         "Status":{
           "shape":"StatusCode",
@@ -7169,7 +7210,7 @@
         },
         "UserArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon QuickSight user's Amazon Resource Name (ARN), for use with <code>QUICKSIGHT</code> identity type. You can use this for any Amazon QuickSight users in your account (readers, authors, or admins) authenticated as one of the following:</p> <ul> <li> <p>Active Directory (AD) users or group members</p> </li> <li> <p>Invited nonfederated users</p> </li> <li> <p>IAMusers and IAMrole-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAMfederation.</p> </li> </ul> <p>Omit this parameter for users in the third group – IAMusers and IAM role-based sessions.</p>",
+          "documentation":"<p>The Amazon QuickSight user's Amazon Resource Name (ARN), for use with <code>QUICKSIGHT</code> identity type. You can use this for any Amazon QuickSight users in your account (readers, authors, or admins) authenticated as one of the following:</p> <ul> <li> <p>Active Directory (AD) users or group members</p> </li> <li> <p>Invited nonfederated users</p> </li> <li> <p>IAM users and IAM role-based sessions authenticated through Federated Single Sign-On using SAML, OpenID Connect, or IAM federation.</p> </li> </ul> <p>Omit this parameter for users in the third group – IAM users and IAM role-based sessions.</p>",
           "location":"querystring",
           "locationName":"user-arn"
         },
@@ -7181,7 +7222,7 @@
         },
         "AdditionalDashboardIds":{
           "shape":"AdditionalDashboardIdList",
-          "documentation":"<p>A list of one or more dashboard IDs that you want to add to a session that includes anonymous users. The <code>IdentityType</code> parameter must be set to <code>ANONYMOUS</code> for this to work, because other identity types authenticate as Amazon QuickSight or IAMusers. For example, if you set \"<code>--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS</code>\", the session can access all three dashboards. </p>",
+          "documentation":"<p>A list of one or more dashboard IDs that you want to add to a session that includes anonymous users. The <code>IdentityType</code> parameter must be set to <code>ANONYMOUS</code> for this to work, because other identity types authenticate as Amazon QuickSight or IAM users. For example, if you set \"<code>--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS</code>\", the session can access all three dashboards. </p>",
           "location":"querystring",
           "locationName":"additional-dashboard-ids"
         }
@@ -7351,7 +7392,7 @@
         },
         "PolicyArn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the IAMpolicy.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM policy.</p>"
         },
         "Identities":{
           "shape":"IdentityMap",
@@ -7381,7 +7422,7 @@
           "documentation":"<p>Assignment status.</p>"
         }
       },
-      "documentation":"<p>IAMpolicy assignment summary.</p>"
+      "documentation":"<p>IAM policy assignment summary.</p>"
     },
     "IAMPolicyAssignmentSummaryList":{
       "type":"list",
@@ -7774,6 +7815,16 @@
       "error":{"httpStatusCode":409},
       "exception":true
     },
+    "LinkSharingConfiguration":{
+      "type":"structure",
+      "members":{
+        "Permissions":{
+          "shape":"ResourcePermissionList",
+          "documentation":"<p>A structure that contains the permissions of a shareable link.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the configuration of a shareable link to the dashboard.</p>"
+    },
     "ListAnalysesRequest":{
       "type":"structure",
       "required":["AwsAccountId"],
@@ -8027,13 +8078,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         },
@@ -8057,7 +8108,7 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code> </p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "FolderMemberList":{
@@ -8070,7 +8121,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -8080,7 +8131,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -8104,12 +8155,12 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code> </p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "FolderSummaryList":{
           "shape":"FolderSummaryList",
-          "documentation":"<p>A structure that contains all of the folders in your AWS account. This structure provides basic information about the folders.</p>"
+          "documentation":"<p>A structure that contains all of the folders in the Amazon Web Services account. This structure provides basic information about the folders.</p>"
         },
         "NextToken":{
           "shape":"String",
@@ -8117,7 +8168,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -8312,7 +8363,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The ID of the Amazon Web Services account that contains these IAMpolicy assignments.</p>",
+          "documentation":"<p>The ID of the Amazon Web Services account that contains these IAM policy assignments.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -8346,7 +8397,7 @@
       "members":{
         "IAMPolicyAssignments":{
           "shape":"IAMPolicyAssignmentSummaryList",
-          "documentation":"<p>Information describing the IAMpolicy assignments.</p>"
+          "documentation":"<p>Information describing the IAM policy assignments.</p>"
         },
         "NextToken":{
           "shape":"String",
@@ -9071,7 +9122,7 @@
           "documentation":"<p>The Amazon Resource Name (ARN) of the member.</p>"
         }
       },
-      "documentation":"<p>An object that consists of the member Amazon Resource Name (ARN) and member ID.</p>"
+      "documentation":"<p>An object that consists of a member Amazon Resource Name (ARN) and a member ID.</p>"
     },
     "MemberType":{
       "type":"string",
@@ -9488,7 +9539,7 @@
       "members":{
         "IdentityType":{
           "shape":"IdentityType",
-          "documentation":"<p>Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts two values:</p> <ul> <li> <p> <code>IAM</code>: A user whose identity maps to an existing IAMuser or role. </p> </li> <li> <p> <code>QUICKSIGHT</code>: A user whose identity is owned and managed internally by Amazon QuickSight. </p> </li> </ul>"
+          "documentation":"<p>Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts two values:</p> <ul> <li> <p> <code>IAM</code>: A user whose identity maps to an existing IAM user or role. </p> </li> <li> <p> <code>QUICKSIGHT</code>: A user whose identity is owned and managed internally by Amazon QuickSight. </p> </li> </ul>"
         },
         "Email":{
           "shape":"String",
@@ -9500,11 +9551,11 @@
         },
         "IamArn":{
           "shape":"String",
-          "documentation":"<p>The ARN of the IAMuser or role that you are registering with Amazon QuickSight. </p>"
+          "documentation":"<p>The ARN of the IAM user or role that you are registering with Amazon QuickSight. </p>"
         },
         "SessionName":{
           "shape":"RoleSessionName",
-          "documentation":"<p>You need to use this parameter only when you register one or more users using an assumed IAMrole. You don't need to provide the session name for other scenarios, for example when you are registering an IAMuser or an Amazon QuickSight user. You can register multiple users using the same IAMrole if each user has a different session name. For more information on assuming IAMroles, see <a href=\"https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html\"> <code>assume-role</code> </a> in the <i>AWS CLI Reference.</i> </p>"
+          "documentation":"<p>You need to use this parameter only when you register one or more users using an assumed IAM role. You don't need to provide the session name for other scenarios, for example when you are registering an IAM user or an Amazon QuickSight user. You can register multiple users using the same IAM role if each user has a different session name. For more information on assuming IAM roles, see <a href=\"https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html\"> <code>assume-role</code> </a> in the <i>CLI Reference.</i> </p>"
         },
         "AwsAccountId":{
           "shape":"AwsAccountId",
@@ -9524,7 +9575,7 @@
         },
         "CustomPermissionsName":{
           "shape":"RoleName",
-          "documentation":"<p>(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:</p> <ul> <li> <p>Create and update data sources</p> </li> <li> <p>Create and update datasets</p> </li> <li> <p>Create and update email reports</p> </li> <li> <p>Subscribe to email reports</p> </li> </ul> <p>To add custom permissions to an existing user, use <code> <a>UpdateUser</a> </code> instead.</p> <p>A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the <code>RegisterUser</code> API operation to assign the named set of permissions to a Amazon QuickSight user. </p> <p>Amazon QuickSight custom permissions are applied through IAMpolicies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).</p> <p>This feature is available only to Amazon QuickSight Enterprise edition subscriptions.</p>"
+          "documentation":"<p>(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:</p> <ul> <li> <p>Create and update data sources</p> </li> <li> <p>Create and update datasets</p> </li> <li> <p>Create and update email reports</p> </li> <li> <p>Subscribe to email reports</p> </li> </ul> <p>To add custom permissions to an existing user, use <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateUser.html\">UpdateUser</a> </code> instead.</p> <p>A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the <code>RegisterUser</code> API operation to assign the named set of permissions to a QuickSight user. </p> <p>Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).</p> <p>This feature is available only to Amazon QuickSight Enterprise edition subscriptions.</p>"
         },
         "ExternalLoginFederationProviderType":{
           "shape":"String",
@@ -9582,14 +9633,14 @@
         },
         "QuickSightConsole":{
           "shape":"RegisteredUserQuickSightConsoleEmbeddingConfiguration",
-          "documentation":"<p>The configuration details for providing an Amazon QuickSight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> in the <i>Amazon QuickSight User Guide</i>.</p> <p>Use <code>GenerateEmbedUrlForRegisteredUser</code> where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon QuickSight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the <code> <a>UpdateUser</a> </code> API operation. Use <code> <a>RegisterUser</a> </code> API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the <i>Amazon QuickSight User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.html\">Embedding the Full Functionality of the Amazon QuickSight Console for Authenticated Users</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> </p> </li> </ul> <p>For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-portal.html\">Amazon QuickSight Developer Portal</a>.</p>"
+          "documentation":"<p>The configuration details for providing each Amazon QuickSight console embedding experience. This can be used along with custom permissions to restrict access to certain features. For more information, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> in the <i>Amazon QuickSight User Guide</i>.</p> <p>Use <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_GenerateEmbedUrlForRegisteredUser.html\">GenerateEmbedUrlForRegisteredUser</a> </code> where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who accesses an embedded Amazon QuickSight console needs to belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdateUser.html\">UpdateUser</a> </code> API operation. Use the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_RegisterUser.html\">RegisterUser</a> </code> API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the <i>Amazon QuickSight User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics-full-console-for-authenticated-users.html\">Embedding the Full Functionality of the Amazon QuickSight Console for Authenticated Users</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/customizing-permissions-to-the-quicksight-console.html\">Customizing Access to the Amazon QuickSight Console</a> </p> </li> </ul> <p>For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-portal.html\">Amazon QuickSight Developer Portal</a>.</p>"
         },
         "QSearchBar":{
           "shape":"RegisteredUserQSearchBarEmbeddingConfiguration",
           "documentation":"<p>The configuration details for embedding the Q search bar.</p> <p>For more information about embedding the Q search bar, see <a href=\"https://docs.aws.amazon.com/quicksight/latest/user/embedding-overview.html\">Embedding Overview</a>.</p>"
         }
       },
-      "documentation":"<p>The type of experience you want to embed. For registered users, you can embed an Amazon QuickSight dashboard or the Amazon QuickSight console.</p> <note> <p>Exactly one of the experience configurations is required. You can choose <code>Dashboard</code> or <code>QuickSightConsole</code>. You cannot choose more than one experience configuraton.</p> </note>"
+      "documentation":"<p>The type of experience you want to embed. For registered users, you can embed Amazon QuickSight dashboards or the Amazon QuickSight console.</p> <note> <p>Exactly one of the experience configurations is required. You can choose <code>Dashboard</code> or <code>QuickSightConsole</code>. You cannot choose more than one experience configuration.</p> </note>"
     },
     "RegisteredUserQSearchBarEmbeddingConfiguration":{
       "type":"structure",
@@ -9722,11 +9773,11 @@
       "members":{
         "Principal":{
           "shape":"Principal",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the principal. This can be one of the following:</p> <ul> <li> <p>The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)</p> </li> <li> <p>The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)</p> </li> <li> <p>The ARN of an Amazon Web Services account root: This is an IAMARN rather than a Amazon QuickSight ARN. Use this option only to share resources (templates) across Amazon Web Services accounts. (This is less common.) </p> </li> </ul>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the principal. This can be one of the following:</p> <ul> <li> <p>The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)</p> </li> <li> <p>The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)</p> </li> <li> <p>The ARN of an Amazon Web Services account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across Amazon Web Services accounts. (This is less common.) </p> </li> </ul>"
         },
         "Actions":{
           "shape":"ActionList",
-          "documentation":"<p>The IAMaction to grant or revoke permissions on.</p>"
+          "documentation":"<p>The IAM action to grant or revoke permissions on.</p>"
         }
       },
       "documentation":"<p>Permission for the resource.</p>"
@@ -10095,7 +10146,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -10119,12 +10170,12 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "FolderSummaryList":{
           "shape":"FolderSummaryList",
-          "documentation":"<p>A structure that contains all of the folders in your AWS account. This structure provides basic information about the folders.</p>"
+          "documentation":"<p>A structure that contains all of the folders in the Amazon Web Services account. This structure provides basic information about the folders.</p>"
         },
         "NextToken":{
           "shape":"String",
@@ -10132,7 +10183,7 @@
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -11113,7 +11164,7 @@
           "documentation":"<p>The Amazon Web Services request ID for this request.</p>"
         }
       },
-      "documentation":"<p>This error indicates that you are calling an embedding operation in Amazon QuickSight without the required pricing plan on your Amazon Web Services account. Before you can use embedding for anonymous users, a Amazon QuickSight administrator needs to add capacity pricing to Amazon QuickSight. You can do this on the <b>Manage Amazon QuickSight</b> page. </p> <p>After capacity pricing is added, you can use the <a>GetDashboardEmbedUrl</a> API operation with the <code>--identity-type ANONYMOUS</code> option.</p>",
+      "documentation":"<p>This error indicates that you are calling an embedding operation in Amazon QuickSight without the required pricing plan on your Amazon Web Services account. Before you can use embedding for anonymous users, a QuickSight administrator needs to add capacity pricing to Amazon QuickSight. You can do this on the <b>Manage Amazon QuickSight</b> page. </p> <p>After capacity pricing is added, you can use the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_GetDashboardEmbedUrl.html\">GetDashboardEmbedUrl</a> </code> API operation with the <code>--identity-type ANONYMOUS</code> option.</p>",
       "error":{"httpStatusCode":403},
       "exception":true
     },
@@ -11421,6 +11472,14 @@
         "RevokePermissions":{
           "shape":"UpdateResourcePermissionList",
           "documentation":"<p>The permissions that you want to revoke from this resource.</p>"
+        },
+        "GrantLinkPermissions":{
+          "shape":"UpdateLinkPermissionList",
+          "documentation":"<p>Grants link permissions to all users in a defined namespace.</p>"
+        },
+        "RevokeLinkPermissions":{
+          "shape":"UpdateLinkPermissionList",
+          "documentation":"<p>Revokes link permissions from all users in a defined namespace.</p>"
         }
       }
     },
@@ -11447,6 +11506,10 @@
           "shape":"StatusCode",
           "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
+        },
+        "LinkSharingConfiguration":{
+          "shape":"LinkSharingConfiguration",
+          "documentation":"<p>Updates the permissions of a shared link to an Amazon QuickSight dashboard.</p>"
         }
       }
     },
@@ -11527,7 +11590,7 @@
         },
         "SourceEntity":{
           "shape":"DashboardSourceEntity",
-          "documentation":"<p>The entity that you are using as a source when you update the dashboard. In <code>SourceEntity</code>, you specify the type of object you're using as source. You can only update a dashboard from a template, so you use a <code>SourceTemplate</code> entity. If you need to update a dashboard from an analysis, first convert the analysis to a template by using the <a>CreateTemplate</a> API operation. For <code>SourceTemplate</code>, specify the Amazon Resource Name (ARN) of the source template. The <code>SourceTemplate</code> ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region. </p> <p>Use the <code>DataSetReferences</code> entity within <code>SourceTemplate</code> to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder. </p>"
+          "documentation":"<p>The entity that you are using as a source when you update the dashboard. In <code>SourceEntity</code>, you specify the type of object you're using as source. You can only update a dashboard from a template, so you use a <code>SourceTemplate</code> entity. If you need to update a dashboard from an analysis, first convert the analysis to a template by using the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_CreateTemplate.html\">CreateTemplate</a> </code> API operation. For <code>SourceTemplate</code>, specify the Amazon Resource Name (ARN) of the source template. The <code>SourceTemplate</code> ARN can contain any Amazon Web Services account and any Amazon QuickSight-supported Amazon Web Services Region. </p> <p>Use the <code>DataSetReferences</code> entity within <code>SourceTemplate</code> to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder. </p>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -11683,7 +11746,7 @@
         },
         "ColumnLevelPermissionRules":{
           "shape":"ColumnLevelPermissionRuleList",
-          "documentation":"<p>A set of one or more definitions of a <code> <a>ColumnLevelPermissionRule</a> </code>.</p>"
+          "documentation":"<p>A set of one or more definitions of a <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_ColumnLevelPermissionRule.html\">ColumnLevelPermissionRule</a> </code>.</p>"
         },
         "DataSetUsageConfiguration":{"shape":"DataSetUsageConfiguration"}
       }
@@ -11846,13 +11909,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder to update.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         },
@@ -11871,23 +11934,23 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code>.</p>"
+          "documentation":"<p>The HTTP status of the request.</p>"
         },
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the folder.</p>"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "Permissions":{
           "shape":"ResourcePermissionList",
-          "documentation":"<p>Information about the permissions on the dashboard.</p>"
+          "documentation":"<p>Information about the permissions for the folder.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -11901,13 +11964,13 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The AWS account ID.</p>",
+          "documentation":"<p>The ID for the Amazon Web Services account that contains the folder to update.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>",
+          "documentation":"<p>The ID of the folder.</p>",
           "location":"uri",
           "locationName":"FolderId"
         },
@@ -11922,20 +11985,20 @@
       "members":{
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status. If succeeded, the status is <code>SC_OK</code>.</p>",
+          "documentation":"<p>The HTTP status of the request.</p>",
           "location":"statusCode"
         },
         "Arn":{
           "shape":"Arn",
-          "documentation":"<p>The Amazon Resource Name (ARN).</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the folder.</p>"
         },
         "FolderId":{
           "shape":"RestrictiveResourceId",
-          "documentation":"<p>The folder ID.</p>"
+          "documentation":"<p>The ID of the folder.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The request ID.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         }
       }
     },
@@ -11999,7 +12062,7 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>The ID of the Amazon Web Services account that contains the IAMpolicy assignment. </p>",
+          "documentation":"<p>The ID of the Amazon Web Services account that contains the IAM policy assignment. </p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
@@ -12021,7 +12084,7 @@
         },
         "PolicyArn":{
           "shape":"Arn",
-          "documentation":"<p>The ARN for the IAMpolicy to apply to the Amazon QuickSight users and groups specified in this assignment.</p>"
+          "documentation":"<p>The ARN for the IAM policy to apply to the Amazon QuickSight users and groups specified in this assignment.</p>"
         },
         "Identities":{
           "shape":"IdentityMap",
@@ -12042,11 +12105,11 @@
         },
         "PolicyArn":{
           "shape":"Arn",
-          "documentation":"<p>The ARN for the IAMpolicy applied to the Amazon QuickSight users and groups specified in this assignment.</p>"
+          "documentation":"<p>The ARN for the IAM policy applied to the Amazon QuickSight users and groups specified in this assignment.</p>"
         },
         "Identities":{
           "shape":"IdentityMap",
-          "documentation":"<p>The Amazon QuickSight users, groups, or both that the IAMpolicy is assigned to.</p>"
+          "documentation":"<p>The Amazon QuickSight users, groups, or both that the IAM policy is assigned to.</p>"
         },
         "AssignmentStatus":{
           "shape":"AssignmentStatus",
@@ -12069,17 +12132,17 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>Your AWS account ID.</p>",
+          "documentation":"<p>The ID of the Amazon Web Services account that contains the IP rules.</p>",
           "location":"uri",
           "locationName":"AwsAccountId"
         },
         "IpRestrictionRuleMap":{
           "shape":"IpRestrictionRuleMap",
-          "documentation":"<p>Describes updated IP rules.</p>"
+          "documentation":"<p>A map that describes the updated IP rules with CIDR ranges and descriptions.</p>"
         },
         "Enabled":{
           "shape":"NullableBoolean",
-          "documentation":"<p>Whether or not IP rules are enabled.</p>"
+          "documentation":"<p>A value that specifies whether IP rules are turned on.</p>"
         }
       }
     },
@@ -12088,19 +12151,24 @@
       "members":{
         "AwsAccountId":{
           "shape":"AwsAccountId",
-          "documentation":"<p>Your AWS account ID.</p>"
+          "documentation":"<p>The ID of the Amazon Web Services account that contains the IP rules.</p>"
         },
         "RequestId":{
           "shape":"String",
-          "documentation":"<p>The ID of the update request.</p>"
+          "documentation":"<p>The Amazon Web Services request ID for this operation.</p>"
         },
         "Status":{
           "shape":"StatusCode",
-          "documentation":"<p>The status of the updated IP rules. A successful request returns a 200 code.</p>",
+          "documentation":"<p>The HTTP status of the request. </p>",
           "location":"statusCode"
         }
       }
     },
+    "UpdateLinkPermissionList":{
+      "type":"list",
+      "member":{"shape":"ResourcePermission"},
+      "max":2
+    },
     "UpdateResourcePermissionList":{
       "type":"list",
       "member":{"shape":"ResourcePermission"},
@@ -12488,7 +12556,7 @@
         },
         "CustomPermissionsName":{
           "shape":"RoleName",
-          "documentation":"<p>(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:</p> <ul> <li> <p>Create and update data sources</p> </li> <li> <p>Create and update datasets</p> </li> <li> <p>Create and update email reports</p> </li> <li> <p>Subscribe to email reports</p> </li> </ul> <p>A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the <code>RegisterUser</code> API operation to assign the named set of permissions to a Amazon QuickSight user. </p> <p>Amazon QuickSight custom permissions are applied through IAMpolicies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).</p> <p>This feature is available only to Amazon QuickSight Enterprise edition subscriptions.</p>"
+          "documentation":"<p>(Enterprise edition only) The name of the custom permissions profile that you want to assign to this user. Customized permissions allows you to control a user's access by restricting access the following operations:</p> <ul> <li> <p>Create and update data sources</p> </li> <li> <p>Create and update datasets</p> </li> <li> <p>Create and update email reports</p> </li> <li> <p>Subscribe to email reports</p> </li> </ul> <p>A set of custom permissions includes any combination of these restrictions. Currently, you need to create the profile names for custom permission sets by using the Amazon QuickSight console. Then, you use the <code>RegisterUser</code> API operation to assign the named set of permissions to a QuickSight user. </p> <p>Amazon QuickSight custom permissions are applied through IAM policies. Therefore, they override the permissions typically granted by assigning Amazon QuickSight users to one of the default security cohorts in Amazon QuickSight (admin, author, reader).</p> <p>This feature is available only to Amazon QuickSight Enterprise edition subscriptions.</p>"
         },
         "UnapplyCustomPermissions":{
           "shape":"Boolean",
@@ -12496,7 +12564,7 @@
         },
         "ExternalLoginFederationProviderType":{
           "shape":"String",
-          "documentation":"<p>The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.</p> <ul> <li> <p> <code>COGNITO</code>: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the <code>COGNITO</code> provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.</p> </li> <li> <p> <code>CUSTOM_OIDC</code>: Custom OpenID Connect (OIDC) provider. When choosing <code>CUSTOM_OIDC</code> type, use the <code>CustomFederationProviderUrl</code> parameter to provide the custom OIDC provider URL.</p> </li> <li> <p> <code>NONE</code>: This clears all the previously saved external login information for a user. Use <code> <a>DescribeUser</a> </code> API to check the external login information.</p> </li> </ul>"
+          "documentation":"<p>The type of supported external login provider that provides identity to let a user federate into Amazon QuickSight with an associated Identity and Access Management(IAM) role. The type of supported external login provider can be one of the following.</p> <ul> <li> <p> <code>COGNITO</code>: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com. When choosing the <code>COGNITO</code> provider type, don’t use the \"CustomFederationProviderUrl\" parameter which is only needed when the external provider is custom.</p> </li> <li> <p> <code>CUSTOM_OIDC</code>: Custom OpenID Connect (OIDC) provider. When choosing <code>CUSTOM_OIDC</code> type, use the <code>CustomFederationProviderUrl</code> parameter to provide the custom OIDC provider URL.</p> </li> <li> <p> <code>NONE</code>: This clears all the previously saved external login information for a user. Use the <code> <a href=\"https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeUser.html\">DescribeUser</a> </code> API operation to check the external login information.</p> </li> </ul>"
         },
         "CustomFederationProviderUrl":{
           "shape":"String",
@@ -12563,7 +12631,7 @@
         },
         "UserName":{
           "shape":"UserName",
-          "documentation":"<p>The user's user name.</p>"
+          "documentation":"<p>The user's user name. In the output, the value for <code>UserName</code> is <code>N/A</code> when the value for <code>IdentityType</code> is <code>IAM</code> and the corresponding IAM user is deleted.</p>"
         },
         "Email":{
           "shape":"String",
@@ -12591,7 +12659,7 @@
         },
         "ExternalLoginFederationProviderType":{
           "shape":"String",
-          "documentation":"<p>The type of supported external login provider that provides identity to let the user federate into Amazon QuickSight with an associated IAMrole. The type can be one of the following.</p> <ul> <li> <p> <code>COGNITO</code>: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com.</p> </li> <li> <p> <code>CUSTOM_OIDC</code>: Custom OpenID Connect (OIDC) provider.</p> </li> </ul>"
+          "documentation":"<p>The type of supported external login provider that provides identity to let the user federate into Amazon QuickSight with an associated IAM role. The type can be one of the following.</p> <ul> <li> <p> <code>COGNITO</code>: Amazon Cognito. The provider URL is cognito-identity.amazonaws.com.</p> </li> <li> <p> <code>CUSTOM_OIDC</code>: Custom OpenID Connect (OIDC) provider.</p> </li> </ul>"
         },
         "ExternalLoginFederationProviderUrl":{
           "shape":"String",
diff --git a/contrib/python/botocore/py3/botocore/data/ram/2018-01-04/service-2.json b/contrib/python/botocore/py3/botocore/data/ram/2018-01-04/service-2.json
index 1f5ae1ecaa8..85422ad85ce 100644
--- a/contrib/python/botocore/py3/botocore/data/ram/2018-01-04/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ram/2018-01-04/service-2.json
@@ -32,7 +32,7 @@
         {"shape":"InvalidClientTokenException"},
         {"shape":"IdempotentParameterMismatchException"}
       ],
-      "documentation":"<p>Accepts an invitation to a resource share from another Amazon Web Services account.</p>"
+      "documentation":"<p>Accepts an invitation to a resource share from another Amazon Web Services account. After you accept the invitation, the resources included in the resource share are available to interact with in the relevant Amazon Web Services Management Consoles and tools.</p>"
     },
     "AssociateResourceShare":{
       "name":"AssociateResourceShare",
@@ -54,9 +54,10 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"},
-        {"shape":"UnknownResourceException"}
+        {"shape":"UnknownResourceException"},
+        {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Associates the specified resource share with the specified principals and resources.</p>"
+      "documentation":"<p>Adds the specified list of principals and list of resources to a resource share. Principals that already have access to this resource share immediately receive access to the added resources. Newly added principals immediately receive access to the resources shared in this resource share. </p>"
     },
     "AssociateResourceSharePermission":{
       "name":"AssociateResourceSharePermission",
@@ -75,7 +76,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Associates a permission with a resource share.</p>"
+      "documentation":"<p>Adds or replaces the RAM permission for a resource type included in a resource share. You can have exactly one permission associated with each resource type in the resource share. You can add a new RAM permission only if there are currently no resources of that resource type currently in the resource share.</p>"
     },
     "CreateResourceShare":{
       "name":"CreateResourceShare",
@@ -98,7 +99,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Creates a resource share. You must provide a list of the Amazon Resource Names (ARNs) for the resources you want to share. You must also specify who you want to share the resources with, and the permissions that you grant them.</p> <note> <p>Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.</p> </note>"
+      "documentation":"<p>Creates a resource share. You can provide a list of the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.</p> <note> <p>Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.</p> </note>"
     },
     "DeleteResourceShare":{
       "name":"DeleteResourceShare",
@@ -119,7 +120,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Deletes the specified resource share.</p>"
+      "documentation":"<p>Deletes the specified resource share. This doesn't delete any of the resources that were associated with the resource share; it only stops the sharing of those resources outside of the Amazon Web Services account that created them.</p>"
     },
     "DisassociateResourceShare":{
       "name":"DisassociateResourceShare",
@@ -161,7 +162,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"InvalidStateTransitionException"}
       ],
-      "documentation":"<p>Disassociates an RAM permission from a resource share.</p>"
+      "documentation":"<p>Disassociates an RAM permission from a resource share. Permission changes take effect immediately. You can remove a RAM permission from a resource share only if there are currently no resources of the relevant resource type currently attached to the resource share.</p>"
     },
     "EnableSharingWithAwsOrganization":{
       "name":"EnableSharingWithAwsOrganization",
@@ -176,7 +177,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Enables resource sharing within your organization in Organizations.</p> <p>The caller must be the master account for the organization.</p>"
+      "documentation":"<p>Enables resource sharing within your organization in Organizations. Calling this operation enables RAM to retrieve information about the organization and its structure. This lets you share resources with all of the accounts in an organization by specifying the organization's ID, or all of the accounts in an organizational unit (OU) by specifying the OU's ID. Until you enable sharing within the organization, you can specify only individual Amazon Web Services accounts, or for supported resource types, IAM users and roles.</p> <p>You must call this operation from an IAM user or role in the organization's management account.</p>"
     },
     "GetPermission":{
       "name":"GetPermission",
@@ -212,7 +213,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Gets the policies for the specified resources that you own and have shared.</p>"
+      "documentation":"<p>Retrieves the resource policies for the specified resources that you own and have shared.</p>"
     },
     "GetResourceShareAssociations":{
       "name":"GetResourceShareAssociations",
@@ -231,7 +232,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Gets the resources or principals for the resource shares that you own.</p>"
+      "documentation":"<p>Retrieves the resource and principal associations for resource shares that you own.</p>"
     },
     "GetResourceShareInvitations":{
       "name":"GetResourceShareInvitations",
@@ -251,7 +252,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Gets the invitations that you have received for resource shares.</p>"
+      "documentation":"<p>Retrieves details about invitations that you have received for resource shares.</p>"
     },
     "GetResourceShares":{
       "name":"GetResourceShares",
@@ -269,7 +270,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Gets the resource shares that you own or the resource shares that are shared with you.</p>"
+      "documentation":"<p>Retrieves details about the resource shares that you own or that are shared with you.</p>"
     },
     "ListPendingInvitationResources":{
       "name":"ListPendingInvitationResources",
@@ -290,7 +291,26 @@
         {"shape":"ResourceShareInvitationAlreadyRejectedException"},
         {"shape":"ResourceShareInvitationExpiredException"}
       ],
-      "documentation":"<p>Lists the resources in a resource share that is shared with you but that the invitation is still pending for.</p>"
+      "documentation":"<p>Lists the resources in a resource share that is shared with you but for which the invitation is still <code>PENDING</code>. That means that you haven't accepted or rejected the invitation and the invitation hasn't expired.</p>"
+    },
+    "ListPermissionVersions":{
+      "name":"ListPermissionVersions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/listpermissionversions"
+      },
+      "input":{"shape":"ListPermissionVersionsRequest"},
+      "output":{"shape":"ListPermissionVersionsResponse"},
+      "errors":[
+        {"shape":"MalformedArnException"},
+        {"shape":"UnknownResourceException"},
+        {"shape":"InvalidNextTokenException"},
+        {"shape":"ServerInternalException"},
+        {"shape":"ServiceUnavailableException"},
+        {"shape":"OperationNotPermittedException"},
+        {"shape":"InvalidParameterException"}
+      ],
+      "documentation":"<p>Lists the available versions of the specified RAM permission.</p>"
     },
     "ListPermissions":{
       "name":"ListPermissions",
@@ -307,7 +327,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Lists the RAM permissions.</p>"
+      "documentation":"<p>Retrieves a list of available RAM permissions that you can use for the supported resource types. </p>"
     },
     "ListPrincipals":{
       "name":"ListPrincipals",
@@ -325,7 +345,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Lists the principals that you have shared resources with or that have shared resources with you.</p>"
+      "documentation":"<p>Lists the principals that you are sharing resources with or that are sharing resources with you.</p>"
     },
     "ListResourceSharePermissions":{
       "name":"ListResourceSharePermissions",
@@ -360,7 +380,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Lists the shareable resource types supported by RAM.</p>"
+      "documentation":"<p>Lists the resource types that can be shared by RAM.</p>"
     },
     "ListResources":{
       "name":"ListResources",
@@ -399,7 +419,7 @@
         {"shape":"ServiceUnavailableException"},
         {"shape":"UnknownResourceException"}
       ],
-      "documentation":"<p>Resource shares that were created by attaching a policy to a resource are visible only to the resource share owner, and the resource share cannot be modified in RAM.</p> <p>Use this API action to promote the resource share. When you promote the resource share, it becomes:</p> <ul> <li> <p>Visible to all principals that it is shared with.</p> </li> <li> <p>Modifiable in RAM.</p> </li> </ul>"
+      "documentation":"<p>When you attach a resource-based permission policy to a resource, it automatically creates a resource share. However, resource shares created this way are visible only to the resource share owner, and the resource share can't be modified in RAM.</p> <p>You can use this operation to promote the resource share to a full RAM resource share. When you promote a resource share, you can then manage the resource share in RAM and it becomes visible to all of the principals you shared it with.</p>"
     },
     "RejectResourceShareInvitation":{
       "name":"RejectResourceShareInvitation",
@@ -441,7 +461,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Adds the specified tags to the specified resource share that you own.</p>"
+      "documentation":"<p>Adds the specified tag keys and values to the specified resource share. The tags are attached only to the resource share, not to the resources that are in the resource share.</p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -456,7 +476,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Removes the specified tags from the specified resource share that you own.</p>"
+      "documentation":"<p>Removes the specified tag key and value pairs from the specified resource share.</p>"
     },
     "UpdateResourceShare":{
       "name":"UpdateResourceShare",
@@ -477,7 +497,7 @@
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
-      "documentation":"<p>Updates the specified resource share that you own.</p>"
+      "documentation":"<p>Modifies some of the properties of the specified resource share.</p>"
     }
   },
   "shapes":{
@@ -487,11 +507,11 @@
       "members":{
         "resourceShareInvitationArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the invitation.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the invitation that you want to accept.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -500,11 +520,11 @@
       "members":{
         "resourceShareInvitation":{
           "shape":"ResourceShareInvitation",
-          "documentation":"<p>Information about the invitation.</p>"
+          "documentation":"<p>An object that contains information about the specified invitation.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -517,23 +537,23 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share to which you want to add or replace permissions.</p>"
         },
         "permissionArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the RAM permission to associate with the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the RAM permission to associate with the resource share. To find the ARN for a permission, use either the <a>ListPermissions</a> operation or go to the <a href=\"https://console.aws.amazon.com/ram/home#Permissions:\">Permissions library</a> page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.</p>"
         },
         "replace":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the permission should replace the permissions that are currently associated with the resource share. Use <code>true</code> to replace the current permissions. Use <code>false</code> to add the permission to the current permission.</p>"
+          "documentation":"<p>Specifies whether the specified permission should replace or add to the existing permission associated with the resource share. Use <code>true</code> to replace the current permissions. Use <code>false</code> to add the permission to the current permission. The default value is <code>false</code>.</p> <note> <p>A resource share can have only one permission per resource type. If a resource share already has a permission for the specified resource type and you don't set <code>replace</code> to <code>true</code> then the operation returns an error. This helps prevent accidental overwriting of a permission.</p> </note>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         },
         "permissionVersion":{
           "shape":"Integer",
-          "documentation":"<p>The version of the RAM permissions to associate with the resource share.</p>"
+          "documentation":"<p>Specifies the version of the RAM permission to associate with the resource share. If you don't specify this parameter, the operation uses the version designated as the default. You can use the <a>ListPermissionVersions</a> operation to discover the available versions of a permission.</p>"
         }
       }
     },
@@ -542,11 +562,11 @@
       "members":{
         "returnValue":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the request succeeded.</p>"
+          "documentation":"<p>A return value of <code>true</code> indicates that the request succeeded. A value of <code>false</code> indicates that the request failed.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -556,19 +576,19 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share that you want to add principals or resources to.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the resources.</p>"
+          "documentation":"<p>Specifies a list of <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the resources that you want to share. This can be <code>null</code> if you want to add only principals.</p>"
         },
         "principals":{
           "shape":"PrincipalArnOrIdList",
-          "documentation":"<p>The principals to associate with the resource share. The possible values are:</p> <ul> <li> <p>An Amazon Web Services account ID</p> </li> <li> <p>An Amazon Resource Name (ARN) of an organization in Organizations</p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations</p> </li> <li> <p>An ARN of an IAM role</p> </li> <li> <p>An ARN of an IAM user</p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and IAM users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and IAM users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
+          "documentation":"<p>Specifies a list of principals to whom you want to the resource share. This can be <code>null</code> if you want to add only resources.</p> <p>What the principals can do with the resources in the share is determined by the RAM permissions that you associate with the resource share. See <a>AssociateResourceSharePermission</a>.</p> <p>You can include the following values:</p> <ul> <li> <p>An Amazon Web Services account ID, for example: <code>123456789012</code> </p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example: <code>organizations::123456789012:organization/o-exampleorgid</code> </p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations, for example: <code>organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123</code> </p> </li> <li> <p>An ARN of an IAM role, for example: <code>iam::123456789012:role/rolename</code> </p> </li> <li> <p>An ARN of an IAM user, for example: <code>iam::123456789012user/username</code> </p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -577,11 +597,11 @@
       "members":{
         "resourceShareAssociations":{
           "shape":"ResourceShareAssociationList",
-          "documentation":"<p>Information about the associations.</p>"
+          "documentation":"<p>An array of objects that contain information about the associations.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -592,31 +612,31 @@
       "members":{
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the resource share.</p>"
+          "documentation":"<p>Specifies the name of the resource share.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
-          "documentation":"<p>The ARNs of the resources to associate with the resource share.</p>"
+          "documentation":"<p>Specifies a list of one or more ARNs of the resources to associate with the resource share.</p>"
         },
         "principals":{
           "shape":"PrincipalArnOrIdList",
-          "documentation":"<p>The principals to associate with the resource share. The possible values are:</p> <ul> <li> <p>An Amazon Web Services account ID</p> </li> <li> <p>An Amazon Resource Name (ARN) of an organization in Organizations</p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations</p> </li> <li> <p>An ARN of an IAM role</p> </li> <li> <p>An ARN of an IAM user</p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and IAM users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and IAM users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
+          "documentation":"<p>Specifies a list of one or more principals to associate with the resource share.</p> <p>You can include the following values:</p> <ul> <li> <p>An Amazon Web Services account ID, for example: <code>123456789012</code> </p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example: <code>organizations::123456789012:organization/o-exampleorgid</code> </p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations, for example: <code>organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123</code> </p> </li> <li> <p>An ARN of an IAM role, for example: <code>iam::123456789012:role/rolename</code> </p> </li> <li> <p>An ARN of an IAM user, for example: <code>iam::123456789012user/username</code> </p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>One or more tags.</p>"
+          "documentation":"<p>Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.</p>"
         },
         "allowExternalPrincipals":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether principals outside your organization in Organizations can be associated with a resource share.</p>"
+          "documentation":"<p>Specifies whether principals outside your organization in Organizations can be associated with a resource share. A value of <code>true</code> lets you share with individual Amazon Web Services accounts that are <i>not</i> in your organization. A value of <code>false</code> only has meaning if your account is a member of an Amazon Web Services Organization. The default value is <code>true</code>.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         },
         "permissionArns":{
           "shape":"PermissionArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the permissions to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. Only one permission can be associated with each resource type in a resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.</p>"
         }
       }
     },
@@ -625,11 +645,11 @@
       "members":{
         "resourceShare":{
           "shape":"ResourceShare",
-          "documentation":"<p>Information about the resource share.</p>"
+          "documentation":"<p>An object with information about the new resource share.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -640,13 +660,13 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>",
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share to delete.</p>",
           "location":"querystring",
           "locationName":"resourceShareArn"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>",
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>",
           "location":"querystring",
           "locationName":"clientToken"
         }
@@ -657,11 +677,11 @@
       "members":{
         "returnValue":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the request succeeded.</p>"
+          "documentation":"<p>A return value of <code>true</code> indicates that the request succeeded. A value of <code>false</code> indicates that the request failed.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -674,15 +694,15 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share from which you want to disassociate a permission.</p>"
         },
         "permissionArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the permission to disassociate from the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the permission to disassociate from the resource share. Changes to permissions take effect immediately.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -691,11 +711,11 @@
       "members":{
         "returnValue":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the request succeeded.</p>"
+          "documentation":"<p>A return value of <code>true</code> indicates that the request succeeded. A value of <code>false</code> indicates that the request failed.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -705,19 +725,19 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share that you want to remove resources from.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the resources.</p>"
+          "documentation":"<p>Specifies a list of <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> for one or more resources that you want to remove from the resource share. After the operation runs, these resources are no longer shared with principals outside of the Amazon Web Services account that created the resources.</p>"
         },
         "principals":{
           "shape":"PrincipalArnOrIdList",
-          "documentation":"<p>The principals.</p>"
+          "documentation":"<p>Specifies a list of one or more principals that no longer are to have access to the resources in this resource share.</p> <p>You can include the following values:</p> <ul> <li> <p>An Amazon Web Services account ID, for example: <code>123456789012</code> </p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example: <code>organizations::123456789012:organization/o-exampleorgid</code> </p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations, for example: <code>organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123</code> </p> </li> <li> <p>An ARN of an IAM role, for example: <code>iam::123456789012:role/rolename</code> </p> </li> <li> <p>An ARN of an IAM user, for example: <code>iam::123456789012user/username</code> </p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -726,11 +746,11 @@
       "members":{
         "resourceShareAssociations":{
           "shape":"ResourceShareAssociationList",
-          "documentation":"<p>Information about the associations.</p>"
+          "documentation":"<p>An array of objects that contain information about the updated associations for this resource share.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -744,7 +764,7 @@
       "members":{
         "returnValue":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the request succeeded.</p>"
+          "documentation":"<p>A return value of <code>true</code> indicates that the request succeeded. A value of <code>false</code> indicates that the request failed.</p>"
         }
       }
     },
@@ -754,11 +774,11 @@
       "members":{
         "permissionArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the permission.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the permission whose contents you want to retrieve. To find the ARN for a permission, use either the <a>ListPermissions</a> operation or go to the <a href=\"https://console.aws.amazon.com/ram/home#Permissions:\">Permissions library</a> page in the RAM console and then choose the name of the permission. The ARN is displayed on the detail page.</p>"
         },
         "permissionVersion":{
           "shape":"Integer",
-          "documentation":"<p>The identifier for the version of the permission.</p>"
+          "documentation":"<p>Specifies identifier for the version of the RAM permission to retrieve. If you don't specify this parameter, the operation retrieves the default version.</p>"
         }
       }
     },
@@ -767,7 +787,7 @@
       "members":{
         "permission":{
           "shape":"ResourceSharePermissionDetail",
-          "documentation":"<p>Information about the permission.</p>"
+          "documentation":"<p>An object that contains information about the permission.</p>"
         }
       }
     },
@@ -777,19 +797,19 @@
       "members":{
         "resourceArns":{
           "shape":"ResourceArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the resources.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the resources whose policies you want to retrieve.</p>"
         },
         "principal":{
           "shape":"String",
-          "documentation":"<p>The principal.</p>"
+          "documentation":"<p>Specifies the principal.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -798,11 +818,11 @@
       "members":{
         "policies":{
           "shape":"PolicyList",
-          "documentation":"<p>A key policy document, in JSON format.</p>"
+          "documentation":"<p>An array of resource policy documents in JSON format.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -812,31 +832,31 @@
       "members":{
         "associationType":{
           "shape":"ResourceShareAssociationType",
-          "documentation":"<p>The association type. Specify <code>PRINCIPAL</code> to list the principals that are associated with the specified resource share. Specify <code>RESOURCE</code> to list the resources that are associated with the specified resource share.</p>"
+          "documentation":"<p>Specifies whether you want to retrieve the associations that involve a specified resource or principal.</p> <ul> <li> <p> <code>PRINCIPAL</code> – list the principals that are associated with the specified resource share.</p> </li> <li> <p> <code>RESOURCE</code> – list the resources that are associated with the specified resource share.</p> </li> </ul>"
         },
         "resourceShareArns":{
           "shape":"ResourceShareArnList",
-          "documentation":"<p>The Amazon Resource Names (ARN) of the resource shares.</p>"
+          "documentation":"<p>Specifies a list of <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the resource share whose associations you want to retrieve.</p>"
         },
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource. You cannot specify this parameter if the association type is <code>PRINCIPAL</code>.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource whose resource shares you want to retrieve.</p> <p>You cannot specify this parameter if the association type is <code>PRINCIPAL</code>.</p>"
         },
         "principal":{
           "shape":"String",
-          "documentation":"<p>The principal. You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>"
+          "documentation":"<p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an individual IAM user or role.</p> <p>You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>"
         },
         "associationStatus":{
           "shape":"ResourceShareAssociationStatus",
-          "documentation":"<p>The association status.</p>"
+          "documentation":"<p>Specifies that you want to retrieve only associations with this status.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -845,11 +865,11 @@
       "members":{
         "resourceShareAssociations":{
           "shape":"ResourceShareAssociationList",
-          "documentation":"<p>Information about the associations.</p>"
+          "documentation":"<p>An array of objects that contain the details about the associations.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -858,19 +878,19 @@
       "members":{
         "resourceShareInvitationArns":{
           "shape":"ResourceShareInvitationArnList",
-          "documentation":"<p>The Amazon Resource Names (ARN) of the invitations.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the resource share invitations you want information about.</p>"
         },
         "resourceShareArns":{
           "shape":"ResourceShareArnList",
-          "documentation":"<p>The Amazon Resource Names (ARN) of the resource shares.</p>"
+          "documentation":"<p>Specifies that you want details about invitations only for the resource shares described by this list of <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> </p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -879,11 +899,11 @@
       "members":{
         "resourceShareInvitations":{
           "shape":"ResourceShareInvitationList",
-          "documentation":"<p>Information about the invitations.</p>"
+          "documentation":"<p>An array of objects that contain the details about the invitations.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -893,35 +913,35 @@
       "members":{
         "resourceShareArns":{
           "shape":"ResourceShareArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the resource shares.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of individual resource shares that you want information about.</p>"
         },
         "resourceShareStatus":{
           "shape":"ResourceShareStatus",
-          "documentation":"<p>The status of the resource share.</p>"
+          "documentation":"<p>Specifies that you want to retrieve details of only those resource shares that have this status.</p>"
         },
         "resourceOwner":{
           "shape":"ResourceOwner",
-          "documentation":"<p>The type of owner.</p>"
+          "documentation":"<p>Specifies that you want to retrieve details of only those resource shares that match the following:</p> <ul> <li> <p> <b> <code>SELF</code> </b> – resources that you are sharing</p> </li> <li> <p> <b> <code>OTHER-ACCOUNTS</code> </b> – resources that other accounts share with you</p> </li> </ul>"
         },
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the resource share.</p>"
+          "documentation":"<p>Specifies the name of an individual resource share that you want to retrieve details about.</p>"
         },
         "tagFilters":{
           "shape":"TagFilters",
-          "documentation":"<p>One or more tag filters.</p>"
+          "documentation":"<p>Specifies that you want to retrieve details of only those resource shares that match the specified tag keys and values.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         },
         "permissionArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the RAM permission that is associated with the resource share.</p>"
+          "documentation":"<p>Specifies that you want to retrieve details of only those resource shares that use the RAM permission with this <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a>.</p>"
         }
       }
     },
@@ -930,11 +950,11 @@
       "members":{
         "resourceShares":{
           "shape":"ResourceShareList",
-          "documentation":"<p>Information about the resource shares.</p>"
+          "documentation":"<p>An array of objects that contain the information about the resource shares.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -944,7 +964,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>A client token input parameter was reused with an operation, but at least one of the other input parameters is different from the previous call to the operation.</p>",
+      "documentation":"<p>The client token input parameter was matched one used with a previous call to the operation, but at least one of the other input parameters is different from the previous call.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -955,7 +975,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>A client token is not valid.</p>",
+      "documentation":"<p>The client token is not valid.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -965,7 +985,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The specified value for MaxResults is not valid.</p>",
+      "documentation":"<p>The specified value for <code>MaxResults</code> is not valid.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -975,7 +995,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The specified value for NextToken is not valid.</p>",
+      "documentation":"<p>The specified value for <code>NextToken</code> is not valid.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1015,15 +1035,19 @@
       "members":{
         "resourceShareInvitationArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the invitation.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the invitation. You can use <a>GetResourceShareInvitations</a> to find the ARN of the invitation.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
+        },
+        "resourceRegionScope":{
+          "shape":"ResourceRegionScopeFilter",
+          "documentation":"<p>Specifies that you want the results to include only resources that have the specified scope.</p> <ul> <li> <p> <code>ALL</code> – the results include both global and regional resources or resource types.</p> </li> <li> <p> <code>GLOBAL</code> – the results include only global resources or resource types.</p> </li> <li> <p> <code>REGIONAL</code> – the results include only regional resources or resource types.</p> </li> </ul> <p>The default value is <code>ALL</code>.</p>"
         }
       }
     },
@@ -1032,11 +1056,42 @@
       "members":{
         "resources":{
           "shape":"ResourceList",
-          "documentation":"<p>Information about the resources included the resource share.</p>"
+          "documentation":"<p>An array of objects that contain the information about the resources included the specified resource share.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
+        }
+      }
+    },
+    "ListPermissionVersionsRequest":{
+      "type":"structure",
+      "required":["permissionArn"],
+      "members":{
+        "permissionArn":{
+          "shape":"String",
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the RAM permission whose versions you want to list. You can use the <code>permissionVersion</code> parameter on the <a>AssociateResourceSharePermission</a> operation to specify a non-default version to attach.</p>"
+        },
+        "nextToken":{
+          "shape":"String",
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
+        }
+      }
+    },
+    "ListPermissionVersionsResponse":{
+      "type":"structure",
+      "members":{
+        "permissions":{
+          "shape":"ResourceSharePermissionList",
+          "documentation":"<p>An array of objects that contain details for each of the available versions.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1045,15 +1100,15 @@
       "members":{
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>Specifies the resource type for which to list permissions. For example, to list only permissions that apply to EC2 subnets, specify <code>ec2:Subnet</code>.</p>"
+          "documentation":"<p>Specifies that you want to list permissions for only the specified resource type. For example, to list only permissions that apply to EC2 subnets, specify <code>ec2:Subnet</code>. You can use the <a>ListResourceTypes</a> operation to get the specific string required.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -1062,11 +1117,11 @@
       "members":{
         "permissions":{
           "shape":"ResourceSharePermissionList",
-          "documentation":"<p>Information about the permissions.</p>"
+          "documentation":"<p>An array of objects with information about the permissions.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1076,31 +1131,31 @@
       "members":{
         "resourceOwner":{
           "shape":"ResourceOwner",
-          "documentation":"<p>The type of owner.</p>"
+          "documentation":"<p>Specifies that you want to list information for only resource shares that match the following:</p> <ul> <li> <p> <b> <code>SELF</code> </b> – resources that you are sharing</p> </li> <li> <p> <b> <code>OTHER-ACCOUNTS</code> </b> – resources that other accounts share with you</p> </li> </ul>"
         },
         "resourceArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource.</p>"
+          "documentation":"<p>Specifies that you want to list principal information for the resource share with the specified <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a>.</p>"
         },
         "principals":{
           "shape":"PrincipalArnOrIdList",
-          "documentation":"<p>The principals.</p>"
+          "documentation":"<p>Specifies that you want to list information for only the listed principals.</p> <p>You can include the following values:</p> <ul> <li> <p>An Amazon Web Services account ID, for example: <code>123456789012</code> </p> </li> <li> <p>An <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example: <code>organizations::123456789012:organization/o-exampleorgid</code> </p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations, for example: <code>organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123</code> </p> </li> <li> <p>An ARN of an IAM role, for example: <code>iam::123456789012:role/rolename</code> </p> </li> <li> <p>An ARN of an IAM user, for example: <code>iam::123456789012user/username</code> </p> </li> </ul> <note> <p>Not all resource types can be shared with IAM roles and users. For more information, see <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/permissions.html#permissions-rbp-supported-resource-types\">Sharing with IAM roles and users</a> in the <i>Resource Access Manager User Guide</i>.</p> </note>"
         },
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>The resource type.</p> <p>Valid values: <code>acm-pca:CertificateAuthority</code> | <code>appmesh:Mesh</code> | <code>codebuild:Project</code> | <code>codebuild:ReportGroup</code> | <code>ec2:CapacityReservation</code> | <code>ec2:DedicatedHost</code> | <code>ec2:LocalGatewayRouteTable</code> | <code>ec2:PrefixList</code> | <code>ec2:Subnet</code> | <code>ec2:TrafficMirrorTarget</code> | <code>ec2:TransitGateway</code> | <code>imagebuilder:Component</code> | <code>imagebuilder:Image</code> | <code>imagebuilder:ImageRecipe</code> | <code>imagebuilder:ContainerRecipe</code> | <code>glue:Catalog</code> | <code>glue:Database</code> | <code>glue:Table</code> | <code>license-manager:LicenseConfiguration</code> I <code>network-firewall:FirewallPolicy</code> | <code>network-firewall:StatefulRuleGroup</code> | <code>network-firewall:StatelessRuleGroup</code> | <code>outposts:Outpost</code> | <code>resource-groups:Group</code> | <code>rds:Cluster</code> | <code>route53resolver:FirewallRuleGroup</code> |<code>route53resolver:ResolverQueryLogConfig</code> | <code>route53resolver:ResolverRule</code> | <code>s3-outposts:Outpost</code> | <code>ssm-contacts:Contact</code> | <code>ssm-incidents:ResponsePlan</code> </p>"
+          "documentation":"<p>Specifies that you want to list information for only principals associated with resource shares that include the specified resource type.</p> <p>For a list of valid values, query the <a>ListResourceTypes</a> operation.</p>"
         },
         "resourceShareArns":{
           "shape":"ResourceShareArnList",
-          "documentation":"<p>The Amazon Resource Names (ARN) of the resource shares.</p>"
+          "documentation":"<p>Specifies that you want to list information for only principals associated with the resource shares specified by a list the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a>.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -1109,11 +1164,11 @@
       "members":{
         "principals":{
           "shape":"PrincipalList",
-          "documentation":"<p>The principals.</p>"
+          "documentation":"<p>An array of objects that contain the details about the principals.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1123,15 +1178,15 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share for which you want to retrieve the associated permissions.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
         }
       }
     },
@@ -1140,11 +1195,11 @@
       "members":{
         "permissions":{
           "shape":"ResourceSharePermissionList",
-          "documentation":"<p>The permissions associated with the resource share.</p>"
+          "documentation":"<p>An array of objects that describe the permissions associated with the resource share.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1153,11 +1208,15 @@
       "members":{
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
+        },
+        "resourceRegionScope":{
+          "shape":"ResourceRegionScopeFilter",
+          "documentation":"<p>Specifies that you want the results to include only resources that have the specified scope.</p> <ul> <li> <p> <code>ALL</code> – the results include both global and regional resources or resource types.</p> </li> <li> <p> <code>GLOBAL</code> – the results include only global resources or resource types.</p> </li> <li> <p> <code>REGIONAL</code> – the results include only regional resources or resource types.</p> </li> </ul> <p>The default value is <code>ALL</code>.</p>"
         }
       }
     },
@@ -1166,11 +1225,11 @@
       "members":{
         "resourceTypes":{
           "shape":"ServiceNameAndResourceTypeList",
-          "documentation":"<p>The shareable resource types supported by RAM.</p>"
+          "documentation":"<p>An array of objects that contain information about the resource types that can be shared using RAM.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1180,31 +1239,35 @@
       "members":{
         "resourceOwner":{
           "shape":"ResourceOwner",
-          "documentation":"<p>The type of owner.</p>"
+          "documentation":"<p>Specifies that you want to list only the resource shares that match the following:</p> <ul> <li> <p> <b> <code>SELF</code> </b> – resources that you are sharing</p> </li> <li> <p> <b> <code>OTHER-ACCOUNTS</code> </b> – resources that other accounts share with you</p> </li> </ul>"
         },
         "principal":{
           "shape":"String",
-          "documentation":"<p>The principal.</p>"
+          "documentation":"<p>Specifies that you want to list only the resource shares that are associated with the specified principal.</p>"
         },
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>The resource type.</p> <p>Valid values: <code>acm-pca:CertificateAuthority</code> | <code>appmesh:Mesh</code> | <code>codebuild:Project</code> | <code>codebuild:ReportGroup</code> | <code>ec2:CapacityReservation</code> | <code>ec2:DedicatedHost</code> | <code>ec2:LocalGatewayRouteTable</code> | <code>ec2:PrefixList</code> | <code>ec2:Subnet</code> | <code>ec2:TrafficMirrorTarget</code> | <code>ec2:TransitGateway</code> | <code>imagebuilder:Component</code> | <code>imagebuilder:Image</code> | <code>imagebuilder:ImageRecipe</code> | <code>imagebuilder:ContainerRecipe</code> | <code>glue:Catalog</code> | <code>glue:Database</code> | <code>glue:Table</code> | <code>license-manager:LicenseConfiguration</code> I <code>network-firewall:FirewallPolicy</code> | <code>network-firewall:StatefulRuleGroup</code> | <code>network-firewall:StatelessRuleGroup</code> | <code>outposts:Outpost</code> | <code>resource-groups:Group</code> | <code>rds:Cluster</code> | <code>route53resolver:FirewallRuleGroup</code> |<code>route53resolver:ResolverQueryLogConfig</code> | <code>route53resolver:ResolverRule</code> | <code>s3-outposts:Outpost</code> | <code>ssm-contacts:Contact</code> | <code>ssm-incidents:ResponsePlan</code> </p>"
+          "documentation":"<p>Specifies that you want to list only the resource shares that include resources of the specified resource type.</p> <p>For valid values, query the <a>ListResourceTypes</a> operation.</p>"
         },
         "resourceArns":{
           "shape":"ResourceArnList",
-          "documentation":"<p>The Amazon Resource Names (ARNs) of the resources.</p>"
+          "documentation":"<p>Specifies that you want to list only the resource shares that include resources with the specified <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a>.</p>"
         },
         "resourceShareArns":{
           "shape":"ResourceShareArnList",
-          "documentation":"<p>The Amazon Resource Names (ARN) of the resource shares.</p>"
+          "documentation":"<p>Specifies that you want to list only resources in the resource shares identified by the specified <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a>.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token for the next page of results.</p>"
+          "documentation":"<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>"
         },
         "maxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>nextToken</code> value.</p>"
+          "documentation":"<p>Specifies the total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the number you specify, the <code>NextToken</code> response element is returned with a value (not null). Include the specified value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>"
+        },
+        "resourceRegionScope":{
+          "shape":"ResourceRegionScopeFilter",
+          "documentation":"<p>Specifies that you want the results to include only resources that have the specified scope.</p> <ul> <li> <p> <code>ALL</code> – the results include both global and regional resources or resource types.</p> </li> <li> <p> <code>GLOBAL</code> – the results include only global resources or resource types.</p> </li> <li> <p> <code>REGIONAL</code> – the results include only regional resources or resource types.</p> </li> </ul> <p>The default value is <code>ALL</code>.</p>"
         }
       }
     },
@@ -1213,11 +1276,11 @@
       "members":{
         "resources":{
           "shape":"ResourceList",
-          "documentation":"<p>Information about the resources.</p>"
+          "documentation":"<p>An array of objects that contain information about the resources.</p>"
         },
         "nextToken":{
           "shape":"String",
-          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+          "documentation":"<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>"
         }
       }
     },
@@ -1274,15 +1337,15 @@
         },
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of a resource share the principal is associated with.</p>"
         },
         "creationTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the principal was associated with the resource share.</p>"
+          "documentation":"<p>The date and time when the principal was associated with the resource share.</p>"
         },
         "lastUpdatedTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the association was last updated.</p>"
+          "documentation":"<p>The date and time when the association was last updated.</p>"
         },
         "external":{
           "shape":"Boolean",
@@ -1305,7 +1368,7 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share to promote.</p>",
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share to promote.</p>",
           "location":"querystring",
           "locationName":"resourceShareArn"
         }
@@ -1316,7 +1379,7 @@
       "members":{
         "returnValue":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the request succeeded.</p>"
+          "documentation":"<p>A return value of <code>true</code> indicates that the request succeeded. A value of <code>false</code> indicates that the request failed.</p>"
         }
       }
     },
@@ -1326,11 +1389,11 @@
       "members":{
         "resourceShareInvitationArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the invitation.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the invitation that you want to reject.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -1339,11 +1402,11 @@
       "members":{
         "resourceShareInvitation":{
           "shape":"ResourceShareInvitation",
-          "documentation":"<p>Information about the invitation.</p>"
+          "documentation":"<p>An object that contains the details about the rejected invitation.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     },
@@ -1352,23 +1415,23 @@
       "members":{
         "arn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource.</p>"
         },
         "type":{
           "shape":"String",
-          "documentation":"<p>The resource type.</p>"
+          "documentation":"<p>The resource type. This takes the form of: <code>service-code</code>:<code>resource-code</code> </p>"
         },
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share this resource is associated with.</p>"
         },
         "resourceGroupArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource group. This value is returned only if the resource is a resource group.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource group. This value is available only if the resource is part of a resource group.</p>"
         },
         "status":{
           "shape":"ResourceStatus",
-          "documentation":"<p>The status of the resource.</p>"
+          "documentation":"<p>The current status of the resource.</p>"
         },
         "statusMessage":{
           "shape":"String",
@@ -1376,14 +1439,18 @@
         },
         "creationTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the resource was associated with the resource share.</p>"
+          "documentation":"<p>The date and time when the resource was associated with the resource share.</p>"
         },
         "lastUpdatedTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the association was last updated.</p>"
+          "documentation":"<p>The date an time when the association was last updated.</p>"
+        },
+        "resourceRegionScope":{
+          "shape":"ResourceRegionScope",
+          "documentation":"<p>Specifies the scope of visibility of this resource:</p> <ul> <li> <p> <b>REGIONAL</b> – The resource can be accessed only by using requests that target the Amazon Web Services Region in which the resource exists.</p> </li> <li> <p> <b>GLOBAL</b> – The resource can be accessed from any Amazon Web Services Region.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes a resource associated with a resource share.</p>"
+      "documentation":"<p>Describes a resource associated with a resource share in RAM.</p>"
     },
     "ResourceArnList":{
       "type":"list",
@@ -1395,7 +1462,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>An Amazon Resource Name (ARN) was not found.</p>",
+      "documentation":"<p>The specified Amazon Resource Name (ARN) was not found.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1410,12 +1477,27 @@
         "OTHER-ACCOUNTS"
       ]
     },
+    "ResourceRegionScope":{
+      "type":"string",
+      "enum":[
+        "REGIONAL",
+        "GLOBAL"
+      ]
+    },
+    "ResourceRegionScopeFilter":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "REGIONAL",
+        "GLOBAL"
+      ]
+    },
     "ResourceShare":{
       "type":"structure",
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share</p>"
         },
         "name":{
           "shape":"String",
@@ -1431,7 +1513,7 @@
         },
         "status":{
           "shape":"ResourceShareStatus",
-          "documentation":"<p>The status of the resource share.</p>"
+          "documentation":"<p>The current status of the resource share.</p>"
         },
         "statusMessage":{
           "shape":"String",
@@ -1439,22 +1521,22 @@
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>The tags for the resource share.</p>"
+          "documentation":"<p>The tag key and value pairs attached to the resource share.</p>"
         },
         "creationTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the resource share was created.</p>"
+          "documentation":"<p>The date and time when the resource share was created.</p>"
         },
         "lastUpdatedTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the resource share was last updated.</p>"
+          "documentation":"<p>The date and time when the resource share was last updated.</p>"
         },
         "featureSet":{
           "shape":"ResourceShareFeatureSet",
-          "documentation":"<p>Indicates how the resource share was created. Possible values include:</p> <ul> <li> <p> <code>CREATED_FROM_POLICY</code> - Indicates that the resource share was created from an Amazon Web Services Identity and Access Management (Amazon Web Services IAM) policy attached to a resource. These resource shares are visible only to the Amazon Web Services account that created it. They cannot be modified in RAM.</p> </li> <li> <p> <code>PROMOTING_TO_STANDARD</code> - The resource share is in the process of being promoted. For more information, see <a>PromoteResourceShareCreatedFromPolicy</a>.</p> </li> <li> <p> <code>STANDARD</code> - Indicates that the resource share was created in RAM using the console or APIs. These resource shares are visible to all principals. They can be modified in RAM.</p> </li> </ul>"
+          "documentation":"<p>Indicates how the resource share was created. Possible values include:</p> <ul> <li> <p> <code>CREATED_FROM_POLICY</code> - Indicates that the resource share was created from an Identity and Access Management (IAM) resource-based permission policy attached to the resource. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see <a>PromoteResourceShareCreatedFromPolicy</a>.</p> </li> <li> <p> <code>PROMOTING_TO_STANDARD</code> - The resource share is in the process of being promoted. For more information, see <a>PromoteResourceShareCreatedFromPolicy</a>.</p> </li> <li> <p> <code>STANDARD</code> - Indicates that the resource share was created in RAM using the console or APIs. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes a resource share.</p>"
+      "documentation":"<p>Describes a resource share in RAM.</p>"
     },
     "ResourceShareArnList":{
       "type":"list",
@@ -1465,7 +1547,7 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share.</p>"
         },
         "resourceShareName":{
           "shape":"String",
@@ -1473,15 +1555,15 @@
         },
         "associatedEntity":{
           "shape":"String",
-          "documentation":"<p>The associated entity. For resource associations, this is the Amazon Resource Name (ARN) of the resource. For principal associations, this is one of the following:</p> <ul> <li> <p>An Amazon Web Services account ID</p> </li> <li> <p>An ARN of an organization in Organizations</p> </li> <li> <p>An ARN of an organizational unit (OU) in Organizations</p> </li> <li> <p>An ARN of an IAM role</p> </li> <li> <p>An ARN of an IAM user</p> </li> </ul>"
+          "documentation":"<p>The associated entity. This can be either of the following:</p> <ul> <li> <p>For a resource association, this is the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource.</p> </li> <li> <p>For principal associations, this is one of the following:</p> <ul> <li> <p>The ID of an Amazon Web Services account</p> </li> <li> <p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of an organization in Organizations</p> </li> <li> <p>The ARN of an organizational unit (OU) in Organizations</p> </li> <li> <p>The ARN of an IAM role</p> </li> <li> <p>The ARN of an IAM user</p> </li> </ul> </li> </ul>"
         },
         "associationType":{
           "shape":"ResourceShareAssociationType",
-          "documentation":"<p>The association type.</p>"
+          "documentation":"<p>The type of entity included in this association.</p>"
         },
         "status":{
           "shape":"ResourceShareAssociationStatus",
-          "documentation":"<p>The status of the association.</p>"
+          "documentation":"<p>The current status of the association.</p>"
         },
         "statusMessage":{
           "shape":"String",
@@ -1489,18 +1571,18 @@
         },
         "creationTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the association was created.</p>"
+          "documentation":"<p>The date and time when the association was created.</p>"
         },
         "lastUpdatedTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time when the association was last updated.</p>"
+          "documentation":"<p>The date and time when the association was last updated.</p>"
         },
         "external":{
           "shape":"Boolean",
           "documentation":"<p>Indicates whether the principal belongs to the same organization in Organizations as the Amazon Web Services account that owns the resource share.</p>"
         }
       },
-      "documentation":"<p>Describes an association with a resource share.</p>"
+      "documentation":"<p>Describes an association with a resource share and either a principal or a resource.</p>"
     },
     "ResourceShareAssociationList":{
       "type":"list",
@@ -1536,7 +1618,7 @@
       "members":{
         "resourceShareInvitationArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the invitation.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the invitation.</p>"
         },
         "resourceShareName":{
           "shape":"String",
@@ -1544,7 +1626,7 @@
         },
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share</p>"
         },
         "senderAccountId":{
           "shape":"String",
@@ -1560,20 +1642,20 @@
         },
         "status":{
           "shape":"ResourceShareInvitationStatus",
-          "documentation":"<p>The status of the invitation.</p>"
+          "documentation":"<p>The current status of the invitation.</p>"
         },
         "resourceShareAssociations":{
           "shape":"ResourceShareAssociationList",
-          "documentation":"<p>To view the resources associated with a pending resource share invitation, use <a href=\"https://docs.aws.amazon.com/ram/latest/APIReference/API_ListPendingInvitationResources.html\"> ListPendingInvitationResources</a>.</p>",
+          "documentation":"<p>To view the resources associated with a pending resource share invitation, use <a>ListPendingInvitationResources</a>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This member has been deprecated. Use ListPendingInvitationResources."
         },
         "receiverArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM user or IAM role that received the invitation.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the IAM user or role that received the invitation.</p>"
         }
       },
-      "documentation":"<p>Describes an invitation to join a resource share.</p>"
+      "documentation":"<p>Describes an invitation for an Amazon Web Services account to join a resource share.</p>"
     },
     "ResourceShareInvitationAlreadyAcceptedException":{
       "type":"structure",
@@ -1581,7 +1663,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The invitation was already accepted.</p>",
+      "documentation":"<p>The specified invitation was already accepted.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1591,7 +1673,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The invitation was already rejected.</p>",
+      "documentation":"<p>The specified invitation was already rejected.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1605,7 +1687,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The Amazon Resource Name (ARN) for an invitation was not found.</p>",
+      "documentation":"<p>The specified Amazon Resource Name (ARN) for an invitation was not found.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1615,7 +1697,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The invitation is expired.</p>",
+      "documentation":"<p>The specified invitation is expired.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1638,7 +1720,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The requested resource share exceeds the limit for your account.</p>",
+      "documentation":"<p>This request would exceed the limit for resource shares for your account.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1651,27 +1733,27 @@
       "members":{
         "arn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the permission.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of this RAM permission.</p>"
         },
         "version":{
           "shape":"String",
-          "documentation":"<p>The identifier for the version of the permission.</p>"
+          "documentation":"<p>The version of the permission represented in this structure.</p>"
         },
         "defaultVersion":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether the version of the permission is set to the default version for this permission.</p>"
+          "documentation":"<p>Specifies whether the version of the permission represented in this structure is the default version for this permission.</p>"
         },
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the permission.</p>"
+          "documentation":"<p>The name of this permission.</p>"
         },
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>The resource type to which the permission applies.</p>"
+          "documentation":"<p>The resource type to which this permission applies.</p>"
         },
         "permission":{
           "shape":"String",
-          "documentation":"<p>The permission's effect and actions in JSON format. The <code>effect</code> indicates whether the actions are allowed or denied. The <code>actions</code> list the API actions to which the principal is granted or denied access.</p>"
+          "documentation":"<p>The permission's effect and actions in JSON format. The <code>effect</code> indicates whether the specified actions are allowed or denied. The <code>actions</code> list the operations to which the principal is granted or denied access.</p>"
         },
         "creationTime":{
           "shape":"DateTime",
@@ -1683,7 +1765,7 @@
         },
         "isResourceTypeDefault":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether the version of the permission is set to the default version for this resource type.</p>"
+          "documentation":"<p>Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.</p>"
         }
       },
       "documentation":"<p>Information about an RAM permission.</p>"
@@ -1697,23 +1779,23 @@
       "members":{
         "arn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the permission.</p>"
+          "documentation":"<p>The <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the permission you want information about.</p>"
         },
         "version":{
           "shape":"String",
-          "documentation":"<p>The identifier for the version of the permission.</p>"
+          "documentation":"<p>The version of the permission represented in this structure.</p>"
         },
         "defaultVersion":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether the version of the permission is set to the default version for this permission.</p>"
+          "documentation":"<p>Specifies whether the version of the permission represented in this structure is the default version for this permission.</p>"
         },
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the permission.</p>"
+          "documentation":"<p>The name of this permission.</p>"
         },
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>The type of resource to which the permission applies.</p>"
+          "documentation":"<p>The type of resource to which this permission applies.</p>"
         },
         "status":{
           "shape":"String",
@@ -1729,10 +1811,10 @@
         },
         "isResourceTypeDefault":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether the version of the permission is set to the default version for this resource type.</p>"
+          "documentation":"<p>Specifies whether the version of the permission represented in this structure is the default version for all resources of this resource type.</p>"
         }
       },
-      "documentation":"<p>Information about a permission that is associated with a resource share.</p>"
+      "documentation":"<p>Information about an RAM permission that is associated with a resource share and any of its resources of a specified type.</p>"
     },
     "ResourceShareStatus":{
       "type":"string",
@@ -1769,14 +1851,18 @@
       "members":{
         "resourceType":{
           "shape":"String",
-          "documentation":"<p>The shareable resource types.</p>"
+          "documentation":"<p>The type of the resource.</p>"
         },
         "serviceName":{
           "shape":"String",
-          "documentation":"<p>The name of the Amazon Web Services services to which the resources belong.</p>"
+          "documentation":"<p>The name of the Amazon Web Services service to which resources of this type belong.</p>"
+        },
+        "resourceRegionScope":{
+          "shape":"ResourceRegionScope",
+          "documentation":"<p>Specifies the scope of visibility of resources of this type:</p> <ul> <li> <p> <b>REGIONAL</b> – The resource can be accessed only by using requests that target the Amazon Web Services Region in which the resource exists.</p> </li> <li> <p> <b>GLOBAL</b> – The resource can be accessed from any Amazon Web Services Region.</p> </li> </ul>"
         }
       },
-      "documentation":"<p>Information about the shareable resource types and the Amazon Web Services services to which they belong.</p>"
+      "documentation":"<p>Information about a shareable resource type and the Amazon Web Services service to which resources of that type belong.</p>"
     },
     "ServiceNameAndResourceTypeList":{
       "type":"list",
@@ -1798,28 +1884,28 @@
       "members":{
         "key":{
           "shape":"TagKey",
-          "documentation":"<p>The key of the tag.</p>"
+          "documentation":"<p>The key, or name, attached to the tag. Every tag must have a key. Key names are case sensitive.</p>"
         },
         "value":{
           "shape":"TagValue",
-          "documentation":"<p>The value of the tag.</p>"
+          "documentation":"<p>The string value attached to the tag. The value can be an empty string. Key values are case sensitive.</p>"
         }
       },
-      "documentation":"<p>Information about a tag.</p>"
+      "documentation":"<p>A structure containing a tag. A tag is metadata that you can attach to your resources to help organize and categorize them. You can also use them to help you secure your resources. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html\">Controlling access to Amazon Web Services resources using tags</a>.</p> <p>For more information about tags, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a> in the <i>Amazon Web Services General Reference Guide</i>.</p>"
     },
     "TagFilter":{
       "type":"structure",
       "members":{
         "tagKey":{
           "shape":"TagKey",
-          "documentation":"<p>The tag key.</p>"
+          "documentation":"<p>The tag key. This must have a valid string value and can't be empty.</p>"
         },
         "tagValues":{
           "shape":"TagValueList",
-          "documentation":"<p>The tag values.</p>"
+          "documentation":"<p>A list of zero or more tag values. If no values are provided, then the filter matches any tag with the specified key, regardless of its value.</p>"
         }
       },
-      "documentation":"<p>Used to filter information based on tags.</p>"
+      "documentation":"<p>A tag key and optional list of possible values that you can use to filter results for tagged resources.</p>"
     },
     "TagFilters":{
       "type":"list",
@@ -1836,7 +1922,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The requested tags exceed the limit for your account.</p>",
+      "documentation":"<p>This request would exceed the limit for tags for your account.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1850,7 +1936,7 @@
       "members":{
         "message":{"shape":"String"}
       },
-      "documentation":"<p>The specified tag is a reserved word and cannot be used.</p>",
+      "documentation":"<p>The specified tag key is a reserved word and can't be used.</p>",
       "error":{"httpStatusCode":400},
       "exception":true
     },
@@ -1863,11 +1949,11 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share that you want to add tags to.</p>"
         },
         "tags":{
           "shape":"TagList",
-          "documentation":"<p>One or more tags.</p>"
+          "documentation":"<p>A list of one or more tag key and value pairs. The tag key must be present and not be an empty string. The tag value must be present but can be an empty string.</p>"
         }
       }
     },
@@ -1881,6 +1967,16 @@
       "type":"list",
       "member":{"shape":"TagValue"}
     },
+    "ThrottlingException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You exceeded the rate at which you are allowed to perform this operation. Please try again later.</p>",
+      "error":{"httpStatusCode":429},
+      "exception":true
+    },
     "UnknownResourceException":{
       "type":"structure",
       "required":["message"],
@@ -1900,11 +1996,11 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share that you want to remove tags from. The tags are removed from the resource share, not the resources in the resource share.</p>"
         },
         "tagKeys":{
           "shape":"TagKeyList",
-          "documentation":"<p>The tag keys of the tags to remove.</p>"
+          "documentation":"<p>Specifies a list of one or more tag keys that you want to remove.</p>"
         }
       }
     },
@@ -1919,19 +2015,19 @@
       "members":{
         "resourceShareArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the resource share.</p>"
+          "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resoure Name (ARN)</a> of the resource share that you want to modify.</p>"
         },
         "name":{
           "shape":"String",
-          "documentation":"<p>The name of the resource share.</p>"
+          "documentation":"<p>If specified, the new name that you want to attach to the resource share.</p>"
         },
         "allowExternalPrincipals":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether principals outside your organization in Organizations can be associated with a resource share.</p>"
+          "documentation":"<p>Specifies whether principals outside your organization in Organizations can be associated with a resource share.</p>"
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p>"
         }
       }
     },
@@ -1944,10 +2040,10 @@
         },
         "clientToken":{
           "shape":"String",
-          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.</p>"
+          "documentation":"<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>"
         }
       }
     }
   },
-  "documentation":"<p>This is the <i>Resource Access Manager API Reference</i>. This documentation provides descriptions and syntax for each of the actions and data types in RAM. RAM is a service that helps you securely share your Amazon Web Services resources across Amazon Web Services accounts and within your organization or organizational units (OUs) in Organizations. For supported resource types, you can also share resources with IAM roles and IAM users. If you have multiple Amazon Web Services accounts, you can use RAM to share those resources with other accounts.</p> <p>To learn more about RAM, see the following resources:</p> <ul> <li> <p> <a href=\"http://aws.amazon.com/ram\">Resource Access Manager product page</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/\">Resource Access Manager User Guide</a> </p> </li> </ul>"
+  "documentation":"<p>This is the <i>Resource Access Manager API Reference</i>. This documentation provides descriptions and syntax for each of the actions and data types in RAM. RAM is a service that helps you securely share your Amazon Web Services resources across Amazon Web Services accounts. If you have multiple Amazon Web Services accounts, you can use RAM to share those resources with other accounts. If you use Organizations to manage your accounts, then you share your resources with your organization or organizational units (OUs). For supported resource types, you can also share resources with individual Identity and Access Management (IAM) roles an users. </p> <p>To learn more about RAM, see the following resources:</p> <ul> <li> <p> <a href=\"http://aws.amazon.com/ram\">Resource Access Manager product page</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/ram/latest/userguide/\">Resource Access Manager User Guide</a> </p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/paginators-1.json b/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/paginators-1.json
new file mode 100644
index 00000000000..bdbfafb4836
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/paginators-1.json
@@ -0,0 +1,10 @@
+{
+  "pagination": {
+    "ListRules": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "Rules"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/service-2.json b/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/service-2.json
new file mode 100644
index 00000000000..e0fb257bd07
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/rbin/2021-06-15/service-2.json
@@ -0,0 +1,646 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2021-06-15",
+    "endpointPrefix":"rbin",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"Amazon Recycle Bin",
+    "serviceId":"rbin",
+    "signatureVersion":"v4",
+    "signingName":"rbin",
+    "uid":"rbin-2021-06-15"
+  },
+  "operations":{
+    "CreateRule":{
+      "name":"CreateRule",
+      "http":{
+        "method":"POST",
+        "requestUri":"/rules",
+        "responseCode":201
+      },
+      "input":{"shape":"CreateRuleRequest"},
+      "output":{"shape":"CreateRuleResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Creates a Recycle Bin retention rule. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-rules.html#recycle-bin-create-rule\"> Create Recycle Bin retention rules</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    },
+    "DeleteRule":{
+      "name":"DeleteRule",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/rules/{identifier}",
+        "responseCode":204
+      },
+      "input":{"shape":"DeleteRuleRequest"},
+      "output":{"shape":"DeleteRuleResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes a Recycle Bin retention rule. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-rules.html#recycle-bin-delete-rule\"> Delete Recycle Bin retention rules</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    },
+    "GetRule":{
+      "name":"GetRule",
+      "http":{
+        "method":"GET",
+        "requestUri":"/rules/{identifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetRuleRequest"},
+      "output":{"shape":"GetRuleResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Gets information about a Recycle Bin retention rule.</p>"
+    },
+    "ListRules":{
+      "name":"ListRules",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-rules",
+        "responseCode":200
+      },
+      "input":{"shape":"ListRulesRequest"},
+      "output":{"shape":"ListRulesResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"}
+      ],
+      "documentation":"<p>Lists the Recycle Bin retention rules in the Region.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Lists the tags assigned to a retention rule.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":201
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"}
+      ],
+      "documentation":"<p>Assigns tags to the specified retention rule.</p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":204
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Unassigns a tag from a retention rule.</p>"
+    },
+    "UpdateRule":{
+      "name":"UpdateRule",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/rules/{identifier}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateRuleRequest"},
+      "output":{"shape":"UpdateRuleResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates an existing Recycle Bin retention rule. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recycle-bin-working-with-rules.html#recycle-bin-update-rule\"> Update Recycle Bin retention rules</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+    }
+  },
+  "shapes":{
+    "CreateRuleRequest":{
+      "type":"structure",
+      "required":[
+        "RetentionPeriod",
+        "ResourceType"
+      ],
+      "members":{
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>Information about the retention period for which the retention rule is to retain resources.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Information about the tags to assign to the retention rule.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type to be retained by the retention rule. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To retain snapshots, specify <code>EBS_SNAPSHOT</code>. To retain EBS-backed AMIs, specify <code>EC2_IMAGE</code>.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Specifies the resource tags to use to identify resources that are to be retained by a tag-level retention rule. For tag-level retention rules, only deleted resources, of the specified resource type, that have one or more of the specified tag key and value pairs are retained. If a resource is deleted, but it does not have any of the specified tag key and value pairs, it is immediately deleted without being retained by the retention rule.</p> <p>You can add the same tag key and value pair to a maximum or five retention rules.</p> <p>To create a Region-level retention rule, omit this parameter. A Region-level retention rule does not have any resource tags specified. It retains all deleted resources of the specified resource type in the Region in which the rule is created, even if the resources are not tagged.</p>"
+        }
+      }
+    },
+    "CreateRuleResponse":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>"
+        },
+        "RetentionPeriod":{"shape":"RetentionPeriod"},
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Information about the tags assigned to the retention rule.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type retained by the retention rule.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Information about the resource tags used to identify resources that are retained by the retention rule.</p>"
+        },
+        "Status":{
+          "shape":"RuleStatus",
+          "documentation":"<p>The state of the retention rule. Only retention rules that are in the <code>available</code> state retain resources.</p>"
+        }
+      }
+    },
+    "DeleteRuleRequest":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"identifier"
+        }
+      }
+    },
+    "DeleteRuleResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Description":{
+      "type":"string",
+      "pattern":"^[\\S ]{0,255}$"
+    },
+    "ErrorMessage":{"type":"string"},
+    "GetRuleRequest":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"identifier"
+        }
+      }
+    },
+    "GetRuleResponse":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type retained by the retention rule.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>Information about the retention period for which the retention rule is to retain resources.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Information about the resource tags used to identify resources that are retained by the retention rule.</p>"
+        },
+        "Status":{
+          "shape":"RuleStatus",
+          "documentation":"<p>The state of the retention rule. Only retention rules that are in the <code>available</code> state retain resources.</p>"
+        }
+      }
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The service could not respond to the request due to an internal problem.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "ListRulesRequest":{
+      "type":"structure",
+      "required":["ResourceType"],
+      "members":{
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned <code>NextToken</code> value.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next page of results.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type retained by the retention rule. Only retention rules that retain the specified resource type are listed. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To list retention rules that retain snapshots, specify <code>EBS_SNAPSHOT</code>. To list retention rules that retain EBS-backed AMIs, specify <code>EC2_IMAGE</code>.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Information about the resource tags used to identify resources that are retained by the retention rule.</p>"
+        }
+      }
+    },
+    "ListRulesResponse":{
+      "type":"structure",
+      "members":{
+        "Rules":{
+          "shape":"RuleSummaryList",
+          "documentation":"<p>Information about the retention rules.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is <code>null</code> when there are no more results to return.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"RuleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Information about the tags assigned to the retention rule.</p>"
+        }
+      }
+    },
+    "MaxResults":{
+      "type":"integer",
+      "max":1000,
+      "min":1
+    },
+    "NextToken":{
+      "type":"string",
+      "pattern":"^[A-Za-z0-9+/=]{1,2048}$"
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"},
+        "Reason":{
+          "shape":"ResourceNotFoundExceptionReason",
+          "documentation":"<p>The reason for the exception.</p>"
+        }
+      },
+      "documentation":"<p>The specified resource was not found.</p>",
+      "error":{"httpStatusCode":404},
+      "exception":true
+    },
+    "ResourceNotFoundExceptionReason":{
+      "type":"string",
+      "enum":["RULE_NOT_FOUND"]
+    },
+    "ResourceTag":{
+      "type":"structure",
+      "required":["ResourceTagKey"],
+      "members":{
+        "ResourceTagKey":{
+          "shape":"ResourceTagKey",
+          "documentation":"<p>The tag key.</p>"
+        },
+        "ResourceTagValue":{
+          "shape":"ResourceTagValue",
+          "documentation":"<p>The tag value.</p>"
+        }
+      },
+      "documentation":"<p>Information about the resource tags used to identify resources that are retained by the retention rule.</p>"
+    },
+    "ResourceTagKey":{
+      "type":"string",
+      "pattern":"^[\\S\\s]{1,128}$"
+    },
+    "ResourceTagValue":{
+      "type":"string",
+      "pattern":"^[\\S\\s]{0,256}$"
+    },
+    "ResourceTags":{
+      "type":"list",
+      "member":{"shape":"ResourceTag"},
+      "max":50,
+      "min":0
+    },
+    "ResourceType":{
+      "type":"string",
+      "enum":[
+        "EBS_SNAPSHOT",
+        "EC2_IMAGE"
+      ]
+    },
+    "RetentionPeriod":{
+      "type":"structure",
+      "required":[
+        "RetentionPeriodValue",
+        "RetentionPeriodUnit"
+      ],
+      "members":{
+        "RetentionPeriodValue":{
+          "shape":"RetentionPeriodValue",
+          "documentation":"<p>The period value for which the retention rule is to retain resources. The period is measured using the unit specified for <b>RetentionPeriodUnit</b>.</p>"
+        },
+        "RetentionPeriodUnit":{
+          "shape":"RetentionPeriodUnit",
+          "documentation":"<p>The unit of time in which the retention period is measured. Currently, only <code>DAYS</code> is supported.</p>"
+        }
+      },
+      "documentation":"<p>Information about the retention period for which the retention rule is to retain resources.</p>"
+    },
+    "RetentionPeriodUnit":{
+      "type":"string",
+      "enum":["DAYS"]
+    },
+    "RetentionPeriodValue":{
+      "type":"integer",
+      "max":3650,
+      "min":1
+    },
+    "RuleArn":{
+      "type":"string",
+      "max":1011,
+      "min":0,
+      "pattern":"^arn:aws(-[a-z]{1,3}){0,2}:rbin:[a-z\\-0-9]{0,63}:[0-9]{12}:rule/[0-9a-zA-Z]{11}{0,1011}$"
+    },
+    "RuleIdentifier":{
+      "type":"string",
+      "pattern":"[0-9a-zA-Z]{11}"
+    },
+    "RuleStatus":{
+      "type":"string",
+      "enum":[
+        "pending",
+        "available"
+      ]
+    },
+    "RuleSummary":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>Information about the retention period for which the retention rule is to retain resources.</p>"
+        }
+      },
+      "documentation":"<p>Information about a Recycle Bin retention rule.</p>"
+    },
+    "RuleSummaryList":{
+      "type":"list",
+      "member":{"shape":"RuleSummary"}
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"},
+        "Reason":{
+          "shape":"ServiceQuotaExceededExceptionReason",
+          "documentation":"<p>The reason for the exception.</p>"
+        }
+      },
+      "documentation":"<p>The request would cause a service quota for the number of tags per resource to be exceeded.</p>",
+      "error":{"httpStatusCode":402},
+      "exception":true
+    },
+    "ServiceQuotaExceededExceptionReason":{
+      "type":"string",
+      "enum":["SERVICE_QUOTA_EXCEEDED"]
+    },
+    "Tag":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"TagKey",
+          "documentation":"<p>The tag key.</p>"
+        },
+        "Value":{
+          "shape":"TagValue",
+          "documentation":"<p>The tag value.</p>"
+        }
+      },
+      "documentation":"<p>Information about the tags to assign to the retention rule.</p>"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":200,
+      "min":0
+    },
+    "TagList":{
+      "type":"list",
+      "member":{"shape":"Tag"},
+      "max":200,
+      "min":0
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Tags"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"RuleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Information about the tags to assign to the retention rule.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "TagKeys"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"RuleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "TagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The tag keys of the tags to unassign. All tags that have the specified tag key are unassigned.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateRuleRequest":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>",
+          "location":"uri",
+          "locationName":"identifier"
+        },
+        "RetentionPeriod":{
+          "shape":"RetentionPeriod",
+          "documentation":"<p>Information about the retention period for which the retention rule is to retain resources.</p>"
+        },
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type to be retained by the retention rule. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To retain snapshots, specify <code>EBS_SNAPSHOT</code>. To retain EBS-backed AMIs, specify <code>EC2_IMAGE</code>.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Specifies the resource tags to use to identify resources that are to be retained by a tag-level retention rule. For tag-level retention rules, only deleted resources, of the specified resource type, that have one or more of the specified tag key and value pairs are retained. If a resource is deleted, but it does not have any of the specified tag key and value pairs, it is immediately deleted without being retained by the retention rule.</p> <p>You can add the same tag key and value pair to a maximum or five retention rules.</p> <p>To create a Region-level retention rule, omit this parameter. A Region-level retention rule does not have any resource tags specified. It retains all deleted resources of the specified resource type in the Region in which the rule is created, even if the resources are not tagged.</p>"
+        }
+      }
+    },
+    "UpdateRuleResponse":{
+      "type":"structure",
+      "members":{
+        "Identifier":{
+          "shape":"RuleIdentifier",
+          "documentation":"<p>The unique ID of the retention rule.</p>"
+        },
+        "RetentionPeriod":{"shape":"RetentionPeriod"},
+        "Description":{
+          "shape":"Description",
+          "documentation":"<p>The retention rule description.</p>"
+        },
+        "ResourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The resource type retained by the retention rule.</p>"
+        },
+        "ResourceTags":{
+          "shape":"ResourceTags",
+          "documentation":"<p>Information about the resource tags used to identify resources that are retained by the retention rule.</p>"
+        },
+        "Status":{
+          "shape":"RuleStatus",
+          "documentation":"<p>The state of the retention rule. Only retention rules that are in the <code>available</code> state retain resources.</p>"
+        }
+      }
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"},
+        "Reason":{
+          "shape":"ValidationExceptionReason",
+          "documentation":"<p>The reason for the exception.</p>"
+        }
+      },
+      "documentation":"<p>One or more of the parameters in the request is not valid.</p>",
+      "error":{"httpStatusCode":400},
+      "exception":true
+    },
+    "ValidationExceptionReason":{
+      "type":"string",
+      "enum":[
+        "INVALID_PAGE_TOKEN",
+        "INVALID_PARAMETER_VALUE"
+      ]
+    }
+  },
+  "documentation":"<p>This is the <i>Recycle Bin API Reference</i>. This documentation provides descriptions and syntax for each of the actions and data types in Recycle Bin.</p> <p>Recycle Bin is a resource recovery feature that enables you to restore accidentally deleted snapshots and EBS-backed AMIs. When using Recycle Bin, if your resources are deleted, they are retained in the Recycle Bin for a time period that you specify.</p> <p>You can restore a resource from the Recycle Bin at any time before its retention period expires. After you restore a resource from the Recycle Bin, the resource is removed from the Recycle Bin, and you can then use it in the same way you use any other resource of that type in your account. If the retention period expires and the resource is not restored, the resource is permanently deleted from the Recycle Bin and is no longer available for recovery. For more information about Recycle Bin, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-recycle-bin.html\"> Recycle Bin</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/rds/2014-10-31/service-2.json b/contrib/python/botocore/py3/botocore/data/rds/2014-10-31/service-2.json
index 3392b948936..c45b0bbb602 100644
--- a/contrib/python/botocore/py3/botocore/data/rds/2014-10-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/rds/2014-10-31/service-2.json
@@ -25,7 +25,7 @@
         {"shape":"InvalidDBClusterStateFault"},
         {"shape":"DBClusterRoleQuotaExceededFault"}
       ],
-      "documentation":"<p>Associates an Identity and Access Management (IAM) role from an Amazon Aurora DB cluster. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.html\">Authorizing Amazon Aurora MySQL to Access Other Amazon Web Services Services on Your Behalf</a> in the <i>Amazon Aurora User Guide</i>.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Associates an Identity and Access Management (IAM) role with a DB cluster.</p>"
     },
     "AddRoleToDBInstance":{
       "name":"AddRoleToDBInstance",
@@ -110,7 +110,7 @@
         {"shape":"AuthorizationAlreadyExistsFault"},
         {"shape":"AuthorizationQuotaExceededFault"}
       ],
-      "documentation":"<p>Enables ingress to a DBSecurityGroup using one of two forms of authorization. First, EC2 or VPC security groups can be added to the DBSecurityGroup if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the Internet. Required parameters for this API are one of CIDR range, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId for non-VPC).</p> <note> <p>You can't authorize ingress from an EC2 security group in one Amazon Web Services Region to an Amazon RDS DB instance in another. You can't authorize ingress from a VPC security group in one VPC to an Amazon RDS DB instance in another.</p> </note> <p>For an overview of CIDR ranges, go to the <a href=\"http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing\">Wikipedia Tutorial</a>. </p>"
+      "documentation":"<p>Enables ingress to a DBSecurityGroup using one of two forms of authorization. First, EC2 or VPC security groups can be added to the DBSecurityGroup if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the internet. Required parameters for this API are one of CIDR range, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId for non-VPC).</p> <note> <p>You can't authorize ingress from an EC2 security group in one Amazon Web Services Region to an Amazon RDS DB instance in another. You can't authorize ingress from a VPC security group in one VPC to an Amazon RDS DB instance in another.</p> </note> <p>For an overview of CIDR ranges, go to the <a href=\"http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing\">Wikipedia Tutorial</a>. </p>"
     },
     "BacktrackDBCluster":{
       "name":"BacktrackDBCluster",
@@ -162,7 +162,7 @@
         {"shape":"DBParameterGroupQuotaExceededFault"},
         {"shape":"DBParameterGroupAlreadyExistsFault"}
       ],
-      "documentation":"<p>Copies the specified DB cluster parameter group.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Copies the specified DB cluster parameter group.</p>"
     },
     "CopyDBClusterSnapshot":{
       "name":"CopyDBClusterSnapshot",
@@ -183,7 +183,7 @@
         {"shape":"SnapshotQuotaExceededFault"},
         {"shape":"KMSKeyNotAccessibleFault"}
       ],
-      "documentation":"<p>Copies a snapshot of a DB cluster.</p> <p>To copy a DB cluster snapshot from a shared manual DB cluster snapshot, <code>SourceDBClusterSnapshotIdentifier</code> must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.</p> <p>You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the <code>CopyDBClusterSnapshot</code> action is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region.</p> </li> <li> <p> <code>PreSignedUrl</code> - A URL that contains a Signature Version 4 signed request for the <code>CopyDBClusterSnapshot</code> action to be called in the source Amazon Web Services Region where the DB cluster snapshot is copied from. The pre-signed URL must be a valid request for the <code>CopyDBClusterSnapshot</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied.</p> <p>The pre-signed URL request must contain the following parameter values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the <code>CopyDBClusterSnapshot</code> action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.</p> </li> <li> <p> <code>DestinationRegion</code> - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.</p> </li> <li> <p> <code>SourceDBClusterSnapshotIdentifier</code> - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your <code>SourceDBClusterSnapshotIdentifier</code> looks like the following example: <code>arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115</code>.</p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\"> Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\"> Signature Version 4 Signing Process</a>.</p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> </note> </li> <li> <p> <code>TargetDBClusterSnapshotIdentifier</code> - The identifier for the new copy of the DB cluster snapshot in the destination Amazon Web Services Region.</p> </li> <li> <p> <code>SourceDBClusterSnapshotIdentifier</code> - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the ARN format for the source Amazon Web Services Region and is the same value as the <code>SourceDBClusterSnapshotIdentifier</code> in the pre-signed URL. </p> </li> </ul> <p>To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by <code>TargetDBClusterSnapshotIdentifier</code> while that DB cluster snapshot is in \"copying\" status.</p> <p>For more information on copying encrypted DB cluster snapshots from one Amazon Web Services Region to another, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html\"> Copying a Snapshot</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Copies a snapshot of a DB cluster.</p> <p>To copy a DB cluster snapshot from a shared manual DB cluster snapshot, <code>SourceDBClusterSnapshotIdentifier</code> must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.</p> <p>You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the <code>CopyDBClusterSnapshot</code> action is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services Key Management System (Amazon Web Services KMS) key identifier for the key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region.</p> </li> <li> <p> <code>PreSignedUrl</code> - A URL that contains a Signature Version 4 signed request for the <code>CopyDBClusterSnapshot</code> action to be called in the source Amazon Web Services Region where the DB cluster snapshot is copied from. The pre-signed URL must be a valid request for the <code>CopyDBClusterSnapshot</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied.</p> <p>The pre-signed URL request must contain the following parameter values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. This is the same identifier for both the <code>CopyDBClusterSnapshot</code> action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.</p> </li> <li> <p> <code>DestinationRegion</code> - The name of the Amazon Web Services Region that the DB cluster snapshot is to be created in.</p> </li> <li> <p> <code>SourceDBClusterSnapshotIdentifier</code> - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster snapshot from the us-west-2 Amazon Web Services Region, then your <code>SourceDBClusterSnapshotIdentifier</code> looks like the following example: <code>arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115</code>.</p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\"> Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\"> Signature Version 4 Signing Process</a>.</p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> </note> </li> <li> <p> <code>TargetDBClusterSnapshotIdentifier</code> - The identifier for the new copy of the DB cluster snapshot in the destination Amazon Web Services Region.</p> </li> <li> <p> <code>SourceDBClusterSnapshotIdentifier</code> - The DB cluster snapshot identifier for the encrypted DB cluster snapshot to be copied. This identifier must be in the ARN format for the source Amazon Web Services Region and is the same value as the <code>SourceDBClusterSnapshotIdentifier</code> in the pre-signed URL. </p> </li> </ul> <p>To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by <code>TargetDBClusterSnapshotIdentifier</code> while that DB cluster snapshot is in \"copying\" status.</p> <p>For more information on copying encrypted Amazon Aurora DB cluster snapshots from one Amazon Web Services Region to another, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_CopySnapshot.html\"> Copying a Snapshot</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "CopyDBParameterGroup":{
       "name":"CopyDBParameterGroup",
@@ -276,7 +276,7 @@
         {"shape":"CustomDBEngineVersionQuotaExceededFault"},
         {"shape":"KMSKeyNotAccessibleFault"}
       ],
-      "documentation":"<p>Creates a custom DB engine version (CEV). A CEV is a binary volume snapshot of a database engine and specific AMI. The only supported engine is Oracle Database 19c Enterprise Edition with the January 2021 or later RU/RUR. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest\"> Amazon RDS Custom requirements and limitations</a> in the <i>Amazon RDS User Guide</i>.</p> <p>Amazon RDS, which is a fully managed service, supplies the Amazon Machine Image (AMI) and database software. The Amazon RDS database software is preinstalled, so you need only select a DB engine and version, and create your database. With Amazon RDS Custom, you upload your database installation files in Amazon S3. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.html#custom-cev.preparing\"> Preparing to create a CEV</a> in the <i>Amazon RDS User Guide</i>.</p> <p>When you create a custom engine version, you specify the files in a JSON document called a CEV manifest. This document describes installation .zip files stored in Amazon S3. RDS Custom creates your CEV from the installation files that you provided. This service model is called Bring Your Own Media (BYOM).</p> <p>Creation takes approximately two hours. If creation fails, RDS Custom issues <code>RDS-EVENT-0196</code> with the message <code>Creation failed for custom engine version</code>, and includes details about the failure. For example, the event prints missing files. </p> <p>After you create the CEV, it is available for use. You can create multiple CEVs, and create multiple RDS Custom instances from any CEV. You can also change the status of a CEV to make it available or inactive.</p> <note> <p>The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the <code>CreateCustomDbEngineVersion</code> event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the <code>CreateCustomDbEngineVersion</code> event.</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.create\"> Creating a CEV</a> in the <i>Amazon RDS User Guide</i>.</p>"
+      "documentation":"<p>Creates a custom DB engine version (CEV). A CEV is a binary volume snapshot of a database engine and specific AMI. The supported engines are the following:</p> <ul> <li> <p> Oracle Database 12.1 Enterprise Edition with the January 2021 or later RU/RUR</p> </li> <li> <p> Oracle Database 19c Enterprise Edition with the January 2021 or later RU/RUR</p> </li> </ul> <p>Amazon RDS, which is a fully managed service, supplies the Amazon Machine Image (AMI) and database software. The Amazon RDS database software is preinstalled, so you need only select a DB engine and version, and create your database. With Amazon RDS Custom for Oracle, you upload your database installation files in Amazon S3.</p> <p>When you create a custom engine version, you specify the files in a JSON document called a CEV manifest. This document describes installation .zip files stored in Amazon S3. RDS Custom creates your CEV from the installation files that you provided. This service model is called Bring Your Own Media (BYOM).</p> <p>Creation takes approximately two hours. If creation fails, RDS Custom issues <code>RDS-EVENT-0196</code> with the message <code>Creation failed for custom engine version</code>, and includes details about the failure. For example, the event prints missing files.</p> <p>After you create the CEV, it is available for use. You can create multiple CEVs, and create multiple RDS Custom instances from any CEV. You can also change the status of a CEV to make it available or inactive.</p> <note> <p>The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the <code>CreateCustomDbEngineVersion</code> event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the <code>CreateCustomDbEngineVersion</code> event.</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.create\"> Creating a CEV</a> in the <i>Amazon RDS User Guide</i>.</p>"
     },
     "CreateDBCluster":{
       "name":"CreateDBCluster",
@@ -309,7 +309,7 @@
         {"shape":"InvalidGlobalClusterStateFault"},
         {"shape":"DomainNotFoundFault"}
       ],
-      "documentation":"<p>Creates a new Amazon Aurora DB cluster.</p> <p>You can use the <code>ReplicationSourceIdentifier</code> parameter to create the DB cluster as a read replica of another DB cluster or Amazon RDS MySQL or PostgreSQL DB instance. For cross-region replication where the DB cluster identified by <code>ReplicationSourceIdentifier</code> is encrypted, you must also specify the <code>PreSignedUrl</code> parameter.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster.</p> <p>You can use the <code>ReplicationSourceIdentifier</code> parameter to create an Amazon Aurora DB cluster as a read replica of another DB cluster or Amazon RDS MySQL or PostgreSQL DB instance. For cross-Region replication where the DB cluster identified by <code>ReplicationSourceIdentifier</code> is encrypted, also specify the <code>PreSignedUrl</code> parameter.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "CreateDBClusterEndpoint":{
       "name":"CreateDBClusterEndpoint",
@@ -347,7 +347,7 @@
         {"shape":"DBParameterGroupQuotaExceededFault"},
         {"shape":"DBParameterGroupAlreadyExistsFault"}
       ],
-      "documentation":"<p>Creates a new DB cluster parameter group.</p> <p>Parameters in a DB cluster parameter group apply to all of the instances in a DB cluster.</p> <p> A DB cluster parameter group is initially created with the default parameters for the database engine used by instances in the DB cluster. To provide custom values for any of the parameters, you must modify the group after creating it using <code>ModifyDBClusterParameterGroup</code>. Once you've created a DB cluster parameter group, you need to associate it with your DB cluster using <code>ModifyDBCluster</code>. When you associate a new DB cluster parameter group with a running DB cluster, you need to reboot the DB instances in the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect. </p> <important> <p>After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the DB cluster parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the <code>character_set_database</code> parameter. You can use the <i>Parameter Groups</i> option of the <a href=\"https://console.aws.amazon.com/rds/\">Amazon RDS console</a> or the <code>DescribeDBClusterParameters</code> action to verify that your DB cluster parameter group has been created or modified.</p> </important> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Creates a new DB cluster parameter group.</p> <p>Parameters in a DB cluster parameter group apply to all of the instances in a DB cluster.</p> <p> A DB cluster parameter group is initially created with the default parameters for the database engine used by instances in the DB cluster. To provide custom values for any of the parameters, you must modify the group after creating it using <code>ModifyDBClusterParameterGroup</code>. Once you've created a DB cluster parameter group, you need to associate it with your DB cluster using <code>ModifyDBCluster</code>.</p> <p>When you associate a new DB cluster parameter group with a running Aurora DB cluster, reboot the DB instances in the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect. </p> <p>When you associate a new DB cluster parameter group with a running Multi-AZ DB cluster, reboot the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect. </p> <important> <p>After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the DB cluster parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the <code>character_set_database</code> parameter. You can use the <i>Parameter Groups</i> option of the <a href=\"https://console.aws.amazon.com/rds/\">Amazon RDS console</a> or the <code>DescribeDBClusterParameters</code> action to verify that your DB cluster parameter group has been created or modified.</p> </important> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "CreateDBClusterSnapshot":{
       "name":"CreateDBClusterSnapshot",
@@ -367,7 +367,7 @@
         {"shape":"SnapshotQuotaExceededFault"},
         {"shape":"InvalidDBClusterSnapshotStateFault"}
       ],
-      "documentation":"<p>Creates a snapshot of a DB cluster. For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Creates a snapshot of a DB cluster.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "CreateDBInstance":{
       "name":"CreateDBInstance",
@@ -569,7 +569,7 @@
         {"shape":"SubscriptionCategoryNotFoundFault"},
         {"shape":"SourceNotFoundFault"}
       ],
-      "documentation":"<p>Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.</p> <p>You can specify the type of source (<code>SourceType</code>) that you want to be notified of and provide a list of RDS sources (<code>SourceIds</code>) that triggers the events. You can also provide a list of event categories (<code>EventCategories</code>) for events that you want to be notified of. For example, you can specify <code>SourceType</code> = <code>db-instance</code>, <code>SourceIds</code> = <code>mydbinstance1</code>, <code>mydbinstance2</code> and <code>EventCategories</code> = <code>Availability</code>, <code>Backup</code>.</p> <p>If you specify both the <code>SourceType</code> and <code>SourceIds</code>, such as <code>SourceType</code> = <code>db-instance</code> and <code>SourceIdentifier</code> = <code>myDBInstance1</code>, you are notified of all the <code>db-instance</code> events for the specified source. If you specify a <code>SourceType</code> but do not specify a <code>SourceIdentifier</code>, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the <code>SourceIdentifier</code>, you are notified of events generated from all RDS sources belonging to your customer account.</p> <note> <p>RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.</p> </note>"
+      "documentation":"<p>Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.</p> <p>You can specify the type of source (<code>SourceType</code>) that you want to be notified of and provide a list of RDS sources (<code>SourceIds</code>) that triggers the events. You can also provide a list of event categories (<code>EventCategories</code>) for events that you want to be notified of. For example, you can specify <code>SourceType</code> = <code>db-instance</code>, <code>SourceIds</code> = <code>mydbinstance1</code>, <code>mydbinstance2</code> and <code>EventCategories</code> = <code>Availability</code>, <code>Backup</code>.</p> <p>If you specify both the <code>SourceType</code> and <code>SourceIds</code>, such as <code>SourceType</code> = <code>db-instance</code> and <code>SourceIds</code> = <code>myDBInstance1</code>, you are notified of all the <code>db-instance</code> events for the specified source. If you specify a <code>SourceType</code> but do not specify <code>SourceIds</code>, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the <code>SourceIds</code>, you are notified of events generated from all RDS sources belonging to your customer account.</p> <note> <p>RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.</p> </note>"
     },
     "CreateGlobalCluster":{
       "name":"CreateGlobalCluster",
@@ -659,7 +659,7 @@
         {"shape":"SnapshotQuotaExceededFault"},
         {"shape":"InvalidDBClusterSnapshotStateFault"}
       ],
-      "documentation":"<p>The DeleteDBCluster action deletes a previously provisioned DB cluster. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the specified DB cluster are not deleted.</p> <p/> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>The DeleteDBCluster action deletes a previously provisioned DB cluster. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the specified DB cluster are not deleted.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DeleteDBClusterEndpoint":{
       "name":"DeleteDBClusterEndpoint",
@@ -690,7 +690,7 @@
         {"shape":"InvalidDBParameterGroupStateFault"},
         {"shape":"DBParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p>Deletes a specified DB cluster parameter group. The DB cluster parameter group to be deleted can't be associated with any DB clusters.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Deletes a specified DB cluster parameter group. The DB cluster parameter group to be deleted can't be associated with any DB clusters.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DeleteDBClusterSnapshot":{
       "name":"DeleteDBClusterSnapshot",
@@ -707,7 +707,7 @@
         {"shape":"InvalidDBClusterSnapshotStateFault"},
         {"shape":"DBClusterSnapshotNotFoundFault"}
       ],
-      "documentation":"<p>Deletes a DB cluster snapshot. If the snapshot is being copied, the copy operation is terminated.</p> <note> <p>The DB cluster snapshot must be in the <code>available</code> state to be deleted.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Deletes a DB cluster snapshot. If the snapshot is being copied, the copy operation is terminated.</p> <note> <p>The DB cluster snapshot must be in the <code>available</code> state to be deleted.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DeleteDBInstance":{
       "name":"DeleteDBInstance",
@@ -980,7 +980,7 @@
         {"shape":"DBClusterNotFoundFault"},
         {"shape":"DBClusterBacktrackNotFoundFault"}
       ],
-      "documentation":"<p>Returns information about backtracks for a DB cluster.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora MySQL DB clusters.</p> </note>"
+      "documentation":"<p>Returns information about backtracks for a DB cluster.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora MySQL DB clusters.</p> </note>"
     },
     "DescribeDBClusterEndpoints":{
       "name":"DescribeDBClusterEndpoints",
@@ -1012,7 +1012,7 @@
       "errors":[
         {"shape":"DBParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p> Returns a list of <code>DBClusterParameterGroup</code> descriptions. If a <code>DBClusterParameterGroupName</code> parameter is specified, the list will contain only the description of the specified DB cluster parameter group. </p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Returns a list of <code>DBClusterParameterGroup</code> descriptions. If a <code>DBClusterParameterGroupName</code> parameter is specified, the list will contain only the description of the specified DB cluster parameter group. </p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DescribeDBClusterParameters":{
       "name":"DescribeDBClusterParameters",
@@ -1028,7 +1028,7 @@
       "errors":[
         {"shape":"DBParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p>Returns the detailed parameter list for a particular DB cluster parameter group.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Returns the detailed parameter list for a particular DB cluster parameter group.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DescribeDBClusterSnapshotAttributes":{
       "name":"DescribeDBClusterSnapshotAttributes",
@@ -1044,7 +1044,7 @@
       "errors":[
         {"shape":"DBClusterSnapshotNotFoundFault"}
       ],
-      "documentation":"<p>Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.</p> <p>When sharing snapshots with other Amazon Web Services accounts, <code>DescribeDBClusterSnapshotAttributes</code> returns the <code>restore</code> attribute and a list of IDs for the Amazon Web Services accounts that are authorized to copy or restore the manual DB cluster snapshot. If <code>all</code> is included in the list of values for the <code>restore</code> attribute, then the manual DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.</p> <p>To add or remove access for an Amazon Web Services account to copy or restore a manual DB cluster snapshot, or to make the manual DB cluster snapshot public or private, use the <code>ModifyDBClusterSnapshotAttribute</code> API action.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Returns a list of DB cluster snapshot attribute names and values for a manual DB cluster snapshot.</p> <p>When sharing snapshots with other Amazon Web Services accounts, <code>DescribeDBClusterSnapshotAttributes</code> returns the <code>restore</code> attribute and a list of IDs for the Amazon Web Services accounts that are authorized to copy or restore the manual DB cluster snapshot. If <code>all</code> is included in the list of values for the <code>restore</code> attribute, then the manual DB cluster snapshot is public and can be copied or restored by all Amazon Web Services accounts.</p> <p>To add or remove access for an Amazon Web Services account to copy or restore a manual DB cluster snapshot, or to make the manual DB cluster snapshot public or private, use the <code>ModifyDBClusterSnapshotAttribute</code> API action.</p>"
     },
     "DescribeDBClusterSnapshots":{
       "name":"DescribeDBClusterSnapshots",
@@ -1060,7 +1060,7 @@
       "errors":[
         {"shape":"DBClusterSnapshotNotFoundFault"}
       ],
-      "documentation":"<p>Returns information about DB cluster snapshots. This API action supports pagination.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Returns information about DB cluster snapshots. This API action supports pagination.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "DescribeDBClusters":{
       "name":"DescribeDBClusters",
@@ -1076,7 +1076,7 @@
       "errors":[
         {"shape":"DBClusterNotFoundFault"}
       ],
-      "documentation":"<p>Returns information about provisioned Aurora DB clusters. This API supports pagination.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This operation can also return information for Amazon Neptune DB instances and Amazon DocumentDB instances.</p> </note>"
+      "documentation":"<p>Returns information about Amazon Aurora DB clusters and Multi-AZ DB clusters. This API supports pagination.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note> <p>This operation can also return information for Amazon Neptune DB instances and Amazon DocumentDB instances.</p>"
     },
     "DescribeDBEngineVersions":{
       "name":"DescribeDBEngineVersions",
@@ -1316,7 +1316,7 @@
         "shape":"DescribeEngineDefaultClusterParametersResult",
         "resultWrapper":"DescribeEngineDefaultClusterParametersResult"
       },
-      "documentation":"<p>Returns the default engine and system parameter information for the cluster database engine.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+      "documentation":"<p>Returns the default engine and system parameter information for the cluster database engine.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p>"
     },
     "DescribeEngineDefaultParameters":{
       "name":"DescribeEngineDefaultParameters",
@@ -1342,7 +1342,7 @@
         "shape":"EventCategoriesMessage",
         "resultWrapper":"DescribeEventCategoriesResult"
       },
-      "documentation":"<p>Displays a list of categories for all event source types, or, if specified, for a specified source type. You can see a list of the event categories and source types in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html\"> Events</a> in the <i>Amazon RDS User Guide.</i> </p>"
+      "documentation":"<p>Displays a list of categories for all event source types, or, if specified, for a specified source type. You can also see this list in the \"Amazon RDS event categories and event messages\" section of the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html\"> <i>Amazon RDS User Guide</i> </a> or the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html\"> <i>Amazon Aurora User Guide</i> </a>. </p>"
     },
     "DescribeEventSubscriptions":{
       "name":"DescribeEventSubscriptions",
@@ -1371,7 +1371,7 @@
         "shape":"EventsMessage",
         "resultWrapper":"DescribeEventsResult"
       },
-      "documentation":"<p>Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots for the past 14 days. Events specific to a particular DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots group can be obtained by providing the name as a parameter.</p> <note> <p>By default, the past hour of events are returned.</p> </note>"
+      "documentation":"<p>Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days. Events specific to a particular DB instance, DB cluster, DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, or RDS Proxy can be obtained by providing the name as a parameter.</p> <note> <p>By default, RDS returns events that were generated in the past hour.</p> </note>"
     },
     "DescribeExportTasks":{
       "name":"DescribeExportTasks",
@@ -1403,7 +1403,7 @@
       "errors":[
         {"shape":"GlobalClusterNotFoundFault"}
       ],
-      "documentation":"<p> Returns information about Aurora global database clusters. This API supports pagination. </p> <p> For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Returns information about Aurora global database clusters. This API supports pagination. </p> <p> For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
     },
     "DescribeInstallationMedia":{
       "name":"DescribeInstallationMedia",
@@ -1461,7 +1461,7 @@
         "shape":"OrderableDBInstanceOptionsMessage",
         "resultWrapper":"DescribeOrderableDBInstanceOptionsResult"
       },
-      "documentation":"<p>Returns a list of orderable DB instance options for the specified engine.</p>"
+      "documentation":"<p>Returns a list of orderable DB instance options for the specified DB engine, DB engine version, and DB instance class.</p>"
     },
     "DescribePendingMaintenanceActions":{
       "name":"DescribePendingMaintenanceActions",
@@ -1574,7 +1574,7 @@
         {"shape":"InvalidDBClusterStateFault"},
         {"shape":"InvalidDBInstanceStateFault"}
       ],
-      "documentation":"<p>Forces a failover for a DB cluster.</p> <p>A failover for a DB cluster promotes one of the Aurora Replicas (read-only instances) in the DB cluster to be the primary instance (the cluster writer).</p> <p>Amazon Aurora will automatically fail over to an Aurora Replica, if one exists, when the primary instance fails. You can force a failover when you want to simulate a failure of a primary instance for testing. Because each instance in a DB cluster has its own endpoint address, you will need to clean up and re-establish any existing connections that use those endpoint addresses when the failover is complete.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Forces a failover for a DB cluster.</p> <p>For an Aurora DB cluster, failover for a DB cluster promotes one of the Aurora Replicas (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).</p> <p>For a Multi-AZ DB cluster, failover for a DB cluster promotes one of the readable standby DB instances (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).</p> <p>An Amazon Aurora DB cluster automatically fails over to an Aurora Replica, if one exists, when the primary DB instance fails. A Multi-AZ DB cluster automatically fails over to a readbable standby DB instance when the primary DB instance fails.</p> <p>To simulate a failure of a primary instance for testing, you can force a failover. Because each instance in a DB cluster has its own endpoint address, make sure to clean up and re-establish any existing connections that use those endpoint addresses when the failover is complete.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "FailoverGlobalCluster":{
       "name":"FailoverGlobalCluster",
@@ -1681,7 +1681,7 @@
         {"shape":"CustomDBEngineVersionNotFoundFault"},
         {"shape":"InvalidCustomDBEngineVersionStateFault"}
       ],
-      "documentation":"<p>Modifies the status of a custom engine version (CEV). You can find CEVs to modify by calling <code>DescribeDBEngineVersions</code>.</p> <note> <p>The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the <code>ModifyCustomDbEngineVersion</code> event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the <code>ModifyCustomDbEngineVersion</code> event.</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.preparing.manifest\">Modifying CEV status</a> in the <i>Amazon RDS User Guide</i>.</p>"
+      "documentation":"<p>Modifies the status of a custom engine version (CEV). You can find CEVs to modify by calling <code>DescribeDBEngineVersions</code>.</p> <note> <p>The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the <code>ModifyCustomDbEngineVersion</code> event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the <code>ModifyCustomDbEngineVersion</code> event.</p> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html#custom-cev.modify\">Modifying CEV status</a> in the <i>Amazon RDS User Guide</i>.</p>"
     },
     "ModifyDBCluster":{
       "name":"ModifyDBCluster",
@@ -1708,7 +1708,7 @@
         {"shape":"DBClusterAlreadyExistsFault"},
         {"shape":"DomainNotFoundFault"}
       ],
-      "documentation":"<p>Modify a setting for an Amazon Aurora DB cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Modify the settings for an Amazon Aurora DB cluster or a Multi-AZ DB cluster. You can change one or more settings by specifying these parameters and the new values in the request.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "ModifyDBClusterEndpoint":{
       "name":"ModifyDBClusterEndpoint",
@@ -1745,7 +1745,7 @@
         {"shape":"DBParameterGroupNotFoundFault"},
         {"shape":"InvalidDBParameterGroupStateFault"}
       ],
-      "documentation":"<p> Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: <code>ParameterName</code>, <code>ParameterValue</code>, and <code>ApplyMethod</code>. A maximum of 20 parameters can be modified in a single request. </p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <important> <p>After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the <code>character_set_database</code> parameter. You can use the <i>Parameter Groups</i> option of the <a href=\"https://console.aws.amazon.com/rds/\">Amazon RDS console</a> or the <code>DescribeDBClusterParameters</code> action to verify that your DB cluster parameter group has been created or modified.</p> <p>If the modified DB cluster parameter group is used by an Aurora Serverless cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.</p> </important> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: <code>ParameterName</code>, <code>ParameterValue</code>, and <code>ApplyMethod</code>. A maximum of 20 parameters can be modified in a single request. </p> <important> <p>After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the <code>character_set_database</code> parameter. You can use the <i>Parameter Groups</i> option of the <a href=\"https://console.aws.amazon.com/rds/\">Amazon RDS console</a> or the <code>DescribeDBClusterParameters</code> action to verify that your DB cluster parameter group has been created or modified.</p> <p>If the modified DB cluster parameter group is used by an Aurora Serverless cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.</p> </important> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "ModifyDBClusterSnapshotAttribute":{
       "name":"ModifyDBClusterSnapshotAttribute",
@@ -1763,7 +1763,7 @@
         {"shape":"InvalidDBClusterSnapshotStateFault"},
         {"shape":"SharedSnapshotQuotaExceededFault"}
       ],
-      "documentation":"<p>Adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.</p> <p>To share a manual DB cluster snapshot with other Amazon Web Services accounts, specify <code>restore</code> as the <code>AttributeName</code> and use the <code>ValuesToAdd</code> parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB cluster snapshot. Use the value <code>all</code> to make the manual DB cluster snapshot public, which means that it can be copied or restored by all Amazon Web Services accounts.</p> <note> <p>Don't add the <code>all</code> value for any manual DB cluster snapshots that contain private information that you don't want available to all Amazon Web Services accounts.</p> </note> <p>If a manual DB cluster snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the <code>ValuesToAdd</code> parameter. You can't use <code>all</code> as a value for that parameter in this case.</p> <p>To view which Amazon Web Services accounts have access to copy or restore a manual DB cluster snapshot, or whether a manual DB cluster snapshot is public or private, use the <a>DescribeDBClusterSnapshotAttributes</a> API action. The accounts are returned as values for the <code>restore</code> attribute.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.</p> <p>To share a manual DB cluster snapshot with other Amazon Web Services accounts, specify <code>restore</code> as the <code>AttributeName</code> and use the <code>ValuesToAdd</code> parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB cluster snapshot. Use the value <code>all</code> to make the manual DB cluster snapshot public, which means that it can be copied or restored by all Amazon Web Services accounts.</p> <note> <p>Don't add the <code>all</code> value for any manual DB cluster snapshots that contain private information that you don't want available to all Amazon Web Services accounts.</p> </note> <p>If a manual DB cluster snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the <code>ValuesToAdd</code> parameter. You can't use <code>all</code> as a value for that parameter in this case.</p> <p>To view which Amazon Web Services accounts have access to copy or restore a manual DB cluster snapshot, or whether a manual DB cluster snapshot is public or private, use the <a>DescribeDBClusterSnapshotAttributes</a> API action. The accounts are returned as values for the <code>restore</code> attribute.</p>"
     },
     "ModifyDBInstance":{
       "name":"ModifyDBInstance",
@@ -1963,7 +1963,7 @@
         {"shape":"InvalidDBClusterStateFault"},
         {"shape":"InvalidDBInstanceStateFault"}
       ],
-      "documentation":"<p> Modify a setting for an Amazon Aurora global cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Modify a setting for an Amazon Aurora global cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
     },
     "ModifyOptionGroup":{
       "name":"ModifyOptionGroup",
@@ -2014,7 +2014,7 @@
         {"shape":"DBClusterNotFoundFault"},
         {"shape":"InvalidDBClusterStateFault"}
       ],
-      "documentation":"<p>Promotes a read replica DB cluster to a standalone DB cluster.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Promotes a read replica DB cluster to a standalone DB cluster.</p>"
     },
     "PurchaseReservedDBInstancesOffering":{
       "name":"PurchaseReservedDBInstancesOffering",
@@ -2034,6 +2034,24 @@
       ],
       "documentation":"<p>Purchases a reserved DB instance offering.</p>"
     },
+    "RebootDBCluster":{
+      "name":"RebootDBCluster",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"RebootDBClusterMessage"},
+      "output":{
+        "shape":"RebootDBClusterResult",
+        "resultWrapper":"RebootDBClusterResult"
+      },
+      "errors":[
+        {"shape":"DBClusterNotFoundFault"},
+        {"shape":"InvalidDBClusterStateFault"},
+        {"shape":"InvalidDBInstanceStateFault"}
+      ],
+      "documentation":"<p>You might need to reboot your DB cluster, usually for maintenance reasons. For example, if you make certain modifications, or if you change the DB cluster parameter group associated with the DB cluster, reboot the DB cluster for the changes to take effect. </p> <p>Rebooting a DB cluster restarts the database engine service. Rebooting a DB cluster results in a momentary outage, during which the DB cluster status is set to rebooting. </p> <p>Use this operation only for a non-Aurora Multi-AZ DB cluster. The Multi-AZ DB clusters feature is in preview and is subject to change.</p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p>"
+    },
     "RebootDBInstance":{
       "name":"RebootDBInstance",
       "http":{
@@ -2091,7 +2109,7 @@
         {"shape":"InvalidGlobalClusterStateFault"},
         {"shape":"DBClusterNotFoundFault"}
       ],
-      "documentation":"<p> Detaches an Aurora secondary cluster from an Aurora global database cluster. The cluster becomes a standalone cluster with read-write capability instead of being read-only and receiving data from a primary cluster in a different region. </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Detaches an Aurora secondary cluster from an Aurora global database cluster. The cluster becomes a standalone cluster with read-write capability instead of being read-only and receiving data from a primary cluster in a different Region. </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
     },
     "RemoveRoleFromDBCluster":{
       "name":"RemoveRoleFromDBCluster",
@@ -2105,7 +2123,7 @@
         {"shape":"DBClusterRoleNotFoundFault"},
         {"shape":"InvalidDBClusterStateFault"}
       ],
-      "documentation":"<p>Disassociates an Amazon Web Services Identity and Access Management (IAM) role from an Amazon Aurora DB cluster. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.html\">Authorizing Amazon Aurora MySQL to Access Other Amazon Web Services Services on Your Behalf </a> in the <i>Amazon Aurora User Guide</i>.</p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Removes the asssociation of an Amazon Web Services Identity and Access Management (IAM) role from a DB cluster.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "RemoveRoleFromDBInstance":{
       "name":"RemoveRoleFromDBInstance",
@@ -2169,7 +2187,7 @@
         {"shape":"InvalidDBParameterGroupStateFault"},
         {"shape":"DBParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p> Modifies the parameters of a DB cluster parameter group to the default value. To reset specific parameters submit a list of the following: <code>ParameterName</code> and <code>ApplyMethod</code>. To reset the entire DB cluster parameter group, specify the <code>DBClusterParameterGroupName</code> and <code>ResetAllParameters</code> parameters. </p> <p> When resetting the entire group, dynamic parameters are updated immediately and static parameters are set to <code>pending-reboot</code> to take effect on the next DB instance restart or <code>RebootDBInstance</code> request. You must call <code>RebootDBInstance</code> for every DB instance in your DB cluster that you want the updated static parameter to apply to.</p> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p> Modifies the parameters of a DB cluster parameter group to the default value. To reset specific parameters submit a list of the following: <code>ParameterName</code> and <code>ApplyMethod</code>. To reset the entire DB cluster parameter group, specify the <code>DBClusterParameterGroupName</code> and <code>ResetAllParameters</code> parameters. </p> <p> When resetting the entire group, dynamic parameters are updated immediately and static parameters are set to <code>pending-reboot</code> to take effect on the next DB instance restart or <code>RebootDBInstance</code> request. You must call <code>RebootDBInstance</code> for every DB instance in your DB cluster that you want the updated static parameter to apply to.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "ResetDBParameterGroup":{
       "name":"ResetDBParameterGroup",
@@ -2215,7 +2233,7 @@
         {"shape":"DomainNotFoundFault"},
         {"shape":"InsufficientStorageClusterCapacityFault"}
       ],
-      "documentation":"<p>Creates an Amazon Aurora DB cluster from MySQL data stored in an Amazon S3 bucket. Amazon RDS must be authorized to access the Amazon S3 bucket and the data must be created using the Percona XtraBackup utility as described in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.ExtMySQL.html#AuroraMySQL.Migrating.ExtMySQL.S3\"> Migrating Data from MySQL by Using an Amazon S3 Bucket</a> in the <i>Amazon Aurora User Guide</i>.</p> <note> <p>This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterFromS3</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters. The source DB engine must be MySQL.</p> </note>"
+      "documentation":"<p>Creates an Amazon Aurora DB cluster from MySQL data stored in an Amazon S3 bucket. Amazon RDS must be authorized to access the Amazon S3 bucket and the data must be created using the Percona XtraBackup utility as described in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Migrating.ExtMySQL.html#AuroraMySQL.Migrating.ExtMySQL.S3\"> Migrating Data from MySQL by Using an Amazon S3 Bucket</a> in the <i>Amazon Aurora User Guide</i>.</p> <note> <p>This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterFromS3</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters. The source DB engine must be MySQL.</p> </note>"
     },
     "RestoreDBClusterFromSnapshot":{
       "name":"RestoreDBClusterFromSnapshot",
@@ -2249,7 +2267,7 @@
         {"shape":"DomainNotFoundFault"},
         {"shape":"DBClusterParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p>Creates a new DB cluster from a DB snapshot or DB cluster snapshot. This action only applies to Aurora DB clusters.</p> <p>The target DB cluster is created from the source snapshot with a default configuration. If you don't specify a security group, the new DB cluster is associated with the default security group.</p> <note> <p>This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterFromSnapshot</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Creates a new DB cluster from a DB snapshot or DB cluster snapshot.</p> <p>The target DB cluster is created from the source snapshot with a default configuration. If you don't specify a security group, the new DB cluster is associated with the default security group.</p> <note> <p>This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterFromSnapshot</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "RestoreDBClusterToPointInTime":{
       "name":"RestoreDBClusterToPointInTime",
@@ -2282,7 +2300,7 @@
         {"shape":"DomainNotFoundFault"},
         {"shape":"DBClusterParameterGroupNotFoundFault"}
       ],
-      "documentation":"<p>Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before <code>LatestRestorableTime</code> for up to <code>BackupRetentionPeriod</code> days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group. </p> <note> <p>This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterToPointInTime</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What Is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <note> <p>This action only applies to Aurora DB clusters.</p> </note>"
+      "documentation":"<p>Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before <code>LatestRestorableTime</code> for up to <code>BackupRetentionPeriod</code> days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group. </p> <note> <p>For Aurora, this action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the <code>CreateDBInstance</code> action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in <code>DBClusterIdentifier</code>. You can create DB instances only after the <code>RestoreDBClusterToPointInTime</code> action has completed and the DB cluster is available.</p> </note> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>"
     },
     "RestoreDBInstanceFromDBSnapshot":{
       "name":"RestoreDBInstanceFromDBSnapshot",
@@ -2661,7 +2679,7 @@
         },
         "RoleArn":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role to associate with the Aurora DB cluster, for example, <code>arn:aws:iam::123456789012:role/AuroraAccessRole</code>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM role to associate with the Aurora DB cluster, for example <code>arn:aws:iam::123456789012:role/AuroraAccessRole</code>.</p>"
         },
         "FeatureName":{
           "shape":"String",
@@ -2704,7 +2722,7 @@
         },
         "SourceIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the event source to be added.</p> <p>Constraints:</p> <ul> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> </ul>"
+          "documentation":"<p>The identifier of the event source to be added.</p> <p>Constraints:</p> <ul> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is an RDS Proxy, a <code>DBProxyName</code> value must be supplied.</p> </li> </ul>"
         }
       },
       "documentation":"<p/>"
@@ -3097,11 +3115,11 @@
       "members":{
         "MaxConnectionsPercent":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group.</p> <p>Default: 100</p> <p>Constraints: between 1 and 100</p>"
+          "documentation":"<p>The maximum size of the connection pool for each target in a target group. The value is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group.</p> <p>Default: 100</p> <p>Constraints: between 1 and 100</p>"
         },
         "MaxIdleConnectionsPercent":{
           "shape":"IntegerOptional",
-          "documentation":"<p> Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group. </p> <p>Default: 50</p> <p>Constraints: between 0 and <code>MaxConnectionsPercent</code> </p>"
+          "documentation":"<p> Controls how actively the proxy closes idle database connections in the connection pool. The value is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group. With a high value, the proxy leaves a high percentage of idle database connections open. A low value causes the proxy to close more idle connections and return them to the database. </p> <p>Default: 50</p> <p>Constraints: between 0 and <code>MaxConnectionsPercent</code> </p>"
         },
         "ConnectionBorrowTimeout":{
           "shape":"IntegerOptional",
@@ -3123,11 +3141,11 @@
       "members":{
         "MaxConnectionsPercent":{
           "shape":"Integer",
-          "documentation":"<p>The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group.</p>"
+          "documentation":"<p>The maximum size of the connection pool for each target in a target group. The value is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group.</p>"
         },
         "MaxIdleConnectionsPercent":{
           "shape":"Integer",
-          "documentation":"<p> Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group. </p>"
+          "documentation":"<p> Controls how actively the proxy closes idle database connections in the connection pool. The value is expressed as a percentage of the <code>max_connections</code> setting for the RDS DB instance or Aurora DB cluster used by the target group. With a high value, the proxy leaves a high percentage of idle database connections open. A low value causes the proxy to close more idle connections and return them to the database. </p>"
         },
         "ConnectionBorrowTimeout":{
           "shape":"Integer",
@@ -3360,7 +3378,7 @@
         },
         "EngineVersion":{
           "shape":"CustomEngineVersion",
-          "documentation":"<p>The name of your CEV. The name format is <code>19.<i>customized_string</i> </code>. For example, a valid name is <code>19.my_cev1</code>. This setting is required for RDS Custom, but optional for Amazon RDS. The combination of <code>Engine</code> and <code>EngineVersion</code> is unique per customer per Region.</p>"
+          "documentation":"<p>The name of your CEV. The name format is <code>19.<i>customized_string</i> </code>. For example, a valid name is <code>19.my_cev1</code>. This setting is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of <code>Engine</code> and <code>EngineVersion</code> is unique per customer per Region.</p>"
         },
         "DatabaseInstallationFilesS3BucketName":{
           "shape":"BucketName",
@@ -3403,7 +3421,7 @@
         },
         "EndpointType":{
           "shape":"String",
-          "documentation":"<p>The type of the endpoint. One of: <code>READER</code>, <code>WRITER</code>, <code>ANY</code>.</p>"
+          "documentation":"<p>The type of the endpoint, one of: <code>READER</code>, <code>WRITER</code>, <code>ANY</code>.</p>"
         },
         "StaticMembers":{
           "shape":"StringList",
@@ -3411,7 +3429,7 @@
         },
         "ExcludedMembers":{
           "shape":"StringList",
-          "documentation":"<p>List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.</p>"
+          "documentation":"<p>List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. This parameter is relevant only if the list of static members is empty.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -3428,135 +3446,179 @@
       "members":{
         "AvailabilityZones":{
           "shape":"AvailabilityZones",
-          "documentation":"<p>A list of Availability Zones (AZs) where instances in the DB cluster can be created. For information on Amazon Web Services Regions and Availability Zones, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html\">Choosing the Regions and Availability Zones</a> in the <i>Amazon Aurora User Guide</i>. </p>"
+          "documentation":"<p>A list of Availability Zones (AZs) where DB instances in the DB cluster can be created. </p> <p>For information on Amazon Web Services Regions and Availability Zones, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html\">Choosing the Regions and Availability Zones</a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "BackupRetentionPeriod":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The number of days for which automated backups are retained.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 1 to 35</p> </li> </ul>"
+          "documentation":"<p>The number of days for which automated backups are retained.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 1 to 35</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "CharacterSetName":{
           "shape":"String",
-          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified CharacterSet.</p>"
+          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified CharacterSet.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DatabaseName":{
           "shape":"String",
-          "documentation":"<p>The name for your database of up to 64 alphanumeric characters. If you do not provide a name, Amazon RDS doesn't create a database in the DB cluster you are creating.</p>"
+          "documentation":"<p>The name for your database of up to 64 alphanumeric characters. If you do not provide a name, Amazon RDS doesn't create a database in the DB cluster you are creating.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The DB cluster identifier. This parameter is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul> <p>Example: <code>my-cluster1</code> </p>"
+          "documentation":"<p>The DB cluster identifier. This parameter is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul> <p>Example: <code>my-cluster1</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBClusterParameterGroupName":{
           "shape":"String",
-          "documentation":"<p> The name of the DB cluster parameter group to associate with this DB cluster. If you do not specify a value, then the default DB cluster parameter group for the specified DB engine and version is used. </p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing DB cluster parameter group.</p> </li> </ul>"
+          "documentation":"<p> The name of the DB cluster parameter group to associate with this DB cluster. If you do not specify a value, then the default DB cluster parameter group for the specified DB engine and version is used. </p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing DB cluster parameter group.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "VpcSecurityGroupIds":{
           "shape":"VpcSecurityGroupIdList",
-          "documentation":"<p>A list of EC2 VPC security groups to associate with this DB cluster.</p>"
+          "documentation":"<p>A list of EC2 VPC security groups to associate with this DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>A DB subnet group to associate with this DB cluster.</p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>A DB subnet group to associate with this DB cluster.</p> <p>This setting is required to create a Multi-AZ DB cluster.</p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mydbsubnetgroup</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The name of the database engine to be used for this DB cluster.</p> <p>Valid Values: <code>aurora</code> (for MySQL 5.6-compatible Aurora), <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), and <code>aurora-postgresql</code> </p>"
+          "documentation":"<p>The name of the database engine to be used for this DB cluster.</p> <p>Valid Values:</p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the database engine to use.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>5.6.10a</code>, <code>5.6.mysql_aurora.1.19.2</code>, <code>5.7.12</code>, <code>5.7.mysql_aurora.2.04.5</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>9.6.3</code>, <code>10.7</code> </p>"
+          "documentation":"<p>The version number of the database engine to use.</p> <p>To list all of the available engine versions for MySQL 5.6-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for Aurora PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for MySQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p> <b>Aurora MySQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html\">MySQL on Amazon RDS Versions</a> in the <i>Amazon Aurora User Guide.</i> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html\">Amazon Aurora PostgreSQL releases and engine versions</a> in the <i>Amazon Aurora User Guide.</i> </p> <p> <b>MySQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt\">MySQL on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>PostgreSQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts\">Amazon RDS for PostgreSQL versions and extensions</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The port number on which the instances in the DB cluster accept connections.</p> <p> Default: <code>3306</code> if engine is set as aurora or <code>5432</code> if set to aurora-postgresql. </p>"
+          "documentation":"<p>The port number on which the instances in the DB cluster accept connections.</p> <p> <b>RDS for MySQL and Aurora MySQL</b> </p> <p> Default: <code>3306</code> </p> <p> Valid values: <code>1150-65535</code> </p> <p> <b>RDS for PostgreSQL and Aurora PostgreSQL</b> </p> <p> Default: <code>5432</code> </p> <p> Valid values: <code>1150-65535</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "MasterUsername":{
           "shape":"String",
-          "documentation":"<p>The name of the master user for the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 16 letters or numbers.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul>"
+          "documentation":"<p>The name of the master user for the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 16 letters or numbers.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "MasterUserPassword":{
           "shape":"String",
-          "documentation":"<p>The password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".</p> <p>Constraints: Must contain from 8 to 41 characters.</p>"
+          "documentation":"<p>The password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".</p> <p>Constraints: Must contain from 8 to 41 characters.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "OptionGroupName":{
           "shape":"String",
-          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified option group.</p> <p>Permanent options can't be removed from an option group. The option group can't be removed from a DB cluster once it is associated with a DB cluster.</p>"
+          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified option group.</p> <p>DB clusters are associated with a default option group that can't be modified.</p>"
         },
         "PreferredBackupWindow":{
           "shape":"String",
-          "documentation":"<p>The daily time range during which automated backups are created if automated backups are enabled using the <code>BackupRetentionPeriod</code> parameter. </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow\"> Backup window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Constraints:</p> <ul> <li> <p>Must be in the format <code>hh24:mi-hh24:mi</code>.</p> </li> <li> <p>Must be in Universal Coordinated Time (UTC).</p> </li> <li> <p>Must not conflict with the preferred maintenance window.</p> </li> <li> <p>Must be at least 30 minutes.</p> </li> </ul>"
+          "documentation":"<p>The daily time range during which automated backups are created if automated backups are enabled using the <code>BackupRetentionPeriod</code> parameter. </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow\"> Backup window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Constraints:</p> <ul> <li> <p>Must be in the format <code>hh24:mi-hh24:mi</code>.</p> </li> <li> <p>Must be in Universal Coordinated Time (UTC).</p> </li> <li> <p>Must not conflict with the preferred maintenance window.</p> </li> <li> <p>Must be at least 30 minutes.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "PreferredMaintenanceWindow":{
           "shape":"String",
-          "documentation":"<p>The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).</p> <p>Format: <code>ddd:hh24:mi-ddd:hh24:mi</code> </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora\"> Adjusting the Preferred DB Cluster Maintenance Window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.</p> <p>Constraints: Minimum 30-minute window.</p>"
+          "documentation":"<p>The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).</p> <p>Format: <code>ddd:hh24:mi-ddd:hh24:mi</code> </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora\"> Adjusting the Preferred DB Cluster Maintenance Window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.</p> <p>Constraints: Minimum 30-minute window.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "ReplicationSourceIdentifier":{
           "shape":"String",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "Tags":{
           "shape":"TagList",
-          "documentation":"<p>Tags to assign to the DB cluster.</p>"
+          "documentation":"<p>Tags to assign to the DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "StorageEncrypted":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster is encrypted.</p>"
+          "documentation":"<p>A value that indicates whether the DB cluster is encrypted.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "KmsKeyId":{
           "shape":"String",
-          "documentation":"<p>The Amazon Web Services KMS key identifier for an encrypted DB cluster.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>When a KMS key isn't specified in <code>KmsKeyId</code>:</p> <ul> <li> <p>If <code>ReplicationSourceIdentifier</code> identifies an encrypted source, then Amazon RDS will use the KMS key used to encrypt the source. Otherwise, Amazon RDS will use your default KMS key. </p> </li> <li> <p>If the <code>StorageEncrypted</code> parameter is enabled and <code>ReplicationSourceIdentifier</code> isn't specified, then Amazon RDS will use your default KMS key.</p> </li> </ul> <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p>If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, you must set <code>KmsKeyId</code> to a KMS key identifier that is valid in the destination Amazon Web Services Region. This KMS key is used to encrypt the read replica in that Amazon Web Services Region.</p>"
+          "documentation":"<p>The Amazon Web Services KMS key identifier for an encrypted DB cluster.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>When a KMS key isn't specified in <code>KmsKeyId</code>:</p> <ul> <li> <p>If <code>ReplicationSourceIdentifier</code> identifies an encrypted source, then Amazon RDS will use the KMS key used to encrypt the source. Otherwise, Amazon RDS will use your default KMS key. </p> </li> <li> <p>If the <code>StorageEncrypted</code> parameter is enabled and <code>ReplicationSourceIdentifier</code> isn't specified, then Amazon RDS will use your default KMS key.</p> </li> </ul> <p>There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p>If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, you must set <code>KmsKeyId</code> to a KMS key identifier that is valid in the destination Amazon Web Services Region. This KMS key is used to encrypt the read replica in that Amazon Web Services Region.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "PreSignedUrl":{
           "shape":"String",
-          "documentation":"<p>A URL that contains a Signature Version 4 signed request for the <code>CreateDBCluster</code> action to be called in the source Amazon Web Services Region where the DB cluster is replicated from. You only need to specify <code>PreSignedUrl</code> when you are performing cross-region replication from an encrypted DB cluster.</p> <p>The pre-signed URL must be a valid request for the <code>CreateDBCluster</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster to be copied.</p> <p>The pre-signed URL request must contain the following parameter values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster in the destination Amazon Web Services Region. This should refer to the same KMS key for both the <code>CreateDBCluster</code> action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.</p> </li> <li> <p> <code>DestinationRegion</code> - The name of the Amazon Web Services Region that Aurora read replica will be created in.</p> </li> <li> <p> <code>ReplicationSourceIdentifier</code> - The DB cluster identifier for the encrypted DB cluster to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster from the us-west-2 Amazon Web Services Region, then your <code>ReplicationSourceIdentifier</code> would look like Example: <code>arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1</code>.</p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\"> Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\"> Signature Version 4 Signing Process</a>.</p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> </note>"
+          "documentation":"<p>A URL that contains a Signature Version 4 signed request for the <code>CreateDBCluster</code> action to be called in the source Amazon Web Services Region where the DB cluster is replicated from. Specify <code>PreSignedUrl</code> only when you are performing cross-Region replication from an encrypted DB cluster.</p> <p>The pre-signed URL must be a valid request for the <code>CreateDBCluster</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster to be copied.</p> <p>The pre-signed URL request must contain the following parameter values:</p> <ul> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the KMS key to use to encrypt the copy of the DB cluster in the destination Amazon Web Services Region. This should refer to the same KMS key for both the <code>CreateDBCluster</code> action that is called in the destination Amazon Web Services Region, and the action contained in the pre-signed URL.</p> </li> <li> <p> <code>DestinationRegion</code> - The name of the Amazon Web Services Region that Aurora read replica will be created in.</p> </li> <li> <p> <code>ReplicationSourceIdentifier</code> - The DB cluster identifier for the encrypted DB cluster to be copied. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are copying an encrypted DB cluster from the us-west-2 Amazon Web Services Region, then your <code>ReplicationSourceIdentifier</code> would look like Example: <code>arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1</code>.</p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\"> Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\"> Signature Version 4 Signing Process</a>.</p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> </note> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "BacktrackWindow":{
           "shape":"LongOptional",
-          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0. </p> <note> <p>Currently, Backtrack is only supported for Aurora MySQL DB clusters.</p> </note> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul>"
+          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0. </p> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul> <p>Valid for: Aurora MySQL DB clusters only</p>"
         },
         "EnableCloudwatchLogsExports":{
           "shape":"LogTypeList",
-          "documentation":"<p>The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs</a> in the <i>Amazon Aurora User Guide</i>.</p> <p> <b>Aurora MySQL</b> </p> <p>Possible values are <code>audit</code>, <code>error</code>, <code>general</code>, and <code>slowquery</code>. </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Possible value is <code>postgresql</code>. </p>"
+          "documentation":"<p>The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs</a> in the <i>Amazon Aurora User Guide</i>.</p> <p> <b>Aurora MySQL</b> </p> <p>Possible values are <code>audit</code>, <code>error</code>, <code>general</code>, and <code>slowquery</code>.</p> <p> <b>Aurora PostgreSQL</b> </p> <p>Possible value is <code>postgresql</code>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EngineMode":{
           "shape":"String",
-          "documentation":"<p>The DB engine mode of the DB cluster, either <code>provisioned</code>, <code>serverless</code>, <code>parallelquery</code>, <code>global</code>, or <code>multimaster</code>.</p> <p>The <code>parallelquery</code> engine mode isn't required for Aurora MySQL version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x versions.</p> <p>The <code>global</code> engine mode isn't required for Aurora MySQL version 1.22 and higher 1.x versions, and <code>global</code> engine mode isn't required for any 2.x versions.</p> <p>The <code>multimaster</code> engine mode only applies for DB clusters created with Aurora MySQL version 5.6.10a.</p> <p>For Aurora PostgreSQL, the <code>global</code> engine mode isn't required, and both the <code>parallelquery</code> and the <code>multimaster</code> engine modes currently aren't supported.</p> <p>Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the <i>Amazon Aurora User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations\"> Limitations of Aurora Serverless</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations\"> Limitations of Parallel Query</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations\"> Limitations of Aurora Global Databases</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html#aurora-multi-master-limitations\"> Limitations of Multi-Master Clusters</a> </p> </li> </ul>"
+          "documentation":"<p>The DB engine mode of the DB cluster, either <code>provisioned</code>, <code>serverless</code>, <code>parallelquery</code>, <code>global</code>, or <code>multimaster</code>.</p> <p>The <code>parallelquery</code> engine mode isn't required for Aurora MySQL version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x versions.</p> <p>The <code>global</code> engine mode isn't required for Aurora MySQL version 1.22 and higher 1.x versions, and <code>global</code> engine mode isn't required for any 2.x versions.</p> <p>The <code>multimaster</code> engine mode only applies for DB clusters created with Aurora MySQL version 5.6.10a.</p> <p>For Aurora PostgreSQL, the <code>global</code> engine mode isn't required, and both the <code>parallelquery</code> and the <code>multimaster</code> engine modes currently aren't supported.</p> <p>Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the <i>Amazon Aurora User Guide</i>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations\"> Limitations of Aurora Serverless</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations\"> Limitations of Parallel Query</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations\"> Limitations of Aurora Global Databases</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html#aurora-multi-master-limitations\"> Limitations of Multi-Master Clusters</a> </p> </li> </ul> <p>Valid for: Aurora DB clusters only</p>"
         },
         "ScalingConfiguration":{
           "shape":"ScalingConfiguration",
-          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p>"
+          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.</p>"
+          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "GlobalClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p> The global cluster ID of an Aurora cluster that becomes the primary cluster in the new global database cluster. </p>"
+          "documentation":"<p> The global cluster ID of an Aurora cluster that becomes the primary cluster in the new global database cluster. </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EnableHttpEndpoint":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.</p> <p>When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html\">Using the Data API for Aurora Serverless</a> in the <i>Amazon Aurora User Guide</i>.</p>"
+          "documentation":"<p>A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.</p> <p>When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html\">Using the Data API for Aurora Serverless</a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.</p>"
+          "documentation":"<p>A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "Domain":{
           "shape":"String",
-          "documentation":"<p>The Active Directory directory ID to create the DB cluster in.</p> <p> For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos Authentication</a> in the <i>Amazon Aurora User Guide</i>. </p>"
+          "documentation":"<p>The Active Directory directory ID to create the DB cluster in.</p> <p> For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos authentication</a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DomainIAMRoleName":{
           "shape":"String",
-          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p>"
+          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EnableGlobalWriteForwarding":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (<a>GlobalCluster</a>). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.</p> <p>You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the <a>FailoverGlobalCluster</a> API operation, but it does nothing until then. </p>"
+          "documentation":"<p>A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (<a>GlobalCluster</a>). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.</p> <p>You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the <a>FailoverGlobalCluster</a> API operation, but it does nothing until then. </p> <p>Valid for: Aurora DB clusters only</p>"
+        },
+        "DBClusterInstanceClass":{
+          "shape":"String",
+          "documentation":"<p>The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.</p> <p>For the full list of DB instance classes and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB instance class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>This setting is required to create a Multi-AZ DB cluster.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "AllocatedStorage":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.</p> <p>This setting is required to create a Multi-AZ DB cluster.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "StorageType":{
+          "shape":"String",
+          "documentation":"<p>Specifies the storage type to be associated with the DB cluster.</p> <p>This setting is required to create a Multi-AZ DB cluster.</p> <p> Valid values: <code>io1</code> </p> <p> When specified, a value for the <code>Iops</code> parameter is required. </p> <p> Default: <code>io1</code> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "Iops":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.</p> <p>For information about valid <code>Iops</code> values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS storage to improve performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>This setting is required to create a Multi-AZ DB cluster.</p> <p>Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB cluster.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PubliclyAccessible":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether the DB cluster is publicly accessible.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.</p> <p>Default: The default behavior varies depending on whether <code>DBSubnetGroupName</code> is specified.</p> <p>If <code>DBSubnetGroupName</code> isn't specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>If <code>DBSubnetGroupName</code> is specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "AutoMinorVersionUpgrade":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "MonitoringInterval":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0.</p> <p>If <code>MonitoringRoleArn</code> is specified, also set <code>MonitoringInterval</code> to a value other than 0.</p> <p>Valid Values: <code>0, 1, 5, 10, 15, 30, 60</code> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "MonitoringRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is <code>arn:aws:iam:123456789012:role/emaccess</code>. For information on creating a monitoring role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling\">Setting up and enabling Enhanced Monitoring</a> in the <i>Amazon RDS User Guide</i>.</p> <p>If <code>MonitoringInterval</code> is set to a value other than 0, supply a <code>MonitoringRoleArn</code> value.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "EnablePerformanceInsights":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether to turn on Performance Insights for the DB cluster. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Using Amazon Performance Insights</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PerformanceInsightsKMSKeyId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services KMS key identifier for encryption of Performance Insights data.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p> <p>If you don't specify a value for <code>PerformanceInsightsKMSKeyId</code>, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PerformanceInsightsRetentionPeriod":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).</p> <p>Valid for: Multi-AZ DB clusters only</p>"
         }
       },
       "documentation":"<p/>"
@@ -3571,11 +3633,11 @@
       "members":{
         "DBClusterParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB cluster parameter group.</p> <p>Constraints:</p> <ul> <li> <p>Must match the name of an existing DB cluster parameter group.</p> </li> </ul> <note> <p>This value is stored as a lowercase string.</p> </note>"
+          "documentation":"<p>The name of the DB cluster parameter group.</p> <p>Constraints:</p> <ul> <li> <p>Must not match the name of an existing DB cluster parameter group.</p> </li> </ul> <note> <p>This value is stored as a lowercase string.</p> </note>"
         },
         "DBParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.</p> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>aurora5.6</code>, <code>aurora-mysql5.7</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>aurora-postgresql9.6</code> </p> <p>To list all of the available parameter group families for a DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine &lt;engine&gt;</code> </p> <p>For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql</code> </p> <note> <p>The output contains duplicates.</p> </note> <p>The following are the valid DB engine values:</p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> </ul>"
+          "documentation":"<p>The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.</p> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>aurora5.6</code>, <code>aurora-mysql5.7</code>, <code>aurora-mysql8.0</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>aurora-postgresql9.6</code> </p> <p> <b>RDS for MySQL</b> </p> <p>Example: <code>mysql8.0</code> </p> <p> <b>RDS for PostgreSQL</b> </p> <p>Example: <code>postgres12</code> </p> <p>To list all of the available parameter group families for a DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine &lt;engine&gt;</code> </p> <p>For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql</code> </p> <note> <p>The output contains duplicates.</p> </note> <p>The following are the valid DB engine values:</p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> </ul>"
         },
         "Description":{
           "shape":"String",
@@ -3638,7 +3700,7 @@
       "members":{
         "DBName":{
           "shape":"String",
-          "documentation":"<p>The meaning of this parameter differs according to the database engine you use.</p> <p> <b>MySQL</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 64 letters or numbers.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>MariaDB</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 64 letters or numbers.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>PostgreSQL</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named <code>postgres</code> is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 63 letters, numbers, or underscores.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>Oracle</b> </p> <p>The Oracle System ID (SID) of the created DB instance. If you specify <code>null</code>, the default value <code>ORCL</code> is used. You can't specify the string NULL, or any other reserved word, for <code>DBName</code>. </p> <p>Default: <code>ORCL</code> </p> <p>Constraints:</p> <ul> <li> <p>Can't be longer than 8 characters</p> </li> </ul> <p> <b>Amazon RDS Custom</b> </p> <p>The Oracle System ID (SID) of the created RDS Custom DB instance. If you don't specify a value, the default value is <code>ORCL</code>. </p> <p>Default: <code>ORCL</code> </p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 8 alphanumeric characters.</p> </li> <li> <p>It must contain a letter.</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul> <p> <b>SQL Server</b> </p> <p>Not applicable. Must be null.</p> <p> <b>Amazon Aurora MySQL</b> </p> <p>The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 64 alphanumeric characters.</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul> <p> <b>Amazon Aurora PostgreSQL</b> </p> <p>The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named <code>postgres</code> is created in the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 63 alphanumeric characters.</p> </li> <li> <p>It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0 to 9).</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul>"
+          "documentation":"<p>The meaning of this parameter differs according to the database engine you use.</p> <p> <b>MySQL</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 64 letters or numbers.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>MariaDB</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 64 letters or numbers.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>PostgreSQL</b> </p> <p>The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named <code>postgres</code> is created in the DB instance.</p> <p>Constraints:</p> <ul> <li> <p>Must contain 1 to 63 letters, numbers, or underscores.</p> </li> <li> <p>Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).</p> </li> <li> <p>Can't be a word reserved by the specified database engine</p> </li> </ul> <p> <b>Oracle</b> </p> <p>The Oracle System ID (SID) of the created DB instance. If you specify <code>null</code>, the default value <code>ORCL</code> is used. You can't specify the string NULL, or any other reserved word, for <code>DBName</code>. </p> <p>Default: <code>ORCL</code> </p> <p>Constraints:</p> <ul> <li> <p>Can't be longer than 8 characters</p> </li> </ul> <p> <b>Amazon RDS Custom for Oracle</b> </p> <p>The Oracle System ID (SID) of the created RDS Custom DB instance. If you don't specify a value, the default value is <code>ORCL</code>. </p> <p>Default: <code>ORCL</code> </p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 8 alphanumeric characters.</p> </li> <li> <p>It must contain a letter.</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul> <p> <b>Amazon RDS Custom for SQL Server</b> </p> <p>Not applicable. Must be null.</p> <p> <b>SQL Server</b> </p> <p>Not applicable. Must be null.</p> <p> <b>Amazon Aurora MySQL</b> </p> <p>The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 64 alphanumeric characters.</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul> <p> <b>Amazon Aurora PostgreSQL</b> </p> <p>The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named <code>postgres</code> is created in the DB cluster.</p> <p>Constraints:</p> <ul> <li> <p>It must contain 1 to 63 alphanumeric characters.</p> </li> <li> <p>It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0 to 9).</p> </li> <li> <p>It can't be a word reserved by the database engine.</p> </li> </ul>"
         },
         "DBInstanceIdentifier":{
           "shape":"String",
@@ -3646,19 +3708,19 @@
         },
         "AllocatedStorage":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The amount of storage in gibibytes (GiB) to allocate for the DB instance.</p> <p>Type: Integer</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.</p> <p> <b>Amazon RDS Custom</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 40 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 40 to 65536.</p> </li> </ul> <p> <b>MySQL</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>MariaDB</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>PostgreSQL</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>Oracle</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 10 to 3072.</p> </li> </ul> <p> <b>SQL Server</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 200 to 16384.</p> </li> <li> <p>Web and Express editions: Must be an integer from 20 to 16384.</p> </li> </ul> </li> <li> <p>Provisioned IOPS storage (io1):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 200 to 16384.</p> </li> <li> <p>Web and Express editions: Must be an integer from 100 to 16384.</p> </li> </ul> </li> <li> <p>Magnetic storage (standard):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 200 to 1024.</p> </li> <li> <p>Web and Express editions: Must be an integer from 20 to 1024.</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to allocate for the DB instance.</p> <p>Type: Integer</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.</p> <p> <b>Amazon RDS Custom</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server.</p> </li> </ul> <p> <b>MySQL</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>MariaDB</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>PostgreSQL</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 5 to 3072.</p> </li> </ul> <p> <b>Oracle</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536.</p> </li> <li> <p>Provisioned IOPS storage (io1): Must be an integer from 100 to 65536.</p> </li> <li> <p>Magnetic storage (standard): Must be an integer from 10 to 3072.</p> </li> </ul> <p> <b>SQL Server</b> </p> <p>Constraints to the amount of storage for each storage type are the following: </p> <ul> <li> <p>General Purpose (SSD) storage (gp2):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 20 to 16384.</p> </li> <li> <p>Web and Express editions: Must be an integer from 20 to 16384.</p> </li> </ul> </li> <li> <p>Provisioned IOPS storage (io1):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 100 to 16384.</p> </li> <li> <p>Web and Express editions: Must be an integer from 100 to 16384.</p> </li> </ul> </li> <li> <p>Magnetic storage (standard):</p> <ul> <li> <p>Enterprise and Standard editions: Must be an integer from 20 to 1024.</p> </li> <li> <p>Web and Express editions: Must be an integer from 20 to 1024.</p> </li> </ul> </li> </ul>"
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the DB instance, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p>"
+          "documentation":"<p>The compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p>"
         },
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The name of the database engine to be used for this instance. </p> <p>Not every database engine is available for every Amazon Web Services Region. </p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>custom-oracle-ee (for RDS Custom instances)</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
+          "documentation":"<p>The name of the database engine to be used for this instance. </p> <p>Not every database engine is available for every Amazon Web Services Region. </p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>custom-oracle-ee (for RDS Custom for Oracle instances)</code> </p> </li> <li> <p> <code>custom-sqlserver-ee (for RDS Custom for SQL Server instances)</code> </p> </li> <li> <p> <code>custom-sqlserver-se (for RDS Custom for SQL Server instances)</code> </p> </li> <li> <p> <code>custom-sqlserver-web (for RDS Custom for SQL Server instances)</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
         },
         "MasterUsername":{
           "shape":"String",
-          "documentation":"<p>The name for the master user.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The name for the master user is managed by the DB cluster. </p> <p> <b>MariaDB</b> </p> <p>Constraints:</p> <ul> <li> <p>Required for MariaDB.</p> </li> <li> <p>Must be 1 to 16 letters or numbers.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul> <p> <b>Microsoft SQL Server</b> </p> <p>Constraints:</p> <ul> <li> <p>Required for SQL Server.</p> </li> <li> <p>Must be 1 to 128 letters or numbers.</p> </li> <li> <p>The first character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul> <p> <b>MySQL</b> </p> <p>Constraints:</p> <ul> <li> <p>Required for MySQL.</p> </li> <li> <p>Must be 1 to 16 letters or numbers.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul> <p> <b>Oracle</b> </p> <p>Constraints:</p> <ul> <li> <p>Required for Oracle.</p> </li> <li> <p>Must be 1 to 30 letters or numbers.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul> <p> <b>PostgreSQL</b> </p> <p>Constraints:</p> <ul> <li> <p>Required for PostgreSQL.</p> </li> <li> <p>Must be 1 to 63 letters or numbers.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul>"
+          "documentation":"<p>The name for the master user.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The name for the master user is managed by the DB cluster. </p> <p> <b>Amazon RDS</b> </p> <p>Constraints:</p> <ul> <li> <p>Required.</p> </li> <li> <p>Must be 1 to 16 letters, numbers, or underscores.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't be a reserved word for the chosen database engine.</p> </li> </ul>"
         },
         "MasterUserPassword":{
           "shape":"String",
@@ -3674,11 +3736,11 @@
         },
         "AvailabilityZone":{
           "shape":"String",
-          "documentation":"<p> The Availability Zone (AZ) where the database will be created. For information on Amazon Web Services Regions and Availability Zones, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html\">Regions and Availability Zones</a>. </p> <p>Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.</p> <p> Example: <code>us-east-1d</code> </p> <p> Constraint: The <code>AvailabilityZone</code> parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same Amazon Web Services Region as the current endpoint. </p> <note> <p>If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.</p> <p>For more information about RDS on VMware, see the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html\"> RDS on VMware User Guide.</a> </p> </note>"
+          "documentation":"<p> The Availability Zone (AZ) where the database will be created. For information on Amazon Web Services Regions and Availability Zones, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html\">Regions and Availability Zones</a>. </p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. Availability Zones are managed by the DB cluster. </p> <p>Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.</p> <p> Example: <code>us-east-1d</code> </p> <p> Constraint: The <code>AvailabilityZone</code> parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same Amazon Web Services Region as the current endpoint. </p> <note> <p>If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in.</p> <p>For more information about RDS on VMware, see the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html\"> RDS on VMware User Guide.</a> </p> </note>"
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>A DB subnet group to associate with this DB instance.</p> <p>If there is no DB subnet group, then it is a non-VPC DB instance.</p>"
+          "documentation":"<p>A DB subnet group to associate with this DB instance.</p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "PreferredMaintenanceWindow":{
           "shape":"String",
@@ -3690,7 +3752,7 @@
         },
         "BackupRetentionPeriod":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The retention period for automated backups is managed by the DB cluster.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 0 to 35</p> </li> <li> <p>Can't be set to 0 if the DB instance is a source to read replicas</p> </li> <li> <p>Can't be set to 0 or 35 for an RDS Custom DB instance</p> </li> </ul>"
+          "documentation":"<p>The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The retention period for automated backups is managed by the DB cluster.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 0 to 35</p> </li> <li> <p>Can't be set to 0 if the DB instance is a source to read replicas</p> </li> <li> <p>Can't be set to 0 or 35 for an RDS Custom for Oracle DB instance</p> </li> </ul>"
         },
         "PreferredBackupWindow":{
           "shape":"String",
@@ -3706,7 +3768,7 @@
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the database engine to use.</p> <p>For a list of valid engine versions, use the <code>DescribeDBEngineVersions</code> action.</p> <p>The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.</p> <p> <b>Amazon RDS Custom</b> </p> <p>A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom. The CEV name has the following format: <code>19.<i>customized_string</i> </code>. An example identifier is <code>19.my_cev1</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create\"> Creating an RDS Custom DB instance</a> in the <i>Amazon RDS User Guide.</i>.</p> <p> <b>MariaDB</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt\">MariaDB on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>Microsoft SQL Server</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport\">Microsoft SQL Server Versions on Amazon RDS</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>MySQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt\">MySQL on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>Oracle</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html\">Oracle Database Engine Release Notes</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>PostgreSQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts\">Amazon RDS for PostgreSQL versions and extensions</a> in the <i>Amazon RDS User Guide.</i> </p>"
+          "documentation":"<p>The version number of the database engine to use.</p> <p>For a list of valid engine versions, use the <code>DescribeDBEngineVersions</code> action.</p> <p>The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.</p> <p> <b>Amazon RDS Custom for Oracle</b> </p> <p>A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: <code>19.<i>customized_string</i> </code>. An example identifier is <code>19.my_cev1</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create\"> Creating an RDS Custom for Oracle DB instance</a> in the <i>Amazon RDS User Guide.</i>.</p> <p> <b>Amazon RDS Custom for SQL Server</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits.html#custom-reqs-limits.reqsMS\">RDS Custom for SQL Server general requirements</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>MariaDB</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt\">MariaDB on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>Microsoft SQL Server</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport\">Microsoft SQL Server Versions on Amazon RDS</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>MySQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt\">MySQL on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>Oracle</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html\">Oracle Database Engine Release Notes</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>PostgreSQL</b> </p> <p>For information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts\">Amazon RDS for PostgreSQL versions and extensions</a> in the <i>Amazon RDS User Guide.</i> </p>"
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
@@ -3718,7 +3780,7 @@
         },
         "Iops":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid Iops values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS Storage to Improve Performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance. </p>"
+          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid <code>Iops</code> values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS storage to improve performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance. </p>"
         },
         "OptionGroupName":{
           "shape":"String",
@@ -3734,7 +3796,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>Default: The default behavior varies depending on whether <code>DBSubnetGroupName</code> is specified.</p> <p>If <code>DBSubnetGroupName</code> isn't specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the default VPC in the target region doesn’t have an Internet gateway attached to it, the DB instance is private.</p> </li> <li> <p>If the default VPC in the target region has an Internet gateway attached to it, the DB instance is public.</p> </li> </ul> <p>If <code>DBSubnetGroupName</code> is specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the subnets are part of a VPC that doesn’t have an Internet gateway attached to it, the DB instance is private.</p> </li> <li> <p>If the subnets are part of a VPC that has an Internet gateway attached to it, the DB instance is public.</p> </li> </ul>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB instance's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>Default: The default behavior varies depending on whether <code>DBSubnetGroupName</code> is specified.</p> <p>If <code>DBSubnetGroupName</code> isn't specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB instance is private.</p> </li> <li> <p>If the default VPC in the target Region has an internet gateway attached to it, the DB instance is public.</p> </li> </ul> <p>If <code>DBSubnetGroupName</code> is specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB instance is private.</p> </li> <li> <p>If the subnets are part of a VPC that has an internet gateway attached to it, the DB instance is public.</p> </li> </ul>"
         },
         "Tags":{
           "shape":"TagList",
@@ -3758,11 +3820,11 @@
         },
         "StorageEncrypted":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.</p> <p>For RDS Custom Oracle instances, either set this parameter to <code>true</code> or leave it unset. If you set this parameter to <code>false</code>, RDS reports an error.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The encryption for DB instances is managed by the DB cluster.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.</p> <p>For RDS Custom instances, either set this parameter to <code>true</code> or leave it unset. If you set this parameter to <code>false</code>, RDS reports an error.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The encryption for DB instances is managed by the DB cluster.</p>"
         },
         "KmsKeyId":{
           "shape":"String",
-          "documentation":"<p>The Amazon Web Services KMS key identifier for an encrypted DB instance.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The Amazon Web Services KMS key identifier is managed by the DB cluster. For more information, see <code>CreateDBCluster</code>.</p> <p>If <code>StorageEncrypted</code> is enabled, and you do not specify a value for the <code>KmsKeyId</code> parameter, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p> <b>Amazon RDS Custom</b> </p> <p>A KMS key is required for RDS Custom Oracle instances. For most RDS engines, if you leave this parameter empty while enabling <code>StorageEncrypted</code>, the engine uses the default KMS key. However, RDS Custom for Oracle doesn't use the default key when this parameter is empty. You must explicitly specify a key.</p>"
+          "documentation":"<p>The Amazon Web Services KMS key identifier for an encrypted DB instance.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The Amazon Web Services KMS key identifier is managed by the DB cluster. For more information, see <code>CreateDBCluster</code>.</p> <p>If <code>StorageEncrypted</code> is enabled, and you do not specify a value for the <code>KmsKeyId</code> parameter, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p> <b>Amazon RDS Custom</b> </p> <p>A KMS key is required for RDS Custom instances. For most RDS engines, if you leave this parameter empty while enabling <code>StorageEncrypted</code>, the engine uses the default KMS key. However, RDS Custom doesn't use the default key when this parameter is empty. You must explicitly specify a key.</p>"
         },
         "Domain":{
           "shape":"String",
@@ -3794,7 +3856,7 @@
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>This setting doesn't apply to RDS Custom or Amazon Aurora. In Aurora, mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>This setting doesn't apply to RDS Custom or Amazon Aurora. In Aurora, mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
         },
         "EnablePerformanceInsights":{
           "shape":"BooleanOptional",
@@ -3818,7 +3880,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see <code>CreateDBCluster</code>. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see <code>CreateDBCluster</code>. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster. </p>"
         },
         "MaxAllocatedStorage":{
           "shape":"IntegerOptional",
@@ -3831,6 +3893,10 @@
         "CustomIamInstanceProfile":{
           "shape":"String",
           "documentation":"<p>The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:</p> <ul> <li> <p>The profile must exist in your account.</p> </li> <li> <p>The profile must have an IAM role that Amazon EC2 has permissions to assume.</p> </li> <li> <p>The instance profile name and the associated IAM role name must start with the prefix <code>AWSRDSCustom</code>.</p> </li> </ul> <p>For the list of permissions required for the IAM role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\"> Configure IAM and your VPC</a> in the <i>Amazon Relational Database Service User Guide</i>.</p> <p>This setting is required for RDS Custom.</p>"
+        },
+        "BackupTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where automated backups and manual snapshots are stored.</p> <p>Possible values are <code>outposts</code> (Amazon Web Services Outposts) and <code>region</code> (Amazon Web Services Region). The default is <code>region</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html\">Working with Amazon RDS on Amazon Web Services Outposts</a> in the <i>Amazon RDS User Guide</i>.</p>"
         }
       },
       "documentation":"<p/>"
@@ -3848,11 +3914,11 @@
         },
         "SourceDBInstanceIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to five read replicas.</p> <p>Constraints:</p> <ul> <li> <p>Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server DB instance.</p> </li> <li> <p>Can specify a DB instance that is a MySQL read replica only if the source is running MySQL 5.6 or later.</p> </li> <li> <p>For the limitations of Oracle read replicas, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html\">Read Replica Limitations with Oracle</a> in the <i>Amazon RDS User Guide</i>.</p> </li> <li> <p>For the limitations of SQL Server read replicas, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.Limitations.html\">Read Replica Limitations with Microsoft SQL Server</a> in the <i>Amazon RDS User Guide</i>.</p> </li> <li> <p>Can specify a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later (9.4.7 and higher for cross-region replication).</p> </li> <li> <p>The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.</p> </li> <li> <p>If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.</p> </li> <li> <p>If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing\">Constructing an ARN for Amazon RDS</a> in the <i>Amazon RDS User Guide</i>. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.</p> </li> </ul>"
+          "documentation":"<p>The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to five read replicas.</p> <p>Constraints:</p> <ul> <li> <p>Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server DB instance.</p> </li> <li> <p>Can specify a DB instance that is a MySQL read replica only if the source is running MySQL 5.6 or later.</p> </li> <li> <p>For the limitations of Oracle read replicas, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html\">Read Replica Limitations with Oracle</a> in the <i>Amazon RDS User Guide</i>.</p> </li> <li> <p>For the limitations of SQL Server read replicas, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.Limitations.html\">Read Replica Limitations with Microsoft SQL Server</a> in the <i>Amazon RDS User Guide</i>.</p> </li> <li> <p>Can specify a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later (9.4.7 and higher for cross-Region replication).</p> </li> <li> <p>The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.</p> </li> <li> <p>If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.</p> </li> <li> <p>If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing\">Constructing an ARN for Amazon RDS</a> in the <i>Amazon RDS User Guide</i>. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.</p> </li> </ul>"
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the read replica, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: Inherits from the source DB instance.</p>"
+          "documentation":"<p>The compute and memory capacity of the read replica, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: Inherits from the source DB instance.</p>"
         },
         "AvailabilityZone":{
           "shape":"String",
@@ -3880,16 +3946,16 @@
         },
         "DBParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB parameter group to associate with this DB instance.</p> <p>If you do not specify a value for <code>DBParameterGroupName</code>, then Amazon RDS uses the <code>DBParameterGroup</code> of source DB instance for a same region read replica, or the default <code>DBParameterGroup</code> for the specified DB engine for a cross region read replica.</p> <p>Specifying a parameter group for this operation is only supported for Oracle DB instances. It isn't supported for RDS Custom.</p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul>"
+          "documentation":"<p>The name of the DB parameter group to associate with this DB instance.</p> <p>If you do not specify a value for <code>DBParameterGroupName</code>, then Amazon RDS uses the <code>DBParameterGroup</code> of source DB instance for a same Region read replica, or the default <code>DBParameterGroup</code> for the specified DB engine for a cross-Region read replica.</p> <p>Specifying a parameter group for this operation is only supported for Oracle DB instances. It isn't supported for RDS Custom.</p> <p>Constraints:</p> <ul> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul>"
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
         },
         "Tags":{"shape":"TagList"},
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>Specifies a DB subnet group for the DB instance. The new DB instance is created in the VPC associated with the DB subnet group. If no DB subnet group is specified, then the new DB instance isn't created in a VPC.</p> <p>Constraints:</p> <ul> <li> <p>Can only be specified if the source DB instance identifier specifies a DB instance in another Amazon Web Services Region.</p> </li> <li> <p>If supplied, must match the name of an existing DBSubnetGroup.</p> </li> <li> <p>The specified DB subnet group must be in the same Amazon Web Services Region in which the operation is running.</p> </li> <li> <p>All read replicas in one Amazon Web Services Region that are created from the same source DB instance must either:&gt;</p> <ul> <li> <p>Specify DB subnet groups from the same VPC. All these read replicas are created in the same VPC.</p> </li> <li> <p>Not specify a DB subnet group. All these read replicas are created outside of any VPC.</p> </li> </ul> </li> </ul> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>Specifies a DB subnet group for the DB instance. The new DB instance is created in the VPC associated with the DB subnet group. If no DB subnet group is specified, then the new DB instance isn't created in a VPC.</p> <p>Constraints:</p> <ul> <li> <p>Can only be specified if the source DB instance identifier specifies a DB instance in another Amazon Web Services Region.</p> </li> <li> <p>If supplied, must match the name of an existing DBSubnetGroup.</p> </li> <li> <p>The specified DB subnet group must be in the same Amazon Web Services Region in which the operation is running.</p> </li> <li> <p>All read replicas in one Amazon Web Services Region that are created from the same source DB instance must either:&gt;</p> <ul> <li> <p>Specify DB subnet groups from the same VPC. All these read replicas are created in the same VPC.</p> </li> <li> <p>Not specify a DB subnet group. All these read replicas are created outside of any VPC.</p> </li> </ul> </li> </ul> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "VpcSecurityGroupIds":{
           "shape":"VpcSecurityGroupIdList",
@@ -3917,11 +3983,11 @@
         },
         "PreSignedUrl":{
           "shape":"String",
-          "documentation":"<p>The URL that contains a Signature Version 4 signed request for the <code>CreateDBInstanceReadReplica</code> API action in the source Amazon Web Services Region that contains the source DB instance. </p> <p>You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify <code>PreSignedUrl</code> when you are creating an encrypted read replica in the same Amazon Web Services Region.</p> <p>The presigned URL must be a valid request for the <code>CreateDBInstanceReadReplica</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values: </p> <ul> <li> <p> <code>DestinationRegion</code> - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the <code>CreateDBInstanceReadReplica</code> action is called that contains this presigned URL.</p> <p>For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the <code>CreateDBInstanceReadReplica</code> action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the <code>CreateDBInstanceReadReplica</code> action in the us-west-2 Amazon Web Services Region. For this example, the <code>DestinationRegion</code> in the presigned URL must be set to the us-east-1 Amazon Web Services Region. </p> </li> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the <code>CreateDBInstanceReadReplica</code> action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL. </p> </li> <li> <p> <code>SourceDBInstanceIdentifier</code> - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your <code>SourceDBInstanceIdentifier</code> looks like the following example: <code>arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115</code>. </p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\">Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>. </p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a presigned URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> <p> <code>SourceRegion</code> isn't supported for SQL Server, because SQL Server on Amazon RDS doesn't support cross-region read replicas.</p> </note> <p>This setting doesn't apply to RDS Custom.</p>"
+          "documentation":"<p>The URL that contains a Signature Version 4 signed request for the <code>CreateDBInstanceReadReplica</code> API action in the source Amazon Web Services Region that contains the source DB instance. </p> <p>You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify <code>PreSignedUrl</code> when you are creating an encrypted read replica in the same Amazon Web Services Region.</p> <p>The presigned URL must be a valid request for the <code>CreateDBInstanceReadReplica</code> API action that can be executed in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values: </p> <ul> <li> <p> <code>DestinationRegion</code> - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the <code>CreateDBInstanceReadReplica</code> action is called that contains this presigned URL.</p> <p>For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the <code>CreateDBInstanceReadReplica</code> action in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the <code>CreateDBInstanceReadReplica</code> action in the us-west-2 Amazon Web Services Region. For this example, the <code>DestinationRegion</code> in the presigned URL must be set to the us-east-1 Amazon Web Services Region. </p> </li> <li> <p> <code>KmsKeyId</code> - The Amazon Web Services KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the <code>CreateDBInstanceReadReplica</code> action that is called in the destination Amazon Web Services Region, and the action contained in the presigned URL. </p> </li> <li> <p> <code>SourceDBInstanceIdentifier</code> - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your <code>SourceDBInstanceIdentifier</code> looks like the following example: <code>arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115</code>. </p> </li> </ul> <p>To learn how to generate a Signature Version 4 signed request, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html\">Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4)</a> and <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>. </p> <note> <p>If you are using an Amazon Web Services SDK tool or the CLI, you can specify <code>SourceRegion</code> (or <code>--source-region</code> for the CLI) instead of specifying <code>PreSignedUrl</code> manually. Specifying <code>SourceRegion</code> autogenerates a presigned URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.</p> <p> <code>SourceRegion</code> isn't supported for SQL Server, because SQL Server on Amazon RDS doesn't support cross-Region read replicas.</p> </note> <p>This setting doesn't apply to RDS Custom.</p>"
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p> <p>This setting doesn't apply to RDS Custom.</p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p> <p>This setting doesn't apply to RDS Custom.</p>"
         },
         "EnablePerformanceInsights":{
           "shape":"BooleanOptional",
@@ -3949,7 +4015,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
         },
         "Domain":{
           "shape":"String",
@@ -3999,7 +4065,7 @@
         },
         "DBParameterGroupFamily":{
           "shape":"String",
-          "documentation":"<p>The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.</p> <p>To list all of the available parameter group families for a DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine &lt;engine&gt;</code> </p> <p>For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql</code> </p> <note> <p>The output contains duplicates.</p> </note> <p>The following are the valid DB engine values:</p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
+          "documentation":"<p>The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.</p> <p>To list all of the available parameter group families for a DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine &lt;engine&gt;</code> </p> <p>For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql</code> </p> <note> <p>The output contains duplicates.</p> </note> <p>The following are the valid DB engine values:</p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
         },
         "Description":{
           "shape":"String",
@@ -4182,7 +4248,7 @@
       "members":{
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The name for the DB subnet group. This value is stored as a lowercase string.</p> <p>Constraints: Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. Must not be default.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The name for the DB subnet group. This value is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens.</p> </li> <li> <p>Must not be default.</p> </li> <li> <p>First character must be a letter.</p> </li> </ul> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "DBSubnetGroupDescription":{
           "shape":"String",
@@ -4222,15 +4288,15 @@
         },
         "SourceType":{
           "shape":"String",
-          "documentation":"<p>The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to <code>db-instance</code>. If this value isn't specified, all events are returned.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> </p>"
+          "documentation":"<p>The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to <code>db-instance</code>. For RDS Proxy events, specify <code>db-proxy</code>. If this value isn't specified, all events are returned.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> | <code>db-proxy</code> </p>"
         },
         "EventCategories":{
           "shape":"EventCategoriesList",
-          "documentation":"<p> A list of event categories for a particular source type (<code>SourceType</code>) that you want to subscribe to. You can see a list of the categories for a given source type in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html\">Events</a> in the <i>Amazon RDS User Guide</i> or by using the <code>DescribeEventCategories</code> operation. </p>"
+          "documentation":"<p> A list of event categories for a particular source type (<code>SourceType</code>) that you want to subscribe to. You can see a list of the categories for a given source type in the \"Amazon RDS event categories and event messages\" section of the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html\"> <i>Amazon RDS User Guide</i> </a> or the <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.Messages.html\"> <i>Amazon Aurora User Guide</i> </a>. You can also see this list by using the <code>DescribeEventCategories</code> operation. </p>"
         },
         "SourceIds":{
           "shape":"SourceIdsList",
-          "documentation":"<p>The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.</p> <p>Constraints:</p> <ul> <li> <p>If <code>SourceIds</code> are supplied, <code>SourceType</code> must also be provided.</p> </li> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> </ul>"
+          "documentation":"<p>The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.</p> <p>Constraints:</p> <ul> <li> <p>If <code>SourceIds</code> are supplied, <code>SourceType</code> must also be provided.</p> </li> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is an RDS Proxy, a <code>DBProxyName</code> value must be supplied.</p> </li> </ul>"
         },
         "Enabled":{
           "shape":"BooleanOptional",
@@ -4688,9 +4754,49 @@
         "PendingModifiedValues":{
           "shape":"ClusterPendingModifiedValues",
           "documentation":"<p>A value that specifies that changes to the DB cluster are pending. This element is only included when changes are pending. Specific changes are identified by subelements.</p>"
+        },
+        "DBClusterInstanceClass":{
+          "shape":"String",
+          "documentation":"<p>The name of the compute and memory capacity class of the DB instance.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "StorageType":{
+          "shape":"String",
+          "documentation":"<p>The storage type associated with the DB cluster.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "Iops":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The Provisioned IOPS (I/O operations per second) value.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "PubliclyAccessible":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Specifies the accessibility options for the DB instance.</p> <p>When the DB instance is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB instance's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "AutoMinorVersionUpgrade":{
+          "shape":"Boolean",
+          "documentation":"<p>A value that indicates that minor version patches are applied automatically.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "MonitoringInterval":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "MonitoringRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "PerformanceInsightsEnabled":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>True if Performance Insights is enabled for the DB cluster, and otherwise false.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "PerformanceInsightsKMSKeyId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services KMS key identifier for encryption of Performance Insights data.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
+        },
+        "PerformanceInsightsRetentionPeriod":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).</p> <p>This setting is only for non-Aurora Multi-AZ DB clusters.</p>"
         }
       },
-      "documentation":"<p>Contains the details of an Amazon Aurora DB cluster. </p> <p>This data type is used as a response element in the <code>DescribeDBClusters</code>, <code>StopDBCluster</code>, and <code>StartDBCluster</code> actions. </p>",
+      "documentation":"<p>Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. </p> <p>For an Amazon Aurora DB cluster, this data type is used as a response element in the operations <code>CreateDBCluster</code>, <code>DeleteDBCluster</code>, <code>DescribeDBClusters</code>, <code>FailoverDBCluster</code>, <code>ModifyDBCluster</code>, <code>PromoteReadReplicaDBCluster</code>, <code>RestoreDBClusterFromS3</code>, <code>RestoreDBClusterFromSnapshot</code>, <code>RestoreDBClusterToPointInTime</code>, <code>StartDBCluster</code>, and <code>StopDBCluster</code>.</p> <p>For a Multi-AZ DB cluster, this data type is used as a response element in the operations <code>CreateDBCluster</code>, <code>DeleteDBCluster</code>, <code>DescribeDBClusters</code>, <code>FailoverDBCluster</code>, <code>ModifyDBCluster</code>, <code>RebootDBCluster</code>, <code>RestoreDBClusterFromSnapshot</code>, and <code>RestoreDBClusterToPointInTime</code>.</p> <p>For more information on Amazon Aurora DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html\"> What is Amazon Aurora?</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p> <note> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> </note>",
       "wrapper":true
     },
     "DBClusterAlreadyExistsFault":{
@@ -5171,7 +5277,7 @@
         },
         "Status":{
           "shape":"String",
-          "documentation":"<p>Specifies the status of this DB cluster snapshot.</p>"
+          "documentation":"<p>Specifies the status of this DB cluster snapshot. Valid statuses are the following:</p> <ul> <li> <p> <code>available</code> </p> </li> <li> <p> <code>copying</code> </p> </li> <li> <p> <code>creating</code> </p> </li> </ul>"
         },
         "Port":{
           "shape":"Integer",
@@ -5540,7 +5646,7 @@
         },
         "ReadReplicaDBClusterIdentifiers":{
           "shape":"ReadReplicaDBClusterIdentifierList",
-          "documentation":"<p>Contains one or more identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica. For example, when you create an Aurora read replica of an RDS MySQL DB instance, the Aurora MySQL DB cluster for the Aurora read replica is shown. This output does not contain information about cross region Aurora read replicas.</p> <note> <p>Currently, each RDS DB instance can have only one Aurora read replica.</p> </note>"
+          "documentation":"<p>Contains one or more identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica. For example, when you create an Aurora read replica of an RDS for MySQL DB instance, the Aurora MySQL DB cluster for the Aurora read replica is shown. This output doesn't contain information about cross-Region Aurora read replicas.</p> <note> <p>Currently, each RDS DB instance can have only one Aurora read replica.</p> </note>"
         },
         "ReplicaMode":{
           "shape":"ReplicaMode",
@@ -5572,7 +5678,7 @@
         },
         "PubliclyAccessible":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies the accessibility options for the DB instance.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
+          "documentation":"<p>Specifies the accessibility options for the DB instance.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
         },
         "StatusInfos":{
           "shape":"DBInstanceStatusInfoList",
@@ -5726,9 +5832,13 @@
         "CustomIamInstanceProfile":{
           "shape":"String",
           "documentation":"<p>The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:</p> <ul> <li> <p>The profile must exist in your account.</p> </li> <li> <p>The profile must have an IAM role that Amazon EC2 has permissions to assume.</p> </li> <li> <p>The instance profile name and the associated IAM role name must start with the prefix <code>AWSRDSCustom</code>.</p> </li> </ul> <p>For the list of permissions required for the IAM role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\"> Configure IAM and your VPC</a> in the <i>Amazon Relational Database Service User Guide</i>.</p>"
+        },
+        "BackupTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where automated backups and manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.</p>"
         }
       },
-      "documentation":"<p>Contains the details of an Amazon RDS DB instance. </p> <p>This data type is used as a response element in the <code>DescribeDBInstances</code> action. </p>",
+      "documentation":"<p>Contains the details of an Amazon RDS DB instance. </p> <p>This data type is used as a response element in the operations <code>CreateDBInstance</code>, <code>CreateDBInstanceReadReplica</code>, <code>DeleteDBInstance</code>, <code>DescribeDBInstances</code>, <code>ModifyDBInstance</code>, <code>PromoteReadReplica</code>, <code>RebootDBInstance</code>, <code>RestoreDBInstanceFromDBSnapshot</code>, <code>RestoreDBInstanceFromS3</code>, <code>RestoreDBInstanceToPointInTime</code>, <code>StartDBInstance</code>, and <code>StopDBInstance</code>. </p>",
       "wrapper":true
     },
     "DBInstanceAlreadyExistsFault":{
@@ -5849,6 +5959,10 @@
         "DBInstanceAutomatedBackupsReplications":{
           "shape":"DBInstanceAutomatedBackupsReplicationList",
           "documentation":"<p>The list of replications to different Amazon Web Services Regions associated with the automated backup.</p>"
+        },
+        "BackupTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where automated backups are stored: Amazon Web Services Outposts or the Amazon Web Services Region.</p>"
         }
       },
       "documentation":"<p>An automated backup of a DB instance. It consists of system backups, transaction logs, and the database instance properties that existed at the time you deleted the source instance.</p>",
@@ -6779,6 +6893,10 @@
         "OriginalSnapshotCreateTime":{
           "shape":"TStamp",
           "documentation":"<p>Specifies the time of the CreateDBSnapshot operation in Coordinated Universal Time (UTC). Doesn't change when the snapshot is copied.</p>"
+        },
+        "SnapshotTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.</p>"
         }
       },
       "documentation":"<p>Contains the details of an Amazon RDS DB snapshot. </p> <p>This data type is used as a response element in the <code>DescribeDBSnapshots</code> action. </p>",
@@ -7230,7 +7348,7 @@
       "members":{
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the database subnet group to delete.</p> <note> <p>You can't delete the default subnet group.</p> </note> <p>Constraints:</p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The name of the database subnet group to delete.</p> <note> <p>You can't delete the default subnet group.</p> </note> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         }
       },
       "documentation":"<p/>"
@@ -7552,7 +7670,7 @@
       "members":{
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The database engine to return.</p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
+          "documentation":"<p>The database engine to return.</p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
         },
         "EngineVersion":{
           "shape":"String",
@@ -8082,7 +8200,7 @@
       "members":{
         "SourceType":{
           "shape":"String",
-          "documentation":"<p>The type of source that is generating the events.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> </p>"
+          "documentation":"<p>The type of source that is generating the events. For RDS Proxy events, specify <code>db-proxy</code>.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> | <code>db-proxy</code> </p>"
         },
         "Filters":{
           "shape":"FilterList",
@@ -8118,7 +8236,7 @@
       "members":{
         "SourceIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the event source for which events are returned. If not specified, then all sources are included in the response.</p> <p>Constraints:</p> <ul> <li> <p>If <code>SourceIdentifier</code> is supplied, <code>SourceType</code> must also be provided.</p> </li> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul>"
+          "documentation":"<p>The identifier of the event source for which events are returned. If not specified, then all sources are included in the response.</p> <p>Constraints:</p> <ul> <li> <p>If <code>SourceIdentifier</code> is supplied, <code>SourceType</code> must also be provided.</p> </li> <li> <p>If the source type is a DB instance, a <code>DBInstanceIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster, a <code>DBClusterIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB parameter group, a <code>DBParameterGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB security group, a <code>DBSecurityGroupName</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB snapshot, a <code>DBSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is a DB cluster snapshot, a <code>DBClusterSnapshotIdentifier</code> value must be supplied.</p> </li> <li> <p>If the source type is an RDS Proxy, a <code>DBProxyName</code> value must be supplied.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul>"
         },
         "SourceType":{
           "shape":"SourceType",
@@ -8168,7 +8286,7 @@
         },
         "Filters":{
           "shape":"FilterList",
-          "documentation":"<p>Filters specify one or more snapshot exports to describe. The filters are specified as name-value pairs that define what to include in the output. Filter names and values are case-sensitive.</p> <p>Supported filters include the following: </p> <ul> <li> <p> <code>export-task-identifier</code> - An identifier for the snapshot export task.</p> </li> <li> <p> <code>s3-bucket</code> - The Amazon S3 bucket the snapshot is exported to.</p> </li> <li> <p> <code>source-arn</code> - The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3</p> </li> <li> <p> <code>status</code> - The status of the export task. Must be lowercase. Valid statuses are the following:</p> <ul> <li> <p> <code>canceled</code> </p> </li> <li> <p> <code>canceling</code> </p> </li> <li> <p> <code>complete</code> </p> </li> <li> <p> <code>failed</code> </p> </li> <li> <p> <code>starting</code> </p> </li> </ul> </li> </ul>"
+          "documentation":"<p>Filters specify one or more snapshot exports to describe. The filters are specified as name-value pairs that define what to include in the output. Filter names and values are case-sensitive.</p> <p>Supported filters include the following: </p> <ul> <li> <p> <code>export-task-identifier</code> - An identifier for the snapshot export task.</p> </li> <li> <p> <code>s3-bucket</code> - The Amazon S3 bucket the snapshot is exported to.</p> </li> <li> <p> <code>source-arn</code> - The Amazon Resource Name (ARN) of the snapshot exported to Amazon S3</p> </li> <li> <p> <code>status</code> - The status of the export task. Must be lowercase. Valid statuses are the following:</p> <ul> <li> <p> <code>canceled</code> </p> </li> <li> <p> <code>canceling</code> </p> </li> <li> <p> <code>complete</code> </p> </li> <li> <p> <code>failed</code> </p> </li> <li> <p> <code>in_progress</code> </p> </li> <li> <p> <code>starting</code> </p> </li> </ul> </li> </ul>"
         },
         "Marker":{
           "shape":"String",
@@ -8285,7 +8403,7 @@
       "members":{
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The name of the engine to retrieve DB instance options for.</p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
+          "documentation":"<p>The name of the engine to retrieve DB instance options for.</p> <p>Valid Values: </p> <ul> <li> <p> <code>aurora</code> (for MySQL 5.6-compatible Aurora)</p> </li> <li> <p> <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)</p> </li> <li> <p> <code>aurora-postgresql</code> </p> </li> <li> <p> <code>mariadb</code> </p> </li> <li> <p> <code>mysql</code> </p> </li> <li> <p> <code>oracle-ee</code> </p> </li> <li> <p> <code>oracle-ee-cdb</code> </p> </li> <li> <p> <code>oracle-se2</code> </p> </li> <li> <p> <code>oracle-se2-cdb</code> </p> </li> <li> <p> <code>postgres</code> </p> </li> <li> <p> <code>sqlserver-ee</code> </p> </li> <li> <p> <code>sqlserver-se</code> </p> </li> <li> <p> <code>sqlserver-ex</code> </p> </li> <li> <p> <code>sqlserver-web</code> </p> </li> </ul>"
         },
         "EngineVersion":{
           "shape":"String",
@@ -8957,7 +9075,7 @@
         },
         "TargetDBInstanceIdentifier":{
           "shape":"String",
-          "documentation":"<p>The name of the instance to promote to the primary instance.</p> <p>You must specify the instance identifier for an Aurora Replica in the DB cluster. For example, <code>mydbcluster-replica1</code>.</p>"
+          "documentation":"<p>The name of the DB instance to promote to the primary DB instance.</p> <p>Specify the DB instance identifier for an Aurora Replica or a Multi-AZ readable standby in the DB cluster, for example <code>mydbcluster-replica1</code>.</p> <p>This setting isn't supported for RDS for MySQL Multi-AZ DB clusters.</p>"
         }
       },
       "documentation":"<p/>"
@@ -9858,7 +9976,7 @@
         },
         "EngineVersion":{
           "shape":"CustomEngineVersion",
-          "documentation":"<p>The custom engine version (CEV) that you want to modify. This option is required for RDS Custom, but optional for Amazon RDS. The combination of <code>Engine</code> and <code>EngineVersion</code> is unique per customer per Amazon Web Services Region.</p>"
+          "documentation":"<p>The custom engine version (CEV) that you want to modify. This option is required for RDS Custom for Oracle, but optional for Amazon RDS. The combination of <code>Engine</code> and <code>EngineVersion</code> is unique per customer per Amazon Web Services Region.</p>"
         },
         "Description":{
           "shape":"Description",
@@ -9898,99 +10016,139 @@
       "members":{
         "DBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The DB cluster identifier for the cluster being modified. This parameter isn't case-sensitive.</p> <p>Constraints: This identifier must match the identifier of an existing DB cluster.</p>"
+          "documentation":"<p>The DB cluster identifier for the cluster being modified. This parameter isn't case-sensitive.</p> <p>Constraints: This identifier must match the identifier of an existing DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "NewDBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The new DB cluster identifier for the DB cluster when renaming a DB cluster. This value is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>The first character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul> <p>Example: <code>my-cluster2</code> </p>"
+          "documentation":"<p>The new DB cluster identifier for the DB cluster when renaming a DB cluster. This value is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>The first character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul> <p>Example: <code>my-cluster2</code> </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "ApplyImmediately":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the <code>PreferredMaintenanceWindow</code> setting for the DB cluster. If this parameter is disabled, changes to the DB cluster are applied during the next maintenance window.</p> <p>The <code>ApplyImmediately</code> parameter only affects the <code>EnableIAMDatabaseAuthentication</code>, <code>MasterUserPassword</code>, and <code>NewDBClusterIdentifier</code> values. If the <code>ApplyImmediately</code> parameter is disabled, then changes to the <code>EnableIAMDatabaseAuthentication</code>, <code>MasterUserPassword</code>, and <code>NewDBClusterIdentifier</code> values are applied during the next maintenance window. All other changes are applied immediately, regardless of the value of the <code>ApplyImmediately</code> parameter.</p> <p>By default, this parameter is disabled.</p>"
+          "documentation":"<p>A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the <code>PreferredMaintenanceWindow</code> setting for the DB cluster. If this parameter is disabled, changes to the DB cluster are applied during the next maintenance window.</p> <p>The <code>ApplyImmediately</code> parameter only affects the <code>EnableIAMDatabaseAuthentication</code>, <code>MasterUserPassword</code>, and <code>NewDBClusterIdentifier</code> values. If the <code>ApplyImmediately</code> parameter is disabled, then changes to the <code>EnableIAMDatabaseAuthentication</code>, <code>MasterUserPassword</code>, and <code>NewDBClusterIdentifier</code> values are applied during the next maintenance window. All other changes are applied immediately, regardless of the value of the <code>ApplyImmediately</code> parameter.</p> <p>By default, this parameter is disabled.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "BackupRetentionPeriod":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The number of days for which automated backups are retained. You must specify a minimum value of 1.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 1 to 35</p> </li> </ul>"
+          "documentation":"<p>The number of days for which automated backups are retained. Specify a minimum value of 1.</p> <p>Default: 1</p> <p>Constraints:</p> <ul> <li> <p>Must be a value from 1 to 35</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBClusterParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB cluster parameter group to use for the DB cluster.</p>"
+          "documentation":"<p>The name of the DB cluster parameter group to use for the DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "VpcSecurityGroupIds":{
           "shape":"VpcSecurityGroupIdList",
-          "documentation":"<p>A list of VPC security groups that the DB cluster will belong to.</p>"
+          "documentation":"<p>A list of VPC security groups that the DB cluster will belong to.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The port number on which the DB cluster accepts connections.</p> <p>Constraints: Value must be <code>1150-65535</code> </p> <p>Default: The same port as the original DB cluster.</p>"
+          "documentation":"<p>The port number on which the DB cluster accepts connections.</p> <p>Constraints: Value must be <code>1150-65535</code> </p> <p>Default: The same port as the original DB cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "MasterUserPassword":{
           "shape":"String",
-          "documentation":"<p>The new password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".</p> <p>Constraints: Must contain from 8 to 41 characters.</p>"
+          "documentation":"<p>The new password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".</p> <p>Constraints: Must contain from 8 to 41 characters.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "OptionGroupName":{
           "shape":"String",
-          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified option group. Changing this parameter doesn't result in an outage except in the following case, and the change is applied during the next maintenance window unless the <code>ApplyImmediately</code> is enabled for this request. If the parameter change results in an option group that enables OEM, this change can cause a brief (sub-second) period during which new connections are rejected but existing connections are not interrupted. </p> <p>Permanent options can't be removed from an option group. The option group can't be removed from a DB cluster once it is associated with a DB cluster.</p>"
+          "documentation":"<p>A value that indicates that the DB cluster should be associated with the specified option group.</p> <p>DB clusters are associated with a default option group that can't be modified.</p>"
         },
         "PreferredBackupWindow":{
           "shape":"String",
-          "documentation":"<p>The daily time range during which automated backups are created if automated backups are enabled, using the <code>BackupRetentionPeriod</code> parameter. </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow\"> Backup window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Constraints:</p> <ul> <li> <p>Must be in the format <code>hh24:mi-hh24:mi</code>.</p> </li> <li> <p>Must be in Universal Coordinated Time (UTC).</p> </li> <li> <p>Must not conflict with the preferred maintenance window.</p> </li> <li> <p>Must be at least 30 minutes.</p> </li> </ul>"
+          "documentation":"<p>The daily time range during which automated backups are created if automated backups are enabled, using the <code>BackupRetentionPeriod</code> parameter. </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. To view the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow\"> Backup window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Constraints:</p> <ul> <li> <p>Must be in the format <code>hh24:mi-hh24:mi</code>.</p> </li> <li> <p>Must be in Universal Coordinated Time (UTC).</p> </li> <li> <p>Must not conflict with the preferred maintenance window.</p> </li> <li> <p>Must be at least 30 minutes.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "PreferredMaintenanceWindow":{
           "shape":"String",
-          "documentation":"<p>The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).</p> <p>Format: <code>ddd:hh24:mi-ddd:hh24:mi</code> </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora\"> Adjusting the Preferred DB Cluster Maintenance Window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.</p> <p>Constraints: Minimum 30-minute window.</p>"
+          "documentation":"<p>The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).</p> <p>Format: <code>ddd:hh24:mi-ddd:hh24:mi</code> </p> <p>The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora\"> Adjusting the Preferred DB Cluster Maintenance Window</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.</p> <p>Constraints: Minimum 30-minute window.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "BacktrackWindow":{
           "shape":"LongOptional",
-          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <note> <p>Currently, Backtrack is only supported for Aurora MySQL DB clusters.</p> </note> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul>"
+          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul> <p>Valid for: Aurora MySQL DB clusters only</p>"
         },
         "CloudwatchLogsExportConfiguration":{
           "shape":"CloudwatchLogsExportConfiguration",
-          "documentation":"<p>The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.</p>"
+          "documentation":"<p>The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless <code>ApplyImmediately</code> is enabled.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p>"
+          "documentation":"<p>The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless <code>ApplyImmediately</code> is enabled.</p> <p>To list all of the available engine versions for MySQL 5.6-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for Aurora PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for MySQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "AllowMajorVersionUpgrade":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether major version upgrades are allowed.</p> <p>Constraints: You must allow major version upgrades when specifying a value for the <code>EngineVersion</code> parameter that is a different major version than the DB cluster's current version.</p>"
+          "documentation":"<p>A value that indicates whether major version upgrades are allowed.</p> <p>Constraints: You must allow major version upgrades when specifying a value for the <code>EngineVersion</code> parameter that is a different major version than the DB cluster's current version.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DBInstanceParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB parameter group to apply to all instances of the DB cluster. </p> <note> <p>When you apply a parameter group using the <code>DBInstanceParameterGroupName</code> parameter, the DB cluster isn't rebooted automatically. Also, parameter changes aren't applied during the next maintenance window but instead are applied immediately.</p> </note> <p>Default: The existing name setting</p> <p>Constraints:</p> <ul> <li> <p>The DB parameter group must be in the same DB parameter group family as this DB cluster.</p> </li> <li> <p>The <code>DBInstanceParameterGroupName</code> parameter is only valid in combination with the <code>AllowMajorVersionUpgrade</code> parameter.</p> </li> </ul>"
+          "documentation":"<p>The name of the DB parameter group to apply to all instances of the DB cluster. </p> <note> <p>When you apply a parameter group using the <code>DBInstanceParameterGroupName</code> parameter, the DB cluster isn't rebooted automatically. Also, parameter changes aren't applied during the next maintenance window but instead are applied immediately.</p> </note> <p>Default: The existing name setting</p> <p>Constraints:</p> <ul> <li> <p>The DB parameter group must be in the same DB parameter group family as this DB cluster.</p> </li> <li> <p>The <code>DBInstanceParameterGroupName</code> parameter is only valid in combination with the <code>AllowMajorVersionUpgrade</code> parameter.</p> </li> </ul> <p>Valid for: Aurora DB clusters only</p>"
         },
         "Domain":{
           "shape":"String",
-          "documentation":"<p>The Active Directory directory ID to move the DB cluster to. Specify <code>none</code> to remove the cluster from its current domain. The domain must be created prior to this operation. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos Authentication</a> in the <i>Amazon Aurora User Guide</i>. </p>"
+          "documentation":"<p>The Active Directory directory ID to move the DB cluster to. Specify <code>none</code> to remove the cluster from its current domain. The domain must be created prior to this operation. </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos Authentication</a> in the <i>Amazon Aurora User Guide</i>. </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DomainIAMRoleName":{
           "shape":"String",
-          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p>"
+          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "ScalingConfiguration":{
           "shape":"ScalingConfiguration",
-          "documentation":"<p>The scaling properties of the DB cluster. You can only modify scaling properties for DB clusters in <code>serverless</code> DB engine mode.</p>"
+          "documentation":"<p>The scaling properties of the DB cluster. You can only modify scaling properties for DB clusters in <code>serverless</code> DB engine mode.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. </p>"
+          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EnableHttpEndpoint":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.</p> <p>When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html\">Using the Data API for Aurora Serverless</a> in the <i>Amazon Aurora User Guide</i>.</p>"
+          "documentation":"<p>A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled.</p> <p>When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html\">Using the Data API for Aurora Serverless</a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.</p>"
+          "documentation":"<p>A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EnableGlobalWriteForwarding":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (<a>GlobalCluster</a>). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.</p> <p>You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the <a>FailoverGlobalCluster</a> API operation, but it does nothing until then. </p>"
+          "documentation":"<p>A value that indicates whether to enable this DB cluster to forward write operations to the primary cluster of an Aurora global database (<a>GlobalCluster</a>). By default, write operations are not allowed on Aurora DB clusters that are secondary clusters in an Aurora global database.</p> <p>You can set this value only on Aurora DB clusters that are members of an Aurora global database. With this parameter enabled, a secondary cluster can forward writes to the current primary cluster and the resulting changes are replicated back to this cluster. For the primary DB cluster of an Aurora global database, this value is used immediately if the primary is demoted by the <a>FailoverGlobalCluster</a> API operation, but it does nothing until then. </p> <p>Valid for: Aurora DB clusters only</p>"
+        },
+        "DBClusterInstanceClass":{
+          "shape":"String",
+          "documentation":"<p>The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.</p> <p>For the full list of DB instance classes and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "AllocatedStorage":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.</p> <p>Type: Integer</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "StorageType":{
+          "shape":"String",
+          "documentation":"<p>Specifies the storage type to be associated with the DB cluster.</p> <p> Valid values: <code>io1</code> </p> <p> When specified, a value for the <code>Iops</code> parameter is required. </p> <p> Default: <code>io1</code> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "Iops":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.</p> <p>For information about valid Iops values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS Storage to Improve Performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB cluster.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "AutoMinorVersionUpgrade":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "MonitoringInterval":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0.</p> <p>If <code>MonitoringRoleArn</code> is specified, also set <code>MonitoringInterval</code> to a value other than 0.</p> <p>Valid Values: <code>0, 1, 5, 10, 15, 30, 60</code> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "MonitoringRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is <code>arn:aws:iam:123456789012:role/emaccess</code>. For information on creating a monitoring role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html#USER_Monitoring.OS.IAMRole\">To create an IAM role for Amazon RDS Enhanced Monitoring</a> in the <i>Amazon RDS User Guide.</i> </p> <p>If <code>MonitoringInterval</code> is set to a value other than 0, supply a <code>MonitoringRoleArn</code> value.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "EnablePerformanceInsights":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether to turn on Performance Insights for the DB cluster.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html\"> Using Amazon Performance Insights</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PerformanceInsightsKMSKeyId":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Web Services KMS key identifier for encryption of Performance Insights data.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.</p> <p>If you don't specify a value for <code>PerformanceInsightsKMSKeyId</code>, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.</p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PerformanceInsightsRetentionPeriod":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).</p> <p>Valid for: Multi-AZ DB clusters only</p>"
         }
       },
       "documentation":"<p/>"
@@ -10065,11 +10223,11 @@
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The new compute and memory capacity of the DB instance, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide</i>. </p> <p>If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless <code>ApplyImmediately</code> is enabled for this request. </p> <p>This setting doesn't apply to RDS Custom.</p> <p>Default: Uses existing setting</p>"
+          "documentation":"<p>The new compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide</i>. </p> <p>If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless <code>ApplyImmediately</code> is enabled for this request. </p> <p>This setting doesn't apply to RDS Custom for Oracle.</p> <p>Default: Uses existing setting</p>"
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The new DB subnet group for the DB instance. You can use this parameter to move your DB instance to a different VPC. If your DB instance isn't in a VPC, you can also use this parameter to move your DB instance into a VPC. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Non-VPC2VPC\">Working with a DB instance in a VPC</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Changing the subnet group causes an outage during the change. The change is applied during the next maintenance window, unless you enable <code>ApplyImmediately</code>.</p> <p> This parameter doesn't apply to RDS Custom.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mySubnetGroup</code> </p>"
+          "documentation":"<p>The new DB subnet group for the DB instance. You can use this parameter to move your DB instance to a different VPC. If your DB instance isn't in a VPC, you can also use this parameter to move your DB instance into a VPC. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Non-VPC2VPC\">Working with a DB instance in a VPC</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Changing the subnet group causes an outage during the change. The change is applied during the next maintenance window, unless you enable <code>ApplyImmediately</code>.</p> <p> This parameter doesn't apply to RDS Custom.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "DBSecurityGroups":{
           "shape":"DBSecurityGroupNameList",
@@ -10081,7 +10239,7 @@
         },
         "ApplyImmediately":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the <code>PreferredMaintenanceWindow</code> setting for the DB instance. By default, this parameter is disabled. </p> <p> If this parameter is disabled, changes to the DB instance are applied during the next maintenance window. Some parameter changes can cause an outage and are applied on the next call to <a>RebootDBInstance</a>, or the next failure reboot. Review the table of parameters in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html\">Modifying a DB Instance</a> in the <i>Amazon RDS User Guide.</i> to see the impact of enabling or disabling <code>ApplyImmediately</code> for each modified parameter and to determine when the changes are applied. </p>"
+          "documentation":"<p>A value that indicates whether the modifications in this request and any pending modifications are asynchronously applied as soon as possible, regardless of the <code>PreferredMaintenanceWindow</code> setting for the DB instance. By default, this parameter is disabled.</p> <p> If this parameter is disabled, changes to the DB instance are applied during the next maintenance window. Some parameter changes can cause an outage and are applied on the next call to <a>RebootDBInstance</a>, or the next failure reboot. Review the table of parameters in <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html\">Modifying a DB Instance</a> in the <i>Amazon RDS User Guide</i> to see the impact of enabling or disabling <code>ApplyImmediately</code> for each modified parameter and to determine when the changes are applied. </p>"
         },
         "MasterUserPassword":{
           "shape":"String",
@@ -10093,7 +10251,7 @@
         },
         "BackupRetentionPeriod":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.</p> <note> <p>Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.</p> </note> <p>These changes are applied during the next maintenance window unless the <code>ApplyImmediately</code> parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see <code>ModifyDBCluster</code>.</p> <p>Default: Uses existing setting</p> <p>Constraints:</p> <ul> <li> <p>It must be a value from 0 to 35. It can't be set to 0 if the DB instance is a source to read replicas. It can't be set to 0 or 35 for an RDS Custom DB instance.</p> </li> <li> <p>It can be specified for a MySQL read replica only if the source is running MySQL 5.6 or later.</p> </li> <li> <p>It can be specified for a PostgreSQL read replica only if the source is running PostgreSQL 9.3.5.</p> </li> </ul>"
+          "documentation":"<p>The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.</p> <note> <p>Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.</p> </note> <p>These changes are applied during the next maintenance window unless the <code>ApplyImmediately</code> parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.</p> <p> <b>Amazon Aurora</b> </p> <p>Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see <code>ModifyDBCluster</code>.</p> <p>Default: Uses existing setting</p> <p>Constraints:</p> <ul> <li> <p>It must be a value from 0 to 35. It can't be set to 0 if the DB instance is a source to read replicas. It can't be set to 0 or 35 for an RDS Custom for Oracle DB instance.</p> </li> <li> <p>It can be specified for a MySQL read replica only if the source is running MySQL 5.6 or later.</p> </li> <li> <p>It can be specified for a PostgreSQL read replica only if the source is running PostgreSQL 9.3.5.</p> </li> </ul>"
         },
         "PreferredBackupWindow":{
           "shape":"String",
@@ -10109,7 +10267,7 @@
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p> The version number of the database engine to upgrade to. Changing this parameter results in an outage and the change is applied during the next maintenance window unless the <code>ApplyImmediately</code> parameter is enabled for this request. </p> <p>For major version upgrades, if a nondefault DB parameter group is currently in use, a new DB parameter group in the DB parameter group family for the new engine version must be specified. The new DB parameter group can be the default for that DB parameter group family.</p> <p>If you specify only a major version, Amazon RDS will update the DB instance to the default minor version if the current minor version is lower. For information about valid engine versions, see <code>CreateDBInstance</code>, or call <code>DescribeDBEngineVersions</code>.</p> <p>In RDS Custom, this parameter is supported for read replicas only if they are in the <code>PATCH_DB_FAILURE</code> lifecycle. </p>"
+          "documentation":"<p> The version number of the database engine to upgrade to. Changing this parameter results in an outage and the change is applied during the next maintenance window unless the <code>ApplyImmediately</code> parameter is enabled for this request. </p> <p>For major version upgrades, if a nondefault DB parameter group is currently in use, a new DB parameter group in the DB parameter group family for the new engine version must be specified. The new DB parameter group can be the default for that DB parameter group family.</p> <p>If you specify only a major version, Amazon RDS will update the DB instance to the default minor version if the current minor version is lower. For information about valid engine versions, see <code>CreateDBInstance</code>, or call <code>DescribeDBEngineVersions</code>.</p> <p>In RDS Custom for Oracle, this parameter is supported for read replicas only if they are in the <code>PATCH_DB_FAILURE</code> lifecycle. </p>"
         },
         "AllowMajorVersionUpgrade":{
           "shape":"Boolean",
@@ -10169,7 +10327,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible. </p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p> <code>PubliclyAccessible</code> only applies to DB instances in a VPC. The DB instance must be part of a public subnet and <code>PubliclyAccessible</code> must be enabled for it to be publicly accessible. </p> <p>Changes to the <code>PubliclyAccessible</code> parameter are applied immediately regardless of the value of the <code>ApplyImmediately</code> parameter.</p> <p>This setting doesn't apply to RDS Custom.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible. </p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p> <code>PubliclyAccessible</code> only applies to DB instances in a VPC. The DB instance must be part of a public subnet and <code>PubliclyAccessible</code> must be enabled for it to be publicly accessible. </p> <p>Changes to the <code>PubliclyAccessible</code> parameter are applied immediately regardless of the value of the <code>ApplyImmediately</code> parameter.</p>"
         },
         "MonitoringRoleArn":{
           "shape":"String",
@@ -10185,7 +10343,7 @@
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p> <p>This setting doesn't apply to RDS Custom.</p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p> <p>This setting doesn't apply to RDS Custom.</p>"
         },
         "EnablePerformanceInsights":{
           "shape":"BooleanOptional",
@@ -10213,7 +10371,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
         },
         "MaxAllocatedStorage":{
           "shape":"IntegerOptional",
@@ -10265,7 +10423,7 @@
         },
         "Parameters":{
           "shape":"ParametersList",
-          "documentation":"<p>An array of parameter names, values, and the application methods for the parameter update. At least one parameter name, value, and application method method must be supplied; later arguments are optional. A maximum of 20 parameters can be modified in a single request.</p> <p>Valid Values (for the application method): <code>immediate | pending-reboot</code> </p> <note> <p>You can use the <code>immediate</code> value with dynamic parameters only. You can use the <code>pending-reboot</code> value for both dynamic and static parameters.</p> <p>When the application method is <code>immediate</code>, changes to dynamic parameters are applied immediately to the DB instances associated with the parameter group. When the application method is <code>pending-reboot</code>, changes to dynamic and static parameters are applied after a reboot without failover to the DB instances associated with the parameter group.</p> </note>"
+          "documentation":"<p>An array of parameter names, values, and the application methods for the parameter update. At least one parameter name, value, and application method must be supplied; later arguments are optional. A maximum of 20 parameters can be modified in a single request.</p> <p>Valid Values (for the application method): <code>immediate | pending-reboot</code> </p> <p>You can use the <code>immediate</code> value with dynamic parameters only. You can use the <code>pending-reboot</code> value for both dynamic and static parameters.</p> <p>When the application method is <code>immediate</code>, changes to dynamic parameters are applied immediately to the DB instances associated with the parameter group.</p> <p>When the application method is <code>pending-reboot</code>, changes to dynamic and static parameters are applied after a reboot without failover to the DB instances associated with the parameter group.</p> <note> <p>You can't use <code>pending-reboot</code> with dynamic parameters on RDS for SQL Server DB instances. Use <code>immediate</code>.</p> </note> <p>For more information on modifying DB parameters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithParamGroups.html\">Working with DB parameter groups</a> in the <i>Amazon RDS User Guide</i>.</p>"
         }
       },
       "documentation":"<p/>"
@@ -10443,7 +10601,7 @@
       "members":{
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The name for the DB subnet group. This value is stored as a lowercase string. You can't modify the default subnet group. </p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The name for the DB subnet group. This value is stored as a lowercase string. You can't modify the default subnet group. </p> <p>Constraints: Must match the name of an existing DBSubnetGroup. Must not be default.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "DBSubnetGroupDescription":{
           "shape":"String",
@@ -10476,7 +10634,7 @@
         },
         "SourceType":{
           "shape":"String",
-          "documentation":"<p>The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. If this value isn't specified, all events are returned.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> </p>"
+          "documentation":"<p>The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. For RDS Proxy events, specify <code>db-proxy</code>. If this value isn't specified, all events are returned.</p> <p>Valid values: <code>db-instance</code> | <code>db-cluster</code> | <code>db-parameter-group</code> | <code>db-security-group</code> | <code>db-snapshot</code> | <code>db-cluster-snapshot</code> | <code>db-proxy</code> </p>"
         },
         "EventCategories":{
           "shape":"EventCategoriesList",
@@ -10512,7 +10670,7 @@
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless <code>ApplyImmediately</code> is enabled.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p>"
+          "documentation":"<p>The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless <code>ApplyImmediately</code> is enabled.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query '*[]|[?SupportsGlobalDatabases == `true`].[EngineVersion]'</code> </p>"
         },
         "AllowMajorVersionUpgrade":{
           "shape":"BooleanOptional",
@@ -11102,6 +11260,10 @@
         "SupportsGlobalDatabases":{
           "shape":"Boolean",
           "documentation":"<p>A value that indicates whether you can use Aurora global databases with a specific combination of other DB engine attributes.</p>"
+        },
+        "SupportsClusters":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether DB instances can be configured as a Multi-AZ DB cluster.</p> <p>The Multi-AZ DB clusters feature is in preview and is subject to change.</p> <p>For more information on Multi-AZ DB clusters, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html\"> Multi-AZ deployments with two readable standby DB instances</a> in the <i>Amazon RDS User Guide.</i> </p>"
         }
       },
       "documentation":"<p>Contains a list of available options for a DB instance.</p> <p> This data type is used as a response element in the <code>DescribeOrderableDBInstanceOptions</code> action. </p>",
@@ -11505,6 +11667,22 @@
       "type":"list",
       "member":{"shape":"String"}
     },
+    "RebootDBClusterMessage":{
+      "type":"structure",
+      "required":["DBClusterIdentifier"],
+      "members":{
+        "DBClusterIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The DB cluster identifier. This parameter is stored as a lowercase string.</p> <p>Constraints:</p> <ul> <li> <p>Must match the identifier of an existing DBCluster.</p> </li> </ul>"
+        }
+      }
+    },
+    "RebootDBClusterResult":{
+      "type":"structure",
+      "members":{
+        "DBCluster":{"shape":"DBCluster"}
+      }
+    },
     "RebootDBInstanceMessage":{
       "type":"structure",
       "required":["DBInstanceIdentifier"],
@@ -12006,15 +12184,15 @@
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>A DB subnet group to associate with the restored DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup. </p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>A DB subnet group to associate with the restored DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The name of the database engine to be used for this DB cluster.</p> <p>Valid Values: <code>aurora</code> (for MySQL 5.6-compatible Aurora), <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), and <code>aurora-postgresql</code> </p>"
+          "documentation":"<p>The name of the database engine to be used for this DB cluster.</p> <p>Valid Values: <code>aurora</code> (for MySQL 5.6-compatible Aurora), <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), and <code>aurora-postgresql</code> </p>"
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the database engine to use.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>5.6.10a</code>, <code>5.6.mysql_aurora.1.19.2</code>, <code>5.7.12</code>, <code>5.7.mysql_aurora.2.04.5</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>9.6.3</code>, <code>10.7</code> </p>"
+          "documentation":"<p>The version number of the database engine to use.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>5.6.10a</code>, <code>5.6.mysql_aurora.1.19.2</code>, <code>5.7.12</code>, <code>5.7.mysql_aurora.2.04.5</code>, <code>8.0.mysql_aurora.3.01.0</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>9.6.3</code>, <code>10.7</code> </p>"
         },
         "Port":{
           "shape":"IntegerOptional",
@@ -12051,7 +12229,7 @@
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
         },
         "SourceEngine":{
           "shape":"String",
@@ -12083,7 +12261,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. </p>"
+          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. </p>"
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
@@ -12115,91 +12293,107 @@
       "members":{
         "AvailabilityZones":{
           "shape":"AvailabilityZones",
-          "documentation":"<p>Provides the list of Availability Zones (AZs) where instances in the restored DB cluster can be created.</p>"
+          "documentation":"<p>Provides the list of Availability Zones (AZs) where instances in the restored DB cluster can be created.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The name of the DB cluster to create from the DB snapshot or DB cluster snapshot. This parameter isn't case-sensitive.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul> <p>Example: <code>my-snapshot-id</code> </p>"
+          "documentation":"<p>The name of the DB cluster to create from the DB snapshot or DB cluster snapshot. This parameter isn't case-sensitive.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul> <p>Example: <code>my-snapshot-id</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "SnapshotIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier for the DB snapshot or DB cluster snapshot to restore from.</p> <p>You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.</p> <p>Constraints:</p> <ul> <li> <p>Must match the identifier of an existing Snapshot.</p> </li> </ul>"
+          "documentation":"<p>The identifier for the DB snapshot or DB cluster snapshot to restore from.</p> <p>You can use either the name or the Amazon Resource Name (ARN) to specify a DB cluster snapshot. However, you can use only the ARN to specify a DB snapshot.</p> <p>Constraints:</p> <ul> <li> <p>Must match the identifier of an existing Snapshot.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Engine":{
           "shape":"String",
-          "documentation":"<p>The database engine to use for the new DB cluster.</p> <p>Default: The same as source</p> <p>Constraint: Must be compatible with the engine of the source</p>"
+          "documentation":"<p>The database engine to use for the new DB cluster.</p> <p>Default: The same as source</p> <p>Constraint: Must be compatible with the engine of the source</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EngineVersion":{
           "shape":"String",
-          "documentation":"<p>The version of the database engine to use for the new DB cluster.</p> <p>To list all of the available engine versions for <code>aurora</code> (for MySQL 5.6-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-mysql</code> (for MySQL 5.7-compatible Aurora), use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for <code>aurora-postgresql</code>, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <note> <p>If you aren't using the default engine version, then you must specify the engine version.</p> </note> <p> <b>Aurora MySQL</b> </p> <p>Example: <code>5.6.10a</code>, <code>5.6.mysql_aurora.1.19.2</code>, <code>5.7.12</code>, <code>5.7.mysql_aurora.2.04.5</code> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>Example: <code>9.6.3</code>, <code>10.7</code> </p>"
+          "documentation":"<p>The version of the database engine to use for the new DB cluster.</p> <p>To list all of the available engine versions for MySQL 5.6-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for Aurora PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for MySQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine mysql --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p>To list all of the available engine versions for RDS for PostgreSQL, use the following command:</p> <p> <code>aws rds describe-db-engine-versions --engine postgres --query \"DBEngineVersions[].EngineVersion\"</code> </p> <p> <b>Aurora MySQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html\">MySQL on Amazon RDS Versions</a> in the <i>Amazon Aurora User Guide.</i> </p> <p> <b>Aurora PostgreSQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html\">Amazon Aurora PostgreSQL releases and engine versions</a> in the <i>Amazon Aurora User Guide.</i> </p> <p> <b>MySQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt\">MySQL on Amazon RDS Versions</a> in the <i>Amazon RDS User Guide.</i> </p> <p> <b>PostgreSQL</b> </p> <p>See <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts\">Amazon RDS for PostgreSQL versions and extensions</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The port number on which the new DB cluster accepts connections.</p> <p>Constraints: This value must be <code>1150-65535</code> </p> <p>Default: The same port as the original DB cluster.</p>"
+          "documentation":"<p>The port number on which the new DB cluster accepts connections.</p> <p>Constraints: This value must be <code>1150-65535</code> </p> <p>Default: The same port as the original DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB subnet group to use for the new DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DB subnet group.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The name of the DB subnet group to use for the new DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DB subnet group.</p> <p>Example: <code>mydbsubnetgroup</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DatabaseName":{
           "shape":"String",
-          "documentation":"<p>The database name for the restored DB cluster.</p>"
+          "documentation":"<p>The database name for the restored DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "OptionGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the option group to use for the restored DB cluster.</p>"
+          "documentation":"<p>The name of the option group to use for the restored DB cluster.</p> <p>DB clusters are associated with a default option group that can't be modified.</p>"
         },
         "VpcSecurityGroupIds":{
           "shape":"VpcSecurityGroupIdList",
-          "documentation":"<p>A list of VPC security groups that the new DB cluster will belong to.</p>"
+          "documentation":"<p>A list of VPC security groups that the new DB cluster will belong to.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Tags":{
           "shape":"TagList",
-          "documentation":"<p>The tags to be assigned to the restored DB cluster.</p>"
+          "documentation":"<p>The tags to be assigned to the restored DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "KmsKeyId":{
           "shape":"String",
-          "documentation":"<p>The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>When you don't specify a value for the <code>KmsKeyId</code> parameter, then the following occurs:</p> <ul> <li> <p>If the DB snapshot or DB cluster snapshot in <code>SnapshotIdentifier</code> is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the DB snapshot or DB cluster snapshot.</p> </li> <li> <p>If the DB snapshot or DB cluster snapshot in <code>SnapshotIdentifier</code> isn't encrypted, then the restored DB cluster isn't encrypted.</p> </li> </ul>"
+          "documentation":"<p>The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>When you don't specify a value for the <code>KmsKeyId</code> parameter, then the following occurs:</p> <ul> <li> <p>If the DB snapshot or DB cluster snapshot in <code>SnapshotIdentifier</code> is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the DB snapshot or DB cluster snapshot.</p> </li> <li> <p>If the DB snapshot or DB cluster snapshot in <code>SnapshotIdentifier</code> isn't encrypted, then the restored DB cluster isn't encrypted.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "BacktrackWindow":{
           "shape":"LongOptional",
-          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <note> <p>Currently, Backtrack is only supported for Aurora MySQL DB clusters.</p> </note> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul>"
+          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <note> <p>Currently, Backtrack is only supported for Aurora MySQL DB clusters.</p> </note> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EnableCloudwatchLogsExports":{
           "shape":"LogTypeList",
-          "documentation":"<p>The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs </a> in the <i>Amazon Aurora User Guide</i>.</p>"
+          "documentation":"<p>The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs </a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EngineMode":{
           "shape":"String",
-          "documentation":"<p>The DB engine mode of the DB cluster, either <code>provisioned</code>, <code>serverless</code>, <code>parallelquery</code>, <code>global</code>, or <code>multimaster</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html\"> CreateDBCluster</a>.</p>"
+          "documentation":"<p>The DB engine mode of the DB cluster, either <code>provisioned</code>, <code>serverless</code>, <code>parallelquery</code>, <code>global</code>, or <code>multimaster</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html\"> CreateDBCluster</a>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "ScalingConfiguration":{
           "shape":"ScalingConfiguration",
-          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p>"
+          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DBClusterParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.</p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing default DB cluster parameter group.</p> </li> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul>"
+          "documentation":"<p>The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.</p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing default DB cluster parameter group.</p> </li> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. </p>"
+          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.</p>"
+          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "Domain":{
           "shape":"String",
-          "documentation":"<p>Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html\"> Kerberos Authentication</a> in the <i>Amazon RDS User Guide</i>. </p>"
+          "documentation":"<p>Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html\"> Kerberos Authentication</a> in the <i>Amazon RDS User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DomainIAMRoleName":{
           "shape":"String",
-          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p>"
+          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p> <p>Valid for: Aurora DB clusters only</p>"
+        },
+        "DBClusterInstanceClass":{
+          "shape":"String",
+          "documentation":"<p>The compute and memory capacity of the each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.</p> <p>For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
+        },
+        "StorageType":{
+          "shape":"String",
+          "documentation":"<p>Specifies the storage type to be associated with the each DB instance in the Multi-AZ DB cluster.</p> <p> Valid values: <code>io1</code> </p> <p> When specified, a value for the <code>Iops</code> parameter is required. </p> <p> Default: <code>io1</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
+        },
+        "Iops":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.</p> <p>For information about valid Iops values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS Storage to Improve Performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB instance.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
+        },
+        "PubliclyAccessible":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether the DB cluster is publicly accessible.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.</p> <p>Default: The default behavior varies depending on whether <code>DBSubnetGroupName</code> is specified.</p> <p>If <code>DBSubnetGroupName</code> isn't specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>If <code>DBSubnetGroupName</code> is specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         }
       },
       "documentation":"<p/>"
@@ -12219,84 +12413,100 @@
       "members":{
         "DBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The name of the new DB cluster to be created.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul>"
+          "documentation":"<p>The name of the new DB cluster to be created.</p> <p>Constraints:</p> <ul> <li> <p>Must contain from 1 to 63 letters, numbers, or hyphens</p> </li> <li> <p>First character must be a letter</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "RestoreType":{
           "shape":"String",
-          "documentation":"<p>The type of restore to be performed. You can specify one of the following values:</p> <ul> <li> <p> <code>full-copy</code> - The new DB cluster is restored as a full copy of the source DB cluster.</p> </li> <li> <p> <code>copy-on-write</code> - The new DB cluster is restored as a clone of the source DB cluster.</p> </li> </ul> <p>Constraints: You can't specify <code>copy-on-write</code> if the engine version of the source DB cluster is earlier than 1.11.</p> <p>If you don't specify a <code>RestoreType</code> value, then the new DB cluster is restored as a full copy of the source DB cluster.</p>"
+          "documentation":"<p>The type of restore to be performed. You can specify one of the following values:</p> <ul> <li> <p> <code>full-copy</code> - The new DB cluster is restored as a full copy of the source DB cluster.</p> </li> <li> <p> <code>copy-on-write</code> - The new DB cluster is restored as a clone of the source DB cluster.</p> </li> </ul> <p>Constraints: You can't specify <code>copy-on-write</code> if the engine version of the source DB cluster is earlier than 1.11.</p> <p>If you don't specify a <code>RestoreType</code> value, then the new DB cluster is restored as a full copy of the source DB cluster.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "SourceDBClusterIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the source DB cluster from which to restore.</p> <p>Constraints:</p> <ul> <li> <p>Must match the identifier of an existing DBCluster.</p> </li> </ul>"
+          "documentation":"<p>The identifier of the source DB cluster from which to restore.</p> <p>Constraints:</p> <ul> <li> <p>Must match the identifier of an existing DBCluster.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "RestoreToTime":{
           "shape":"TStamp",
-          "documentation":"<p>The date and time to restore the DB cluster to.</p> <p>Valid Values: Value must be a time in Universal Coordinated Time (UTC) format</p> <p>Constraints:</p> <ul> <li> <p>Must be before the latest restorable time for the DB instance</p> </li> <li> <p>Must be specified if <code>UseLatestRestorableTime</code> parameter isn't provided</p> </li> <li> <p>Can't be specified if the <code>UseLatestRestorableTime</code> parameter is enabled</p> </li> <li> <p>Can't be specified if the <code>RestoreType</code> parameter is <code>copy-on-write</code> </p> </li> </ul> <p>Example: <code>2015-03-07T23:45:00Z</code> </p>"
+          "documentation":"<p>The date and time to restore the DB cluster to.</p> <p>Valid Values: Value must be a time in Universal Coordinated Time (UTC) format</p> <p>Constraints:</p> <ul> <li> <p>Must be before the latest restorable time for the DB instance</p> </li> <li> <p>Must be specified if <code>UseLatestRestorableTime</code> parameter isn't provided</p> </li> <li> <p>Can't be specified if the <code>UseLatestRestorableTime</code> parameter is enabled</p> </li> <li> <p>Can't be specified if the <code>RestoreType</code> parameter is <code>copy-on-write</code> </p> </li> </ul> <p>Example: <code>2015-03-07T23:45:00Z</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "UseLatestRestorableTime":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster isn't restored to the latest restorable backup time. </p> <p>Constraints: Can't be specified if <code>RestoreToTime</code> parameter is provided.</p>"
+          "documentation":"<p>A value that indicates whether to restore the DB cluster to the latest restorable backup time. By default, the DB cluster isn't restored to the latest restorable backup time. </p> <p>Constraints: Can't be specified if <code>RestoreToTime</code> parameter is provided.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
-          "documentation":"<p>The port number on which the new DB cluster accepts connections.</p> <p>Constraints: A value from <code>1150-65535</code>. </p> <p>Default: The default port for the engine.</p>"
+          "documentation":"<p>The port number on which the new DB cluster accepts connections.</p> <p>Constraints: A value from <code>1150-65535</code>. </p> <p>Default: The default port for the engine.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The DB subnet group name to use for the new DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The DB subnet group name to use for the new DB cluster.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "OptionGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the option group for the new DB cluster.</p>"
+          "documentation":"<p>The name of the option group for the new DB cluster.</p> <p>DB clusters are associated with a default option group that can't be modified.</p>"
         },
         "VpcSecurityGroupIds":{
           "shape":"VpcSecurityGroupIdList",
-          "documentation":"<p>A list of VPC security groups that the new DB cluster belongs to.</p>"
+          "documentation":"<p>A list of VPC security groups that the new DB cluster belongs to.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "Tags":{"shape":"TagList"},
         "KmsKeyId":{
           "shape":"String",
-          "documentation":"<p>The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different from the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the <code>KmsKeyId</code> parameter.</p> <p>If you don't specify a value for the <code>KmsKeyId</code> parameter, then the following occurs:</p> <ul> <li> <p>If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.</p> </li> <li> <p>If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.</p> </li> </ul> <p>If <code>DBClusterIdentifier</code> refers to a DB cluster that isn't encrypted, then the restore request is rejected.</p>"
+          "documentation":"<p>The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.</p> <p>The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.</p> <p>You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different from the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the <code>KmsKeyId</code> parameter.</p> <p>If you don't specify a value for the <code>KmsKeyId</code> parameter, then the following occurs:</p> <ul> <li> <p>If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.</p> </li> <li> <p>If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.</p> </li> </ul> <p>If <code>DBClusterIdentifier</code> refers to a DB cluster that isn't encrypted, then the restore request is rejected.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication</a> in the <i>Amazon Aurora User Guide.</i> </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "BacktrackWindow":{
           "shape":"LongOptional",
-          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <note> <p>Currently, Backtrack is only supported for Aurora MySQL DB clusters.</p> </note> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul>"
+          "documentation":"<p>The target backtrack window, in seconds. To disable backtracking, set this value to 0.</p> <p>Default: 0</p> <p>Constraints:</p> <ul> <li> <p>If specified, this value must be set to a number from 0 to 259,200 (72 hours).</p> </li> </ul> <p>Valid for: Aurora MySQL DB clusters only</p>"
         },
         "EnableCloudwatchLogsExports":{
           "shape":"LogTypeList",
-          "documentation":"<p>The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs</a> in the <i>Amazon Aurora User Guide</i>.</p>"
+          "documentation":"<p>The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch\">Publishing Database Logs to Amazon CloudWatch Logs</a> in the <i>Amazon Aurora User Guide</i>.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DBClusterParameterGroupName":{
           "shape":"String",
-          "documentation":"<p>The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.</p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing DB cluster parameter group.</p> </li> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul>"
+          "documentation":"<p>The name of the DB cluster parameter group to associate with this DB cluster. If this argument is omitted, the default DB cluster parameter group for the specified engine is used.</p> <p>Constraints:</p> <ul> <li> <p>If supplied, must match the name of an existing DB cluster parameter group.</p> </li> <li> <p>Must be 1 to 255 letters, numbers, or hyphens.</p> </li> <li> <p>First character must be a letter.</p> </li> <li> <p>Can't end with a hyphen or contain two consecutive hyphens.</p> </li> </ul> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. </p>"
+          "documentation":"<p>A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.</p> <p>Valid for: Aurora DB clusters and Multi-AZ DB clusters</p>"
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.</p>"
+          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB cluster to snapshots of the restored DB cluster. The default is not to copy them.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "Domain":{
           "shape":"String",
-          "documentation":"<p>Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. </p> <p> For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos Authentication</a> in the <i>Amazon Aurora User Guide</i>. </p>"
+          "documentation":"<p>Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. </p> <p> For Amazon Aurora DB clusters, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB cluster. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html\">Kerberos Authentication</a> in the <i>Amazon Aurora User Guide</i>. </p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "DomainIAMRoleName":{
           "shape":"String",
-          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p>"
+          "documentation":"<p>Specify the name of the IAM role to be used when making API calls to the Directory Service.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "ScalingConfiguration":{
           "shape":"ScalingConfiguration",
-          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p>"
+          "documentation":"<p>For DB clusters in <code>serverless</code> DB engine mode, the scaling properties of the DB cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
         },
         "EngineMode":{
           "shape":"String",
-          "documentation":"<p>The engine mode of the new cluster. Specify <code>provisioned</code> or <code>serverless</code>, depending on the type of the cluster you are creating. You can create an Aurora Serverless clone from a provisioned cluster, or a provisioned clone from an Aurora Serverless cluster. To create a clone that is an Aurora Serverless cluster, the original cluster must be an Aurora Serverless cluster or an encrypted provisioned cluster.</p>"
+          "documentation":"<p>The engine mode of the new cluster. Specify <code>provisioned</code> or <code>serverless</code>, depending on the type of the cluster you are creating. You can create an Aurora Serverless clone from a provisioned cluster, or a provisioned clone from an Aurora Serverless cluster. To create a clone that is an Aurora Serverless cluster, the original cluster must be an Aurora Serverless cluster or an encrypted provisioned cluster.</p> <p>Valid for: Aurora DB clusters only</p>"
+        },
+        "DBClusterInstanceClass":{
+          "shape":"String",
+          "documentation":"<p>The compute and memory capacity of the each DB instance in the Multi-AZ DB cluster, for example db.m6g.xlarge. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.</p> <p>For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB instance class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "StorageType":{
+          "shape":"String",
+          "documentation":"<p>Specifies the storage type to be associated with the each DB instance in the Multi-AZ DB cluster.</p> <p> Valid values: <code>io1</code> </p> <p> When specified, a value for the <code>Iops</code> parameter is required. </p> <p> Default: <code>io1</code> </p> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "PubliclyAccessible":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A value that indicates whether the DB cluster is publicly accessible.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.</p> <p>Default: The default behavior varies depending on whether <code>DBSubnetGroupName</code> is specified.</p> <p>If <code>DBSubnetGroupName</code> isn't specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>If <code>DBSubnetGroupName</code> is specified, and <code>PubliclyAccessible</code> isn't specified, the following applies:</p> <ul> <li> <p>If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.</p> </li> <li> <p>If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.</p> </li> </ul> <p>Valid for: Multi-AZ DB clusters only</p>"
+        },
+        "Iops":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.</p> <p>For information about valid <code>Iops</code> values, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS\">Amazon RDS Provisioned IOPS storage to improve performance</a> in the <i>Amazon RDS User Guide</i>. </p> <p>Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB instance. </p> <p>Valid for: Multi-AZ DB clusters only</p>"
         }
       },
       "documentation":"<p/>"
@@ -12324,7 +12534,7 @@
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the Amazon RDS DB instance, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: The same DBInstanceClass as the original DB instance.</p>"
+          "documentation":"<p>The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: The same DBInstanceClass as the original DB instance.</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
@@ -12336,7 +12546,7 @@
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The DB subnet group name to use for the new instance.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The DB subnet group name to use for the new instance.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "MultiAZ":{
           "shape":"BooleanOptional",
@@ -12344,7 +12554,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB instance's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
@@ -12393,7 +12603,7 @@
         },
         "CopyTagsToSnapshot":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB instance to snapshots of the DB instance. By default, tags are not copied.</p>"
+          "documentation":"<p>A value that indicates whether to copy all tags from the restored DB instance to snapshots of the DB instance.</p> <p>In most cases, tags aren't copied by default. However, when you restore a DB instance from a DB snapshot, RDS checks whether you specify new tags. If yes, the new tags are added to the restored DB instance. If there are no new tags, RDS looks for the tags from the source DB instance for the DB snapshot, and then adds those tags to the restored DB instance.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html#USER_Tagging.CopyTags\"> Copying tags to DB instance snapshots</a> in the <i>Amazon RDS User Guide</i>.</p>"
         },
         "DomainIAMRoleName":{
           "shape":"String",
@@ -12421,7 +12631,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
         },
         "EnableCustomerOwnedIp":{
           "shape":"BooleanOptional",
@@ -12429,7 +12639,11 @@
         },
         "CustomIamInstanceProfile":{
           "shape":"String",
-          "documentation":"<p>The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:</p> <ul> <li> <p>The profile must exist in your account.</p> </li> <li> <p>The profile must have an IAM role that Amazon EC2 has permissions to assume.</p> </li> <li> <p>The instance profile name and the associated IAM role name must start with the prefix <code>AWSRDSCustom</code>.</p> </li> </ul> <p>For the list of permissions required for the IAM role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\"> Configure IAM and your VPC</a> in the <i>Amazon Relational Database Service User Guide</i>.</p> <p>This setting is required for RDS Custom.</p>"
+          "documentation":"<p>The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:</p> <ul> <li> <p>The profile must exist in your account.</p> </li> <li> <p>The profile must have an IAM role that Amazon EC2 has permissions to assume.</p> </li> <li> <p>The instance profile name and the associated IAM role name must start with the prefix <code>AWSRDSCustom</code>.</p> </li> </ul> <p>For the list of permissions required for the IAM role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\"> Configure IAM and your VPC</a> in the <i>Amazon RDS User Guide</i>.</p> <p>This setting is required for RDS Custom.</p>"
+        },
+        "BackupTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where automated backups and manual snapshots are stored for the restored DB instance.</p> <p>Possible values are <code>outposts</code> (Amazon Web Services Outposts) and <code>region</code> (Amazon Web Services Region). The default is <code>region</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html\">Working with Amazon RDS on Amazon Web Services Outposts</a> in the <i>Amazon RDS User Guide</i>.</p>"
         }
       },
       "documentation":"<p/>"
@@ -12466,7 +12680,7 @@
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the DB instance, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class. </p>"
+          "documentation":"<p>The compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class. </p>"
         },
         "Engine":{
           "shape":"String",
@@ -12494,7 +12708,7 @@
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>A DB subnet group to associate with this DB instance.</p>"
+          "documentation":"<p>A DB subnet group to associate with this DB instance.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "PreferredMaintenanceWindow":{
           "shape":"String",
@@ -12542,7 +12756,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB instance's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -12574,7 +12788,7 @@
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
         },
         "SourceEngine":{
           "shape":"String",
@@ -12622,7 +12836,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
         },
         "MaxAllocatedStorage":{
           "shape":"IntegerOptional",
@@ -12658,7 +12872,7 @@
         },
         "DBInstanceClass":{
           "shape":"String",
-          "documentation":"<p>The compute and memory capacity of the Amazon RDS DB instance, for example, <code>db.m4.large</code>. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: The same DBInstanceClass as the original DB instance.</p>"
+          "documentation":"<p>The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html\">DB Instance Class</a> in the <i>Amazon RDS User Guide.</i> </p> <p>Default: The same DBInstanceClass as the original DB instance.</p>"
         },
         "Port":{
           "shape":"IntegerOptional",
@@ -12670,7 +12884,7 @@
         },
         "DBSubnetGroupName":{
           "shape":"String",
-          "documentation":"<p>The DB subnet group name to use for the new instance.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mySubnetgroup</code> </p>"
+          "documentation":"<p>The DB subnet group name to use for the new instance.</p> <p>Constraints: If supplied, must match the name of an existing DBSubnetGroup.</p> <p>Example: <code>mydbsubnetgroup</code> </p>"
         },
         "MultiAZ":{
           "shape":"BooleanOptional",
@@ -12678,7 +12892,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
+          "documentation":"<p>A value that indicates whether the DB instance is publicly accessible.</p> <p>When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.</p> <p>When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.</p> <p>For more information, see <a>CreateDBInstance</a>.</p>"
         },
         "AutoMinorVersionUpgrade":{
           "shape":"BooleanOptional",
@@ -12735,7 +12949,7 @@
         },
         "EnableIAMDatabaseAuthentication":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled.</p> <p>This setting doesn't apply to RDS Custom.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
+          "documentation":"<p>A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.</p> <p>This setting doesn't apply to RDS Custom.</p> <p>For more information about IAM database authentication, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html\"> IAM Database Authentication for MySQL and PostgreSQL</a> in the <i>Amazon RDS User Guide.</i> </p>"
         },
         "EnableCloudwatchLogsExports":{
           "shape":"LogTypeList",
@@ -12755,7 +12969,7 @@
         },
         "DeletionProtection":{
           "shape":"BooleanOptional",
-          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
+          "documentation":"<p>A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html\"> Deleting a DB Instance</a>. </p>"
         },
         "SourceDbiResourceId":{
           "shape":"String",
@@ -12776,6 +12990,10 @@
         "CustomIamInstanceProfile":{
           "shape":"String",
           "documentation":"<p>The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:</p> <ul> <li> <p>The profile must exist in your account.</p> </li> <li> <p>The profile must have an IAM role that Amazon EC2 has permissions to assume.</p> </li> <li> <p>The instance profile name and the associated IAM role name must start with the prefix <code>AWSRDSCustom</code>.</p> </li> </ul> <p>For the list of permissions required for the IAM role, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\"> Configure IAM and your VPC</a> in the <i>Amazon Relational Database Service User Guide</i>.</p> <p>This setting is required for RDS Custom.</p>"
+        },
+        "BackupTarget":{
+          "shape":"String",
+          "documentation":"<p>Specifies where automated backups and manual snapshots are stored for the restored DB instance.</p> <p>Possible values are <code>outposts</code> (Amazon Web Services Outposts) and <code>region</code> (Amazon Web Services Region). The default is <code>region</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html\">Working with Amazon RDS on Amazon Web Services Outposts</a> in the <i>Amazon RDS User Guide</i>.</p>"
         }
       },
       "documentation":"<p/>"
@@ -12837,7 +13055,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>SNS has responded that there is a problem with the SND topic specified.</p>",
+      "documentation":"<p>SNS has responded that there is a problem with the SNS topic specified.</p>",
       "error":{
         "code":"SNSInvalidTopic",
         "httpStatusCode":400,
@@ -13024,7 +13242,8 @@
         "db-snapshot",
         "db-cluster",
         "db-cluster-snapshot",
-        "custom-engine-version"
+        "custom-engine-version",
+        "db-proxy"
       ]
     },
     "StartActivityStreamRequest":{
diff --git a/contrib/python/botocore/py3/botocore/data/redshift-data/2019-12-20/service-2.json b/contrib/python/botocore/py3/botocore/data/redshift-data/2019-12-20/service-2.json
index 6ae75eaf9f7..6012e59ca4d 100644
--- a/contrib/python/botocore/py3/botocore/data/redshift-data/2019-12-20/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/redshift-data/2019-12-20/service-2.json
@@ -26,7 +26,7 @@
         {"shape":"ActiveStatementsExceededException"},
         {"shape":"BatchExecuteStatementException"}
       ],
-      "documentation":"<p>Runs one or more SQL statements, which can be data manipulation language (DML) or data definition language (DDL). Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>Runs one or more SQL statements, which can be data manipulation language (DML) or data definition language (DDL). Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     },
     "CancelStatement":{
       "name":"CancelStatement",
@@ -39,7 +39,8 @@
       "errors":[
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"DatabaseConnectionException"}
       ],
       "documentation":"<p>Cancels a running query. To be canceled, a query must be running. </p>"
     },
@@ -68,9 +69,10 @@
       "output":{"shape":"DescribeTableResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"DatabaseConnectionException"}
       ],
-      "documentation":"<p>Describes the detailed information about a table from metadata in the cluster. The information includes its columns. A token is returned to page through the column list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>Describes the detailed information about a table from metadata in the cluster. The information includes its columns. A token is returned to page through the column list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     },
     "ExecuteStatement":{
       "name":"ExecuteStatement",
@@ -85,7 +87,7 @@
         {"shape":"ExecuteStatementException"},
         {"shape":"ActiveStatementsExceededException"}
       ],
-      "documentation":"<p>Runs an SQL statement, which can be data manipulation language (DML) or data definition language (DDL). This statement must be a single SQL statement. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>Runs an SQL statement, which can be data manipulation language (DML) or data definition language (DDL). This statement must be a single SQL statement. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     },
     "GetStatementResult":{
       "name":"GetStatementResult",
@@ -112,9 +114,10 @@
       "output":{"shape":"ListDatabasesResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"DatabaseConnectionException"}
       ],
-      "documentation":"<p>List the databases in a cluster. A token is returned to page through the database list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>List the databases in a cluster. A token is returned to page through the database list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     },
     "ListSchemas":{
       "name":"ListSchemas",
@@ -126,9 +129,10 @@
       "output":{"shape":"ListSchemasResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"DatabaseConnectionException"}
       ],
-      "documentation":"<p>Lists the schemas in a database. A token is returned to page through the schema list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>Lists the schemas in a database. A token is returned to page through the schema list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     },
     "ListStatements":{
       "name":"ListStatements",
@@ -154,9 +158,10 @@
       "output":{"shape":"ListTablesResponse"},
       "errors":[
         {"shape":"ValidationException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"DatabaseConnectionException"}
       ],
-      "documentation":"<p>List the tables in a database. If neither <code>SchemaPattern</code> nor <code>TablePattern</code> are specified, then all tables in the database are returned. A token is returned to page through the table list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. </p> </li> <li> <p>Temporary credentials - specify the cluster identifier, the database name, and the database user name. Permission to call the <code>redshift:GetClusterCredentials</code> operation is required to use this method. </p> </li> </ul>"
+      "documentation":"<p>List the tables in a database. If neither <code>SchemaPattern</code> nor <code>TablePattern</code> are specified, then all tables in the database are returned. A token is returned to page through the table list. Depending on the authorization method, use one of the following combinations of request parameters: </p> <ul> <li> <p>Secrets Manager - when connecting to a cluster, specify the Amazon Resource Name (ARN) of the secret, the database name, and the cluster identifier that matches the cluster in the secret. When connecting to a serverless endpoint, specify the Amazon Resource Name (ARN) of the secret and the database name. </p> </li> <li> <p>Temporary credentials - when connecting to a cluster, specify the cluster identifier, the database name, and the database user name. Also, permission to call the <code>redshift:GetClusterCredentials</code> operation is required. When connecting to a serverless endpoint, specify the database name. </p> </li> </ul>"
     }
   },
   "shapes":{
@@ -188,14 +193,13 @@
     "BatchExecuteStatementInput":{
       "type":"structure",
       "required":[
-        "ClusterIdentifier",
         "Database",
         "Sqls"
       ],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "Database":{
           "shape":"String",
@@ -203,7 +207,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "SecretArn":{
           "shape":"SecretArn",
@@ -228,7 +232,7 @@
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is not returned when connecting to a serverless endpoint. </p>"
         },
         "CreatedAt":{
           "shape":"Timestamp",
@@ -354,6 +358,16 @@
       "type":"list",
       "member":{"shape":"ColumnMetadata"}
     },
+    "DatabaseConnectionException":{
+      "type":"structure",
+      "required":["Message"],
+      "members":{
+        "Message":{"shape":"String"}
+      },
+      "documentation":"<p>Connection to a database failed.</p>",
+      "exception":true,
+      "fault":true
+    },
     "DatabaseList":{
       "type":"list",
       "member":{"shape":"String"}
@@ -398,7 +412,7 @@
         },
         "HasResultSet":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether the statement has a result set. The result set can be empty. </p>"
+          "documentation":"<p>A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set. The value is true if any substatement returns a result set.</p>"
         },
         "Id":{
           "shape":"StatementId",
@@ -448,14 +462,11 @@
     },
     "DescribeTableRequest":{
       "type":"structure",
-      "required":[
-        "ClusterIdentifier",
-        "Database"
-      ],
+      "required":["Database"],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "ConnectedDatabase":{
           "shape":"String",
@@ -467,7 +478,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "MaxResults":{
           "shape":"PageSize",
@@ -531,14 +542,13 @@
     "ExecuteStatementInput":{
       "type":"structure",
       "required":[
-        "ClusterIdentifier",
         "Database",
         "Sql"
       ],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "Database":{
           "shape":"String",
@@ -546,7 +556,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "Parameters":{
           "shape":"SqlParametersList",
@@ -575,7 +585,7 @@
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is not returned when connecting to a serverless endpoint. </p>"
         },
         "CreatedAt":{
           "shape":"Timestamp",
@@ -686,14 +696,11 @@
     },
     "ListDatabasesRequest":{
       "type":"structure",
-      "required":[
-        "ClusterIdentifier",
-        "Database"
-      ],
+      "required":["Database"],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "Database":{
           "shape":"String",
@@ -701,7 +708,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "MaxResults":{
           "shape":"PageSize",
@@ -732,14 +739,11 @@
     },
     "ListSchemasRequest":{
       "type":"structure",
-      "required":[
-        "ClusterIdentifier",
-        "Database"
-      ],
+      "required":["Database"],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "ConnectedDatabase":{
           "shape":"String",
@@ -751,7 +755,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "MaxResults":{
           "shape":"PageSize",
@@ -830,14 +834,11 @@
     },
     "ListTablesRequest":{
       "type":"structure",
-      "required":[
-        "ClusterIdentifier",
-        "Database"
-      ],
+      "required":["Database"],
       "members":{
         "ClusterIdentifier":{
           "shape":"Location",
-          "documentation":"<p>The cluster identifier. This parameter is required when authenticating using either Secrets Manager or temporary credentials. </p>"
+          "documentation":"<p>The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials. </p>"
         },
         "ConnectedDatabase":{
           "shape":"String",
@@ -849,7 +850,7 @@
         },
         "DbUser":{
           "shape":"String",
-          "documentation":"<p>The database user name. This parameter is required when authenticating using temporary credentials. </p>"
+          "documentation":"<p>The database user name. This parameter is required when connecting to a cluster and authenticating using temporary credentials. </p>"
         },
         "MaxResults":{
           "shape":"PageSize",
@@ -1065,7 +1066,7 @@
         },
         "HasResultSet":{
           "shape":"Boolean",
-          "documentation":"<p>A value that indicates whether the statement has a result set. The result set can be empty.</p>"
+          "documentation":"<p>A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set.</p>"
         },
         "Id":{
           "shape":"StatementId",
diff --git a/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/paginators-1.json
index 0a8afd183ad..c48ecbbc6a2 100644
--- a/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/paginators-1.json
@@ -161,6 +161,36 @@
       "limit_key": "MaxRecords",
       "output_token": "Marker",
       "result_key": "EndpointAuthorizationList"
+    },
+    "DescribeDataShares": {
+      "input_token": "Marker",
+      "limit_key": "MaxRecords",
+      "output_token": "Marker",
+      "result_key": "DataShares"
+    },
+    "DescribeDataSharesForConsumer": {
+      "input_token": "Marker",
+      "limit_key": "MaxRecords",
+      "output_token": "Marker",
+      "result_key": "DataShares"
+    },
+    "DescribeDataSharesForProducer": {
+      "input_token": "Marker",
+      "limit_key": "MaxRecords",
+      "output_token": "Marker",
+      "result_key": "DataShares"
+    },
+    "DescribeReservedNodeExchangeStatus": {
+      "input_token": "Marker",
+      "limit_key": "MaxRecords",
+      "output_token": "Marker",
+      "result_key": "ReservedNodeExchangeStatusDetails"
+    },
+    "GetReservedNodeExchangeConfigurationOptions": {
+      "input_token": "Marker",
+      "limit_key": "MaxRecords",
+      "output_token": "Marker",
+      "result_key": "ReservedNodeConfigurationOptionList"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/service-2.json b/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/service-2.json
index 188c1752e11..ecad2f15388 100644
--- a/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/redshift/2012-12-01/service-2.json
@@ -101,7 +101,7 @@
       "errors":[
         {"shape":"InvalidDataShareFault"}
       ],
-      "documentation":"<p>From a data producer account, authorizes the sharing of a datashare with one or more consumer accounts. To authorize a datashare for a data consumer, the producer account must have the correct access privileges.</p>"
+      "documentation":"<p>From a data producer account, authorizes the sharing of a datashare with one or more consumer accounts or managing entities. To authorize a datashare for a data consumer, the producer account must have the correct access privileges.</p>"
     },
     "AuthorizeEndpointAccess":{
       "name":"AuthorizeEndpointAccess",
@@ -1213,6 +1213,24 @@
       ],
       "documentation":"<p>Returns information about the partner integrations defined for a cluster.</p>"
     },
+    "DescribeReservedNodeExchangeStatus":{
+      "name":"DescribeReservedNodeExchangeStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeReservedNodeExchangeStatusInputMessage"},
+      "output":{
+        "shape":"DescribeReservedNodeExchangeStatusOutputMessage",
+        "resultWrapper":"DescribeReservedNodeExchangeStatusResult"
+      },
+      "errors":[
+        {"shape":"ReservedNodeNotFoundFault"},
+        {"shape":"ReservedNodeExchangeNotFoundFault"},
+        {"shape":"UnsupportedOperationFault"}
+      ],
+      "documentation":"<p>Returns exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested.</p>"
+    },
     "DescribeReservedNodeOfferings":{
       "name":"DescribeReservedNodeOfferings",
       "http":{
@@ -1492,6 +1510,29 @@
       ],
       "documentation":"<p>Returns a database user name and temporary password with temporary authorization to log on to an Amazon Redshift database. The action returns the database user name prefixed with <code>IAM:</code> if <code>AutoCreate</code> is <code>False</code> or <code>IAMA:</code> if <code>AutoCreate</code> is <code>True</code>. You can optionally specify one or more database user groups that the user will join at log on. By default, the temporary credentials expire in 900 seconds. You can optionally specify a duration between 900 seconds (15 minutes) and 3600 seconds (60 minutes). For more information, see <a href=\"https://docs.aws.amazon.com/redshift/latest/mgmt/generating-user-credentials.html\">Using IAM Authentication to Generate Database User Credentials</a> in the Amazon Redshift Cluster Management Guide.</p> <p>The Identity and Access Management (IAM) user or role that runs GetClusterCredentials must have an IAM policy attached that allows access to all necessary actions and resources. For more information about permissions, see <a href=\"https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-iam-access-control-identity-based.html#redshift-policy-resources.getclustercredentials-resources\">Resource Policies for GetClusterCredentials</a> in the Amazon Redshift Cluster Management Guide.</p> <p>If the <code>DbGroups</code> parameter is specified, the IAM policy must allow the <code>redshift:JoinGroup</code> action with access to the listed <code>dbgroups</code>. </p> <p>In addition, if the <code>AutoCreate</code> parameter is set to <code>True</code>, then the policy must include the <code>redshift:CreateClusterUser</code> privilege.</p> <p>If the <code>DbName</code> parameter is specified, the IAM policy must allow access to the resource <code>dbname</code> for the specified database name. </p>"
     },
+    "GetReservedNodeExchangeConfigurationOptions":{
+      "name":"GetReservedNodeExchangeConfigurationOptions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetReservedNodeExchangeConfigurationOptionsInputMessage"},
+      "output":{
+        "shape":"GetReservedNodeExchangeConfigurationOptionsOutputMessage",
+        "resultWrapper":"GetReservedNodeExchangeConfigurationOptionsResult"
+      },
+      "errors":[
+        {"shape":"ReservedNodeNotFoundFault"},
+        {"shape":"InvalidReservedNodeStateFault"},
+        {"shape":"ReservedNodeAlreadyMigratedFault"},
+        {"shape":"ReservedNodeOfferingNotFoundFault"},
+        {"shape":"UnsupportedOperationFault"},
+        {"shape":"DependentServiceUnavailableFault"},
+        {"shape":"ClusterNotFoundFault"},
+        {"shape":"ClusterSnapshotNotFoundFault"}
+      ],
+      "documentation":"<p>Gets the configuration options for the reserved-node exchange. These options include information about the source reserved node and target reserved node offering. Details include the node type, the price, the node count, and the offering type.</p>"
+    },
     "GetReservedNodeExchangeOfferings":{
       "name":"GetReservedNodeExchangeOfferings",
       "http":{
@@ -1932,7 +1973,13 @@
         {"shape":"UnsupportedOptionFault"},
         {"shape":"UnsupportedOperationFault"},
         {"shape":"UnauthorizedOperation"},
-        {"shape":"LimitExceededFault"}
+        {"shape":"LimitExceededFault"},
+        {"shape":"ReservedNodeNotFoundFault"},
+        {"shape":"InvalidReservedNodeStateFault"},
+        {"shape":"ReservedNodeAlreadyMigratedFault"},
+        {"shape":"ReservedNodeOfferingNotFoundFault"},
+        {"shape":"DependentServiceUnavailableFault"},
+        {"shape":"ReservedNodeAlreadyExistsFault"}
       ],
       "documentation":"<p>Changes the size of the cluster. You can change the cluster's type, or change the number or type of nodes. The default behavior is to use the elastic resize method. With an elastic resize, your cluster is available for read and write operations more quickly than with the classic resize method. </p> <p>Elastic resize operations have the following restrictions:</p> <ul> <li> <p>You can only resize clusters of the following types:</p> <ul> <li> <p>dc1.large (if your cluster is in a VPC)</p> </li> <li> <p>dc1.8xlarge (if your cluster is in a VPC)</p> </li> <li> <p>dc2.large</p> </li> <li> <p>dc2.8xlarge</p> </li> <li> <p>ds2.xlarge</p> </li> <li> <p>ds2.8xlarge</p> </li> <li> <p>ra3.xlplus</p> </li> <li> <p>ra3.4xlarge</p> </li> <li> <p>ra3.16xlarge</p> </li> </ul> </li> <li> <p>The type of nodes that you add must match the node type for the cluster.</p> </li> </ul>"
     },
@@ -1972,7 +2019,14 @@
         {"shape":"InvalidClusterTrackFault"},
         {"shape":"SnapshotScheduleNotFoundFault"},
         {"shape":"TagLimitExceededFault"},
-        {"shape":"InvalidTagFault"}
+        {"shape":"InvalidTagFault"},
+        {"shape":"ReservedNodeNotFoundFault"},
+        {"shape":"InvalidReservedNodeStateFault"},
+        {"shape":"ReservedNodeAlreadyMigratedFault"},
+        {"shape":"ReservedNodeOfferingNotFoundFault"},
+        {"shape":"DependentServiceUnavailableFault"},
+        {"shape":"ReservedNodeAlreadyExistsFault"},
+        {"shape":"UnsupportedOperationFault"}
       ],
       "documentation":"<p>Creates a new cluster from a snapshot. By default, Amazon Redshift creates the resulting cluster with the same configuration as the original cluster from which the snapshot was created, except that the new cluster is created with the default cluster security and parameter groups. After Amazon Redshift creates the cluster, you can use the <a>ModifyCluster</a> API to associate a different security group and different parameter group with the restored cluster. If you are using a DS node type, you can also choose to change to another DS node type of the same size during restore.</p> <p>If you restore a cluster into a VPC, you must provide a cluster subnet group where you want the cluster restored.</p> <p> For more information about working with snapshots, go to <a href=\"https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-snapshots.html\">Amazon Redshift Snapshots</a> in the <i>Amazon Redshift Cluster Management Guide</i>.</p>"
     },
@@ -2444,7 +2498,7 @@
         },
         "ConsumerIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the data consumer that is authorized to access the datashare. This identifier is an AWS account ID.</p>"
+          "documentation":"<p>The identifier of the data consumer that is authorized to access the datashare. This identifier is an Amazon Web Services account ID or a keyword, such as ADX.</p>"
         }
       }
     },
@@ -2834,6 +2888,14 @@
         "AquaConfiguration":{
           "shape":"AquaConfiguration",
           "documentation":"<p>The AQUA (Advanced Query Accelerator) configuration of the cluster.</p>"
+        },
+        "DefaultIamRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role set as default for the cluster.</p>"
+        },
+        "ReservedNodeExchangeStatus":{
+          "shape":"ReservedNodeExchangeStatus",
+          "documentation":"<p>The status of the reserved-node exchange request. Statuses include in-progress and requested.</p>"
         }
       },
       "documentation":"<p>Describes a cluster.</p>",
@@ -3692,6 +3754,10 @@
         "AquaConfigurationStatus":{
           "shape":"AquaConfigurationStatus",
           "documentation":"<p>The value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) when it is created. Possible values include the following.</p> <ul> <li> <p>enabled - Use AQUA if it is available for the current Amazon Web Services Region and Amazon Redshift node type.</p> </li> <li> <p>disabled - Don't use AQUA. </p> </li> <li> <p>auto - Amazon Redshift determines whether to use AQUA.</p> </li> </ul>"
+        },
+        "DefaultIamRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was created. </p>"
         }
       },
       "documentation":"<p/>"
@@ -4159,6 +4225,10 @@
         "DataShareAssociations":{
           "shape":"DataShareAssociationList",
           "documentation":"<p>A value that specifies when the datashare has an association between a producer and data consumers.</p>"
+        },
+        "ManagedBy":{
+          "shape":"String",
+          "documentation":"<p>The identifier of a datashare to show its managing entity.</p>"
         }
       }
     },
@@ -4270,7 +4340,7 @@
         },
         "ConsumerIdentifier":{
           "shape":"String",
-          "documentation":"<p>The identifier of the data consumer that is to have authorization removed from the datashare. This identifier is an AWS account ID.</p>"
+          "documentation":"<p>The identifier of the data consumer that is to have authorization removed from the datashare. This identifier is an Amazon Web Services account ID or a keyword, such as ADX.</p>"
         }
       }
     },
@@ -4834,7 +4904,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForConsumer</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForConsumer</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -4847,7 +4917,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForConsumer</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForConsumer</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -4868,7 +4938,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForProducer</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForProducer</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -4881,7 +4951,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForProducer</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataSharesForProducer</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -4898,7 +4968,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataShares</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataShares</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -4911,7 +4981,7 @@
         },
         "Marker":{
           "shape":"String",
-          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataShares</a> request exceed the value specified in <code>MaxRecords</code>, AWS returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
+          "documentation":"<p>An optional parameter that specifies the starting point to return a set of response records. When the results of a <a>DescribeDataShares</a> request exceed the value specified in <code>MaxRecords</code>, Amazon Web Services returns a value in the <code>Marker</code> field of the response. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request. </p>"
         }
       }
     },
@@ -5218,6 +5288,40 @@
         }
       }
     },
+    "DescribeReservedNodeExchangeStatusInputMessage":{
+      "type":"structure",
+      "members":{
+        "ReservedNodeId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the source reserved node in a reserved-node exchange request.</p>"
+        },
+        "ReservedNodeExchangeRequestId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the reserved-node exchange request.</p>"
+        },
+        "MaxRecords":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified <code>MaxRecords</code> value, a value is returned in a <code>Marker</code> field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.</p>"
+        },
+        "Marker":{
+          "shape":"String",
+          "documentation":"<p>An optional pagination token provided by a previous <code>DescribeReservedNodeExchangeStatus</code> request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by the <code>MaxRecords</code> parameter. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request.</p>"
+        }
+      }
+    },
+    "DescribeReservedNodeExchangeStatusOutputMessage":{
+      "type":"structure",
+      "members":{
+        "ReservedNodeExchangeStatusDetails":{
+          "shape":"ReservedNodeExchangeStatusList",
+          "documentation":"<p>The details of the reserved-node exchange request, including the status, request time, source reserved-node identifier, and additional details.</p>"
+        },
+        "Marker":{
+          "shape":"String",
+          "documentation":"<p>A pagination token provided by a previous <code>DescribeReservedNodeExchangeStatus</code> request.</p>"
+        }
+      }
+    },
     "DescribeReservedNodeOfferingsMessage":{
       "type":"structure",
       "members":{
@@ -6074,6 +6178,45 @@
       },
       "documentation":"<p>The request parameters to get cluster credentials.</p>"
     },
+    "GetReservedNodeExchangeConfigurationOptionsInputMessage":{
+      "type":"structure",
+      "required":["ActionType"],
+      "members":{
+        "ActionType":{
+          "shape":"ReservedNodeExchangeActionType",
+          "documentation":"<p>The action type of the reserved-node configuration. The action type can be an exchange initiated from either a snapshot or a resize.</p>"
+        },
+        "ClusterIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier for the cluster that is the source for a reserved-node exchange.</p>"
+        },
+        "SnapshotIdentifier":{
+          "shape":"String",
+          "documentation":"<p>The identifier for the snapshot that is the source for the reserved-node exchange.</p>"
+        },
+        "MaxRecords":{
+          "shape":"IntegerOptional",
+          "documentation":"<p>The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified <code>MaxRecords</code> value, a value is returned in a <code>Marker</code> field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.</p>"
+        },
+        "Marker":{
+          "shape":"String",
+          "documentation":"<p>An optional pagination token provided by a previous <code>GetReservedNodeExchangeConfigurationOptions</code> request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by the <code>MaxRecords</code> parameter. You can retrieve the next set of response records by providing the returned marker value in the <code>Marker</code> parameter and retrying the request.</p>"
+        }
+      }
+    },
+    "GetReservedNodeExchangeConfigurationOptionsOutputMessage":{
+      "type":"structure",
+      "members":{
+        "Marker":{
+          "shape":"String",
+          "documentation":"<p>A pagination token provided by a previous <code>GetReservedNodeExchangeConfigurationOptions</code> request.</p>"
+        },
+        "ReservedNodeConfigurationOptionList":{
+          "shape":"ReservedNodeConfigurationOptionList",
+          "documentation":"<p>the configuration options for the reserved-node exchange. These options include information about the source reserved node and target reserved node. Details include the node type, the price, the node count, and the offering type.</p>"
+        }
+      }
+    },
     "GetReservedNodeExchangeOfferingsInputMessage":{
       "type":"structure",
       "required":["ReservedNodeId"],
@@ -6898,6 +7041,10 @@
         "RemoveIamRoles":{
           "shape":"IamRoleArnList",
           "documentation":"<p>Zero or more IAM roles in ARN format to disassociate from the cluster. You can disassociate up to 10 IAM roles from a single cluster in a single request.</p>"
+        },
+        "DefaultIamRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was last modified.</p>"
         }
       },
       "documentation":"<p/>"
@@ -7898,6 +8045,106 @@
       },
       "exception":true
     },
+    "ReservedNodeConfigurationOption":{
+      "type":"structure",
+      "members":{
+        "SourceReservedNode":{"shape":"ReservedNode"},
+        "TargetReservedNodeCount":{
+          "shape":"Integer",
+          "documentation":"<p>The target reserved-node count.</p>"
+        },
+        "TargetReservedNodeOffering":{"shape":"ReservedNodeOffering"}
+      },
+      "documentation":"<p>Details for a reserved-node exchange. Examples include the node type for a reserved node, the price for a node, the node's state, and other details.</p>",
+      "wrapper":true
+    },
+    "ReservedNodeConfigurationOptionList":{
+      "type":"list",
+      "member":{
+        "shape":"ReservedNodeConfigurationOption",
+        "locationName":"ReservedNodeConfigurationOption"
+      }
+    },
+    "ReservedNodeExchangeActionType":{
+      "type":"string",
+      "enum":[
+        "restore-cluster",
+        "resize-cluster"
+      ]
+    },
+    "ReservedNodeExchangeNotFoundFault":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>The reserved-node exchange status wasn't found.</p>",
+      "error":{
+        "code":"ReservedNodeExchangeNotFond",
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ReservedNodeExchangeStatus":{
+      "type":"structure",
+      "members":{
+        "ReservedNodeExchangeRequestId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the reserved-node exchange request.</p>"
+        },
+        "Status":{
+          "shape":"ReservedNodeExchangeStatusType",
+          "documentation":"<p>The status of the reserved-node exchange request. Statuses include in-progress and requested.</p>"
+        },
+        "RequestTime":{
+          "shape":"TStamp",
+          "documentation":"<p>A date and time that indicate when the reserved-node exchange was requested.</p>"
+        },
+        "SourceReservedNodeId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the source reserved node.</p>"
+        },
+        "SourceReservedNodeType":{
+          "shape":"String",
+          "documentation":"<p>The source reserved-node type, for example ds2.xlarge.</p>"
+        },
+        "SourceReservedNodeCount":{
+          "shape":"Integer",
+          "documentation":"<p>The source reserved-node count in the cluster.</p>"
+        },
+        "TargetReservedNodeOfferingId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the target reserved node offering.</p>"
+        },
+        "TargetReservedNodeType":{
+          "shape":"String",
+          "documentation":"<p>The node type of the target reserved node, for example ra3.4xlarge.</p>"
+        },
+        "TargetReservedNodeCount":{
+          "shape":"Integer",
+          "documentation":"<p>The count of target reserved nodes in the cluster.</p>"
+        }
+      },
+      "documentation":"<p>Reserved-node status details, such as the source reserved-node identifier, the target reserved-node identifier, the node type, the node count, and other details.</p>",
+      "wrapper":true
+    },
+    "ReservedNodeExchangeStatusList":{
+      "type":"list",
+      "member":{
+        "shape":"ReservedNodeExchangeStatus",
+        "locationName":"ReservedNodeExchangeStatus"
+      }
+    },
+    "ReservedNodeExchangeStatusType":{
+      "type":"string",
+      "enum":[
+        "REQUESTED",
+        "PENDING",
+        "IN_PROGRESS",
+        "RETRYING",
+        "SUCCEEDED",
+        "FAILED"
+      ]
+    },
     "ReservedNodeList":{
       "type":"list",
       "member":{
@@ -8068,6 +8315,14 @@
         "Classic":{
           "shape":"BooleanOptional",
           "documentation":"<p>A boolean value indicating whether the resize operation is using the classic resize process. If you don't provide this parameter or set the value to <code>false</code>, the resize type is elastic. </p>"
+        },
+        "ReservedNodeId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the reserved node.</p>"
+        },
+        "TargetReservedNodeOfferingId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the target reserved node offering.</p>"
         }
       },
       "documentation":"<p>Describes a resize cluster operation. For example, a scheduled action to run the <code>ResizeCluster</code> API operation. </p>"
@@ -8311,6 +8566,18 @@
         "AquaConfigurationStatus":{
           "shape":"AquaConfigurationStatus",
           "documentation":"<p>The value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) after the cluster is restored. Possible values include the following.</p> <ul> <li> <p>enabled - Use AQUA if it is available for the current Amazon Web Services Region and Amazon Redshift node type.</p> </li> <li> <p>disabled - Don't use AQUA. </p> </li> <li> <p>auto - Amazon Redshift determines whether to use AQUA.</p> </li> </ul>"
+        },
+        "DefaultIamRoleArn":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was last modified while it was restored from a snapshot.</p>"
+        },
+        "ReservedNodeId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the target reserved node offering.</p>"
+        },
+        "TargetReservedNodeOfferingId":{
+          "shape":"String",
+          "documentation":"<p>The identifier of the target reserved node offering.</p>"
         }
       },
       "documentation":"<p/>"
diff --git a/contrib/python/botocore/py3/botocore/data/rekognition/2016-06-27/service-2.json b/contrib/python/botocore/py3/botocore/data/rekognition/2016-06-27/service-2.json
index fc5366ac0e9..e97db585bec 100644
--- a/contrib/python/botocore/py3/botocore/data/rekognition/2016-06-27/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/rekognition/2016-06-27/service-2.json
@@ -30,7 +30,7 @@
         {"shape":"ProvisionedThroughputExceededException"},
         {"shape":"InvalidImageFormatException"}
       ],
-      "documentation":"<p>Compares a face in the <i>source</i> input image with each of the 100 largest faces detected in the <i>target</i> input image. </p> <p> If the source image contains multiple faces, the service detects the largest face and compares it with each face detected in the target image. </p> <note> <p>CompareFaces uses machine learning algorithms, which are probabilistic. A false negative is an incorrect prediction that a face in the target image has a low similarity confidence score when compared to the face in the source image. To reduce the probability of false negatives, we recommend that you compare the target image against multiple source images. If you plan to use <code>CompareFaces</code> to make a decision that impacts an individual's rights, privacy, or access to services, we recommend that you pass the result to a human for review and further validation before taking action.</p> </note> <p>You pass the input and target images either as base64-encoded image bytes or as references to images in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes isn't supported. The image must be formatted as a PNG or JPEG file. </p> <p>In response, the operation returns an array of face matches ordered by similarity score in descending order. For each face match, the response provides a bounding box of the face, facial landmarks, pose details (pitch, role, and yaw), quality (brightness and sharpness), and confidence value (indicating the level of confidence that the bounding box contains a face). The response also provides a similarity score, which indicates how closely the faces match. </p> <note> <p>By default, only faces with a similarity score of greater than or equal to 80% are returned in the response. You can change this value by specifying the <code>SimilarityThreshold</code> parameter.</p> </note> <p> <code>CompareFaces</code> also returns an array of faces that don't match the source image. For each face, it returns a bounding box, confidence value, landmarks, pose details, and quality. The response also returns information about the face in the source image, including the bounding box of the face and confidence value.</p> <p>The <code>QualityFilter</code> input parameter allows you to filter out detected faces that don’t meet a required quality bar. The quality bar is based on a variety of common use cases. Use <code>QualityFilter</code> to set the quality bar by specifying <code>LOW</code>, <code>MEDIUM</code>, or <code>HIGH</code>. If you do not want to filter detected faces, specify <code>NONE</code>. The default value is <code>NONE</code>. </p> <p>If the image doesn't contain Exif metadata, <code>CompareFaces</code> returns orientation information for the source and target images. Use these values to display the images with the correct image orientation.</p> <p>If no faces are detected in the source or target images, <code>CompareFaces</code> returns an <code>InvalidParameterException</code> error. </p> <note> <p> This is a stateless API operation. That is, data returned by this operation doesn't persist.</p> </note> <p>For an example, see Comparing Faces in Images in the Amazon Rekognition Developer Guide.</p> <p>This operation requires permissions to perform the <code>rekognition:CompareFaces</code> action.</p>"
+      "documentation":"<p>Compares a face in the <i>source</i> input image with each of the 100 largest faces detected in the <i>target</i> input image. </p> <p> If the source image contains multiple faces, the service detects the largest face and compares it with each face detected in the target image. </p> <note> <p>CompareFaces uses machine learning algorithms, which are probabilistic. A false negative is an incorrect prediction that a face in the target image has a low similarity confidence score when compared to the face in the source image. To reduce the probability of false negatives, we recommend that you compare the target image against multiple source images. If you plan to use <code>CompareFaces</code> to make a decision that impacts an individual's rights, privacy, or access to services, we recommend that you pass the result to a human for review and further validation before taking action.</p> </note> <p>You pass the input and target images either as base64-encoded image bytes or as references to images in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes isn't supported. The image must be formatted as a PNG or JPEG file. </p> <p>In response, the operation returns an array of face matches ordered by similarity score in descending order. For each face match, the response provides a bounding box of the face, facial landmarks, pose details (pitch, roll, and yaw), quality (brightness and sharpness), and confidence value (indicating the level of confidence that the bounding box contains a face). The response also provides a similarity score, which indicates how closely the faces match. </p> <note> <p>By default, only faces with a similarity score of greater than or equal to 80% are returned in the response. You can change this value by specifying the <code>SimilarityThreshold</code> parameter.</p> </note> <p> <code>CompareFaces</code> also returns an array of faces that don't match the source image. For each face, it returns a bounding box, confidence value, landmarks, pose details, and quality. The response also returns information about the face in the source image, including the bounding box of the face and confidence value.</p> <p>The <code>QualityFilter</code> input parameter allows you to filter out detected faces that don’t meet a required quality bar. The quality bar is based on a variety of common use cases. Use <code>QualityFilter</code> to set the quality bar by specifying <code>LOW</code>, <code>MEDIUM</code>, or <code>HIGH</code>. If you do not want to filter detected faces, specify <code>NONE</code>. The default value is <code>NONE</code>. </p> <p>If the image doesn't contain Exif metadata, <code>CompareFaces</code> returns orientation information for the source and target images. Use these values to display the images with the correct image orientation.</p> <p>If no faces are detected in the source or target images, <code>CompareFaces</code> returns an <code>InvalidParameterException</code> error. </p> <note> <p> This is a stateless API operation. That is, data returned by this operation doesn't persist.</p> </note> <p>For an example, see Comparing Faces in Images in the Amazon Rekognition Developer Guide.</p> <p>This operation requires permissions to perform the <code>rekognition:CompareFaces</code> action.</p>"
     },
     "CreateCollection":{
       "name":"CreateCollection",
@@ -458,7 +458,7 @@
         {"shape":"ProvisionedThroughputExceededException"},
         {"shape":"InvalidImageFormatException"}
       ],
-      "documentation":"<p>Detects text in the input image and converts it into machine-readable text.</p> <p>Pass the input image as base64-encoded image bytes or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, you must pass it as a reference to an image in an Amazon S3 bucket. For the AWS CLI, passing image bytes is not supported. The image must be either a .png or .jpeg formatted file. </p> <p>The <code>DetectText</code> operation returns text in an array of <a>TextDetection</a> elements, <code>TextDetections</code>. Each <code>TextDetection</code> element provides information about a single word or line of text that was detected in the image. </p> <p>A word is one or more ISO basic latin script characters that are not separated by spaces. <code>DetectText</code> can detect up to 100 words in an image.</p> <p>A line is a string of equally spaced words. A line isn't necessarily a complete sentence. For example, a driver's license number is detected as a line. A line ends when there is no aligned text after it. Also, a line ends when there is a large gap between words, relative to the length of the words. This means, depending on the gap between words, Amazon Rekognition may detect multiple lines in text aligned in the same direction. Periods don't represent the end of a line. If a sentence spans multiple lines, the <code>DetectText</code> operation returns multiple lines.</p> <p>To determine whether a <code>TextDetection</code> element is a line of text or a word, use the <code>TextDetection</code> object <code>Type</code> field. </p> <p>To be detected, text must be within +/- 90 degrees orientation of the horizontal axis.</p> <p>For more information, see DetectText in the Amazon Rekognition Developer Guide.</p>"
+      "documentation":"<p>Detects text in the input image and converts it into machine-readable text.</p> <p>Pass the input image as base64-encoded image bytes or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, you must pass it as a reference to an image in an Amazon S3 bucket. For the AWS CLI, passing image bytes is not supported. The image must be either a .png or .jpeg formatted file. </p> <p>The <code>DetectText</code> operation returns text in an array of <a>TextDetection</a> elements, <code>TextDetections</code>. Each <code>TextDetection</code> element provides information about a single word or line of text that was detected in the image. </p> <p>A word is one or more script characters that are not separated by spaces. <code>DetectText</code> can detect up to 100 words in an image.</p> <p>A line is a string of equally spaced words. A line isn't necessarily a complete sentence. For example, a driver's license number is detected as a line. A line ends when there is no aligned text after it. Also, a line ends when there is a large gap between words, relative to the length of the words. This means, depending on the gap between words, Amazon Rekognition may detect multiple lines in text aligned in the same direction. Periods don't represent the end of a line. If a sentence spans multiple lines, the <code>DetectText</code> operation returns multiple lines.</p> <p>To determine whether a <code>TextDetection</code> element is a line of text or a word, use the <code>TextDetection</code> object <code>Type</code> field. </p> <p>To be detected, text must be within +/- 90 degrees orientation of the horizontal axis.</p> <p>For more information, see DetectText in the Amazon Rekognition Developer Guide.</p>"
     },
     "DistributeDatasetEntries":{
       "name":"DistributeDatasetEntries",
@@ -669,7 +669,7 @@
         {"shape":"InvalidImageFormatException"},
         {"shape":"ServiceQuotaExceededException"}
       ],
-      "documentation":"<p>Detects faces in the input image and adds them to the specified collection. </p> <p>Amazon Rekognition doesn't save the actual faces that are detected. Instead, the underlying detection algorithm first detects the faces in the input image. For each face, the algorithm extracts facial features into a feature vector, and stores it in the backend database. Amazon Rekognition uses feature vectors when it performs face match and search operations using the <a>SearchFaces</a> and <a>SearchFacesByImage</a> operations.</p> <p>For more information, see Adding Faces to a Collection in the Amazon Rekognition Developer Guide.</p> <p>To get the number of faces in a collection, call <a>DescribeCollection</a>. </p> <p>If you're using version 1.0 of the face detection model, <code>IndexFaces</code> indexes the 15 largest faces in the input image. Later versions of the face detection model index the 100 largest faces in the input image. </p> <p>If you're using version 4 or later of the face model, image orientation information is not returned in the <code>OrientationCorrection</code> field. </p> <p>To determine which version of the model you're using, call <a>DescribeCollection</a> and supply the collection ID. You can also get the model version from the value of <code>FaceModelVersion</code> in the response from <code>IndexFaces</code> </p> <p>For more information, see Model Versioning in the Amazon Rekognition Developer Guide.</p> <p>If you provide the optional <code>ExternalImageId</code> for the input image you provided, Amazon Rekognition associates this ID with all faces that it detects. When you call the <a>ListFaces</a> operation, the response returns the external ID. You can use this external image ID to create a client-side index to associate the faces with each image. You can then use the index to find all faces in an image.</p> <p>You can specify the maximum number of faces to index with the <code>MaxFaces</code> input parameter. This is useful when you want to index the largest faces in an image and don't want to index smaller faces, such as those belonging to people standing in the background.</p> <p>The <code>QualityFilter</code> input parameter allows you to filter out detected faces that don’t meet a required quality bar. The quality bar is based on a variety of common use cases. By default, <code>IndexFaces</code> chooses the quality bar that's used to filter faces. You can also explicitly choose the quality bar. Use <code>QualityFilter</code>, to set the quality bar by specifying <code>LOW</code>, <code>MEDIUM</code>, or <code>HIGH</code>. If you do not want to filter detected faces, specify <code>NONE</code>. </p> <note> <p>To use quality filtering, you need a collection associated with version 3 of the face model or higher. To get the version of the face model associated with a collection, call <a>DescribeCollection</a>. </p> </note> <p>Information about faces detected in an image, but not indexed, is returned in an array of <a>UnindexedFace</a> objects, <code>UnindexedFaces</code>. Faces aren't indexed for reasons such as:</p> <ul> <li> <p>The number of faces detected exceeds the value of the <code>MaxFaces</code> request parameter.</p> </li> <li> <p>The face is too small compared to the image dimensions.</p> </li> <li> <p>The face is too blurry.</p> </li> <li> <p>The image is too dark.</p> </li> <li> <p>The face has an extreme pose.</p> </li> <li> <p>The face doesn’t have enough detail to be suitable for face search.</p> </li> </ul> <p>In response, the <code>IndexFaces</code> operation returns an array of metadata for all detected faces, <code>FaceRecords</code>. This includes: </p> <ul> <li> <p>The bounding box, <code>BoundingBox</code>, of the detected face. </p> </li> <li> <p>A confidence value, <code>Confidence</code>, which indicates the confidence that the bounding box contains a face.</p> </li> <li> <p>A face ID, <code>FaceId</code>, assigned by the service for each face that's detected and stored.</p> </li> <li> <p>An image ID, <code>ImageId</code>, assigned by the service for the input image.</p> </li> </ul> <p>If you request all facial attributes (by using the <code>detectionAttributes</code> parameter), Amazon Rekognition returns detailed facial attributes, such as facial landmarks (for example, location of eye and mouth) and other facial attributes. If you provide the same image, specify the same collection, and use the same external ID in the <code>IndexFaces</code> operation, Amazon Rekognition doesn't save duplicate face metadata.</p> <p/> <p>The input image is passed either as base64-encoded image bytes, or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes isn't supported. The image must be formatted as a PNG or JPEG file. </p> <p>This operation requires permissions to perform the <code>rekognition:IndexFaces</code> action.</p>"
+      "documentation":"<p>Detects faces in the input image and adds them to the specified collection. </p> <p>Amazon Rekognition doesn't save the actual faces that are detected. Instead, the underlying detection algorithm first detects the faces in the input image. For each face, the algorithm extracts facial features into a feature vector, and stores it in the backend database. Amazon Rekognition uses feature vectors when it performs face match and search operations using the <a>SearchFaces</a> and <a>SearchFacesByImage</a> operations.</p> <p>For more information, see Adding Faces to a Collection in the Amazon Rekognition Developer Guide.</p> <p>To get the number of faces in a collection, call <a>DescribeCollection</a>. </p> <p>If you're using version 1.0 of the face detection model, <code>IndexFaces</code> indexes the 15 largest faces in the input image. Later versions of the face detection model index the 100 largest faces in the input image. </p> <p>If you're using version 4 or later of the face model, image orientation information is not returned in the <code>OrientationCorrection</code> field. </p> <p>To determine which version of the model you're using, call <a>DescribeCollection</a> and supply the collection ID. You can also get the model version from the value of <code>FaceModelVersion</code> in the response from <code>IndexFaces</code> </p> <p>For more information, see Model Versioning in the Amazon Rekognition Developer Guide.</p> <p>If you provide the optional <code>ExternalImageId</code> for the input image you provided, Amazon Rekognition associates this ID with all faces that it detects. When you call the <a>ListFaces</a> operation, the response returns the external ID. You can use this external image ID to create a client-side index to associate the faces with each image. You can then use the index to find all faces in an image.</p> <p>You can specify the maximum number of faces to index with the <code>MaxFaces</code> input parameter. This is useful when you want to index the largest faces in an image and don't want to index smaller faces, such as those belonging to people standing in the background.</p> <p>The <code>QualityFilter</code> input parameter allows you to filter out detected faces that don’t meet a required quality bar. The quality bar is based on a variety of common use cases. By default, <code>IndexFaces</code> chooses the quality bar that's used to filter faces. You can also explicitly choose the quality bar. Use <code>QualityFilter</code>, to set the quality bar by specifying <code>LOW</code>, <code>MEDIUM</code>, or <code>HIGH</code>. If you do not want to filter detected faces, specify <code>NONE</code>. </p> <note> <p>To use quality filtering, you need a collection associated with version 3 of the face model or higher. To get the version of the face model associated with a collection, call <a>DescribeCollection</a>. </p> </note> <p>Information about faces detected in an image, but not indexed, is returned in an array of <a>UnindexedFace</a> objects, <code>UnindexedFaces</code>. Faces aren't indexed for reasons such as:</p> <ul> <li> <p>The number of faces detected exceeds the value of the <code>MaxFaces</code> request parameter.</p> </li> <li> <p>The face is too small compared to the image dimensions.</p> </li> <li> <p>The face is too blurry.</p> </li> <li> <p>The image is too dark.</p> </li> <li> <p>The face has an extreme pose.</p> </li> <li> <p>The face doesn’t have enough detail to be suitable for face search.</p> </li> </ul> <p>In response, the <code>IndexFaces</code> operation returns an array of metadata for all detected faces, <code>FaceRecords</code>. This includes: </p> <ul> <li> <p>The bounding box, <code>BoundingBox</code>, of the detected face. </p> </li> <li> <p>A confidence value, <code>Confidence</code>, which indicates the confidence that the bounding box contains a face.</p> </li> <li> <p>A face ID, <code>FaceId</code>, assigned by the service for each face that's detected and stored.</p> </li> <li> <p>An image ID, <code>ImageId</code>, assigned by the service for the input image.</p> </li> </ul> <p>If you request all facial attributes (by using the <code>detectionAttributes</code> parameter), Amazon Rekognition returns detailed facial attributes, such as facial landmarks (for example, location of eye and mouth) and other facial attributes. If you provide the same image, specify the same collection, use the same external ID, and use the same model version in the <code>IndexFaces</code> operation, Amazon Rekognition doesn't save duplicate face metadata.</p> <p/> <p>The input image is passed either as base64-encoded image bytes, or as a reference to an image in an Amazon S3 bucket. If you use the AWS CLI to call Amazon Rekognition operations, passing image bytes isn't supported. The image must be formatted as a PNG or JPEG file. </p> <p>This operation requires permissions to perform the <code>rekognition:IndexFaces</code> action.</p>"
     },
     "ListCollections":{
       "name":"ListCollections",
@@ -1611,7 +1611,7 @@
         },
         "FaceModelVersion":{
           "shape":"String",
-          "documentation":"<p>Version number of the face detection model associated with the collection you are creating.</p>"
+          "documentation":"<p>Latest face model being used with the collection. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>.</p>"
         }
       }
     },
@@ -2641,6 +2641,10 @@
         "Confidence":{
           "shape":"Percent",
           "documentation":"<p>Confidence level that the bounding box contains a face (and not a different object such as a tree).</p>"
+        },
+        "IndexFacesModelVersion":{
+          "shape":"IndexFacesModelVersion",
+          "documentation":"<p> The version of the face detect and storage model that was used when indexing the face vector. </p>"
         }
       },
       "documentation":"<p>Describes the face properties such as the bounding box, face ID, image ID of the input image, and external image ID that you assigned. </p>"
@@ -3417,6 +3421,10 @@
       "documentation":"<p>The input image size exceeds the allowed limit. If you are calling DetectProtectiveEquipment, the image size or resolution exceeds the allowed limit. For more information, see Limits in Amazon Rekognition in the Amazon Rekognition Developer Guide. </p>",
       "exception":true
     },
+    "IndexFacesModelVersion":{
+      "type":"string",
+      "pattern":"[0-9\\.]+"
+    },
     "IndexFacesRequest":{
       "type":"structure",
       "required":[
@@ -3463,7 +3471,7 @@
         },
         "FaceModelVersion":{
           "shape":"String",
-          "documentation":"<p>The version number of the face detection model that's associated with the input collection (<code>CollectionId</code>).</p>"
+          "documentation":"<p>Latest face model being used with the collection. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>.</p>"
         },
         "UnindexedFaces":{
           "shape":"UnindexedFaces",
@@ -3584,14 +3592,16 @@
           "documentation":"<p>A string value of the KnownGender info about the Celebrity.</p>"
         }
       },
-      "documentation":"<p>The known gender identity for the celebrity that matches the provided ID.</p>"
+      "documentation":"<p>The known gender identity for the celebrity that matches the provided ID. The known gender identity can be Male, Female, Nonbinary, or Unlisted.</p>"
     },
     "KnownGenderType":{
       "type":"string",
       "documentation":"<p>A list of enum string of possible gender values that Celebrity returns.</p>",
       "enum":[
         "Male",
-        "Female"
+        "Female",
+        "Nonbinary",
+        "Unlisted"
       ]
     },
     "Label":{
@@ -3735,7 +3745,7 @@
         },
         "FaceModelVersions":{
           "shape":"FaceModelVersionList",
-          "documentation":"<p>Version numbers of the face detection models associated with the collections in the array <code>CollectionIds</code>. For example, the value of <code>FaceModelVersions[2]</code> is the version number for the face detection model used by the collection in <code>CollectionId[2]</code>.</p>"
+          "documentation":"<p>Latest face models being used with the corresponding collections in the array. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>. For example, the value of <code>FaceModelVersions[2]</code> is the version number for the face detection model used by the collection in <code>CollectionId[2]</code>.</p>"
         }
       }
     },
@@ -3858,7 +3868,7 @@
         },
         "FaceModelVersion":{
           "shape":"String",
-          "documentation":"<p>Version number of the face detection model associated with the input collection (<code>CollectionId</code>).</p>"
+          "documentation":"<p>Latest face model being used with the collection. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>.</p>"
         }
       }
     },
@@ -4602,7 +4612,7 @@
         },
         "FaceModelVersion":{
           "shape":"String",
-          "documentation":"<p>Version number of the face detection model associated with the input collection (<code>CollectionId</code>).</p>"
+          "documentation":"<p>Latest face model being used with the collection. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>.</p>"
         }
       }
     },
@@ -4644,7 +4654,7 @@
         },
         "FaceModelVersion":{
           "shape":"String",
-          "documentation":"<p>Version number of the face detection model associated with the input collection (<code>CollectionId</code>).</p>"
+          "documentation":"<p>Latest face model being used with the collection. For more information, see <a href=\"https://docs.aws.amazon.com/rekognition/latest/dg/face-detection-model.html\">Model versioning</a>.</p>"
         }
       }
     },
diff --git a/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/paginators-1.json b/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/paginators-1.json
new file mode 100644
index 00000000000..ea142457a6a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/paginators-1.json
@@ -0,0 +1,3 @@
+{
+  "pagination": {}
+}
diff --git a/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/service-2.json b/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/service-2.json
new file mode 100644
index 00000000000..06919e37996
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/resiliencehub/2020-04-30/service-2.json
@@ -0,0 +1,3614 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2020-04-30",
+    "endpointPrefix":"resiliencehub",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"AWS Resilience Hub",
+    "serviceId":"resiliencehub",
+    "signatureVersion":"v4",
+    "signingName":"resiliencehub",
+    "uid":"resiliencehub-2020-04-30"
+  },
+  "operations":{
+    "AddDraftAppVersionResourceMappings":{
+      "name":"AddDraftAppVersionResourceMappings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/add-draft-app-version-resource-mappings",
+        "responseCode":200
+      },
+      "input":{"shape":"AddDraftAppVersionResourceMappingsRequest"},
+      "output":{"shape":"AddDraftAppVersionResourceMappingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Adds the resource mapping for the draft application version.</p>"
+    },
+    "CreateApp":{
+      "name":"CreateApp",
+      "http":{
+        "method":"POST",
+        "requestUri":"/create-app",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateAppRequest"},
+      "output":{"shape":"CreateAppResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a Resilience Hub application. A Resilience Hub application is a collection of Amazon Web Services resources structured to prevent and recover Amazon Web Services application disruptions. To describe a Resilience Hub application, you provide an application name, resources from one or more–up to five–CloudFormation stacks, and an appropriate resiliency policy.</p> <pre><code> &lt;p&gt;After you create a Resilience Hub application, you publish it so that you can run a resiliency assessment on it. You can then use recommendations from the assessment to improve resiliency by running another assessment, comparing results, and then iterating the process until you achieve your goals for recovery time objective (RTO) and recovery point objective (RPO).&lt;/p&gt; </code></pre>"
+    },
+    "CreateRecommendationTemplate":{
+      "name":"CreateRecommendationTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/create-recommendation-template",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateRecommendationTemplateRequest"},
+      "output":{"shape":"CreateRecommendationTemplateResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a new recommendation template.</p>"
+    },
+    "CreateResiliencyPolicy":{
+      "name":"CreateResiliencyPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/create-resiliency-policy",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateResiliencyPolicyRequest"},
+      "output":{"shape":"CreateResiliencyPolicyResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a resiliency policy for an application.</p>"
+    },
+    "DeleteApp":{
+      "name":"DeleteApp",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delete-app",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteAppRequest"},
+      "output":{"shape":"DeleteAppResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Deletes an AWS Resilience Hub application. This is a destructive action that can't be undone.</p>"
+    },
+    "DeleteAppAssessment":{
+      "name":"DeleteAppAssessment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delete-app-assessment",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteAppAssessmentRequest"},
+      "output":{"shape":"DeleteAppAssessmentResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an AWS Resilience Hub application assessment. This is a destructive action that can't be undone.</p>"
+    },
+    "DeleteRecommendationTemplate":{
+      "name":"DeleteRecommendationTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delete-recommendation-template",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteRecommendationTemplateRequest"},
+      "output":{"shape":"DeleteRecommendationTemplateResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes a recommendation template. This is a destructive action that can't be undone.</p>"
+    },
+    "DeleteResiliencyPolicy":{
+      "name":"DeleteResiliencyPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/delete-resiliency-policy",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteResiliencyPolicyRequest"},
+      "output":{"shape":"DeleteResiliencyPolicyResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes a resiliency policy. This is a destructive action that can't be undone.</p>"
+    },
+    "DescribeApp":{
+      "name":"DescribeApp",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-app",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeAppRequest"},
+      "output":{"shape":"DescribeAppResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes an AWS Resilience Hub application.</p>"
+    },
+    "DescribeAppAssessment":{
+      "name":"DescribeAppAssessment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-app-assessment",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeAppAssessmentRequest"},
+      "output":{"shape":"DescribeAppAssessmentResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes an assessment for an AWS Resilience Hub application.</p>"
+    },
+    "DescribeAppVersionResourcesResolutionStatus":{
+      "name":"DescribeAppVersionResourcesResolutionStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-app-version-resources-resolution-status",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeAppVersionResourcesResolutionStatusRequest"},
+      "output":{"shape":"DescribeAppVersionResourcesResolutionStatusResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns the resolution status for the specified resolution identifier for an application version. If <code>resolutionId</code> is not specified, the current resolution status is returned.</p>"
+    },
+    "DescribeAppVersionTemplate":{
+      "name":"DescribeAppVersionTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-app-version-template",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeAppVersionTemplateRequest"},
+      "output":{"shape":"DescribeAppVersionTemplateResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes details about an AWS Resilience Hub </p>"
+    },
+    "DescribeDraftAppVersionResourcesImportStatus":{
+      "name":"DescribeDraftAppVersionResourcesImportStatus",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-draft-app-version-resources-import-status",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeDraftAppVersionResourcesImportStatusRequest"},
+      "output":{"shape":"DescribeDraftAppVersionResourcesImportStatusResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes the status of importing resources to an application version.</p>"
+    },
+    "DescribeResiliencyPolicy":{
+      "name":"DescribeResiliencyPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/describe-resiliency-policy",
+        "responseCode":200
+      },
+      "input":{"shape":"DescribeResiliencyPolicyRequest"},
+      "output":{"shape":"DescribeResiliencyPolicyResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Describes a specified resiliency policy for an AWS Resilience Hub application. The returned policy object includes creation time, data location constraints, the Amazon Resource Name (ARN) for the policy, tags, tier, and more.</p>"
+    },
+    "ImportResourcesToDraftAppVersion":{
+      "name":"ImportResourcesToDraftAppVersion",
+      "http":{
+        "method":"POST",
+        "requestUri":"/import-resources-to-draft-app-version",
+        "responseCode":200
+      },
+      "input":{"shape":"ImportResourcesToDraftAppVersionRequest"},
+      "output":{"shape":"ImportResourcesToDraftAppVersionResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Imports resources from sources such as a CloudFormation stack, resource-groups, or application registry app to a draft application version.</p>"
+    },
+    "ListAlarmRecommendations":{
+      "name":"ListAlarmRecommendations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-alarm-recommendations",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAlarmRecommendationsRequest"},
+      "output":{"shape":"ListAlarmRecommendationsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the alarm recommendations for a AWS Resilience Hub application.</p>"
+    },
+    "ListAppAssessments":{
+      "name":"ListAppAssessments",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-app-assessments",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppAssessmentsRequest"},
+      "output":{"shape":"ListAppAssessmentsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the assessments for an AWS Resilience Hub application. You can use request parameters to refine the results for the response object.</p>"
+    },
+    "ListAppComponentCompliances":{
+      "name":"ListAppComponentCompliances",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-app-component-compliances",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppComponentCompliancesRequest"},
+      "output":{"shape":"ListAppComponentCompliancesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the compliances for an AWS Resilience Hub component.</p>"
+    },
+    "ListAppComponentRecommendations":{
+      "name":"ListAppComponentRecommendations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-app-component-recommendations",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppComponentRecommendationsRequest"},
+      "output":{"shape":"ListAppComponentRecommendationsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the recommendations for an AWS Resilience Hub component.</p>"
+    },
+    "ListAppVersionResourceMappings":{
+      "name":"ListAppVersionResourceMappings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-app-version-resource-mappings",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppVersionResourceMappingsRequest"},
+      "output":{"shape":"ListAppVersionResourceMappingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists how the resources in an application version are mapped/sourced from. Mappings can be physical resource identifiers, CloudFormation stacks, resource-groups, or an application registry app.</p>"
+    },
+    "ListAppVersionResources":{
+      "name":"ListAppVersionResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-app-version-resources",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppVersionResourcesRequest"},
+      "output":{"shape":"ListAppVersionResourcesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists all the resources in an application version.</p>"
+    },
+    "ListAppVersions":{
+      "name":"ListAppVersions",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-app-versions",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppVersionsRequest"},
+      "output":{"shape":"ListAppVersionsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the different versions for the Resilience Hub applications.</p>"
+    },
+    "ListApps":{
+      "name":"ListApps",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-apps",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppsRequest"},
+      "output":{"shape":"ListAppsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists your Resilience Hub applications.</p>"
+    },
+    "ListRecommendationTemplates":{
+      "name":"ListRecommendationTemplates",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-recommendation-templates",
+        "responseCode":200
+      },
+      "input":{"shape":"ListRecommendationTemplatesRequest"},
+      "output":{"shape":"ListRecommendationTemplatesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the recommendation templates for the Resilience Hub applications.</p>"
+    },
+    "ListResiliencyPolicies":{
+      "name":"ListResiliencyPolicies",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-resiliency-policies",
+        "responseCode":200
+      },
+      "input":{"shape":"ListResiliencyPoliciesRequest"},
+      "output":{"shape":"ListResiliencyPoliciesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the resiliency policies for the Resilience Hub applications.</p>"
+    },
+    "ListSopRecommendations":{
+      "name":"ListSopRecommendations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-sop-recommendations",
+        "responseCode":200
+      },
+      "input":{"shape":"ListSopRecommendationsRequest"},
+      "output":{"shape":"ListSopRecommendationsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the standard operating procedure (SOP) recommendations for the Resilience Hub applications.</p>"
+    },
+    "ListSuggestedResiliencyPolicies":{
+      "name":"ListSuggestedResiliencyPolicies",
+      "http":{
+        "method":"GET",
+        "requestUri":"/list-suggested-resiliency-policies",
+        "responseCode":200
+      },
+      "input":{"shape":"ListSuggestedResiliencyPoliciesRequest"},
+      "output":{"shape":"ListSuggestedResiliencyPoliciesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the suggested resiliency policies for the Resilience Hub applications.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the tags for your resources in your Resilience Hub applications.</p>"
+    },
+    "ListTestRecommendations":{
+      "name":"ListTestRecommendations",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-test-recommendations",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTestRecommendationsRequest"},
+      "output":{"shape":"ListTestRecommendationsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the test recommendations for the Resilience Hub application.</p>"
+    },
+    "ListUnsupportedAppVersionResources":{
+      "name":"ListUnsupportedAppVersionResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/list-unsupported-app-version-resources",
+        "responseCode":200
+      },
+      "input":{"shape":"ListUnsupportedAppVersionResourcesRequest"},
+      "output":{"shape":"ListUnsupportedAppVersionResourcesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Lists the resources that are not currently supported in AWS Resilience Hub. An unsupported resource is a resource that exists in the object that was used to create an app, but is not supported by Resilience Hub.</p>"
+    },
+    "PublishAppVersion":{
+      "name":"PublishAppVersion",
+      "http":{
+        "method":"POST",
+        "requestUri":"/publish-app-version",
+        "responseCode":200
+      },
+      "input":{"shape":"PublishAppVersionRequest"},
+      "output":{"shape":"PublishAppVersionResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Publishes a new version of a specific Resilience Hub application.</p>"
+    },
+    "PutDraftAppVersionTemplate":{
+      "name":"PutDraftAppVersionTemplate",
+      "http":{
+        "method":"POST",
+        "requestUri":"/put-draft-app-version-template",
+        "responseCode":200
+      },
+      "input":{"shape":"PutDraftAppVersionTemplateRequest"},
+      "output":{"shape":"PutDraftAppVersionTemplateResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Adds or updates the app template for a draft version of a Resilience Hub app.</p>"
+    },
+    "RemoveDraftAppVersionResourceMappings":{
+      "name":"RemoveDraftAppVersionResourceMappings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/remove-draft-app-version-resource-mappings",
+        "responseCode":200
+      },
+      "input":{"shape":"RemoveDraftAppVersionResourceMappingsRequest"},
+      "output":{"shape":"RemoveDraftAppVersionResourceMappingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Removes resource mappings from a draft application version.</p>"
+    },
+    "ResolveAppVersionResources":{
+      "name":"ResolveAppVersionResources",
+      "http":{
+        "method":"POST",
+        "requestUri":"/resolve-app-version-resources",
+        "responseCode":200
+      },
+      "input":{"shape":"ResolveAppVersionResourcesRequest"},
+      "output":{"shape":"ResolveAppVersionResourcesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Resolves the resources for an application version.</p>"
+    },
+    "StartAppAssessment":{
+      "name":"StartAppAssessment",
+      "http":{
+        "method":"POST",
+        "requestUri":"/start-app-assessment",
+        "responseCode":200
+      },
+      "input":{"shape":"StartAppAssessmentRequest"},
+      "output":{"shape":"StartAppAssessmentResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a new application assessment for an application.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Applies one or more tags to a resource.</p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Removes one or more tags from a resource.</p>"
+    },
+    "UpdateApp":{
+      "name":"UpdateApp",
+      "http":{
+        "method":"POST",
+        "requestUri":"/update-app",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateAppRequest"},
+      "output":{"shape":"UpdateAppResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates an application.</p>"
+    },
+    "UpdateResiliencyPolicy":{
+      "name":"UpdateResiliencyPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/update-resiliency-policy",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateResiliencyPolicyRequest"},
+      "output":{"shape":"UpdateResiliencyPolicyResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates a resiliency policy.</p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"}
+      },
+      "documentation":"<p>You don't have permissions to perform the requested operation. The user or role that is making the request must have at least one IAM permissions policy attached that grants the required permissions.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "AddDraftAppVersionResourceMappingsRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "resourceMappings"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "resourceMappings":{
+          "shape":"ResourceMappingList",
+          "documentation":"<p> Mappings used to map logical resources from the template to physical resources. You can use the mapping type <code>CFN_STACK</code> if the application template uses a logical stack name. Or you can map individual resources by using the mapping type <code>RESOURCE</code>. We recommend using the mapping type <code>CFN_STACK</code> if the application is backed by a CloudFormation stack.</p>"
+        }
+      }
+    },
+    "AddDraftAppVersionResourceMappingsResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "resourceMappings"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p> The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "resourceMappings":{
+          "shape":"ResourceMappingList",
+          "documentation":"<p>Mappings used to map logical resources from the template to physical resources. You can use the mapping type <code>CFN_STACK</code> if the application template uses a logical stack name. Or you can map individual resources by using the mapping type <code>RESOURCE</code>. We recommend using the mapping type <code>CFN_STACK</code> if the application is backed by a CloudFormation stack.</p>"
+        }
+      }
+    },
+    "AlarmRecommendation":{
+      "type":"structure",
+      "required":[
+        "name",
+        "recommendationId",
+        "referenceId",
+        "type"
+      ],
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The application component for the CloudWatch alarm recommendation.</p>"
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The description of the recommendation.</p>"
+        },
+        "items":{
+          "shape":"RecommendationItemList",
+          "documentation":"<p>The list of CloudWatch alarm recommendations.</p>"
+        },
+        "name":{
+          "shape":"String500",
+          "documentation":"<p>The name of the alarm recommendation.</p>"
+        },
+        "prerequisite":{
+          "shape":"String500",
+          "documentation":"<p>The prerequisite for the alarm recommendation.</p>"
+        },
+        "recommendationId":{
+          "shape":"Uuid",
+          "documentation":"<p>The identifier of the alarm recommendation.</p>"
+        },
+        "referenceId":{
+          "shape":"SpecReferenceId",
+          "documentation":"<p>The reference identifier of the alarm recommendation.</p>"
+        },
+        "type":{
+          "shape":"AlarmType",
+          "documentation":"<p>The type of alarm recommendation.</p>"
+        }
+      },
+      "documentation":"<p>Defines a recommendation for a CloudWatch alarm.</p>"
+    },
+    "AlarmRecommendationList":{
+      "type":"list",
+      "member":{"shape":"AlarmRecommendation"}
+    },
+    "AlarmType":{
+      "type":"string",
+      "enum":[
+        "Metric",
+        "Composite",
+        "Canary",
+        "Logs",
+        "Event"
+      ]
+    },
+    "App":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "creationTime",
+        "name"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "complianceStatus":{
+          "shape":"AppComplianceStatusType",
+          "documentation":"<p>The current status of compliance for the resiliency policy.</p>"
+        },
+        "creationTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for when the app was created.</p>"
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The optional description for an app.</p>"
+        },
+        "lastAppComplianceEvaluationTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for the most recent compliance evaluation.</p>"
+        },
+        "lastResiliencyScoreEvaluationTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for the most recent resiliency score evaluation.</p>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the application.</p>"
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "resiliencyScore":{
+          "shape":"Double",
+          "documentation":"<p>The current resiliency score for the application.</p>"
+        },
+        "status":{
+          "shape":"AppStatusType",
+          "documentation":"<p>The status of the action.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      },
+      "documentation":"<p>Defines a Resilience Hub application.</p>"
+    },
+    "AppAssessment":{
+      "type":"structure",
+      "required":[
+        "assessmentArn",
+        "assessmentStatus",
+        "invoker"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "assessmentName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the assessment.</p>"
+        },
+        "assessmentStatus":{
+          "shape":"AssessmentStatus",
+          "documentation":"<p>The current status of the assessment for the resiliency policy.</p>"
+        },
+        "compliance":{
+          "shape":"AssessmentCompliance",
+          "documentation":"<p>The application compliance against the resiliency policy.</p>"
+        },
+        "complianceStatus":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The current status of the compliance for the resiliency policy.</p>"
+        },
+        "cost":{
+          "shape":"Cost",
+          "documentation":"<p>The cost for the application.</p>"
+        },
+        "endTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The end time for the action.</p>"
+        },
+        "invoker":{
+          "shape":"AssessmentInvoker",
+          "documentation":"<p>The entity that invoked the assessment.</p>"
+        },
+        "message":{
+          "shape":"String500",
+          "documentation":"<p>Error or warning message from the assessment execution</p>"
+        },
+        "policy":{
+          "shape":"ResiliencyPolicy",
+          "documentation":"<p>The resiliency policy.</p>"
+        },
+        "resiliencyScore":{
+          "shape":"ResiliencyScore",
+          "documentation":"<p>The current resiliency score for the application.</p>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The starting time for the action.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      },
+      "documentation":"<p>Defines an application assessment.</p>"
+    },
+    "AppAssessmentSummary":{
+      "type":"structure",
+      "required":[
+        "assessmentArn",
+        "assessmentStatus"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "assessmentName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the assessment.</p>"
+        },
+        "assessmentStatus":{
+          "shape":"AssessmentStatus",
+          "documentation":"<p>The current status of the assessment for the resiliency policy.</p>"
+        },
+        "complianceStatus":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The current status of compliance for the resiliency policy.</p>"
+        },
+        "cost":{
+          "shape":"Cost",
+          "documentation":"<p>The cost for the application.</p>"
+        },
+        "endTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The end time for the action.</p>"
+        },
+        "invoker":{
+          "shape":"AssessmentInvoker",
+          "documentation":"<p>The entity that invoked the assessment.</p>"
+        },
+        "message":{
+          "shape":"String500",
+          "documentation":"<p>The message from the assessment run.</p>"
+        },
+        "resiliencyScore":{
+          "shape":"Double",
+          "documentation":"<p>The current resiliency score for the application.</p>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The starting time for the action.</p>"
+        }
+      },
+      "documentation":"<p>Defines an application assessment summary.</p>"
+    },
+    "AppAssessmentSummaryList":{
+      "type":"list",
+      "member":{"shape":"AppAssessmentSummary"}
+    },
+    "AppComplianceStatusType":{
+      "type":"string",
+      "enum":[
+        "PolicyBreached",
+        "PolicyMet",
+        "NotAssessed",
+        "ChangesDetected"
+      ]
+    },
+    "AppComponent":{
+      "type":"structure",
+      "required":[
+        "name",
+        "type"
+      ],
+      "members":{
+        "name":{
+          "shape":"String255",
+          "documentation":"<p>The name of the application component.</p>"
+        },
+        "type":{
+          "shape":"String255",
+          "documentation":"<p>The type of application component.</p>"
+        }
+      },
+      "documentation":"<p>Defines an application component.</p>"
+    },
+    "AppComponentCompliance":{
+      "type":"structure",
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The name of the application component.</p>"
+        },
+        "compliance":{
+          "shape":"AssessmentCompliance",
+          "documentation":"<p>The compliance of the application component against the resiliency policy.</p>"
+        },
+        "cost":{
+          "shape":"Cost",
+          "documentation":"<p>The cost for the application.</p>"
+        },
+        "message":{
+          "shape":"String500",
+          "documentation":"<p>The compliance message.</p>"
+        },
+        "resiliencyScore":{
+          "shape":"ResiliencyScore",
+          "documentation":"<p>The current resiliency score for the application.</p>"
+        },
+        "status":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The status of the action.</p>"
+        }
+      },
+      "documentation":"<p>Defines the compliance of an application component against the resiliency policy.</p>"
+    },
+    "AppComponentList":{
+      "type":"list",
+      "member":{"shape":"AppComponent"}
+    },
+    "AppStatusType":{
+      "type":"string",
+      "enum":[
+        "Active",
+        "Deleting"
+      ]
+    },
+    "AppSummary":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "creationTime",
+        "name"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "complianceStatus":{
+          "shape":"AppComplianceStatusType",
+          "documentation":"<p>The current status of compliance for the resiliency policy.</p>"
+        },
+        "creationTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for when the app was created.</p>"
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The optional description for an app.</p>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the application.</p>"
+        },
+        "resiliencyScore":{
+          "shape":"Double",
+          "documentation":"<p>The current resiliency score for the application.</p>"
+        }
+      },
+      "documentation":"<p>Defines an application summary.</p>"
+    },
+    "AppSummaryList":{
+      "type":"list",
+      "member":{"shape":"AppSummary"}
+    },
+    "AppTemplateBody":{
+      "type":"string",
+      "max":5000,
+      "min":0,
+      "pattern":"^[\\w\\s:,-\\.'{}\\[\\]:\"]+$"
+    },
+    "AppVersionList":{
+      "type":"list",
+      "member":{"shape":"AppVersionSummary"}
+    },
+    "AppVersionSummary":{
+      "type":"structure",
+      "required":["appVersion"],
+      "members":{
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      },
+      "documentation":"<p>The version of the application.</p>"
+    },
+    "Arn":{
+      "type":"string",
+      "pattern":"^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9/][A-Za-z0-9:_/+=,@.-]{0,1023}$"
+    },
+    "ArnList":{
+      "type":"list",
+      "member":{"shape":"Arn"}
+    },
+    "AssessmentCompliance":{
+      "type":"map",
+      "key":{"shape":"DisruptionType"},
+      "value":{"shape":"DisruptionCompliance"}
+    },
+    "AssessmentInvoker":{
+      "type":"string",
+      "enum":[
+        "User",
+        "System"
+      ]
+    },
+    "AssessmentStatus":{
+      "type":"string",
+      "enum":[
+        "Pending",
+        "InProgress",
+        "Failed",
+        "Success"
+      ]
+    },
+    "AssessmentStatusList":{
+      "type":"list",
+      "member":{"shape":"AssessmentStatus"},
+      "max":10,
+      "min":1
+    },
+    "AwsRegion":{
+      "type":"string",
+      "pattern":"^[a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]$"
+    },
+    "BooleanOptional":{
+      "type":"boolean",
+      "box":true
+    },
+    "ClientToken":{
+      "type":"string",
+      "max":63,
+      "min":1,
+      "pattern":"^[A-za-z0-9_.-]{0,63}$"
+    },
+    "ComplianceStatus":{
+      "type":"string",
+      "enum":[
+        "PolicyBreached",
+        "PolicyMet"
+      ]
+    },
+    "ComponentCompliancesList":{
+      "type":"list",
+      "member":{"shape":"AppComponentCompliance"}
+    },
+    "ComponentRecommendation":{
+      "type":"structure",
+      "required":[
+        "appComponentName",
+        "configRecommendations",
+        "recommendationStatus"
+      ],
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The name of the application component.</p>"
+        },
+        "configRecommendations":{
+          "shape":"ConfigRecommendationList",
+          "documentation":"<p>The list of recommendations.</p>"
+        },
+        "recommendationStatus":{
+          "shape":"RecommendationComplianceStatus",
+          "documentation":"<p>The recommendation status.</p>"
+        }
+      },
+      "documentation":"<p>Defines recommendations for a Resilience Hub application component, returned as an object. This object contains component names, configuration recommendations, and recommendation statuses.</p>"
+    },
+    "ComponentRecommendationList":{
+      "type":"list",
+      "member":{"shape":"ComponentRecommendation"}
+    },
+    "ConfigRecommendation":{
+      "type":"structure",
+      "required":[
+        "name",
+        "optimizationType",
+        "referenceId"
+      ],
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The application component name.</p>"
+        },
+        "compliance":{
+          "shape":"AssessmentCompliance",
+          "documentation":"<p>The current compliance against the resiliency policy before applying the configuration change.</p>"
+        },
+        "cost":{
+          "shape":"Cost",
+          "documentation":"<p>The cost for the application.</p>"
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The optional description for an app.</p>"
+        },
+        "haArchitecture":{
+          "shape":"HaArchitecture",
+          "documentation":"<p>The architecture type.</p>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the recommendation configuration.</p>"
+        },
+        "optimizationType":{
+          "shape":"ConfigRecommendationOptimizationType",
+          "documentation":"<p>The type of optimization.</p>"
+        },
+        "recommendationCompliance":{
+          "shape":"RecommendationCompliance",
+          "documentation":"<p>The expected compliance against the resiliency policy after applying the configuration change.</p>"
+        },
+        "referenceId":{
+          "shape":"SpecReferenceId",
+          "documentation":"<p>The reference identifier for the recommendation configuration.</p>"
+        },
+        "suggestedChanges":{
+          "shape":"SuggestedChangesList",
+          "documentation":"<p>List of the suggested configuration changes.</p>"
+        }
+      },
+      "documentation":"<p>Defines a configuration recommendation.</p>"
+    },
+    "ConfigRecommendationList":{
+      "type":"list",
+      "member":{"shape":"ConfigRecommendation"}
+    },
+    "ConfigRecommendationOptimizationType":{
+      "type":"string",
+      "enum":[
+        "LeastCost",
+        "LeastChange",
+        "BestAZRecovery",
+        "LeastErrors",
+        "BestAttainable"
+      ]
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"},
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>The identifier of the resource that the exception applies to.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The type of the resource that the exception applies to.</p>"
+        }
+      },
+      "documentation":"<p>Occurs when a conflict with a previous successful write is detected. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Cost":{
+      "type":"structure",
+      "required":[
+        "amount",
+        "currency",
+        "frequency"
+      ],
+      "members":{
+        "amount":{
+          "shape":"Double",
+          "documentation":"<p>The cost amount.</p>"
+        },
+        "currency":{
+          "shape":"CurrencyCode",
+          "documentation":"<p>The cost currency, for example <code>USD</code>.</p>"
+        },
+        "frequency":{
+          "shape":"CostFrequency",
+          "documentation":"<p>The cost frequency.</p>"
+        }
+      },
+      "documentation":"<p>Defines a cost object.</p>"
+    },
+    "CostFrequency":{
+      "type":"string",
+      "enum":[
+        "Hourly",
+        "Daily",
+        "Monthly",
+        "Yearly"
+      ]
+    },
+    "CreateAppRequest":{
+      "type":"structure",
+      "required":["name"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The optional description for an app.</p>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the application.</p>"
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      }
+    },
+    "CreateAppResponse":{
+      "type":"structure",
+      "required":["app"],
+      "members":{
+        "app":{
+          "shape":"App",
+          "documentation":"<p>The created application returned as an object with details including compliance status, creation time, description, resiliency score, and more.</p>"
+        }
+      }
+    },
+    "CreateRecommendationTemplateRequest":{
+      "type":"structure",
+      "required":[
+        "assessmentArn",
+        "name"
+      ],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "bucketName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the Amazon S3 bucket that will contain the recommendation template.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "format":{
+          "shape":"TemplateFormat",
+          "documentation":"<p>The format for the recommendation template.</p> <dl> <dt>CfnJson</dt> <dd> <p>The template is CloudFormation JSON.</p> </dd> <dt>CfnYaml</dt> <dd> <p>The template is CloudFormation YAML.</p> </dd> </dl>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the recommendation template.</p>"
+        },
+        "recommendationIds":{
+          "shape":"RecommendationIdList",
+          "documentation":"<p>Identifiers for the recommendations used to create a recommendation template.</p>"
+        },
+        "recommendationTypes":{
+          "shape":"RenderRecommendationTypeList",
+          "documentation":"<p>An array of strings that specify the recommendation template type or types.</p> <dl> <dt>Alarm</dt> <dd> <p>The template is an <a>AlarmRecommendation</a> template.</p> </dd> <dt>Sop</dt> <dd> <p>The template is a <a>SopRecommendation</a> template.</p> </dd> <dt>Test</dt> <dd> <p>The template is a <a>TestRecommendation</a> template.</p> </dd> </dl>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      }
+    },
+    "CreateRecommendationTemplateResponse":{
+      "type":"structure",
+      "members":{
+        "recommendationTemplate":{
+          "shape":"RecommendationTemplate",
+          "documentation":"<p>The newly created recommendation template, returned as an object. This object includes the template's name, format, status, tags, Amazon S3 bucket location, and more.</p>"
+        }
+      }
+    },
+    "CreateResiliencyPolicyRequest":{
+      "type":"structure",
+      "required":[
+        "policy",
+        "policyName",
+        "tier"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "dataLocationConstraint":{
+          "shape":"DataLocationConstraint",
+          "documentation":"<p>Specifies a high-level geographical location constraint for where your resilience policy data can be stored.</p>"
+        },
+        "policy":{
+          "shape":"DisruptionPolicy",
+          "documentation":"<p>The type of resiliency policy to be created, including the recovery time objective (RTO) and recovery point objective (RPO) in seconds.</p>"
+        },
+        "policyDescription":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The description for the policy.</p>"
+        },
+        "policyName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the policy</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        },
+        "tier":{
+          "shape":"ResiliencyPolicyTier",
+          "documentation":"<p>The tier for this resiliency policy, ranging from the highest severity (<code>MissionCritical</code>) to lowest (<code>NonCritical</code>).</p>"
+        }
+      }
+    },
+    "CreateResiliencyPolicyResponse":{
+      "type":"structure",
+      "required":["policy"],
+      "members":{
+        "policy":{
+          "shape":"ResiliencyPolicy",
+          "documentation":"<p>The type of resiliency policy that was created, including the recovery time objective (RTO) and recovery point objective (RPO) in seconds.</p>"
+        }
+      }
+    },
+    "CurrencyCode":{
+      "type":"string",
+      "max":3,
+      "min":0
+    },
+    "CustomerId":{
+      "type":"string",
+      "pattern":"^[0-9]{12}$"
+    },
+    "DataLocationConstraint":{
+      "type":"string",
+      "enum":[
+        "AnyLocation",
+        "SameContinent",
+        "SameCountry"
+      ]
+    },
+    "DeleteAppAssessmentRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "DeleteAppAssessmentResponse":{
+      "type":"structure",
+      "required":[
+        "assessmentArn",
+        "assessmentStatus"
+      ],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "assessmentStatus":{
+          "shape":"AssessmentStatus",
+          "documentation":"<p>The current status of the assessment for the resiliency policy.</p>"
+        }
+      }
+    },
+    "DeleteAppRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "forceDelete":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>A boolean option to force the deletion of a Resilience Hub application. </p>"
+        }
+      }
+    },
+    "DeleteAppResponse":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DeleteRecommendationTemplateRequest":{
+      "type":"structure",
+      "required":["recommendationTemplateArn"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "recommendationTemplateArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a recommendation template.</p>"
+        }
+      }
+    },
+    "DeleteRecommendationTemplateResponse":{
+      "type":"structure",
+      "required":[
+        "recommendationTemplateArn",
+        "status"
+      ],
+      "members":{
+        "recommendationTemplateArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a recommendation template.</p>"
+        },
+        "status":{
+          "shape":"RecommendationTemplateStatus",
+          "documentation":"<p>The status of the action.</p>"
+        }
+      }
+    },
+    "DeleteResiliencyPolicyRequest":{
+      "type":"structure",
+      "required":["policyArn"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DeleteResiliencyPolicyResponse":{
+      "type":"structure",
+      "required":["policyArn"],
+      "members":{
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DescribeAppAssessmentRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DescribeAppAssessmentResponse":{
+      "type":"structure",
+      "required":["assessment"],
+      "members":{
+        "assessment":{
+          "shape":"AppAssessment",
+          "documentation":"<p>The assessment for an AWS Resilience Hub application, returned as an object. This object includes Amazon Resource Names (ARNs), compliance information, compliance status, cost, messages, resiliency scores, and more.</p>"
+        }
+      }
+    },
+    "DescribeAppRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DescribeAppResponse":{
+      "type":"structure",
+      "required":["app"],
+      "members":{
+        "app":{
+          "shape":"App",
+          "documentation":"<p>The specified application, returned as an object with details including compliance status, creation time, description, resiliency score, and more.</p>"
+        }
+      }
+    },
+    "DescribeAppVersionResourcesResolutionStatusRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        }
+      }
+    },
+    "DescribeAppVersionResourcesResolutionStatusResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "resolutionId",
+        "status"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "errorMessage":{
+          "shape":"String500",
+          "documentation":"<p>The returned error message for the request.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        },
+        "status":{
+          "shape":"ResourceResolutionStatusType",
+          "documentation":"<p>The status of the action.</p>"
+        }
+      }
+    },
+    "DescribeAppVersionTemplateRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "DescribeAppVersionTemplateResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appTemplateBody",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appTemplateBody":{
+          "shape":"AppTemplateBody",
+          "documentation":"<p>The body of the template.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "DescribeDraftAppVersionResourcesImportStatusRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DescribeDraftAppVersionResourcesImportStatusResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "status",
+        "statusChangeTime"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "errorMessage":{
+          "shape":"String500",
+          "documentation":"<p>The returned error message for the request.</p>"
+        },
+        "status":{
+          "shape":"ResourceImportStatusType",
+          "documentation":"<p>The status of the action.</p>"
+        },
+        "statusChangeTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for when the status last changed.</p>"
+        }
+      }
+    },
+    "DescribeResiliencyPolicyRequest":{
+      "type":"structure",
+      "required":["policyArn"],
+      "members":{
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "DescribeResiliencyPolicyResponse":{
+      "type":"structure",
+      "required":["policy"],
+      "members":{
+        "policy":{
+          "shape":"ResiliencyPolicy",
+          "documentation":"<p>Information about the specific resiliency policy, returned as an object. This object includes creation time, data location constraints, its name, description, tags, the recovery time objective (RTO) and recovery point objective (RPO) in seconds, and more.</p>"
+        }
+      }
+    },
+    "DisruptionCompliance":{
+      "type":"structure",
+      "required":["complianceStatus"],
+      "members":{
+        "achievableRpoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The Recovery Point Objective (RPO) that is achievable, in seconds.</p>"
+        },
+        "achievableRtoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The Recovery Time Objective (RTO) that is achievable, in seconds</p>"
+        },
+        "complianceStatus":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The current status of compliance for the resiliency policy.</p>"
+        },
+        "currentRpoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The current RPO, in seconds.</p>"
+        },
+        "currentRtoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The current RTO, in seconds.</p>"
+        },
+        "message":{
+          "shape":"String500",
+          "documentation":"<p>The disruption compliance message.</p>"
+        },
+        "rpoDescription":{
+          "shape":"String500",
+          "documentation":"<p>The RPO description.</p>"
+        },
+        "rpoReferenceId":{
+          "shape":"String500",
+          "documentation":"<p>The RPO reference identifier.</p>"
+        },
+        "rtoDescription":{
+          "shape":"String500",
+          "documentation":"<p>The RTO description.</p>"
+        },
+        "rtoReferenceId":{
+          "shape":"String500",
+          "documentation":"<p>The RTO reference identifier.</p>"
+        }
+      },
+      "documentation":"<p>Defines the compliance against the resiliency policy for a disruption.</p>"
+    },
+    "DisruptionPolicy":{
+      "type":"map",
+      "key":{"shape":"DisruptionType"},
+      "value":{"shape":"FailurePolicy"}
+    },
+    "DisruptionResiliencyScore":{
+      "type":"map",
+      "key":{"shape":"DisruptionType"},
+      "value":{"shape":"Double"}
+    },
+    "DisruptionType":{
+      "type":"string",
+      "enum":[
+        "Software",
+        "Hardware",
+        "AZ",
+        "Region"
+      ]
+    },
+    "DocumentName":{
+      "type":"string",
+      "max":500,
+      "min":1
+    },
+    "Double":{"type":"double"},
+    "EntityDescription":{
+      "type":"string",
+      "max":500,
+      "min":0
+    },
+    "EntityId":{
+      "type":"string",
+      "pattern":"^\\S{1,100}$"
+    },
+    "EntityName":{
+      "type":"string",
+      "pattern":"^[A-Za-z0-9][A-Za-z0-9_\\-]{1,59}$"
+    },
+    "EntityNameList":{
+      "type":"list",
+      "member":{"shape":"EntityName"}
+    },
+    "EntityVersion":{
+      "type":"string",
+      "pattern":"^\\S{1,50}$"
+    },
+    "EstimatedCostTier":{
+      "type":"string",
+      "enum":[
+        "L1",
+        "L2",
+        "L3",
+        "L4"
+      ]
+    },
+    "FailurePolicy":{
+      "type":"structure",
+      "required":[
+        "rpoInSecs",
+        "rtoInSecs"
+      ],
+      "members":{
+        "rpoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The Recovery Point Objective (RPO), in seconds.</p>"
+        },
+        "rtoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The Recovery Time Objective (RTO), in seconds.</p>"
+        }
+      },
+      "documentation":"<p>Defines a failure policy.</p>"
+    },
+    "HaArchitecture":{
+      "type":"string",
+      "enum":[
+        "MultiSite",
+        "WarmStandby",
+        "PilotLight",
+        "BackupAndRestore",
+        "NoRecoveryPlan"
+      ]
+    },
+    "ImportResourcesToDraftAppVersionRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "sourceArns"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "sourceArns":{
+          "shape":"ArnList",
+          "documentation":"<p>The Amazon Resource Names (ARNs) for the resources that you want to import.</p>"
+        }
+      }
+    },
+    "ImportResourcesToDraftAppVersionResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "sourceArns",
+        "status"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "sourceArns":{
+          "shape":"ArnList",
+          "documentation":"<p>The Amazon Resource Names (ARNs) for the resources that you imported.</p>"
+        },
+        "status":{
+          "shape":"ResourceImportStatusType",
+          "documentation":"<p>The status of the action.</p>"
+        }
+      }
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"}
+      },
+      "documentation":"<p>This exception occurs when there is an internal failure in the AWS Resilience Hub service.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "ListAlarmRecommendationsRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListAlarmRecommendationsResponse":{
+      "type":"structure",
+      "required":["alarmRecommendations"],
+      "members":{
+        "alarmRecommendations":{
+          "shape":"AlarmRecommendationList",
+          "documentation":"<p>The alarm recommendations for an AWS Resilience Hub application, returned as an object. This object includes application component names, descriptions, information about whether a recommendation has already been implemented or not, prerequisites, and more.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListAppAssessmentsRequest":{
+      "type":"structure",
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>",
+          "location":"querystring",
+          "locationName":"appArn"
+        },
+        "assessmentName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the assessment.</p>",
+          "location":"querystring",
+          "locationName":"assessmentName"
+        },
+        "assessmentStatus":{
+          "shape":"AssessmentStatusList",
+          "documentation":"<p>The current status of the assessment for the resiliency policy.</p>",
+          "location":"querystring",
+          "locationName":"assessmentStatus"
+        },
+        "complianceStatus":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The current status of compliance for the resiliency policy.</p>",
+          "location":"querystring",
+          "locationName":"complianceStatus"
+        },
+        "invoker":{
+          "shape":"AssessmentInvoker",
+          "documentation":"<p>Specifies the entity that invoked a specific assessment, either a <code>User</code> or the <code>System</code>.</p>",
+          "location":"querystring",
+          "locationName":"invoker"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "reverseOrder":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>The default is to sort by ascending <b>startTime</b>. To sort by descending <b>startTime</b>, set reverseOrder to <code>true</code>.</p>",
+          "location":"querystring",
+          "locationName":"reverseOrder"
+        }
+      }
+    },
+    "ListAppAssessmentsResponse":{
+      "type":"structure",
+      "required":["assessmentSummaries"],
+      "members":{
+        "assessmentSummaries":{
+          "shape":"AppAssessmentSummaryList",
+          "documentation":"<p>The summaries for the specified assessments, returned as an object. This object includes application versions, associated Amazon Resource Numbers (ARNs), cost, messages, resiliency scores, and more.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListAppComponentCompliancesRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListAppComponentCompliancesResponse":{
+      "type":"structure",
+      "required":["componentCompliances"],
+      "members":{
+        "componentCompliances":{
+          "shape":"ComponentCompliancesList",
+          "documentation":"<p>The compliances for an AWS Resilience Hub application component, returned as an object. This object contains component names, compliances, costs, resiliency scores, outage scores, and more.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListAppComponentRecommendationsRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListAppComponentRecommendationsResponse":{
+      "type":"structure",
+      "required":["componentRecommendations"],
+      "members":{
+        "componentRecommendations":{
+          "shape":"ComponentRecommendationList",
+          "documentation":"<p>The recommendations for an Resilience Hub application component, returned as an object. This object contains component names, configuration recommendations, and recommendation statuses.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListAppVersionResourceMappingsRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListAppVersionResourceMappingsResponse":{
+      "type":"structure",
+      "required":["resourceMappings"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "resourceMappings":{
+          "shape":"ResourceMappingList",
+          "documentation":"<p>Mappings used to map logical resources from the template to physical resources. You can use the mapping type <code>CFN_STACK</code> if the application template uses a logical stack name. Or you can map individual resources by using the mapping type <code>RESOURCE</code>. We recommend using the mapping type <code>CFN_STACK</code> if the application is backed by a CloudFormation stack.</p>"
+        }
+      }
+    },
+    "ListAppVersionResourcesRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        }
+      }
+    },
+    "ListAppVersionResourcesResponse":{
+      "type":"structure",
+      "required":[
+        "physicalResources",
+        "resolutionId"
+      ],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "physicalResources":{
+          "shape":"PhysicalResourceList",
+          "documentation":"<p>The physical resources in the application version.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        }
+      }
+    },
+    "ListAppVersionsRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListAppVersionsResponse":{
+      "type":"structure",
+      "required":["appVersions"],
+      "members":{
+        "appVersions":{
+          "shape":"AppVersionList",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListAppsRequest":{
+      "type":"structure",
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>",
+          "location":"querystring",
+          "locationName":"appArn"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the one of the listed applications.</p>",
+          "location":"querystring",
+          "locationName":"name"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListAppsResponse":{
+      "type":"structure",
+      "required":["appSummaries"],
+      "members":{
+        "appSummaries":{
+          "shape":"AppSummaryList",
+          "documentation":"<p>Summaries for the Resilience Hub application.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        }
+      }
+    },
+    "ListRecommendationTemplatesRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>",
+          "location":"querystring",
+          "locationName":"assessmentArn"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for one of the listed recommendation templates.</p>",
+          "location":"querystring",
+          "locationName":"name"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "recommendationTemplateArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a recommendation template.</p>",
+          "location":"querystring",
+          "locationName":"recommendationTemplateArn"
+        },
+        "reverseOrder":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>The default is to sort by ascending <b>startTime</b>. To sort by descending <b>startTime</b>, set reverseOrder to <code>true</code>.</p>",
+          "location":"querystring",
+          "locationName":"reverseOrder"
+        },
+        "status":{
+          "shape":"RecommendationTemplateStatusList",
+          "documentation":"<p>The status of the action.</p>",
+          "location":"querystring",
+          "locationName":"status"
+        }
+      }
+    },
+    "ListRecommendationTemplatesResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "recommendationTemplates":{
+          "shape":"RecommendationTemplateList",
+          "documentation":"<p>The recommendation templates for the Resilience Hub applications.</p>"
+        }
+      }
+    },
+    "ListResiliencyPoliciesRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "policyName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the policy</p>",
+          "location":"querystring",
+          "locationName":"policyName"
+        }
+      }
+    },
+    "ListResiliencyPoliciesResponse":{
+      "type":"structure",
+      "required":["resiliencyPolicies"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "resiliencyPolicies":{
+          "shape":"ResiliencyPolicies",
+          "documentation":"<p>The resiliency policies for the Resilience Hub applications.</p>"
+        }
+      }
+    },
+    "ListSopRecommendationsRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListSopRecommendationsResponse":{
+      "type":"structure",
+      "required":["sopRecommendations"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "sopRecommendations":{
+          "shape":"SopRecommendationList",
+          "documentation":"<p>The standard operating procedure (SOP) recommendations for the Resilience Hub applications.</p>"
+        }
+      }
+    },
+    "ListSuggestedResiliencyPoliciesRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListSuggestedResiliencyPoliciesResponse":{
+      "type":"structure",
+      "required":["resiliencyPolicies"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "resiliencyPolicies":{
+          "shape":"ResiliencyPolicies",
+          "documentation":"<p>The suggested resiliency policies for the Resilience Hub applications.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for a specific resource in your Resilience Hub application.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      }
+    },
+    "ListTestRecommendationsRequest":{
+      "type":"structure",
+      "required":["assessmentArn"],
+      "members":{
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        }
+      }
+    },
+    "ListTestRecommendationsResponse":{
+      "type":"structure",
+      "required":["testRecommendations"],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "testRecommendations":{
+          "shape":"TestRecommendationList",
+          "documentation":"<p>The test recommendations for the Resilience Hub application.</p>"
+        }
+      }
+    },
+    "ListUnsupportedAppVersionResourcesRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to include in the response. If more results exist than the specified <code>MaxResults</code> value, a token is included in the response so that the remaining results can be retrieved.</p>"
+        },
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>Null, or the token from a previous call to get the next set of results.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        }
+      }
+    },
+    "ListUnsupportedAppVersionResourcesResponse":{
+      "type":"structure",
+      "required":[
+        "resolutionId",
+        "unsupportedResources"
+      ],
+      "members":{
+        "nextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token for the next set of results, or null if there are no more results.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        },
+        "unsupportedResources":{
+          "shape":"UnsupportedResourceList",
+          "documentation":"<p>The unsupported resources for the application.</p>"
+        }
+      }
+    },
+    "LogicalResourceId":{
+      "type":"structure",
+      "required":["identifier"],
+      "members":{
+        "identifier":{
+          "shape":"String255",
+          "documentation":"<p>The identifier of the resource.</p>"
+        },
+        "logicalStackName":{
+          "shape":"String255",
+          "documentation":"<p>The name of the CloudFormation stack this resource belongs to.</p>"
+        },
+        "resourceGroupName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the resource group that this resource belongs to.</p>"
+        }
+      },
+      "documentation":"<p>Defines a logical resource identifier.</p>"
+    },
+    "MaxResults":{
+      "type":"integer",
+      "box":true,
+      "max":100,
+      "min":1
+    },
+    "NextToken":{
+      "type":"string",
+      "pattern":"^\\S{1,2000}$"
+    },
+    "PhysicalIdentifierType":{
+      "type":"string",
+      "enum":[
+        "Arn",
+        "Native"
+      ]
+    },
+    "PhysicalResource":{
+      "type":"structure",
+      "required":[
+        "logicalResourceId",
+        "physicalResourceId",
+        "resourceType"
+      ],
+      "members":{
+        "appComponents":{
+          "shape":"AppComponentList",
+          "documentation":"<p>The application components that belong to this resource.</p>"
+        },
+        "logicalResourceId":{
+          "shape":"LogicalResourceId",
+          "documentation":"<p>The logical identifier of the resource.</p>"
+        },
+        "physicalResourceId":{
+          "shape":"PhysicalResourceId",
+          "documentation":"<p>The physical identifier of the resource.</p>"
+        },
+        "resourceName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the resource.</p>"
+        },
+        "resourceType":{
+          "shape":"String255",
+          "documentation":"<p>The type of resource.</p>"
+        }
+      },
+      "documentation":"<p>Defines a physical resource. A physical resource is a resource that exists in your account. It can be identified using an Amazon Resource Name (ARN) or a Resilience Hub-native identifier. </p>"
+    },
+    "PhysicalResourceId":{
+      "type":"structure",
+      "required":[
+        "identifier",
+        "type"
+      ],
+      "members":{
+        "awsAccountId":{
+          "shape":"CustomerId",
+          "documentation":"<p>The Amazon Web Services account that owns the physical resource.</p>"
+        },
+        "awsRegion":{
+          "shape":"AwsRegion",
+          "documentation":"<p>The Amazon Web Services Region that the physical resource is located in.</p>"
+        },
+        "identifier":{
+          "shape":"String255",
+          "documentation":"<p>The identifier of the physical resource.</p>"
+        },
+        "type":{
+          "shape":"PhysicalIdentifierType",
+          "documentation":"<p>Specifies the type of physical resource identifier.</p> <dl> <dt>Arn</dt> <dd> <p>The resource identifier is an Amazon Resource Name (ARN) .</p> </dd> <dt>Native</dt> <dd> <p>The resource identifier is a Resilience Hub-native identifier.</p> </dd> </dl>"
+        }
+      },
+      "documentation":"<p>Defines a physical resource identifier.</p>"
+    },
+    "PhysicalResourceList":{
+      "type":"list",
+      "member":{"shape":"PhysicalResource"}
+    },
+    "PublishAppVersionRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "PublishAppVersionResponse":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "PutDraftAppVersionTemplateRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appTemplateBody"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appTemplateBody":{
+          "shape":"AppTemplateBody",
+          "documentation":"<p>A JSON string that contains the body of the app template.</p>"
+        }
+      }
+    },
+    "PutDraftAppVersionTemplateResponse":{
+      "type":"structure",
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "RecommendationCompliance":{
+      "type":"map",
+      "key":{"shape":"DisruptionType"},
+      "value":{"shape":"RecommendationDisruptionCompliance"}
+    },
+    "RecommendationComplianceStatus":{
+      "type":"string",
+      "enum":[
+        "BreachedUnattainable",
+        "BreachedCanMeet",
+        "MetCanImprove"
+      ]
+    },
+    "RecommendationDisruptionCompliance":{
+      "type":"structure",
+      "required":["expectedComplianceStatus"],
+      "members":{
+        "expectedComplianceStatus":{
+          "shape":"ComplianceStatus",
+          "documentation":"<p>The expected compliance status after applying the recommended configuration change.</p>"
+        },
+        "expectedRpoDescription":{
+          "shape":"String500",
+          "documentation":"<p>The expected Recovery Point Objective (RPO) description after applying the recommended configuration change.</p>"
+        },
+        "expectedRpoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The expected RPO after applying the recommended configuration change.</p>"
+        },
+        "expectedRtoDescription":{
+          "shape":"String500",
+          "documentation":"<p>The expected Recovery Time Objective (RTO) description after applying the recommended configuration change.</p>"
+        },
+        "expectedRtoInSecs":{
+          "shape":"Seconds",
+          "documentation":"<p>The expected RTO after applying the recommended configuration change.</p>"
+        }
+      },
+      "documentation":"<p>Defines a disruption compliance recommendation.</p>"
+    },
+    "RecommendationIdList":{
+      "type":"list",
+      "member":{"shape":"Uuid"},
+      "max":200,
+      "min":1
+    },
+    "RecommendationItem":{
+      "type":"structure",
+      "members":{
+        "alreadyImplemented":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Specifies if the recommendation has already been implemented.</p>"
+        },
+        "resourceId":{
+          "shape":"String500",
+          "documentation":"<p>The resource identifier.</p>"
+        },
+        "targetAccountId":{
+          "shape":"CustomerId",
+          "documentation":"<p>The target account identifier.</p>"
+        },
+        "targetRegion":{
+          "shape":"AwsRegion",
+          "documentation":"<p>The target region.</p>"
+        }
+      },
+      "documentation":"<p>Defines a recommendation.</p>"
+    },
+    "RecommendationItemList":{
+      "type":"list",
+      "member":{"shape":"RecommendationItem"}
+    },
+    "RecommendationTemplate":{
+      "type":"structure",
+      "required":[
+        "assessmentArn",
+        "format",
+        "name",
+        "recommendationTemplateArn",
+        "recommendationTypes",
+        "status"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "assessmentArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the assessment. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app-assessment/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "endTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The end time for the action.</p>"
+        },
+        "format":{
+          "shape":"TemplateFormat",
+          "documentation":"<p>The format of the recommendation template.</p> <dl> <dt>CfnJson</dt> <dd> <p>The template is CloudFormation JSON.</p> </dd> <dt>CfnYaml</dt> <dd> <p>The template is CloudFormation YAML.</p> </dd> </dl>"
+        },
+        "message":{
+          "shape":"String500",
+          "documentation":"<p>The message for the recommendation template.</p>"
+        },
+        "name":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the recommendation template.</p>"
+        },
+        "needsReplacements":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Indicates if replacements are needed.</p>"
+        },
+        "recommendationIds":{
+          "shape":"RecommendationIdList",
+          "documentation":"<p>Identifiers for the recommendations used in the recommendation template.</p>"
+        },
+        "recommendationTemplateArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the recommendation template.</p>"
+        },
+        "recommendationTypes":{
+          "shape":"RenderRecommendationTypeList",
+          "documentation":"<p>An array of strings that specify the recommendation template type or types.</p> <dl> <dt>Alarm</dt> <dd> <p>The template is an <a>AlarmRecommendation</a> template.</p> </dd> <dt>Sop</dt> <dd> <p>The template is a <a>SopRecommendation</a> template.</p> </dd> <dt>Test</dt> <dd> <p>The template is a <a>TestRecommendation</a> template.</p> </dd> </dl>"
+        },
+        "startTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The start time for the action.</p>"
+        },
+        "status":{
+          "shape":"RecommendationTemplateStatus",
+          "documentation":"<p>The status of the action.</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        },
+        "templatesLocation":{
+          "shape":"S3Location",
+          "documentation":"<p>The file location of the template.</p>"
+        }
+      },
+      "documentation":"<p>Defines a recommendation template created with the <a>CreateRecommendationTemplate</a> action.</p>"
+    },
+    "RecommendationTemplateList":{
+      "type":"list",
+      "member":{"shape":"RecommendationTemplate"}
+    },
+    "RecommendationTemplateStatus":{
+      "type":"string",
+      "enum":[
+        "Pending",
+        "InProgress",
+        "Failed",
+        "Success"
+      ]
+    },
+    "RecommendationTemplateStatusList":{
+      "type":"list",
+      "member":{"shape":"RecommendationTemplateStatus"},
+      "max":4,
+      "min":1
+    },
+    "RemoveDraftAppVersionResourceMappingsRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appRegistryAppNames":{
+          "shape":"EntityNameList",
+          "documentation":"<p>The names of the registered applications to remove from the resource mappings.</p>"
+        },
+        "logicalStackNames":{
+          "shape":"String255List",
+          "documentation":"<p>The names of the CloudFormation stacks to remove from the resource mappings.</p>"
+        },
+        "resourceGroupNames":{
+          "shape":"EntityNameList",
+          "documentation":"<p>The names of the resource groups to remove from the resource mappings.</p>"
+        },
+        "resourceNames":{
+          "shape":"EntityNameList",
+          "documentation":"<p>The names of the resources to remove from the resource mappings.</p>"
+        }
+      }
+    },
+    "RemoveDraftAppVersionResourceMappingsResponse":{
+      "type":"structure",
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "RenderRecommendationType":{
+      "type":"string",
+      "enum":[
+        "Alarm",
+        "Sop",
+        "Test"
+      ]
+    },
+    "RenderRecommendationTypeList":{
+      "type":"list",
+      "member":{"shape":"RenderRecommendationType"},
+      "max":4,
+      "min":1
+    },
+    "ResiliencyPolicies":{
+      "type":"list",
+      "member":{"shape":"ResiliencyPolicy"}
+    },
+    "ResiliencyPolicy":{
+      "type":"structure",
+      "members":{
+        "creationTime":{
+          "shape":"TimeStamp",
+          "documentation":"<p>The timestamp for when the resiliency policy was created.</p>"
+        },
+        "dataLocationConstraint":{
+          "shape":"DataLocationConstraint",
+          "documentation":"<p>Specifies a high-level geographical location constraint for where your resilience policy data can be stored.</p>"
+        },
+        "estimatedCostTier":{
+          "shape":"EstimatedCostTier",
+          "documentation":"<p>Specifies the estimated cost tier of the resiliency policy.</p>"
+        },
+        "policy":{
+          "shape":"DisruptionPolicy",
+          "documentation":"<p>The resiliency policy.</p>"
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "policyDescription":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The description for the policy.</p>"
+        },
+        "policyName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the policy</p>"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        },
+        "tier":{
+          "shape":"ResiliencyPolicyTier",
+          "documentation":"<p>The tier for this resiliency policy, ranging from the highest severity (<code>MissionCritical</code>) to lowest (<code>NonCritical</code>).</p>"
+        }
+      },
+      "documentation":"<p>Defines a resiliency policy.</p>"
+    },
+    "ResiliencyPolicyTier":{
+      "type":"string",
+      "enum":[
+        "MissionCritical",
+        "Critical",
+        "Important",
+        "CoreServices",
+        "NonCritical"
+      ]
+    },
+    "ResiliencyScore":{
+      "type":"structure",
+      "required":[
+        "disruptionScore",
+        "score"
+      ],
+      "members":{
+        "disruptionScore":{
+          "shape":"DisruptionResiliencyScore",
+          "documentation":"<p>The disruption score for a valid key.</p>"
+        },
+        "score":{
+          "shape":"Double",
+          "documentation":"<p>The outage score for a valid key.</p>"
+        }
+      },
+      "documentation":"<p>The overall resiliency score, returned as an object that includes the disruption score and outage score.</p>"
+    },
+    "ResolveAppVersionResourcesRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        }
+      }
+    },
+    "ResolveAppVersionResourcesResponse":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "resolutionId",
+        "status"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "resolutionId":{
+          "shape":"String255",
+          "documentation":"<p>The identifier for a specific resolution.</p>"
+        },
+        "status":{
+          "shape":"ResourceResolutionStatusType",
+          "documentation":"<p>The status of the action.</p>"
+        }
+      }
+    },
+    "ResourceId":{
+      "type":"string",
+      "pattern":".*"
+    },
+    "ResourceImportStatusType":{
+      "type":"string",
+      "enum":[
+        "Pending",
+        "InProgress",
+        "Failed",
+        "Success"
+      ]
+    },
+    "ResourceMapping":{
+      "type":"structure",
+      "required":[
+        "mappingType",
+        "physicalResourceId"
+      ],
+      "members":{
+        "appRegistryAppName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the application this resource is mapped to.</p>"
+        },
+        "logicalStackName":{
+          "shape":"String255",
+          "documentation":"<p>The name of the CloudFormation stack this resource is mapped to.</p>"
+        },
+        "mappingType":{
+          "shape":"ResourceMappingType",
+          "documentation":"<p>Specifies the type of resource mapping.</p> <dl> <dt>AppRegistryApp</dt> <dd> <p>The resource is mapped to another application. The name of the application is contained in the <code>appRegistryAppName</code> property.</p> </dd> <dt>CfnStack</dt> <dd> <p>The resource is mapped to a CloudFormation stack. The name of the CloudFormation stack is contained in the <code>logicalStackName</code> property.</p> </dd> <dt>Resource</dt> <dd> <p>The resource is mapped to another resource. The name of the resource is contained in the <code>resourceName</code> property.</p> </dd> <dt>ResourceGroup</dt> <dd> <p>The resource is mapped to a resource group. The name of the resource group is contained in the <code>resourceGroupName</code> property.</p> </dd> </dl>"
+        },
+        "physicalResourceId":{
+          "shape":"PhysicalResourceId",
+          "documentation":"<p>The identifier of this resource.</p>"
+        },
+        "resourceGroupName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the resource group this resource is mapped to.</p>"
+        },
+        "resourceName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the resource this resource is mapped to.</p>"
+        }
+      },
+      "documentation":"<p>Defines a resource mapping.</p>"
+    },
+    "ResourceMappingList":{
+      "type":"list",
+      "member":{"shape":"ResourceMapping"}
+    },
+    "ResourceMappingType":{
+      "type":"string",
+      "enum":[
+        "CfnStack",
+        "Resource",
+        "AppRegistryApp",
+        "ResourceGroup"
+      ]
+    },
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"},
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>The identifier of the resource that the exception applies to.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>The type of the resource that the exception applies to.</p>"
+        }
+      },
+      "documentation":"<p>The specified resource could not be found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceResolutionStatusType":{
+      "type":"string",
+      "enum":[
+        "Pending",
+        "InProgress",
+        "Failed",
+        "Success"
+      ]
+    },
+    "ResourceType":{
+      "type":"string",
+      "pattern":".*"
+    },
+    "RetryAfterSeconds":{
+      "type":"integer",
+      "box":true
+    },
+    "S3Location":{
+      "type":"structure",
+      "members":{
+        "bucket":{
+          "shape":"String500",
+          "documentation":"<p>The name of the Amazon S3 bucket.</p>"
+        },
+        "prefix":{
+          "shape":"String500",
+          "documentation":"<p>The prefix for the Amazon S3 bucket.</p>"
+        }
+      },
+      "documentation":"<p>The location of the Amazon S3 bucket.</p>"
+    },
+    "Seconds":{
+      "type":"integer",
+      "min":0
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"}
+      },
+      "documentation":"<p>You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "SopRecommendation":{
+      "type":"structure",
+      "required":[
+        "recommendationId",
+        "referenceId",
+        "serviceType"
+      ],
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The application component name.</p>"
+        },
+        "description":{
+          "shape":"String500",
+          "documentation":"<p>The description of the SOP recommendation.</p>"
+        },
+        "items":{
+          "shape":"RecommendationItemList",
+          "documentation":"<p>The recommendation items.</p>"
+        },
+        "name":{
+          "shape":"DocumentName",
+          "documentation":"<p>The name of the SOP recommendation.</p>"
+        },
+        "prerequisite":{
+          "shape":"String500",
+          "documentation":"<p>The prerequisite for the SOP recommendation.</p>"
+        },
+        "recommendationId":{
+          "shape":"Uuid",
+          "documentation":"<p>Identifier for the SOP recommendation.</p>"
+        },
+        "referenceId":{
+          "shape":"SpecReferenceId",
+          "documentation":"<p>The reference identifier for the SOP recommendation.</p>"
+        },
+        "serviceType":{
+          "shape":"SopServiceType",
+          "documentation":"<p>The service type.</p>"
+        }
+      },
+      "documentation":"<p>Defines a standard operating procedure (SOP) recommendation.</p>"
+    },
+    "SopRecommendationList":{
+      "type":"list",
+      "member":{"shape":"SopRecommendation"}
+    },
+    "SopServiceType":{
+      "type":"string",
+      "enum":["SSM"]
+    },
+    "SpecReferenceId":{
+      "type":"string",
+      "max":500,
+      "min":1
+    },
+    "StartAppAssessmentRequest":{
+      "type":"structure",
+      "required":[
+        "appArn",
+        "appVersion",
+        "assessmentName"
+      ],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "appVersion":{
+          "shape":"EntityVersion",
+          "documentation":"<p>The version of the application.</p>"
+        },
+        "assessmentName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name for the assessment.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Used for an idempotency token. A client token is a unique, case-sensitive string of up to 64 ASCII characters. You should not reuse the same client token for other API requests.</p>",
+          "idempotencyToken":true
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags assigned to the resource. A tag is a label that you assign to an Amazon Web Services resource. Each tag consists of a key/value pair.</p>"
+        }
+      }
+    },
+    "StartAppAssessmentResponse":{
+      "type":"structure",
+      "required":["assessment"],
+      "members":{
+        "assessment":{
+          "shape":"AppAssessment",
+          "documentation":"<p>The assessment created.</p>"
+        }
+      }
+    },
+    "String255":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
+    "String255List":{
+      "type":"list",
+      "member":{"shape":"String255"}
+    },
+    "String500":{
+      "type":"string",
+      "max":500,
+      "min":1
+    },
+    "SuggestedChangesList":{
+      "type":"list",
+      "member":{"shape":"EntityDescription"}
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:).+$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":50,
+      "min":1,
+      "sensitive":true
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"},
+      "max":50,
+      "min":1,
+      "sensitive":true
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource. </p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The tags to assign to the resource. Each tag consists of a key/value pair.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "TemplateFormat":{
+      "type":"string",
+      "enum":[
+        "CfnYaml",
+        "CfnJson"
+      ]
+    },
+    "TestRecommendation":{
+      "type":"structure",
+      "required":["referenceId"],
+      "members":{
+        "appComponentName":{
+          "shape":"EntityId",
+          "documentation":"<p>The name of the application component.</p>"
+        },
+        "description":{
+          "shape":"String500",
+          "documentation":"<p>The description for the test recommendation.</p>"
+        },
+        "intent":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The intent of the test recommendation.</p>"
+        },
+        "items":{
+          "shape":"RecommendationItemList",
+          "documentation":"<p>The test recommendation items.</p>"
+        },
+        "name":{
+          "shape":"DocumentName",
+          "documentation":"<p>The name of the test recommendation.</p>"
+        },
+        "prerequisite":{
+          "shape":"String500",
+          "documentation":"<p>The prerequisite of the test recommendation.</p>"
+        },
+        "recommendationId":{
+          "shape":"Uuid",
+          "documentation":"<p>Identifier for the test recommendation.</p>"
+        },
+        "referenceId":{
+          "shape":"SpecReferenceId",
+          "documentation":"<p>The reference identifier for the test recommendation.</p>"
+        },
+        "risk":{
+          "shape":"TestRisk",
+          "documentation":"<p>The level of risk for this test recommendation.</p>"
+        },
+        "type":{
+          "shape":"TestType",
+          "documentation":"<p>The type of test recommendation.</p>"
+        }
+      },
+      "documentation":"<p>Defines a test recommendation.</p>"
+    },
+    "TestRecommendationList":{
+      "type":"list",
+      "member":{"shape":"TestRecommendation"}
+    },
+    "TestRisk":{
+      "type":"string",
+      "enum":[
+        "Small",
+        "Medium",
+        "High"
+      ]
+    },
+    "TestType":{
+      "type":"string",
+      "enum":[
+        "Software",
+        "Hardware",
+        "AZ",
+        "Region"
+      ]
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"},
+        "retryAfterSeconds":{
+          "shape":"RetryAfterSeconds",
+          "documentation":"<p>The number of seconds to wait before retrying the operation.</p>"
+        }
+      },
+      "documentation":"<p>The limit on the number of requests per second was exceeded.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "TimeStamp":{"type":"timestamp"},
+    "UnsupportedResource":{
+      "type":"structure",
+      "required":[
+        "logicalResourceId",
+        "physicalResourceId",
+        "resourceType"
+      ],
+      "members":{
+        "logicalResourceId":{
+          "shape":"LogicalResourceId",
+          "documentation":"<p>The logical resource identifier for the unsupported resource.</p>"
+        },
+        "physicalResourceId":{
+          "shape":"PhysicalResourceId",
+          "documentation":"<p>The physical resource identifier for the unsupported resource.</p>"
+        },
+        "resourceType":{
+          "shape":"String255",
+          "documentation":"<p>The type of resource.</p>"
+        }
+      },
+      "documentation":"<p>Defines a resource that is not supported by Resilience Hub.</p>"
+    },
+    "UnsupportedResourceList":{
+      "type":"list",
+      "member":{"shape":"UnsupportedResource"}
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resource. </p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The keys of the tags to remove.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateAppRequest":{
+      "type":"structure",
+      "required":["appArn"],
+      "members":{
+        "appArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the application. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:app/<code>app-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "clearResiliencyPolicyArn":{
+          "shape":"BooleanOptional",
+          "documentation":"<p>Specifies if the resiliency policy ARN should be cleared.</p>"
+        },
+        "description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The optional description for an app.</p>"
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        }
+      }
+    },
+    "UpdateAppResponse":{
+      "type":"structure",
+      "required":["app"],
+      "members":{
+        "app":{
+          "shape":"App",
+          "documentation":"<p>The specified application, returned as an object with details including compliance status, creation time, description, resiliency score, and more.</p>"
+        }
+      }
+    },
+    "UpdateResiliencyPolicyRequest":{
+      "type":"structure",
+      "required":["policyArn"],
+      "members":{
+        "dataLocationConstraint":{
+          "shape":"DataLocationConstraint",
+          "documentation":"<p>Specifies a high-level geographical location constraint for where your resilience policy data can be stored.</p>"
+        },
+        "policy":{
+          "shape":"DisruptionPolicy",
+          "documentation":"<p>The type of resiliency policy to be created, including the recovery time objective (RTO) and recovery point objective (RPO) in seconds.</p>"
+        },
+        "policyArn":{
+          "shape":"Arn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the resiliency policy. The format for this ARN is: arn:<code>partition</code>:dcps:<code>region</code>:<code>account</code>:resiliency-policy/<code>policy-id</code>. For more information about ARNs, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\"> Amazon Resource Names (ARNs)</a> in the <i>AWS General Reference</i>.</p>"
+        },
+        "policyDescription":{
+          "shape":"EntityDescription",
+          "documentation":"<p>The description for the policy.</p>"
+        },
+        "policyName":{
+          "shape":"EntityName",
+          "documentation":"<p>The name of the policy</p>"
+        },
+        "tier":{
+          "shape":"ResiliencyPolicyTier",
+          "documentation":"<p>The tier for this resiliency policy, ranging from the highest severity (<code>MissionCritical</code>) to lowest (<code>NonCritical</code>).</p>"
+        }
+      }
+    },
+    "UpdateResiliencyPolicyResponse":{
+      "type":"structure",
+      "required":["policy"],
+      "members":{
+        "policy":{
+          "shape":"ResiliencyPolicy",
+          "documentation":"<p>The type of resiliency policy that was updated, including the recovery time objective (RTO) and recovery point objective (RPO) in seconds.</p>"
+        }
+      }
+    },
+    "Uuid":{
+      "type":"string",
+      "pattern":"^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$"
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"String500"}
+      },
+      "documentation":"<p>Indicates that a request was not valid.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    }
+  },
+  "documentation":"<p>AWS Resilience Hub helps you proactively prepare and protect your Amazon Web Services applications from disruptions. Resilience Hub offers continuous resiliency assessment and validation that integrates into your software development lifecycle. This enables you to uncover resiliency weaknesses, ensure recovery time objective (RTO) and recovery point objective (RPO) targets for your applications are met, and resolve issues before they are released into production. </p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/robomaker/2018-06-29/service-2.json b/contrib/python/botocore/py3/botocore/data/robomaker/2018-06-29/service-2.json
index 46dcbf36be6..8539d234e26 100644
--- a/contrib/python/botocore/py3/botocore/data/robomaker/2018-06-29/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/robomaker/2018-06-29/service-2.json
@@ -58,7 +58,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Cancels the specified deployment job.</p>"
+      "documentation":"<p>Cancels the specified deployment job.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CancelSimulationJob":{
       "name":"CancelSimulationJob",
@@ -141,7 +143,9 @@
         {"shape":"ConcurrentDeploymentException"},
         {"shape":"IdempotentParameterMismatchException"}
       ],
-      "documentation":"<p>Deploys a specific version of a robot application to robots in a fleet.</p> <p>The robot application must have a numbered <code>applicationVersion</code> for consistency reasons. To create a new version, use <code>CreateRobotApplicationVersion</code> or see <a href=\"https://docs.aws.amazon.com/robomaker/latest/dg/create-robot-application-version.html\">Creating a Robot Application Version</a>. </p> <note> <p>After 90 days, deployment jobs expire and will be deleted. They will no longer be accessible. </p> </note>"
+      "documentation":"<p>Deploys a specific version of a robot application to robots in a fleet.</p> <important> <p>This API is no longer supported and will throw an error if used.</p> </important> <p>The robot application must have a numbered <code>applicationVersion</code> for consistency reasons. To create a new version, use <code>CreateRobotApplicationVersion</code> or see <a href=\"https://docs.aws.amazon.com/robomaker/latest/dg/create-robot-application-version.html\">Creating a Robot Application Version</a>. </p> <note> <p>After 90 days, deployment jobs expire and will be deleted. They will no longer be accessible. </p> </note>",
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateFleet":{
       "name":"CreateFleet",
@@ -157,7 +161,9 @@
         {"shape":"ThrottlingException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Creates a fleet, a logical group of robots running the same robot application.</p>"
+      "documentation":"<p>Creates a fleet, a logical group of robots running the same robot application.</p> <important> <p>This API is no longer supported and will throw an error if used.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateRobot":{
       "name":"CreateRobot",
@@ -174,7 +180,9 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceAlreadyExistsException"}
       ],
-      "documentation":"<p>Creates a robot.</p>"
+      "documentation":"<p>Creates a robot.</p> <important> <p>This API is no longer supported and will throw an error if used.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateRobotApplication":{
       "name":"CreateRobotApplication",
@@ -333,7 +341,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Deletes a fleet.</p>"
+      "documentation":"<p>Deletes a fleet.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteRobot":{
       "name":"DeleteRobot",
@@ -348,7 +358,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Deletes a robot.</p>"
+      "documentation":"<p>Deletes a robot.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteRobotApplication":{
       "name":"DeleteRobotApplication",
@@ -410,7 +422,9 @@
         {"shape":"ThrottlingException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Deregisters a robot.</p>"
+      "documentation":"<p>Deregisters a robot.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeDeploymentJob":{
       "name":"DescribeDeploymentJob",
@@ -426,7 +440,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Describes a deployment job.</p>"
+      "documentation":"<p>Describes a deployment job.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeFleet":{
       "name":"DescribeFleet",
@@ -442,7 +458,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Describes a fleet.</p>"
+      "documentation":"<p>Describes a fleet.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeRobot":{
       "name":"DescribeRobot",
@@ -458,7 +476,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Describes a robot.</p>"
+      "documentation":"<p>Describes a robot.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeRobotApplication":{
       "name":"DescribeRobotApplication",
@@ -617,7 +637,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Returns a list of deployment jobs for a fleet. You can optionally provide filters to retrieve specific deployment jobs. </p>"
+      "documentation":"<p>Returns a list of deployment jobs for a fleet. You can optionally provide filters to retrieve specific deployment jobs.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListFleets":{
       "name":"ListFleets",
@@ -633,7 +655,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Returns a list of fleets. You can optionally provide filters to retrieve specific fleets. </p>"
+      "documentation":"<p>Returns a list of fleets. You can optionally provide filters to retrieve specific fleets.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListRobotApplications":{
       "name":"ListRobotApplications",
@@ -664,7 +688,9 @@
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Returns a list of robots. You can optionally provide filters to retrieve specific robots.</p>"
+      "documentation":"<p>Returns a list of robots. You can optionally provide filters to retrieve specific robots.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListSimulationApplications":{
       "name":"ListSimulationApplications",
@@ -801,7 +827,9 @@
         {"shape":"LimitExceededException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Registers a robot with a fleet.</p>"
+      "documentation":"<p>Registers a robot with a fleet.</p> <important> <p>This API is no longer supported and will throw an error if used.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "RestartSimulationJob":{
       "name":"RestartSimulationJob",
@@ -854,7 +882,9 @@
         {"shape":"ConcurrentDeploymentException"},
         {"shape":"IdempotentParameterMismatchException"}
       ],
-      "documentation":"<p>Syncrhonizes robots in a fleet to the latest deployment. This is helpful if robots were added after a deployment.</p>"
+      "documentation":"<p>Syncrhonizes robots in a fleet to the latest deployment. This is helpful if robots were added after a deployment.</p> <important> <p>This API will no longer be supported as of May 2, 2022. Use it to remove resources that were created for Deployment Service.</p> </important>",
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "TagResource":{
       "name":"TagResource",
@@ -1027,12 +1057,16 @@
           "shape":"Arn",
           "documentation":"<p>The deployment job ARN to cancel.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CancelDeploymentJobResponse":{
       "type":"structure",
       "members":{
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CancelSimulationJobBatchRequest":{
       "type":"structure",
@@ -1191,7 +1225,9 @@
           "shape":"TagMap",
           "documentation":"<p>A map that contains tag keys and tag values that are attached to the deployment job.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateDeploymentJobResponse":{
       "type":"structure",
@@ -1232,7 +1268,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the deployment job.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateFleetRequest":{
       "type":"structure",
@@ -1246,7 +1284,9 @@
           "shape":"TagMap",
           "documentation":"<p>A map that contains tag keys and tag values that are attached to the fleet.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateFleetResponse":{
       "type":"structure",
@@ -1267,7 +1307,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the fleet.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateRobotApplicationRequest":{
       "type":"structure",
@@ -1422,7 +1464,9 @@
           "shape":"TagMap",
           "documentation":"<p>A map that contains tag keys and tag values that are attached to the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateRobotResponse":{
       "type":"structure",
@@ -1451,7 +1495,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "CreateSimulationApplicationRequest":{
       "type":"structure",
@@ -2019,12 +2065,16 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteFleetResponse":{
       "type":"structure",
       "members":{
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteRobotApplicationRequest":{
       "type":"structure",
@@ -2053,12 +2103,16 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteRobotResponse":{
       "type":"structure",
       "members":{
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeleteSimulationApplicationRequest":{
       "type":"structure",
@@ -2281,7 +2335,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DeregisterRobotResponse":{
       "type":"structure",
@@ -2294,7 +2350,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeDeploymentJobRequest":{
       "type":"structure",
@@ -2304,7 +2362,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the deployment job.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeDeploymentJobResponse":{
       "type":"structure",
@@ -2349,7 +2409,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the specified deployment job.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeFleetRequest":{
       "type":"structure",
@@ -2359,7 +2421,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the fleet.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeFleetResponse":{
       "type":"structure",
@@ -2396,7 +2460,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the specified fleet.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeRobotApplicationRequest":{
       "type":"structure",
@@ -2465,7 +2531,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the robot to be described.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeRobotResponse":{
       "type":"structure",
@@ -2510,7 +2578,9 @@
           "shape":"TagMap",
           "documentation":"<p>The list of all tags added to the specified robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "DescribeSimulationApplicationRequest":{
       "type":"structure",
@@ -3243,7 +3313,9 @@
           "shape":"MaxResults",
           "documentation":"<p>When this parameter is used, <code>ListDeploymentJobs</code> only returns <code>maxResults</code> results in a single page along with a <code>nextToken</code> response element. The remaining results of the initial request can be seen by sending another <code>ListDeploymentJobs</code> request with the returned <code>nextToken</code> value. This value can be between 1 and 200. If this parameter is not used, then <code>ListDeploymentJobs</code> returns up to 200 results and a <code>nextToken</code> value if applicable. </p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListDeploymentJobsResponse":{
       "type":"structure",
@@ -3256,7 +3328,9 @@
           "shape":"PaginationToken",
           "documentation":"<p>If the previous paginated request did not return all of the remaining results, the response object's <code>nextToken</code> parameter value is set to a token. To retrieve the next set of results, call <code>ListDeploymentJobs</code> again and assign that token to the request object's <code>nextToken</code> parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null. </p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListFleetsRequest":{
       "type":"structure",
@@ -3273,7 +3347,9 @@
           "shape":"Filters",
           "documentation":"<p>Optional filters to limit results.</p> <p>The filter name <code>name</code> is supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListFleetsResponse":{
       "type":"structure",
@@ -3286,7 +3362,9 @@
           "shape":"PaginationToken",
           "documentation":"<p>If the previous paginated request did not return all of the remaining results, the response object's <code>nextToken</code> parameter value is set to a token. To retrieve the next set of results, call <code>ListFleets</code> again and assign that token to the request object's <code>nextToken</code> parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null. </p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListRobotApplicationsRequest":{
       "type":"structure",
@@ -3337,7 +3415,9 @@
           "shape":"Filters",
           "documentation":"<p>Optional filters to limit results.</p> <p>The filter names <code>status</code> and <code>fleetName</code> are supported. When filtering, you must use the complete value of the filtered item. You can use up to three filters, but they must be for the same named item. For example, if you are looking for items with the status <code>Registered</code> or the status <code>Available</code>.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListRobotsResponse":{
       "type":"structure",
@@ -3350,7 +3430,9 @@
           "shape":"PaginationToken",
           "documentation":"<p>If the previous paginated request did not return all of the remaining results, the response object's <code>nextToken</code> parameter value is set to a token. To retrieve the next set of results, call <code>ListRobots</code> again and assign that token to the request object's <code>nextToken</code> parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null. </p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "ListSimulationApplicationsRequest":{
       "type":"structure",
@@ -3750,7 +3832,9 @@
           "shape":"Arn",
           "documentation":"<p>The Amazon Resource Name (ARN) of the robot.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "RegisterRobotResponse":{
       "type":"structure",
@@ -3763,7 +3847,9 @@
           "shape":"Arn",
           "documentation":"<p>Information about the robot registration.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"AWS RoboMaker is unable to process this request as the support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "RenderingEngine":{
       "type":"structure",
@@ -4694,7 +4780,9 @@
           "shape":"Arn",
           "documentation":"<p>The target fleet for the synchronization.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "SyncDeploymentJobResponse":{
       "type":"structure",
@@ -4731,7 +4819,9 @@
           "shape":"CreatedAt",
           "documentation":"<p>The time, in milliseconds since the epoch, when the fleet was created.</p>"
         }
-      }
+      },
+      "deprecated":true,
+      "deprecatedMessage":"Support for the AWS RoboMaker application deployment feature has ended. For additional information, see https://docs.aws.amazon.com/robomaker/latest/dg/fleets.html."
     },
     "TagKey":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json b/contrib/python/botocore/py3/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json
index b9cb25ff29e..fc752eede82 100644
--- a/contrib/python/botocore/py3/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/route53-recovery-control-config/2020-11-02/service-2.json
@@ -55,7 +55,7 @@
           "documentation": "<p>409 response - ConflictException. You might be using a predefined variable.</p>"
         }
       ],
-      "documentation": "<p>Create a new cluster. A cluster is a set of redundant Regional endpoints against which you can run API calls to update or get the state of one or more routing controls. Each cluster has a name, status, Amazon Resource Name (ARN), and an array of the five cluster endpoints (one for each supported Amazon Web Services Region) that you can use with API calls to the Amazon Route 53 Application Recovery Controller cluster data plane.</p>"
+      "documentation": "<p>Create a new cluster. A cluster is a set of redundant Regional endpoints against which you can run API calls to update or get the state of one or more routing controls. Each cluster has a name, status, Amazon Resource Name (ARN), and an array of the five cluster endpoints (one for each supported Amazon Web Services Region) that you can use with API calls to the cluster data plane.</p>"
     },
     "CreateControlPanel": {
       "name": "CreateControlPanel",
@@ -101,7 +101,7 @@
           "documentation": "<p>409 response - ConflictException. You might be using a predefined variable.</p>"
         }
       ],
-      "documentation": "<p>Creates a new control panel. A control panel represents a group of routing controls that can be changed together in a single transaction. You can use a control panel to centrally view the operational status of applications across your organization, and trigger multi-app failovers in a single transaction, for example, to fail over an Availability Zone or AWS Region.</p>"
+      "documentation": "<p>Creates a new control panel. A control panel represents a group of routing controls that can be changed together in a single transaction. You can use a control panel to centrally view the operational status of applications across your organization, and trigger multi-app failovers in a single transaction, for example, to fail over an Availability Zone or Amazon Web Services Region.</p>"
     },
     "CreateRoutingControl": {
       "name": "CreateRoutingControl",
@@ -173,7 +173,7 @@
           "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>"
         }
       ],
-      "documentation": "<p>Creates a safety rule in a control panel. Safety rules let you add safeguards around enabling and disabling routing controls, to help prevent unexpected outcomes.</p> <p>There are two types of safety rules: assertion rules and gating rules.</p> <p>Assertion rule: An assertion rule enforces that, when a routing control state is changed, the criteria set by the rule configuration is met. Otherwise, the change to the routing control is not accepted.</p> <p>Gating rule: A gating rule verifies that a set of gating controls evaluates as true, based on a rule configuration that you specify. If the gating rule evaluates to true, Amazon Route 53 Application Recovery Controller allows a set of routing control state changes to run and complete against the set of target controls.</p>"
+      "documentation": "<p>Creates a safety rule in a control panel. Safety rules let you add safeguards around changing routing control states, and for enabling and disabling routing controls, to help prevent unexpected outcomes.</p> <p>There are two types of safety rules: assertion rules and gating rules.</p> <p>Assertion rule: An assertion rule enforces that, when you change a routing control state, that a certain criteria is met. For example, the criteria might be that at least one routing control state is On after the transation so that traffic continues to flow to at least one cell for the application. This ensures that you avoid a fail-open scenario.</p> <p>Gating rule: A gating rule lets you configure a gating routing control as an overall \"on/off\" switch for a group of routing controls. Or, you can configure more complex gating scenarios, for example by configuring multiple gating routing controls.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/r53recovery/latest/dg/routing-control.safety-rules.html\">Safety rules</a> in the Amazon Route 53 Application Recovery Controller Developer Guide.</p>"
     },
     "DeleteCluster": {
       "name": "DeleteCluster",
@@ -481,7 +481,7 @@
           "documentation": "<p>404 response - MalformedQueryString. The query string contains a syntax error or resource not found.</p>"
         }
       ],
-      "documentation": "<p>Describes the safety rules (that is, the assertion rules and gating rules) for the routing controls in a control panel.</p>"
+      "documentation": "<p>Returns information about a safety rule.</p>"
     },
     "ListAssociatedRoute53HealthChecks": {
       "name": "ListAssociatedRoute53HealthChecks",
@@ -587,7 +587,7 @@
           "documentation": "<p>403 response - AccessDeniedException. You do not hace sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "<p>Returns an array of control panels for a cluster.</p>"
+      "documentation": "<p>Returns an array of control panels in an account or in a cluster.</p>"
     },
     "ListRoutingControls": {
       "name": "ListRoutingControls",
@@ -665,6 +665,96 @@
       ],
       "documentation": "<p>List the safety rules (the assertion rules and gating rules) that you've defined for the routing controls in a control panel.</p>"
     },
+    "ListTagsForResource": {
+      "name": "ListTagsForResource",
+      "http": {
+        "method": "GET",
+        "requestUri": "/tags/{ResourceArn}",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "ListTagsForResourceRequest"
+      },
+      "output": {
+        "shape": "ListTagsForResourceResponse",
+        "documentation": "<p>200 response - Success.</p>"
+      },
+      "errors": [
+        {
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - MalformedQueryString. The query string contains a syntax error or resource not found.</p>"
+        },
+        {
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you used parameters together incorrectly.</p>"
+        },
+        {
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>"
+        }
+      ],
+      "documentation": "<p>Lists the tags for a resource.</p>"
+    },
+    "TagResource": {
+      "name": "TagResource",
+      "http": {
+        "method": "POST",
+        "requestUri": "/tags/{ResourceArn}",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "TagResourceRequest"
+      },
+      "output": {
+        "shape": "TagResourceResponse",
+        "documentation": "<p>200 response - Success.</p>"
+      },
+      "errors": [
+        {
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - MalformedQueryString. The query string contains a syntax error or resource not found.</p>"
+        },
+        {
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you used parameters together incorrectly.</p>"
+        },
+        {
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>"
+        }
+      ],
+      "documentation": "<p>Adds a tag to a resource.</p>"
+    },
+    "UntagResource": {
+      "name": "UntagResource",
+      "http": {
+        "method": "DELETE",
+        "requestUri": "/tags/{ResourceArn}",
+        "responseCode": 200
+      },
+      "input": {
+        "shape": "UntagResourceRequest"
+      },
+      "output": {
+        "shape": "UntagResourceResponse",
+        "documentation": "<p>200 response - Success.</p>"
+      },
+      "errors": [
+        {
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - MalformedQueryString. The query string contains a syntax error or resource not found.</p>"
+        },
+        {
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you used parameters together incorrectly.</p>"
+        },
+        {
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>"
+        }
+      ],
+      "documentation": "<p>Removes a tag from a resource.</p>"
+    },
     "UpdateControlPanel": {
       "name": "UpdateControlPanel",
       "http": {
@@ -777,19 +867,19 @@
           "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>"
         }
       ],
-      "documentation": "<p>Update a safety rule (an assertion rule or gating rule) for the routing controls in a control panel. You can only update the name and the waiting period for a safety rule. To make other updates, delete the safety rule and create a new safety rule.</p>"
+      "documentation": "<p>Update a safety rule (an assertion rule or gating rule). You can only update the name and the waiting period for a safety rule. To make other updates, delete the safety rule and create a new one.</p>"
     }
   },
   "shapes": {
     "AccessDeniedException": {
       "type": "structure",
-      "documentation": "<p>403 response - AccessDeniedException. You do not have sufficient access to perform this action.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>403 response - You do not have sufficient access to perform this action.</p>",
       "required": [
         "Message"
       ],
@@ -802,11 +892,11 @@
       "type": "structure",
       "members": {
         "AssertedControls": {
-          "shape": "__listOf__string",
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The routing controls that are part of transactions that are evaluated to determine if a request to change a routing control state is allowed. For example, you might include three routing controls, one for each of three Amazon Web Services Regions.</p>"
         },
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "Name": {
@@ -815,10 +905,10 @@
         },
         "RuleConfig": {
           "shape": "RuleConfig",
-          "documentation": "<p>The criteria that you set for specific assertion controls (routing controls) that designate how many controls must be enabled as the result of a transaction. For example, if you have three assertion controls, you might specify atleast 2 for your rule configuration. This means that at least two assertion controls must be enabled, so that at least two Amazon Web Services Regions are enabled.</p>"
+          "documentation": "<p>The criteria that you set for specific assertion routing controls (AssertedControls) that designate how many routing control states must be ON as the result of a transaction. For example, if you have three assertion routing controls, you might specify atleast 2 for your rule configuration. This means that at least two assertion routing control states must be ON, so that at least two Amazon Web Services Regions have traffic flowing to them.</p>"
         },
         "SafetyRuleArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the assertion rule.</p>"
         },
         "Status": {
@@ -830,7 +920,7 @@
           "documentation": "<p>An evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail. This helps prevent \"flapping\" of state. The wait period is 5000 ms by default, but you can choose a custom value.</p>"
         }
       },
-      "documentation": "<p>An assertion rule enforces that, when a routing control state is changed, the criteria set by the rule configuration is met. Otherwise, the change to the routing control is not accepted.</p>",
+      "documentation": "<p>An assertion rule enforces that, when you change a routing control state, that the criteria that you set in the rule configuration is met. Otherwise, the change to the routing control is not accepted. For example, the criteria might be that at least one routing control state is On after the transation so that traffic continues to flow to at least one cell for the application. This ensures that you avoid a fail-open scenario.</p>",
       "required": [
         "Status",
         "ControlPanelArn",
@@ -849,7 +939,7 @@
           "documentation": "<p>The name of the assertion rule. You can use any non-white space character in the name.</p>"
         },
         "SafetyRuleArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the assertion rule.</p>"
         },
         "WaitPeriodMs": {
@@ -866,15 +956,14 @@
     },
     "Cluster": {
       "type": "structure",
-      "documentation": "<p>A cluster is a set of five consensus-forming Regional endpoints that represent the infrastructure that hosts your routing controls. Typically, you host together on one cluster all of the routing controls for your applications.</p>",
       "members": {
         "ClusterArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the cluster.</p>"
         },
         "ClusterEndpoints": {
           "shape": "__listOfClusterEndpoint",
-          "documentation": "<p>Endpoints for a cluster. Specify one of these endpoints when you want to set or retrieve a routing control state in the cluster.</p> <p>To get or update the routing control state, see the Amazon Route 53 Application Recovery Controller Cluster (Data Plane) Actions.</p>"
+          "documentation": "<p>Endpoints for a cluster. Specify one of these endpoints when you want to set or retrieve a routing control state in the cluster.</p> <p>To get or update the routing control state, see the Amazon Route 53 Application Recovery Controller Routing Control Actions.</p>"
         },
         "Name": {
           "shape": "__stringMin1Max64PatternS",
@@ -884,17 +973,18 @@
           "shape": "Status",
           "documentation": "<p>Deployment status of a resource. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.</p>"
         }
-      }
+      },
+      "documentation": "<p>A set of five redundant Regional endpoints against which you can execute API calls to update or get the state of routing controls. You can host multiple control panels and routing controls on one cluster.</p>"
     },
     "ClusterEndpoint": {
       "type": "structure",
       "members": {
         "Endpoint": {
-          "shape": "__stringMin1Max128",
-          "documentation": "<p>A cluster endpoint. Specify an endpoint and Amazon Web Services Region when you want to set or retrieve a routing control state in the cluster.</p> <p>To get or update the routing control state, see the Amazon Route 53 Application Recovery Controller Cluster (Data Plane) Actions.</p>"
+          "shape": "__stringMin1Max128PatternAZaZ09",
+          "documentation": "<p>A cluster endpoint. Specify an endpoint and Amazon Web Services Region when you want to set or retrieve a routing control state in the cluster.</p> <p>To get or update the routing control state, see the Amazon Route 53 Application Recovery Controller Routing Control Actions.</p>"
         },
         "Region": {
-          "shape": "__stringMin1Max32",
+          "shape": "__stringMin1Max32PatternS",
           "documentation": "<p>The Amazon Web Services Region for a cluster endpoint.</p>"
         }
       },
@@ -902,13 +992,13 @@
     },
     "ConflictException": {
       "type": "structure",
-      "documentation": "<p>409 response - ConflictException.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>409 response - ConflictException. You might be using a predefined variable.</p>",
       "required": [
         "Message"
       ],
@@ -921,11 +1011,11 @@
       "type": "structure",
       "members": {
         "ClusterArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the cluster that includes the control panel.</p>"
         },
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "DefaultControlPanel": {
@@ -951,13 +1041,17 @@
       "type": "structure",
       "members": {
         "ClientToken": {
-          "shape": "__stringMax64",
-          "idempotencyToken": true,
-          "documentation": "<p>Unique client idempotency token.</p>"
+          "shape": "__stringMin1Max64PatternS",
+          "documentation": "<p>A unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request with an action, specify a client token in the request.</p>",
+          "idempotencyToken": true
         },
         "ClusterName": {
           "shape": "__stringMin1Max64PatternS",
           "documentation": "<p>The name of the cluster.</p>"
+        },
+        "Tags": {
+          "shape": "__mapOf__stringMin0Max256PatternS",
+          "documentation": "<p>The tags associated with the cluster.</p>"
         }
       },
       "documentation": "<p>Creates a cluster.</p>",
@@ -978,17 +1072,21 @@
       "type": "structure",
       "members": {
         "ClientToken": {
-          "shape": "__stringMax64",
-          "documentation": "<p>Unique client idempotency token.</p>",
+          "shape": "__stringMin1Max64PatternS",
+          "documentation": "<p>A unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request with an action, specify a client token in the request.</p>",
           "idempotencyToken": true
         },
         "ClusterArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the cluster for the control panel.</p>"
         },
         "ControlPanelName": {
           "shape": "__stringMin1Max64PatternS",
           "documentation": "<p>The name of the control panel.</p>"
+        },
+        "Tags": {
+          "shape": "__mapOf__stringMin0Max256PatternS",
+          "documentation": "<p>The tags associated with the control panel.</p>"
         }
       },
       "documentation": "<p>The details of the control panel that you're creating.</p>",
@@ -1010,16 +1108,16 @@
       "type": "structure",
       "members": {
         "ClientToken": {
-          "shape": "__stringMax64",
-          "documentation": "<p>Unique client idempotency token.</p>",
+          "shape": "__stringMin1Max64PatternS",
+          "documentation": "<p>A unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request with an action, specify a client token in the request.</p>",
           "idempotencyToken": true
         },
         "ClusterArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the cluster that includes the routing control.</p>"
         },
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that includes the routing control.</p>"
         },
         "RoutingControlName": {
@@ -1046,15 +1144,21 @@
       "type": "structure",
       "members": {
         "AssertionRule": {
-          "shape": "NewAssertionRule"
+          "shape": "NewAssertionRule",
+          "documentation": "<p>The assertion rule requested.</p>"
         },
         "ClientToken": {
-          "shape": "__stringMax64",
-          "documentation": "<p>Unique client idempotency token.</p>",
+          "shape": "__stringMin1Max64PatternS",
+          "documentation": "<p>A unique, case-sensitive string of up to 64 ASCII characters. To make an idempotent API request with an action, specify a client token in the request.</p>",
           "idempotencyToken": true
         },
         "GatingRule": {
-          "shape": "NewGatingRule"
+          "shape": "NewGatingRule",
+          "documentation": "<p>The gating rule requested.</p>"
+        },
+        "Tags": {
+          "shape": "__mapOf__stringMin0Max256PatternS",
+          "documentation": "<p>The tags associated with the safety rule.</p>"
         }
       },
       "documentation": "<p>The request body that you include when you create a safety rule.</p>"
@@ -1063,10 +1167,12 @@
       "type": "structure",
       "members": {
         "AssertionRule": {
-          "shape": "AssertionRule"
+          "shape": "AssertionRule",
+          "documentation": "<p>The assertion rule created.</p>"
         },
         "GatingRule": {
-          "shape": "GatingRule"
+          "shape": "GatingRule",
+          "documentation": "<p>The gating rule created.</p>"
         }
       }
     },
@@ -1095,7 +1201,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "ControlPanelArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that you're deleting.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         }
       },
       "required": [
@@ -1131,7 +1237,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "SafetyRuleArn",
-          "documentation": "<p>The request body that you include when you update a safety rule.</p>"
+          "documentation": "<p>The ARN of the safety rule.</p>"
         }
       },
       "required": [
@@ -1149,7 +1255,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "ClusterArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the cluster that you're getting details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the cluster.</p>"
         }
       },
       "required": [
@@ -1172,7 +1278,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "ControlPanelArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that you're getting details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         }
       },
       "required": [
@@ -1195,7 +1301,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "RoutingControlArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the routing control that you're getting details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the routing control.</p>"
         }
       },
       "required": [
@@ -1218,7 +1324,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "SafetyRuleArn",
-          "documentation": "<p>The request body that you include when you update a safety rule.</p>"
+          "documentation": "<p>The ARN of the safety rule.</p>"
         }
       },
       "required": [
@@ -1229,10 +1335,12 @@
       "type": "structure",
       "members": {
         "AssertionRule": {
-          "shape": "AssertionRule"
+          "shape": "AssertionRule",
+          "documentation": "<p>The assertion rule in the response.</p>"
         },
         "GatingRule": {
-          "shape": "GatingRule"
+          "shape": "GatingRule",
+          "documentation": "<p>The gating rule in the response.</p>"
         }
       }
     },
@@ -1240,23 +1348,23 @@
       "type": "structure",
       "members": {
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "GatingControls": {
-          "shape": "__listOf__string",
-          "documentation": "<p>The gating controls for the gating rule. That is, routing controls that are evaluated by the rule configuration that you specify.</p>"
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
+          "documentation": "<p>An array of gating routing control Amazon Resource Names (ARNs). For a simple \"on/off\" switch, specify the ARN for one routing control. The gating routing controls are evaluated by the rule configuration that you specify to determine if the target routing control states can be changed.</p>"
         },
         "Name": {
           "shape": "__stringMin1Max64PatternS",
-          "documentation": "<p>The name for the gating rule.</p>"
+          "documentation": "<p>The name for the gating rule. You can use any non-white space character in the name.</p>"
         },
         "RuleConfig": {
           "shape": "RuleConfig",
-          "documentation": "<p>The criteria that you set for specific gating controls (routing controls) that designates how many controls must be enabled to allow you to change (set or unset) the target controls.</p>"
+          "documentation": "<p>The criteria that you set for gating routing controls that designates how many of the routing control states must be ON to allow you to update target routing control states.</p>"
         },
         "SafetyRuleArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the gating rule.</p>"
         },
         "Status": {
@@ -1264,15 +1372,15 @@
           "documentation": "<p>The deployment status of a gating rule. Status can be one of the following: PENDING, DEPLOYED, PENDING_DELETION.</p>"
         },
         "TargetControls": {
-          "shape": "__listOf__string",
-          "documentation": "<p>Routing controls that can only be set or unset if the specified RuleConfig evaluates to true for the specified GatingControls. For example, say you have three gating controls, one for each of three Amazon Web Services Regions. Now you specify ATLEAST 2 as your RuleConfig. With these settings, you can only change (set or unset) the routing controls that you have specified as TargetControls if that rule evaluates to true.</p> <p>In other words, your ability to change the routing controls that you have specified as TargetControls is gated by the rule that you set for the routing controls in GatingControls.</p>"
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
+          "documentation": "<p>An array of target routing control Amazon Resource Names (ARNs) for which the states can only be updated if the rule configuration that you specify evaluates to true for the gating routing control. As a simple example, if you have a single gating control, it acts as an overall \"on/off\" switch for a set of target routing controls. You can use this to manually override automated fail over, for example.</p>"
         },
         "WaitPeriodMs": {
           "shape": "__integer",
           "documentation": "<p>An evaluation period, in milliseconds (ms), during which any request against the target routing controls will fail. This helps prevent \"flapping\" of state. The wait period is 5000 ms by default, but you can choose a custom value.</p>"
         }
       },
-      "documentation": "<p>A gating rule verifies that a set of gating controls evaluates as true, based on a rule configuration that you specify. If the gating rule evaluates to true, Amazon Route 53 Application Recovery Controller allows a set of routing control state changes to run and complete against the set of target controls.</p>",
+      "documentation": "<p>A gating rule verifies that a gating routing control or set of gating rounting controls, evaluates as true, based on a rule configuration that you specify, which allows a set of routing control state changes to complete.</p> <p>For example, if you specify one gating routing control and you set the Type in the rule configuration to OR, that indicates that you must set the gating routing control to On for the rule to evaluate as true; that is, for the gating control \"switch\" to be \"On\". When you do that, then you can update the routing control states for the target routing controls that you specify in the gating rule.</p>",
       "required": [
         "Status",
         "TargetControls",
@@ -1289,10 +1397,10 @@
       "members": {
         "Name": {
           "shape": "__stringMin1Max64PatternS",
-          "documentation": "<p>The name for the gating rule.</p>"
+          "documentation": "<p>The name for the gating rule. You can use any non-white space character in the name.</p>"
         },
         "SafetyRuleArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the gating rule.</p>"
         },
         "WaitPeriodMs": {
@@ -1309,13 +1417,13 @@
     },
     "InternalServerException": {
       "type": "structure",
-      "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>500 response - InternalServiceError. Temporary service error. Retry the request.</p>",
       "required": [
         "Message"
       ],
@@ -1343,7 +1451,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "RoutingControlArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the routing control that you're getting details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the routing control.</p>"
         }
       },
       "required": [
@@ -1354,12 +1462,12 @@
       "type": "structure",
       "members": {
         "HealthCheckIds": {
-          "shape": "__listOf__string",
+          "shape": "__listOf__stringMax36PatternS",
           "documentation": "<p>Identifiers for the health checks.</p>"
         },
         "NextToken": {
-          "shape": "__stringMax8096",
-          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
+          "shape": "__stringMin1Max8096PatternS",
+          "documentation": "<p>Next token for listing health checks.</p>"
         }
       }
     },
@@ -1388,7 +1496,7 @@
           "documentation": "<p>An array of the clusters in an account.</p>"
         },
         "NextToken": {
-          "shape": "__stringMax8096",
+          "shape": "__stringMin1Max8096PatternS",
           "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
@@ -1424,7 +1532,7 @@
           "documentation": "<p>The result of a successful ListControlPanel request.</p>"
         },
         "NextToken": {
-          "shape": "__stringMax8096",
+          "shape": "__stringMin1Max8096PatternS",
           "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
@@ -1436,7 +1544,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "ControlPanelArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that you're getting routing control details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "MaxResults": {
           "shape": "MaxResults",
@@ -1459,7 +1567,7 @@
       "type": "structure",
       "members": {
         "NextToken": {
-          "shape": "__stringMax8096",
+          "shape": "__stringMin1Max8096PatternS",
           "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "RoutingControls": {
@@ -1475,7 +1583,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "ControlPanelArn",
-          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that you're getting details for.</p>"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "MaxResults": {
           "shape": "MaxResults",
@@ -1498,7 +1606,7 @@
       "type": "structure",
       "members": {
         "NextToken": {
-          "shape": "__stringMax8096",
+          "shape": "__stringMin1Max8096PatternS",
           "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "SafetyRules": {
@@ -1507,6 +1615,29 @@
         }
       }
     },
+    "ListTagsForResourceRequest": {
+      "type": "structure",
+      "members": {
+        "ResourceArn": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "ResourceArn",
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource that's tagged.</p>"
+        }
+      },
+      "required": [
+        "ResourceArn"
+      ]
+    },
+    "ListTagsForResourceResponse": {
+      "type": "structure",
+      "members": {
+        "Tags": {
+          "shape": "__mapOf__stringMin0Max256PatternS",
+          "documentation": "<p>The tags associated with the resource.</p>"
+        }
+      }
+    },
     "MaxResults": {
       "type": "integer",
       "min": 1,
@@ -1516,11 +1647,11 @@
       "type": "structure",
       "members": {
         "AssertedControls": {
-          "shape": "__listOf__string",
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The routing controls that are part of transactions that are evaluated to determine if a request to change a routing control state is allowed. For example, you might include three routing controls, one for each of three Amazon Web Services Regions.</p>"
         },
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) for the control panel.</p>"
         },
         "Name": {
@@ -1529,7 +1660,7 @@
         },
         "RuleConfig": {
           "shape": "RuleConfig",
-          "documentation": "<p>The criteria that you set for specific assertion controls (routing controls) that designate how many controls must be enabled as the result of a transaction. For example, if you have three assertion controls, you might specify atleast 2 for your rule configuration. This means that at least two assertion controls must be enabled, so that at least two Amazon Web Services Regions are enabled.</p>"
+          "documentation": "<p>The criteria that you set for specific assertion controls (routing controls) that designate how many control states must be ON as the result of a transaction. For example, if you have three assertion controls, you might specify ATLEAST 2for your rule configuration. This means that at least two assertion controls must be ON, so that at least two Amazon Web Services Regions have traffic flowing to them.</p>"
         },
         "WaitPeriodMs": {
           "shape": "__integer",
@@ -1549,11 +1680,11 @@
       "type": "structure",
       "members": {
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "GatingControls": {
-          "shape": "__listOf__string",
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The gating controls for the new gating rule. That is, routing controls that are evaluated by the rule configuration that you specify.</p>"
         },
         "Name": {
@@ -1562,10 +1693,10 @@
         },
         "RuleConfig": {
           "shape": "RuleConfig",
-          "documentation": "<p>The criteria that you set for specific gating controls (routing controls) that designates how many controls must be enabled to allow you to change (set or unset) the target controls.</p>"
+          "documentation": "<p>The criteria that you set for specific gating controls (routing controls) that designates how many control states must be ON to allow you to change (set or unset) the target control states.</p>"
         },
         "TargetControls": {
-          "shape": "__listOf__string",
+          "shape": "__listOf__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>Routing controls that can only be set or unset if the specified RuleConfig evaluates to true for the specified GatingControls. For example, say you have three gating controls, one for each of three Amazon Web Services Regions. Now you specify AtLeast 2 as your RuleConfig. With these settings, you can only change (set or unset) the routing controls that you have specified as TargetControls if that rule evaluates to true.</p> <p>In other words, your ability to change the routing controls that you have specified as TargetControls is gated by the rule that you set for the routing controls in GatingControls.</p>"
         },
         "WaitPeriodMs": {
@@ -1585,13 +1716,13 @@
     },
     "ResourceNotFoundException": {
       "type": "structure",
-      "documentation": "<p>404 response - The query string contains a syntax error or resource not found.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>404 response - MalformedQueryString. The query string contains a syntax error or resource not found..</p>",
       "required": [
         "Message"
       ],
@@ -1604,7 +1735,7 @@
       "type": "structure",
       "members": {
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel that includes the routing control.</p>"
         },
         "Name": {
@@ -1612,7 +1743,7 @@
           "documentation": "<p>The name of the routing control.</p>"
         },
         "RoutingControlArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the routing control.</p>"
         },
         "Status": {
@@ -1627,11 +1758,11 @@
       "members": {
         "ASSERTION": {
           "shape": "AssertionRule",
-          "documentation": "<p>An assertion rule enforces that, when a routing control state is changed, the criteria set by the rule configuration is met. Otherwise, the change to the routing control is not accepted.</p>"
+          "documentation": "<p>An assertion rule enforces that, when a routing control state is changed, the criteria set by the rule configuration is met. Otherwise, the change to the routing control state is not accepted. For example, the criteria might be that at least one routing control state is On after the transation so that traffic continues to flow to at least one cell for the application. This ensures that you avoid a fail-open scenario.</p>"
         },
         "GATING": {
           "shape": "GatingRule",
-          "documentation": "<p>A gating rule verifies that a set of gating controls evaluates as true, based on a rule configuration that you specify. If the gating rule evaluates to true, Amazon Route 53 Application Recovery Controller allows a set of routing control state changes to run and complete against the set of target controls.</p>"
+          "documentation": "<p>A gating rule verifies that a gating routing control or set of gating rounting controls, evaluates as true, based on a rule configuration that you specify, which allows a set of routing control state changes to complete.</p> <p>For example, if you specify one gating routing control and you set the Type in the rule configuration to OR, that indicates that you must set the gating routing control to On for the rule to evaluate as true; that is, for the gating control \"switch\" to be \"On\". When you do that, then you can update the routing control states for the target routing controls that you specify in the gating rule.</p>"
         }
       },
       "documentation": "<p>A safety rule. A safety rule can be an assertion rule or a gating rule.</p>"
@@ -1652,7 +1783,7 @@
           "documentation": "<p>A rule can be one of the following: ATLEAST, AND, or OR.</p>"
         }
       },
-      "documentation": "<p>The rule configuration for an assertion rule. That is, the criteria that you set for specific assertion controls (routing controls) that specify how many controls must be enabled after a transaction completes.</p>",
+      "documentation": "<p>The rule configuration for an assertion rule. That is, the criteria that you set for specific assertion controls (routing controls) that specify how many control states must be ON after a transaction completes.</p>",
       "required": [
         "Type",
         "Inverted",
@@ -1670,13 +1801,13 @@
     },
     "ServiceQuotaExceededException": {
       "type": "structure",
-      "documentation": "<p>402 response</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>402 response - You attempted to create more resources than the service allows based on service quotas.</p>",
       "required": [
         "Message"
       ],
@@ -1694,15 +1825,39 @@
         "PENDING_DELETION"
       ]
     },
+    "TagResourceRequest": {
+      "type": "structure",
+      "members": {
+        "ResourceArn": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "ResourceArn",
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource that's tagged.</p>"
+        },
+        "Tags": {
+          "shape": "__mapOf__stringMin0Max256PatternS",
+          "documentation": "<p>The tags associated with the resource.</p>"
+        }
+      },
+      "documentation": "<p>Request of adding tag to the resource</p>",
+      "required": [
+        "ResourceArn",
+        "Tags"
+      ]
+    },
+    "TagResourceResponse": {
+      "type": "structure",
+      "members": {}
+    },
     "ThrottlingException": {
       "type": "structure",
-      "documentation": "<p>429 response - ThrottlingException.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>429 response - LimitExceededException or TooManyRequestsException.</p>",
       "required": [
         "Message"
       ],
@@ -1711,11 +1866,36 @@
         "httpStatusCode": 429
       }
     },
+    "UntagResourceRequest": {
+      "type": "structure",
+      "members": {
+        "ResourceArn": {
+          "shape": "__string",
+          "location": "uri",
+          "locationName": "ResourceArn",
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource that's tagged.</p>"
+        },
+        "TagKeys": {
+          "shape": "__listOf__string",
+          "location": "querystring",
+          "locationName": "TagKeys",
+          "documentation": "<p>Keys for the tags to be removed.</p>"
+        }
+      },
+      "required": [
+        "ResourceArn",
+        "TagKeys"
+      ]
+    },
+    "UntagResourceResponse": {
+      "type": "structure",
+      "members": {}
+    },
     "UpdateControlPanelRequest": {
       "type": "structure",
       "members": {
         "ControlPanelArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the control panel.</p>"
         },
         "ControlPanelName": {
@@ -1742,7 +1922,7 @@
       "type": "structure",
       "members": {
         "RoutingControlArn": {
-          "shape": "__string",
+          "shape": "__stringMin1Max256PatternAZaZ09",
           "documentation": "<p>The Amazon Resource Name (ARN) of the routing control.</p>"
         },
         "RoutingControlName": {
@@ -1769,33 +1949,38 @@
       "type": "structure",
       "members": {
         "AssertionRuleUpdate": {
-          "shape": "AssertionRuleUpdate"
+          "shape": "AssertionRuleUpdate",
+          "documentation": "<p>The assertion rule to update.</p>"
         },
         "GatingRuleUpdate": {
-          "shape": "GatingRuleUpdate"
+          "shape": "GatingRuleUpdate",
+          "documentation": "<p>The gating rule to update.</p>"
         }
-      }
+      },
+      "documentation": "<p>A rule that you add to Application Recovery Controller to ensure that recovery actions don't accidentally impair your application's availability.</p>"
     },
     "UpdateSafetyRuleResponse": {
       "type": "structure",
       "members": {
         "AssertionRule": {
-          "shape": "AssertionRule"
+          "shape": "AssertionRule",
+          "documentation": "<p>The assertion rule updated.</p>"
         },
         "GatingRule": {
-          "shape": "GatingRule"
+          "shape": "GatingRule",
+          "documentation": "<p>The gating rule updated.</p>"
         }
       }
     },
     "ValidationException": {
       "type": "structure",
-      "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you used parameters together incorrectly.</p>",
       "members": {
         "Message": {
           "shape": "__string",
           "locationName": "message"
         }
       },
+      "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string and input parameter might be out of range, or you might have used parameters together incorrectly.</p>",
       "required": [
         "Message"
       ],
@@ -1849,29 +2034,61 @@
         "shape": "__string"
       }
     },
+    "__listOf__stringMax36PatternS": {
+      "type": "list",
+      "member": {
+        "shape": "__stringMax36PatternS"
+      }
+    },
+    "__listOf__stringMin1Max256PatternAZaZ09": {
+      "type": "list",
+      "member": {
+        "shape": "__stringMin1Max256PatternAZaZ09"
+      }
+    },
     "__long": {
       "type": "long"
     },
+    "__mapOf__stringMin0Max256PatternS": {
+      "type": "map",
+      "key": {
+        "shape": "__string"
+      },
+      "value": {
+        "shape": "__stringMin0Max256PatternS"
+      }
+    },
     "__string": {
       "type": "string"
     },
-    "__stringMax64": {
+    "__stringMax36PatternS": {
       "type": "string",
-      "max": 64
+      "max": 36,
+      "pattern": "^\\S+$"
     },
-    "__stringMax8096": {
+    "__stringMin0Max256PatternS": {
       "type": "string",
-      "max": 8096
+      "min": 0,
+      "max": 256,
+      "pattern": "^\\S+$"
     },
-    "__stringMin1Max128": {
+    "__stringMin1Max128PatternAZaZ09": {
       "type": "string",
       "min": 1,
-      "max": 128
+      "max": 128,
+      "pattern": "^[A-Za-z0-9:.\\/_-]*$"
     },
-    "__stringMin1Max32": {
+    "__stringMin1Max256PatternAZaZ09": {
       "type": "string",
       "min": 1,
-      "max": 32
+      "max": 256,
+      "pattern": "^[A-Za-z0-9:\\/_-]*$"
+    },
+    "__stringMin1Max32PatternS": {
+      "type": "string",
+      "min": 1,
+      "max": 32,
+      "pattern": "^\\S+$"
     },
     "__stringMin1Max64PatternS": {
       "type": "string",
@@ -1879,6 +2096,12 @@
       "max": 64,
       "pattern": "^\\S+$"
     },
+    "__stringMin1Max8096PatternS": {
+      "type": "string",
+      "min": 1,
+      "max": 8096,
+      "pattern": "[\\S]*"
+    },
     "__timestampIso8601": {
       "type": "timestamp",
       "timestampFormat": "iso8601"
diff --git a/contrib/python/botocore/py3/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json b/contrib/python/botocore/py3/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json
index 9c251eb1762..e130ccf0005 100644
--- a/contrib/python/botocore/py3/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/route53-recovery-readiness/2019-12-02/service-2.json
@@ -23,26 +23,31 @@
       },
       "output": {
         "shape": "CreateCellResponse",
-        "documentation": "Result of a CreateCell call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "ConflictException"
+          "shape": "ConflictException",
+          "documentation": "<p>409 response - Conflict exception. You might be using a predefined variable.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Creates a new Cell."
+      "documentation": "<p>Creates a cell in an account.</p>"
     },
     "CreateCrossAccountAuthorization": {
       "name": "CreateCrossAccountAuthorization",
@@ -56,26 +61,31 @@
       },
       "output": {
         "shape": "CreateCrossAccountAuthorizationResponse",
-        "documentation": "Result of a CreateCrossAccountAuthorization call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "ConflictException"
+          "shape": "ConflictException",
+          "documentation": "<p>409 response - Conflict exception. You might be using a predefined variable.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Create a new cross account readiness authorization."
+      "documentation": "<p>Creates a cross-account readiness authorization. This lets you authorize another account to work with Route 53 Application Recovery Controller, for example, to check the readiness status of resources in a separate account.</p>"
     },
     "CreateReadinessCheck": {
       "name": "CreateReadinessCheck",
@@ -89,26 +99,31 @@
       },
       "output": {
         "shape": "CreateReadinessCheckResponse",
-        "documentation": "Result of a CreateReadinessCheck call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "ConflictException"
+          "shape": "ConflictException",
+          "documentation": "<p>409 response - Conflict exception. You might be using a predefined variable.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Creates a new Readiness Check."
+      "documentation": "<p>Creates a readiness check in an account. A readiness check monitors a resource set in your application, such as a set of Amazon Aurora instances, that Application Recovery Controller is auditing recovery readiness for. The audits run once every minute on every resource that's associated with a readiness check.</p>"
     },
     "CreateRecoveryGroup": {
       "name": "CreateRecoveryGroup",
@@ -122,26 +137,31 @@
       },
       "output": {
         "shape": "CreateRecoveryGroupResponse",
-        "documentation": "Result of a CreateRecoveryGroup call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "ConflictException"
+          "shape": "ConflictException",
+          "documentation": "<p>409 response - Conflict exception. You might be using a predefined variable.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Creates a new Recovery Group."
+      "documentation": "<p>Creates a recovery group in an account. A recovery group corresponds to an application and includes a list of the cells that make up the application.</p>"
     },
     "CreateResourceSet": {
       "name": "CreateResourceSet",
@@ -155,26 +175,31 @@
       },
       "output": {
         "shape": "CreateResourceSetResponse",
-        "documentation": "Result of a CreateResourceSet call"
+        "documentation": "<p>200 response</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "ConflictException"
+          "shape": "ConflictException",
+          "documentation": "<p>409 response - Conflict exception. You might be using a predefined variable.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Creates a new Resource Set."
+      "documentation": "<p>Creates a resource set. A resource set is a set of resources of one type that span multiple cells. You can associate a resource set with a readiness check to monitor the resources for failover readiness.</p>"
     },
     "DeleteCell": {
       "name": "DeleteCell",
@@ -188,22 +213,27 @@
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Deletes an existing Cell."
+      "documentation": "<p>Delete a cell. When successful, the response code is 204, with no response body.</p>"
     },
     "DeleteCrossAccountAuthorization": {
       "name": "DeleteCrossAccountAuthorization",
@@ -217,23 +247,27 @@
       },
       "output": {
         "shape": "DeleteCrossAccountAuthorizationResponse",
-        "documentation": "Result of a DeleteCrossAccountAuthorization call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Delete cross account readiness authorization"
+      "documentation": "<p>Deletes cross account readiness authorization.</p>"
     },
     "DeleteReadinessCheck": {
       "name": "DeleteReadinessCheck",
@@ -247,22 +281,27 @@
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Deletes an existing Readiness Check."
+      "documentation": "<p>Deletes a readiness check.</p>"
     },
     "DeleteRecoveryGroup": {
       "name": "DeleteRecoveryGroup",
@@ -276,22 +315,27 @@
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Deletes an existing Recovery Group."
+      "documentation": "<p>Deletes a recovery group.</p>"
     },
     "DeleteResourceSet": {
       "name": "DeleteResourceSet",
@@ -305,22 +349,27 @@
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Deletes an existing Resource Set."
+      "documentation": "<p>Deletes a resource set.</p>"
     },
     "GetArchitectureRecommendations": {
       "name": "GetArchitectureRecommendations",
@@ -334,26 +383,31 @@
       },
       "output": {
         "shape": "GetArchitectureRecommendationsResponse",
-        "documentation": "Result of a GetArchitectureRecommendations call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of recommendations to improve resilliance and readiness check quality for a Recovery Group."
+      "documentation": "<p>Gets recommendations about architecture designs for improving resiliency for an application, based on a recovery group.</p>"
     },
     "GetCell": {
       "name": "GetCell",
@@ -367,26 +421,31 @@
       },
       "output": {
         "shape": "GetCellResponse",
-        "documentation": "Result of a GetCell call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about a Cell."
+      "documentation": "<p>Gets information about a cell including cell name, cell Amazon Resource Name (ARN), ARNs of nested cells for this cell, and a list of those cell ARNs with their associated recovery group ARNs.</p>"
     },
     "GetCellReadinessSummary": {
       "name": "GetCellReadinessSummary",
@@ -400,26 +459,31 @@
       },
       "output": {
         "shape": "GetCellReadinessSummaryResponse",
-        "documentation": "Result of a GetCellReadinessSummary call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about readiness of a Cell."
+      "documentation": "<p>Gets readiness for a cell. Aggregates the readiness of all the resources that are associated with the cell into a single value.</p>"
     },
     "GetReadinessCheck": {
       "name": "GetReadinessCheck",
@@ -433,26 +497,31 @@
       },
       "output": {
         "shape": "GetReadinessCheckResponse",
-        "documentation": "Result of a GetReadinessCheck call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about a ReadinessCheck."
+      "documentation": "<p>Gets details about a readiness check.</p>"
     },
     "GetReadinessCheckResourceStatus": {
       "name": "GetReadinessCheckResourceStatus",
@@ -466,26 +535,31 @@
       },
       "output": {
         "shape": "GetReadinessCheckResourceStatusResponse",
-        "documentation": "Result of a GetReadinessCheckResourceStatus call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns detailed information about the status of an individual resource within a Readiness Check's Resource Set."
+      "documentation": "<p>Gets individual readiness status for a readiness check. To see the overall readiness status for a recovery group, that considers the readiness status for all the readiness checks in the recovery group, use GetRecoveryGroupReadinessSummary.</p>"
     },
     "GetReadinessCheckStatus": {
       "name": "GetReadinessCheckStatus",
@@ -499,26 +573,31 @@
       },
       "output": {
         "shape": "GetReadinessCheckStatusResponse",
-        "documentation": "Result of a GetReadinessCheckStatus call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about the status of a Readiness Check."
+      "documentation": "<p>Gets the readiness status for an individual readiness check. To see the overall readiness status for a recovery group, that considers the readiness status for all the readiness checks in a recovery group, use GetRecoveryGroupReadinessSummary.</p>"
     },
     "GetRecoveryGroup": {
       "name": "GetRecoveryGroup",
@@ -532,26 +611,31 @@
       },
       "output": {
         "shape": "GetRecoveryGroupResponse",
-        "documentation": "Result of a GetRecoveryGroup call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about a Recovery Group."
+      "documentation": "<p>Gets details about a recovery group, including a list of the cells that are included in it.</p>"
     },
     "GetRecoveryGroupReadinessSummary": {
       "name": "GetRecoveryGroupReadinessSummary",
@@ -565,26 +649,31 @@
       },
       "output": {
         "shape": "GetRecoveryGroupReadinessSummaryResponse",
-        "documentation": "Result of a GetRecoveryGroupReadinessSummary call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about a Recovery Group."
+      "documentation": "<p>Displays a summary of information about a recovery group's readiness status. Includes the readiness checks for resources in the recovery group and the readiness status of each one.</p>"
     },
     "GetResourceSet": {
       "name": "GetResourceSet",
@@ -598,26 +687,31 @@
       },
       "output": {
         "shape": "GetResourceSetResponse",
-        "documentation": "Result of a GetResourceSets call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns information about a Resource Set."
+      "documentation": "<p>Displays the details about a resource set, including a list of the resources in the set.</p>"
     },
     "ListCells": {
       "name": "ListCells",
@@ -631,23 +725,27 @@
       },
       "output": {
         "shape": "ListCellsResponse",
-        "documentation": "Result of a ListCells call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of Cells."
+      "documentation": "<p>Lists the cells for an account.</p>"
     },
     "ListCrossAccountAuthorizations": {
       "name": "ListCrossAccountAuthorizations",
@@ -661,23 +759,27 @@
       },
       "output": {
         "shape": "ListCrossAccountAuthorizationsResponse",
-        "documentation": "Result of a ListCrossAccountAuthorizations call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of cross account readiness authorizations."
+      "documentation": "<p>Lists the cross-account readiness authorizations that are in place for an account.</p>"
     },
     "ListReadinessChecks": {
       "name": "ListReadinessChecks",
@@ -691,23 +793,27 @@
       },
       "output": {
         "shape": "ListReadinessChecksResponse",
-        "documentation": "Result of a ListReadinessChecks call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of Readiness Checks."
+      "documentation": "<p>Lists the readiness checks for an account.</p>"
     },
     "ListRecoveryGroups": {
       "name": "ListRecoveryGroups",
@@ -721,23 +827,27 @@
       },
       "output": {
         "shape": "ListRecoveryGroupsResponse",
-        "documentation": "Result of a ListRecoveryGroups call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of Recovery Groups."
+      "documentation": "<p>Lists the recovery groups in an account.</p>"
     },
     "ListResourceSets": {
       "name": "ListResourceSets",
@@ -751,23 +861,27 @@
       },
       "output": {
         "shape": "ListResourceSetsResponse",
-        "documentation": "Result of a ListResourceSets call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of Resource Sets."
+      "documentation": "<p>Lists the resource sets in an account.</p>"
     },
     "ListRules": {
       "name": "ListRules",
@@ -781,23 +895,27 @@
       },
       "output": {
         "shape": "ListRulesResponse",
-        "documentation": "Result of a ListRules call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Returns a collection of rules that are applied as part of Readiness Checks."
+      "documentation": "<p>Lists all readiness rules, or lists the readiness rules for a specific resource type.</p>"
     },
     "ListTagsForResources": {
       "name": "ListTagsForResources",
@@ -811,23 +929,23 @@
       },
       "output": {
         "shape": "ListTagsForResourcesResponse",
-        "documentation": "200 response"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
           "shape": "ResourceNotFoundException",
-          "documentation": "requested resource was not found"
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
           "shape": "ValidationException",
-          "documentation": "an invalid request"
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
           "shape": "InternalServerException",
-          "documentation": "Internal service error"
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         }
       ],
-      "documentation": "Returns a list of the tags assigned to the specified resource."
+      "documentation": "<p>Lists the tags for a resource.</p>"
     },
     "TagResource": {
       "name": "TagResource",
@@ -841,23 +959,23 @@
       },
       "output": {
         "shape": "TagResourceResponse",
-        "documentation": "200 response"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
           "shape": "ResourceNotFoundException",
-          "documentation": "requested resource was not found"
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
           "shape": "ValidationException",
-          "documentation": "an invalid request"
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
           "shape": "InternalServerException",
-          "documentation": "Internal service error"
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         }
       ],
-      "documentation": "Adds tags to the specified resource. You can specify one or more tags to add."
+      "documentation": "<p>Adds a tag to a resource.</p>"
     },
     "UntagResource": {
       "name": "UntagResource",
@@ -872,18 +990,18 @@
       "errors": [
         {
           "shape": "ResourceNotFoundException",
-          "documentation": "requested resource was not found"
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
           "shape": "ValidationException",
-          "documentation": "an invalid request"
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
           "shape": "InternalServerException",
-          "documentation": "Internal service error"
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         }
       ],
-      "documentation": "Removes tags from the specified resource. You can specify one or more tags to remove."
+      "documentation": "<p>Removes a tag from a resource.</p>"
     },
     "UpdateCell": {
       "name": "UpdateCell",
@@ -897,26 +1015,31 @@
       },
       "output": {
         "shape": "UpdateCellResponse",
-        "documentation": "Result of a UpdateCell call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Updates an existing Cell."
+      "documentation": "<p>Updates a cell to replace the list of nested cells with a new list of nested cells.</p>"
     },
     "UpdateReadinessCheck": {
       "name": "UpdateReadinessCheck",
@@ -930,26 +1053,31 @@
       },
       "output": {
         "shape": "UpdateReadinessCheckResponse",
-        "documentation": "Result of a UpdateReadinessChecks call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Updates an exisiting Readiness Check."
+      "documentation": "<p>Updates a readiness check.</p>"
     },
     "UpdateRecoveryGroup": {
       "name": "UpdateRecoveryGroup",
@@ -963,26 +1091,31 @@
       },
       "output": {
         "shape": "UpdateRecoveryGroupResponse",
-        "documentation": "Result of a UpdateRecoveryGroups call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Updates an existing Recovery Group."
+      "documentation": "<p>Updates a recovery group.</p>"
     },
     "UpdateResourceSet": {
       "name": "UpdateResourceSet",
@@ -996,26 +1129,31 @@
       },
       "output": {
         "shape": "UpdateResourceSetResponse",
-        "documentation": "Result of a UpdateResourceSets call"
+        "documentation": "<p>200 response - Success.</p>"
       },
       "errors": [
         {
-          "shape": "ResourceNotFoundException"
+          "shape": "ResourceNotFoundException",
+          "documentation": "<p>404 response - Malformed query string. The query string contains a syntax error or resource not found.</p>"
         },
         {
-          "shape": "ThrottlingException"
+          "shape": "ThrottlingException",
+          "documentation": "<p>429 response - Limit exceeded exception or too many requests exception.</p>"
         },
         {
-          "shape": "ValidationException"
+          "shape": "ValidationException",
+          "documentation": "<p>400 response - Multiple causes. For example, you might have a malformed query string, an input parameter might be out of range, or you used parameters together incorrectly.</p>"
         },
         {
-          "shape": "InternalServerException"
+          "shape": "InternalServerException",
+          "documentation": "<p>500 response - Internal service error or temporary service error. Retry the request.</p>"
         },
         {
-          "shape": "AccessDeniedException"
+          "shape": "AccessDeniedException",
+          "documentation": "<p>403 response - Access denied exception. You do not have sufficient access to perform this action.</p>"
         }
       ],
-      "documentation": "Updates an existing Resource Set."
+      "documentation": "<p>Updates a resource set.</p>"
     }
   },
   "shapes": {
@@ -1039,29 +1177,30 @@
         "CellArn": {
           "shape": "__stringMax256",
           "locationName": "cellArn",
-          "documentation": "The arn for the Cell"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the cell.</p>"
         },
         "CellName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "cellName",
-          "documentation": "The name of the Cell"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of cell ARNs.</p>"
         },
         "ParentReadinessScopes": {
           "shape": "__listOf__string",
           "locationName": "parentReadinessScopes",
-          "documentation": "A list of Cell ARNs and/or RecoveryGroup ARNs"
+          "documentation": "<p>The readiness scope for the cell, which can be a cell Amazon Resource Name (ARN) or a recovery group ARN. This is a list but currently can have only one element.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>Tags on the resources.</p>"
         }
       },
-      "documentation": "A Cell and its properties",
+      "documentation": "<p>Information about a cell.</p>",
       "required": [
         "ParentReadinessScopes",
         "CellArn",
@@ -1089,19 +1228,18 @@
         "CellName": {
           "shape": "__string",
           "locationName": "cellName",
-          "documentation": "The name of the Cell to create"
+          "documentation": "<p>The name of the cell to create.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns contained within this Cell (for use in nested Cells, e.g. regions within which AZs)"
+          "documentation": "<p>A list of cell Amazon Resource Names (ARNs) contained within this cell, for use in nested cells. For example, Availability Zones within specific Amazon Web Services Regions.</p>"
         },
         "Tags": {
           "shape": "Tags",
           "locationName": "tags"
         }
       },
-      "documentation": "The Cell to create",
       "required": [
         "CellName"
       ]
@@ -1112,26 +1250,27 @@
         "CellArn": {
           "shape": "__stringMax256",
           "locationName": "cellArn",
-          "documentation": "The arn for the Cell"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the cell.</p>"
         },
         "CellName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "cellName",
-          "documentation": "The name of the Cell"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of cell ARNs.</p>"
         },
         "ParentReadinessScopes": {
           "shape": "__listOf__string",
           "locationName": "parentReadinessScopes",
-          "documentation": "A list of Cell ARNs and/or RecoveryGroup ARNs"
+          "documentation": "<p>The readiness scope for the cell, which can be a cell Amazon Resource Name (ARN) or a recovery group ARN. This is a list but currently can have only one element.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>Tags on the resources.</p>"
         }
       }
     },
@@ -1141,10 +1280,9 @@
         "CrossAccountAuthorization": {
           "shape": "CrossAccountAuthorization",
           "locationName": "crossAccountAuthorization",
-          "documentation": "The cross account authorization"
+          "documentation": "<p>The cross-account authorization.</p>"
         }
       },
-      "documentation": "The cross account authorization",
       "required": [
         "CrossAccountAuthorization"
       ]
@@ -1155,7 +1293,7 @@
         "CrossAccountAuthorization": {
           "shape": "CrossAccountAuthorization",
           "locationName": "crossAccountAuthorization",
-          "documentation": "The cross account authorization"
+          "documentation": "<p>The cross-account authorization.</p>"
         }
       }
     },
@@ -1165,19 +1303,18 @@
         "ReadinessCheckName": {
           "shape": "__string",
           "locationName": "readinessCheckName",
-          "documentation": "The name of the ReadinessCheck to create"
+          "documentation": "<p>The name of the readiness check to create.</p>"
         },
         "ResourceSetName": {
           "shape": "__string",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet to check"
+          "documentation": "<p>The name of the resource set to check.</p>"
         },
         "Tags": {
           "shape": "Tags",
           "locationName": "tags"
         }
       },
-      "documentation": "The ReadinessCheck to create",
       "required": [
         "ResourceSetName",
         "ReadinessCheckName"
@@ -1189,17 +1326,17 @@
         "ReadinessCheckArn": {
           "shape": "__stringMax256",
           "locationName": "readinessCheckArn",
-          "documentation": "Arn associated with ReadinessCheck"
+          "documentation": "<p>The Amazon Resource Name (ARN) associated with a readiness check.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "readinessCheckName",
-          "documentation": "Name for a ReadinessCheck"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceSet": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSet",
-          "documentation": "Name of the ResourceSet to be checked"
+          "documentation": "<p>Name of the resource set to be checked.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -1213,19 +1350,18 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of the cell Amazon Resource Names (ARNs) in the recovery group.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__string",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup to create"
+          "documentation": "<p>The name of the recovery group to create.</p>"
         },
         "Tags": {
           "shape": "Tags",
           "locationName": "tags"
         }
       },
-      "documentation": "The RecoveryGroup to create",
       "required": [
         "RecoveryGroupName"
       ]
@@ -1236,21 +1372,22 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of a cell's Amazon Resource Names (ARNs).</p>"
         },
         "RecoveryGroupArn": {
           "shape": "__stringMax256",
           "locationName": "recoveryGroupArn",
-          "documentation": "The arn for the RecoveryGroup"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the recovery group.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup"
+          "documentation": "<p>The name of the recovery group.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>The tags associated with the recovery group.</p>"
         }
       }
     },
@@ -1260,24 +1397,24 @@
         "ResourceSetName": {
           "shape": "__string",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet to create"
+          "documentation": "<p>The name of the resource set to create.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects in the resource set.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>A tag to associate with the parameters for a resource set.</p>"
         }
       },
-      "documentation": "The ResourceSet to create",
       "required": [
         "ResourceSetType",
         "ResourceSetName",
@@ -1290,22 +1427,22 @@
         "ResourceSetArn": {
           "shape": "__stringMax256",
           "locationName": "resourceSetArn",
-          "documentation": "The arn for the ResourceSet"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource set.</p>"
         },
         "ResourceSetName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet"
+          "documentation": "<p>The name of the resource set.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource Type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -1315,7 +1452,7 @@
     },
     "CrossAccountAuthorization": {
       "type": "string",
-      "documentation": "A cross-account authorization, e.g. arn:aws:iam::123456789012:root"
+      "documentation": "<p>CrossAccountAuthorization</p>"
     },
     "DNSTargetResource": {
       "type": "structure",
@@ -1323,29 +1460,30 @@
         "DomainName": {
           "shape": "__string",
           "locationName": "domainName",
-          "documentation": "The DNS Name that acts as ingress point to a portion of application"
+          "documentation": "<p>The domain name that acts as an ingress point to a portion of the customer application.</p>"
         },
         "HostedZoneArn": {
           "shape": "__string",
           "locationName": "hostedZoneArn",
-          "documentation": "The Hosted Zone ARN that contains the DNS record with the provided name of target resource."
+          "documentation": "<p>The hosted zone Amazon Resource Name (ARN) that contains the DNS record with the provided name of the target resource.</p>"
         },
         "RecordSetId": {
           "shape": "__string",
           "locationName": "recordSetId",
-          "documentation": "The R53 Set Id to uniquely identify a record given a Name and a Type"
+          "documentation": "<p>The Route 53 record set ID that uniquely identifies a DNS record, given a name and a type.</p>"
         },
         "RecordType": {
           "shape": "__string",
           "locationName": "recordType",
-          "documentation": "The Type of DNS Record of target resource"
+          "documentation": "<p>The type of DNS record of the target resource.</p>"
         },
         "TargetResource": {
           "shape": "TargetResource",
-          "locationName": "targetResource"
+          "locationName": "targetResource",
+          "documentation": "<p>The target resource of the DNS target resource.</p>"
         }
       },
-      "documentation": "A component for DNS/Routing Control Readiness Checks"
+      "documentation": "<p>A component for DNS/routing control readiness checks and architecture checks.</p>"
     },
     "DeleteCellRequest": {
       "type": "structure",
@@ -1354,7 +1492,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "cellName",
-          "documentation": "The Cell to delete"
+          "documentation": "<p>The name of the cell.</p>"
         }
       },
       "required": [
@@ -1368,7 +1506,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "crossAccountAuthorization",
-          "documentation": "The cross account authorization"
+          "documentation": "<p>The cross-account authorization.</p>"
         }
       },
       "required": [
@@ -1386,7 +1524,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "readinessCheckName",
-          "documentation": "The ReadinessCheck to delete"
+          "documentation": "<p>Name of a readiness check.</p>"
         }
       },
       "required": [
@@ -1400,7 +1538,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "recoveryGroupName",
-          "documentation": "The RecoveryGroup to delete"
+          "documentation": "<p>The name of a recovery group.</p>"
         }
       },
       "required": [
@@ -1414,7 +1552,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resourceSetName",
-          "documentation": "The ResourceSet to delete"
+          "documentation": "<p>Name of a resource set.</p>"
         }
       },
       "required": [
@@ -1428,19 +1566,19 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__string",
           "location": "uri",
           "locationName": "recoveryGroupName",
-          "documentation": "Name of RecoveryGroup (top level resource) to be analyzed."
+          "documentation": "<p>The name of a recovery group.</p>"
         }
       },
       "required": [
@@ -1453,17 +1591,17 @@
         "LastAuditTimestamp": {
           "shape": "LastAuditTimestamp",
           "locationName": "lastAuditTimestamp",
-          "documentation": "The time a Recovery Group was last assessed for recommendations in UTC ISO-8601 format."
+          "documentation": "<p>The time that a recovery group was last assessed for recommendations, in UTC ISO-8601 format.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection"
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Recommendations": {
           "shape": "__listOfRecommendation",
           "locationName": "recommendations",
-          "documentation": "A list of recommendations for the customer's application"
+          "documentation": "<p>A list of the recommendations for the customer's application.</p>"
         }
       }
     },
@@ -1474,19 +1612,19 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "cellName",
-          "documentation": "The name of the Cell"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "MaxResults": {
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       },
       "required": [
@@ -1499,17 +1637,17 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness at Cell level."
+          "documentation": "<p>The readiness at a cell level.</p>"
         },
         "ReadinessChecks": {
           "shape": "__listOfReadinessCheckSummary",
           "locationName": "readinessChecks",
-          "documentation": "Summaries for the ReadinessChecks making up the Cell"
+          "documentation": "<p>Summaries for the readiness checks that make up the cell.</p>"
         }
       }
     },
@@ -1520,7 +1658,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "cellName",
-          "documentation": "The Cell to get"
+          "documentation": "<p>The name of the cell.</p>"
         }
       },
       "required": [
@@ -1533,26 +1671,27 @@
         "CellArn": {
           "shape": "__stringMax256",
           "locationName": "cellArn",
-          "documentation": "The arn for the Cell"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the cell.</p>"
         },
         "CellName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "cellName",
-          "documentation": "The name of the Cell"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of cell ARNs.</p>"
         },
         "ParentReadinessScopes": {
           "shape": "__listOf__string",
           "locationName": "parentReadinessScopes",
-          "documentation": "A list of Cell ARNs and/or RecoveryGroup ARNs"
+          "documentation": "<p>The readiness scope for the cell, which can be a cell Amazon Resource Name (ARN) or a recovery group ARN. This is a list but currently can have only one element.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>Tags on the resources.</p>"
         }
       }
     },
@@ -1563,7 +1702,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "readinessCheckName",
-          "documentation": "The ReadinessCheck to get"
+          "documentation": "<p>Name of a readiness check.</p>"
         }
       },
       "required": [
@@ -1577,25 +1716,25 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__string",
           "location": "uri",
           "locationName": "readinessCheckName",
-          "documentation": "The ReadinessCheck to get"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceIdentifier": {
           "shape": "__string",
           "location": "uri",
           "locationName": "resourceIdentifier",
-          "documentation": "The resource ARN or component Id to get"
+          "documentation": "<p>The resource identifier, which is the Amazon Resource Name (ARN) or the identifier generated for the resource by Application Recovery Controller (for example, for a DNS target resource).</p>"
         }
       },
       "required": [
@@ -1609,17 +1748,17 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness at rule level."
+          "documentation": "<p>The readiness at a rule level.</p>"
         },
         "Rules": {
           "shape": "__listOfRuleResult",
           "locationName": "rules",
-          "documentation": "Details of the rules's results"
+          "documentation": "<p>Details of the rule's results.</p>"
         }
       }
     },
@@ -1629,17 +1768,17 @@
         "ReadinessCheckArn": {
           "shape": "__stringMax256",
           "locationName": "readinessCheckArn",
-          "documentation": "Arn associated with ReadinessCheck"
+          "documentation": "<p>The Amazon Resource Name (ARN) associated with a readiness check.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "readinessCheckName",
-          "documentation": "Name for a ReadinessCheck"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceSet": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSet",
-          "documentation": "Name of the ResourceSet to be checked"
+          "documentation": "<p>Name of the resource set to be checked.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -1654,19 +1793,19 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__string",
           "location": "uri",
           "locationName": "readinessCheckName",
-          "documentation": "The ReadinessCheck to get"
+          "documentation": "<p>Name of a readiness check.</p>"
         }
       },
       "required": [
@@ -1679,22 +1818,22 @@
         "Messages": {
           "shape": "__listOfMessage",
           "locationName": "messages",
-          "documentation": "Top level messages for readiness check status"
+          "documentation": "<p>Top level messages for readiness check status</p>"
         },
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness at rule level."
+          "documentation": "<p>The readiness at rule level.</p>"
         },
         "Resources": {
           "shape": "__listOfResourceResult",
           "locationName": "resources",
-          "documentation": "Summary of resources's readiness"
+          "documentation": "<p>Summary of the readiness of resources.</p>"
         }
       }
     },
@@ -1705,19 +1844,19 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__string",
           "location": "uri",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup"
+          "documentation": "<p>The name of a recovery group.</p>"
         }
       },
       "required": [
@@ -1730,17 +1869,17 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness at RecoveryGroup level."
+          "documentation": "<p>The readiness status at a recovery group level.</p>"
         },
         "ReadinessChecks": {
           "shape": "__listOfReadinessCheckSummary",
           "locationName": "readinessChecks",
-          "documentation": "Summaries for the ReadinessChecks making up the RecoveryGroup"
+          "documentation": "<p>Summaries of the readiness checks for the recovery group.</p>"
         }
       }
     },
@@ -1751,7 +1890,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "recoveryGroupName",
-          "documentation": "The RecoveryGroup to get"
+          "documentation": "<p>The name of a recovery group.</p>"
         }
       },
       "required": [
@@ -1764,21 +1903,22 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of a cell's Amazon Resource Names (ARNs).</p>"
         },
         "RecoveryGroupArn": {
           "shape": "__stringMax256",
           "locationName": "recoveryGroupArn",
-          "documentation": "The arn for the RecoveryGroup"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the recovery group.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup"
+          "documentation": "<p>The name of the recovery group.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>The tags associated with the recovery group.</p>"
         }
       }
     },
@@ -1789,7 +1929,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resourceSetName",
-          "documentation": "The ResourceSet to get"
+          "documentation": "<p>Name of a resource set.</p>"
         }
       },
       "required": [
@@ -1802,22 +1942,22 @@
         "ResourceSetArn": {
           "shape": "__stringMax256",
           "locationName": "resourceSetArn",
-          "documentation": "The arn for the ResourceSet"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource set.</p>"
         },
         "ResourceSetName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet"
+          "documentation": "<p>The name of the resource set.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource Type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -1841,7 +1981,7 @@
     },
     "LastAuditTimestamp": {
       "type": "timestamp",
-      "documentation": "The time a Recovery Group was last assessed for recommendations in UTC ISO-8601 format",
+      "documentation": "<p>The time that a recovery group was last assessed for recommendations, in UTC ISO-8601 format.</p>",
       "timestampFormat": "iso8601"
     },
     "ListCellsRequest": {
@@ -1851,13 +1991,13 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1867,12 +2007,12 @@
         "Cells": {
           "shape": "__listOfCellOutput",
           "locationName": "cells",
-          "documentation": "A list of Cells"
+          "documentation": "<p>A list of cells.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1883,13 +2023,13 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1899,12 +2039,12 @@
         "CrossAccountAuthorizations": {
           "shape": "__listOfCrossAccountAuthorization",
           "locationName": "crossAccountAuthorizations",
-          "documentation": "A list of CrossAccountAuthorizations"
+          "documentation": "<p>A list of cross-account authorizations.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1915,13 +2055,13 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1931,12 +2071,12 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "ReadinessChecks": {
           "shape": "__listOfReadinessCheckOutput",
           "locationName": "readinessChecks",
-          "documentation": "A list of ReadinessCheck associated with the account"
+          "documentation": "<p>A list of readiness checks associated with the account.</p>"
         }
       }
     },
@@ -1947,13 +2087,13 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1963,12 +2103,12 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "RecoveryGroups": {
           "shape": "__listOfRecoveryGroupOutput",
           "locationName": "recoveryGroups",
-          "documentation": "A list of RecoveryGroups"
+          "documentation": "<p>A list of recovery groups.</p>"
         }
       }
     },
@@ -1979,13 +2119,13 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         }
       }
     },
@@ -1995,12 +2135,12 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "ResourceSets": {
           "shape": "__listOfResourceSetOutput",
           "locationName": "resourceSets",
-          "documentation": "A list of ResourceSets associated with the account"
+          "documentation": "<p>A list of resource sets associated with the account.</p>"
         }
       }
     },
@@ -2010,20 +2150,20 @@
         "ResourceType": {
           "shape": "__stringMax64",
           "locationName": "resourceType",
-          "documentation": "The resource type the rule applies to."
+          "documentation": "<p>The resource type that the readiness rule applies to.</p>"
         },
         "RuleDescription": {
           "shape": "__stringMax256",
           "locationName": "ruleDescription",
-          "documentation": "A description of the rule"
+          "documentation": "<p>The description of a readiness rule.</p>"
         },
         "RuleId": {
           "shape": "__stringMax64",
           "locationName": "ruleId",
-          "documentation": "The Rule's ID."
+          "documentation": "<p>The ID for the readiness rule.</p>"
         }
       },
-      "documentation": "A collection of rules used in a readiness check",
+      "documentation": "<p>Readiness rule information, including the resource type, rule ID, and rule description.</p>",
       "required": [
         "RuleDescription",
         "RuleId",
@@ -2037,19 +2177,19 @@
           "shape": "MaxResults",
           "location": "querystring",
           "locationName": "maxResults",
-          "documentation": "Upper bound on number of records to return."
+          "documentation": "<p>The number of objects that you want to return with this call.</p>"
         },
         "NextToken": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "nextToken",
-          "documentation": "A token used to resume pagination from the end of a previous request."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "ResourceType": {
           "shape": "__string",
           "location": "querystring",
           "locationName": "resourceType",
-          "documentation": "Filter parameter which specifies the rules to return given a resource type."
+          "documentation": "<p>The resource type that a readiness rule applies to.</p>"
         }
       }
     },
@@ -2059,12 +2199,12 @@
         "NextToken": {
           "shape": "__string",
           "locationName": "nextToken",
-          "documentation": "A token that can be used to resume pagination from the end of the collection."
+          "documentation": "<p>The token that identifies which batch of results you want to see.</p>"
         },
         "Rules": {
           "shape": "__listOfListRulesOutput",
           "locationName": "rules",
-          "documentation": "A list of rules"
+          "documentation": "<p>A list of readiness rules for a specific resource type.</p>"
         }
       }
     },
@@ -2075,7 +2215,7 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resource-arn",
-          "documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource."
+          "documentation": "<p>The Amazon Resource Name (ARN) for a resource.</p>"
         }
       },
       "required": [
@@ -2087,7 +2227,8 @@
       "members": {
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p></p>"
         }
       }
     },
@@ -2102,10 +2243,10 @@
         "MessageText": {
           "shape": "__string",
           "locationName": "messageText",
-          "documentation": "The text of a readiness check message"
+          "documentation": "<p>The text of a readiness check message.</p>"
         }
       },
-      "documentation": "Information relating to readiness check status"
+      "documentation": "<p>Information relating to readiness check status.</p>"
     },
     "NLBResource": {
       "type": "structure",
@@ -2113,10 +2254,10 @@
         "Arn": {
           "shape": "__string",
           "locationName": "arn",
-          "documentation": "An NLB resource arn"
+          "documentation": "<p>The Network Load Balancer resource Amazon Resource Name (ARN).</p>"
         }
       },
-      "documentation": "The NLB resource a DNS Target Resource points to"
+      "documentation": "<p>The Network Load Balancer resource that a DNS target resource points to.</p>"
     },
     "R53ResourceRecord": {
       "type": "structure",
@@ -2124,19 +2265,19 @@
         "DomainName": {
           "shape": "__string",
           "locationName": "domainName",
-          "documentation": "The DNS target name"
+          "documentation": "<p>The DNS target domain name.</p>"
         },
         "RecordSetId": {
           "shape": "__string",
           "locationName": "recordSetId",
-          "documentation": "The Resource Record set id"
+          "documentation": "<p>The Route 53 Resource Record Set ID.</p>"
         }
       },
-      "documentation": "The Route 53 resource a DNS Target Resource record points to"
+      "documentation": "<p>The Route 53 resource that a DNS target resource record points to.</p>"
     },
     "Readiness": {
       "type": "string",
-      "documentation": "The readiness of an entire ReadinessCheck or an individual resource ARN.",
+      "documentation": "<p>The readiness status.</p>",
       "enum": [
         "READY",
         "NOT_READY",
@@ -2150,24 +2291,24 @@
         "ReadinessCheckArn": {
           "shape": "__stringMax256",
           "locationName": "readinessCheckArn",
-          "documentation": "Arn associated with ReadinessCheck"
+          "documentation": "<p>The Amazon Resource Name (ARN) associated with a readiness check.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "readinessCheckName",
-          "documentation": "Name for a ReadinessCheck"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceSet": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSet",
-          "documentation": "Name of the ResourceSet to be checked"
+          "documentation": "<p>Name of the resource set to be checked.</p>"
         },
         "Tags": {
           "shape": "Tags",
           "locationName": "tags"
         }
       },
-      "documentation": "A resource used for checking the readiness of a Resource Set",
+      "documentation": "<p>A readiness check.</p>",
       "required": [
         "ReadinessCheckArn",
         "ResourceSet"
@@ -2179,19 +2320,19 @@
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness of this ReadinessCheck"
+          "documentation": "<p>The readiness status of this readiness check.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__string",
           "locationName": "readinessCheckName",
-          "documentation": "The name of a ReadinessCheck which is part of the given RecoveryGroup or Cell"
+          "documentation": "<p>The name of a readiness check.</p>"
         }
       },
-      "documentation": "Summary of ReadinessCheck status, paginated in GetRecoveryGroupReadinessSummary and GetCellReadinessSummary"
+      "documentation": "<p>Summary of all readiness check statuses in a recovery group, paginated in GetRecoveryGroupReadinessSummary and GetCellReadinessSummary.</p>"
     },
     "ReadinessCheckTimestamp": {
       "type": "timestamp",
-      "documentation": "The time the Cell was last checked for readiness, in ISO-8601 format, UTC.",
+      "documentation": "<p>The time (UTC) that the cell was last checked for readiness, in ISO-8601 format.</p>",
       "timestampFormat": "iso8601"
     },
     "Recommendation": {
@@ -2200,10 +2341,10 @@
         "RecommendationText": {
           "shape": "__string",
           "locationName": "recommendationText",
-          "documentation": "Guidance text for recommendation"
+          "documentation": "<p>Text of the recommendations that are provided to make an application more recovery resilient.</p>"
         }
       },
-      "documentation": "Guidance for improving Recovery Group resilliancy",
+      "documentation": "<p>Recommendations that are provided to make an application more recovery resilient.</p>",
       "required": [
         "RecommendationText"
       ]
@@ -2214,24 +2355,25 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of a cell's Amazon Resource Names (ARNs).</p>"
         },
         "RecoveryGroupArn": {
           "shape": "__stringMax256",
           "locationName": "recoveryGroupArn",
-          "documentation": "The arn for the RecoveryGroup"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the recovery group.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup"
+          "documentation": "<p>The name of the recovery group.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>The tags associated with the recovery group.</p>"
         }
       },
-      "documentation": "A Recovery Group generally containing multiple Cells",
+      "documentation": "<p>A representation of the application, typically containing multiple cells.</p>",
       "required": [
         "RecoveryGroupArn",
         "RecoveryGroupName",
@@ -2244,24 +2386,25 @@
         "ComponentId": {
           "shape": "__string",
           "locationName": "componentId",
-          "documentation": "The component id of the resource, generated by the service when dnsTargetResource is used"
+          "documentation": "<p>The component identifier of the resource, generated when DNS target resource is used.</p>"
         },
         "DnsTargetResource": {
           "shape": "DNSTargetResource",
-          "locationName": "dnsTargetResource"
+          "locationName": "dnsTargetResource",
+          "documentation": "<p>The DNS target resource.</p>"
         },
         "ReadinessScopes": {
           "shape": "__listOf__string",
           "locationName": "readinessScopes",
-          "documentation": "A list of RecoveryGroup ARNs and/or Cell ARNs that this resource is contained within."
+          "documentation": "<p>A list of recovery group Amazon Resource Names (ARNs) and cell ARNs that this resource is contained within.</p>"
         },
         "ResourceArn": {
           "shape": "__string",
           "locationName": "resourceArn",
-          "documentation": "The ARN of the AWS resource, can be skipped if dnsTargetResource is used"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the Amazon Web Services resource.</p>"
         }
       },
-      "documentation": "The resource element of a ResourceSet"
+      "documentation": "<p>The resource element of a resource set.</p>"
     },
     "ResourceNotFoundException": {
       "type": "structure",
@@ -2283,25 +2426,25 @@
         "ComponentId": {
           "shape": "__string",
           "locationName": "componentId",
-          "documentation": "The component id of the resource"
+          "documentation": "<p>The component id of the resource.</p>"
         },
         "LastCheckedTimestamp": {
           "shape": "ReadinessCheckTimestamp",
           "locationName": "lastCheckedTimestamp",
-          "documentation": "The time the resource was last checked for readiness, in ISO-8601 format, UTC."
+          "documentation": "<p>The time (UTC) that the resource was last checked for readiness, in ISO-8601 format.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness of the resource."
+          "documentation": "<p>The readiness of a resource.</p>"
         },
         "ResourceArn": {
           "shape": "__string",
           "locationName": "resourceArn",
-          "documentation": "The ARN of the resource"
+          "documentation": "<p>The Amazon Resource Name (ARN) of the resource.</p>"
         }
       },
-      "documentation": "Result with status for an individual resource.",
+      "documentation": "<p>The result of a successful Resource request, with status for an individual resource.</p>",
       "required": [
         "Readiness",
         "LastCheckedTimestamp"
@@ -2313,29 +2456,29 @@
         "ResourceSetArn": {
           "shape": "__stringMax256",
           "locationName": "resourceSetArn",
-          "documentation": "The arn for the ResourceSet"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource set.</p>"
         },
         "ResourceSetName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet"
+          "documentation": "<p>The name of the resource set.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource Type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects.</p>"
         },
         "Tags": {
           "shape": "Tags",
           "locationName": "tags"
         }
       },
-      "documentation": "A collection of resources of the same type",
+      "documentation": "<p>A collection of resources of the same type.</p>",
       "required": [
         "ResourceSetType",
         "ResourceSetName",
@@ -2349,25 +2492,25 @@
         "LastCheckedTimestamp": {
           "shape": "ReadinessCheckTimestamp",
           "locationName": "lastCheckedTimestamp",
-          "documentation": "The time the resource was last checked for readiness, in ISO-8601 format, UTC."
+          "documentation": "<p>The time the resource was last checked for readiness, in ISO-8601 format, UTC.</p>"
         },
         "Messages": {
           "shape": "__listOfMessage",
           "locationName": "messages",
-          "documentation": "Details about the resource's readiness"
+          "documentation": "<p>Details about the resource's readiness.</p>"
         },
         "Readiness": {
           "shape": "Readiness",
           "locationName": "readiness",
-          "documentation": "The readiness at rule level."
+          "documentation": "<p>The readiness at rule level.</p>"
         },
         "RuleId": {
           "shape": "__string",
           "locationName": "ruleId",
-          "documentation": "The identifier of the rule."
+          "documentation": "<p>The identifier of the rule.</p>"
         }
       },
-      "documentation": "Result with status for an individual rule..",
+      "documentation": "<p>The result of a successful Rule request, with status for an individual rule.</p>",
       "required": [
         "Messages",
         "Readiness",
@@ -2382,11 +2525,12 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resource-arn",
-          "documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource."
+          "documentation": "<p>The Amazon Resource Name (ARN) for a resource.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p></p>"
         }
       },
       "required": [
@@ -2400,7 +2544,7 @@
     },
     "Tags": {
       "type": "map",
-      "documentation": "A collection of tags associated with a resource",
+      "documentation": "<p>A collection of tags associated with a resource.</p>",
       "key": {
         "shape": "__string"
       },
@@ -2413,14 +2557,16 @@
       "members": {
         "NLBResource": {
           "shape": "NLBResource",
-          "locationName": "nLBResource"
+          "locationName": "nLBResource",
+          "documentation": "<p>The Network Load Balancer Resource.</p>"
         },
         "R53Resource": {
           "shape": "R53ResourceRecord",
-          "locationName": "r53Resource"
+          "locationName": "r53Resource",
+          "documentation": "<p>The Route 53 resource.</p>"
         }
       },
-      "documentation": "The target resource the R53 record points to"
+      "documentation": "<p>The target resource that the Route 53 record points to.</p>"
     },
     "ThrottlingException": {
       "type": "structure",
@@ -2443,13 +2589,13 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resource-arn",
-          "documentation": "The Amazon Resource Name (ARN) for the resource. You can get this from the response to any request to the resource."
+          "documentation": "<p>The Amazon Resource Name (ARN) for a resource.</p>"
         },
         "TagKeys": {
           "shape": "__listOf__string",
           "location": "querystring",
           "locationName": "tagKeys",
-          "documentation": "A comma-separated list of the tag keys to remove from the resource."
+          "documentation": "<p>The keys for tags you add to resources.</p>"
         }
       },
       "required": [
@@ -2464,15 +2610,14 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "cellName",
-          "documentation": "The Cell to update"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns, completely replaces previous list"
+          "documentation": "<p>A list of cell Amazon Resource Names (ARNs), which completely replaces the previous list.</p>"
         }
       },
-      "documentation": "Parameters to update for the Cell",
       "required": [
         "CellName",
         "Cells"
@@ -2484,26 +2629,27 @@
         "CellArn": {
           "shape": "__stringMax256",
           "locationName": "cellArn",
-          "documentation": "The arn for the Cell"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the cell.</p>"
         },
         "CellName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "cellName",
-          "documentation": "The name of the Cell"
+          "documentation": "<p>The name of the cell.</p>"
         },
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of cell ARNs.</p>"
         },
         "ParentReadinessScopes": {
           "shape": "__listOf__string",
           "locationName": "parentReadinessScopes",
-          "documentation": "A list of Cell ARNs and/or RecoveryGroup ARNs"
+          "documentation": "<p>The readiness scope for the cell, which can be a cell Amazon Resource Name (ARN) or a recovery group ARN. This is a list but currently can have only one element.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>Tags on the resources.</p>"
         }
       }
     },
@@ -2514,15 +2660,15 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "readinessCheckName",
-          "documentation": "The ReadinessCheck to update"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceSetName": {
           "shape": "__string",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet to check"
+          "documentation": "<p>The name of the resource set to be checked.</p>"
         }
       },
-      "documentation": "The new Readiness Check values",
+      "documentation": "<p>Name of a readiness check to describe.</p>",
       "required": [
         "ReadinessCheckName",
         "ResourceSetName"
@@ -2534,17 +2680,17 @@
         "ReadinessCheckArn": {
           "shape": "__stringMax256",
           "locationName": "readinessCheckArn",
-          "documentation": "Arn associated with ReadinessCheck"
+          "documentation": "<p>The Amazon Resource Name (ARN) associated with a readiness check.</p>"
         },
         "ReadinessCheckName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "readinessCheckName",
-          "documentation": "Name for a ReadinessCheck"
+          "documentation": "<p>Name of a readiness check.</p>"
         },
         "ResourceSet": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSet",
-          "documentation": "Name of the ResourceSet to be checked"
+          "documentation": "<p>Name of the resource set to be checked.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -2558,16 +2704,16 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns, completely replaces previous list"
+          "documentation": "<p>A list of cell Amazon Resource Names (ARNs). This list completely replaces the previous list.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__string",
           "location": "uri",
           "locationName": "recoveryGroupName",
-          "documentation": "The RecoveryGroup to update"
+          "documentation": "<p>The name of a recovery group.</p>"
         }
       },
-      "documentation": "Parameters to update for the RecoveryGroup",
+      "documentation": "<p>Name of a recovery group.</p>",
       "required": [
         "RecoveryGroupName",
         "Cells"
@@ -2579,21 +2725,22 @@
         "Cells": {
           "shape": "__listOf__string",
           "locationName": "cells",
-          "documentation": "A list of Cell arns"
+          "documentation": "<p>A list of a cell's Amazon Resource Names (ARNs).</p>"
         },
         "RecoveryGroupArn": {
           "shape": "__stringMax256",
           "locationName": "recoveryGroupArn",
-          "documentation": "The arn for the RecoveryGroup"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the recovery group.</p>"
         },
         "RecoveryGroupName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "recoveryGroupName",
-          "documentation": "The name of the RecoveryGroup"
+          "documentation": "<p>The name of the recovery group.</p>"
         },
         "Tags": {
           "shape": "Tags",
-          "locationName": "tags"
+          "locationName": "tags",
+          "documentation": "<p>The tags associated with the recovery group.</p>"
         }
       }
     },
@@ -2604,20 +2751,20 @@
           "shape": "__string",
           "location": "uri",
           "locationName": "resourceSetName",
-          "documentation": "The ResourceSet to update"
+          "documentation": "<p>Name of a resource set.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource Type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects.</p>"
         }
       },
-      "documentation": "configuration for the desired",
+      "documentation": "<p>Name of a resource set.</p>",
       "required": [
         "ResourceSetName",
         "ResourceSetType",
@@ -2630,22 +2777,22 @@
         "ResourceSetArn": {
           "shape": "__stringMax256",
           "locationName": "resourceSetArn",
-          "documentation": "The arn for the ResourceSet"
+          "documentation": "<p>The Amazon Resource Name (ARN) for the resource set.</p>"
         },
         "ResourceSetName": {
           "shape": "__stringMax64PatternAAZAZ09Z",
           "locationName": "resourceSetName",
-          "documentation": "The name of the ResourceSet"
+          "documentation": "<p>The name of the resource set.</p>"
         },
         "ResourceSetType": {
           "shape": "__stringPatternAWSAZaZ09AZaZ09",
           "locationName": "resourceSetType",
-          "documentation": "AWS Resource Type of the resources in the ResourceSet"
+          "documentation": "<p>The resource type of the resources in the resource set. Enter one of the following values for resource type:</p> <p>AWS::ApiGateway::Stage, AWS::ApiGatewayV2::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::CloudWatch::Alarm, AWS::EC2::CustomerGateway, AWS::DynamoDB::Table, AWS::EC2::Volume, AWS::ElasticLoadBalancing::LoadBalancer, AWS::ElasticLoadBalancingV2::LoadBalancer, AWS::Lambda::Function, AWS::MSK::Cluster, AWS::RDS::DBCluster, AWS::Route53::HealthCheck, AWS::SQS::Queue, AWS::SNS::Topic, AWS::SNS::Subscription, AWS::EC2::VPC, AWS::EC2::VPNConnection, AWS::EC2::VPNGateway, AWS::Route53RecoveryReadiness::DNSTargetResource</p>"
         },
         "Resources": {
           "shape": "__listOfResource",
           "locationName": "resources",
-          "documentation": "A list of Resource objects"
+          "documentation": "<p>A list of resource objects.</p>"
         },
         "Tags": {
           "shape": "Tags",
@@ -2766,5 +2913,5 @@
       "pattern": "AWS::[A-Za-z0-9]+::[A-Za-z0-9]+"
     }
   },
-  "documentation": "AWS Route53 Recovery Readiness"
+  "documentation": "<p>Recovery readiness</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/route53/2013-04-01/service-2.json b/contrib/python/botocore/py3/botocore/data/route53/2013-04-01/service-2.json
index a9154077979..8b465864a74 100644
--- a/contrib/python/botocore/py3/botocore/data/route53/2013-04-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/route53/2013-04-01/service-2.json
@@ -369,7 +369,7 @@
         {"shape":"InvalidKMSArn"},
         {"shape":"InvalidInput"}
       ],
-      "documentation":"<p>Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.</p>"
+      "documentation":"<p>Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactivated before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.</p> <p>You can use <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeactivateKeySigningKey.html\">DeactivateKeySigningKey</a> to deactivate the key before you delete it.</p> <p>Use <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_GetDNSSEC.html\">GetDNSSEC</a> to verify that the KSK is in an <code>INACTIVE</code> status.</p>"
     },
     "DeleteQueryLoggingConfig":{
       "name":"DeleteQueryLoggingConfig",
@@ -1041,7 +1041,8 @@
       "output":{"shape":"UpdateHostedZoneCommentResponse"},
       "errors":[
         {"shape":"NoSuchHostedZone"},
-        {"shape":"InvalidInput"}
+        {"shape":"InvalidInput"},
+        {"shape":"PriorRequestNotComplete"}
       ],
       "documentation":"<p>Updates the comment for a specified hosted zone.</p>"
     },
@@ -1454,6 +1455,7 @@
         "ap-south-1",
         "ap-southeast-1",
         "ap-southeast-2",
+        "ap-southeast-3",
         "ap-northeast-1",
         "ap-northeast-2",
         "ap-northeast-3",
@@ -1466,6 +1468,7 @@
         "us-gov-west-1",
         "us-gov-east-1",
         "us-iso-east-1",
+        "us-iso-west-1",
         "us-isob-east-1"
       ],
       "max":64,
@@ -1563,7 +1566,7 @@
         },
         "VPC":{
           "shape":"VPC",
-          "documentation":"<p>(Private hosted zones only) A complex type that contains information about the Amazon VPC that you're associating with this hosted zone.</p> <p>You can specify only one Amazon VPC when you create a private hosted zone. To associate additional Amazon VPCs with the hosted zone, use <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_AssociateVPCWithHostedZone.html\">AssociateVPCWithHostedZone</a> after you create a hosted zone.</p>"
+          "documentation":"<p>(Private hosted zones only) A complex type that contains information about the Amazon VPC that you're associating with this hosted zone.</p> <p>You can specify only one Amazon VPC when you create a private hosted zone. If you are associating a VPC with a hosted zone with this request, the paramaters <code>VPCId</code> and <code>VPCRegion</code> are also required.</p> <p>To associate additional Amazon VPCs with the hosted zone, use <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_AssociateVPCWithHostedZone.html\">AssociateVPCWithHostedZone</a> after you create a hosted zone.</p>"
         },
         "CallerReference":{
           "shape":"Nonce",
@@ -1634,7 +1637,7 @@
         },
         "KeyManagementServiceArn":{
           "shape":"SigningKeyString",
-          "documentation":"<p>The Amazon resource name (ARN) for a customer managed customer master key (CMK) in Key Management Service (KMS). The <code>KeyManagementServiceArn</code> must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of <code>KeyManagementServiceArn</code> that grants the correct permissions for DNSSEC, scroll down to <b>Example</b>. </p> <p>You must configure the customer managed CMK as follows:</p> <dl> <dt>Status</dt> <dd> <p>Enabled</p> </dd> <dt>Key spec</dt> <dd> <p>ECC_NIST_P256</p> </dd> <dt>Key usage</dt> <dd> <p>Sign and verify</p> </dd> <dt>Key policy</dt> <dd> <p>The key policy must give permission for the following actions:</p> <ul> <li> <p>DescribeKey</p> </li> <li> <p>GetPublicKey</p> </li> <li> <p>Sign</p> </li> </ul> <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p> <ul> <li> <p> <code>\"Service\": \"dnssec-route53.amazonaws.com\"</code> </p> </li> </ul> </dd> </dl> <p>For more information about working with a customer managed CMK in KMS, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Key Management Service concepts</a>.</p>"
+          "documentation":"<p>The Amazon resource name (ARN) for a customer managed key in Key Management Service (KMS). The <code>KeyManagementServiceArn</code> must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of <code>KeyManagementServiceArn</code> that grants the correct permissions for DNSSEC, scroll down to <b>Example</b>. </p> <p>You must configure the customer managed customer managed key as follows:</p> <dl> <dt>Status</dt> <dd> <p>Enabled</p> </dd> <dt>Key spec</dt> <dd> <p>ECC_NIST_P256</p> </dd> <dt>Key usage</dt> <dd> <p>Sign and verify</p> </dd> <dt>Key policy</dt> <dd> <p>The key policy must give permission for the following actions:</p> <ul> <li> <p>DescribeKey</p> </li> <li> <p>GetPublicKey</p> </li> <li> <p>Sign</p> </li> </ul> <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p> <ul> <li> <p> <code>\"Service\": \"dnssec-route53.amazonaws.com\"</code> </p> </li> </ul> </dd> </dl> <p>For more information about working with a customer managed key in KMS, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Key Management Service concepts</a>.</p>"
         },
         "Name":{
           "shape":"SigningKeyName",
@@ -1932,7 +1935,7 @@
       "members":{
         "ServeSignature":{
           "shape":"ServeSignature",
-          "documentation":"<p>A string that represents the current hosted zone signing status.</p> <p>Status can have one of the following values:</p> <dl> <dt>SIGNING</dt> <dd> <p>DNSSEC signing is enabled for the hosted zone.</p> </dd> <dt>NOT_SIGNING</dt> <dd> <p>DNSSEC signing is not enabled for the hosted zone.</p> </dd> <dt>DELETING</dt> <dd> <p>DNSSEC signing is in the process of being removed for the hosted zone.</p> </dd> <dt>ACTION_NEEDED</dt> <dd> <p>There is a problem with signing in the hosted zone that requires you to take action to resolve. For example, the customer managed customer master key (CMK) might have been deleted, or the permissions for the customer managed CMK might have been changed.</p> </dd> <dt>INTERNAL_FAILURE</dt> <dd> <p>There was an error during a request. Before you can continue to work with DNSSEC signing, including with key-signing keys (KSKs), you must correct the problem by enabling or disabling DNSSEC signing for the hosted zone.</p> </dd> </dl>"
+          "documentation":"<p>A string that represents the current hosted zone signing status.</p> <p>Status can have one of the following values:</p> <dl> <dt>SIGNING</dt> <dd> <p>DNSSEC signing is enabled for the hosted zone.</p> </dd> <dt>NOT_SIGNING</dt> <dd> <p>DNSSEC signing is not enabled for the hosted zone.</p> </dd> <dt>DELETING</dt> <dd> <p>DNSSEC signing is in the process of being removed for the hosted zone.</p> </dd> <dt>ACTION_NEEDED</dt> <dd> <p>There is a problem with signing in the hosted zone that requires you to take action to resolve. For example, the customer managed key might have been deleted, or the permissions for the customer managed key might have been changed.</p> </dd> <dt>INTERNAL_FAILURE</dt> <dd> <p>There was an error during a request. Before you can continue to work with DNSSEC signing, including with key-signing keys (KSKs), you must correct the problem by enabling or disabling DNSSEC signing for the hosted zone.</p> </dd> </dl>"
         },
         "StatusMessage":{
           "shape":"SigningKeyStatusMessage",
@@ -3504,7 +3507,7 @@
         },
         "KmsArn":{
           "shape":"SigningKeyString",
-          "documentation":"<p>The Amazon resource name (ARN) used to identify the customer managed customer master key (CMK) in Key Management Service (KMS). The <code>KmsArn</code> must be unique for each key-signing key (KSK) in a single hosted zone.</p> <p>You must configure the CMK as follows:</p> <dl> <dt>Status</dt> <dd> <p>Enabled</p> </dd> <dt>Key spec</dt> <dd> <p>ECC_NIST_P256</p> </dd> <dt>Key usage</dt> <dd> <p>Sign and verify</p> </dd> <dt>Key policy</dt> <dd> <p>The key policy must give permission for the following actions:</p> <ul> <li> <p>DescribeKey</p> </li> <li> <p>GetPublicKey</p> </li> <li> <p>Sign</p> </li> </ul> <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p> <ul> <li> <p> <code>\"Service\": \"dnssec-route53.amazonaws.com\"</code> </p> </li> </ul> </dd> </dl> <p>For more information about working with the customer managed CMK in KMS, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Key Management Service concepts</a>.</p>"
+          "documentation":"<p>The Amazon resource name (ARN) used to identify the customer managed key in Key Management Service (KMS). The <code>KmsArn</code> must be unique for each key-signing key (KSK) in a single hosted zone.</p> <p>You must configure the customer managed key as follows:</p> <dl> <dt>Status</dt> <dd> <p>Enabled</p> </dd> <dt>Key spec</dt> <dd> <p>ECC_NIST_P256</p> </dd> <dt>Key usage</dt> <dd> <p>Sign and verify</p> </dd> <dt>Key policy</dt> <dd> <p>The key policy must give permission for the following actions:</p> <ul> <li> <p>DescribeKey</p> </li> <li> <p>GetPublicKey</p> </li> <li> <p>Sign</p> </li> </ul> <p>The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:</p> <ul> <li> <p> <code>\"Service\": \"dnssec-route53.amazonaws.com\"</code> </p> </li> </ul> </dd> </dl> <p>For more information about working with the customer managed key in KMS, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Key Management Service concepts</a>.</p>"
         },
         "Flag":{
           "shape":"SigningKeyInteger",
@@ -3548,7 +3551,7 @@
         },
         "Status":{
           "shape":"SigningKeyStatus",
-          "documentation":"<p>A string that represents the current key-signing key (KSK) status.</p> <p>Status can have one of the following values:</p> <dl> <dt>ACTIVE</dt> <dd> <p>The KSK is being used for signing.</p> </dd> <dt>INACTIVE</dt> <dd> <p>The KSK is not being used for signing.</p> </dd> <dt>DELETING</dt> <dd> <p>The KSK is in the process of being deleted.</p> </dd> <dt>ACTION_NEEDED</dt> <dd> <p>There is a problem with the KSK that requires you to take action to resolve. For example, the customer managed customer master key (CMK) might have been deleted, or the permissions for the customer managed CMK might have been changed.</p> </dd> <dt>INTERNAL_FAILURE</dt> <dd> <p>There was an error during a request. Before you can continue to work with DNSSEC signing, including actions that involve this KSK, you must correct the problem. For example, you may need to activate or deactivate the KSK.</p> </dd> </dl>"
+          "documentation":"<p>A string that represents the current key-signing key (KSK) status.</p> <p>Status can have one of the following values:</p> <dl> <dt>ACTIVE</dt> <dd> <p>The KSK is being used for signing.</p> </dd> <dt>INACTIVE</dt> <dd> <p>The KSK is not being used for signing.</p> </dd> <dt>DELETING</dt> <dd> <p>The KSK is in the process of being deleted.</p> </dd> <dt>ACTION_NEEDED</dt> <dd> <p>There is a problem with the KSK that requires you to take action to resolve. For example, the customer managed key might have been deleted, or the permissions for the customer managed key might have been changed.</p> </dd> <dt>INTERNAL_FAILURE</dt> <dd> <p>There was an error during a request. Before you can continue to work with DNSSEC signing, including actions that involve this KSK, you must correct the problem. For example, you may need to activate or deactivate the KSK.</p> </dd> </dl>"
         },
         "StatusMessage":{
           "shape":"SigningKeyStatusMessage",
@@ -3570,7 +3573,7 @@
       "members":{
         "message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>You've already created a key-signing key (KSK) with this name or with the same customer managed customer master key (CMK) ARN.</p>",
+      "documentation":"<p>You've already created a key-signing key (KSK) with this name or with the same customer managed key ARN.</p>",
       "error":{"httpStatusCode":409},
       "exception":true
     },
@@ -4909,6 +4912,7 @@
         "eu-central-1",
         "ap-southeast-1",
         "ap-southeast-2",
+        "ap-southeast-3",
         "ap-northeast-1",
         "ap-northeast-2",
         "ap-northeast-3",
@@ -5585,7 +5589,7 @@
         },
         "InsufficientDataHealthStatus":{
           "shape":"InsufficientDataHealthStatus",
-          "documentation":"<p>When CloudWatch has insufficient data about the metric to determine the alarm state, the status that you want Amazon Route 53 to assign to the health check:</p> <ul> <li> <p> <code>Healthy</code>: Route 53 considers the health check to be healthy.</p> </li> <li> <p> <code>Unhealthy</code>: Route 53 considers the health check to be unhealthy.</p> </li> <li> <p> <code>LastKnownStatus</code>: Route 53 uses the status of the health check from the last time CloudWatch had sufficient data to determine the alarm state. For new health checks that have no last known status, the default status for the health check is healthy.</p> </li> </ul>"
+          "documentation":"<p>When CloudWatch has insufficient data about the metric to determine the alarm state, the status that you want Amazon Route 53 to assign to the health check:</p> <ul> <li> <p> <code>Healthy</code>: Route 53 considers the health check to be healthy.</p> </li> <li> <p> <code>Unhealthy</code>: Route 53 considers the health check to be unhealthy.</p> </li> <li> <p> <code>LastKnownStatus</code>: By default, Route 53 uses the status of the health check from the last time CloudWatch had sufficient data to determine the alarm state. For new health checks that have no last known status, the status for the health check is healthy.</p> </li> </ul>"
         },
         "ResetElements":{
           "shape":"ResettableElementNameList",
@@ -5725,7 +5729,7 @@
         },
         "VPCId":{"shape":"VPCId"}
       },
-      "documentation":"<p>(Private hosted zones only) A complex type that contains information about an Amazon VPC.</p>"
+      "documentation":"<p>(Private hosted zones only) A complex type that contains information about an Amazon VPC.</p> <p>If you associate a private hosted zone with an Amazon VPC when you make a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateHostedZone.html\">CreateHostedZone</a> request, the following parameters are also required.</p>"
     },
     "VPCAssociationAuthorizationNotFound":{
       "type":"structure",
@@ -5772,9 +5776,11 @@
         "us-gov-west-1",
         "us-gov-east-1",
         "us-iso-east-1",
+        "us-iso-west-1",
         "us-isob-east-1",
         "ap-southeast-1",
         "ap-southeast-2",
+        "ap-southeast-3",
         "ap-south-1",
         "ap-northeast-1",
         "ap-northeast-2",
diff --git a/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/paginators-1.json b/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/paginators-1.json
index 7ccbf9dad0d..c2f5cbcb9c4 100644
--- a/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/paginators-1.json
@@ -18,6 +18,12 @@
       "limit_key": "MaxItems",
       "output_token": "NextPageMarker",
       "result_key": "BillingRecords"
+    },
+    "ListPrices": {
+      "input_token": "Marker",
+      "limit_key": "MaxItems",
+      "output_token": "NextPageMarker",
+      "result_key": "Prices"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/service-2.json b/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/service-2.json
index dd083a2acfe..db2d5da72f8 100644
--- a/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/route53domains/2014-05-15/service-2.json
@@ -23,9 +23,10 @@
       "errors":[
         {"shape":"InvalidInput"},
         {"shape":"OperationLimitExceeded"},
-        {"shape":"DomainLimitExceeded"}
+        {"shape":"DomainLimitExceeded"},
+        {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>Accepts the transfer of a domain from another AWS account to the current AWS account. You initiate a transfer between AWS accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
+      "documentation":"<p>Accepts the transfer of a domain from another Amazon Web Services account to the currentAmazon Web Services account. You initiate a transfer between Amazon Web Services accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>.</p> <p>If you use the CLI command at <a href=\"https://docs.aws.amazon.com/cli/latest/reference/route53domains/accept-domain-transfer-from-another-aws-account.html\">accept-domain-transfer-from-another-aws-account</a>, use JSON format as input instead of text because otherwise CLI will throw an error from domain transfer input that includes single quotes.</p> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
     },
     "CancelDomainTransferToAnotherAwsAccount":{
       "name":"CancelDomainTransferToAnotherAwsAccount",
@@ -37,9 +38,10 @@
       "output":{"shape":"CancelDomainTransferToAnotherAwsAccountResponse"},
       "errors":[
         {"shape":"InvalidInput"},
-        {"shape":"OperationLimitExceeded"}
+        {"shape":"OperationLimitExceeded"},
+        {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>Cancels the transfer of a domain from the current AWS account to another AWS account. You initiate a transfer between AWS accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> <important> <p>You must cancel the transfer before the other AWS account accepts the transfer using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a>.</p> </important> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
+      "documentation":"<p>Cancels the transfer of a domain from the current Amazon Web Services account to another Amazon Web Services account. You initiate a transfer betweenAmazon Web Services accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> <important> <p>You must cancel the transfer before the other Amazon Web Services account accepts the transfer using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a>.</p> </important> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
     },
     "CheckDomainAvailability":{
       "name":"CheckDomainAvailability",
@@ -69,6 +71,22 @@
       ],
       "documentation":"<p>Checks whether a domain name can be transferred to Amazon Route 53. </p>"
     },
+    "DeleteDomain":{
+      "name":"DeleteDomain",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteDomainRequest"},
+      "output":{"shape":"DeleteDomainResponse"},
+      "errors":[
+        {"shape":"InvalidInput"},
+        {"shape":"DuplicateRequest"},
+        {"shape":"TLDRulesViolation"},
+        {"shape":"UnsupportedTLD"}
+      ],
+      "documentation":"<p>This operation deletes the specified domain. This action is permanent. For more information, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-delete.html\">Deleting a domain name registration</a>.</p> <p>To transfer the domain registration to another registrar, use the transfer process that’s provided by the registrar to which you want to transfer the registration. Otherwise, the following apply:</p> <ol> <li> <p>You can’t get a refund for the cost of a deleted domain registration.</p> </li> <li> <p>The registry for the top-level domain might hold the domain name for a brief time before releasing it for other users to register (varies by registry). </p> </li> <li> <p>When the registration has been deleted, we'll send you a confirmation to the registrant contact. The email will come from <code>noreply@domainnameverification.net</code> or <code>noreply@registrar.amazon.com</code>.</p> </li> </ol>"
+    },
     "DeleteTagsForDomain":{
       "name":"DeleteTagsForDomain",
       "http":{
@@ -128,7 +146,7 @@
         {"shape":"UnsupportedTLD"},
         {"shape":"TLDRulesViolation"}
       ],
-      "documentation":"<p>This operation configures Amazon Route 53 to automatically renew the specified domain before the domain registration expires. The cost of renewing your domain registration is billed to your AWS account.</p> <p>The period during which you can renew a domain name varies by TLD. For a list of TLDs and their renewal policies, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html\">Domains That You Can Register with Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i>. Route 53 requires that you renew before the end of the renewal period so we can complete processing before the deadline.</p>"
+      "documentation":"<p>This operation configures Amazon Route 53 to automatically renew the specified domain before the domain registration expires. The cost of renewing your domain registration is billed to your Amazon Web Services account.</p> <p>The period during which you can renew a domain name varies by TLD. For a list of TLDs and their renewal policies, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html\">Domains That You Can Register with Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i>. Route 53 requires that you renew before the end of the renewal period so we can complete processing before the deadline.</p>"
     },
     "EnableDomainTransferLock":{
       "name":"EnableDomainTransferLock",
@@ -174,7 +192,7 @@
         {"shape":"InvalidInput"},
         {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>This operation returns detailed information about a specified domain that is associated with the current AWS account. Contact information for the domain is also returned as part of the output.</p>"
+      "documentation":"<p>This operation returns detailed information about a specified domain that is associated with the current Amazon Web Services account. Contact information for the domain is also returned as part of the output.</p>"
     },
     "GetDomainSuggestions":{
       "name":"GetDomainSuggestions",
@@ -214,7 +232,7 @@
       "errors":[
         {"shape":"InvalidInput"}
       ],
-      "documentation":"<p>This operation returns all the domain names registered with Amazon Route 53 for the current AWS account.</p>"
+      "documentation":"<p>This operation returns all the domain names registered with Amazon Route 53 for the current Amazon Web Services account if no filtering conditions are used.</p>"
     },
     "ListOperations":{
       "name":"ListOperations",
@@ -227,7 +245,21 @@
       "errors":[
         {"shape":"InvalidInput"}
       ],
-      "documentation":"<p>Returns information about all of the operations that return an operation ID and that have ever been performed on domains that were registered by the current account. </p>"
+      "documentation":"<p>Returns information about all of the operations that return an operation ID and that have ever been performed on domains that were registered by the current account. </p> <p>This command runs only in the us-east-1 Region.</p>"
+    },
+    "ListPrices":{
+      "name":"ListPrices",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListPricesRequest"},
+      "output":{"shape":"ListPricesResponse"},
+      "errors":[
+        {"shape":"InvalidInput"},
+        {"shape":"UnsupportedTLD"}
+      ],
+      "documentation":"<p>Lists the following prices for either all the TLDs supported by Route 53, or the specified TLD:</p> <ul> <li> <p>Registration</p> </li> <li> <p>Transfer</p> </li> <li> <p>Owner change</p> </li> <li> <p>Domain renewal</p> </li> <li> <p>Domain restoration</p> </li> </ul>"
     },
     "ListTagsForDomain":{
       "name":"ListTagsForDomain",
@@ -260,7 +292,7 @@
         {"shape":"DomainLimitExceeded"},
         {"shape":"OperationLimitExceeded"}
       ],
-      "documentation":"<p>This operation registers a domain. Domains are registered either by Amazon Registrar (for .com, .net, and .org domains) or by our registrar associate, Gandi (for all other domains). For some top-level domains (TLDs), this operation requires extra parameters.</p> <p>When you register a domain, Amazon Route 53 does the following:</p> <ul> <li> <p>Creates a Route 53 hosted zone that has the same name as the domain. Route 53 assigns four name servers to your hosted zone and automatically updates your domain registration with the names of these name servers.</p> </li> <li> <p>Enables autorenew, so your domain registration will renew automatically each year. We'll notify you in advance of the renewal date so you can choose whether to renew the registration.</p> </li> <li> <p>Optionally enables privacy protection, so WHOIS queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you don't enable privacy protection, WHOIS queries return the information that you entered for the registrant, admin, and tech contacts.</p> </li> <li> <p>If registration is successful, returns an operation ID that you can use to track the progress and completion of the action. If the request is not completed successfully, the domain registrant is notified by email.</p> </li> <li> <p>Charges your AWS account an amount based on the top-level domain. For more information, see <a href=\"http://aws.amazon.com/route53/pricing/\">Amazon Route 53 Pricing</a>.</p> </li> </ul>"
+      "documentation":"<p>This operation registers a domain. Domains are registered either by Amazon Registrar (for .com, .net, and .org domains) or by our registrar associate, Gandi (for all other domains). For some top-level domains (TLDs), this operation requires extra parameters.</p> <p>When you register a domain, Amazon Route 53 does the following:</p> <ul> <li> <p>Creates a Route 53 hosted zone that has the same name as the domain. Route 53 assigns four name servers to your hosted zone and automatically updates your domain registration with the names of these name servers.</p> </li> <li> <p>Enables autorenew, so your domain registration will renew automatically each year. We'll notify you in advance of the renewal date so you can choose whether to renew the registration.</p> </li> <li> <p>Optionally enables privacy protection, so WHOIS queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you don't enable privacy protection, WHOIS queries return the information that you entered for the administrative, registrant, and technical contacts.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> </li> <li> <p>If registration is successful, returns an operation ID that you can use to track the progress and completion of the action. If the request is not completed successfully, the domain registrant is notified by email.</p> </li> <li> <p>Charges your Amazon Web Services account an amount based on the top-level domain. For more information, see <a href=\"http://aws.amazon.com/route53/pricing/\">Amazon Route 53 Pricing</a>.</p> </li> </ul>"
     },
     "RejectDomainTransferFromAnotherAwsAccount":{
       "name":"RejectDomainTransferFromAnotherAwsAccount",
@@ -272,9 +304,10 @@
       "output":{"shape":"RejectDomainTransferFromAnotherAwsAccountResponse"},
       "errors":[
         {"shape":"InvalidInput"},
-        {"shape":"OperationLimitExceeded"}
+        {"shape":"OperationLimitExceeded"},
+        {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>Rejects the transfer of a domain from another AWS account to the current AWS account. You initiate a transfer between AWS accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
+      "documentation":"<p>Rejects the transfer of a domain from another Amazon Web Services account to the current Amazon Web Services account. You initiate a transfer betweenAmazon Web Services accounts using <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
     },
     "RenewDomain":{
       "name":"RenewDomain",
@@ -291,7 +324,7 @@
         {"shape":"TLDRulesViolation"},
         {"shape":"OperationLimitExceeded"}
       ],
-      "documentation":"<p>This operation renews a domain for the specified number of years. The cost of renewing your domain is billed to your AWS account.</p> <p>We recommend that you renew your domain several weeks before the expiration date. Some TLD registries delete domains before the expiration date if you haven't renewed far enough in advance. For more information about renewing domain registration, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-renew.html\">Renewing Registration for a Domain</a> in the <i>Amazon Route 53 Developer Guide</i>.</p>"
+      "documentation":"<p>This operation renews a domain for the specified number of years. The cost of renewing your domain is billed to your Amazon Web Services account.</p> <p>We recommend that you renew your domain several weeks before the expiration date. Some TLD registries delete domains before the expiration date if you haven't renewed far enough in advance. For more information about renewing domain registration, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-renew.html\">Renewing Registration for a Domain</a> in the <i>Amazon Route 53 Developer Guide</i>.</p>"
     },
     "ResendContactReachabilityEmail":{
       "name":"ResendContactReachabilityEmail",
@@ -338,7 +371,7 @@
         {"shape":"DomainLimitExceeded"},
         {"shape":"OperationLimitExceeded"}
       ],
-      "documentation":"<p>Transfers a domain from another registrar to Amazon Route 53. When the transfer is complete, the domain is registered either with Amazon Registrar (for .com, .net, and .org domains) or with our registrar associate, Gandi (for all other TLDs).</p> <p>For more information about transferring domains, see the following topics:</p> <ul> <li> <p>For transfer requirements, a detailed procedure, and information about viewing the status of a domain that you're transferring to Route 53, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-to-route-53.html\">Transferring Registration for a Domain to Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </li> <li> <p>For information about how to transfer a domain from one AWS account to another, see <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> </li> <li> <p>For information about how to transfer a domain to another domain registrar, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-from-route-53.html\">Transferring a Domain from Amazon Route 53 to Another Registrar</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </li> </ul> <p>If the registrar for your domain is also the DNS service provider for the domain, we highly recommend that you transfer your DNS service to Route 53 or to another DNS service provider before you transfer your registration. Some registrars provide free DNS service when you purchase a domain registration. When you transfer the registration, the previous registrar will not renew your domain registration and could end your DNS service at any time.</p> <important> <p>If the registrar for your domain is also the DNS service provider for the domain and you don't transfer DNS service to another provider, your website, email, and the web applications associated with the domain might become unavailable.</p> </important> <p>If the transfer is successful, this method returns an operation ID that you can use to track the progress and completion of the action. If the transfer doesn't complete successfully, the domain registrant will be notified by email.</p>"
+      "documentation":"<p>Transfers a domain from another registrar to Amazon Route 53. When the transfer is complete, the domain is registered either with Amazon Registrar (for .com, .net, and .org domains) or with our registrar associate, Gandi (for all other TLDs).</p> <p>For more information about transferring domains, see the following topics:</p> <ul> <li> <p>For transfer requirements, a detailed procedure, and information about viewing the status of a domain that you're transferring to Route 53, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-to-route-53.html\">Transferring Registration for a Domain to Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </li> <li> <p>For information about how to transfer a domain from one Amazon Web Services account to another, see <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a>. </p> </li> <li> <p>For information about how to transfer a domain to another domain registrar, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-from-route-53.html\">Transferring a Domain from Amazon Route 53 to Another Registrar</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </li> </ul> <p>If the registrar for your domain is also the DNS service provider for the domain, we highly recommend that you transfer your DNS service to Route 53 or to another DNS service provider before you transfer your registration. Some registrars provide free DNS service when you purchase a domain registration. When you transfer the registration, the previous registrar will not renew your domain registration and could end your DNS service at any time.</p> <important> <p>If the registrar for your domain is also the DNS service provider for the domain and you don't transfer DNS service to another provider, your website, email, and the web applications associated with the domain might become unavailable.</p> </important> <p>If the transfer is successful, this method returns an operation ID that you can use to track the progress and completion of the action. If the transfer doesn't complete successfully, the domain registrant will be notified by email.</p>"
     },
     "TransferDomainToAnotherAwsAccount":{
       "name":"TransferDomainToAnotherAwsAccount",
@@ -351,9 +384,10 @@
       "errors":[
         {"shape":"InvalidInput"},
         {"shape":"OperationLimitExceeded"},
-        {"shape":"DuplicateRequest"}
+        {"shape":"DuplicateRequest"},
+        {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>Transfers a domain from the current AWS account to another AWS account. Note the following:</p> <ul> <li> <p>The AWS account that you're transferring the domain to must accept the transfer. If the other account doesn't accept the transfer within 3 days, we cancel the transfer. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a>. </p> </li> <li> <p>You can cancel the transfer before the other account accepts it. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_CancelDomainTransferToAnotherAwsAccount.html\">CancelDomainTransferToAnotherAwsAccount</a>. </p> </li> <li> <p>The other account can reject the transfer. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_RejectDomainTransferFromAnotherAwsAccount.html\">RejectDomainTransferFromAnotherAwsAccount</a>. </p> </li> </ul> <important> <p>When you transfer a domain from one AWS account to another, Route 53 doesn't transfer the hosted zone that is associated with the domain. DNS resolution isn't affected if the domain and the hosted zone are owned by separate accounts, so transferring the hosted zone is optional. For information about transferring the hosted zone to another AWS account, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-migrating.html\">Migrating a Hosted Zone to a Different AWS Account</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </important> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
+      "documentation":"<p>Transfers a domain from the current Amazon Web Services account to another Amazon Web Services account. Note the following:</p> <ul> <li> <p>The Amazon Web Services account that you're transferring the domain to must accept the transfer. If the other account doesn't accept the transfer within 3 days, we cancel the transfer. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a>. </p> </li> <li> <p>You can cancel the transfer before the other account accepts it. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_CancelDomainTransferToAnotherAwsAccount.html\">CancelDomainTransferToAnotherAwsAccount</a>. </p> </li> <li> <p>The other account can reject the transfer. See <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_RejectDomainTransferFromAnotherAwsAccount.html\">RejectDomainTransferFromAnotherAwsAccount</a>. </p> </li> </ul> <important> <p>When you transfer a domain from one Amazon Web Services account to another, Route 53 doesn't transfer the hosted zone that is associated with the domain. DNS resolution isn't affected if the domain and the hosted zone are owned by separate accounts, so transferring the hosted zone is optional. For information about transferring the hosted zone to another Amazon Web Services account, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-migrating.html\">Migrating a Hosted Zone to a Different Amazon Web Services Account</a> in the <i>Amazon Route 53 Developer Guide</i>.</p> </important> <p>Use either <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_ListOperations.html\">ListOperations</a> or <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to determine whether the operation succeeded. <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> provides additional information, for example, <code>Domain Transfer from Aws Account 111122223333 has been cancelled</code>. </p>"
     },
     "UpdateDomainContact":{
       "name":"UpdateDomainContact",
@@ -387,7 +421,7 @@
         {"shape":"OperationLimitExceeded"},
         {"shape":"UnsupportedTLD"}
       ],
-      "documentation":"<p>This operation updates the specified domain contact's privacy setting. When privacy protection is enabled, contact information such as email address is replaced either with contact information for Amazon Registrar (for .com, .net, and .org domains) or with contact information for our registrar associate, Gandi.</p> <p>This operation affects only the contact information for the specified contact type (registrant, administrator, or tech). If the request succeeds, Amazon Route 53 returns an operation ID that you can use with <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to track the progress and completion of the action. If the request doesn't complete successfully, the domain registrant will be notified by email.</p> <important> <p>By disabling the privacy service via API, you consent to the publication of the contact information provided for this domain via the public WHOIS database. You certify that you are the registrant of this domain name and have the authority to make this decision. You may withdraw your consent at any time by enabling privacy protection using either <code>UpdateDomainContactPrivacy</code> or the Route 53 console. Enabling privacy protection removes the contact information provided for this domain from the WHOIS database. For more information on our privacy practices, see <a href=\"https://aws.amazon.com/privacy/\">https://aws.amazon.com/privacy/</a>.</p> </important>"
+      "documentation":"<p>This operation updates the specified domain contact's privacy setting. When privacy protection is enabled, contact information such as email address is replaced either with contact information for Amazon Registrar (for .com, .net, and .org domains) or with contact information for our registrar associate, Gandi.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>This operation affects only the contact information for the specified contact type (administrative, registrant, or technical). If the request succeeds, Amazon Route 53 returns an operation ID that you can use with <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a> to track the progress and completion of the action. If the request doesn't complete successfully, the domain registrant will be notified by email.</p> <important> <p>By disabling the privacy service via API, you consent to the publication of the contact information provided for this domain via the public WHOIS database. You certify that you are the registrant of this domain name and have the authority to make this decision. You may withdraw your consent at any time by enabling privacy protection using either <code>UpdateDomainContactPrivacy</code> or the Route 53 console. Enabling privacy protection removes the contact information provided for this domain from the WHOIS database. For more information on our privacy practices, see <a href=\"https://aws.amazon.com/privacy/\">https://aws.amazon.com/privacy/</a>.</p> </important>"
     },
     "UpdateDomainNameservers":{
       "name":"UpdateDomainNameservers",
@@ -432,7 +466,7 @@
       "errors":[
         {"shape":"InvalidInput"}
       ],
-      "documentation":"<p>Returns all the domain-related billing records for the current AWS account for a specified period</p>"
+      "documentation":"<p>Returns all the domain-related billing records for the current Amazon Web Services account for a specified period</p>"
     }
   },
   "shapes":{
@@ -445,7 +479,7 @@
       "members":{
         "DomainName":{
           "shape":"DomainName",
-          "documentation":"<p>The name of the domain that was specified when another AWS account submitted a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a> request. </p>"
+          "documentation":"<p>The name of the domain that was specified when another Amazon Web Services account submitted a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a> request. </p>"
         },
         "Password":{
           "shape":"String",
@@ -466,6 +500,8 @@
     },
     "AccountId":{
       "type":"string",
+      "max":12,
+      "min":12,
       "pattern":"^(\\d{12})$"
     },
     "AddressLine":{
@@ -509,7 +545,7 @@
       "members":{
         "DomainName":{
           "shape":"DomainName",
-          "documentation":"<p>The name of the domain for which you want to cancel the transfer to another AWS account.</p>"
+          "documentation":"<p>The name of the domain for which you want to cancel the transfer to another Amazon Web Services account.</p>"
         }
       },
       "documentation":"<p>The CancelDomainTransferToAnotherAwsAccount request includes the following element.</p>"
@@ -593,7 +629,7 @@
         },
         "ContactType":{
           "shape":"ContactType",
-          "documentation":"<p>Indicates whether the contact is a person, company, association, or public organization. Note the following:</p> <ul> <li> <p>If you specify a value other than <code>PERSON</code>, you must also specify a value for <code>OrganizationName</code>.</p> </li> <li> <p>For some TLDs, the privacy protection available depends on the value that you specify for <code>Contact Type</code>. For the privacy protection settings for your TLD, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html\">Domains that You Can Register with Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i> </p> </li> <li> <p>For .es domains, if you specify <code>PERSON</code>, you must specify <code>INDIVIDUAL</code> for the value of <code>ES_LEGAL_FORM</code>.</p> </li> </ul>"
+          "documentation":"<p>Indicates whether the contact is a person, company, association, or public organization. Note the following:</p> <ul> <li> <p>If you specify a value other than <code>PERSON</code>, you must also specify a value for <code>OrganizationName</code>.</p> </li> <li> <p>For some TLDs, the privacy protection available depends on the value that you specify for <code>Contact Type</code>. For the privacy protection settings for your TLD, see <a href=\"https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar-tld-list.html\">Domains that You Can Register with Amazon Route 53</a> in the <i>Amazon Route 53 Developer Guide</i> </p> </li> <li> <p>For .es domains, the value of <code>ContactType</code> must be <code>PERSON</code> for all three contacts.</p> </li> </ul>"
         },
         "OrganizationName":{
           "shape":"ContactName",
@@ -664,6 +700,7 @@
     "CountryCode":{
       "type":"string",
       "enum":[
+        "AC",
         "AD",
         "AE",
         "AF",
@@ -679,6 +716,7 @@
         "AT",
         "AU",
         "AW",
+        "AX",
         "AZ",
         "BA",
         "BB",
@@ -693,9 +731,11 @@
         "BM",
         "BN",
         "BO",
+        "BQ",
         "BR",
         "BS",
         "BT",
+        "BV",
         "BW",
         "BY",
         "BZ",
@@ -714,6 +754,7 @@
         "CR",
         "CU",
         "CV",
+        "CW",
         "CX",
         "CY",
         "CZ",
@@ -726,6 +767,7 @@
         "EC",
         "EE",
         "EG",
+        "EH",
         "ER",
         "ES",
         "ET",
@@ -739,18 +781,23 @@
         "GB",
         "GD",
         "GE",
+        "GF",
+        "GG",
         "GH",
         "GI",
         "GL",
         "GM",
         "GN",
+        "GP",
         "GQ",
         "GR",
+        "GS",
         "GT",
         "GU",
         "GW",
         "GY",
         "HK",
+        "HM",
         "HN",
         "HR",
         "HT",
@@ -760,10 +807,12 @@
         "IL",
         "IM",
         "IN",
+        "IO",
         "IQ",
         "IR",
         "IS",
         "IT",
+        "JE",
         "JM",
         "JO",
         "JP",
@@ -802,6 +851,7 @@
         "MN",
         "MO",
         "MP",
+        "MQ",
         "MR",
         "MS",
         "MT",
@@ -814,6 +864,7 @@
         "NA",
         "NC",
         "NE",
+        "NF",
         "NG",
         "NI",
         "NL",
@@ -833,10 +884,12 @@
         "PM",
         "PN",
         "PR",
+        "PS",
         "PT",
         "PW",
         "PY",
         "QA",
+        "RE",
         "RO",
         "RS",
         "RU",
@@ -849,18 +902,22 @@
         "SG",
         "SH",
         "SI",
+        "SJ",
         "SK",
         "SL",
         "SM",
         "SN",
         "SO",
         "SR",
+        "SS",
         "ST",
         "SV",
+        "SX",
         "SY",
         "SZ",
         "TC",
         "TD",
+        "TF",
         "TG",
         "TH",
         "TJ",
@@ -869,6 +926,7 @@
         "TM",
         "TN",
         "TO",
+        "TP",
         "TR",
         "TT",
         "TV",
@@ -895,8 +953,32 @@
         "ZW"
       ]
     },
+    "Currency":{
+      "type":"string",
+      "max":3,
+      "min":3
+    },
     "CurrentExpiryYear":{"type":"integer"},
     "DNSSec":{"type":"string"},
+    "DeleteDomainRequest":{
+      "type":"structure",
+      "required":["DomainName"],
+      "members":{
+        "DomainName":{
+          "shape":"DomainName",
+          "documentation":"<p>Name of the domain to be deleted.</p>"
+        }
+      }
+    },
+    "DeleteDomainResponse":{
+      "type":"structure",
+      "members":{
+        "OperationId":{
+          "shape":"OperationId",
+          "documentation":"<p>Identifier for tracking the progress of the request. To query the operation status, use <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_GetOperationDetail.html\">GetOperationDetail</a>.</p>"
+        }
+      }
+    },
     "DeleteTagsForDomainRequest":{
       "type":"structure",
       "required":[
@@ -990,6 +1072,45 @@
       "type":"string",
       "max":255
     },
+    "DomainPrice":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"DomainPriceName",
+          "documentation":"<p>The name of the TLD for which the prices apply.</p>"
+        },
+        "RegistrationPrice":{
+          "shape":"PriceWithCurrency",
+          "documentation":"<p>The price for domain registration with Route 53.</p>"
+        },
+        "TransferPrice":{
+          "shape":"PriceWithCurrency",
+          "documentation":"<p>The price for transferring the domain registration to Route 53.</p>"
+        },
+        "RenewalPrice":{
+          "shape":"PriceWithCurrency",
+          "documentation":"<p>The price for renewing domain registration with Route 53.</p>"
+        },
+        "ChangeOwnershipPrice":{
+          "shape":"PriceWithCurrency",
+          "documentation":"<p>The price for changing domain ownership.</p>"
+        },
+        "RestorationPrice":{
+          "shape":"PriceWithCurrency",
+          "documentation":"<p>The price for restoring the domain with Route 53.</p>"
+        }
+      },
+      "documentation":"<p>Information about the domain price associated with a TLD.</p>"
+    },
+    "DomainPriceList":{
+      "type":"list",
+      "member":{"shape":"DomainPrice"}
+    },
+    "DomainPriceName":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
     "DomainStatus":{"type":"string"},
     "DomainStatusList":{
       "type":"list",
@@ -1114,7 +1235,7 @@
       "members":{
         "Name":{
           "shape":"ExtraParamName",
-          "documentation":"<p>The name of an additional parameter that is required by a top-level domain. Here are the top-level domains that require additional parameters and the names of the parameters that they require:</p> <dl> <dt>.com.au and .net.au</dt> <dd> <ul> <li> <p> <code>AU_ID_NUMBER</code> </p> </li> <li> <p> <code>AU_ID_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>ABN</code> (Australian business number)</p> </li> <li> <p> <code>ACN</code> (Australian company number)</p> </li> <li> <p> <code>TM</code> (Trademark number)</p> </li> </ul> </li> </ul> </dd> <dt>.ca</dt> <dd> <ul> <li> <p> <code>BRAND_NUMBER</code> </p> </li> <li> <p> <code>CA_BUSINESS_ENTITY_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>BANK</code> (Bank)</p> </li> <li> <p> <code>COMMERCIAL_COMPANY</code> (Commercial company)</p> </li> <li> <p> <code>COMPANY</code> (Company)</p> </li> <li> <p> <code>COOPERATION</code> (Cooperation)</p> </li> <li> <p> <code>COOPERATIVE</code> (Cooperative)</p> </li> <li> <p> <code>COOPRIX</code> (Cooprix)</p> </li> <li> <p> <code>CORP</code> (Corporation)</p> </li> <li> <p> <code>CREDIT_UNION</code> (Credit union)</p> </li> <li> <p> <code>FOMIA</code> (Federation of mutual insurance associations)</p> </li> <li> <p> <code>INC</code> (Incorporated)</p> </li> <li> <p> <code>LTD</code> (Limited)</p> </li> <li> <p> <code>LTEE</code> (Limitée)</p> </li> <li> <p> <code>LLC</code> (Limited liability corporation)</p> </li> <li> <p> <code>LLP</code> (Limited liability partnership)</p> </li> <li> <p> <code>LTE</code> (Lte.)</p> </li> <li> <p> <code>MBA</code> (Mutual benefit association)</p> </li> <li> <p> <code>MIC</code> (Mutual insurance company)</p> </li> <li> <p> <code>NFP</code> (Not-for-profit corporation)</p> </li> <li> <p> <code>SA</code> (S.A.)</p> </li> <li> <p> <code>SAVINGS_COMPANY</code> (Savings company)</p> </li> <li> <p> <code>SAVINGS_UNION</code> (Savings union)</p> </li> <li> <p> <code>SARL</code> (Société à responsabilité limitée)</p> </li> <li> <p> <code>TRUST</code> (Trust)</p> </li> <li> <p> <code>ULC</code> (Unlimited liability corporation)</p> </li> </ul> </li> <li> <p> <code>CA_LEGAL_TYPE</code> </p> <p>When <code>ContactType</code> is <code>PERSON</code>, valid values include the following:</p> <ul> <li> <p> <code>ABO</code> (Aboriginal Peoples indigenous to Canada)</p> </li> <li> <p> <code>CCT</code> (Canadian citizen)</p> </li> <li> <p> <code>LGR</code> (Legal Representative of a Canadian Citizen or Permanent Resident)</p> </li> <li> <p> <code>RES</code> (Permanent resident of Canada)</p> </li> </ul> <p>When <code>ContactType</code> is a value other than <code>PERSON</code>, valid values include the following:</p> <ul> <li> <p> <code>ASS</code> (Canadian unincorporated association)</p> </li> <li> <p> <code>CCO</code> (Canadian corporation)</p> </li> <li> <p> <code>EDU</code> (Canadian educational institution)</p> </li> <li> <p> <code>GOV</code> (Government or government entity in Canada)</p> </li> <li> <p> <code>HOP</code> (Canadian Hospital)</p> </li> <li> <p> <code>INB</code> (Indian Band recognized by the Indian Act of Canada)</p> </li> <li> <p> <code>LAM</code> (Canadian Library, Archive, or Museum)</p> </li> <li> <p> <code>MAJ</code> (Her/His Majesty the Queen/King)</p> </li> <li> <p> <code>OMK</code> (Official mark registered in Canada)</p> </li> <li> <p> <code>PLT</code> (Canadian Political Party)</p> </li> <li> <p> <code>PRT</code> (Partnership Registered in Canada)</p> </li> <li> <p> <code>TDM</code> (Trademark registered in Canada)</p> </li> <li> <p> <code>TRD</code> (Canadian Trade Union)</p> </li> <li> <p> <code>TRS</code> (Trust established in Canada)</p> </li> </ul> </li> </ul> </dd> <dt>.es</dt> <dd> <ul> <li> <p> <code>ES_IDENTIFICATION</code> </p> <p>Specify the applicable value:</p> <ul> <li> <p> <b>For contacts inside Spain:</b> Enter your passport ID.</p> </li> <li> <p> <b>For contacts outside of Spain:</b> Enter the VAT identification number for the company.</p> <note> <p>For .es domains, the value of <code>ContactType</code> must be <code>PERSON</code>.</p> </note> </li> </ul> </li> <li> <p> <code>ES_IDENTIFICATION_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>DNI_AND_NIF</code> (For Spanish contacts)</p> </li> <li> <p> <code>NIE</code> (For foreigners with legal residence)</p> </li> <li> <p> <code>OTHER</code> (For contacts outside of Spain)</p> </li> </ul> </li> <li> <p> <code>ES_LEGAL_FORM</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>ASSOCIATION</code> </p> </li> <li> <p> <code>CENTRAL_GOVERNMENT_BODY</code> </p> </li> <li> <p> <code>CIVIL_SOCIETY</code> </p> </li> <li> <p> <code>COMMUNITY_OF_OWNERS</code> </p> </li> <li> <p> <code>COMMUNITY_PROPERTY</code> </p> </li> <li> <p> <code>CONSULATE</code> </p> </li> <li> <p> <code>COOPERATIVE</code> </p> </li> <li> <p> <code>DESIGNATION_OF_ORIGIN_SUPERVISORY_COUNCIL</code> </p> </li> <li> <p> <code>ECONOMIC_INTEREST_GROUP</code> </p> </li> <li> <p> <code>EMBASSY</code> </p> </li> <li> <p> <code>ENTITY_MANAGING_NATURAL_AREAS</code> </p> </li> <li> <p> <code>FARM_PARTNERSHIP</code> </p> </li> <li> <p> <code>FOUNDATION</code> </p> </li> <li> <p> <code>GENERAL_AND_LIMITED_PARTNERSHIP</code> </p> </li> <li> <p> <code>GENERAL_PARTNERSHIP</code> </p> </li> <li> <p> <code>INDIVIDUAL</code> </p> </li> <li> <p> <code>LIMITED_COMPANY</code> </p> </li> <li> <p> <code>LOCAL_AUTHORITY</code> </p> </li> <li> <p> <code>LOCAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>MUTUAL_INSURANCE_COMPANY</code> </p> </li> <li> <p> <code>NATIONAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>ORDER_OR_RELIGIOUS_INSTITUTION</code> </p> </li> <li> <p> <code>OTHERS (Only for contacts outside of Spain)</code> </p> </li> <li> <p> <code>POLITICAL_PARTY</code> </p> </li> <li> <p> <code>PROFESSIONAL_ASSOCIATION</code> </p> </li> <li> <p> <code>PUBLIC_LAW_ASSOCIATION</code> </p> </li> <li> <p> <code>PUBLIC_LIMITED_COMPANY</code> </p> </li> <li> <p> <code>REGIONAL_GOVERNMENT_BODY</code> </p> </li> <li> <p> <code>REGIONAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>SAVINGS_BANK</code> </p> </li> <li> <p> <code>SPANISH_OFFICE</code> </p> </li> <li> <p> <code>SPORTS_ASSOCIATION</code> </p> </li> <li> <p> <code>SPORTS_FEDERATION</code> </p> </li> <li> <p> <code>SPORTS_LIMITED_COMPANY</code> </p> </li> <li> <p> <code>TEMPORARY_ALLIANCE_OF_ENTERPRISES</code> </p> </li> <li> <p> <code>TRADE_UNION</code> </p> </li> <li> <p> <code>WORKER_OWNED_COMPANY</code> </p> </li> <li> <p> <code>WORKER_OWNED_LIMITED_COMPANY</code> </p> </li> </ul> </li> </ul> </dd> <dt>.fi</dt> <dd> <ul> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>FI_BUSINESS_NUMBER</code> </p> </li> <li> <p> <code>FI_ID_NUMBER</code> </p> </li> <li> <p> <code>FI_NATIONALITY</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>FINNISH</code> </p> </li> <li> <p> <code>NOT_FINNISH</code> </p> </li> </ul> </li> <li> <p> <code>FI_ORGANIZATION_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>COMPANY</code> </p> </li> <li> <p> <code>CORPORATION</code> </p> </li> <li> <p> <code>GOVERNMENT</code> </p> </li> <li> <p> <code>INSTITUTION</code> </p> </li> <li> <p> <code>POLITICAL_PARTY</code> </p> </li> <li> <p> <code>PUBLIC_COMMUNITY</code> </p> </li> <li> <p> <code>TOWNSHIP</code> </p> </li> </ul> </li> </ul> </dd> <dt>.fr</dt> <dd> <ul> <li> <p> <code>BIRTH_CITY</code> </p> </li> <li> <p> <code>BIRTH_COUNTRY</code> </p> </li> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>BIRTH_DEPARTMENT</code>: Specify the INSEE code that corresponds with the department where the contact was born. If the contact was born somewhere other than France or its overseas departments, specify <code>99</code>. For more information, including a list of departments and the corresponding INSEE numbers, see the Wikipedia entry <a href=\"https://en.wikipedia.org/wiki/Departments_of_France\">Departments of France</a>.</p> </li> <li> <p> <code>BRAND_NUMBER</code> </p> </li> </ul> </dd> <dt>.it</dt> <dd> <ul> <li> <p> <code>IT_NATIONALITY</code> </p> </li> <li> <p> <code>IT_PIN</code> </p> </li> <li> <p> <code>IT_REGISTRANT_ENTITY_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>FOREIGNERS</code> </p> </li> <li> <p> <code>FREELANCE_WORKERS</code> (Freelance workers and professionals)</p> </li> <li> <p> <code>ITALIAN_COMPANIES</code> (Italian companies and one-person companies)</p> </li> <li> <p> <code>NON_PROFIT_ORGANIZATIONS</code> </p> </li> <li> <p> <code>OTHER_SUBJECTS</code> </p> </li> <li> <p> <code>PUBLIC_ORGANIZATIONS</code> </p> </li> </ul> </li> </ul> </dd> <dt>.ru</dt> <dd> <ul> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>RU_PASSPORT_DATA</code> </p> </li> </ul> </dd> <dt>.se</dt> <dd> <ul> <li> <p> <code>BIRTH_COUNTRY</code> </p> </li> <li> <p> <code>SE_ID_NUMBER</code> </p> </li> </ul> </dd> <dt>.sg</dt> <dd> <ul> <li> <p> <code>SG_ID_NUMBER</code> </p> </li> </ul> </dd> <dt>.co.uk, .me.uk, and .org.uk</dt> <dd> <ul> <li> <p> <code>UK_CONTACT_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>CRC</code> (UK Corporation by Royal Charter)</p> </li> <li> <p> <code>FCORP</code> (Non-UK Corporation)</p> </li> <li> <p> <code>FIND</code> (Non-UK Individual, representing self)</p> </li> <li> <p> <code>FOTHER</code> (Non-UK Entity that does not fit into any other category)</p> </li> <li> <p> <code>GOV</code> (UK Government Body)</p> </li> <li> <p> <code>IND</code> (UK Individual (representing self))</p> </li> <li> <p> <code>IP</code> (UK Industrial/Provident Registered Company)</p> </li> <li> <p> <code>LLP</code> (UK Limited Liability Partnership)</p> </li> <li> <p> <code>LTD</code> (UK Limited Company)</p> </li> <li> <p> <code>OTHER</code> (UK Entity that does not fit into any other category)</p> </li> <li> <p> <code>PLC</code> (UK Public Limited Company)</p> </li> <li> <p> <code>PTNR</code> (UK Partnership)</p> </li> <li> <p> <code>RCHAR</code> (UK Registered Charity)</p> </li> <li> <p> <code>SCH</code> (UK School)</p> </li> <li> <p> <code>STAT</code> (UK Statutory Body)</p> </li> <li> <p> <code>STRA</code> (UK Sole Trader)</p> </li> </ul> </li> <li> <p> <code>UK_COMPANY_NUMBER</code> </p> </li> </ul> </dd> </dl> <p>In addition, many TLDs require a <code>VAT_NUMBER</code>.</p>"
+          "documentation":"<p>The name of an additional parameter that is required by a top-level domain. Here are the top-level domains that require additional parameters and the names of the parameters that they require:</p> <dl> <dt>.com.au and .net.au</dt> <dd> <ul> <li> <p> <code>AU_ID_NUMBER</code> </p> </li> <li> <p> <code>AU_ID_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>ABN</code> (Australian business number)</p> </li> <li> <p> <code>ACN</code> (Australian company number)</p> </li> <li> <p> <code>TM</code> (Trademark number)</p> </li> </ul> </li> </ul> </dd> <dt>.ca</dt> <dd> <ul> <li> <p> <code>BRAND_NUMBER</code> </p> </li> <li> <p> <code>CA_BUSINESS_ENTITY_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>BANK</code> (Bank)</p> </li> <li> <p> <code>COMMERCIAL_COMPANY</code> (Commercial company)</p> </li> <li> <p> <code>COMPANY</code> (Company)</p> </li> <li> <p> <code>COOPERATION</code> (Cooperation)</p> </li> <li> <p> <code>COOPERATIVE</code> (Cooperative)</p> </li> <li> <p> <code>COOPRIX</code> (Cooprix)</p> </li> <li> <p> <code>CORP</code> (Corporation)</p> </li> <li> <p> <code>CREDIT_UNION</code> (Credit union)</p> </li> <li> <p> <code>FOMIA</code> (Federation of mutual insurance associations)</p> </li> <li> <p> <code>INC</code> (Incorporated)</p> </li> <li> <p> <code>LTD</code> (Limited)</p> </li> <li> <p> <code>LTEE</code> (Limitée)</p> </li> <li> <p> <code>LLC</code> (Limited liability corporation)</p> </li> <li> <p> <code>LLP</code> (Limited liability partnership)</p> </li> <li> <p> <code>LTE</code> (Lte.)</p> </li> <li> <p> <code>MBA</code> (Mutual benefit association)</p> </li> <li> <p> <code>MIC</code> (Mutual insurance company)</p> </li> <li> <p> <code>NFP</code> (Not-for-profit corporation)</p> </li> <li> <p> <code>SA</code> (S.A.)</p> </li> <li> <p> <code>SAVINGS_COMPANY</code> (Savings company)</p> </li> <li> <p> <code>SAVINGS_UNION</code> (Savings union)</p> </li> <li> <p> <code>SARL</code> (Société à responsabilité limitée)</p> </li> <li> <p> <code>TRUST</code> (Trust)</p> </li> <li> <p> <code>ULC</code> (Unlimited liability corporation)</p> </li> </ul> </li> <li> <p> <code>CA_LEGAL_TYPE</code> </p> <p>When <code>ContactType</code> is <code>PERSON</code>, valid values include the following:</p> <ul> <li> <p> <code>ABO</code> (Aboriginal Peoples indigenous to Canada)</p> </li> <li> <p> <code>CCT</code> (Canadian citizen)</p> </li> <li> <p> <code>LGR</code> (Legal Representative of a Canadian Citizen or Permanent Resident)</p> </li> <li> <p> <code>RES</code> (Permanent resident of Canada)</p> </li> </ul> <p>When <code>ContactType</code> is a value other than <code>PERSON</code>, valid values include the following:</p> <ul> <li> <p> <code>ASS</code> (Canadian unincorporated association)</p> </li> <li> <p> <code>CCO</code> (Canadian corporation)</p> </li> <li> <p> <code>EDU</code> (Canadian educational institution)</p> </li> <li> <p> <code>GOV</code> (Government or government entity in Canada)</p> </li> <li> <p> <code>HOP</code> (Canadian Hospital)</p> </li> <li> <p> <code>INB</code> (Indian Band recognized by the Indian Act of Canada)</p> </li> <li> <p> <code>LAM</code> (Canadian Library, Archive, or Museum)</p> </li> <li> <p> <code>MAJ</code> (Her/His Majesty the Queen/King)</p> </li> <li> <p> <code>OMK</code> (Official mark registered in Canada)</p> </li> <li> <p> <code>PLT</code> (Canadian Political Party)</p> </li> <li> <p> <code>PRT</code> (Partnership Registered in Canada)</p> </li> <li> <p> <code>TDM</code> (Trademark registered in Canada)</p> </li> <li> <p> <code>TRD</code> (Canadian Trade Union)</p> </li> <li> <p> <code>TRS</code> (Trust established in Canada)</p> </li> </ul> </li> </ul> </dd> <dt>.es</dt> <dd> <ul> <li> <p> <code>ES_IDENTIFICATION</code> </p> <p>The value of <code>ES_IDENTIFICATION</code> depends on the following values:</p> <ul> <li> <p>The value of <code>ES_LEGAL_FORM</code> </p> </li> <li> <p>The value of <code>ES_IDENTIFICATION_TYPE</code> </p> </li> </ul> <p> <b>If <code>ES_LEGAL_FORM</code> is any value other than <code>INDIVIDUAL</code>:</b> </p> <ul> <li> <p>Specify 1 letter + 8 numbers (CIF [Certificado de Identificación Fiscal])</p> </li> <li> <p>Example: B12345678</p> </li> </ul> <p> <b>If <code>ES_LEGAL_FORM</code> is <code>INDIVIDUAL</code>, the value that you specify for <code>ES_IDENTIFICATION</code> depends on the value of <code>ES_IDENTIFICATION_TYPE</code>:</b> </p> <ul> <li> <p>If <code>ES_IDENTIFICATION_TYPE</code> is <code>DNI_AND_NIF</code> (for Spanish contacts):</p> <ul> <li> <p>Specify 8 numbers + 1 letter (DNI [Documento Nacional de Identidad], NIF [Número de Identificación Fiscal])</p> </li> <li> <p>Example: 12345678M</p> </li> </ul> </li> <li> <p>If <code>ES_IDENTIFICATION_TYPE</code> is <code>NIE</code> (for foreigners with legal residence):</p> <ul> <li> <p>Specify 1 letter + 7 numbers + 1 letter ( NIE [Número de Identidad de Extranjero])</p> </li> <li> <p>Example: Y1234567X</p> </li> </ul> </li> <li> <p>If <code>ES_IDENTIFICATION_TYPE</code> is <code>OTHER</code> (for contacts outside of Spain):</p> <ul> <li> <p>Specify a passport number, drivers license number, or national identity card number</p> </li> </ul> </li> </ul> </li> <li> <p> <code>ES_IDENTIFICATION_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>DNI_AND_NIF</code> (For Spanish contacts)</p> </li> <li> <p> <code>NIE</code> (For foreigners with legal residence)</p> </li> <li> <p> <code>OTHER</code> (For contacts outside of Spain)</p> </li> </ul> </li> <li> <p> <code>ES_LEGAL_FORM</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>ASSOCIATION</code> </p> </li> <li> <p> <code>CENTRAL_GOVERNMENT_BODY</code> </p> </li> <li> <p> <code>CIVIL_SOCIETY</code> </p> </li> <li> <p> <code>COMMUNITY_OF_OWNERS</code> </p> </li> <li> <p> <code>COMMUNITY_PROPERTY</code> </p> </li> <li> <p> <code>CONSULATE</code> </p> </li> <li> <p> <code>COOPERATIVE</code> </p> </li> <li> <p> <code>DESIGNATION_OF_ORIGIN_SUPERVISORY_COUNCIL</code> </p> </li> <li> <p> <code>ECONOMIC_INTEREST_GROUP</code> </p> </li> <li> <p> <code>EMBASSY</code> </p> </li> <li> <p> <code>ENTITY_MANAGING_NATURAL_AREAS</code> </p> </li> <li> <p> <code>FARM_PARTNERSHIP</code> </p> </li> <li> <p> <code>FOUNDATION</code> </p> </li> <li> <p> <code>GENERAL_AND_LIMITED_PARTNERSHIP</code> </p> </li> <li> <p> <code>GENERAL_PARTNERSHIP</code> </p> </li> <li> <p> <code>INDIVIDUAL</code> </p> </li> <li> <p> <code>LIMITED_COMPANY</code> </p> </li> <li> <p> <code>LOCAL_AUTHORITY</code> </p> </li> <li> <p> <code>LOCAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>MUTUAL_INSURANCE_COMPANY</code> </p> </li> <li> <p> <code>NATIONAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>ORDER_OR_RELIGIOUS_INSTITUTION</code> </p> </li> <li> <p> <code>OTHERS (Only for contacts outside of Spain)</code> </p> </li> <li> <p> <code>POLITICAL_PARTY</code> </p> </li> <li> <p> <code>PROFESSIONAL_ASSOCIATION</code> </p> </li> <li> <p> <code>PUBLIC_LAW_ASSOCIATION</code> </p> </li> <li> <p> <code>PUBLIC_LIMITED_COMPANY</code> </p> </li> <li> <p> <code>REGIONAL_GOVERNMENT_BODY</code> </p> </li> <li> <p> <code>REGIONAL_PUBLIC_ENTITY</code> </p> </li> <li> <p> <code>SAVINGS_BANK</code> </p> </li> <li> <p> <code>SPANISH_OFFICE</code> </p> </li> <li> <p> <code>SPORTS_ASSOCIATION</code> </p> </li> <li> <p> <code>SPORTS_FEDERATION</code> </p> </li> <li> <p> <code>SPORTS_LIMITED_COMPANY</code> </p> </li> <li> <p> <code>TEMPORARY_ALLIANCE_OF_ENTERPRISES</code> </p> </li> <li> <p> <code>TRADE_UNION</code> </p> </li> <li> <p> <code>WORKER_OWNED_COMPANY</code> </p> </li> <li> <p> <code>WORKER_OWNED_LIMITED_COMPANY</code> </p> </li> </ul> </li> </ul> </dd> <dt>.eu</dt> <dd> <ul> <li> <p> <code> EU_COUNTRY_OF_CITIZENSHIP</code> </p> </li> </ul> </dd> <dt>.fi</dt> <dd> <ul> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>FI_BUSINESS_NUMBER</code> </p> </li> <li> <p> <code>FI_ID_NUMBER</code> </p> </li> <li> <p> <code>FI_NATIONALITY</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>FINNISH</code> </p> </li> <li> <p> <code>NOT_FINNISH</code> </p> </li> </ul> </li> <li> <p> <code>FI_ORGANIZATION_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>COMPANY</code> </p> </li> <li> <p> <code>CORPORATION</code> </p> </li> <li> <p> <code>GOVERNMENT</code> </p> </li> <li> <p> <code>INSTITUTION</code> </p> </li> <li> <p> <code>POLITICAL_PARTY</code> </p> </li> <li> <p> <code>PUBLIC_COMMUNITY</code> </p> </li> <li> <p> <code>TOWNSHIP</code> </p> </li> </ul> </li> </ul> </dd> <dt>.fr</dt> <dd> <ul> <li> <p> <code>BIRTH_CITY</code> </p> </li> <li> <p> <code>BIRTH_COUNTRY</code> </p> </li> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>BIRTH_DEPARTMENT</code>: Specify the INSEE code that corresponds with the department where the contact was born. If the contact was born somewhere other than France or its overseas departments, specify <code>99</code>. For more information, including a list of departments and the corresponding INSEE numbers, see the Wikipedia entry <a href=\"https://en.wikipedia.org/wiki/Departments_of_France\">Departments of France</a>.</p> </li> <li> <p> <code>BRAND_NUMBER</code> </p> </li> </ul> </dd> <dt>.it</dt> <dd> <ul> <li> <p> <code>IT_NATIONALITY</code> </p> </li> <li> <p> <code>IT_PIN</code> </p> </li> <li> <p> <code>IT_REGISTRANT_ENTITY_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>FOREIGNERS</code> </p> </li> <li> <p> <code>FREELANCE_WORKERS</code> (Freelance workers and professionals)</p> </li> <li> <p> <code>ITALIAN_COMPANIES</code> (Italian companies and one-person companies)</p> </li> <li> <p> <code>NON_PROFIT_ORGANIZATIONS</code> </p> </li> <li> <p> <code>OTHER_SUBJECTS</code> </p> </li> <li> <p> <code>PUBLIC_ORGANIZATIONS</code> </p> </li> </ul> </li> </ul> </dd> <dt>.ru</dt> <dd> <ul> <li> <p> <code>BIRTH_DATE_IN_YYYY_MM_DD</code> </p> </li> <li> <p> <code>RU_PASSPORT_DATA</code> </p> </li> </ul> </dd> <dt>.se</dt> <dd> <ul> <li> <p> <code>BIRTH_COUNTRY</code> </p> </li> <li> <p> <code>SE_ID_NUMBER</code> </p> </li> </ul> </dd> <dt>.sg</dt> <dd> <ul> <li> <p> <code>SG_ID_NUMBER</code> </p> </li> </ul> </dd> <dt>.co.uk, .me.uk, and .org.uk</dt> <dd> <ul> <li> <p> <code>UK_CONTACT_TYPE</code> </p> <p>Valid values include the following:</p> <ul> <li> <p> <code>CRC</code> (UK Corporation by Royal Charter)</p> </li> <li> <p> <code>FCORP</code> (Non-UK Corporation)</p> </li> <li> <p> <code>FIND</code> (Non-UK Individual, representing self)</p> </li> <li> <p> <code>FOTHER</code> (Non-UK Entity that does not fit into any other category)</p> </li> <li> <p> <code>GOV</code> (UK Government Body)</p> </li> <li> <p> <code>IND</code> (UK Individual (representing self))</p> </li> <li> <p> <code>IP</code> (UK Industrial/Provident Registered Company)</p> </li> <li> <p> <code>LLP</code> (UK Limited Liability Partnership)</p> </li> <li> <p> <code>LTD</code> (UK Limited Company)</p> </li> <li> <p> <code>OTHER</code> (UK Entity that does not fit into any other category)</p> </li> <li> <p> <code>PLC</code> (UK Public Limited Company)</p> </li> <li> <p> <code>PTNR</code> (UK Partnership)</p> </li> <li> <p> <code>RCHAR</code> (UK Registered Charity)</p> </li> <li> <p> <code>SCH</code> (UK School)</p> </li> <li> <p> <code>STAT</code> (UK Statutory Body)</p> </li> <li> <p> <code>STRA</code> (UK Sole Trader)</p> </li> </ul> </li> <li> <p> <code>UK_COMPANY_NUMBER</code> </p> </li> </ul> </dd> </dl> <p>In addition, many TLDs require a <code>VAT_NUMBER</code>.</p>"
         },
         "Value":{
           "shape":"ExtraParamValue",
@@ -1158,14 +1279,48 @@
         "SG_ID_NUMBER",
         "VAT_NUMBER",
         "UK_CONTACT_TYPE",
-        "UK_COMPANY_NUMBER"
+        "UK_COMPANY_NUMBER",
+        "EU_COUNTRY_OF_CITIZENSHIP"
       ]
     },
     "ExtraParamValue":{
       "type":"string",
-      "max":2048
+      "max":2048,
+      "sensitive":true
+    },
+    "FIAuthKey":{
+      "type":"string",
+      "max":255,
+      "min":0,
+      "sensitive":true
+    },
+    "FilterCondition":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Operator",
+        "Values"
+      ],
+      "members":{
+        "Name":{
+          "shape":"ListDomainsAttributeName",
+          "documentation":"<p>Name of the field which should be used for filtering the list of domains.</p>"
+        },
+        "Operator":{
+          "shape":"Operator",
+          "documentation":"<p>The operator values for filtering domain names. The values can be:</p> <ul> <li> <p> <code>LE</code>: Less than, or equal to</p> </li> <li> <p> <code>GE</code>: Greater than, or equal to</p> </li> <li> <p> <code>BEGINS_WITH</code>: Begins with</p> </li> </ul>"
+        },
+        "Values":{
+          "shape":"Values",
+          "documentation":"<p> An array of strings presenting values to compare. Only 1 item in the list is currently supported.</p>"
+        }
+      },
+      "documentation":"<p>Information for the filtering of a list of domains returned by <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains__ListDomains.html\">ListDomains</a>.</p>"
+    },
+    "FilterConditions":{
+      "type":"list",
+      "member":{"shape":"FilterCondition"}
     },
-    "FIAuthKey":{"type":"string"},
     "GetContactReachabilityStatusRequest":{
       "type":"structure",
       "members":{
@@ -1287,7 +1442,7 @@
         },
         "DnsSec":{
           "shape":"DNSSec",
-          "documentation":"<p>Reserved for future use.</p>"
+          "documentation":"<p>Deprecated.</p>"
         },
         "StatusList":{
           "shape":"DomainStatusList",
@@ -1398,12 +1553,27 @@
       "type":"string",
       "max":3
     },
+    "ListDomainsAttributeName":{
+      "type":"string",
+      "enum":[
+        "DomainName",
+        "Expiry"
+      ]
+    },
     "ListDomainsRequest":{
       "type":"structure",
       "members":{
+        "FilterConditions":{
+          "shape":"FilterConditions",
+          "documentation":"<p>A complex type that contains information about the filters applied during the <code>ListDomains</code> request. The filter conditions can include domain name and domain expiration.</p>"
+        },
+        "SortCondition":{
+          "shape":"SortCondition",
+          "documentation":"<p>A complex type that contains information about the requested ordering of domains in the returned list.</p>"
+        },
         "Marker":{
           "shape":"PageMarker",
-          "documentation":"<p>For an initial request for a list of domains, omit this element. If the number of domains that are associated with the current AWS account is greater than the value that you specified for <code>MaxItems</code>, you can use <code>Marker</code> to return additional domains. Get the value of <code>NextPageMarker</code> from the previous response, and submit another request that includes the value of <code>NextPageMarker</code> in the <code>Marker</code> element.</p> <p>Constraints: The marker must match the value specified in the previous request.</p>"
+          "documentation":"<p>For an initial request for a list of domains, omit this element. If the number of domains that are associated with the current Amazon Web Services account is greater than the value that you specified for <code>MaxItems</code>, you can use <code>Marker</code> to return additional domains. Get the value of <code>NextPageMarker</code> from the previous response, and submit another request that includes the value of <code>NextPageMarker</code> in the <code>Marker</code> element.</p> <p>Constraints: The marker must match the value specified in the previous request.</p>"
         },
         "MaxItems":{
           "shape":"PageMaxItems",
@@ -1418,7 +1588,7 @@
       "members":{
         "Domains":{
           "shape":"DomainSummaryList",
-          "documentation":"<p>A summary of domains.</p>"
+          "documentation":"<p>A list of domains.</p>"
         },
         "NextPageMarker":{
           "shape":"PageMarker",
@@ -1460,6 +1630,37 @@
       },
       "documentation":"<p>The ListOperations response includes the following elements.</p>"
     },
+    "ListPricesRequest":{
+      "type":"structure",
+      "members":{
+        "Tld":{
+          "shape":"TldName",
+          "documentation":"<p>The TLD for which you want to receive the pricing information. For example. <code>.net</code>.</p> <p>If a <code>Tld</code> value is not provided, a list of prices for all TLDs supported by Route 53 is returned.</p>"
+        },
+        "Marker":{
+          "shape":"PageMarker",
+          "documentation":"<p>For an initial request for a list of prices, omit this element. If the number of prices that are not yet complete is greater than the value that you specified for <code>MaxItems</code>, you can use <code>Marker</code> to return additional prices. Get the value of <code>NextPageMarker</code> from the previous response, and submit another request that includes the value of <code>NextPageMarker</code> in the <code>Marker</code> element. </p> <p>Used only for all TLDs. If you specify a TLD, don't specify a <code>Marker</code>.</p>"
+        },
+        "MaxItems":{
+          "shape":"PageMaxItems",
+          "documentation":"<p>Number of <code>Prices</code> to be returned.</p> <p>Used only for all TLDs. If you specify a TLD, don't specify a <code>MaxItems</code>.</p>"
+        }
+      }
+    },
+    "ListPricesResponse":{
+      "type":"structure",
+      "required":["Prices"],
+      "members":{
+        "Prices":{
+          "shape":"DomainPriceList",
+          "documentation":"<p>A complex type that includes all the pricing information. If you specify a TLD, this array contains only the pricing for that TLD.</p>"
+        },
+        "NextPageMarker":{
+          "shape":"PageMarker",
+          "documentation":"<p>If there are more prices than you specified for <code>MaxItems</code> in the request, submit another request and include the value of <code>NextPageMarker</code> in the value of <code>Marker</code>. </p> <p>Used only for all TLDs. If you specify a TLD, don't specify a <code>NextPageMarker</code>.</p>"
+        }
+      }
+    },
     "ListTagsForDomainRequest":{
       "type":"structure",
       "required":["DomainName"],
@@ -1581,6 +1782,14 @@
         "INTERNAL_TRANSFER_IN_DOMAIN"
       ]
     },
+    "Operator":{
+      "type":"string",
+      "enum":[
+        "LE",
+        "GE",
+        "BEGINS_WITH"
+      ]
+    },
     "PageMarker":{
       "type":"string",
       "max":4096
@@ -1590,6 +1799,24 @@
       "max":100
     },
     "Price":{"type":"double"},
+    "PriceWithCurrency":{
+      "type":"structure",
+      "required":[
+        "Price",
+        "Currency"
+      ],
+      "members":{
+        "Price":{
+          "shape":"Price",
+          "documentation":"<p>The price of a domain, in a specific currency.</p>"
+        },
+        "Currency":{
+          "shape":"Currency",
+          "documentation":"<p>The currency specifier.</p>"
+        }
+      },
+      "documentation":"<p>Currency-specific price information.</p>"
+    },
     "ReachabilityStatus":{
       "type":"string",
       "enum":[
@@ -1638,15 +1865,15 @@
         },
         "PrivacyProtectAdminContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         },
         "PrivacyProtectRegistrantContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (the domain owner).</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (the domain owner).</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         },
         "PrivacyProtectTechContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         }
       },
       "documentation":"<p>The RegisterDomain request includes the following elements.</p>"
@@ -1672,7 +1899,7 @@
       "members":{
         "DomainName":{
           "shape":"DomainName",
-          "documentation":"<p>The name of the domain that was specified when another AWS account submitted a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a> request. </p>"
+          "documentation":"<p>The name of the domain that was specified when another Amazon Web Services account submitted a <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_TransferDomainToAnotherAwsAccount.html\">TransferDomainToAnotherAwsAccount</a> request. </p>"
         }
       },
       "documentation":"<p>The RejectDomainTransferFromAnotherAwsAccount request includes the following element.</p>"
@@ -1768,6 +1995,31 @@
       },
       "documentation":"<p>The RetrieveDomainAuthCode response includes the following element.</p>"
     },
+    "SortCondition":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "SortOrder"
+      ],
+      "members":{
+        "Name":{
+          "shape":"ListDomainsAttributeName",
+          "documentation":"<p>Field to be used for sorting the list of domains. It can be either the name or the expiration for a domain. Note that if <code>filterCondition</code> is used in the same <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains__ListDomains.html\">ListDomains</a> call, the field used for sorting has to be the same as the field used for filtering.</p>"
+        },
+        "SortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The sort order for a list of domains. Either ascending (ASC) or descending (DES).</p>"
+        }
+      },
+      "documentation":"<p>Information for sorting a list of domains.</p>"
+    },
+    "SortOrder":{
+      "type":"string",
+      "enum":[
+        "ASC",
+        "DESC"
+      ]
+    },
     "State":{
       "type":"string",
       "max":255
@@ -1798,7 +2050,11 @@
       },
       "documentation":"<p>Each tag includes the following elements.</p>"
     },
-    "TagKey":{"type":"string"},
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
     "TagKeyList":{
       "type":"list",
       "member":{"shape":"TagKey"}
@@ -1807,8 +2063,17 @@
       "type":"list",
       "member":{"shape":"Tag"}
     },
-    "TagValue":{"type":"string"},
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
     "Timestamp":{"type":"timestamp"},
+    "TldName":{
+      "type":"string",
+      "max":255,
+      "min":1
+    },
     "TransferDomainRequest":{
       "type":"structure",
       "required":[
@@ -1857,15 +2122,15 @@
         },
         "PrivacyProtectAdminContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         },
         "PrivacyProtectRegistrantContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (domain owner).</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (domain owner).</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         },
         "PrivacyProtectTechContact":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p> <p>Default: <code>true</code> </p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note> <p>Default: <code>true</code> </p>"
         }
       },
       "documentation":"<p>The TransferDomain request includes the following elements.</p>"
@@ -1890,11 +2155,11 @@
       "members":{
         "DomainName":{
           "shape":"DomainName",
-          "documentation":"<p>The name of the domain that you want to transfer from the current AWS account to another account.</p>"
+          "documentation":"<p>The name of the domain that you want to transfer from the current Amazon Web Services account to another account.</p>"
         },
         "AccountId":{
           "shape":"AccountId",
-          "documentation":"<p>The account ID of the AWS account that you want to transfer the domain to, for example, <code>111122223333</code>.</p>"
+          "documentation":"<p>The account ID of the Amazon Web Services account that you want to transfer the domain to, for example, <code>111122223333</code>.</p>"
         }
       },
       "documentation":"<p>The TransferDomainToAnotherAwsAccount request includes the following elements.</p>"
@@ -1908,7 +2173,7 @@
         },
         "Password":{
           "shape":"String",
-          "documentation":"<p>To finish transferring a domain to another AWS account, the account that the domain is being transferred to must submit an <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a> request. The request must include the value of the <code>Password</code> element that was returned in the <code>TransferDomainToAnotherAwsAccount</code> response.</p>"
+          "documentation":"<p>To finish transferring a domain to another Amazon Web Services account, the account that the domain is being transferred to must submit an <a href=\"https://docs.aws.amazon.com/Route53/latest/APIReference/API_domains_AcceptDomainTransferFromAnotherAwsAccount.html\">AcceptDomainTransferFromAnotherAwsAccount</a> request. The request must include the value of the <code>Password</code> element that was returned in the <code>TransferDomainToAnotherAwsAccount</code> response.</p>"
         }
       },
       "documentation":"<p>The <code>TransferDomainToAnotherAwsAccount</code> response includes the following elements.</p>"
@@ -1943,15 +2208,15 @@
         },
         "AdminPrivacy":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the admin contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note>"
         },
         "RegistrantPrivacy":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (domain owner).</p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the registrant contact (domain owner).</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note>"
         },
         "TechPrivacy":{
           "shape":"Boolean",
-          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p>"
+          "documentation":"<p>Whether you want to conceal contact information from WHOIS queries. If you specify <code>true</code>, WHOIS (\"who is\") queries return contact information either for Amazon Registrar (for .com, .net, and .org domains) or for our registrar associate, Gandi (for all other TLDs). If you specify <code>false</code>, WHOIS queries return the information that you entered for the technical contact.</p> <note> <p>You must specify the same privacy setting for the administrative, registrant, and technical contacts.</p> </note>"
         }
       },
       "documentation":"<p>The UpdateDomainContactPrivacy request includes the following elements.</p>"
@@ -2055,6 +2320,17 @@
       "members":{
       }
     },
+    "Value":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "Values":{
+      "type":"list",
+      "member":{"shape":"Value"},
+      "max":1,
+      "min":1
+    },
     "ViewBillingRequest":{
       "type":"structure",
       "members":{
@@ -2068,7 +2344,7 @@
         },
         "Marker":{
           "shape":"PageMarker",
-          "documentation":"<p>For an initial request for a list of billing records, omit this element. If the number of billing records that are associated with the current AWS account during the specified period is greater than the value that you specified for <code>MaxItems</code>, you can use <code>Marker</code> to return additional billing records. Get the value of <code>NextPageMarker</code> from the previous response, and submit another request that includes the value of <code>NextPageMarker</code> in the <code>Marker</code> element. </p> <p>Constraints: The marker must match the value of <code>NextPageMarker</code> that was returned in the previous response.</p>"
+          "documentation":"<p>For an initial request for a list of billing records, omit this element. If the number of billing records that are associated with the current Amazon Web Services account during the specified period is greater than the value that you specified for <code>MaxItems</code>, you can use <code>Marker</code> to return additional billing records. Get the value of <code>NextPageMarker</code> from the previous response, and submit another request that includes the value of <code>NextPageMarker</code> in the <code>Marker</code> element. </p> <p>Constraints: The marker must match the value of <code>NextPageMarker</code> that was returned in the previous response.</p>"
         },
         "MaxItems":{
           "shape":"PageMaxItems",
diff --git a/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/paginators-1.json b/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/paginators-1.json
new file mode 100644
index 00000000000..cf26166d6b4
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/paginators-1.json
@@ -0,0 +1,16 @@
+{
+  "pagination": {
+    "GetAppMonitorData": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "Events"
+    },
+    "ListAppMonitors": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "AppMonitorSummaries"
+    }
+  }
+}
diff --git a/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/service-2.json b/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/service-2.json
new file mode 100644
index 00000000000..fb7b7a750a5
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/rum/2018-05-10/service-2.json
@@ -0,0 +1,999 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2018-05-10",
+    "endpointPrefix":"rum",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"CloudWatch RUM",
+    "serviceId":"RUM",
+    "signatureVersion":"v4",
+    "signingName":"rum",
+    "uid":"rum-2018-05-10"
+  },
+  "operations":{
+    "CreateAppMonitor":{
+      "name":"CreateAppMonitor",
+      "http":{
+        "method":"POST",
+        "requestUri":"/appmonitor",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateAppMonitorRequest"},
+      "output":{"shape":"CreateAppMonitorResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a Amazon CloudWatch RUM app monitor, which collects telemetry data from your application and sends that data to RUM. The data includes performance and reliability information such as page load time, client-side errors, and user behavior.</p> <p>You use this operation only to create a new app monitor. To update an existing app monitor, use <a href=\"https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_UpdateAppMonitor.html\">UpdateAppMonitor</a> instead.</p> <p>After you create an app monitor, sign in to the CloudWatch RUM console to get the JavaScript code snippet to add to your web application. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-find-code-snippet.html\">How do I find a code snippet that I've already generated?</a> </p>",
+      "idempotent":true
+    },
+    "DeleteAppMonitor":{
+      "name":"DeleteAppMonitor",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/appmonitor/{Name}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteAppMonitorRequest"},
+      "output":{"shape":"DeleteAppMonitorResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes an existing app monitor. This immediately stops the collection of data.</p>",
+      "idempotent":true
+    },
+    "GetAppMonitor":{
+      "name":"GetAppMonitor",
+      "http":{
+        "method":"GET",
+        "requestUri":"/appmonitor/{Name}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetAppMonitorRequest"},
+      "output":{"shape":"GetAppMonitorResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Retrieves the complete configuration information for one app monitor.</p>"
+    },
+    "GetAppMonitorData":{
+      "name":"GetAppMonitorData",
+      "http":{
+        "method":"POST",
+        "requestUri":"/appmonitor/{Name}/data",
+        "responseCode":200
+      },
+      "input":{"shape":"GetAppMonitorDataRequest"},
+      "output":{"shape":"GetAppMonitorDataResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Retrieves the raw performance events that RUM has collected from your web application, so that you can do your own processing or analysis of this data.</p>"
+    },
+    "ListAppMonitors":{
+      "name":"ListAppMonitors",
+      "http":{
+        "method":"POST",
+        "requestUri":"/appmonitors",
+        "responseCode":200
+      },
+      "input":{"shape":"ListAppMonitorsRequest"},
+      "output":{"shape":"ListAppMonitorsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Returns a list of the Amazon CloudWatch RUM app monitors in the account.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Displays the tags associated with a CloudWatch RUM resource.</p>"
+    },
+    "PutRumEvents":{
+      "name":"PutRumEvents",
+      "http":{
+        "method":"POST",
+        "requestUri":"/appmonitors/{Id}/",
+        "responseCode":200
+      },
+      "input":{"shape":"PutRumEventsRequest"},
+      "output":{"shape":"PutRumEventsResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Sends telemetry events about your application performance and user behavior to CloudWatch RUM. The code snippet that RUM generates for you to add to your application includes <code>PutRumEvents</code> operations to send this data to RUM.</p> <p>Each <code>PutRumEvents</code> operation can send a batch of events from one user session.</p>",
+      "endpoint":{"hostPrefix":"dataplane."}
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Assigns one or more tags (key-value pairs) to the specified CloudWatch RUM resource. Currently, the only resources that can be tagged app monitors.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <p>You can use the <code>TagResource</code> action with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.</p> <p>You can associate as many as 50 tags with a resource.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a>.</p>",
+      "idempotent":true
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{ResourceArn}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Removes one or more tags from the specified resource.</p>",
+      "idempotent":true
+    },
+    "UpdateAppMonitor":{
+      "name":"UpdateAppMonitor",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/appmonitor/{Name}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateAppMonitorRequest"},
+      "output":{"shape":"UpdateAppMonitorResponse"},
+      "errors":[
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates the configuration of an existing app monitor. When you use this operation, only the parts of the app monitor configuration that you specify in this operation are changed. For any parameters that you omit, the existing values are kept.</p> <p>You can't use this operation to change the tags of an existing app monitor. To change the tags of an existing app monitor, use <a href=\"https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_TagResource.html\">TagResource</a>.</p> <p>To create a new app monitor, use <a href=\"https://docs.aws.amazon.com/cloudwatchrum/latest/APIReference/API_CreateAppMonitor.html\">CreateAppMonitor</a>.</p> <p>After you update an app monitor, sign in to the CloudWatch RUM console to get the updated JavaScript code snippet to add to your web application. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-RUM-find-code-snippet.html\">How do I find a code snippet that I've already generated?</a> </p>"
+    }
+  },
+  "shapes":{
+    "AccessDeniedException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>You don't have sufficient permissions to perform this action.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "AppMonitor":{
+      "type":"structure",
+      "members":{
+        "AppMonitorConfiguration":{
+          "shape":"AppMonitorConfiguration",
+          "documentation":"<p>A structure that contains much of the configuration data for the app monitor.</p>"
+        },
+        "Created":{
+          "shape":"ISOTimestampString",
+          "documentation":"<p>The date and time that this app monitor was created.</p>"
+        },
+        "DataStorage":{
+          "shape":"DataStorage",
+          "documentation":"<p>A structure that contains information about whether this app monitor stores a copy of the telemetry data that RUM collects using CloudWatch Logs.</p>"
+        },
+        "Domain":{
+          "shape":"AppMonitorDomain",
+          "documentation":"<p>The top-level internet domain name for which your application has administrative authority.</p>"
+        },
+        "Id":{
+          "shape":"AppMonitorId",
+          "documentation":"<p>The unique ID of this app monitor.</p>"
+        },
+        "LastModified":{
+          "shape":"ISOTimestampString",
+          "documentation":"<p>The date and time of the most recent changes to this app monitor's configuration.</p>"
+        },
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The name of the app monitor.</p>"
+        },
+        "State":{
+          "shape":"StateEnum",
+          "documentation":"<p>The current state of the app monitor.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with this app monitor.</p>"
+        }
+      },
+      "documentation":"<p>A RUM app monitor collects telemetry data from your application and sends that data to RUM. The data includes performance and reliability information such as page load time, client-side errors, and user behavior.</p>"
+    },
+    "AppMonitorConfiguration":{
+      "type":"structure",
+      "members":{
+        "AllowCookies":{
+          "shape":"Boolean",
+          "documentation":"<p>If you set this to <code>true</code>, the RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page.</p>"
+        },
+        "EnableXRay":{
+          "shape":"Boolean",
+          "documentation":"<p>If you set this to <code>true</code>, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests. You can see traces and segments from these user sessions in the X-Ray console and the CloudWatch ServiceLens console. For more information, see <a href=\"https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html\">What is X-Ray?</a> </p>"
+        },
+        "ExcludedPages":{
+          "shape":"Pages",
+          "documentation":"<p>A list of URLs in your website or application to exclude from RUM data collection.</p> <p>You can't include both <code>ExcludedPages</code> and <code>IncludedPages</code> in the same operation.</p>"
+        },
+        "FavoritePages":{
+          "shape":"FavoritePages",
+          "documentation":"<p>A list of pages in the CloudWatch RUM console that are to be displayed with a \"favorite\" icon.</p>"
+        },
+        "GuestRoleArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the guest IAM role that is attached to the Amazon Cognito identity pool that is used to authorize the sending of data to RUM.</p>"
+        },
+        "IdentityPoolId":{
+          "shape":"IdentityPoolId",
+          "documentation":"<p>The ID of the Amazon Cognito identity pool that is used to authorize the sending of data to RUM.</p>"
+        },
+        "IncludedPages":{
+          "shape":"Pages",
+          "documentation":"<p>If this app monitor is to collect data from only certain pages in your application, this structure lists those pages. </p> <pre><code> &lt;p&gt;You can't include both &lt;code&gt;ExcludedPages&lt;/code&gt; and &lt;code&gt;IncludedPages&lt;/code&gt; in the same operation.&lt;/p&gt; </code></pre>"
+        },
+        "SessionSampleRate":{
+          "shape":"SessionSampleRate",
+          "documentation":"<p>Specifies the percentage of user sessions to use for RUM data collection. Choosing a higher percentage gives you more data but also incurs more costs.</p> <p>The number you specify is the percentage of user sessions that will be used.</p> <p>If you omit this parameter, the default of 10 is used.</p>"
+        },
+        "Telemetries":{
+          "shape":"Telemetries",
+          "documentation":"<p>An array that lists the types of telemetry data that this app monitor is to collect.</p> <ul> <li> <p> <code>errors</code> indicates that RUM collects data about unhandled JavaScript errors raised by your application.</p> </li> <li> <p> <code>performance</code> indicates that RUM collects performance data about how your application and its resources are loaded and rendered. This includes Core Web Vitals.</p> </li> <li> <p> <code>http</code> indicates that RUM collects data about HTTP errors thrown by your application.</p> </li> </ul>"
+        }
+      },
+      "documentation":"<p>This structure contains much of the configuration data for the app monitor.</p>"
+    },
+    "AppMonitorDetails":{
+      "type":"structure",
+      "members":{
+        "id":{
+          "shape":"String",
+          "documentation":"<p>The unique ID of the app monitor.</p>"
+        },
+        "name":{
+          "shape":"String",
+          "documentation":"<p>The name of the app monitor.</p>"
+        },
+        "version":{
+          "shape":"String",
+          "documentation":"<p>The version of the app monitor.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about the RUM app monitor.</p>"
+    },
+    "AppMonitorDomain":{
+      "type":"string",
+      "max":253,
+      "min":1,
+      "pattern":"^(localhost)|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))|^(\\*\\.)(?![-.])([A-Za-z0-9-\\.\\-]{0,63})((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))\\.(?![-])[A-Za-z-0-9]{1,63}((?![-])([a-zA-Z0-9]{1}|^[a-zA-Z0-9]{0,1}))"
+    },
+    "AppMonitorId":{
+      "type":"string",
+      "max":36,
+      "min":36,
+      "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$"
+    },
+    "AppMonitorName":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^(?!\\.)[\\.\\-_#A-Za-z0-9]+$"
+    },
+    "AppMonitorSummary":{
+      "type":"structure",
+      "members":{
+        "Created":{
+          "shape":"ISOTimestampString",
+          "documentation":"<p>The date and time that the app monitor was created.</p>"
+        },
+        "Id":{
+          "shape":"AppMonitorId",
+          "documentation":"<p>The unique ID of this app monitor.</p>"
+        },
+        "LastModified":{
+          "shape":"ISOTimestampString",
+          "documentation":"<p>The date and time of the most recent changes to this app monitor's configuration.</p>"
+        },
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The name of this app monitor.</p>"
+        },
+        "State":{
+          "shape":"StateEnum",
+          "documentation":"<p>The current state of this app monitor.</p>"
+        }
+      },
+      "documentation":"<p>A structure that includes some data about app monitors and their settings.</p>"
+    },
+    "AppMonitorSummaryList":{
+      "type":"list",
+      "member":{"shape":"AppMonitorSummary"}
+    },
+    "Arn":{
+      "type":"string",
+      "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*"
+    },
+    "Boolean":{
+      "type":"boolean",
+      "box":true
+    },
+    "ConflictException":{
+      "type":"structure",
+      "required":[
+        "message",
+        "resourceName"
+      ],
+      "members":{
+        "message":{"shape":"String"},
+        "resourceName":{
+          "shape":"String",
+          "documentation":"<p>The name of the resource that is associated with the error.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the resource that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>This operation attempted to create a resource that already exists.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "CreateAppMonitorRequest":{
+      "type":"structure",
+      "required":[
+        "Domain",
+        "Name"
+      ],
+      "members":{
+        "AppMonitorConfiguration":{
+          "shape":"AppMonitorConfiguration",
+          "documentation":"<p>A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include <code>AppMonitorConfiguration</code>, you must set up your own authorization method. For more information, see <a href=\"https://docs.aws.amazon.com/monitoring/CloudWatch-RUM-get-started-authorization.html\">Authorize your application to send data to Amazon Web Services</a>.</p> <p>If you omit this argument, the sample rate used for RUM is set to 10% of the user sessions.</p>"
+        },
+        "CwLogEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.</p> <p>If you omit this parameter, the default is <code>false</code>.</p>"
+        },
+        "Domain":{
+          "shape":"AppMonitorDomain",
+          "documentation":"<p>The top-level internet domain name for which your application has administrative authority.</p>"
+        },
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>A name for the app monitor.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Assigns one or more tags (key-value pairs) to the app monitor.</p> <p>Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.</p> <p>Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.</p> <pre><code> &lt;p&gt;You can associate as many as 50 tags with an app monitor.&lt;/p&gt; &lt;p&gt;For more information, see &lt;a href=&quot;https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html&quot;&gt;Tagging Amazon Web Services resources&lt;/a&gt;.&lt;/p&gt; </code></pre>"
+        }
+      }
+    },
+    "CreateAppMonitorResponse":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"AppMonitorId",
+          "documentation":"<p>The unique ID of the new app monitor.</p>"
+        }
+      }
+    },
+    "CwLog":{
+      "type":"structure",
+      "members":{
+        "CwLogEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicated whether the app monitor stores copies of the data that RUM collects in CloudWatch Logs.</p>"
+        },
+        "CwLogGroup":{
+          "shape":"String",
+          "documentation":"<p>The name of the log group where the copies are stored.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the information about whether the app monitor stores copies of the data that RUM collects in CloudWatch Logs. If it does, this structure also contains the name of the log group.</p>"
+    },
+    "DataStorage":{
+      "type":"structure",
+      "members":{
+        "CwLog":{
+          "shape":"CwLog",
+          "documentation":"<p>A structure that contains the information about whether the app monitor stores copies of the data that RUM collects in CloudWatch Logs. If it does, this structure also contains the name of the log group.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about whether this app monitor stores a copy of the telemetry data that RUM collects using CloudWatch Logs.</p>"
+    },
+    "DeleteAppMonitorRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The name of the app monitor to delete.</p>",
+          "location":"uri",
+          "locationName":"Name"
+        }
+      }
+    },
+    "DeleteAppMonitorResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "EventData":{"type":"string"},
+    "EventDataList":{
+      "type":"list",
+      "member":{"shape":"EventData"}
+    },
+    "FavoritePages":{
+      "type":"list",
+      "member":{"shape":"String"},
+      "max":50,
+      "min":0
+    },
+    "GetAppMonitorDataRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "TimeRange"
+      ],
+      "members":{
+        "Filters":{
+          "shape":"QueryFilters",
+          "documentation":"<p>An array of structures that you can use to filter the results to those that match one or more sets of key-value pairs that you specify.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxQueryResults",
+          "documentation":"<p>The maximum number of results to return in one operation. </p>"
+        },
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The name of the app monitor that collected the data that you want to retrieve.</p>",
+          "location":"uri",
+          "locationName":"Name"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>Use the token returned by the previous operation to request the next page of results.</p>"
+        },
+        "TimeRange":{
+          "shape":"TimeRange",
+          "documentation":"<p>A structure that defines the time range that you want to retrieve results from.</p>"
+        }
+      }
+    },
+    "GetAppMonitorDataResponse":{
+      "type":"structure",
+      "members":{
+        "Events":{
+          "shape":"EventDataList",
+          "documentation":"<p>The events that RUM collected that match your request.</p>"
+        },
+        "NextToken":{
+          "shape":"Token",
+          "documentation":"<p>A token that you can use in a subsequent operation to retrieve the next set of results.</p>"
+        }
+      }
+    },
+    "GetAppMonitorRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The app monitor to retrieve information for.</p>",
+          "location":"uri",
+          "locationName":"Name"
+        }
+      }
+    },
+    "GetAppMonitorResponse":{
+      "type":"structure",
+      "members":{
+        "AppMonitor":{
+          "shape":"AppMonitor",
+          "documentation":"<p>A structure containing all the configuration information for the app monitor.</p>"
+        }
+      }
+    },
+    "ISOTimestampString":{
+      "type":"string",
+      "max":19,
+      "min":19,
+      "pattern":"/d{4}-[01]/d-[0-3]/dT[0-2]/d:[0-5]/d:[0-5]/d/./d+([+-][0-2]/d:[0-5]/d|Z)"
+    },
+    "IdentityPoolId":{
+      "type":"string",
+      "max":55,
+      "min":1,
+      "pattern":"[\\w-]+:[0-9a-f-]+"
+    },
+    "Integer":{
+      "type":"integer",
+      "box":true
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"},
+        "retryAfterSeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The value of a parameter in the request caused an error.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        }
+      },
+      "documentation":"<p>Internal service exception.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true,
+      "retryable":{"throttling":false}
+    },
+    "JsonValue":{"type":"string"},
+    "ListAppMonitorsRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of results to return in one operation. </p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>Use the token returned by the previous operation to request the next page of results.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListAppMonitorsResponse":{
+      "type":"structure",
+      "members":{
+        "AppMonitorSummaries":{
+          "shape":"AppMonitorSummaryList",
+          "documentation":"<p>An array of structures that contain information about the returned app monitors.</p>"
+        },
+        "NextToken":{
+          "shape":"String",
+          "documentation":"<p>A token that you can use in a subsequent operation to retrieve the next set of results.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the resource that you want to see the tags of.</p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Tags"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the resource that you are viewing.</p>"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of tag keys and values associated with the resource you specified.</p>"
+        }
+      }
+    },
+    "MaxQueryResults":{
+      "type":"integer",
+      "max":100,
+      "min":0
+    },
+    "Pages":{
+      "type":"list",
+      "member":{"shape":"Url"},
+      "max":50,
+      "min":0
+    },
+    "PutRumEventsRequest":{
+      "type":"structure",
+      "required":[
+        "AppMonitorDetails",
+        "BatchId",
+        "Id",
+        "RumEvents",
+        "UserDetails"
+      ],
+      "members":{
+        "AppMonitorDetails":{
+          "shape":"AppMonitorDetails",
+          "documentation":"<p>A structure that contains information about the app monitor that collected this telemetry information.</p>"
+        },
+        "BatchId":{
+          "shape":"String",
+          "documentation":"<p>A unique identifier for this batch of RUM event data.</p>"
+        },
+        "Id":{
+          "shape":"AppMonitorId",
+          "documentation":"<p>The ID of the app monitor that is sending this data.</p>",
+          "location":"uri",
+          "locationName":"Id"
+        },
+        "RumEvents":{
+          "shape":"RumEventList",
+          "documentation":"<p>An array of structures that contain the telemetry event data.</p>"
+        },
+        "UserDetails":{
+          "shape":"UserDetails",
+          "documentation":"<p>A structure that contains information about the user session that this batch of events was collected from.</p>"
+        }
+      }
+    },
+    "PutRumEventsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "QueryFilter":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"QueryFilterKey",
+          "documentation":"<p>The name of a key to search for. The filter returns only the events that match the <code>Name</code> and <code>Values</code> that you specify. </p> <p>Valid values for <code>Name</code> are <code>Browser</code> | <code>Device</code> | <code>Country</code> | <code>Page</code> | <code>OS</code> | <code>EventType</code> | <code>Invert</code> </p>"
+        },
+        "Values":{
+          "shape":"QueryFilterValueList",
+          "documentation":"<p>The values of the <code>Name</code> that are to be be included in the returned results.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines a key and values that you can use to filter the results. The only performance events that are returned are those that have values matching the ones that you specify in one of your <code>QueryFilter</code> structures.</p> <p>For example, you could specify <code>Browser</code> as the <code>Name</code> and specify <code>Chrome,Firefox</code> as the <code>Values</code> to return events generated only from those browsers.</p> <p>Specifying <code>Invert</code> as the <code>Name</code> works as a \"not equal to\" filter. For example, specify <code>Invert</code> as the <code>Name</code> and specify <code>Chrome</code> as the value to return all events except events from user sessions with the Chrome browser.</p>"
+    },
+    "QueryFilterKey":{"type":"string"},
+    "QueryFilterValue":{"type":"string"},
+    "QueryFilterValueList":{
+      "type":"list",
+      "member":{"shape":"QueryFilterValue"}
+    },
+    "QueryFilters":{
+      "type":"list",
+      "member":{"shape":"QueryFilter"}
+    },
+    "QueryTimestamp":{"type":"long"},
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "required":[
+        "message",
+        "resourceName"
+      ],
+      "members":{
+        "message":{"shape":"String"},
+        "resourceName":{
+          "shape":"String",
+          "documentation":"<p>The name of the resource that is associated with the error.</p>"
+        },
+        "resourceType":{
+          "shape":"String",
+          "documentation":"<p>The type of the resource that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>Resource not found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "RumEvent":{
+      "type":"structure",
+      "required":[
+        "details",
+        "id",
+        "timestamp",
+        "type"
+      ],
+      "members":{
+        "details":{
+          "shape":"JsonValue",
+          "documentation":"<p>A string containing details about the event.</p>",
+          "jsonvalue":true
+        },
+        "id":{
+          "shape":"String",
+          "documentation":"<p>A unique ID for this event.</p>"
+        },
+        "metadata":{
+          "shape":"JsonValue",
+          "documentation":"<p>Metadata about this event, which contains a JSON serialization of the identity of the user for this session. The user information comes from information such as the HTTP user-agent request header and document interface.</p>",
+          "jsonvalue":true
+        },
+        "timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The exact time that this event occurred.</p>"
+        },
+        "type":{
+          "shape":"String",
+          "documentation":"<p>The JSON schema that denotes the type of event this is, such as a page load or a new session.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains the information for one performance event that RUM collects from a user session with your application.</p>"
+    },
+    "RumEventList":{
+      "type":"list",
+      "member":{"shape":"RumEvent"}
+    },
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>This request exceeds a service quota.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "SessionSampleRate":{
+      "type":"double",
+      "max":1,
+      "min":0
+    },
+    "StateEnum":{
+      "type":"string",
+      "enum":[
+        "CREATED",
+        "DELETING",
+        "ACTIVE"
+      ]
+    },
+    "String":{"type":"string"},
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":50,
+      "min":0
+    },
+    "TagMap":{
+      "type":"map",
+      "key":{"shape":"TagKey"},
+      "value":{"shape":"TagValue"}
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Tags"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the CloudWatch RUM resource that you're adding tags to.</p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>The list of key-value pairs to associate with the resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "Telemetries":{
+      "type":"list",
+      "member":{"shape":"Telemetry"}
+    },
+    "Telemetry":{
+      "type":"string",
+      "enum":[
+        "errors",
+        "performance",
+        "http"
+      ]
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"},
+        "quotaCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service quota that was exceeded.</p>"
+        },
+        "retryAfterSeconds":{
+          "shape":"Integer",
+          "documentation":"<p>The value of a parameter in the request caused an error.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        },
+        "serviceCode":{
+          "shape":"String",
+          "documentation":"<p>The ID of the service that is associated with the error.</p>"
+        }
+      },
+      "documentation":"<p>The request was throttled because of quota limits.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true,
+      "retryable":{"throttling":true}
+    },
+    "TimeRange":{
+      "type":"structure",
+      "required":["After"],
+      "members":{
+        "After":{
+          "shape":"QueryTimestamp",
+          "documentation":"<p>The beginning of the time range to retrieve performance events from.</p>"
+        },
+        "Before":{
+          "shape":"QueryTimestamp",
+          "documentation":"<p>The end of the time range to retrieve performance events from. If you omit this, the time range extends to the time that this operation is performed.</p>"
+        }
+      },
+      "documentation":"<p>A structure that defines the time range that you want to retrieve results from.</p>"
+    },
+    "Timestamp":{"type":"timestamp"},
+    "Token":{"type":"string"},
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "TagKeys"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"Arn",
+          "documentation":"<p>The ARN of the CloudWatch RUM resource that you're removing tags from.</p>",
+          "location":"uri",
+          "locationName":"ResourceArn"
+        },
+        "TagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The list of tag keys to remove from the resource.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateAppMonitorRequest":{
+      "type":"structure",
+      "required":["Name"],
+      "members":{
+        "AppMonitorConfiguration":{
+          "shape":"AppMonitorConfiguration",
+          "documentation":"<p>A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include <code>AppMonitorConfiguration</code>, you must set up your own authorization method. For more information, see <a href=\"https://docs.aws.amazon.com/monitoring/CloudWatch-RUM-get-started-authorization.html\">Authorize your application to send data to Amazon Web Services</a>.</p>"
+        },
+        "CwLogEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.</p>"
+        },
+        "Domain":{
+          "shape":"AppMonitorDomain",
+          "documentation":"<p>The top-level internet domain name for which your application has administrative authority.</p>"
+        },
+        "Name":{
+          "shape":"AppMonitorName",
+          "documentation":"<p>The name of the app monitor to update.</p>",
+          "location":"uri",
+          "locationName":"Name"
+        }
+      }
+    },
+    "UpdateAppMonitorResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "Url":{
+      "type":"string",
+      "max":1260,
+      "min":1,
+      "pattern":"https?:\\/\\/(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\\b([-a-zA-Z0-9()@:%_\\+.~#?&//=]*)"
+    },
+    "UserDetails":{
+      "type":"structure",
+      "members":{
+        "sessionId":{
+          "shape":"String",
+          "documentation":"<p>The session ID that the performance events are from.</p>"
+        },
+        "userId":{
+          "shape":"String",
+          "documentation":"<p>The ID of the user for this user session. This ID is generated by RUM and does not include any personally identifiable information about the user.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains information about the user session that this batch of events was collected from.</p>"
+    },
+    "ValidationException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>One of the arguments for the request is not valid.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    }
+  },
+  "documentation":"<p>With Amazon CloudWatch RUM, you can perform real-user monitoring to collect client-side data about your web application performance from actual user sessions in real time. The data collected includes page load times, client-side errors, and user behavior. When you view this data, you can see it all aggregated together and also see breakdowns by the browsers and devices that your customers use.</p> <pre><code> &lt;p&gt;You can use the collected data to quickly identify and debug client-side performance issues. CloudWatch RUM helps you visualize anomalies in your application performance and find relevant debugging data such as error messages, stack traces, and user sessions. You can also use RUM to understand the range of end-user impact including the number of users, geolocations, and browsers used.&lt;/p&gt; </code></pre>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/s3/2006-03-01/service-2.json b/contrib/python/botocore/py3/botocore/data/s3/2006-03-01/service-2.json
index 330ab007c8f..1298143c68c 100644
--- a/contrib/python/botocore/py3/botocore/data/s3/2006-03-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/s3/2006-03-01/service-2.json
@@ -37,7 +37,7 @@
       "input":{"shape":"CompleteMultipartUploadRequest"},
       "output":{"shape":"CompleteMultipartUploadOutput"},
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/mpUploadComplete.html",
-      "documentation":"<p>Completes a multipart upload by assembling previously uploaded parts.</p> <p>You first initiate the multipart upload and then upload all parts using the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html\">UploadPart</a> operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the <code>ETag</code> value, returned after that part was uploaded.</p> <p>Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. Because a request could fail after the initial 200 OK response has been sent, it is important that you check the response body to determine whether the request succeeded.</p> <p>Note that if <code>CompleteMultipartUpload</code> fails, applications should be prepared to retry the failed requests. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html\">Amazon S3 Error Best Practices</a>.</p> <p>For more information about multipart uploads, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html\">Uploading Objects Using Multipart Upload</a>.</p> <p>For information about permissions required to use the multipart upload API, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html\">Multipart Upload and Permissions</a>.</p> <p> <code>CompleteMultipartUpload</code> has the following special errors:</p> <ul> <li> <p>Error code: <code>EntityTooSmall</code> </p> <ul> <li> <p>Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>InvalidPart</code> </p> <ul> <li> <p>Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>InvalidPartOrder</code> </p> <ul> <li> <p>Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>NoSuchUpload</code> </p> <ul> <li> <p>Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.</p> </li> <li> <p>404 Not Found</p> </li> </ul> </li> </ul> <p>The following operations are related to <code>CompleteMultipartUpload</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html\">CreateMultipartUpload</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html\">UploadPart</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html\">AbortMultipartUpload</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html\">ListParts</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html\">ListMultipartUploads</a> </p> </li> </ul>"
+      "documentation":"<p>Completes a multipart upload by assembling previously uploaded parts.</p> <p>You first initiate the multipart upload and then upload all parts using the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html\">UploadPart</a> operation. After successfully uploading all relevant parts of an upload, you call this action to complete the upload. Upon receiving this request, Amazon S3 concatenates all the parts in ascending order by part number to create a new object. In the Complete Multipart Upload request, you must provide the parts list. You must ensure that the parts list is complete. This action concatenates the parts that you provide in the list. For each part in the list, you must provide the part number and the <code>ETag</code> value, returned after that part was uploaded.</p> <p>Processing of a Complete Multipart Upload request could take several minutes to complete. After Amazon S3 begins processing the request, it sends an HTTP response header that specifies a 200 OK response. While processing is in progress, Amazon S3 periodically sends white space characters to keep the connection from timing out. Because a request could fail after the initial 200 OK response has been sent, it is important that you check the response body to determine whether the request succeeded.</p> <p>Note that if <code>CompleteMultipartUpload</code> fails, applications should be prepared to retry the failed requests. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ErrorBestPractices.html\">Amazon S3 Error Best Practices</a>.</p> <important> <p>You cannot use <code>Content-Type: application/x-www-form-urlencoded</code> with Complete Multipart Upload requests. Also, if you do not provide a <code>Content-Type</code> header, <code>CompleteMultipartUpload</code> returns a 200 OK response.</p> </important> <p>For more information about multipart uploads, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html\">Uploading Objects Using Multipart Upload</a>.</p> <p>For information about permissions required to use the multipart upload API, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html\">Multipart Upload and Permissions</a>.</p> <p> <code>CompleteMultipartUpload</code> has the following special errors:</p> <ul> <li> <p>Error code: <code>EntityTooSmall</code> </p> <ul> <li> <p>Description: Your proposed upload is smaller than the minimum allowed object size. Each part must be at least 5 MB in size, except the last part.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>InvalidPart</code> </p> <ul> <li> <p>Description: One or more of the specified parts could not be found. The part might not have been uploaded, or the specified entity tag might not have matched the part's entity tag.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>InvalidPartOrder</code> </p> <ul> <li> <p>Description: The list of parts was not in ascending order. The parts list must be specified in order by part number.</p> </li> <li> <p>400 Bad Request</p> </li> </ul> </li> <li> <p>Error code: <code>NoSuchUpload</code> </p> <ul> <li> <p>Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.</p> </li> <li> <p>404 Not Found</p> </li> </ul> </li> </ul> <p>The following operations are related to <code>CompleteMultipartUpload</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateMultipartUpload.html\">CreateMultipartUpload</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPart.html\">UploadPart</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_AbortMultipartUpload.html\">AbortMultipartUpload</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListParts.html\">ListParts</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListMultipartUploads.html\">ListMultipartUploads</a> </p> </li> </ul>"
     },
     "CopyObject":{
       "name":"CopyObject",
@@ -51,7 +51,7 @@
         {"shape":"ObjectNotInActiveTierError"}
       ],
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectCOPY.html",
-      "documentation":"<p>Creates a copy of an object that is already stored in Amazon S3.</p> <note> <p>You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy API. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html\">Copy Object Using the REST Multipart Upload API</a>.</p> </note> <p>All copy requests must be authenticated. Additionally, you must have <i>read</i> access to the source object and <i>write</i> access to the destination bucket. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html\">REST Authentication</a>. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.</p> <p>A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the <code>200 OK</code> response. This means that a <code>200 OK</code> response can contain either a success or an error. Design your application to parse the contents of the response and handle it appropriately.</p> <p>If the copy is successful, you receive a response with information about the copied object.</p> <note> <p>If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.</p> </note> <p>The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see <a href=\"http://aws.amazon.com/s3/pricing/\">Amazon S3 pricing</a>.</p> <important> <p>Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 <code>Bad Request</code> error. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html\">Transfer Acceleration</a>.</p> </important> <p> <b>Metadata</b> </p> <p>When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html\">Using ACLs</a>. </p> <p>To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the <code>x-amz-metadata-directive</code> header. When you grant permissions, you can use the <code>s3:x-amz-metadata-directive</code> condition key to enforce certain metadata behavior when objects are uploaded. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html\">Specifying Conditions in a Policy</a> in the <i>Amazon S3 User Guide</i>. For a complete list of Amazon S3-specific condition keys, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a>.</p> <p> <b> <code>x-amz-copy-source-if</code> Headers</b> </p> <p>To only copy an object under certain conditions, such as whether the <code>Etag</code> matches or whether the object was modified before or after a specified date, use the following request parameters:</p> <ul> <li> <p> <code>x-amz-copy-source-if-match</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-none-match</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-unmodified-since</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-modified-since</code> </p> </li> </ul> <p> If both the <code>x-amz-copy-source-if-match</code> and <code>x-amz-copy-source-if-unmodified-since</code> headers are present in the request and evaluate as follows, Amazon S3 returns <code>200 OK</code> and copies the data:</p> <ul> <li> <p> <code>x-amz-copy-source-if-match</code> condition evaluates to true</p> </li> <li> <p> <code>x-amz-copy-source-if-unmodified-since</code> condition evaluates to false</p> </li> </ul> <p>If both the <code>x-amz-copy-source-if-none-match</code> and <code>x-amz-copy-source-if-modified-since</code> headers are present in the request and evaluate as follows, Amazon S3 returns the <code>412 Precondition Failed</code> response code:</p> <ul> <li> <p> <code>x-amz-copy-source-if-none-match</code> condition evaluates to false</p> </li> <li> <p> <code>x-amz-copy-source-if-modified-since</code> condition evaluates to true</p> </li> </ul> <note> <p>All headers with the <code>x-amz-</code> prefix, including <code>x-amz-copy-source</code>, must be signed.</p> </note> <p> <b>Server-side encryption</b> </p> <p>When you perform a CopyObject operation, you can optionally use the appropriate encryption-related headers to encrypt the object using server-side encryption with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html\">Using Server-Side Encryption</a>.</p> <p>If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html\">Amazon S3 Bucket Keys</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Access Control List (ACL)-Specific Request Headers</b> </p> <p>When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> and <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html\">Managing ACLs Using the REST API</a>. </p> <p> <b>Storage Class Options</b> </p> <p>You can use the <code>CopyObject</code> action to change the storage class of an object that is already stored in Amazon S3 using the <code>StorageClass</code> parameter. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Versioning</b> </p> <p>By default, <code>x-amz-copy-source</code> identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the <code>versionId</code> subresource.</p> <p>If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the <code>x-amz-version-id</code> response header in the response.</p> <p>If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.</p> <p>If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html\">RestoreObject</a>.</p> <p>The following operations are related to <code>CopyObject</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html\">Copying Objects</a>.</p>",
+      "documentation":"<p>Creates a copy of an object that is already stored in Amazon S3.</p> <note> <p>You can store individual objects of up to 5 TB in Amazon S3. You create a copy of your object up to 5 GB in size in a single atomic action using this API. However, to copy an object greater than 5 GB, you must use the multipart upload Upload Part - Copy API. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjctsUsingRESTMPUapi.html\">Copy Object Using the REST Multipart Upload API</a>.</p> </note> <p>All copy requests must be authenticated. Additionally, you must have <i>read</i> access to the source object and <i>write</i> access to the destination bucket. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html\">REST Authentication</a>. Both the Region that you want to copy the object from and the Region that you want to copy the object to must be enabled for your account.</p> <p>A copy request might return an error when Amazon S3 receives the copy request or while Amazon S3 is copying the files. If the error occurs before the copy action starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the <code>200 OK</code> response. This means that a <code>200 OK</code> response can contain either a success or an error. Design your application to parse the contents of the response and handle it appropriately.</p> <p>If the copy is successful, you receive a response with information about the copied object.</p> <note> <p>If the request is an HTTP 1.1 request, the response is chunk encoded. If it were not, it would not contain the content-length, and you would need to read the entire body.</p> </note> <p>The copy request charge is based on the storage class and Region that you specify for the destination object. For pricing information, see <a href=\"http://aws.amazon.com/s3/pricing/\">Amazon S3 pricing</a>.</p> <important> <p>Amazon S3 transfer acceleration does not support cross-Region copies. If you request a cross-Region copy using a transfer acceleration endpoint, you get a 400 <code>Bad Request</code> error. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html\">Transfer Acceleration</a>.</p> </important> <p> <b>Metadata</b> </p> <p>When copying an object, you can preserve all metadata (default) or specify new metadata. However, the ACL is not preserved and is set to private for the user making the request. To override the default ACL setting, specify a new ACL when generating a copy request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html\">Using ACLs</a>. </p> <p>To specify whether you want the object metadata copied from the source object or replaced with metadata provided in the request, you can optionally add the <code>x-amz-metadata-directive</code> header. When you grant permissions, you can use the <code>s3:x-amz-metadata-directive</code> condition key to enforce certain metadata behavior when objects are uploaded. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html\">Specifying Conditions in a Policy</a> in the <i>Amazon S3 User Guide</i>. For a complete list of Amazon S3-specific condition keys, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/list_amazons3.html\">Actions, Resources, and Condition Keys for Amazon S3</a>.</p> <p> <b> <code>x-amz-copy-source-if</code> Headers</b> </p> <p>To only copy an object under certain conditions, such as whether the <code>Etag</code> matches or whether the object was modified before or after a specified date, use the following request parameters:</p> <ul> <li> <p> <code>x-amz-copy-source-if-match</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-none-match</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-unmodified-since</code> </p> </li> <li> <p> <code>x-amz-copy-source-if-modified-since</code> </p> </li> </ul> <p> If both the <code>x-amz-copy-source-if-match</code> and <code>x-amz-copy-source-if-unmodified-since</code> headers are present in the request and evaluate as follows, Amazon S3 returns <code>200 OK</code> and copies the data:</p> <ul> <li> <p> <code>x-amz-copy-source-if-match</code> condition evaluates to true</p> </li> <li> <p> <code>x-amz-copy-source-if-unmodified-since</code> condition evaluates to false</p> </li> </ul> <p>If both the <code>x-amz-copy-source-if-none-match</code> and <code>x-amz-copy-source-if-modified-since</code> headers are present in the request and evaluate as follows, Amazon S3 returns the <code>412 Precondition Failed</code> response code:</p> <ul> <li> <p> <code>x-amz-copy-source-if-none-match</code> condition evaluates to false</p> </li> <li> <p> <code>x-amz-copy-source-if-modified-since</code> condition evaluates to true</p> </li> </ul> <note> <p>All headers with the <code>x-amz-</code> prefix, including <code>x-amz-copy-source</code>, must be signed.</p> </note> <p> <b>Server-side encryption</b> </p> <p>When you perform a CopyObject operation, you can optionally use the appropriate encryption-related headers to encrypt the object using server-side encryption with Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS) or a customer-provided encryption key. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. For more information about server-side encryption, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html\">Using Server-Side Encryption</a>.</p> <p>If a target object uses SSE-KMS, you can enable an S3 Bucket Key for the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html\">Amazon S3 Bucket Keys</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Access Control List (ACL)-Specific Request Headers</b> </p> <p>When copying an object, you can optionally use headers to grant ACL-based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> and <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html\">Managing ACLs Using the REST API</a>. </p> <p>If the bucket that you're copying objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the <code>bucket-owner-full-control</code> canned ACL or an equivalent form of this ACL expressed in the XML format.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\"> Controlling ownership of objects and disabling ACLs</a> in the <i>Amazon S3 User Guide</i>.</p> <note> <p>If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.</p> </note> <p> <b>Storage Class Options</b> </p> <p>You can use the <code>CopyObject</code> action to change the storage class of an object that is already stored in Amazon S3 using the <code>StorageClass</code> parameter. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Versioning</b> </p> <p>By default, <code>x-amz-copy-source</code> identifies the current version of an object to copy. If the current version is a delete marker, Amazon S3 behaves as if the object was deleted. To copy a different version, use the <code>versionId</code> subresource.</p> <p>If you enable versioning on the target bucket, Amazon S3 generates a unique version ID for the object being copied. This version ID is different from the version ID of the source object. Amazon S3 returns the version ID of the copied object in the <code>x-amz-version-id</code> response header in the response.</p> <p>If you do not enable versioning or suspend it on the target bucket, the version ID that Amazon S3 generates is always null.</p> <p>If the source object's storage class is GLACIER, you must restore a copy of this object before you can use it as a source object for the copy operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html\">RestoreObject</a>.</p> <p>The following operations are related to <code>CopyObject</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> </ul> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/CopyingObjectsExamples.html\">Copying Objects</a>.</p>",
       "alias":"PutObjectCopy"
     },
     "CreateBucket":{
@@ -67,7 +67,7 @@
         {"shape":"BucketAlreadyOwnedByYou"}
       ],
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html",
-      "documentation":"<p>Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.</p> <p>Not every string is an acceptable bucket name. For information about bucket naming restrictions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html\">Bucket naming rules</a>.</p> <p>If you want to create an Amazon S3 on Outposts bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html\">Create Bucket</a>. </p> <p>By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro\">Accessing a bucket</a>.</p> <note> <p>If you send your create bucket request to the <code>s3.amazonaws.com</code> endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html\">Virtual hosting of buckets</a>.</p> </note> <p>When creating a bucket using this operation, you can optionally specify the accounts or groups that should be granted specific permissions on the bucket. There are two ways to grant the appropriate permissions using the request headers.</p> <ul> <li> <p>Specify a canned ACL using the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as <i>canned ACLs</i>. Each canned ACL has a predefined set of grantees and permissions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly using the <code>x-amz-grant-read</code>, <code>x-amz-grant-write</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access control list (ACL) overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-read</code> header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:</p> <p> <code>x-amz-grant-read: id=\"11112222333\", id=\"444455556666\" </code> </p> </li> </ul> <note> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> </note> <p> <b>Permissions</b> </p> <p>If your <code>CreateBucket</code> request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both <code>s3:CreateBucket</code> and <code>s3:PutBucketAcl</code> permissions are needed. If the ACL the <code>CreateBucket</code> request is private, only <code>s3:CreateBucket</code> permission is needed. </p> <p>If <code>ObjectLockEnabledForBucket</code> is set to true in your <code>CreateBucket</code> request, <code>s3:PutBucketObjectLockConfiguration</code> and <code>s3:PutBucketVersioning</code> permissions are required.</p> <p>The following operations are related to <code>CreateBucket</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> </ul>",
+      "documentation":"<p>Creates a new S3 bucket. To create a bucket, you must register with Amazon S3 and have a valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to create buckets. By creating the bucket, you become the bucket owner.</p> <p>Not every string is an acceptable bucket name. For information about bucket naming restrictions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html\">Bucket naming rules</a>.</p> <p>If you want to create an Amazon S3 on Outposts bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html\">Create Bucket</a>. </p> <p>By default, the bucket is created in the US East (N. Virginia) Region. You can optionally specify a Region in the request body. You might choose a Region to optimize latency, minimize costs, or address regulatory requirements. For example, if you reside in Europe, you will probably find it advantageous to create buckets in the Europe (Ireland) Region. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro\">Accessing a bucket</a>.</p> <note> <p>If you send your create bucket request to the <code>s3.amazonaws.com</code> endpoint, the request goes to the us-east-1 Region. Accordingly, the signature calculations in Signature Version 4 must use us-east-1 as the Region, even if the location constraint in the request specifies another Region where the bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application must be able to handle 307 redirect. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html\">Virtual hosting of buckets</a>.</p> </note> <p> <b>Access control lists (ACLs)</b> </p> <p>When creating a bucket using this operation, you can optionally configure the bucket ACL to specify the accounts or groups that should be granted specific permissions on the bucket.</p> <important> <p>If your CreateBucket request sets bucket owner enforced for S3 Object Ownership and specifies a bucket ACL that provides access to an external Amazon Web Services account, your request fails with a <code>400</code> error and returns the <code>InvalidBucketAclWithObjectOwnership</code> error code. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\">Controlling object ownership</a> in the <i>Amazon S3 User Guide</i>.</p> </important> <p>There are two ways to grant the appropriate permissions using the request headers.</p> <ul> <li> <p>Specify a canned ACL using the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as <i>canned ACLs</i>. Each canned ACL has a predefined set of grantees and permissions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly using the <code>x-amz-grant-read</code>, <code>x-amz-grant-write</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. These headers map to the set of permissions Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html\">Access control list (ACL) overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-read</code> header grants the Amazon Web Services accounts identified by account IDs permissions to read object data and its metadata:</p> <p> <code>x-amz-grant-read: id=\"11112222333\", id=\"444455556666\" </code> </p> </li> </ul> <note> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> </note> <p> <b>Permissions</b> </p> <p>In addition to <code>s3:CreateBucket</code>, the following permissions are required when your CreateBucket includes specific headers:</p> <ul> <li> <p> <b>ACLs</b> - If your <code>CreateBucket</code> request specifies ACL permissions and the ACL is public-read, public-read-write, authenticated-read, or if you specify access permissions explicitly through any other ACL, both <code>s3:CreateBucket</code> and <code>s3:PutBucketAcl</code> permissions are needed. If the ACL the <code>CreateBucket</code> request is private or doesn't specify any ACLs, only <code>s3:CreateBucket</code> permission is needed. </p> </li> <li> <p> <b>Object Lock</b> - If <code>ObjectLockEnabledForBucket</code> is set to true in your <code>CreateBucket</code> request, <code>s3:PutBucketObjectLockConfiguration</code> and <code>s3:PutBucketVersioning</code> permissions are required.</p> </li> <li> <p> <b>S3 Object Ownership</b> - If your CreateBucket request includes the the <code>x-amz-object-ownership</code> header, <code>s3:PutBucketOwnershipControls</code> permission is required.</p> </li> </ul> <p>The following operations are related to <code>CreateBucket</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> </ul>",
       "alias":"PutBucket"
     },
     "CreateMultipartUpload":{
@@ -132,7 +132,7 @@
         "responseCode":204
       },
       "input":{"shape":"DeleteBucketIntelligentTieringConfigurationRequest"},
-      "documentation":"<p>Deletes the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in two low latency and high throughput access tiers. For data that can be accessed asynchronously, you can choose to activate automatic archiving capabilities within the S3 Intelligent-Tiering storage class.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>DeleteBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul>"
+      "documentation":"<p>Deletes the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>DeleteBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul>"
     },
     "DeleteBucketInventoryConfiguration":{
       "name":"DeleteBucketInventoryConfiguration",
@@ -283,7 +283,7 @@
       "input":{"shape":"GetBucketAclRequest"},
       "output":{"shape":"GetBucketAclOutput"},
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketGETacl.html",
-      "documentation":"<p>This implementation of the <code>GET</code> action uses the <code>acl</code> subresource to return the access control list (ACL) of a bucket. To use <code>GET</code> to return the ACL of the bucket, you must have <code>READ_ACP</code> access to the bucket. If <code>READ_ACP</code> permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.</p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html\">ListObjects</a> </p> </li> </ul>"
+      "documentation":"<p>This implementation of the <code>GET</code> action uses the <code>acl</code> subresource to return the access control list (ACL) of a bucket. To use <code>GET</code> to return the ACL of the bucket, you must have <code>READ_ACP</code> access to the bucket. If <code>READ_ACP</code> permission is granted to the anonymous user, you can return the ACL of the bucket without using an authorization header.</p> <note> <p>If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the <code>bucket-owner-full-control</code> ACL with the owner being the account that created the bucket. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\"> Controlling object ownership and disabling ACLs</a> in the <i>Amazon S3 User Guide</i>.</p> </note> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListObjects.html\">ListObjects</a> </p> </li> </ul>"
     },
     "GetBucketAnalyticsConfiguration":{
       "name":"GetBucketAnalyticsConfiguration",
@@ -324,7 +324,7 @@
       },
       "input":{"shape":"GetBucketIntelligentTieringConfigurationRequest"},
       "output":{"shape":"GetBucketIntelligentTieringConfigurationOutput"},
-      "documentation":"<p>Gets the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in two low latency and high throughput access tiers. For data that can be accessed asynchronously, you can choose to activate automatic archiving capabilities within the S3 Intelligent-Tiering storage class.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>GetBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul>"
+      "documentation":"<p>Gets the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>GetBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul>"
     },
     "GetBucketInventoryConfiguration":{
       "name":"GetBucketInventoryConfiguration",
@@ -420,7 +420,7 @@
       },
       "input":{"shape":"GetBucketOwnershipControlsRequest"},
       "output":{"shape":"GetBucketOwnershipControlsOutput"},
-      "documentation":"<p>Retrieves <code>OwnershipControls</code> for an Amazon S3 bucket. To use this operation, you must have the <code>s3:GetBucketOwnershipControls</code> permission. For more information about Amazon S3 permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a>. </p> <p>For information about Amazon S3 Object Ownership, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html\">Using Object Ownership</a>. </p> <p>The following operations are related to <code>GetBucketOwnershipControls</code>:</p> <ul> <li> <p> <a>PutBucketOwnershipControls</a> </p> </li> <li> <p> <a>DeleteBucketOwnershipControls</a> </p> </li> </ul>"
+      "documentation":"<p>Retrieves <code>OwnershipControls</code> for an Amazon S3 bucket. To use this operation, you must have the <code>s3:GetBucketOwnershipControls</code> permission. For more information about Amazon S3 permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html\">Specifying permissions in a policy</a>. </p> <p>For information about Amazon S3 Object Ownership, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\">Using Object Ownership</a>. </p> <p>The following operations are related to <code>GetBucketOwnershipControls</code>:</p> <ul> <li> <p> <a>PutBucketOwnershipControls</a> </p> </li> <li> <p> <a>DeleteBucketOwnershipControls</a> </p> </li> </ul>"
     },
     "GetBucketPolicy":{
       "name":"GetBucketPolicy",
@@ -510,7 +510,7 @@
         {"shape":"InvalidObjectState"}
       ],
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html",
-      "documentation":"<p>Retrieves objects from Amazon S3. To use <code>GET</code>, you must have <code>READ</code> access to the object. If you grant <code>READ</code> access to the anonymous user, you can return the object without using an authorization header.</p> <p>An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object <code>sample.jpg</code>, you can name it <code>photos/2006/February/sample.jpg</code>.</p> <p>To get an object from such a logical hierarchy, specify the full key name for the object in the <code>GET</code> operation. For a virtual hosted-style request example, if you have the object <code>photos/2006/February/sample.jpg</code>, specify the resource as <code>/photos/2006/February/sample.jpg</code>. For a path-style request example, if you have the object <code>photos/2006/February/sample.jpg</code> in the bucket named <code>examplebucket</code>, specify the resource as <code>/examplebucket/photos/2006/February/sample.jpg</code>. For more information about request types, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket\">HTTP Host Header Bucket Specification</a>.</p> <p>To distribute large files to many people, you can save bandwidth costs by using BitTorrent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html\">Amazon S3 Torrent</a>. For more information about returning the ACL of an object, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a>.</p> <p>If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html\">RestoreObject</a>. Otherwise, this action returns an <code>InvalidObjectStateError</code> error. For information about restoring archived objects, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html\">Restoring Archived Objects</a>.</p> <p>Encryption request headers, like <code>x-amz-server-side-encryption</code>, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.</p> <p>If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:</p> <ul> <li> <p>x-amz-server-side-encryption-customer-algorithm</p> </li> <li> <p>x-amz-server-side-encryption-customer-key</p> </li> <li> <p>x-amz-server-side-encryption-customer-key-MD5</p> </li> </ul> <p>For more information about SSE-C, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html\">Server-Side Encryption (Using Customer-Provided Encryption Keys)</a>.</p> <p>Assuming you have the relevant permission to read object tags, the response also returns the <code>x-amz-tagging-count</code> header that provides the count of number of tags associated with the object. You can use <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html\">GetObjectTagging</a> to retrieve the tag set associated with an object.</p> <p> <b>Permissions</b> </p> <p>You need the relevant read object (or version) permission for this operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a>. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the <code>s3:ListBucket</code> permission.</p> <ul> <li> <p>If you have the <code>s3:ListBucket</code> permission on the bucket, Amazon S3 will return an HTTP status code 404 (\"no such key\") error.</p> </li> <li> <p>If you don’t have the <code>s3:ListBucket</code> permission, Amazon S3 will return an HTTP status code 403 (\"access denied\") error.</p> </li> </ul> <p> <b>Versioning</b> </p> <p>By default, the GET action returns the current version of an object. To return a different version, use the <code>versionId</code> subresource.</p> <note> <ul> <li> <p>You need the <code>s3:GetObjectVersion</code> permission to access a specific version of an object. </p> </li> <li> <p>If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes <code>x-amz-delete-marker: true</code> in the response.</p> </li> </ul> </note> <p>For more information about versioning, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html\">PutBucketVersioning</a>. </p> <p> <b>Overriding Response Header Values</b> </p> <p>There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.</p> <p>You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are <code>Content-Type</code>, <code>Content-Language</code>, <code>Expires</code>, <code>Cache-Control</code>, <code>Content-Disposition</code>, and <code>Content-Encoding</code>. To override these header values in the GET response, you use the following request parameters.</p> <note> <p>You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.</p> </note> <ul> <li> <p> <code>response-content-type</code> </p> </li> <li> <p> <code>response-content-language</code> </p> </li> <li> <p> <code>response-expires</code> </p> </li> <li> <p> <code>response-cache-control</code> </p> </li> <li> <p> <code>response-content-disposition</code> </p> </li> <li> <p> <code>response-content-encoding</code> </p> </li> </ul> <p> <b>Additional Considerations about Request Headers</b> </p> <p>If both of the <code>If-Match</code> and <code>If-Unmodified-Since</code> headers are present in the request as follows: <code>If-Match</code> condition evaluates to <code>true</code>, and; <code>If-Unmodified-Since</code> condition evaluates to <code>false</code>; then, S3 returns 200 OK and the data requested. </p> <p>If both of the <code>If-None-Match</code> and <code>If-Modified-Since</code> headers are present in the request as follows:<code> If-None-Match</code> condition evaluates to <code>false</code>, and; <code>If-Modified-Since</code> condition evaluates to <code>true</code>; then, S3 returns 304 Not Modified response code.</p> <p>For more information about conditional requests, see <a href=\"https://tools.ietf.org/html/rfc7232\">RFC 7232</a>.</p> <p>The following operations are related to <code>GetObject</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html\">ListBuckets</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a> </p> </li> </ul>"
+      "documentation":"<p>Retrieves objects from Amazon S3. To use <code>GET</code>, you must have <code>READ</code> access to the object. If you grant <code>READ</code> access to the anonymous user, you can return the object without using an authorization header.</p> <p>An Amazon S3 bucket has no directory hierarchy such as you would find in a typical computer file system. You can, however, create a logical hierarchy by using object key names that imply a folder structure. For example, instead of naming an object <code>sample.jpg</code>, you can name it <code>photos/2006/February/sample.jpg</code>.</p> <p>To get an object from such a logical hierarchy, specify the full key name for the object in the <code>GET</code> operation. For a virtual hosted-style request example, if you have the object <code>photos/2006/February/sample.jpg</code>, specify the resource as <code>/photos/2006/February/sample.jpg</code>. For a path-style request example, if you have the object <code>photos/2006/February/sample.jpg</code> in the bucket named <code>examplebucket</code>, specify the resource as <code>/examplebucket/photos/2006/February/sample.jpg</code>. For more information about request types, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingSpecifyBucket\">HTTP Host Header Bucket Specification</a>.</p> <p>To distribute large files to many people, you can save bandwidth costs by using BitTorrent. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3Torrent.html\">Amazon S3 Torrent</a>. For more information about returning the ACL of an object, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a>.</p> <p>If the object you are retrieving is stored in the S3 Glacier or S3 Glacier Deep Archive storage class, or S3 Intelligent-Tiering Archive or S3 Intelligent-Tiering Deep Archive tiers, before you can retrieve the object you must first restore a copy using <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_RestoreObject.html\">RestoreObject</a>. Otherwise, this action returns an <code>InvalidObjectStateError</code> error. For information about restoring archived objects, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/restoring-objects.html\">Restoring Archived Objects</a>.</p> <p>Encryption request headers, like <code>x-amz-server-side-encryption</code>, should not be sent for GET requests if your object uses server-side encryption with KMS keys (SSE-KMS) or server-side encryption with Amazon S3–managed encryption keys (SSE-S3). If your object does use these types of keys, you’ll get an HTTP 400 BadRequest error.</p> <p>If you encrypt an object by using server-side encryption with customer-provided encryption keys (SSE-C) when you store the object in Amazon S3, then when you GET the object, you must use the following headers:</p> <ul> <li> <p>x-amz-server-side-encryption-customer-algorithm</p> </li> <li> <p>x-amz-server-side-encryption-customer-key</p> </li> <li> <p>x-amz-server-side-encryption-customer-key-MD5</p> </li> </ul> <p>For more information about SSE-C, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html\">Server-Side Encryption (Using Customer-Provided Encryption Keys)</a>.</p> <p>Assuming you have the relevant permission to read object tags, the response also returns the <code>x-amz-tagging-count</code> header that provides the count of number of tags associated with the object. You can use <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectTagging.html\">GetObjectTagging</a> to retrieve the tag set associated with an object.</p> <p> <b>Permissions</b> </p> <p>You need the relevant read object (or version) permission for this operation. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a>. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the <code>s3:ListBucket</code> permission.</p> <ul> <li> <p>If you have the <code>s3:ListBucket</code> permission on the bucket, Amazon S3 will return an HTTP status code 404 (\"no such key\") error.</p> </li> <li> <p>If you don’t have the <code>s3:ListBucket</code> permission, Amazon S3 will return an HTTP status code 403 (\"access denied\") error.</p> </li> </ul> <p> <b>Versioning</b> </p> <p>By default, the GET action returns the current version of an object. To return a different version, use the <code>versionId</code> subresource.</p> <note> <ul> <li> <p> If you supply a <code>versionId</code>, you need the <code>s3:GetObjectVersion</code> permission to access a specific version of an object. If you request a specific version, you do not need to have the <code>s3:GetObject</code> permission. </p> </li> <li> <p>If the current version of the object is a delete marker, Amazon S3 behaves as if the object was deleted and includes <code>x-amz-delete-marker: true</code> in the response.</p> </li> </ul> </note> <p>For more information about versioning, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketVersioning.html\">PutBucketVersioning</a>. </p> <p> <b>Overriding Response Header Values</b> </p> <p>There are times when you want to override certain response header values in a GET response. For example, you might override the Content-Disposition response header value in your GET request.</p> <p>You can override values for a set of response headers using the following query parameters. These response header values are sent only on a successful request, that is, when status code 200 OK is returned. The set of headers you can override using these parameters is a subset of the headers that Amazon S3 accepts when you create an object. The response headers that you can override for the GET response are <code>Content-Type</code>, <code>Content-Language</code>, <code>Expires</code>, <code>Cache-Control</code>, <code>Content-Disposition</code>, and <code>Content-Encoding</code>. To override these header values in the GET response, you use the following request parameters.</p> <note> <p>You must sign the request, either using an Authorization header or a presigned URL, when using these parameters. They cannot be used with an unsigned (anonymous) request.</p> </note> <ul> <li> <p> <code>response-content-type</code> </p> </li> <li> <p> <code>response-content-language</code> </p> </li> <li> <p> <code>response-expires</code> </p> </li> <li> <p> <code>response-cache-control</code> </p> </li> <li> <p> <code>response-content-disposition</code> </p> </li> <li> <p> <code>response-content-encoding</code> </p> </li> </ul> <p> <b>Additional Considerations about Request Headers</b> </p> <p>If both of the <code>If-Match</code> and <code>If-Unmodified-Since</code> headers are present in the request as follows: <code>If-Match</code> condition evaluates to <code>true</code>, and; <code>If-Unmodified-Since</code> condition evaluates to <code>false</code>; then, S3 returns 200 OK and the data requested. </p> <p>If both of the <code>If-None-Match</code> and <code>If-Modified-Since</code> headers are present in the request as follows:<code> If-None-Match</code> condition evaluates to <code>false</code>, and; <code>If-Modified-Since</code> condition evaluates to <code>true</code>; then, S3 returns 304 Not Modified response code.</p> <p>For more information about conditional requests, see <a href=\"https://tools.ietf.org/html/rfc7232\">RFC 7232</a>.</p> <p>The following operations are related to <code>GetObject</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBuckets.html\">ListBuckets</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a> </p> </li> </ul>"
     },
     "GetObjectAcl":{
       "name":"GetObjectAcl",
@@ -524,7 +524,7 @@
         {"shape":"NoSuchKey"}
       ],
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGETacl.html",
-      "documentation":"<p>Returns the access control list (ACL) of an object. To use this operation, you must have <code>READ_ACP</code> access to the object.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p> <b>Versioning</b> </p> <p>By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.</p> <p>The following operations are related to <code>GetObjectAcl</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html\">DeleteObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> </ul>"
+      "documentation":"<p>Returns the access control list (ACL) of an object. To use this operation, you must have <code>READ_ACP</code> access to the object.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p> <b>Versioning</b> </p> <p>By default, GET returns ACL information about the current version of an object. To return ACL information about a different version, use the versionId subresource.</p> <note> <p>If your bucket uses the bucket owner enforced setting for S3 Object Ownership, requests to read ACLs are still supported and return the <code>bucket-owner-full-control</code> ACL with the owner being the account that created the bucket. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\"> Controlling object ownership and disabling ACLs</a> in the <i>Amazon S3 User Guide</i>.</p> </note> <p>The following operations are related to <code>GetObjectAcl</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html\">DeleteObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> </ul>"
     },
     "GetObjectLegalHold":{
       "name":"GetObjectLegalHold",
@@ -632,7 +632,7 @@
       },
       "input":{"shape":"ListBucketIntelligentTieringConfigurationsRequest"},
       "output":{"shape":"ListBucketIntelligentTieringConfigurationsOutput"},
-      "documentation":"<p>Lists the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in two low latency and high throughput access tiers. For data that can be accessed asynchronously, you can choose to activate automatic archiving capabilities within the S3 Intelligent-Tiering storage class.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>ListBucketIntelligentTieringConfigurations</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> </ul>"
+      "documentation":"<p>Lists the S3 Intelligent-Tiering configuration from the specified bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>ListBucketIntelligentTieringConfigurations</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketIntelligentTieringConfiguration.html\">PutBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> </ul>"
     },
     "ListBucketInventoryConfigurations":{
       "name":"ListBucketInventoryConfigurations",
@@ -757,7 +757,7 @@
       },
       "input":{"shape":"PutBucketAclRequest"},
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html",
-      "documentation":"<p>Sets the permissions on an existing bucket using access control lists (ACL). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html\">Using ACLs</a>. To set the ACL of a bucket, you must have <code>WRITE_ACP</code> permission.</p> <p>You can use one of the following two ways to set a bucket's permissions:</p> <ul> <li> <p>Specify the ACL in the request body</p> </li> <li> <p>Specify permissions using request headers</p> </li> </ul> <note> <p>You cannot specify access permission using both the body and the request headers.</p> </note> <p>Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.</p> <p> <b>Access Permissions</b> </p> <p>You can set access permissions using one of the following methods:</p> <ul> <li> <p>Specify a canned ACL with the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as <i>canned ACLs</i>. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of <code>x-amz-acl</code>. If you use this header, you cannot use other access control-specific headers in your request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly with the <code>x-amz-grant-read</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the <code>x-amz-acl</code> header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-write</code> header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.</p> <p> <code>x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\" </code> </p> </li> </ul> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> <li> <p>By Email address:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser. </p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a> </p> </li> </ul>",
+      "documentation":"<p>Sets the permissions on an existing bucket using access control lists (ACL). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/S3_ACLs_UsingACLs.html\">Using ACLs</a>. To set the ACL of a bucket, you must have <code>WRITE_ACP</code> permission.</p> <p>You can use one of the following two ways to set a bucket's permissions:</p> <ul> <li> <p>Specify the ACL in the request body</p> </li> <li> <p>Specify permissions using request headers</p> </li> </ul> <note> <p>You cannot specify access permission using both the body and the request headers.</p> </note> <p>Depending on your application needs, you may choose to set the ACL on a bucket using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, then you can continue to use that approach.</p> <important> <p>If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the <code>AccessControlListNotSupported</code> error code. Requests to read ACLs are still supported. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\">Controlling object ownership</a> in the <i>Amazon S3 User Guide</i>.</p> </important> <p> <b>Access Permissions</b> </p> <p>You can set access permissions using one of the following methods:</p> <ul> <li> <p>Specify a canned ACL with the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as <i>canned ACLs</i>. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of <code>x-amz-acl</code>. If you use this header, you cannot use other access control-specific headers in your request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly with the <code>x-amz-grant-read</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use the <code>x-amz-acl</code> header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-write</code> header grants create, overwrite, and delete objects permission to LogDelivery group predefined by Amazon S3 and two Amazon Web Services accounts identified by their email addresses.</p> <p> <code>x-amz-grant-write: uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\", id=\"111122223333\", id=\"555566667777\" </code> </p> </li> </ul> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> <li> <p>By Email address:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser. </p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObjectAcl.html\">GetObjectAcl</a> </p> </li> </ul>",
       "httpChecksumRequired":true
     },
     "PutBucketAnalyticsConfiguration":{
@@ -797,7 +797,7 @@
         "requestUri":"/{Bucket}?intelligent-tiering"
       },
       "input":{"shape":"PutBucketIntelligentTieringConfigurationRequest"},
-      "documentation":"<p>Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in two low latency and high throughput access tiers. For data that can be accessed asynchronously, you can choose to activate automatic archiving capabilities within the S3 Intelligent-Tiering storage class.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>PutBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul> <note> <p>You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier.</p> </note> <p class=\"title\"> <b>Special Errors</b> </p> <ul> <li> <p class=\"title\"> <b>HTTP 400 Bad Request Error</b> </p> <ul> <li> <p> <i>Code:</i> InvalidArgument</p> </li> <li> <p> <i>Cause:</i> Invalid Argument</p> </li> </ul> </li> <li> <p class=\"title\"> <b>HTTP 400 Bad Request Error</b> </p> <ul> <li> <p> <i>Code:</i> TooManyConfigurations</p> </li> <li> <p> <i>Cause:</i> You are attempting to create a new configuration but have already reached the 1,000-configuration limit. </p> </li> </ul> </li> <li> <p class=\"title\"> <b>HTTP 403 Forbidden Error</b> </p> <ul> <li> <p> <i>Code:</i> AccessDenied</p> </li> <li> <p> <i>Cause:</i> You are not the owner of the specified bucket, or you do not have the <code>s3:PutIntelligentTieringConfiguration</code> bucket permission to set the configuration on the bucket. </p> </li> </ul> </li> </ul>"
+      "documentation":"<p>Puts a S3 Intelligent-Tiering configuration to the specified bucket. You can have up to 1,000 S3 Intelligent-Tiering configurations per bucket.</p> <p>The S3 Intelligent-Tiering storage class is designed to optimize storage costs by automatically moving data to the most cost-effective storage access tier, without performance impact or operational overhead. S3 Intelligent-Tiering delivers automatic cost savings in three low latency and high throughput access tiers. To get the lowest storage cost on data that can be accessed in minutes to hours, you can choose to activate additional archiving capabilities.</p> <p>The S3 Intelligent-Tiering storage class is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. If the size of an object is less than 128 KB, it is not monitored and not eligible for auto-tiering. Smaller objects can be stored, but they are always charged at the Frequent Access tier rates in the S3 Intelligent-Tiering storage class.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html#sc-dynamic-data-access\">Storage class for automatically optimizing frequently and infrequently accessed objects</a>.</p> <p>Operations related to <code>PutBucketIntelligentTieringConfiguration</code> include: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketIntelligentTieringConfiguration.html\">DeleteBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketIntelligentTieringConfiguration.html\">GetBucketIntelligentTieringConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_ListBucketIntelligentTieringConfigurations.html\">ListBucketIntelligentTieringConfigurations</a> </p> </li> </ul> <note> <p>You only need S3 Intelligent-Tiering enabled on a bucket if you want to automatically move objects stored in the S3 Intelligent-Tiering storage class to the Archive Access or Deep Archive Access tier.</p> </note> <p class=\"title\"> <b>Special Errors</b> </p> <ul> <li> <p class=\"title\"> <b>HTTP 400 Bad Request Error</b> </p> <ul> <li> <p> <i>Code:</i> InvalidArgument</p> </li> <li> <p> <i>Cause:</i> Invalid Argument</p> </li> </ul> </li> <li> <p class=\"title\"> <b>HTTP 400 Bad Request Error</b> </p> <ul> <li> <p> <i>Code:</i> TooManyConfigurations</p> </li> <li> <p> <i>Cause:</i> You are attempting to create a new configuration but have already reached the 1,000-configuration limit. </p> </li> </ul> </li> <li> <p class=\"title\"> <b>HTTP 403 Forbidden Error</b> </p> <ul> <li> <p> <i>Code:</i> AccessDenied</p> </li> <li> <p> <i>Cause:</i> You are not the owner of the specified bucket, or you do not have the <code>s3:PutIntelligentTieringConfiguration</code> bucket permission to set the configuration on the bucket. </p> </li> </ul> </li> </ul>"
     },
     "PutBucketInventoryConfiguration":{
       "name":"PutBucketInventoryConfiguration",
@@ -838,7 +838,7 @@
       },
       "input":{"shape":"PutBucketLoggingRequest"},
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTlogging.html",
-      "documentation":"<p>Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.</p> <p>The bucket owner is automatically granted FULL_CONTROL to all logs. You use the <code>Grantee</code> request element to grant access to other people. The <code>Permissions</code> request element specifies the kind of access the grantee has to the logs.</p> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request.</p> </li> <li> <p>By Email address:</p> <p> <code> &lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;&lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> </ul> <p>To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:</p> <p> <code>&lt;BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\" /&gt;</code> </p> <p>For more information about server access logging, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html\">Server Access Logging</a>. </p> <p>For more information about creating a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a>. For more information about returning the logging status of a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html\">GetBucketLogging</a>.</p> <p>The following operations are related to <code>PutBucketLogging</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html\">GetBucketLogging</a> </p> </li> </ul>",
+      "documentation":"<p>Set the logging parameters for a bucket and to specify permissions for who can view and modify the logging parameters. All logs are saved to buckets in the same Amazon Web Services Region as the source bucket. To set the logging status of a bucket, you must be the bucket owner.</p> <p>The bucket owner is automatically granted FULL_CONTROL to all logs. You use the <code>Grantee</code> request element to grant access to other people. The <code>Permissions</code> request element specifies the kind of access the grantee has to the logs.</p> <important> <p>If the target bucket for log delivery uses the bucket owner enforced setting for S3 Object Ownership, you can't use the <code>Grantee</code> request element to grant access to others. Permissions can only be granted using policies. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general\">Permissions for server access log delivery</a> in the <i>Amazon S3 User Guide</i>.</p> </important> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request.</p> </li> <li> <p>By Email address:</p> <p> <code> &lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;&lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> </ul> <p>To enable logging, you use LoggingEnabled and its children request elements. To disable logging, you use an empty BucketLoggingStatus request element:</p> <p> <code>&lt;BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\" /&gt;</code> </p> <p>For more information about server access logging, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html\">Server Access Logging</a> in the <i>Amazon S3 User Guide</i>. </p> <p>For more information about creating a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a>. For more information about returning the logging status of a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html\">GetBucketLogging</a>.</p> <p>The following operations are related to <code>PutBucketLogging</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html\">PutObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html\">DeleteBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html\">CreateBucket</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLogging.html\">GetBucketLogging</a> </p> </li> </ul>",
       "httpChecksumRequired":true
     },
     "PutBucketMetricsConfiguration":{
@@ -878,7 +878,7 @@
         "requestUri":"/{Bucket}?ownershipControls"
       },
       "input":{"shape":"PutBucketOwnershipControlsRequest"},
-      "documentation":"<p>Creates or modifies <code>OwnershipControls</code> for an Amazon S3 bucket. To use this operation, you must have the <code>s3:PutBucketOwnershipControls</code> permission. For more information about Amazon S3 permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a>. </p> <p>For information about Amazon S3 Object Ownership, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html\">Using Object Ownership</a>. </p> <p>The following operations are related to <code>PutBucketOwnershipControls</code>:</p> <ul> <li> <p> <a>GetBucketOwnershipControls</a> </p> </li> <li> <p> <a>DeleteBucketOwnershipControls</a> </p> </li> </ul>",
+      "documentation":"<p>Creates or modifies <code>OwnershipControls</code> for an Amazon S3 bucket. To use this operation, you must have the <code>s3:PutBucketOwnershipControls</code> permission. For more information about Amazon S3 permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/user-guide/using-with-s3-actions.html\">Specifying permissions in a policy</a>. </p> <p>For information about Amazon S3 Object Ownership, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/user-guide/about-object-ownership.html\">Using object ownership</a>. </p> <p>The following operations are related to <code>PutBucketOwnershipControls</code>:</p> <ul> <li> <p> <a>GetBucketOwnershipControls</a> </p> </li> <li> <p> <a>DeleteBucketOwnershipControls</a> </p> </li> </ul>",
       "httpChecksumRequired":true
     },
     "PutBucketPolicy":{
@@ -955,7 +955,7 @@
       "input":{"shape":"PutObjectRequest"},
       "output":{"shape":"PutObjectOutput"},
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUT.html",
-      "documentation":"<p>Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.</p> <p>Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket.</p> <p>Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer or use versioning instead.</p> <p>To ensure that data is not corrupted traversing the network, use the <code>Content-MD5</code> header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.</p> <note> <ul> <li> <p>To successfully complete the <code>PutObject</code> request, you must have the <code>s3:PutObject</code> in your IAM permissions.</p> </li> <li> <p>To successfully change the objects acl of your <code>PutObject</code> request, you must have the <code>s3:PutObjectAcl</code> in your IAM permissions.</p> </li> <li> <p> The <code>Content-MD5</code> header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html\">Amazon S3 Object Lock Overview</a> in the <i>Amazon S3 User Guide</i>. </p> </li> </ul> </note> <p> <b>Server-side Encryption</b> </p> <p>You can optionally request server-side encryption. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. You have the option to provide your own encryption key or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Using Server-Side Encryption</a>.</p> <p>If you request server-side encryption using Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html\">Amazon S3 Bucket Keys</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Access Control List (ACL)-Specific Request Headers</b> </p> <p>You can use headers to grant ACL- based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> and <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html\">Managing ACLs Using the REST API</a>. </p> <p> <b>Storage Class Options</b> </p> <p>By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Versioning</b> </p> <p>If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects.</p> <p>For more information about versioning, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html\">Adding Objects to Versioning Enabled Buckets</a>. For information about returning the versioning state of a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html\">GetBucketVersioning</a>. </p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html\">CopyObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html\">DeleteObject</a> </p> </li> </ul>"
+      "documentation":"<p>Adds an object to a bucket. You must have WRITE permissions on a bucket to add an object to it.</p> <p>Amazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the entire object to the bucket.</p> <p>Amazon S3 is a distributed system. If it receives multiple write requests for the same object simultaneously, it overwrites all but the last object written. Amazon S3 does not provide object locking; if you need this, make sure to build it into your application layer or use versioning instead.</p> <p>To ensure that data is not corrupted traversing the network, use the <code>Content-MD5</code> header. When you use this header, Amazon S3 checks the object against the provided MD5 value and, if they do not match, returns an error. Additionally, you can calculate the MD5 while putting an object to Amazon S3 and compare the returned ETag to the calculated MD5 value.</p> <note> <ul> <li> <p>To successfully complete the <code>PutObject</code> request, you must have the <code>s3:PutObject</code> in your IAM permissions.</p> </li> <li> <p>To successfully change the objects acl of your <code>PutObject</code> request, you must have the <code>s3:PutObjectAcl</code> in your IAM permissions.</p> </li> <li> <p> The <code>Content-MD5</code> header is required for any request to upload an object with a retention period configured using Amazon S3 Object Lock. For more information about Amazon S3 Object Lock, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html\">Amazon S3 Object Lock Overview</a> in the <i>Amazon S3 User Guide</i>. </p> </li> </ul> </note> <p> <b>Server-side Encryption</b> </p> <p>You can optionally request server-side encryption. With server-side encryption, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts the data when you access it. You have the option to provide your own encryption key or use Amazon Web Services managed encryption keys (SSE-S3 or SSE-KMS). For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html\">Using Server-Side Encryption</a>.</p> <p>If you request server-side encryption using Amazon Web Services Key Management Service (SSE-KMS), you can enable an S3 Bucket Key at the object-level. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html\">Amazon S3 Bucket Keys</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Access Control List (ACL)-Specific Request Headers</b> </p> <p>You can use headers to grant ACL- based permissions. By default, all objects are private. Only the owner has full access control. When adding a new object, you can grant permissions to individual Amazon Web Services accounts or to predefined groups defined by Amazon S3. These permissions are then added to the ACL on the object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> and <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html\">Managing ACLs Using the REST API</a>. </p> <p>If the bucket that you're uploading objects to uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. Buckets that use this setting only accept PUT requests that don't specify an ACL or PUT requests that specify bucket owner full control ACLs, such as the <code>bucket-owner-full-control</code> canned ACL or an equivalent form of this ACL expressed in the XML format. PUT requests that contain other ACLs (for example, custom grants to certain Amazon Web Services accounts) fail and return a <code>400</code> error with the error code <code>AccessControlListNotSupported</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\"> Controlling ownership of objects and disabling ACLs</a> in the <i>Amazon S3 User Guide</i>.</p> <note> <p>If your bucket uses the bucket owner enforced setting for Object Ownership, all objects written to the bucket by any account will be owned by the bucket owner.</p> </note> <p> <b>Storage Class Options</b> </p> <p>By default, Amazon S3 uses the STANDARD Storage Class to store newly created objects. The STANDARD storage class provides high durability and high availability. Depending on performance needs, you can specify a different Storage Class. Amazon S3 on Outposts only uses the OUTPOSTS Storage Class. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Versioning</b> </p> <p>If you enable versioning for a bucket, Amazon S3 automatically generates a unique version ID for the object being stored. Amazon S3 returns this ID in the response. When you enable versioning for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of the objects.</p> <p>For more information about versioning, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/AddingObjectstoVersioningEnabledBuckets.html\">Adding Objects to Versioning Enabled Buckets</a>. For information about returning the versioning state of a bucket, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketVersioning.html\">GetBucketVersioning</a>. </p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html\">CopyObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObject.html\">DeleteObject</a> </p> </li> </ul>"
     },
     "PutObjectAcl":{
       "name":"PutObjectAcl",
@@ -969,7 +969,7 @@
         {"shape":"NoSuchKey"}
       ],
       "documentationUrl":"http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectPUTacl.html",
-      "documentation":"<p>Uses the <code>acl</code> subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have <code>WRITE_ACP</code> permission to set the ACL of an object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions\">What permissions can I grant?</a> in the <i>Amazon S3 User Guide</i>.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p>Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> in the <i>Amazon S3 User Guide</i>.</p> <p> <b>Access Permissions</b> </p> <p>You can set access permissions using one of the following methods:</p> <ul> <li> <p>Specify a canned ACL with the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of <code>x-amz-ac</code>l. If you use this header, you cannot use other access control-specific headers in your request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly with the <code>x-amz-grant-read</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use <code>x-amz-acl</code> header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-read</code> header grants list objects permission to the two Amazon Web Services accounts identified by their email addresses.</p> <p> <code>x-amz-grant-read: emailAddress=\"xyz@amazon.com\", emailAddress=\"abc@amazon.com\" </code> </p> </li> </ul> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request.</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> <li> <p>By Email address:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p> <b>Versioning</b> </p> <p>The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the <code>versionId</code> subresource.</p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html\">CopyObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> </ul>",
+      "documentation":"<p>Uses the <code>acl</code> subresource to set the access control list (ACL) permissions for a new or existing object in an S3 bucket. You must have <code>WRITE_ACP</code> permission to set the ACL of an object. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions\">What permissions can I grant?</a> in the <i>Amazon S3 User Guide</i>.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p>Depending on your application needs, you can choose to set the ACL on an object using either the request body or the headers. For example, if you have an existing application that updates a bucket ACL using the request body, you can continue to use that approach. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a> in the <i>Amazon S3 User Guide</i>.</p> <important> <p>If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the <code>AccessControlListNotSupported</code> error code. Requests to read ACLs are still supported. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html\">Controlling object ownership</a> in the <i>Amazon S3 User Guide</i>.</p> </important> <p> <b>Access Permissions</b> </p> <p>You can set access permissions using one of the following methods:</p> <ul> <li> <p>Specify a canned ACL with the <code>x-amz-acl</code> request header. Amazon S3 supports a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined set of grantees and permissions. Specify the canned ACL name as the value of <code>x-amz-ac</code>l. If you use this header, you cannot use other access control-specific headers in your request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL\">Canned ACL</a>.</p> </li> <li> <p>Specify access permissions explicitly with the <code>x-amz-grant-read</code>, <code>x-amz-grant-read-acp</code>, <code>x-amz-grant-write-acp</code>, and <code>x-amz-grant-full-control</code> headers. When using these headers, you specify explicit access permissions and grantees (Amazon Web Services accounts or Amazon S3 groups) who will receive the permission. If you use these ACL-specific headers, you cannot use <code>x-amz-acl</code> header to set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports in an ACL. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html\">Access Control List (ACL) Overview</a>.</p> <p>You specify each grantee as a type=value pair, where the type is one of the following:</p> <ul> <li> <p> <code>id</code> – if the value specified is the canonical user ID of an Amazon Web Services account</p> </li> <li> <p> <code>uri</code> – if you are granting permissions to a predefined group</p> </li> <li> <p> <code>emailAddress</code> – if the value specified is the email address of an Amazon Web Services account</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p>For example, the following <code>x-amz-grant-read</code> header grants list objects permission to the two Amazon Web Services accounts identified by their email addresses.</p> <p> <code>x-amz-grant-read: emailAddress=\"xyz@amazon.com\", emailAddress=\"abc@amazon.com\" </code> </p> </li> </ul> <p>You can use either a canned ACL or specify access permissions explicitly. You cannot do both.</p> <p> <b>Grantee Values</b> </p> <p>You can specify the person (grantee) to whom you're assigning access rights (using request elements) in the following ways:</p> <ul> <li> <p>By the person's ID:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"&gt;&lt;ID&gt;&lt;&gt;ID&lt;&gt;&lt;/ID&gt;&lt;DisplayName&gt;&lt;&gt;GranteesEmail&lt;&gt;&lt;/DisplayName&gt; &lt;/Grantee&gt;</code> </p> <p>DisplayName is optional and ignored in the request.</p> </li> <li> <p>By URI:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\"&gt;&lt;URI&gt;&lt;&gt;http://acs.amazonaws.com/groups/global/AuthenticatedUsers&lt;&gt;&lt;/URI&gt;&lt;/Grantee&gt;</code> </p> </li> <li> <p>By Email address:</p> <p> <code>&lt;Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"AmazonCustomerByEmail\"&gt;&lt;EmailAddress&gt;&lt;&gt;Grantees@email.com&lt;&gt;&lt;/EmailAddress&gt;lt;/Grantee&gt;</code> </p> <p>The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl request, appears as the CanonicalUser.</p> <note> <p>Using email addresses to specify a grantee is only supported in the following Amazon Web Services Regions: </p> <ul> <li> <p>US East (N. Virginia)</p> </li> <li> <p>US West (N. California)</p> </li> <li> <p> US West (Oregon)</p> </li> <li> <p> Asia Pacific (Singapore)</p> </li> <li> <p>Asia Pacific (Sydney)</p> </li> <li> <p>Asia Pacific (Tokyo)</p> </li> <li> <p>Europe (Ireland)</p> </li> <li> <p>South America (São Paulo)</p> </li> </ul> <p>For a list of all the Amazon S3 supported Regions and endpoints, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region\">Regions and Endpoints</a> in the Amazon Web Services General Reference.</p> </note> </li> </ul> <p> <b>Versioning</b> </p> <p>The ACL of an object is set at the object version level. By default, PUT sets the ACL of the current version of an object. To set the ACL of a different version, use the <code>versionId</code> subresource.</p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html\">CopyObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> </ul>",
       "httpChecksumRequired":true
     },
     "PutObjectLegalHold":{
@@ -1053,7 +1053,7 @@
         "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"}
       },
       "output":{"shape":"SelectObjectContentOutput"},
-      "documentation":"<p>This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p>For more information about Amazon S3 Select, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html\">Selecting Content from Objects</a> in the <i>Amazon S3 User Guide</i>.</p> <p>For more information about using SQL with Amazon S3 Select, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html\"> SQL Reference for Amazon S3 Select and S3 Glacier Select</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p> <b>Permissions</b> </p> <p>You must have <code>s3:GetObject</code> permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p> <i>Object Data Formats</i> </p> <p>You can use Amazon S3 Select to query objects that have the following format properties:</p> <ul> <li> <p> <i>CSV, JSON, and Parquet</i> - Objects must be in CSV, JSON, or Parquet format.</p> </li> <li> <p> <i>UTF-8</i> - UTF-8 is the only encoding type Amazon S3 Select supports.</p> </li> <li> <p> <i>GZIP or BZIP2</i> - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.</p> </li> <li> <p> <i>Server-side encryption</i> - Amazon S3 Select supports querying objects that are protected with server-side encryption.</p> <p>For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a>. For more information about SSE-C, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html\">Server-Side Encryption (Using Customer-Provided Encryption Keys)</a> in the <i>Amazon S3 User Guide</i>.</p> <p>For objects that are encrypted with Amazon S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html\">Protecting Data Using Server-Side Encryption</a> in the <i>Amazon S3 User Guide</i>.</p> </li> </ul> <p> <b>Working with the Response Body</b> </p> <p>Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a <code>Transfer-Encoding</code> header with <code>chunked</code> as its value in the response. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html\">Appendix: SelectObjectContent Response</a>.</p> <p/> <p> <b>GetObject Support</b> </p> <p>The <code>SelectObjectContent</code> action does not support the following <code>GetObject</code> functionality. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a>.</p> <ul> <li> <p> <code>Range</code>: Although you can specify a scan range for an Amazon S3 Select request (see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange\">SelectObjectContentRequest - ScanRange</a> in the request parameters), you cannot specify the range of bytes of an object to return. </p> </li> <li> <p>GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot specify the GLACIER, DEEP_ARCHIVE, or <code>REDUCED_REDUNDANCY</code> storage classes. For more information, about storage classes see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> </li> </ul> <p/> <p> <b>Special Errors</b> </p> <p>For a list of special errors for this operation, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList\">List of SELECT Object Content Error Codes</a> </p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html\">GetBucketLifecycleConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html\">PutBucketLifecycleConfiguration</a> </p> </li> </ul>"
+      "documentation":"<p>This action filters the contents of an Amazon S3 object based on a simple structured query language (SQL) statement. In the request, along with the SQL expression, you must also specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses this format to parse object data into records, and returns only records that match the specified SQL expression. You must also specify the data serialization format for the response.</p> <p>This action is not supported by Amazon S3 on Outposts.</p> <p>For more information about Amazon S3 Select, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/selecting-content-from-objects.html\">Selecting Content from Objects</a> and <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-glacier-select-sql-reference-select.html\">SELECT Command</a> in the <i>Amazon S3 User Guide</i>.</p> <p>For more information about using SQL with Amazon S3 Select, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-glacier-select-sql-reference.html\"> SQL Reference for Amazon S3 Select and S3 Glacier Select</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p> <b>Permissions</b> </p> <p>You must have <code>s3:GetObject</code> permission for this operation. Amazon S3 Select does not support anonymous access. For more information about permissions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html\">Specifying Permissions in a Policy</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p> <i>Object Data Formats</i> </p> <p>You can use Amazon S3 Select to query objects that have the following format properties:</p> <ul> <li> <p> <i>CSV, JSON, and Parquet</i> - Objects must be in CSV, JSON, or Parquet format.</p> </li> <li> <p> <i>UTF-8</i> - UTF-8 is the only encoding type Amazon S3 Select supports.</p> </li> <li> <p> <i>GZIP or BZIP2</i> - CSV and JSON files can be compressed using GZIP or BZIP2. GZIP and BZIP2 are the only compression formats that Amazon S3 Select supports for CSV and JSON files. Amazon S3 Select supports columnar compression for Parquet using GZIP or Snappy. Amazon S3 Select does not support whole-object compression for Parquet objects.</p> </li> <li> <p> <i>Server-side encryption</i> - Amazon S3 Select supports querying objects that are protected with server-side encryption.</p> <p>For objects that are encrypted with customer-provided encryption keys (SSE-C), you must use HTTPS, and you must use the headers that are documented in the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a>. For more information about SSE-C, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html\">Server-Side Encryption (Using Customer-Provided Encryption Keys)</a> in the <i>Amazon S3 User Guide</i>.</p> <p>For objects that are encrypted with Amazon S3 managed encryption keys (SSE-S3) and Amazon Web Services KMS keys (SSE-KMS), server-side encryption is handled transparently, so you don't need to specify anything. For more information about server-side encryption, including SSE-S3 and SSE-KMS, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html\">Protecting Data Using Server-Side Encryption</a> in the <i>Amazon S3 User Guide</i>.</p> </li> </ul> <p> <b>Working with the Response Body</b> </p> <p>Given the response size is unknown, Amazon S3 Select streams the response as a series of messages and includes a <code>Transfer-Encoding</code> header with <code>chunked</code> as its value in the response. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/RESTSelectObjectAppendix.html\">Appendix: SelectObjectContent Response</a>.</p> <p/> <p> <b>GetObject Support</b> </p> <p>The <code>SelectObjectContent</code> action does not support the following <code>GetObject</code> functionality. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a>.</p> <ul> <li> <p> <code>Range</code>: Although you can specify a scan range for an Amazon S3 Select request (see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_SelectObjectContent.html#AmazonS3-SelectObjectContent-request-ScanRange\">SelectObjectContentRequest - ScanRange</a> in the request parameters), you cannot specify the range of bytes of an object to return. </p> </li> <li> <p>GLACIER, DEEP_ARCHIVE and REDUCED_REDUNDANCY storage classes: You cannot specify the GLACIER, DEEP_ARCHIVE, or <code>REDUCED_REDUNDANCY</code> storage classes. For more information, about storage classes see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#storage-class-intro\">Storage Classes</a> in the <i>Amazon S3 User Guide</i>.</p> </li> </ul> <p/> <p> <b>Special Errors</b> </p> <p>For a list of special errors for this operation, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#SelectObjectContentErrorCodeList\">List of SELECT Object Content Error Codes</a> </p> <p class=\"title\"> <b>Related Resources</b> </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html\">GetObject</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketLifecycleConfiguration.html\">GetBucketLifecycleConfiguration</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketLifecycleConfiguration.html\">PutBucketLifecycleConfiguration</a> </p> </li> </ul>"
     },
     "UploadPart":{
       "name":"UploadPart",
@@ -1709,7 +1709,7 @@
       "members":{
         "Parts":{
           "shape":"CompletedPartList",
-          "documentation":"<p>Array of CompletedPart data types.</p>",
+          "documentation":"<p>Array of CompletedPart data types.</p> <p>If you do not supply a valid <code>Part</code> with your request, the service sends back an HTTP 400 response.</p>",
           "locationName":"Part"
         }
       },
@@ -2211,6 +2211,11 @@
           "documentation":"<p>Specifies whether you want S3 Object Lock to be enabled for the new bucket.</p>",
           "location":"header",
           "locationName":"x-amz-bucket-object-lock-enabled"
+        },
+        "ObjectOwnership":{
+          "shape":"ObjectOwnership",
+          "location":"header",
+          "locationName":"x-amz-object-ownership"
         }
       },
       "payload":"CreateBucketConfiguration"
@@ -3191,9 +3196,25 @@
         "s3:Replication:OperationFailedReplication",
         "s3:Replication:OperationNotTracked",
         "s3:Replication:OperationMissedThreshold",
-        "s3:Replication:OperationReplicatedAfterThreshold"
+        "s3:Replication:OperationReplicatedAfterThreshold",
+        "s3:ObjectRestore:Delete",
+        "s3:LifecycleTransition",
+        "s3:IntelligentTiering",
+        "s3:ObjectAcl:Put",
+        "s3:LifecycleExpiration:*",
+        "s3:LifecycleExpiration:Delete",
+        "s3:LifecycleExpiration:DeleteMarkerCreated",
+        "s3:ObjectTagging:*",
+        "s3:ObjectTagging:Put",
+        "s3:ObjectTagging:Delete"
       ]
     },
+    "EventBridgeConfiguration":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>A container for specifying the configuration for Amazon EventBridge.</p>"
+    },
     "EventList":{
       "type":"list",
       "member":{"shape":"Event"},
@@ -3660,7 +3681,7 @@
       "members":{
         "OwnershipControls":{
           "shape":"OwnershipControls",
-          "documentation":"<p>The <code>OwnershipControls</code> (BucketOwnerPreferred or ObjectWriter) currently in effect for this Amazon S3 bucket.</p>"
+          "documentation":"<p>The <code>OwnershipControls</code> (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) currently in effect for this Amazon S3 bucket.</p>"
         }
       },
       "payload":"OwnershipControls"
@@ -4843,7 +4864,7 @@
         },
         "Range":{
           "shape":"Range",
-          "documentation":"<p>Downloads the specified range bytes of an object. For more information about the HTTP Range header, see <a href=\"http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35\">http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35</a>.</p> <note> <p>Amazon S3 doesn't support retrieving multiple ranges of data per <code>GET</code> request.</p> </note>",
+          "documentation":"<p>Because <code>HeadObject</code> returns only the metadata for an object, this parameter has no effect.</p>",
           "location":"header",
           "locationName":"Range"
         },
@@ -5353,6 +5374,14 @@
           "documentation":"<p>All of these tags must exist in the object's tag set in order for the rule to apply.</p>",
           "flattened":true,
           "locationName":"Tag"
+        },
+        "ObjectSizeGreaterThan":{
+          "shape":"ObjectSizeGreaterThanBytes",
+          "documentation":"<p>Minimum object size to which the rule applies.</p>"
+        },
+        "ObjectSizeLessThan":{
+          "shape":"ObjectSizeLessThanBytes",
+          "documentation":"<p>Maximum object size to which the rule applies.</p>"
         }
       },
       "documentation":"<p>This is used in a Lifecycle Rule Filter to apply a logical AND to two or more predicates. The Lifecycle Rule will apply to any object matching all of the predicates configured inside the And operator.</p>"
@@ -5368,6 +5397,14 @@
           "shape":"Tag",
           "documentation":"<p>This tag must exist in the object's tag set in order for the rule to apply.</p>"
         },
+        "ObjectSizeGreaterThan":{
+          "shape":"ObjectSizeGreaterThanBytes",
+          "documentation":"<p>Minimum object size to which the rule applies.</p>"
+        },
+        "ObjectSizeLessThan":{
+          "shape":"ObjectSizeLessThanBytes",
+          "documentation":"<p>Maximum object size to which the rule applies.</p>"
+        },
         "And":{"shape":"LifecycleRuleAndOperator"}
       },
       "documentation":"<p>The <code>Filter</code> is used to identify objects that a Lifecycle Rule applies to. A <code>Filter</code> must have exactly one of <code>Prefix</code>, <code>Tag</code>, or <code>And</code> specified.</p>"
@@ -6190,7 +6227,7 @@
         },
         "TargetGrants":{
           "shape":"TargetGrants",
-          "documentation":"<p>Container for granting information.</p>"
+          "documentation":"<p>Container for granting information.</p> <p>Buckets that use the bucket owner enforced setting for Object Ownership don't support target grants. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general\">Permissions for server access log delivery</a> in the <i>Amazon S3 User Guide</i>.</p>"
         },
         "TargetPrefix":{
           "shape":"TargetPrefix",
@@ -6410,6 +6447,10 @@
         "NoncurrentDays":{
           "shape":"Days",
           "documentation":"<p>Specifies the number of days an object is noncurrent before Amazon S3 can perform the associated action. For information about the noncurrent days calculations, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/intro-lifecycle-rules.html#non-current-days-calculations\">How Amazon S3 Calculates When an Object Became Noncurrent</a> in the <i>Amazon S3 User Guide</i>.</p>"
+        },
+        "NewerNoncurrentVersions":{
+          "shape":"VersionCount",
+          "documentation":"<p>Specifies how many noncurrent versions Amazon S3 will retain. If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html\">Lifecycle configuration elements</a> in the <i>Amazon S3 User Guide</i>.</p>"
         }
       },
       "documentation":"<p>Specifies when noncurrent object versions expire. Upon expiration, Amazon S3 permanently deletes the noncurrent object versions. You set this lifecycle configuration action on a bucket that has versioning enabled (or suspended) to request that Amazon S3 delete noncurrent object versions at a specific period in the object's lifetime.</p>"
@@ -6424,9 +6465,13 @@
         "StorageClass":{
           "shape":"TransitionStorageClass",
           "documentation":"<p>The class of storage used to store the object.</p>"
+        },
+        "NewerNoncurrentVersions":{
+          "shape":"VersionCount",
+          "documentation":"<p>Specifies how many noncurrent versions Amazon S3 will retain. If there are this many more recent noncurrent versions, Amazon S3 will take the associated action. For more information about noncurrent versions, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/intro-lifecycle-rules.html\">Lifecycle configuration elements</a> in the <i>Amazon S3 User Guide</i>.</p>"
         }
       },
-      "documentation":"<p>Container for the transition rule that describes when noncurrent objects transition to the <code>STANDARD_IA</code>, <code>ONEZONE_IA</code>, <code>INTELLIGENT_TIERING</code>, <code>GLACIER</code>, or <code>DEEP_ARCHIVE</code> storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to the <code>STANDARD_IA</code>, <code>ONEZONE_IA</code>, <code>INTELLIGENT_TIERING</code>, <code>GLACIER</code>, or <code>DEEP_ARCHIVE</code> storage class at a specific period in the object's lifetime.</p>"
+      "documentation":"<p>Container for the transition rule that describes when noncurrent objects transition to the <code>STANDARD_IA</code>, <code>ONEZONE_IA</code>, <code>INTELLIGENT_TIERING</code>, <code>GLACIER_IR</code>, <code>GLACIER</code>, or <code>DEEP_ARCHIVE</code> storage class. If your bucket is versioning-enabled (or versioning is suspended), you can set this action to request that Amazon S3 transition noncurrent object versions to the <code>STANDARD_IA</code>, <code>ONEZONE_IA</code>, <code>INTELLIGENT_TIERING</code>, <code>GLACIER_IR</code>, <code>GLACIER</code>, or <code>DEEP_ARCHIVE</code> storage class at a specific period in the object's lifetime.</p>"
     },
     "NoncurrentVersionTransitionList":{
       "type":"list",
@@ -6450,6 +6495,10 @@
           "shape":"LambdaFunctionConfigurationList",
           "documentation":"<p>Describes the Lambda functions to invoke and the events for which to invoke them.</p>",
           "locationName":"CloudFunctionConfiguration"
+        },
+        "EventBridgeConfiguration":{
+          "shape":"EventBridgeConfiguration",
+          "documentation":"<p>Enables delivery of events to Amazon EventBridge.</p>"
         }
       },
       "documentation":"<p>A container for specifying the notification configuration of the bucket. If this element is empty, notifications are turned off for the bucket.</p>"
@@ -6690,12 +6739,15 @@
     },
     "ObjectOwnership":{
       "type":"string",
-      "documentation":"<p>The container element for object ownership for a bucket's ownership controls.</p> <p>BucketOwnerPreferred - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the <code>bucket-owner-full-control</code> canned ACL.</p> <p>ObjectWriter - The uploading account will own the object if the object is uploaded with the <code>bucket-owner-full-control</code> canned ACL.</p>",
+      "documentation":"<p>The container element for object ownership for a bucket's ownership controls.</p> <p>BucketOwnerPreferred - Objects uploaded to the bucket change ownership to the bucket owner if the objects are uploaded with the <code>bucket-owner-full-control</code> canned ACL.</p> <p>ObjectWriter - The uploading account will own the object if the object is uploaded with the <code>bucket-owner-full-control</code> canned ACL.</p> <p>BucketOwnerEnforced - Access control lists (ACLs) are disabled and no longer affect permissions. The bucket owner automatically owns and has full control over every object in the bucket. The bucket only accepts PUT requests that don't specify an ACL or bucket owner full control ACLs, such as the <code>bucket-owner-full-control</code> canned ACL or an equivalent form of this ACL expressed in the XML format.</p>",
       "enum":[
         "BucketOwnerPreferred",
-        "ObjectWriter"
+        "ObjectWriter",
+        "BucketOwnerEnforced"
       ]
     },
+    "ObjectSizeGreaterThanBytes":{"type":"long"},
+    "ObjectSizeLessThanBytes":{"type":"long"},
     "ObjectStorageClass":{
       "type":"string",
       "enum":[
@@ -6706,7 +6758,8 @@
         "ONEZONE_IA",
         "INTELLIGENT_TIERING",
         "DEEP_ARCHIVE",
-        "OUTPOSTS"
+        "OUTPOSTS",
+        "GLACIER_IR"
       ]
     },
     "ObjectVersion":{
@@ -7363,6 +7416,12 @@
           "documentation":"<p>The account ID of the expected bucket owner. If the bucket is owned by a different account, the request will fail with an HTTP <code>403 (Access Denied)</code> error.</p>",
           "location":"header",
           "locationName":"x-amz-expected-bucket-owner"
+        },
+        "SkipDestinationValidation":{
+          "shape":"SkipValidation",
+          "documentation":"<p>Skips validation of Amazon SQS, Amazon SNS, and Lambda destinations. True or false value.</p>",
+          "location":"header",
+          "locationName":"x-amz-skip-destination-validation"
         }
       },
       "payload":"NotificationConfiguration"
@@ -7428,7 +7487,7 @@
         },
         "OwnershipControls":{
           "shape":"OwnershipControls",
-          "documentation":"<p>The <code>OwnershipControls</code> (BucketOwnerPreferred or ObjectWriter) that you want to apply to this Amazon S3 bucket.</p>",
+          "documentation":"<p>The <code>OwnershipControls</code> (BucketOwnerEnforced, BucketOwnerPreferred, or ObjectWriter) that you want to apply to this Amazon S3 bucket.</p>",
           "locationName":"OwnershipControls",
           "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"}
         }
@@ -9031,10 +9090,10 @@
         },
         "KMSMasterKeyID":{
           "shape":"SSEKMSKeyId",
-          "documentation":"<p>Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if <code>SSEAlgorithm</code> is set to <code>aws:kms</code>.</p> <p>You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account operations, you must use a fully qualified KMS key ARN. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy\">Using encryption for cross-account operations</a>. </p> <p> <b>For example:</b> </p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> </ul> <important> <p>Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Amazon Web Services Key Management Service Developer Guide</i>.</p> </important>"
+          "documentation":"<p>Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if <code>SSEAlgorithm</code> is set to <code>aws:kms</code>.</p> <p>You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy\">Using encryption for cross-account operations</a>. </p> <p> <b>For example:</b> </p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> </ul> <important> <p>Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html\">Using symmetric and asymmetric keys</a> in the <i>Amazon Web Services Key Management Service Developer Guide</i>.</p> </important>"
         }
       },
-      "documentation":"<p>Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html\">PUT Bucket encryption</a> in the <i>Amazon S3 API Reference</i>.</p>"
+      "documentation":"<p>Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key in your Amazon Web Services account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html\">PUT Bucket encryption</a> in the <i>Amazon S3 API Reference</i>.</p>"
     },
     "ServerSideEncryptionConfiguration":{
       "type":"structure",
@@ -9069,6 +9128,7 @@
     },
     "Setting":{"type":"boolean"},
     "Size":{"type":"integer"},
+    "SkipValidation":{"type":"boolean"},
     "SourceSelectionCriteria":{
       "type":"structure",
       "members":{
@@ -9143,7 +9203,8 @@
         "INTELLIGENT_TIERING",
         "GLACIER",
         "DEEP_ARCHIVE",
-        "OUTPOSTS"
+        "OUTPOSTS",
+        "GLACIER_IR"
       ]
     },
     "StorageClassAnalysis":{
@@ -9237,7 +9298,7 @@
           "documentation":"<p>Logging permissions assigned to the grantee for the bucket.</p>"
         }
       },
-      "documentation":"<p>Container for granting information.</p>"
+      "documentation":"<p>Container for granting information.</p> <p>Buckets that use the bucket owner enforced setting for Object Ownership don't support target grants. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general\">Permissions server access log delivery</a> in the <i>Amazon S3 User Guide</i>.</p>"
     },
     "TargetGrants":{
       "type":"list",
@@ -9358,7 +9419,8 @@
         "STANDARD_IA",
         "ONEZONE_IA",
         "INTELLIGENT_TIERING",
-        "DEEP_ARCHIVE"
+        "DEEP_ARCHIVE",
+        "GLACIER_IR"
       ]
     },
     "Type":{
@@ -9683,6 +9745,7 @@
       }
     },
     "Value":{"type":"string"},
+    "VersionCount":{"type":"integer"},
     "VersionIdMarker":{"type":"string"},
     "VersioningConfiguration":{
       "type":"structure",
diff --git a/contrib/python/botocore/py3/botocore/data/s3control/2018-08-20/service-2.json b/contrib/python/botocore/py3/botocore/data/s3control/2018-08-20/service-2.json
index dbba8a2d128..f46d44bd235 100644
--- a/contrib/python/botocore/py3/botocore/data/s3control/2018-08-20/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/s3control/2018-08-20/service-2.json
@@ -78,7 +78,7 @@
         {"shape":"IdempotencyException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p>This action creates a S3 Batch Operations job.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_JobOperation.html\">JobOperation</a> </p> </li> </ul>",
+      "documentation":"<p>You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects. Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p>This action creates a S3 Batch Operations job.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_JobOperation.html\">JobOperation</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -285,7 +285,7 @@
         {"shape":"NotFoundException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Retrieves the configuration parameters and status for a Batch Operations job. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
+      "documentation":"<p>Retrieves the configuration parameters and status for a Batch Operations job. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -570,7 +570,7 @@
       },
       "input":{"shape":"ListAccessPointsForObjectLambdaRequest"},
       "output":{"shape":"ListAccessPointsForObjectLambdaResult"},
-      "documentation":"<p>Returns a list of the access points associated with the Object Lambda Access Point. You can retrieve up to 1000 access points per call. If there are more than 1,000 access points (or the number specified in <code>maxResults</code>, whichever is less), the response will include a continuation token that you can use to list the additional access points.</p> <p>The following actions are related to <code>ListAccessPointsForObjectLambda</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html\">CreateAccessPointForObjectLambda</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html\">DeleteAccessPointForObjectLambda</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html\">GetAccessPointForObjectLambda</a> </p> </li> </ul>",
+      "documentation":"<p>Returns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there are more access points than what can be returned in one call, the response will include a continuation token that you can use to list the additional access points.</p> <p>The following actions are related to <code>ListAccessPointsForObjectLambda</code>:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateAccessPointForObjectLambda.html\">CreateAccessPointForObjectLambda</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeleteAccessPointForObjectLambda.html\">DeleteAccessPointForObjectLambda</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetAccessPointForObjectLambda.html\">GetAccessPointForObjectLambda</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -588,7 +588,7 @@
         {"shape":"InternalServiceException"},
         {"shape":"InvalidNextTokenException"}
       ],
-      "documentation":"<p>Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the Amazon Web Services account making the request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p>Related actions include:</p> <p/> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
+      "documentation":"<p>Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the Amazon Web Services account making the request. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p>Related actions include:</p> <p/> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobPriority.html\">UpdateJobPriority</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -772,7 +772,7 @@
         "requestUri":"/v20180820/configuration/publicAccessBlock"
       },
       "input":{"shape":"PutPublicAccessBlockRequest"},
-      "documentation":"<p>Creates or modifies the <code>PublicAccessBlock</code> configuration for an Amazon Web Services account. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html\"> Using Amazon S3 block public access</a>.</p> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetPublicAccessBlock.html\">GetPublicAccessBlock</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeletePublicAccessBlock.html\">DeletePublicAccessBlock</a> </p> </li> </ul>",
+      "documentation":"<p>Creates or modifies the <code>PublicAccessBlock</code> configuration for an Amazon Web Services account. For this operation, users must have the <code>s3:PutBucketPublicAccessBlock</code> permission. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html\"> Using Amazon S3 block public access</a>.</p> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_GetPublicAccessBlock.html\">GetPublicAccessBlock</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DeletePublicAccessBlock.html\">DeletePublicAccessBlock</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -824,7 +824,7 @@
         {"shape":"NotFoundException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Updates an existing S3 Batch Operations job's priority. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
+      "documentation":"<p>Updates an existing S3 Batch Operations job's priority. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -844,7 +844,7 @@
         {"shape":"JobStatusException"},
         {"shape":"InternalServiceException"}
       ],
-      "documentation":"<p>Updates the status for the specified job. Use this action to confirm that you want to run a job or to cancel an existing job. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
+      "documentation":"<p>Updates the status for the specified job. Use this action to confirm that you want to run a job or to cancel an existing job. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html\">S3 Batch Operations</a> in the <i>Amazon S3 User Guide</i>.</p> <p/> <p>Related actions include:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateJob.html\">CreateJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_ListJobs.html\">ListJobs</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_DescribeJob.html\">DescribeJob</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html\">UpdateJobStatus</a> </p> </li> </ul>",
       "endpoint":{
         "hostPrefix":"{AccountId}."
       }
@@ -1139,6 +1139,17 @@
         "locationName":"Arn"
       }
     },
+    "CloudWatchMetrics":{
+      "type":"structure",
+      "required":["IsEnabled"],
+      "members":{
+        "IsEnabled":{
+          "shape":"IsEnabled",
+          "documentation":"<p>A container that indicates whether CloudWatch publishing for S3 Storage Lens metrics is enabled. A value of <code>true</code> indicates that CloudWatch publishing for S3 Storage Lens metrics is enabled.</p>"
+        }
+      },
+      "documentation":"<p>A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.</p> <p>For more information about publishing S3 Storage Lens metrics to CloudWatch, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage_lens_view_metrics_cloudwatch.html\">Monitor S3 Storage Lens metrics in CloudWatch</a> in the <i>Amazon S3 User Guide</i>.</p>"
+    },
     "ConfigId":{
       "type":"string",
       "max":64,
@@ -1331,7 +1342,6 @@
         "Operation",
         "Report",
         "ClientRequestToken",
-        "Manifest",
         "Priority",
         "RoleArn"
       ],
@@ -1381,6 +1391,10 @@
         "Tags":{
           "shape":"S3TagSet",
           "documentation":"<p>A set of tags to associate with the S3 Batch Operations job. This is an optional parameter. </p>"
+        },
+        "ManifestGenerator":{
+          "shape":"JobManifestGenerator",
+          "documentation":"<p>The attribute container for the ManifestGenerator details. Jobs must be created with either a manifest file or a ManifestGenerator, but not both.</p>"
         }
       }
     },
@@ -1880,6 +1894,26 @@
       "min":1,
       "pattern":"(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?"
     },
+    "GeneratedManifestEncryption":{
+      "type":"structure",
+      "members":{
+        "SSES3":{
+          "shape":"SSES3Encryption",
+          "documentation":"<p>Specifies the use of SSE-S3 to encrypt generated manifest objects.</p>",
+          "locationName":"SSE-S3"
+        },
+        "SSEKMS":{
+          "shape":"SSEKMSEncryption",
+          "documentation":"<p>Configuration details on how SSE-KMS is used to encrypt generated manifest objects.</p>",
+          "locationName":"SSE-KMS"
+        }
+      },
+      "documentation":"<p>The encryption configuration to use when storing the generated manifest.</p>"
+    },
+    "GeneratedManifestFormat":{
+      "type":"string",
+      "enum":["S3InventoryReport_CSV_20211130"]
+    },
     "GetAccessPointConfigurationForObjectLambdaRequest":{
       "type":"structure",
       "required":[
@@ -2622,6 +2656,14 @@
           "shape":"SuspendedCause",
           "documentation":"<p>The reason why the specified job was suspended. A job is only suspended if you create it through the Amazon S3 console. When you create the job, it enters the <code>Suspended</code> state to await confirmation before running. After you confirm the job, it automatically exits the <code>Suspended</code> state.</p>",
           "box":true
+        },
+        "ManifestGenerator":{
+          "shape":"JobManifestGenerator",
+          "documentation":"<p>The manifest generator that was used to generate a job manifest for this job.</p>"
+        },
+        "GeneratedManifestDescriptor":{
+          "shape":"S3GeneratedManifestDescriptor",
+          "documentation":"<p>The attribute of the JobDescriptor containing details about the job's generated manifest.</p>"
         }
       },
       "documentation":"<p>A container element for the job configuration and status information returned by a <code>Describe Job</code> request.</p>"
@@ -2740,6 +2782,40 @@
         "S3InventoryReport_CSV_20161130"
       ]
     },
+    "JobManifestGenerator":{
+      "type":"structure",
+      "members":{
+        "S3JobManifestGenerator":{
+          "shape":"S3JobManifestGenerator",
+          "documentation":"<p>The S3 job ManifestGenerator's configuration details.</p>"
+        }
+      },
+      "documentation":"<p>Configures the type of the job's ManifestGenerator.</p>",
+      "union":true
+    },
+    "JobManifestGeneratorFilter":{
+      "type":"structure",
+      "members":{
+        "EligibleForReplication":{
+          "shape":"Boolean",
+          "documentation":"<p>Include objects in the generated manifest only if they are eligible for replication according to the Replication configuration on the source bucket.</p>",
+          "box":true
+        },
+        "CreatedAfter":{
+          "shape":"ObjectCreationTime",
+          "documentation":"<p>If provided, the generated manifest should include only source bucket objects that were created after this time.</p>"
+        },
+        "CreatedBefore":{
+          "shape":"ObjectCreationTime",
+          "documentation":"<p>If provided, the generated manifest should include only source bucket objects that were created before this time.</p>"
+        },
+        "ObjectReplicationStatuses":{
+          "shape":"ReplicationStatusFilterList",
+          "documentation":"<p>If provided, the generated manifest should include only source bucket objects that have one of the specified Replication statuses.</p>"
+        }
+      },
+      "documentation":"<p>The filter used to describe a set of objects for the job's manifest.</p>"
+    },
     "JobManifestLocation":{
       "type":"structure",
       "required":[
@@ -2827,6 +2903,11 @@
         "S3PutObjectRetention":{
           "shape":"S3SetObjectRetentionOperation",
           "box":true
+        },
+        "S3ReplicateObject":{
+          "shape":"S3ReplicateObjectOperation",
+          "documentation":"<p>Directs the specified job to invoke <code>ReplicateObject</code> on every object in the job's manifest.</p>",
+          "box":true
         }
       },
       "documentation":"<p>The operation that you want this job to perform on every object listed in the manifest. For more information about the available operations, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-operations.html\">Operations</a> in the <i>Amazon S3 User Guide</i>.</p>"
@@ -2853,6 +2934,10 @@
           "shape":"JobNumberOfTasksFailed",
           "documentation":"<p/>",
           "box":true
+        },
+        "Timers":{
+          "shape":"JobTimers",
+          "documentation":"<p>The JobTimers attribute of a job's progress summary.</p>"
         }
       },
       "documentation":"<p>Describes the total number of tasks that the specified job has started, the number of tasks that succeeded, and the number of tasks that failed.</p>"
@@ -2935,6 +3020,21 @@
       "min":1
     },
     "JobTerminationDate":{"type":"timestamp"},
+    "JobTimeInStateSeconds":{
+      "type":"long",
+      "min":0
+    },
+    "JobTimers":{
+      "type":"structure",
+      "members":{
+        "ElapsedTimeInActiveSeconds":{
+          "shape":"JobTimeInStateSeconds",
+          "documentation":"<p>Indicates the elapsed time in seconds the job has been in the Active job state.</p>",
+          "box":true
+        }
+      },
+      "documentation":"<p>Provides timing details for the job.</p>"
+    },
     "JobTotalNumberOfTasks":{
       "type":"long",
       "min":0
@@ -3076,7 +3176,7 @@
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of access points that you want to include in the list. If there are more than this number of access points, then the response will include a continuation token in the <code>NextToken</code> field that you can use to retrieve the next page of access points.</p>",
+          "documentation":"<p>The maximum number of access points that you want to include in the list. The response may contain fewer access points but will never contain more. If there are more than this number of access points, then the response will include a continuation token in the <code>NextToken</code> field that you can use to retrieve the next page of access points.</p>",
           "location":"querystring",
           "locationName":"maxResults"
         }
@@ -3326,6 +3426,11 @@
       }
     },
     "Location":{"type":"string"},
+    "ManifestPrefixString":{
+      "type":"string",
+      "max":512,
+      "min":1
+    },
     "MaxLength1024String":{
       "type":"string",
       "max":1024
@@ -3521,6 +3626,7 @@
       "documentation":"<p/>",
       "exception":true
     },
+    "ObjectCreationTime":{"type":"timestamp"},
     "ObjectLambdaAccessPoint":{
       "type":"structure",
       "required":["Name"],
@@ -3660,7 +3766,8 @@
         "S3DeleteObjectTagging",
         "S3InitiateRestoreObject",
         "S3PutObjectLegalHold",
-        "S3PutObjectRetention"
+        "S3PutObjectRetention",
+        "S3ReplicateObject"
       ]
     },
     "OutputSchemaVersion":{
@@ -4172,6 +4279,19 @@
         "locationName":"Region"
       }
     },
+    "ReplicationStatus":{
+      "type":"string",
+      "enum":[
+        "COMPLETED",
+        "FAILED",
+        "REPLICA",
+        "NONE"
+      ]
+    },
+    "ReplicationStatusFilterList":{
+      "type":"list",
+      "member":{"shape":"ReplicationStatus"}
+    },
     "ReportPrefixString":{
       "type":"string",
       "max":512,
@@ -4311,7 +4431,7 @@
         },
         "NewObjectMetadata":{
           "shape":"S3ObjectMetadata",
-          "documentation":"<p/>"
+          "documentation":"<p>If you don't provide this parameter, Amazon S3 copies all the metadata from the original objects. If you specify an empty set, the new objects will have no tags. Otherwise, Amazon S3 assigns the supplied tags to the new objects.</p>"
         },
         "NewObjectTagging":{
           "shape":"S3TagSet",
@@ -4370,6 +4490,17 @@
       "type":"integer",
       "min":0
     },
+    "S3GeneratedManifestDescriptor":{
+      "type":"structure",
+      "members":{
+        "Format":{
+          "shape":"GeneratedManifestFormat",
+          "documentation":"<p>The format of the generated manifest.</p>"
+        },
+        "Location":{"shape":"JobManifestLocation"}
+      },
+      "documentation":"<p>Describes the specified job's generated manifest. Batch Operations jobs created with a ManifestGenerator populate details of this descriptor after execution of the ManifestGenerator.</p>"
+    },
     "S3GlacierJobTier":{
       "type":"string",
       "enum":[
@@ -4437,12 +4568,72 @@
       },
       "documentation":"<p>Contains the configuration parameters for an S3 Initiate Restore Object job. S3 Batch Operations passes every object to the underlying POST Object restore API. For more information about the parameters for this operation, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOSTrestore.html#RESTObjectPOSTrestore-restore-request\">RestoreObject</a>.</p>"
     },
+    "S3JobManifestGenerator":{
+      "type":"structure",
+      "required":[
+        "SourceBucket",
+        "EnableManifestOutput"
+      ],
+      "members":{
+        "ExpectedBucketOwner":{
+          "shape":"AccountId",
+          "documentation":"<p>The Amazon Web Services account ID that owns the bucket the generated manifest is written to. If provided the generated manifest bucket's owner Amazon Web Services account ID must match this value, else the job fails.</p>"
+        },
+        "SourceBucket":{
+          "shape":"S3BucketArnString",
+          "documentation":"<p>The source bucket used by the ManifestGenerator.</p>"
+        },
+        "ManifestOutputLocation":{
+          "shape":"S3ManifestOutputLocation",
+          "documentation":"<p>Specifies the location the generated manifest will be written to.</p>"
+        },
+        "Filter":{
+          "shape":"JobManifestGeneratorFilter",
+          "documentation":"<p>Specifies rules the S3JobManifestGenerator should use to use to decide whether an object in the source bucket should or should not be included in the generated job manifest.</p>"
+        },
+        "EnableManifestOutput":{
+          "shape":"Boolean",
+          "documentation":"<p>Determines whether or not to write the job's generated manifest to a bucket.</p>"
+        }
+      },
+      "documentation":"<p>The container for the service that will create the S3 manifest.</p>"
+    },
     "S3KeyArnString":{
       "type":"string",
       "max":2000,
       "min":1,
       "pattern":"arn:[^:]+:s3:.*"
     },
+    "S3ManifestOutputLocation":{
+      "type":"structure",
+      "required":[
+        "Bucket",
+        "ManifestFormat"
+      ],
+      "members":{
+        "ExpectedManifestBucketOwner":{
+          "shape":"AccountId",
+          "documentation":"<p>The Account ID that owns the bucket the generated manifest is written to.</p>"
+        },
+        "Bucket":{
+          "shape":"S3BucketArnString",
+          "documentation":"<p>The bucket ARN the generated manifest should be written to.</p>"
+        },
+        "ManifestPrefix":{
+          "shape":"ManifestPrefixString",
+          "documentation":"<p>Prefix identifying one or more objects to which the manifest applies.</p>"
+        },
+        "ManifestEncryption":{
+          "shape":"GeneratedManifestEncryption",
+          "documentation":"<p>Specifies what encryption should be used when the generated manifest objects are written.</p>"
+        },
+        "ManifestFormat":{
+          "shape":"GeneratedManifestFormat",
+          "documentation":"<p>The format of the generated manifest.</p>"
+        }
+      },
+      "documentation":"<p>Location details for where the generated manifest should be written.</p>"
+    },
     "S3MetadataDirective":{
       "type":"string",
       "enum":[
@@ -4567,6 +4758,12 @@
       "max":128,
       "min":4
     },
+    "S3ReplicateObjectOperation":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>Directs the specified job to invoke <code>ReplicateObject</code> on every object in the job's manifest.</p>"
+    },
     "S3Retention":{
       "type":"structure",
       "members":{
@@ -4643,7 +4840,8 @@
         "ONEZONE_IA",
         "GLACIER",
         "INTELLIGENT_TIERING",
-        "DEEP_ARCHIVE"
+        "DEEP_ARCHIVE",
+        "GLACIER_IR"
       ]
     },
     "S3Tag":{
@@ -4686,6 +4884,18 @@
       "documentation":"<p/>",
       "locationName":"SSE-KMS"
     },
+    "SSEKMSEncryption":{
+      "type":"structure",
+      "required":["KeyId"],
+      "members":{
+        "KeyId":{
+          "shape":"KmsKeyArnString",
+          "documentation":"<p>Specifies the ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) symmetric customer managed key to use for encrypting generated manifest objects.</p>"
+        }
+      },
+      "documentation":"<p>Configuration for the use of SSE-KMS to encrypt generated manifest objects.</p>",
+      "locationName":"SSE-KMS"
+    },
     "SSEKMSKeyId":{"type":"string"},
     "SSES3":{
       "type":"structure",
@@ -4694,6 +4904,13 @@
       "documentation":"<p/>",
       "locationName":"SSE-S3"
     },
+    "SSES3Encryption":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>Configuration for the use of SSE-S3 to encrypt generated manifest objects.</p>",
+      "locationName":"SSE-S3"
+    },
     "SelectionCriteria":{
       "type":"structure",
       "members":{
@@ -4783,11 +5000,14 @@
     },
     "StorageLensDataExport":{
       "type":"structure",
-      "required":["S3BucketDestination"],
       "members":{
         "S3BucketDestination":{
           "shape":"S3BucketDestination",
           "documentation":"<p>A container for the bucket where the S3 Storage Lens metrics export will be located.</p> <note> <p>This bucket must be located in the same Region as the storage lens configuration. </p> </note>"
+        },
+        "CloudWatchMetrics":{
+          "shape":"CloudWatchMetrics",
+          "documentation":"<p>A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.</p>"
         }
       },
       "documentation":"<p>A container to specify the properties of your S3 Storage Lens metrics export, including the destination, schema, and format.</p>"
diff --git a/contrib/python/botocore/py3/botocore/data/sagemaker-runtime/2017-05-13/service-2.json b/contrib/python/botocore/py3/botocore/data/sagemaker-runtime/2017-05-13/service-2.json
index 69a5eea0383..030da597d31 100644
--- a/contrib/python/botocore/py3/botocore/data/sagemaker-runtime/2017-05-13/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sagemaker-runtime/2017-05-13/service-2.json
@@ -24,9 +24,11 @@
         {"shape":"InternalFailure"},
         {"shape":"ServiceUnavailable"},
         {"shape":"ValidationError"},
-        {"shape":"ModelError"}
+        {"shape":"ModelError"},
+        {"shape":"InternalDependencyException"},
+        {"shape":"ModelNotReadyException"}
       ],
-      "documentation":"<p>After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint. </p> <p>For an overview of Amazon SageMaker, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/how-it-works.html\">How It Works</a>. </p> <p>Amazon SageMaker strips all POST headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax. </p> <p>Calls to <code>InvokeEndpoint</code> are authenticated by using AWS Signature Version 4. For information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html\">Authenticating Requests (AWS Signature Version 4)</a> in the <i>Amazon S3 API Reference</i>.</p> <p>A customer's model containers must respond to requests within 60 seconds. The model itself can have a maximum processing time of 60 seconds before responding to invocations. If your model is going to take 50-60 seconds of processing time, the SDK socket timeout should be set to be 70 seconds.</p> <note> <p>Endpoints are scoped to an individual account, and are not public. The URL does not contain the account ID, but Amazon SageMaker determines the account ID from the authentication token that is supplied by the caller.</p> </note>"
+      "documentation":"<p>After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint. </p> <p>For an overview of Amazon SageMaker, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/how-it-works.html\">How It Works</a>. </p> <p>Amazon SageMaker strips all POST headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax. </p> <p>Calls to <code>InvokeEndpoint</code> are authenticated by using Amazon Web Services Signature Version 4. For information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html\">Authenticating Requests (Amazon Web Services Signature Version 4)</a> in the <i>Amazon S3 API Reference</i>.</p> <p>A customer's model containers must respond to requests within 60 seconds. The model itself can have a maximum processing time of 60 seconds before responding to invocations. If your model is going to take 50-60 seconds of processing time, the SDK socket timeout should be set to be 70 seconds.</p> <note> <p>Endpoints are scoped to an individual account, and are not public. The URL does not contain the account ID, but Amazon SageMaker determines the account ID from the authentication token that is supplied by the caller.</p> </note>"
     },
     "InvokeEndpointAsync":{
       "name":"InvokeEndpointAsync",
@@ -42,7 +44,7 @@
         {"shape":"ServiceUnavailable"},
         {"shape":"ValidationError"}
       ],
-      "documentation":"<p>After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint in an asynchronous manner.</p> <p>Inference requests sent to this API are enqueued for asynchronous processing. The processing of the inference request may or may not complete before the you receive a response from this API. The response from this API will not contain the result of the inference request but contain information about where you can locate it.</p> <p>Amazon SageMaker strips all <code>POST</code> headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.</p> <p>Calls to <code>InvokeEndpointAsync</code> are authenticated by using AWS Signature Version 4. For information, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html\">Authenticating Requests (AWS Signature Version 4)</a> in the <i>Amazon S3 API Reference</i>.</p>"
+      "documentation":"<p>After you deploy a model into production using Amazon SageMaker hosting services, your client applications use this API to get inferences from the model hosted at the specified endpoint in an asynchronous manner.</p> <p>Inference requests sent to this API are enqueued for asynchronous processing. The processing of the inference request may or may not complete before the you receive a response from this API. The response from this API will not contain the result of the inference request but contain information about where you can locate it.</p> <p>Amazon SageMaker strips all <code>POST</code> headers except those supported by the API. Amazon SageMaker might add additional headers. You should not rely on the behavior of headers outside those enumerated in the request syntax.</p> <p>Calls to <code>InvokeEndpointAsync</code> are authenticated by using Amazon Web Services Signature Version 4. For information, see <a href=\"https://docs.aws.amazon.com/https:/docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html\">Authenticating Requests (Amazon Web Services Signature Version 4)</a> in the <i>Amazon S3 API Reference</i>.</p>"
     }
   },
   "shapes":{
@@ -79,6 +81,17 @@
       "min":1,
       "pattern":"^(https|s3)://([^/]+)/?(.*)$"
     },
+    "InternalDependencyException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"Message"}
+      },
+      "documentation":"<p>Your request caused an exception with an internal dependency. Contact customer support. </p>",
+      "error":{"httpStatusCode":530},
+      "exception":true,
+      "fault":true,
+      "synthetic":true
+    },
     "InternalFailure":{
       "type":"structure",
       "members":{
@@ -117,7 +130,7 @@
         },
         "CustomAttributes":{
           "shape":"CustomAttributesHeader",
-          "documentation":"<p>Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID</code>: in your post-processing function. </p> <p>This feature is currently supported in the AWS SDKs but not in the Amazon SageMaker Python SDK. </p>",
+          "documentation":"<p>Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID</code>: in your post-processing function. </p> <p>This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK. </p>",
           "location":"header",
           "locationName":"X-Amzn-SageMaker-Custom-Attributes"
         },
@@ -187,7 +200,7 @@
         },
         "CustomAttributes":{
           "shape":"CustomAttributesHeader",
-          "documentation":"<p>Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://tools.ietf.org/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID:</code> in your post-processing function.</p> <p>This feature is currently supported in the AWS SDKs but not in the Amazon SageMaker Python SDK.</p>",
+          "documentation":"<p>Provides additional information about a request for an inference submitted to a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to provide an ID that you can use to track a request or to provide other metadata that a service endpoint was programmed to process. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://tools.ietf.org/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID:</code> in your post-processing function.</p> <p>This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.</p>",
           "location":"header",
           "locationName":"X-Amzn-SageMaker-Custom-Attributes"
         },
@@ -240,7 +253,7 @@
         },
         "CustomAttributes":{
           "shape":"CustomAttributesHeader",
-          "documentation":"<p>Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the <code>CustomAttributes</code> header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://tools.ietf.org/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back. </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID:</code> in your post-processing function.</p> <p>This feature is currently supported in the AWS SDKs but not in the Amazon SageMaker Python SDK.</p>",
+          "documentation":"<p>Provides additional information in the response about the inference returned by a model hosted at an Amazon SageMaker endpoint. The information is an opaque value that is forwarded verbatim. You could use this value, for example, to return an ID received in the <code>CustomAttributes</code> header of a request or other metadata that a service endpoint was programmed to produce. The value must consist of no more than 1024 visible US-ASCII characters as specified in <a href=\"https://tools.ietf.org/html/rfc7230#section-3.2.6\">Section 3.3.6. Field Value Components</a> of the Hypertext Transfer Protocol (HTTP/1.1). If the customer wants the custom attribute returned, the model must set the custom attribute to be included on the way back. </p> <p>The code in your model is responsible for setting or updating any custom attributes in the response. If your code does not set this value in the response, an empty value is returned. For example, if a custom attribute represents the trace ID, your model can prepend the custom attribute with <code>Trace ID:</code> in your post-processing function.</p> <p>This feature is currently supported in the Amazon Web Services SDKs but not in the Amazon SageMaker Python SDK.</p>",
           "location":"header",
           "locationName":"X-Amzn-SageMaker-Custom-Attributes"
         }
@@ -273,6 +286,16 @@
       "error":{"httpStatusCode":424},
       "exception":true
     },
+    "ModelNotReadyException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"Message"}
+      },
+      "documentation":"<p>Either a serverless endpoint variant's resources are still being provisioned, or a multi-model endpoint is still downloading or loading the target model. Wait and try your request again.</p>",
+      "error":{"httpStatusCode":429},
+      "exception":true,
+      "synthetic":true
+    },
     "RequestTTLSecondsHeader":{
       "type":"integer",
       "max":21600,
diff --git a/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/paginators-1.json b/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/paginators-1.json
index c90c0f659fe..2301b579319 100644
--- a/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/paginators-1.json
@@ -323,6 +323,24 @@
       "output_token": "NextToken",
       "limit_key": "MaxResults",
       "result_key": "StudioLifecycleConfigs"
+    },
+    "ListInferenceRecommendationsJobs": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "InferenceRecommendationsJobs"
+    },
+    "ListLineageGroups": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "LineageGroupSummaries"
+    },
+    "ListModelMetadata": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "ModelMetadataSummaries"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/service-2.json b/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/service-2.json
index e3c23144a0a..6cdafdca4da 100644
--- a/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sagemaker/2017-07-24/service-2.json
@@ -353,6 +353,20 @@
       ],
       "documentation":"<p>Creates a version of the SageMaker image specified by <code>ImageName</code>. The version represents the Amazon Container Registry (ECR) container image specified by <code>BaseImage</code>.</p>"
     },
+    "CreateInferenceRecommendationsJob":{
+      "name":"CreateInferenceRecommendationsJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateInferenceRecommendationsJobRequest"},
+      "output":{"shape":"CreateInferenceRecommendationsJobResponse"},
+      "errors":[
+        {"shape":"ResourceInUse"},
+        {"shape":"ResourceLimitExceeded"}
+      ],
+      "documentation":"<p>Starts a recommendation job. You can create either an instance recommendation or load test job.</p>"
+    },
     "CreateLabelingJob":{
       "name":"CreateLabelingJob",
       "http":{
@@ -1406,6 +1420,19 @@
       ],
       "documentation":"<p>Describes a version of a SageMaker image.</p>"
     },
+    "DescribeInferenceRecommendationsJob":{
+      "name":"DescribeInferenceRecommendationsJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeInferenceRecommendationsJobRequest"},
+      "output":{"shape":"DescribeInferenceRecommendationsJobResponse"},
+      "errors":[
+        {"shape":"ResourceNotFound"}
+      ],
+      "documentation":"<p>Provides the results of the Inference Recommender job. One or more recommendation jobs are returned.</p>"
+    },
     "DescribeLabelingJob":{
       "name":"DescribeLabelingJob",
       "http":{
@@ -1419,6 +1446,19 @@
       ],
       "documentation":"<p>Gets information about a labeling job.</p>"
     },
+    "DescribeLineageGroup":{
+      "name":"DescribeLineageGroup",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeLineageGroupRequest"},
+      "output":{"shape":"DescribeLineageGroupResponse"},
+      "errors":[
+        {"shape":"ResourceNotFound"}
+      ],
+      "documentation":"<p>Provides a list of properties for the requested lineage group. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/xaccount-lineage-tracking.html\"> Cross-Account Lineage Tracking </a> in the <i>Amazon SageMaker Developer Guide</i>.</p>"
+    },
     "DescribeModel":{
       "name":"DescribeModel",
       "http":{
@@ -1734,6 +1774,19 @@
       "output":{"shape":"GetDeviceFleetReportResponse"},
       "documentation":"<p>Describes a fleet.</p>"
     },
+    "GetLineageGroupPolicy":{
+      "name":"GetLineageGroupPolicy",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetLineageGroupPolicyRequest"},
+      "output":{"shape":"GetLineageGroupPolicyResponse"},
+      "errors":[
+        {"shape":"ResourceNotFound"}
+      ],
+      "documentation":"<p>The resource policy for the lineage group.</p>"
+    },
     "GetModelPackageGroupPolicy":{
       "name":"GetModelPackageGroupPolicy",
       "http":{
@@ -2032,6 +2085,16 @@
       "output":{"shape":"ListImagesResponse"},
       "documentation":"<p>Lists the images in your account and their properties. The list can be filtered by creation time or modified time, and whether the image name contains a specified string.</p>"
     },
+    "ListInferenceRecommendationsJobs":{
+      "name":"ListInferenceRecommendationsJobs",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListInferenceRecommendationsJobsRequest"},
+      "output":{"shape":"ListInferenceRecommendationsJobsResponse"},
+      "documentation":"<p>Lists recommendation jobs that satisfy various filters.</p>"
+    },
     "ListLabelingJobs":{
       "name":"ListLabelingJobs",
       "http":{
@@ -2055,6 +2118,16 @@
       ],
       "documentation":"<p>Gets a list of labeling jobs assigned to a specified work team.</p>"
     },
+    "ListLineageGroups":{
+      "name":"ListLineageGroups",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListLineageGroupsRequest"},
+      "output":{"shape":"ListLineageGroupsResponse"},
+      "documentation":"<p>A list of lineage groups shared with your Amazon Web Services account. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/xaccount-lineage-tracking.html\"> Cross-Account Lineage Tracking </a> in the <i>Amazon SageMaker Developer Guide</i>.</p>"
+    },
     "ListModelBiasJobDefinitions":{
       "name":"ListModelBiasJobDefinitions",
       "http":{
@@ -2075,6 +2148,16 @@
       "output":{"shape":"ListModelExplainabilityJobDefinitionsResponse"},
       "documentation":"<p>Lists model explainability job definitions that satisfy various filters.</p>"
     },
+    "ListModelMetadata":{
+      "name":"ListModelMetadata",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListModelMetadataRequest"},
+      "output":{"shape":"ListModelMetadataResponse"},
+      "documentation":"<p>Lists the domain, framework, task, and model name of standard machine learning models found in common model zoos.</p>"
+    },
     "ListModelPackageGroups":{
       "name":"ListModelPackageGroups",
       "http":{
@@ -2356,6 +2439,19 @@
       "output":{"shape":"PutModelPackageGroupPolicyOutput"},
       "documentation":"<p>Adds a resouce policy to control access to a model group. For information about resoure policies, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html\">Identity-based policies and resource-based policies</a> in the <i>Amazon Web Services Identity and Access Management User Guide.</i>.</p>"
     },
+    "QueryLineage":{
+      "name":"QueryLineage",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"QueryLineageRequest"},
+      "output":{"shape":"QueryLineageResponse"},
+      "errors":[
+        {"shape":"ResourceNotFound"}
+      ],
+      "documentation":"<p>Use this action to inspect your lineage and discover relationships between entities. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/querying-lineage-entities.html\"> Querying Lineage Entities</a> in the <i>Amazon SageMaker Developer Guide</i>.</p>"
+    },
     "RegisterDevices":{
       "name":"RegisterDevices",
       "http":{
@@ -2517,6 +2613,18 @@
       ],
       "documentation":"<p>Stops a running hyperparameter tuning job and all running training jobs that the tuning job launched.</p> <p>All model artifacts output from the training jobs are stored in Amazon Simple Storage Service (Amazon S3). All data that the training jobs write to Amazon CloudWatch Logs are still available in CloudWatch. After the tuning job moves to the <code>Stopped</code> state, it releases all reserved resources for the tuning job.</p>"
     },
+    "StopInferenceRecommendationsJob":{
+      "name":"StopInferenceRecommendationsJob",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"StopInferenceRecommendationsJobRequest"},
+      "errors":[
+        {"shape":"ResourceNotFound"}
+      ],
+      "documentation":"<p>Stops an Inference Recommender job.</p>"
+    },
     "StopLabelingJob":{
       "name":"StopLabelingJob",
       "http":{
@@ -2597,7 +2705,7 @@
       "errors":[
         {"shape":"ResourceNotFound"}
       ],
-      "documentation":"<p>Stops a transform job.</p> <p>When Amazon SageMaker receives a <code>StopTransformJob</code> request, the status of the job changes to <code>Stopping</code>. After Amazon SageMaker stops the job, the status is set to <code>Stopped</code>. When you stop a transform job before it is completed, Amazon SageMaker doesn't store the job's output in Amazon S3.</p>"
+      "documentation":"<p>Stops a batch transform job.</p> <p>When Amazon SageMaker receives a <code>StopTransformJob</code> request, the status of the job changes to <code>Stopping</code>. After Amazon SageMaker stops the job, the status is set to <code>Stopped</code>. When you stop a batch transform job before it is completed, Amazon SageMaker doesn't store the job's output in Amazon S3.</p>"
     },
     "UpdateAction":{
       "name":"UpdateAction",
@@ -3068,6 +3176,50 @@
       "member":{"shape":"CodeRepositoryNameOrUrl"},
       "max":3
     },
+    "AdditionalInferenceSpecificationDefinition":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Containers"
+      ],
+      "members":{
+        "Name":{
+          "shape":"EntityName",
+          "documentation":"<p>A unique name to identify the additional inference specification. The name must be unique within the list of your additional inference specifications for a particular model package.</p>"
+        },
+        "Description":{
+          "shape":"EntityDescription",
+          "documentation":"<p>A description of the additional Inference specification</p>"
+        },
+        "Containers":{
+          "shape":"ModelPackageContainerDefinitionList",
+          "documentation":"<p>The Amazon ECR registry path of the Docker image that contains the inference code.</p>"
+        },
+        "SupportedTransformInstanceTypes":{
+          "shape":"TransformInstanceTypes",
+          "documentation":"<p>A list of the instance types on which a transformation job can be run or on which an endpoint can be deployed.</p>"
+        },
+        "SupportedRealtimeInferenceInstanceTypes":{
+          "shape":"RealtimeInferenceInstanceTypes",
+          "documentation":"<p>A list of the instance types that are used to generate inferences in real-time.</p>"
+        },
+        "SupportedContentTypes":{
+          "shape":"ContentTypes",
+          "documentation":"<p>The supported MIME types for the input data.</p>"
+        },
+        "SupportedResponseMIMETypes":{
+          "shape":"ResponseMIMETypes",
+          "documentation":"<p>The supported MIME types for the output data.</p>"
+        }
+      },
+      "documentation":"<p>A structure of additional Inference Specification. Additional Inference Specification specifies details about inference jobs that can be run with models based on this model package</p>"
+    },
+    "AdditionalInferenceSpecifications":{
+      "type":"list",
+      "member":{"shape":"AdditionalInferenceSpecificationDefinition"},
+      "max":15,
+      "min":1
+    },
     "AgentVersion":{
       "type":"structure",
       "required":[
@@ -3095,10 +3247,10 @@
       "members":{
         "AlarmName":{
           "shape":"AlarmName",
-          "documentation":"<p/>"
+          "documentation":"<p>The name of a CloudWatch alarm in your account.</p>"
         }
       },
-      "documentation":"<p>This API is not supported.</p>"
+      "documentation":"<p>An Amazon CloudWatch alarm configured to monitor metrics on an endpoint.</p>"
     },
     "AlarmList":{
       "type":"list",
@@ -3947,6 +4099,10 @@
         "TargetAttributeName":{
           "shape":"TargetAttributeName",
           "documentation":"<p>The name of the target variable in supervised learning, usually represented by 'y'.</p>"
+        },
+        "ContentType":{
+          "shape":"ContentType",
+          "documentation":"<p>The content type of the data from the input source. You can use <code>text/csv;header=present</code> or <code>x-application/vnd.amazon+parquet</code>. The default value is <code>text/csv;header=present</code>.</p>"
         }
       },
       "documentation":"<p>A channel is a named input source that training algorithms can consume. For more information, see .</p>"
@@ -4092,7 +4248,9 @@
         "Completed",
         "ExplainabilityError",
         "DeployingModel",
-        "ModelDeploymentError"
+        "ModelDeploymentError",
+        "GeneratingModelInsightsReport",
+        "ModelInsightsError"
       ]
     },
     "AutoMLJobStatus":{
@@ -4273,10 +4431,10 @@
       "members":{
         "Alarms":{
           "shape":"AlarmList",
-          "documentation":"<p/>"
+          "documentation":"<p>List of CloudWatch alarms in your account that are configured to monitor metrics on an endpoint. If any alarms are tripped during a deployment, SageMaker rolls back the deployment.</p>"
         }
       },
-      "documentation":"<p>Currently, the <code>AutoRollbackConfig</code> API is not supported.</p>"
+      "documentation":"<p>Automatic rollback configuration for handling endpoint deployment failures and recovery.</p>"
     },
     "AwsManagedHumanLoopRequestSource":{
       "type":"string",
@@ -4386,7 +4544,9 @@
         "Report":{
           "shape":"MetricsSource",
           "documentation":"<p>The bias report for a model</p>"
-        }
+        },
+        "PreTrainingReport":{"shape":"MetricsSource"},
+        "PostTrainingReport":{"shape":"MetricsSource"}
       },
       "documentation":"<p>Contains bias metrics for a model.</p>"
     },
@@ -4404,18 +4564,18 @@
       "members":{
         "TrafficRoutingConfiguration":{
           "shape":"TrafficRoutingConfig",
-          "documentation":"<p/>"
+          "documentation":"<p>Defines the traffic routing strategy to shift traffic from the old fleet to the new fleet during an endpoint deployment.</p>"
         },
         "TerminationWaitInSeconds":{
           "shape":"TerminationWaitInSeconds",
-          "documentation":"<p/>"
+          "documentation":"<p>Additional waiting time in seconds after the completion of an endpoint deployment before terminating the old endpoint fleet. Default is 0.</p>"
         },
         "MaximumExecutionTimeoutInSeconds":{
           "shape":"MaximumExecutionTimeoutInSeconds",
-          "documentation":"<p/>"
+          "documentation":"<p>Maximum execution timeout for the deployment. Note that the timeout value should be larger than the total waiting time specified in <code>TerminationWaitInSeconds</code> and <code>WaitIntervalInSeconds</code>.</p>"
         }
       },
-      "documentation":"<p>Currently, the <code>BlueGreenUpdatePolicy</code> API is not supported.</p>"
+      "documentation":"<p>Update policy for a blue/green deployment. If this update policy is specified, SageMaker creates a new fleet during the deployment while maintaining the old fleet. SageMaker flips traffic to the new fleet according to the specified traffic routing configuration. Only one update policy should be used in the deployment configuration. If no update policy is specified, SageMaker uses a blue/green deployment strategy with all at once traffic shifting by default.</p>"
     },
     "Boolean":{"type":"boolean"},
     "BooleanOperator":{
@@ -4431,6 +4591,12 @@
       "min":1,
       "pattern":"[^ ~^:?*\\[]+"
     },
+    "BucketName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]"
+    },
     "CacheHitResult":{
       "type":"structure",
       "members":{
@@ -4472,6 +4638,10 @@
         "Explainability":{
           "shape":"ExplainabilityLocation",
           "documentation":"<p>The Amazon S3 prefix to the explainability artifacts generated for the AutoML candidate.</p>"
+        },
+        "ModelInsights":{
+          "shape":"ModelInsightsLocation",
+          "documentation":"<p>The Amazon S3 prefix to the model insight artifacts generated for the AutoML candidate.</p>"
         }
       },
       "documentation":"<p>The location of artifacts for an AutoML candidate job.</p>"
@@ -4549,14 +4719,14 @@
       "members":{
         "Type":{
           "shape":"CapacitySizeType",
-          "documentation":"<p>This API is not supported.</p>"
+          "documentation":"<p>Specifies the endpoint capacity type.</p> <ul> <li> <p> <code>INSTANCE_COUNT</code>: The endpoint activates based on the number of instances.</p> </li> <li> <p> <code>CAPACITY_PERCENT</code>: The endpoint activates based on the specified percentage of capacity.</p> </li> </ul>"
         },
         "Value":{
           "shape":"CapacitySizeValue",
-          "documentation":"<p/>"
+          "documentation":"<p>Defines the capacity size, either as a number of instances or a capacity percentage.</p>"
         }
       },
-      "documentation":"<p>Currently, the <code>CapacitySize</code> API is not supported.</p>"
+      "documentation":"<p>Specifies the endpoint capacity to activate for production.</p>"
     },
     "CapacitySizeType":{
       "type":"string",
@@ -4620,6 +4790,24 @@
       "min":1,
       "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*"
     },
+    "CategoricalParameter":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Value"
+      ],
+      "members":{
+        "Name":{
+          "shape":"String64",
+          "documentation":"<p>The Name of the environment variable.</p>"
+        },
+        "Value":{
+          "shape":"CategoricalParameterRangeValues",
+          "documentation":"<p>The list of values you can pass.</p>"
+        }
+      },
+      "documentation":"<p>Environment parameters you want to benchmark your load test against.</p>"
+    },
     "CategoricalParameterRange":{
       "type":"structure",
       "required":[
@@ -4649,12 +4837,24 @@
       },
       "documentation":"<p>Defines the possible values for a categorical hyperparameter.</p>"
     },
+    "CategoricalParameterRangeValues":{
+      "type":"list",
+      "member":{"shape":"String128"},
+      "max":3,
+      "min":1
+    },
     "CategoricalParameterRanges":{
       "type":"list",
       "member":{"shape":"CategoricalParameterRange"},
       "max":20,
       "min":0
     },
+    "CategoricalParameters":{
+      "type":"list",
+      "member":{"shape":"CategoricalParameter"},
+      "max":5,
+      "min":1
+    },
     "Cents":{
       "type":"integer",
       "max":99,
@@ -4771,6 +4971,44 @@
       "type":"list",
       "member":{"shape":"Cidr"}
     },
+    "ClarifyCheckStepMetadata":{
+      "type":"structure",
+      "members":{
+        "CheckType":{
+          "shape":"String256",
+          "documentation":"<p>The type of the Clarify Check step</p>"
+        },
+        "BaselineUsedForDriftCheckConstraints":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of baseline constraints file to be used for the drift check.</p>"
+        },
+        "CalculatedBaselineConstraints":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the newly calculated baseline constraints file.</p>"
+        },
+        "ModelPackageGroupName":{
+          "shape":"String256",
+          "documentation":"<p>The model package group name.</p>"
+        },
+        "ViolationReport":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the violation report if violations are detected.</p>"
+        },
+        "CheckJobArn":{
+          "shape":"String256",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the check processing job that was run by this step's execution.</p>"
+        },
+        "SkipCheck":{
+          "shape":"Boolean",
+          "documentation":"<p>This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to <code>False</code>, the previous baseline of the configured check type must be available.</p>"
+        },
+        "RegisterNewBaseline":{
+          "shape":"Boolean",
+          "documentation":"<p>This flag indicates if a newly calculated baseline can be accessed through step properties <code>BaselineUsedForDriftCheckConstraints</code> and <code>BaselineUsedForDriftCheckStatistics</code>. If it is set to <code>False</code>, the previous baseline of the configured check type must also be available. These can be accessed through the <code>BaselineUsedForDriftCheckConstraints</code> property. </p>"
+        }
+      },
+      "documentation":"<p>The container for the metadata for the ClarifyCheck step. For more information, see the topic on <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/build-and-manage-steps.html#step-type-clarify-check\">ClarifyCheck step</a> in the <i>Amazon SageMaker Developer Guide</i>. </p>"
+    },
     "ClientId":{
       "type":"string",
       "max":1024,
@@ -5120,6 +5358,10 @@
           "shape":"VersionedArnOrName",
           "documentation":"<p>The name or Amazon Resource Name (ARN) of the model package to use to create the model.</p>"
         },
+        "InferenceSpecificationName":{
+          "shape":"InferenceSpecificationName",
+          "documentation":"<p>The inference specification name in the model package version.</p>"
+        },
         "MultiModelConfig":{
           "shape":"MultiModelConfig",
           "documentation":"<p>Specifies additional configuration for multi-model endpoints.</p>"
@@ -5597,7 +5839,6 @@
       "required":[
         "CompilationJobName",
         "RoleArn",
-        "InputConfig",
         "OutputConfig",
         "StoppingCondition"
       ],
@@ -5610,6 +5851,10 @@
           "shape":"RoleArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf. </p> <p>During model compilation, Amazon SageMaker needs your permission to:</p> <ul> <li> <p>Read input data from an S3 bucket</p> </li> <li> <p>Write model artifacts to an S3 bucket</p> </li> <li> <p>Write logs to Amazon CloudWatch Logs</p> </li> <li> <p>Publish metrics to Amazon CloudWatch</p> </li> </ul> <p>You grant permissions for all of these tasks to an IAM role. To pass this role to Amazon SageMaker, the caller of this API must have the <code>iam:PassRole</code> permission. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html\">Amazon SageMaker Roles.</a> </p>"
         },
+        "ModelPackageVersionArn":{
+          "shape":"ModelPackageArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a versioned model package. Provide either a <code>ModelPackageVersionArn</code> or an <code>InputConfig</code> object in the request syntax. The presence of both objects in the <code>CreateCompilationJob</code> request will return an exception.</p>"
+        },
         "InputConfig":{
           "shape":"InputConfig",
           "documentation":"<p>Provides information about the location of input model artifacts, the name and shape of the expected data inputs, and the framework in which the model was trained.</p>"
@@ -5812,7 +6057,7 @@
         },
         "HomeEfsFileSystemKmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>This member is deprecated and replaced with <code>KmsKeyId</code>.</p>",
+          "documentation":"<p>Use <code>KmsKeyId</code>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This property is deprecated, use KmsKeyId instead."
         },
@@ -5914,7 +6159,7 @@
         },
         "AsyncInferenceConfig":{
           "shape":"AsyncInferenceConfig",
-          "documentation":"<p>Specifies configuration for how an endpoint performs asynchronous inference. This is a required field in order for your Endpoint to be invoked using <a href=\"https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpoint.html\"> <code>InvokeEndpointAsync</code> </a>.</p>"
+          "documentation":"<p>Specifies configuration for how an endpoint performs asynchronous inference. This is a required field in order for your Endpoint to be invoked using <a href=\"https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_runtime_InvokeEndpointAsync.html\">InvokeEndpointAsync</a>.</p>"
         }
       }
     },
@@ -5943,6 +6188,7 @@
           "shape":"EndpointConfigName",
           "documentation":"<p>The name of an endpoint configuration. For more information, see <a>CreateEndpointConfig</a>. </p>"
         },
+        "DeploymentConfig":{"shape":"DeploymentConfig"},
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>An array of key-value pairs. You can use tags to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services Resources</a>.</p>"
@@ -6237,6 +6483,55 @@
         }
       }
     },
+    "CreateInferenceRecommendationsJobRequest":{
+      "type":"structure",
+      "required":[
+        "JobName",
+        "JobType",
+        "RoleArn",
+        "InputConfig"
+      ],
+      "members":{
+        "JobName":{
+          "shape":"RecommendationJobName",
+          "documentation":"<p>A name for the recommendation job. The name must be unique within the Amazon Web Services Region and within your Amazon Web Services account.</p>"
+        },
+        "JobType":{
+          "shape":"RecommendationJobType",
+          "documentation":"<p>Defines the type of recommendation job. Specify <code>Default</code> to initiate an instance recommendation and <code>Advanced</code> to initiate a load test. If left unspecified, Amazon SageMaker Inference Recommender will run an instance recommendation (<code>DEFAULT</code>) job.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.</p>"
+        },
+        "InputConfig":{
+          "shape":"RecommendationJobInputConfig",
+          "documentation":"<p>Provides information about the versioned model package Amazon Resource Name (ARN), the traffic pattern, and endpoint configurations.</p>"
+        },
+        "JobDescription":{
+          "shape":"RecommendationJobDescription",
+          "documentation":"<p>Description of the recommendation job.</p>"
+        },
+        "StoppingConditions":{
+          "shape":"RecommendationJobStoppingConditions",
+          "documentation":"<p>A set of conditions for stopping a recommendation job. If any of the conditions are met, the job is automatically stopped.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The metadata that you apply to Amazon Web Services resources to help you categorize and organize them. Each tag consists of a key and a value, both of which you define. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services Resources</a> in the Amazon Web Services General Reference.</p>"
+        }
+      }
+    },
+    "CreateInferenceRecommendationsJobResponse":{
+      "type":"structure",
+      "required":["JobArn"],
+      "members":{
+        "JobArn":{
+          "shape":"RecommendationJobArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommendation job.</p>"
+        }
+      }
+    },
     "CreateLabelingJobRequest":{
       "type":"structure",
       "required":[
@@ -6539,6 +6834,26 @@
         "CustomerMetadataProperties":{
           "shape":"CustomerMetadataMap",
           "documentation":"<p>The metadata properties associated with the model package versions.</p>"
+        },
+        "DriftCheckBaselines":{
+          "shape":"DriftCheckBaselines",
+          "documentation":"<p>Represents the drift check baselines that can be used when the model monitor is set using the model package. For more information, see the topic on <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-quality-clarify-baseline-lifecycle.html#pipelines-quality-clarify-baseline-drift-detection\">Drift Detection against Previous Baselines in SageMaker Pipelines</a> in the <i>Amazon SageMaker Developer Guide</i>. </p>"
+        },
+        "Domain":{
+          "shape":"String",
+          "documentation":"<p>The machine learning domain of your model package and its components. Common machine learning domains include computer vision and natural language processing.</p>"
+        },
+        "Task":{
+          "shape":"String",
+          "documentation":"<p>The machine learning task your model package accomplishes. Common machine learning tasks include object detection and image classification.</p>"
+        },
+        "SamplePayloadUrl":{
+          "shape":"S3Uri",
+          "documentation":"<p>The Amazon Simple Storage Service (Amazon S3) path where the sample payload are stored. This path must point to a single gzip compressed tar archive (.tar.gz suffix).</p>"
+        },
+        "AdditionalInferenceSpecifications":{
+          "shape":"AdditionalInferenceSpecifications",
+          "documentation":"<p>An array of additional Inference Specification objects. Each additional Inference Specification specifies artifacts based on this model package that can be used on inference endpoints. Generally used with SageMaker Neo to store the compiled artifacts. </p>"
         }
       }
     },
@@ -6747,7 +7062,6 @@
       "type":"structure",
       "required":[
         "PipelineName",
-        "PipelineDefinition",
         "ClientRequestToken",
         "RoleArn"
       ],
@@ -6764,6 +7078,10 @@
           "shape":"PipelineDefinition",
           "documentation":"<p>The JSON pipeline definition of the pipeline.</p>"
         },
+        "PipelineDefinitionS3Location":{
+          "shape":"PipelineDefinitionS3Location",
+          "documentation":"<p>The location of the pipeline definition stored in Amazon S3. If specified, SageMaker will retrieve the pipeline definition from this location.</p>"
+        },
         "PipelineDescription":{
           "shape":"PipelineDescription",
           "documentation":"<p>A description of the pipeline.</p>"
@@ -6780,6 +7098,10 @@
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>A list of tags to apply to the created pipeline.</p>"
+        },
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>This is the configuration that controls the parallelism of the pipeline. If specified, it applies to all runs of this pipeline by default.</p>"
         }
       }
     },
@@ -7402,7 +7724,7 @@
     "CustomImages":{
       "type":"list",
       "member":{"shape":"CustomImage"},
-      "max":30
+      "max":200
     },
     "CustomerMetadataKey":{
       "type":"string",
@@ -8337,14 +8659,14 @@
       "members":{
         "BlueGreenUpdatePolicy":{
           "shape":"BlueGreenUpdatePolicy",
-          "documentation":"<p/>"
+          "documentation":"<p>Update policy for a blue/green deployment. If this update policy is specified, SageMaker creates a new fleet during the deployment while maintaining the old fleet. SageMaker flips traffic to the new fleet according to the specified traffic routing configuration. Only one update policy should be used in the deployment configuration. If no update policy is specified, SageMaker uses a blue/green deployment strategy with all at once traffic shifting by default.</p>"
         },
         "AutoRollbackConfiguration":{
           "shape":"AutoRollbackConfig",
-          "documentation":"<p/>"
+          "documentation":"<p>Automatic rollback configuration for handling endpoint deployment failures and recovery.</p>"
         }
       },
-      "documentation":"<p>Currently, the <code>DeploymentConfig</code> API is not supported.</p>"
+      "documentation":"<p>The deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations.</p>"
     },
     "DeregisterDevicesRequest":{
       "type":"structure",
@@ -8377,7 +8699,7 @@
       "type":"structure",
       "members":{
         "ActionName":{
-          "shape":"ExperimentEntityName",
+          "shape":"ExperimentEntityNameOrArn",
           "documentation":"<p>The name of the action.</p>"
         },
         "ActionArn":{
@@ -8414,7 +8736,11 @@
           "documentation":"<p>When the action was last modified.</p>"
         },
         "LastModifiedBy":{"shape":"UserContext"},
-        "MetadataProperties":{"shape":"MetadataProperties"}
+        "MetadataProperties":{"shape":"MetadataProperties"},
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
+        }
       }
     },
     "DescribeAlgorithmInput":{
@@ -8609,7 +8935,7 @@
       "type":"structure",
       "members":{
         "ArtifactName":{
-          "shape":"ExperimentEntityName",
+          "shape":"ExperimentEntityNameOrArn",
           "documentation":"<p>The name of the artifact.</p>"
         },
         "ArtifactArn":{
@@ -8638,7 +8964,11 @@
           "documentation":"<p>When the artifact was last modified.</p>"
         },
         "LastModifiedBy":{"shape":"UserContext"},
-        "MetadataProperties":{"shape":"MetadataProperties"}
+        "MetadataProperties":{"shape":"MetadataProperties"},
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
+        }
       }
     },
     "DescribeAutoMLJobRequest":{
@@ -8846,6 +9176,10 @@
           "shape":"InferenceImage",
           "documentation":"<p>The inference image to use when compiling a model. Specify an image only if the target device is a cloud instance.</p>"
         },
+        "ModelPackageVersionArn":{
+          "shape":"ModelPackageArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the versioned model package that was provided to SageMaker Neo when you initiated a compilation job.</p>"
+        },
         "CreationTime":{
           "shape":"CreationTime",
           "documentation":"<p>The time that the model compilation job was created.</p>"
@@ -8889,7 +9223,7 @@
       "required":["ContextName"],
       "members":{
         "ContextName":{
-          "shape":"ExperimentEntityName",
+          "shape":"ExperimentEntityNameOrArn",
           "documentation":"<p>The name of the context to describe.</p>"
         }
       }
@@ -8930,7 +9264,11 @@
           "shape":"Timestamp",
           "documentation":"<p>When the context was last modified.</p>"
         },
-        "LastModifiedBy":{"shape":"UserContext"}
+        "LastModifiedBy":{"shape":"UserContext"},
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
+        }
       }
     },
     "DescribeDataQualityJobDefinitionRequest":{
@@ -9185,7 +9523,7 @@
         },
         "HomeEfsFileSystemKmsKeyId":{
           "shape":"KmsKeyId",
-          "documentation":"<p>This member is deprecated and replaced with <code>KmsKeyId</code>.</p>",
+          "documentation":"<p>Use <code>KmsKeyId</code>.</p>",
           "deprecated":true,
           "deprecatedMessage":"This property is deprecated, use KmsKeyId instead."
         },
@@ -9406,6 +9744,10 @@
         "AsyncInferenceConfig":{
           "shape":"AsyncInferenceConfig",
           "documentation":"<p>Returns the description of an endpoint configuration created using the <a href=\"https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateEndpointConfig.html\"> <code>CreateEndpointConfig</code> </a> API.</p>"
+        },
+        "PendingDeploymentSummary":{
+          "shape":"PendingDeploymentSummary",
+          "documentation":"<p>Returns the summary of an in-progress deployment. This field is only returned when the endpoint is creating or updating with a new endpoint configuration.</p>"
         }
       }
     },
@@ -9836,6 +10178,83 @@
         }
       }
     },
+    "DescribeInferenceRecommendationsJobRequest":{
+      "type":"structure",
+      "required":["JobName"],
+      "members":{
+        "JobName":{
+          "shape":"RecommendationJobName",
+          "documentation":"<p>The name of the job. The name must be unique within an Amazon Web Services Region in the Amazon Web Services account.</p>"
+        }
+      }
+    },
+    "DescribeInferenceRecommendationsJobResponse":{
+      "type":"structure",
+      "required":[
+        "JobName",
+        "JobType",
+        "JobArn",
+        "RoleArn",
+        "Status",
+        "CreationTime",
+        "LastModifiedTime",
+        "InputConfig"
+      ],
+      "members":{
+        "JobName":{
+          "shape":"RecommendationJobName",
+          "documentation":"<p>The name of the job. The name must be unique within an Amazon Web Services Region in the Amazon Web Services account.</p>"
+        },
+        "JobDescription":{
+          "shape":"RecommendationJobDescription",
+          "documentation":"<p>The job description that you provided when you initiated the job.</p>"
+        },
+        "JobType":{
+          "shape":"RecommendationJobType",
+          "documentation":"<p>The job type that you provided when you initiated the job.</p>"
+        },
+        "JobArn":{
+          "shape":"RecommendationJobArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the job.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Web Services Identity and Access Management (IAM) role you provided when you initiated the job.</p>"
+        },
+        "Status":{
+          "shape":"RecommendationJobStatus",
+          "documentation":"<p>The status of the job.</p>"
+        },
+        "CreationTime":{
+          "shape":"CreationTime",
+          "documentation":"<p>A timestamp that shows when the job was created.</p>"
+        },
+        "CompletionTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that shows when the job completed.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"LastModifiedTime",
+          "documentation":"<p>A timestamp that shows when the job was last modified.</p>"
+        },
+        "FailureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If the job fails, provides information why the job failed.</p>"
+        },
+        "InputConfig":{
+          "shape":"RecommendationJobInputConfig",
+          "documentation":"<p>Returns information about the versioned model package Amazon Resource Name (ARN), the traffic pattern, and endpoint configurations you provided when you initiated the job.</p>"
+        },
+        "StoppingConditions":{
+          "shape":"RecommendationJobStoppingConditions",
+          "documentation":"<p>The stopping conditions that you provided when you initiated the job.</p>"
+        },
+        "InferenceRecommendations":{
+          "shape":"InferenceRecommendations",
+          "documentation":"<p>The recommendations made by Inference Recommender.</p>"
+        }
+      }
+    },
     "DescribeLabelingJobRequest":{
       "type":"structure",
       "required":["LabelingJobName"],
@@ -9936,6 +10355,47 @@
         }
       }
     },
+    "DescribeLineageGroupRequest":{
+      "type":"structure",
+      "required":["LineageGroupName"],
+      "members":{
+        "LineageGroupName":{
+          "shape":"ExperimentEntityName",
+          "documentation":"<p>The name of the lineage group.</p>"
+        }
+      }
+    },
+    "DescribeLineageGroupResponse":{
+      "type":"structure",
+      "members":{
+        "LineageGroupName":{
+          "shape":"ExperimentEntityName",
+          "documentation":"<p>The name of the lineage group.</p>"
+        },
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
+        },
+        "DisplayName":{
+          "shape":"ExperimentEntityName",
+          "documentation":"<p>The display name of the lineage group.</p>"
+        },
+        "Description":{
+          "shape":"ExperimentDescription",
+          "documentation":"<p>The description of the lineage group.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The creation time of lineage group.</p>"
+        },
+        "CreatedBy":{"shape":"UserContext"},
+        "LastModifiedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last modified time of the lineage group.</p>"
+        },
+        "LastModifiedBy":{"shape":"UserContext"}
+      }
+    },
     "DescribeModelBiasJobDefinitionRequest":{
       "type":"structure",
       "required":["JobDefinitionName"],
@@ -10246,6 +10706,26 @@
         "CustomerMetadataProperties":{
           "shape":"CustomerMetadataMap",
           "documentation":"<p>The metadata properties associated with the model package versions.</p>"
+        },
+        "DriftCheckBaselines":{
+          "shape":"DriftCheckBaselines",
+          "documentation":"<p>Represents the drift check baselines that can be used when the model monitor is set using the model package. For more information, see the topic on <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-quality-clarify-baseline-lifecycle.html#pipelines-quality-clarify-baseline-drift-detection\">Drift Detection against Previous Baselines in SageMaker Pipelines</a> in the <i>Amazon SageMaker Developer Guide</i>. </p>"
+        },
+        "Domain":{
+          "shape":"String",
+          "documentation":"<p>The machine learning domain of the model package you specified. Common machine learning domains include computer vision and natural language processing.</p>"
+        },
+        "Task":{
+          "shape":"String",
+          "documentation":"<p>The machine learning task you specified that your model package accomplishes. Common machine learning tasks include object detection and image classification.</p>"
+        },
+        "SamplePayloadUrl":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Simple Storage Service (Amazon S3) path where the sample payload are stored. This path points to a single gzip compressed tar archive (.tar.gz suffix).</p>"
+        },
+        "AdditionalInferenceSpecifications":{
+          "shape":"AdditionalInferenceSpecifications",
+          "documentation":"<p>An array of additional Inference Specification objects. Each additional Inference Specification specifies artifacts based on this model package that can be used on inference endpoints. Generally used with SageMaker Neo to store the compiled artifacts.</p>"
         }
       }
     },
@@ -10580,7 +11060,11 @@
           "documentation":"<p>The time when the pipeline execution was modified last.</p>"
         },
         "CreatedBy":{"shape":"UserContext"},
-        "LastModifiedBy":{"shape":"UserContext"}
+        "LastModifiedBy":{"shape":"UserContext"},
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>The parallelism configuration applied to the pipeline.</p>"
+        }
       }
     },
     "DescribePipelineRequest":{
@@ -10637,7 +11121,11 @@
           "documentation":"<p>The time when the pipeline was last run.</p>"
         },
         "CreatedBy":{"shape":"UserContext"},
-        "LastModifiedBy":{"shape":"UserContext"}
+        "LastModifiedBy":{"shape":"UserContext"},
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>Lists the parallelism configuration applied to the pipeline.</p>"
+        }
       }
     },
     "DescribeProcessingJobRequest":{
@@ -11141,7 +11629,7 @@
       "required":["TrialComponentName"],
       "members":{
         "TrialComponentName":{
-          "shape":"ExperimentEntityName",
+          "shape":"ExperimentEntityNameOrArn",
           "documentation":"<p>The name of the trial component to describe.</p>"
         }
       }
@@ -11209,6 +11697,10 @@
         "Metrics":{
           "shape":"TrialComponentMetricSummaries",
           "documentation":"<p>The metrics for the component.</p>"
+        },
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
         }
       }
     },
@@ -11581,6 +12073,14 @@
         "Disabled"
       ]
     },
+    "Direction":{
+      "type":"string",
+      "enum":[
+        "Both",
+        "Ascendants",
+        "Descendants"
+      ]
+    },
     "DirectoryPath":{
       "type":"string",
       "max":4096,
@@ -11730,6 +12230,107 @@
       ]
     },
     "DoubleParameterValue":{"type":"double"},
+    "DriftCheckBaselines":{
+      "type":"structure",
+      "members":{
+        "Bias":{
+          "shape":"DriftCheckBias",
+          "documentation":"<p>Represents the drift check bias baselines that can be used when the model monitor is set using the model package. </p>"
+        },
+        "Explainability":{
+          "shape":"DriftCheckExplainability",
+          "documentation":"<p>Represents the drift check explainability baselines that can be used when the model monitor is set using the model package. </p>"
+        },
+        "ModelQuality":{
+          "shape":"DriftCheckModelQuality",
+          "documentation":"<p>Represents the drift check model quality baselines that can be used when the model monitor is set using the model package.</p>"
+        },
+        "ModelDataQuality":{
+          "shape":"DriftCheckModelDataQuality",
+          "documentation":"<p>Represents the drift check model data quality baselines that can be used when the model monitor is set using the model package.</p>"
+        }
+      },
+      "documentation":"<p>Represents the drift check baselines that can be used when the model monitor is set using the model package. </p>"
+    },
+    "DriftCheckBias":{
+      "type":"structure",
+      "members":{
+        "ConfigFile":{
+          "shape":"FileSource",
+          "documentation":"<p>The bias config file for a model.</p>"
+        },
+        "PreTrainingConstraints":{"shape":"MetricsSource"},
+        "PostTrainingConstraints":{"shape":"MetricsSource"}
+      },
+      "documentation":"<p>Represents the drift check bias baselines that can be used when the model monitor is set using the model package.</p>"
+    },
+    "DriftCheckExplainability":{
+      "type":"structure",
+      "members":{
+        "Constraints":{"shape":"MetricsSource"},
+        "ConfigFile":{
+          "shape":"FileSource",
+          "documentation":"<p>The explainability config file for the model.</p>"
+        }
+      },
+      "documentation":"<p>Represents the drift check explainability baselines that can be used when the model monitor is set using the model package. </p>"
+    },
+    "DriftCheckModelDataQuality":{
+      "type":"structure",
+      "members":{
+        "Statistics":{"shape":"MetricsSource"},
+        "Constraints":{"shape":"MetricsSource"}
+      },
+      "documentation":"<p>Represents the drift check data quality baselines that can be used when the model monitor is set using the model package. </p>"
+    },
+    "DriftCheckModelQuality":{
+      "type":"structure",
+      "members":{
+        "Statistics":{"shape":"MetricsSource"},
+        "Constraints":{"shape":"MetricsSource"}
+      },
+      "documentation":"<p>Represents the drift check model quality baselines that can be used when the model monitor is set using the model package. </p>"
+    },
+    "EMRStepMetadata":{
+      "type":"structure",
+      "members":{
+        "ClusterId":{
+          "shape":"String256",
+          "documentation":"<p>The identifier of the EMR cluster.</p>"
+        },
+        "StepId":{
+          "shape":"String256",
+          "documentation":"<p>The identifier of the EMR cluster step.</p>"
+        },
+        "StepName":{
+          "shape":"String256",
+          "documentation":"<p>The name of the EMR cluster step.</p>"
+        },
+        "LogFilePath":{
+          "shape":"String1024",
+          "documentation":"<p>The path to the log file where the cluster step's failure root cause is recorded.</p>"
+        }
+      },
+      "documentation":"<p>The configurations and outcomes of an Amazon EMR step execution.</p>"
+    },
+    "Edge":{
+      "type":"structure",
+      "members":{
+        "SourceArn":{
+          "shape":"AssociationEntityArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the source lineage entity of the directed edge.</p>"
+        },
+        "DestinationArn":{
+          "shape":"AssociationEntityArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the destination lineage entity of the directed edge.</p>"
+        },
+        "AssociationType":{
+          "shape":"AssociationEdgeType",
+          "documentation":"<p>The type of the Association(Edge) between the source and destination. For example <code>ContributedTo</code>, <code>Produced</code>, or <code>DerivedFrom</code>.</p>"
+        }
+      },
+      "documentation":"<p>A directed edge connecting two lineage entities.</p>"
+    },
     "EdgeModel":{
       "type":"structure",
       "required":[
@@ -11956,6 +12557,10 @@
       "min":1,
       "pattern":"[a-zA-Z0-9\\ \\_\\.]+"
     },
+    "Edges":{
+      "type":"list",
+      "member":{"shape":"Edge"}
+    },
     "EfsUid":{
       "type":"string",
       "max":10,
@@ -12134,6 +12739,31 @@
       },
       "documentation":"<p>Input object for the endpoint</p>"
     },
+    "EndpointInputConfiguration":{
+      "type":"structure",
+      "required":["InstanceType"],
+      "members":{
+        "InstanceType":{
+          "shape":"ProductionVariantInstanceType",
+          "documentation":"<p>The instance types to use for the load test.</p>"
+        },
+        "InferenceSpecificationName":{
+          "shape":"InferenceSpecificationName",
+          "documentation":"<p>The inference specification name in the model package version.</p>"
+        },
+        "EnvironmentParameterRanges":{
+          "shape":"EnvironmentParameterRanges",
+          "documentation":"<p> The parameter you want to benchmark against.</p>"
+        }
+      },
+      "documentation":"<p>The endpoint configuration for the load test.</p>"
+    },
+    "EndpointInputConfigurations":{
+      "type":"list",
+      "member":{"shape":"EndpointInputConfiguration"},
+      "max":10,
+      "min":1
+    },
     "EndpointName":{
       "type":"string",
       "max":63,
@@ -12144,6 +12774,34 @@
       "max":63,
       "pattern":"[a-zA-Z0-9-]+"
     },
+    "EndpointOutputConfiguration":{
+      "type":"structure",
+      "required":[
+        "EndpointName",
+        "VariantName",
+        "InstanceType",
+        "InitialInstanceCount"
+      ],
+      "members":{
+        "EndpointName":{
+          "shape":"String",
+          "documentation":"<p>The name of the endpoint made during a recommendation job.</p>"
+        },
+        "VariantName":{
+          "shape":"String",
+          "documentation":"<p>The name of the production variant (deployed model) made during a recommendation job.</p>"
+        },
+        "InstanceType":{
+          "shape":"ProductionVariantInstanceType",
+          "documentation":"<p>The instance type recommended by Amazon SageMaker Inference Recommender.</p>"
+        },
+        "InitialInstanceCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of instances recommended to launch initially.</p>"
+        }
+      },
+      "documentation":"<p>The endpoint configuration made by Inference Recommender during a recommendation job.</p>"
+    },
     "EndpointSortKey":{
       "type":"string",
       "enum":[
@@ -12224,6 +12882,45 @@
       "value":{"shape":"EnvironmentValue"},
       "max":16
     },
+    "EnvironmentParameter":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "ValueType",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"String",
+          "documentation":"<p>The environment key suggested by the Amazon SageMaker Inference Recommender.</p>"
+        },
+        "ValueType":{
+          "shape":"String",
+          "documentation":"<p>The value type suggested by the Amazon SageMaker Inference Recommender.</p>"
+        },
+        "Value":{
+          "shape":"String",
+          "documentation":"<p>The value suggested by the Amazon SageMaker Inference Recommender.</p>"
+        }
+      },
+      "documentation":"<p>A list of environment parameters suggested by the Amazon SageMaker Inference Recommender.</p>"
+    },
+    "EnvironmentParameterRanges":{
+      "type":"structure",
+      "members":{
+        "CategoricalParameterRanges":{
+          "shape":"CategoricalParameters",
+          "documentation":"<p>Specified a list of parameters for each category.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the range of environment parameters</p>"
+    },
+    "EnvironmentParameters":{
+      "type":"list",
+      "member":{"shape":"EnvironmentParameter"},
+      "max":10,
+      "min":1
+    },
     "EnvironmentValue":{
       "type":"string",
       "max":1024,
@@ -12320,6 +13017,12 @@
       "min":1,
       "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,119}"
     },
+    "ExperimentEntityNameOrArn":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:(experiment|experiment-trial|experiment-trial-component|artifact|action|context)\\/)?([a-zA-Z0-9](-*[a-zA-Z0-9]){0,119})"
+    },
     "ExperimentSource":{
       "type":"structure",
       "required":["SourceArn"],
@@ -12390,6 +13093,16 @@
       "type":"string",
       "min":1
     },
+    "FailStepMetadata":{
+      "type":"structure",
+      "members":{
+        "ErrorMessage":{
+          "shape":"String3072",
+          "documentation":"<p>A message that you define and then is processed and rendered by the Fail step when the error occurs.</p>"
+        }
+      },
+      "documentation":"<p>The container for the metadata for Fail step.</p>"
+    },
     "FailureReason":{
       "type":"string",
       "max":1024
@@ -12563,6 +13276,25 @@
         "String"
       ]
     },
+    "FileSource":{
+      "type":"structure",
+      "required":["S3Uri"],
+      "members":{
+        "ContentType":{
+          "shape":"ContentType",
+          "documentation":"<p>The type of content stored in the file source.</p>"
+        },
+        "ContentDigest":{
+          "shape":"ContentDigest",
+          "documentation":"<p>The digest of the file source.</p>"
+        },
+        "S3Uri":{
+          "shape":"S3Uri",
+          "documentation":"<p>The Amazon S3 URI for the file source.</p>"
+        }
+      },
+      "documentation":"<p>Contains details regarding the file source.</p>"
+    },
     "FileSystemAccessMode":{
       "type":"string",
       "enum":[
@@ -12894,6 +13626,29 @@
         }
       }
     },
+    "GetLineageGroupPolicyRequest":{
+      "type":"structure",
+      "required":["LineageGroupName"],
+      "members":{
+        "LineageGroupName":{
+          "shape":"LineageGroupNameOrArn",
+          "documentation":"<p>The name or Amazon Resource Name (ARN) of the lineage group.</p>"
+        }
+      }
+    },
+    "GetLineageGroupPolicyResponse":{
+      "type":"structure",
+      "members":{
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group.</p>"
+        },
+        "ResourcePolicy":{
+          "shape":"ResourcePolicyString",
+          "documentation":"<p>The resource policy that gives access to the lineage group in another account.</p>"
+        }
+      }
+    },
     "GetModelPackageGroupPolicyInput":{
       "type":"structure",
       "required":["ModelPackageGroupName"],
@@ -13130,11 +13885,11 @@
         },
         "TaskTimeLimitInSeconds":{
           "shape":"TaskTimeLimitInSeconds",
-          "documentation":"<p>The amount of time that a worker has to complete a task. </p> <p>If you create a custom labeling job, the maximum value for this parameter is 8 hours (28,800 seconds).</p> <p>If you create a labeling job using a <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-task-types.html\">built-in task type</a> the maximum for this parameter depends on the task type you use:</p> <ul> <li> <p>For <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-label-images.html\">image</a> and <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-label-text.html\">text</a> labeling jobs, the maximum is 8 hours (28,800 seconds).</p> </li> <li> <p>For <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-point-cloud.html\">3D point cloud</a> and <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-video.html\">video frame</a> labeling jobs, the maximum is 7 days (604,800 seconds). If you want to change these limits, contact Amazon Web Services Support.</p> </li> </ul>"
+          "documentation":"<p>The amount of time that a worker has to complete a task. </p> <p>If you create a custom labeling job, the maximum value for this parameter is 8 hours (28,800 seconds).</p> <p>If you create a labeling job using a <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-task-types.html\">built-in task type</a> the maximum for this parameter depends on the task type you use:</p> <ul> <li> <p>For <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-label-images.html\">image</a> and <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-label-text.html\">text</a> labeling jobs, the maximum is 8 hours (28,800 seconds).</p> </li> <li> <p>For <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-point-cloud.html\">3D point cloud</a> and <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/sms-video.html\">video frame</a> labeling jobs, the maximum is 30 days (2952,000 seconds) for non-AL mode. For most users, the maximum is also 30 days.</p> </li> </ul>"
         },
         "TaskAvailabilityLifetimeInSeconds":{
           "shape":"TaskAvailabilityLifetimeInSeconds",
-          "documentation":"<p>The length of time that a task remains available for labeling by human workers. The default and maximum values for this parameter depend on the type of workforce you use.</p> <ul> <li> <p>If you choose the Amazon Mechanical Turk workforce, the maximum is 12 hours (43,200 seconds). The default is 6 hours (21,600 seconds).</p> </li> <li> <p>If you choose a private or vendor workforce, the default value is 10 days (864,000 seconds). For most users, the maximum is also 10 days. If you want to change this limit, contact Amazon Web Services Support.</p> </li> </ul>"
+          "documentation":"<p>The length of time that a task remains available for labeling by human workers. The default and maximum values for this parameter depend on the type of workforce you use.</p> <ul> <li> <p>If you choose the Amazon Mechanical Turk workforce, the maximum is 12 hours (43,200 seconds). The default is 6 hours (21,600 seconds).</p> </li> <li> <p>If you choose a private or vendor workforce, the default value is 30 days (2592,000 seconds) for non-AL mode. For most users, the maximum is also 30 days.</p> </li> </ul>"
         },
         "MaxConcurrentTaskCount":{
           "shape":"MaxConcurrentTaskCount",
@@ -13873,6 +14628,95 @@
       "type":"string",
       "max":256
     },
+    "InferenceRecommendation":{
+      "type":"structure",
+      "required":[
+        "Metrics",
+        "EndpointConfiguration",
+        "ModelConfiguration"
+      ],
+      "members":{
+        "Metrics":{
+          "shape":"RecommendationMetrics",
+          "documentation":"<p>The metrics used to decide what recommendation to make.</p>"
+        },
+        "EndpointConfiguration":{
+          "shape":"EndpointOutputConfiguration",
+          "documentation":"<p>Defines the endpoint configuration parameters.</p>"
+        },
+        "ModelConfiguration":{
+          "shape":"ModelConfiguration",
+          "documentation":"<p>Defines the model configuration.</p>"
+        }
+      },
+      "documentation":"<p>A list of recommendations made by Amazon SageMaker Inference Recommender.</p>"
+    },
+    "InferenceRecommendations":{
+      "type":"list",
+      "member":{"shape":"InferenceRecommendation"},
+      "max":10,
+      "min":1
+    },
+    "InferenceRecommendationsJob":{
+      "type":"structure",
+      "required":[
+        "JobName",
+        "JobDescription",
+        "JobType",
+        "JobArn",
+        "Status",
+        "CreationTime",
+        "RoleArn",
+        "LastModifiedTime"
+      ],
+      "members":{
+        "JobName":{
+          "shape":"RecommendationJobName",
+          "documentation":"<p>The name of the job.</p>"
+        },
+        "JobDescription":{
+          "shape":"RecommendationJobDescription",
+          "documentation":"<p>The job description.</p>"
+        },
+        "JobType":{
+          "shape":"RecommendationJobType",
+          "documentation":"<p>The recommendation job type.</p>"
+        },
+        "JobArn":{
+          "shape":"RecommendationJobArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the recommendation job.</p>"
+        },
+        "Status":{
+          "shape":"RecommendationJobStatus",
+          "documentation":"<p>The status of the job.</p>"
+        },
+        "CreationTime":{
+          "shape":"CreationTime",
+          "documentation":"<p>A timestamp that shows when the job was created.</p>"
+        },
+        "CompletionTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp that shows when the job completed.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"LastModifiedTime",
+          "documentation":"<p>A timestamp that shows when the job was last modified.</p>"
+        },
+        "FailureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>If the job fails, provides information why the job failed.</p>"
+        }
+      },
+      "documentation":"<p>A structure that contains a list of recommendation jobs.</p>"
+    },
+    "InferenceRecommendationsJobs":{
+      "type":"list",
+      "member":{"shape":"InferenceRecommendationsJob"}
+    },
     "InferenceSpecification":{
       "type":"structure",
       "required":[
@@ -13904,6 +14748,16 @@
       },
       "documentation":"<p>Defines how to perform inference generation after a training job is run.</p>"
     },
+    "InferenceSpecificationName":{
+      "type":"string",
+      "max":63,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,62}$"
+    },
+    "InitialNumberOfUsers":{
+      "type":"integer",
+      "min":1
+    },
     "InitialTaskCount":{
       "type":"integer",
       "min":1
@@ -13930,7 +14784,7 @@
         },
         "FrameworkVersion":{
           "shape":"FrameworkVersion",
-          "documentation":"<p>Specifies the framework version to use.</p> <p>This API field is only supported for PyTorch framework versions <code>1.4</code>, <code>1.5</code>, and <code>1.6</code> for cloud instance target devices: <code>ml_c4</code>, <code>ml_c5</code>, <code>ml_m4</code>, <code>ml_m5</code>, <code>ml_p2</code>, <code>ml_p3</code>, and <code>ml_g4dn</code>.</p>"
+          "documentation":"<p>Specifies the framework version to use. This API field is only supported for the PyTorch and TensorFlow frameworks.</p> <p>For information about framework versions supported for cloud targets and edge devices, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/neo-supported-cloud.html\">Cloud Supported Instance Types and Frameworks</a> and <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/neo-supported-devices-edge-frameworks.html\">Edge Supported Frameworks</a>.</p>"
         }
       },
       "documentation":"<p>Contains information about the location of input model artifacts, the name and shape of the expected data inputs, and the framework in which the model was trained.</p>"
@@ -14071,6 +14925,7 @@
       "max":20,
       "min":0
     },
+    "IntegerValue":{"type":"integer"},
     "InvocationsMaxRetries":{
       "type":"integer",
       "max":3,
@@ -14085,6 +14940,10 @@
       "type":"string",
       "pattern":"^arn:aws[a-z\\-]*:iam::\\d{12}:rolealias/?[a-zA-Z_0-9+=,.@\\-_/]+$"
     },
+    "JobDurationInSeconds":{
+      "type":"integer",
+      "min":1
+    },
     "JobReferenceCode":{
       "type":"string",
       "min":1,
@@ -14196,6 +15055,12 @@
       "max":1,
       "min":1
     },
+    "Key":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".+"
+    },
     "KmsKeyId":{
       "type":"string",
       "max":2048,
@@ -14557,6 +15422,56 @@
       "value":{"shape":"StringParameterValue"},
       "max":30
     },
+    "LineageGroupArn":{
+      "type":"string",
+      "max":256,
+      "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:lineage-group/.*"
+    },
+    "LineageGroupNameOrArn":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:lineage-group\\/)?([a-zA-Z0-9](-*[a-zA-Z0-9]){0,119})"
+    },
+    "LineageGroupSummaries":{
+      "type":"list",
+      "member":{"shape":"LineageGroupSummary"}
+    },
+    "LineageGroupSummary":{
+      "type":"structure",
+      "members":{
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group resource.</p>"
+        },
+        "LineageGroupName":{
+          "shape":"ExperimentEntityName",
+          "documentation":"<p>The name or Amazon Resource Name (ARN) of the lineage group.</p>"
+        },
+        "DisplayName":{
+          "shape":"ExperimentEntityName",
+          "documentation":"<p>The display name of the lineage group summary.</p>"
+        },
+        "CreationTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The creation time of the lineage group summary.</p>"
+        },
+        "LastModifiedTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The last modified time of the lineage group summary.</p>"
+        }
+      },
+      "documentation":"<p>Lists a summary of the properties of a lineage group. A lineage group provides a group of shareable lineage entity resources.</p>"
+    },
+    "LineageType":{
+      "type":"string",
+      "enum":[
+        "TrialComponent",
+        "Artifact",
+        "Context",
+        "Action"
+      ]
+    },
     "ListActionsRequest":{
       "type":"structure",
       "members":{
@@ -15854,6 +16769,73 @@
         }
       }
     },
+    "ListInferenceRecommendationsJobsRequest":{
+      "type":"structure",
+      "members":{
+        "CreationTimeAfter":{
+          "shape":"CreationTime",
+          "documentation":"<p>A filter that returns only jobs created after the specified time (timestamp).</p>"
+        },
+        "CreationTimeBefore":{
+          "shape":"CreationTime",
+          "documentation":"<p>A filter that returns only jobs created before the specified time (timestamp).</p>"
+        },
+        "LastModifiedTimeAfter":{
+          "shape":"LastModifiedTime",
+          "documentation":"<p>A filter that returns only jobs that were last modified after the specified time (timestamp).</p>"
+        },
+        "LastModifiedTimeBefore":{
+          "shape":"LastModifiedTime",
+          "documentation":"<p>A filter that returns only jobs that were last modified before the specified time (timestamp).</p>"
+        },
+        "NameContains":{
+          "shape":"NameContains",
+          "documentation":"<p>A string in the job name. This filter returns only recommendations whose name contains the specified string.</p>"
+        },
+        "StatusEquals":{
+          "shape":"RecommendationJobStatus",
+          "documentation":"<p>A filter that retrieves only inference recommendations jobs with a specific status.</p>"
+        },
+        "SortBy":{
+          "shape":"ListInferenceRecommendationsJobsSortBy",
+          "documentation":"<p>The parameter by which to sort the results.</p>"
+        },
+        "SortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The sort order for the results.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response to a previous <code>ListInferenceRecommendationsJobsRequest</code> request was truncated, the response includes a <code>NextToken</code>. To retrieve the next set of recommendations, use the token in the next request.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of recommendations to return in the response.</p>"
+        }
+      }
+    },
+    "ListInferenceRecommendationsJobsResponse":{
+      "type":"structure",
+      "required":["InferenceRecommendationsJobs"],
+      "members":{
+        "InferenceRecommendationsJobs":{
+          "shape":"InferenceRecommendationsJobs",
+          "documentation":"<p>The recommendations created from the Amazon SageMaker Inference Recommender job.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token for getting the next set of recommendations, if there are any.</p>"
+        }
+      }
+    },
+    "ListInferenceRecommendationsJobsSortBy":{
+      "type":"string",
+      "enum":[
+        "Name",
+        "CreationTime",
+        "Status"
+      ]
+    },
     "ListLabelingJobsForWorkteamRequest":{
       "type":"structure",
       "required":["WorkteamArn"],
@@ -15972,6 +16954,48 @@
       "type":"list",
       "member":{"shape":"StringParameterValue"}
     },
+    "ListLineageGroupsRequest":{
+      "type":"structure",
+      "members":{
+        "CreatedAfter":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp to filter against lineage groups created after a certain point in time.</p>"
+        },
+        "CreatedBefore":{
+          "shape":"Timestamp",
+          "documentation":"<p>A timestamp to filter against lineage groups created before a certain point in time.</p>"
+        },
+        "SortBy":{
+          "shape":"SortLineageGroupsBy",
+          "documentation":"<p>The parameter by which to sort the results. The default is <code>CreationTime</code>.</p>"
+        },
+        "SortOrder":{
+          "shape":"SortOrder",
+          "documentation":"<p>The sort order for the results. The default is <code>Ascending</code>.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, SageMaker returns this token. To retrieve the next set of algorithms, use it in the subsequent request.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of endpoints to return in the response. This value defaults to 10.</p>"
+        }
+      }
+    },
+    "ListLineageGroupsResponse":{
+      "type":"structure",
+      "members":{
+        "LineageGroupSummaries":{
+          "shape":"LineageGroupSummaries",
+          "documentation":"<p>A list of lineage groups and their properties.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response is truncated, SageMaker returns this token. To retrieve the next set of algorithms, use it in the subsequent request.</p>"
+        }
+      }
+    },
     "ListMaxResults":{
       "type":"integer",
       "max":100
@@ -16078,6 +17102,37 @@
         }
       }
     },
+    "ListModelMetadataRequest":{
+      "type":"structure",
+      "members":{
+        "SearchExpression":{
+          "shape":"ModelMetadataSearchExpression",
+          "documentation":"<p>One or more filters that searches for the specified resource or resources in a search. All resource objects that satisfy the expression's condition are included in the search results. Specify the Framework, FrameworkVersion, Domain or Task to filter supported. Filter names and values are case-sensitive.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If the response to a previous <code>ListModelMetadataResponse</code> request was truncated, the response includes a NextToken. To retrieve the next set of model metadata, use the token in the next request.</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of models to return in the response.</p>"
+        }
+      }
+    },
+    "ListModelMetadataResponse":{
+      "type":"structure",
+      "required":["ModelMetadataSummaries"],
+      "members":{
+        "ModelMetadataSummaries":{
+          "shape":"ModelMetadataSummaries",
+          "documentation":"<p>A structure that holds model metadata.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>A token for getting the next set of recommendations, if there are any.</p>"
+        }
+      }
+    },
     "ListModelPackageGroupsInput":{
       "type":"structure",
       "members":{
@@ -16154,7 +17209,7 @@
         },
         "ModelPackageType":{
           "shape":"ModelPackageType",
-          "documentation":"<p>A filter that returns onlyl the model packages of the specified type. This can be one of the following values.</p> <ul> <li> <p> <code>VERSIONED</code> - List only versioned models.</p> </li> <li> <p> <code>UNVERSIONED</code> - List only unversioined models.</p> </li> <li> <p> <code>BOTH</code> - List both versioned and unversioned models.</p> </li> </ul>"
+          "documentation":"<p>A filter that returns only the model packages of the specified type. This can be one of the following values.</p> <ul> <li> <p> <code>UNVERSIONED</code> - List only unversioined models. This is the default value if no <code>ModelPackageType</code> is specified.</p> </li> <li> <p> <code>VERSIONED</code> - List only versioned models.</p> </li> <li> <p> <code>BOTH</code> - List both versioned and unversioned models.</p> </li> </ul>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -17381,10 +18436,22 @@
       "type":"integer",
       "min":1
     },
+    "MaxNumberOfTests":{
+      "type":"integer",
+      "min":1
+    },
     "MaxNumberOfTrainingJobs":{
       "type":"integer",
       "min":1
     },
+    "MaxParallelExecutionSteps":{
+      "type":"integer",
+      "min":1
+    },
+    "MaxParallelOfTests":{
+      "type":"integer",
+      "min":1
+    },
     "MaxParallelTrainingJobs":{
       "type":"integer",
       "min":1
@@ -17680,6 +18747,20 @@
       },
       "documentation":"<p>Configures the timeout and maximum number of retries for processing a transform job invocation.</p>"
     },
+    "ModelConfiguration":{
+      "type":"structure",
+      "members":{
+        "InferenceSpecificationName":{
+          "shape":"InferenceSpecificationName",
+          "documentation":"<p>The inference specification name in the model package version.</p>"
+        },
+        "EnvironmentParameters":{
+          "shape":"EnvironmentParameters",
+          "documentation":"<p>Defines the environment parameters that includes key, value types, and values.</p>"
+        }
+      },
+      "documentation":"<p>Defines the model configuration. Includes the specification name and environment parameters.</p>"
+    },
     "ModelDataQuality":{
       "type":"structure",
       "members":{
@@ -17769,6 +18850,121 @@
       },
       "documentation":"<p>Inputs for the model explainability job.</p>"
     },
+    "ModelInput":{
+      "type":"structure",
+      "required":["DataInputConfig"],
+      "members":{
+        "DataInputConfig":{
+          "shape":"DataInputConfig",
+          "documentation":"<p>The input configuration object for the model.</p>"
+        }
+      },
+      "documentation":"<p>Input object for the model.</p>"
+    },
+    "ModelInsightsLocation":{
+      "type":"string",
+      "min":1
+    },
+    "ModelLatencyThreshold":{
+      "type":"structure",
+      "members":{
+        "Percentile":{
+          "shape":"String64",
+          "documentation":"<p>The model latency percentile threshold.</p>"
+        },
+        "ValueInMilliseconds":{
+          "shape":"Integer",
+          "documentation":"<p>The model latency percentile value in milliseconds.</p>"
+        }
+      },
+      "documentation":"<p>The model latency threshold.</p>"
+    },
+    "ModelLatencyThresholds":{
+      "type":"list",
+      "member":{"shape":"ModelLatencyThreshold"},
+      "max":1,
+      "min":1
+    },
+    "ModelMetadataFilter":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Value"
+      ],
+      "members":{
+        "Name":{
+          "shape":"ModelMetadataFilterType",
+          "documentation":"<p>The name of the of the model to filter by.</p>"
+        },
+        "Value":{
+          "shape":"String256",
+          "documentation":"<p>The value to filter the model metadata.</p>"
+        }
+      },
+      "documentation":"<p>Part of the search expression. You can specify the name and value (domain, task, framework, framework version, task, and model).</p>"
+    },
+    "ModelMetadataFilterType":{
+      "type":"string",
+      "enum":[
+        "Domain",
+        "Framework",
+        "Task",
+        "FrameworkVersion"
+      ]
+    },
+    "ModelMetadataFilters":{
+      "type":"list",
+      "member":{"shape":"ModelMetadataFilter"},
+      "max":4,
+      "min":1
+    },
+    "ModelMetadataSearchExpression":{
+      "type":"structure",
+      "members":{
+        "Filters":{
+          "shape":"ModelMetadataFilters",
+          "documentation":"<p>A list of filter objects.</p>"
+        }
+      },
+      "documentation":"<p>One or more filters that searches for the specified resource or resources in a search. All resource objects that satisfy the expression's condition are included in the search results</p>"
+    },
+    "ModelMetadataSummaries":{
+      "type":"list",
+      "member":{"shape":"ModelMetadataSummary"}
+    },
+    "ModelMetadataSummary":{
+      "type":"structure",
+      "required":[
+        "Domain",
+        "Framework",
+        "Task",
+        "Model",
+        "FrameworkVersion"
+      ],
+      "members":{
+        "Domain":{
+          "shape":"String",
+          "documentation":"<p>The machine learning domain of the model.</p>"
+        },
+        "Framework":{
+          "shape":"String",
+          "documentation":"<p>The machine learning framework of the model.</p>"
+        },
+        "Task":{
+          "shape":"String",
+          "documentation":"<p>The machine learning task of the model.</p>"
+        },
+        "Model":{
+          "shape":"String",
+          "documentation":"<p>The name of the model.</p>"
+        },
+        "FrameworkVersion":{
+          "shape":"String",
+          "documentation":"<p>The framework version of the model.</p>"
+        }
+      },
+      "documentation":"<p>A summary of the model metadata.</p>"
+    },
     "ModelMetrics":{
       "type":"structure",
       "members":{
@@ -17859,6 +19055,22 @@
           "shape":"ApprovalDescription",
           "documentation":"<p>A description provided when the model approval is set.</p>"
         },
+        "Domain":{
+          "shape":"String",
+          "documentation":"<p>The machine learning domain of your model package and its components. Common machine learning domains include computer vision and natural language processing.</p>"
+        },
+        "Task":{
+          "shape":"String",
+          "documentation":"<p>The machine learning task your model package accomplishes. Common machine learning tasks include object detection and image classification.</p>"
+        },
+        "SamplePayloadUrl":{
+          "shape":"String",
+          "documentation":"<p>The Amazon Simple Storage Service path where the sample payload are stored. This path must point to a single gzip compressed tar archive (.tar.gz suffix).</p>"
+        },
+        "AdditionalInferenceSpecifications":{
+          "shape":"AdditionalInferenceSpecifications",
+          "documentation":"<p>An array of additional Inference Specification objects.</p>"
+        },
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>A list of the tags associated with the model package. For more information, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html\">Tagging Amazon Web Services resources</a> in the <i>Amazon Web Services General Reference Guide</i>.</p>"
@@ -17866,6 +19078,10 @@
         "CustomerMetadataProperties":{
           "shape":"CustomerMetadataMap",
           "documentation":"<p>The metadata properties for the model package. </p>"
+        },
+        "DriftCheckBaselines":{
+          "shape":"DriftCheckBaselines",
+          "documentation":"<p>Represents the drift check baselines that can be used when the model monitor is set using the model package.</p>"
         }
       },
       "documentation":"<p>A versioned model that can be deployed for SageMaker inference.</p>"
@@ -17909,6 +19125,22 @@
         "Environment":{
           "shape":"EnvironmentMap",
           "documentation":"<p>The environment variables to set in the Docker container. Each key and value in the <code>Environment</code> string to string map can have length of up to 1024. We support up to 16 entries in the map.</p>"
+        },
+        "ModelInput":{
+          "shape":"ModelInput",
+          "documentation":"<p>A structure with Model Input details.</p>"
+        },
+        "Framework":{
+          "shape":"String",
+          "documentation":"<p>The machine learning framework of the model package container image.</p>"
+        },
+        "FrameworkVersion":{
+          "shape":"FrameworkVersion",
+          "documentation":"<p>The framework version of the Model Package Container Image.</p>"
+        },
+        "NearestModelName":{
+          "shape":"String",
+          "documentation":"<p>The name of a pre-trained machine learning benchmarked by Amazon SageMaker Inference Recommender model that matches your model. You can find a list of benchmarked models by calling <code>ListModelMetadata</code>.</p>"
         }
       },
       "documentation":"<p>Describes the Docker container for the model package.</p>"
@@ -19471,6 +20703,17 @@
       "max":8192,
       "pattern":".*"
     },
+    "ParallelismConfiguration":{
+      "type":"structure",
+      "required":["MaxParallelExecutionSteps"],
+      "members":{
+        "MaxParallelExecutionSteps":{
+          "shape":"MaxParallelExecutionSteps",
+          "documentation":"<p>The max number of steps that can be executed in parallel. </p>"
+        }
+      },
+      "documentation":"<p>Configuration that controls the parallelism of the pipeline. By default, the parallelism configuration specified applies to all executions of the pipeline unless overridden.</p>"
+    },
     "Parameter":{
       "type":"structure",
       "required":[
@@ -19595,6 +20838,104 @@
       "type":"list",
       "member":{"shape":"Parent"}
     },
+    "PendingDeploymentSummary":{
+      "type":"structure",
+      "required":["EndpointConfigName"],
+      "members":{
+        "EndpointConfigName":{
+          "shape":"EndpointConfigName",
+          "documentation":"<p>The name of the endpoint configuration used in the deployment. </p>"
+        },
+        "ProductionVariants":{
+          "shape":"PendingProductionVariantSummaryList",
+          "documentation":"<p>List of <code>PendingProductionVariantSummary</code> objects.</p>"
+        },
+        "StartTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The start time of the deployment.</p>"
+        }
+      },
+      "documentation":"<p>The summary of an in-progress deployment when an endpoint is creating or updating with a new endpoint configuration.</p>"
+    },
+    "PendingProductionVariantSummary":{
+      "type":"structure",
+      "required":["VariantName"],
+      "members":{
+        "VariantName":{
+          "shape":"VariantName",
+          "documentation":"<p>The name of the variant.</p>"
+        },
+        "DeployedImages":{
+          "shape":"DeployedImages",
+          "documentation":"<p>An array of <code>DeployedImage</code> objects that specify the Amazon EC2 Container Registry paths of the inference images deployed on instances of this <code>ProductionVariant</code>.</p>"
+        },
+        "CurrentWeight":{
+          "shape":"VariantWeight",
+          "documentation":"<p>The weight associated with the variant.</p>"
+        },
+        "DesiredWeight":{
+          "shape":"VariantWeight",
+          "documentation":"<p>The requested weight for the variant in this deployment, as specified in the endpoint configuration for the endpoint. The value is taken from the request to the <code> <a>CreateEndpointConfig</a> </code> operation.</p>"
+        },
+        "CurrentInstanceCount":{
+          "shape":"TaskCount",
+          "documentation":"<p>The number of instances associated with the variant.</p>"
+        },
+        "DesiredInstanceCount":{
+          "shape":"TaskCount",
+          "documentation":"<p>The number of instances requested in this deployment, as specified in the endpoint configuration for the endpoint. The value is taken from the request to the <code> <a>CreateEndpointConfig</a> </code> operation.</p>"
+        },
+        "InstanceType":{
+          "shape":"ProductionVariantInstanceType",
+          "documentation":"<p>The type of instances associated with the variant.</p>"
+        },
+        "AcceleratorType":{
+          "shape":"ProductionVariantAcceleratorType",
+          "documentation":"<p>The size of the Elastic Inference (EI) instance to use for the production variant. EI instances provide on-demand GPU computing for inference. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/ei.html\">Using Elastic Inference in Amazon SageMaker</a>.</p>"
+        },
+        "VariantStatus":{
+          "shape":"ProductionVariantStatusList",
+          "documentation":"<p>The endpoint variant status which describes the current deployment stage status or operational status.</p>"
+        },
+        "CurrentServerlessConfig":{
+          "shape":"ProductionVariantServerlessConfig",
+          "documentation":"<p>The serverless configuration for the endpoint.</p> <note> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </note>"
+        },
+        "DesiredServerlessConfig":{
+          "shape":"ProductionVariantServerlessConfig",
+          "documentation":"<p>The serverless configuration requested for this deployment, as specified in the endpoint configuration for the endpoint.</p> <note> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </note>"
+        }
+      },
+      "documentation":"<p>The production variant summary for a deployment when an endpoint is creating or updating with the <code> <a>CreateEndpoint</a> </code> or <code> <a>UpdateEndpoint</a> </code> operations. Describes the <code>VariantStatus </code>, weight and capacity for a production variant associated with an endpoint. </p>"
+    },
+    "PendingProductionVariantSummaryList":{
+      "type":"list",
+      "member":{"shape":"PendingProductionVariantSummary"},
+      "min":1
+    },
+    "Phase":{
+      "type":"structure",
+      "members":{
+        "InitialNumberOfUsers":{
+          "shape":"InitialNumberOfUsers",
+          "documentation":"<p>Specifies how many concurrent users to start with.</p>"
+        },
+        "SpawnRate":{
+          "shape":"SpawnRate",
+          "documentation":"<p>Specified how many new users to spawn in a minute.</p>"
+        },
+        "DurationInSeconds":{
+          "shape":"TrafficDurationInSeconds",
+          "documentation":"<p>Specifies how long traffic phase should be.</p>"
+        }
+      },
+      "documentation":"<p>Defines the traffic pattern.</p>"
+    },
+    "Phases":{
+      "type":"list",
+      "member":{"shape":"Phase"},
+      "min":1
+    },
     "Pipeline":{
       "type":"structure",
       "members":{
@@ -19636,6 +20977,10 @@
         },
         "CreatedBy":{"shape":"UserContext"},
         "LastModifiedBy":{"shape":"UserContext"},
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>The parallelism configuration applied to the pipeline.</p>"
+        },
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>A list of tags that apply to the pipeline.</p>"
@@ -19654,6 +20999,28 @@
       "min":1,
       "pattern":".*(?:[ \\r\\n\\t].*)*"
     },
+    "PipelineDefinitionS3Location":{
+      "type":"structure",
+      "required":[
+        "Bucket",
+        "ObjectKey"
+      ],
+      "members":{
+        "Bucket":{
+          "shape":"BucketName",
+          "documentation":"<p>Name of the S3 bucket.</p>"
+        },
+        "ObjectKey":{
+          "shape":"Key",
+          "documentation":"<p>The object key (or key name) uniquely identifies the object in an S3 bucket. </p>"
+        },
+        "VersionId":{
+          "shape":"VersionId",
+          "documentation":"<p>Version Id of the pipeline definition file. If not specified, Amazon SageMaker will retrieve the latest version.</p>"
+        }
+      },
+      "documentation":"<p>The location of the pipeline definition stored in Amazon S3.</p>"
+    },
     "PipelineDescription":{
       "type":"string",
       "max":3072,
@@ -19698,6 +21065,10 @@
         },
         "CreatedBy":{"shape":"UserContext"},
         "LastModifiedBy":{"shape":"UserContext"},
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>The parallelism configuration applied to the pipeline execution.</p>"
+        },
         "PipelineParameters":{
           "shape":"ParameterList",
           "documentation":"<p>Contains a list of pipeline parameters. This list can be empty. </p>"
@@ -19744,6 +21115,14 @@
           "shape":"StepName",
           "documentation":"<p>The name of the step that is executed.</p>"
         },
+        "StepDisplayName":{
+          "shape":"StepDisplayName",
+          "documentation":"<p>The display name of the step.</p>"
+        },
+        "StepDescription":{
+          "shape":"StepDescription",
+          "documentation":"<p>The description of the step.</p>"
+        },
         "StartTime":{
           "shape":"Timestamp",
           "documentation":"<p>The time that the step started executing.</p>"
@@ -19760,6 +21139,10 @@
           "shape":"CacheHitResult",
           "documentation":"<p>If this pipeline execution step was cached, details on the cache hit.</p>"
         },
+        "AttemptCount":{
+          "shape":"IntegerValue",
+          "documentation":"<p>The current attempt of the execution step. For more information, see <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/pipelines-retry-policy.html\">Retry Policy for SageMaker Pipelines steps</a>.</p>"
+        },
         "FailureReason":{
           "shape":"FailureReason",
           "documentation":"<p>The reason why the step failed execution. This is only returned if the step failed its execution.</p>"
@@ -19815,6 +21198,22 @@
         "Lambda":{
           "shape":"LambdaStepMetadata",
           "documentation":"<p>The Amazon Resource Name (ARN) of the Lambda function that was run by this step execution and a list of output parameters.</p>"
+        },
+        "QualityCheck":{
+          "shape":"QualityCheckStepMetadata",
+          "documentation":"<p>The configurations and outcomes of the check step execution. This includes: </p> <ul> <li> <p>The type of the check conducted,</p> </li> <li> <p>The Amazon S3 URIs of baseline constraints and statistics files to be used for the drift check.</p> </li> <li> <p>The Amazon S3 URIs of newly calculated baseline constraints and statistics.</p> </li> <li> <p>The model package group name provided.</p> </li> <li> <p>The Amazon S3 URI of the violation report if violations detected.</p> </li> <li> <p>The Amazon Resource Name (ARN) of check processing job initiated by the step execution.</p> </li> <li> <p>The boolean flags indicating if the drift check is skipped.</p> </li> <li> <p>If step property <code>BaselineUsedForDriftCheck</code> is set the same as <code>CalculatedBaseline</code>.</p> </li> </ul>"
+        },
+        "ClarifyCheck":{
+          "shape":"ClarifyCheckStepMetadata",
+          "documentation":"<p>Container for the metadata for a Clarify check step. The configurations and outcomes of the check step execution. This includes: </p> <ul> <li> <p>The type of the check conducted,</p> </li> <li> <p>The Amazon S3 URIs of baseline constraints and statistics files to be used for the drift check.</p> </li> <li> <p>The Amazon S3 URIs of newly calculated baseline constraints and statistics.</p> </li> <li> <p>The model package group name provided.</p> </li> <li> <p>The Amazon S3 URI of the violation report if violations detected.</p> </li> <li> <p>The Amazon Resource Name (ARN) of check processing job initiated by the step execution.</p> </li> <li> <p>The boolean flags indicating if the drift check is skipped.</p> </li> <li> <p>If step property <code>BaselineUsedForDriftCheck</code> is set the same as <code>CalculatedBaseline</code>.</p> </li> </ul>"
+        },
+        "EMR":{
+          "shape":"EMRStepMetadata",
+          "documentation":"<p>The configurations and outcomes of an EMR step execution.</p>"
+        },
+        "Fail":{
+          "shape":"FailStepMetadata",
+          "documentation":"<p>The configurations and outcomes of a Fail step execution.</p>"
         }
       },
       "documentation":"<p>Metadata for a step execution.</p>"
@@ -19841,6 +21240,10 @@
         "PipelineExecutionDisplayName":{
           "shape":"PipelineExecutionName",
           "documentation":"<p>The display name of the pipeline execution.</p>"
+        },
+        "PipelineExecutionFailureReason":{
+          "shape":"String3072",
+          "documentation":"<p>A message generated by SageMaker Pipelines describing why the pipeline execution failed.</p>"
         }
       },
       "documentation":"<p>A pipeline execution summary.</p>"
@@ -20424,9 +21827,7 @@
       "type":"structure",
       "required":[
         "VariantName",
-        "ModelName",
-        "InitialInstanceCount",
-        "InstanceType"
+        "ModelName"
       ],
       "members":{
         "VariantName":{
@@ -20456,6 +21857,10 @@
         "CoreDumpConfig":{
           "shape":"ProductionVariantCoreDumpConfig",
           "documentation":"<p>Specifies configuration for a core dump from the model container when the process crashes.</p>"
+        },
+        "ServerlessConfig":{
+          "shape":"ProductionVariantServerlessConfig",
+          "documentation":"<p>The serverless configuration for an endpoint. Specifies a serverless endpoint configuration instead of an instance-based endpoint configuration.</p> <note> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </note>"
         }
       },
       "documentation":"<p>Identifies a model that you want to host and the resources chosen to deploy for hosting it. If you are deploying multiple models, tell Amazon SageMaker how to distribute traffic among the models by specifying variant weights. </p>"
@@ -20563,6 +21968,49 @@
       "max":10,
       "min":1
     },
+    "ProductionVariantServerlessConfig":{
+      "type":"structure",
+      "required":[
+        "MemorySizeInMB",
+        "MaxConcurrency"
+      ],
+      "members":{
+        "MemorySizeInMB":{
+          "shape":"ServerlessMemorySizeInMB",
+          "documentation":"<p>The memory size of your serverless endpoint. Valid values are in 1 GB increments: 1024 MB, 2048 MB, 3072 MB, 4096 MB, 5120 MB, or 6144 MB.</p>"
+        },
+        "MaxConcurrency":{
+          "shape":"ServerlessMaxConcurrency",
+          "documentation":"<p>The maximum number of concurrent invocations your serverless endpoint can process.</p>"
+        }
+      },
+      "documentation":"<important> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </important> <p>Specifies the serverless configuration for an endpoint variant.</p>"
+    },
+    "ProductionVariantStatus":{
+      "type":"structure",
+      "required":["Status"],
+      "members":{
+        "Status":{
+          "shape":"VariantStatus",
+          "documentation":"<p>The endpoint variant status which describes the current deployment stage status or operational status.</p> <ul> <li> <p> <code>Creating</code>: Creating inference resources for the production variant.</p> </li> <li> <p> <code>Deleting</code>: Terminating inference resources for the production variant.</p> </li> <li> <p> <code>Updating</code>: Updating capacity for the production variant.</p> </li> <li> <p> <code>ActivatingTraffic</code>: Turning on traffic for the production variant.</p> </li> <li> <p> <code>Baking</code>: Waiting period to monitor the CloudWatch alarms in the automatic rollback configuration.</p> </li> </ul>"
+        },
+        "StatusMessage":{
+          "shape":"VariantStatusMessage",
+          "documentation":"<p>A message that describes the status of the production variant.</p>"
+        },
+        "StartTime":{
+          "shape":"Timestamp",
+          "documentation":"<p>The start time of the current status change.</p>"
+        }
+      },
+      "documentation":"<p>Describes the status of the production variant.</p>"
+    },
+    "ProductionVariantStatusList":{
+      "type":"list",
+      "member":{"shape":"ProductionVariantStatus"},
+      "max":5,
+      "min":0
+    },
     "ProductionVariantSummary":{
       "type":"structure",
       "required":["VariantName"],
@@ -20590,6 +22038,18 @@
         "DesiredInstanceCount":{
           "shape":"TaskCount",
           "documentation":"<p>The number of instances requested in the <code>UpdateEndpointWeightsAndCapacities</code> request. </p>"
+        },
+        "VariantStatus":{
+          "shape":"ProductionVariantStatusList",
+          "documentation":"<p>The endpoint variant status which describes the current deployment stage status or operational status.</p>"
+        },
+        "CurrentServerlessConfig":{
+          "shape":"ProductionVariantServerlessConfig",
+          "documentation":"<p>The serverless configuration for the endpoint.</p> <note> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </note>"
+        },
+        "DesiredServerlessConfig":{
+          "shape":"ProductionVariantServerlessConfig",
+          "documentation":"<p>The serverless configuration requested for the endpoint update.</p> <note> <p>Serverless Inference is in preview release for Amazon SageMaker and is subject to change. We do not recommend using this feature in production environments.</p> </note>"
         }
       },
       "documentation":"<p>Describes weight and capacities for a production variant associated with an endpoint. If you sent a request to the <code>UpdateEndpointWeightsAndCapacities</code> API and the endpoint status is <code>Updating</code>, you get different desired and current values. </p>"
@@ -20965,6 +22425,167 @@
         }
       }
     },
+    "QualityCheckStepMetadata":{
+      "type":"structure",
+      "members":{
+        "CheckType":{
+          "shape":"String256",
+          "documentation":"<p>The type of the Quality check step.</p>"
+        },
+        "BaselineUsedForDriftCheckStatistics":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the baseline statistics file used for the drift check.</p>"
+        },
+        "BaselineUsedForDriftCheckConstraints":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the baseline constraints file used for the drift check.</p>"
+        },
+        "CalculatedBaselineStatistics":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the newly calculated baseline statistics file.</p>"
+        },
+        "CalculatedBaselineConstraints":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of the newly calculated baseline constraints file.</p>"
+        },
+        "ModelPackageGroupName":{
+          "shape":"String256",
+          "documentation":"<p>The model package group name.</p>"
+        },
+        "ViolationReport":{
+          "shape":"String1024",
+          "documentation":"<p>The Amazon S3 URI of violation report if violations are detected.</p>"
+        },
+        "CheckJobArn":{
+          "shape":"String256",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Quality check processing job that was run by this step execution.</p>"
+        },
+        "SkipCheck":{
+          "shape":"Boolean",
+          "documentation":"<p>This flag indicates if the drift check against the previous baseline will be skipped or not. If it is set to <code>False</code>, the previous baseline of the configured check type must be available.</p>"
+        },
+        "RegisterNewBaseline":{
+          "shape":"Boolean",
+          "documentation":"<p>This flag indicates if a newly calculated baseline can be accessed through step properties <code>BaselineUsedForDriftCheckConstraints</code> and <code>BaselineUsedForDriftCheckStatistics</code>. If it is set to <code>False</code>, the previous baseline of the configured check type must also be available. These can be accessed through the <code>BaselineUsedForDriftCheckConstraints</code> and <code> BaselineUsedForDriftCheckStatistics</code> properties. </p>"
+        }
+      },
+      "documentation":"<p>Container for the metadata for a Quality check step. For more information, see the topic on <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/build-and-manage-steps.html#step-type-quality-check\">QualityCheck step</a> in the <i>Amazon SageMaker Developer Guide</i>. </p>"
+    },
+    "QueryFilters":{
+      "type":"structure",
+      "members":{
+        "Types":{
+          "shape":"QueryTypes",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code> by type. For example: <code>DataSet</code>, <code>Model</code>, <code>Endpoint</code>, or <code>ModelDeployment</code>.</p>"
+        },
+        "LineageTypes":{
+          "shape":"QueryLineageTypes",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) by the type of the lineage entity.</p>"
+        },
+        "CreatedBefore":{
+          "shape":"Timestamp",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) by created date.</p>"
+        },
+        "CreatedAfter":{
+          "shape":"Timestamp",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) after the create date.</p>"
+        },
+        "ModifiedBefore":{
+          "shape":"Timestamp",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) before the last modified date.</p>"
+        },
+        "ModifiedAfter":{
+          "shape":"Timestamp",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) after the last modified date.</p>"
+        },
+        "Properties":{
+          "shape":"QueryProperties",
+          "documentation":"<p>Filter the lineage entities connected to the <code>StartArn</code>(s) by a set if property key value pairs. If multiple pairs are provided, an entity will be included in the results if it matches any of the provided pairs.</p>"
+        }
+      },
+      "documentation":"<p>A set of filters to narrow the set of lineage entities connected to the <code>StartArn</code>(s) returned by the <code>QueryLineage</code> API action.</p>"
+    },
+    "QueryLineageMaxDepth":{
+      "type":"integer",
+      "max":10
+    },
+    "QueryLineageMaxResults":{
+      "type":"integer",
+      "max":50
+    },
+    "QueryLineageRequest":{
+      "type":"structure",
+      "required":["StartArns"],
+      "members":{
+        "StartArns":{
+          "shape":"QueryLineageStartArns",
+          "documentation":"<p>A list of resource Amazon Resource Name (ARN) that represent the starting point for your lineage query.</p>"
+        },
+        "Direction":{
+          "shape":"Direction",
+          "documentation":"<p>Associations between lineage entities are directed. This parameter determines the direction from the StartArn(s) the query will look.</p>"
+        },
+        "IncludeEdges":{
+          "shape":"Boolean",
+          "documentation":"<p> Setting this value to <code>True</code> will retrieve not only the entities of interest but also the <a href=\"https://docs.aws.amazon.com/sagemaker/latest/dg/lineage-tracking-entities.html\">Associations</a> and lineage entities on the path. Set to <code>False</code> to only return lineage entities that match your query.</p>"
+        },
+        "Filters":{
+          "shape":"QueryFilters",
+          "documentation":"<p>A set of filtering parameters that allow you to specify which entities should be returned.</p> <ul> <li> <p>Properties - Key-value pairs to match on the lineage entities' properties.</p> </li> <li> <p>LineageTypes - A set of lineage entity types to match on. For example: <code>TrialComponent</code>, <code>Artifact</code>, or <code>Context</code>.</p> </li> <li> <p>CreatedBefore - Filter entities created before this date.</p> </li> <li> <p>ModifiedBefore - Filter entities modified before this date.</p> </li> <li> <p>ModifiedAfter - Filter entities modified after this date.</p> </li> </ul>"
+        },
+        "MaxDepth":{
+          "shape":"QueryLineageMaxDepth",
+          "documentation":"<p>The maximum depth in lineage relationships from the <code>StartArns</code> that will be traversed. Depth is a measure of the number of <code>Associations</code> from the <code>StartArn</code> entity to the matched results.</p>"
+        },
+        "MaxResults":{
+          "shape":"QueryLineageMaxResults",
+          "documentation":"<p>Limits the number of vertices in the results. Use the <code>NextToken</code> in a response to to retrieve the next page of results.</p>"
+        },
+        "NextToken":{
+          "shape":"String8192",
+          "documentation":"<p>Limits the number of vertices in the request. Use the <code>NextToken</code> in a response to to retrieve the next page of results.</p>"
+        }
+      }
+    },
+    "QueryLineageResponse":{
+      "type":"structure",
+      "members":{
+        "Vertices":{
+          "shape":"Vertices",
+          "documentation":"<p>A list of vertices connected to the start entity(ies) in the lineage graph.</p>"
+        },
+        "Edges":{
+          "shape":"Edges",
+          "documentation":"<p>A list of edges that connect vertices in the response.</p>"
+        },
+        "NextToken":{
+          "shape":"String8192",
+          "documentation":"<p>Limits the number of vertices in the response. Use the <code>NextToken</code> in a response to to retrieve the next page of results.</p>"
+        }
+      }
+    },
+    "QueryLineageStartArns":{
+      "type":"list",
+      "member":{"shape":"AssociationEntityArn"},
+      "max":1,
+      "min":1
+    },
+    "QueryLineageTypes":{
+      "type":"list",
+      "member":{"shape":"LineageType"},
+      "max":4
+    },
+    "QueryProperties":{
+      "type":"map",
+      "key":{"shape":"String256"},
+      "value":{"shape":"String256"},
+      "max":5
+    },
+    "QueryTypes":{
+      "type":"list",
+      "member":{"shape":"String40"},
+      "max":5
+    },
     "RSessionAppSettings":{
       "type":"structure",
       "members":{
@@ -21035,6 +22656,122 @@
       "type":"list",
       "member":{"shape":"ProductionVariantInstanceType"}
     },
+    "RecommendationJobArn":{
+      "type":"string",
+      "max":256,
+      "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:inference-recommendations-job/.*"
+    },
+    "RecommendationJobDescription":{
+      "type":"string",
+      "max":128
+    },
+    "RecommendationJobInputConfig":{
+      "type":"structure",
+      "required":["ModelPackageVersionArn"],
+      "members":{
+        "ModelPackageVersionArn":{
+          "shape":"ModelPackageArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of a versioned model package.</p>"
+        },
+        "JobDurationInSeconds":{
+          "shape":"JobDurationInSeconds",
+          "documentation":"<p>Specifies the maximum duration of the job, in seconds.&gt;</p>"
+        },
+        "TrafficPattern":{
+          "shape":"TrafficPattern",
+          "documentation":"<p>Specifies the traffic pattern of the job.</p>"
+        },
+        "ResourceLimit":{
+          "shape":"RecommendationJobResourceLimit",
+          "documentation":"<p>Defines the resource limit of the job.</p>"
+        },
+        "EndpointConfigurations":{
+          "shape":"EndpointInputConfigurations",
+          "documentation":"<p>Specifies the endpoint configuration to use for a job.</p>"
+        }
+      },
+      "documentation":"<p>The input configuration of the recommendation job.</p>"
+    },
+    "RecommendationJobName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9](-*[a-zA-Z0-9]){0,63}"
+    },
+    "RecommendationJobResourceLimit":{
+      "type":"structure",
+      "members":{
+        "MaxNumberOfTests":{
+          "shape":"MaxNumberOfTests",
+          "documentation":"<p>Defines the maximum number of load tests.</p>"
+        },
+        "MaxParallelOfTests":{
+          "shape":"MaxParallelOfTests",
+          "documentation":"<p>Defines the maximum number of parallel load tests.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the maximum number of jobs that can run in parallel and the maximum number of jobs that can run.</p>"
+    },
+    "RecommendationJobStatus":{
+      "type":"string",
+      "enum":[
+        "PENDING",
+        "IN_PROGRESS",
+        "COMPLETED",
+        "FAILED",
+        "STOPPING",
+        "STOPPED"
+      ]
+    },
+    "RecommendationJobStoppingConditions":{
+      "type":"structure",
+      "members":{
+        "MaxInvocations":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of requests per minute expected for the endpoint.</p>"
+        },
+        "ModelLatencyThresholds":{
+          "shape":"ModelLatencyThresholds",
+          "documentation":"<p>The interval of time taken by a model to respond as viewed from SageMaker. The interval includes the local communication time taken to send the request and to fetch the response from the container of a model and the time taken to complete the inference in the container.</p>"
+        }
+      },
+      "documentation":"<p>Specifies conditions for stopping a job. When a job reaches a stopping condition limit, SageMaker ends the job.</p>"
+    },
+    "RecommendationJobType":{
+      "type":"string",
+      "enum":[
+        "Default",
+        "Advanced"
+      ]
+    },
+    "RecommendationMetrics":{
+      "type":"structure",
+      "required":[
+        "CostPerHour",
+        "CostPerInference",
+        "MaxInvocations",
+        "ModelLatency"
+      ],
+      "members":{
+        "CostPerHour":{
+          "shape":"Float",
+          "documentation":"<p>Defines the cost per hour for the instance. </p>"
+        },
+        "CostPerInference":{
+          "shape":"Float",
+          "documentation":"<p>Defines the cost per inference for the instance .</p>"
+        },
+        "MaxInvocations":{
+          "shape":"Integer",
+          "documentation":"<p>The expected maximum number of requests per minute for the instance.</p>"
+        },
+        "ModelLatency":{
+          "shape":"Integer",
+          "documentation":"<p>The expected model latency at maximum invocation per minute for the instance.</p>"
+        }
+      },
+      "documentation":"<p>The metrics of recommendations.</p>"
+    },
     "RecordWrapper":{
       "type":"string",
       "enum":[
@@ -21342,6 +23079,11 @@
       "documentation":"<p>Resource being access is not found.</p>",
       "exception":true
     },
+    "ResourcePolicyString":{
+      "type":"string",
+      "max":20480,
+      "pattern":".*(?:[ \\r\\n\\t].*)*"
+    },
     "ResourcePropertyName":{
       "type":"string",
       "max":255,
@@ -21427,6 +23169,10 @@
           "shape":"IdempotencyToken",
           "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the operation. An idempotent operation completes no more than once.</p>",
           "idempotencyToken":true
+        },
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>This configuration, if specified, overrides the parallelism configuration of the parent pipeline.</p>"
         }
       }
     },
@@ -21828,6 +23574,16 @@
         }
       }
     },
+    "ServerlessMaxConcurrency":{
+      "type":"integer",
+      "max":50,
+      "min":1
+    },
+    "ServerlessMemorySizeInMB":{
+      "type":"integer",
+      "max":6144,
+      "min":1024
+    },
     "ServiceCatalogEntityId":{
       "type":"string",
       "max":100,
@@ -21971,6 +23727,13 @@
         "CreationTime"
       ]
     },
+    "SortLineageGroupsBy":{
+      "type":"string",
+      "enum":[
+        "Name",
+        "CreationTime"
+      ]
+    },
     "SortOrder":{
       "type":"string",
       "enum":[
@@ -22058,6 +23821,10 @@
       "max":2048,
       "pattern":".*"
     },
+    "SpawnRate":{
+      "type":"integer",
+      "min":0
+    },
     "SplitType":{
       "type":"string",
       "enum":[
@@ -22114,6 +23881,10 @@
           "shape":"IdempotencyToken",
           "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the operation. An idempotent operation completes no more than once.</p>",
           "idempotencyToken":true
+        },
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>This configuration, if specified, overrides the parallelism configuration of the parent pipeline for this specific run.</p>"
         }
       }
     },
@@ -22132,11 +23903,23 @@
       "pattern":".*"
     },
     "StatusMessage":{"type":"string"},
-    "StepName":{
+    "StepDescription":{
+      "type":"string",
+      "max":3072,
+      "min":0,
+      "pattern":".*"
+    },
+    "StepDisplayName":{
       "type":"string",
       "max":256,
+      "min":0,
       "pattern":".*"
     },
+    "StepName":{
+      "type":"string",
+      "max":64,
+      "pattern":"^[A-Za-z0-9\\-_]*$"
+    },
     "StepStatus":{
       "type":"string",
       "enum":[
@@ -22188,6 +23971,16 @@
         }
       }
     },
+    "StopInferenceRecommendationsJobRequest":{
+      "type":"structure",
+      "required":["JobName"],
+      "members":{
+        "JobName":{
+          "shape":"RecommendationJobName",
+          "documentation":"<p>The name of the job you want to stop.</p>"
+        }
+      }
+    },
     "StopLabelingJobRequest":{
       "type":"structure",
       "required":["LabelingJobName"],
@@ -22271,7 +24064,7 @@
       "members":{
         "TransformJobName":{
           "shape":"TransformJobName",
-          "documentation":"<p>The name of the transform job to stop.</p>"
+          "documentation":"<p>The name of the batch transform job to stop.</p>"
         }
       }
     },
@@ -22294,6 +24087,10 @@
       "type":"string",
       "max":1024
     },
+    "String128":{
+      "type":"string",
+      "max":128
+    },
     "String200":{
       "type":"string",
       "max":200,
@@ -22308,10 +24105,22 @@
       "type":"string",
       "max":256
     },
+    "String3072":{
+      "type":"string",
+      "max":3072
+    },
+    "String40":{
+      "type":"string",
+      "max":40
+    },
     "String64":{
       "type":"string",
       "max":64
     },
+    "String8192":{
+      "type":"string",
+      "max":8192
+    },
     "StringParameterValue":{
       "type":"string",
       "max":256,
@@ -22510,6 +24319,7 @@
         "qcs605",
         "qcs603",
         "sitara_am57x",
+        "amba_cv2",
         "amba_cv22",
         "amba_cv25",
         "x86_win32",
@@ -22547,7 +24357,8 @@
       "enum":[
         "INTEL_GRAPHICS",
         "MALI",
-        "NVIDIA"
+        "NVIDIA",
+        "NNA"
       ]
     },
     "TargetPlatformArch":{
@@ -22666,6 +24477,24 @@
       "pattern":"[a-zA-Z0-9:_-]+"
     },
     "Timestamp":{"type":"timestamp"},
+    "TrafficDurationInSeconds":{
+      "type":"integer",
+      "min":1
+    },
+    "TrafficPattern":{
+      "type":"structure",
+      "members":{
+        "TrafficType":{
+          "shape":"TrafficType",
+          "documentation":"<p>Defines the traffic patterns.</p>"
+        },
+        "Phases":{
+          "shape":"Phases",
+          "documentation":"<p>Defines the phases traffic specification.</p>"
+        }
+      },
+      "documentation":"<p>Defines the traffic pattern of the load test.</p>"
+    },
     "TrafficRoutingConfig":{
       "type":"structure",
       "required":[
@@ -22675,26 +24504,35 @@
       "members":{
         "Type":{
           "shape":"TrafficRoutingConfigType",
-          "documentation":"<p/>"
+          "documentation":"<p>Traffic routing strategy type.</p> <ul> <li> <p> <code>ALL_AT_ONCE</code>: Endpoint traffic shifts to the new fleet in a single step. </p> </li> <li> <p> <code>CANARY</code>: Endpoint traffic shifts to the new fleet in two steps. The first step is the canary, which is a small portion of the traffic. The second step is the remainder of the traffic. </p> </li> <li> <p> <code>LINEAR</code>: Endpoint traffic shifts to the new fleet in n steps of a configurable size. </p> </li> </ul>"
         },
         "WaitIntervalInSeconds":{
           "shape":"WaitIntervalInSeconds",
-          "documentation":"<p/>"
+          "documentation":"<p>The waiting time (in seconds) between incremental steps to turn on traffic on the new endpoint fleet.</p>"
         },
         "CanarySize":{
           "shape":"CapacitySize",
-          "documentation":"<p/>"
+          "documentation":"<p>Batch size for the first step to turn on traffic on the new endpoint fleet. <code>Value</code> must be less than or equal to 50% of the variant's total instance count.</p>"
+        },
+        "LinearStepSize":{
+          "shape":"CapacitySize",
+          "documentation":"<p>Batch size for each step to turn on traffic on the new endpoint fleet. <code>Value</code> must be 10-50% of the variant's total instance count.</p>"
         }
       },
-      "documentation":"<p>Currently, the <code>TrafficRoutingConfig</code> API is not supported.</p>"
+      "documentation":"<p>Defines the traffic routing strategy during an endpoint deployment to shift traffic from the old fleet to the new fleet.</p>"
     },
     "TrafficRoutingConfigType":{
       "type":"string",
       "enum":[
         "ALL_AT_ONCE",
-        "CANARY"
+        "CANARY",
+        "LINEAR"
       ]
     },
+    "TrafficType":{
+      "type":"string",
+      "enum":["PHASES"]
+    },
     "TrainingEnvironmentKey":{
       "type":"string",
       "max":512,
@@ -22765,7 +24603,15 @@
         "ml.c5n.2xlarge",
         "ml.c5n.4xlarge",
         "ml.c5n.9xlarge",
-        "ml.c5n.18xlarge"
+        "ml.c5n.18xlarge",
+        "ml.g5.xlarge",
+        "ml.g5.2xlarge",
+        "ml.g5.4xlarge",
+        "ml.g5.8xlarge",
+        "ml.g5.16xlarge",
+        "ml.g5.12xlarge",
+        "ml.g5.24xlarge",
+        "ml.g5.48xlarge"
       ]
     },
     "TrainingInstanceTypes":{
@@ -23569,6 +25415,10 @@
           "shape":"TrialComponentSourceDetail",
           "documentation":"<p>Details of the source of the component.</p>"
         },
+        "LineageGroupArn":{
+          "shape":"LineageGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage group resource.</p>"
+        },
         "Tags":{
           "shape":"TagList",
           "documentation":"<p>The list of tags that are associated with the component. You can use <a>Search</a> API to search on the tags.</p>"
@@ -24204,7 +26054,11 @@
         },
         "DeploymentConfig":{
           "shape":"DeploymentConfig",
-          "documentation":"<p>The deployment configuration for the endpoint to be updated.</p>"
+          "documentation":"<p>The deployment configuration for an endpoint, which contains the desired deployment strategy and rollback configurations.</p>"
+        },
+        "RetainDeploymentConfig":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether to reuse the last deployment configuration. The default value is false (the configuration is not reused).</p>"
         }
       }
     },
@@ -24330,6 +26184,10 @@
         "CustomerMetadataPropertiesToRemove":{
           "shape":"CustomerMetadataKeyList",
           "documentation":"<p>The metadata properties associated with the model package versions to remove.</p>"
+        },
+        "AdditionalInferenceSpecificationsToAdd":{
+          "shape":"AdditionalInferenceSpecifications",
+          "documentation":"<p>An array of additional Inference Specification objects to be added to the existing array additional Inference Specification. Total number of additional Inference Specifications can not exceed 15. Each additional Inference Specification specifies artifacts based on this model package that can be used on inference endpoints. Generally used with SageMaker Neo to store the compiled artifacts.</p>"
         }
       }
     },
@@ -24471,6 +26329,10 @@
         "PipelineExecutionDisplayName":{
           "shape":"PipelineExecutionName",
           "documentation":"<p>The display name of the pipeline execution.</p>"
+        },
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>This configuration, if specified, overrides the parallelism configuration of the parent pipeline for this specific run.</p>"
         }
       }
     },
@@ -24499,6 +26361,10 @@
           "shape":"PipelineDefinition",
           "documentation":"<p>The JSON pipeline definition.</p>"
         },
+        "PipelineDefinitionS3Location":{
+          "shape":"PipelineDefinitionS3Location",
+          "documentation":"<p>The location of the pipeline definition stored in Amazon S3. If specified, SageMaker will retrieve the pipeline definition from this location.</p>"
+        },
         "PipelineDescription":{
           "shape":"PipelineDescription",
           "documentation":"<p>The description of the pipeline.</p>"
@@ -24506,6 +26372,10 @@
         "RoleArn":{
           "shape":"RoleArn",
           "documentation":"<p>The Amazon Resource Name (ARN) that the pipeline uses to execute.</p>"
+        },
+        "ParallelismConfiguration":{
+          "shape":"ParallelismConfiguration",
+          "documentation":"<p>If specified, it applies to all executions of this pipeline by default.</p>"
         }
       }
     },
@@ -24771,7 +26641,7 @@
           "documentation":"<p>The domain associated with the user.</p>"
         }
       },
-      "documentation":"<p>Information about the user who created or modified an experiment, trial, trial component, or project.</p>"
+      "documentation":"<p>Information about the user who created or modified an experiment, trial, trial component, lineage group, or project.</p>"
     },
     "UserProfileArn":{
       "type":"string",
@@ -24900,16 +26770,58 @@
         "DataCaptureConfig"
       ]
     },
+    "VariantStatus":{
+      "type":"string",
+      "enum":[
+        "Creating",
+        "Updating",
+        "Deleting",
+        "ActivatingTraffic",
+        "Baking"
+      ]
+    },
+    "VariantStatusMessage":{
+      "type":"string",
+      "max":1024
+    },
     "VariantWeight":{
       "type":"float",
       "min":0
     },
+    "VersionId":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".+"
+    },
     "VersionedArnOrName":{
       "type":"string",
       "max":176,
       "min":1,
       "pattern":"(arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:[a-z\\-]*\\/)?([a-zA-Z0-9]([a-zA-Z0-9-]){0,62})(?<!-)(\\/[0-9]{1,5})?$"
     },
+    "Vertex":{
+      "type":"structure",
+      "members":{
+        "Arn":{
+          "shape":"AssociationEntityArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the lineage entity resource.</p>"
+        },
+        "Type":{
+          "shape":"String40",
+          "documentation":"<p>The type of the lineage entity resource. For example: <code>DataSet</code>, <code>Model</code>, <code>Endpoint</code>, etc...</p>"
+        },
+        "LineageType":{
+          "shape":"LineageType",
+          "documentation":"<p>The type of resource of the lineage entity.</p>"
+        }
+      },
+      "documentation":"<p>A lineage entity connected to the starting entity(ies).</p>"
+    },
+    "Vertices":{
+      "type":"list",
+      "member":{"shape":"Vertex"}
+    },
     "VolumeSizeInGB":{
       "type":"integer",
       "min":1
diff --git a/contrib/python/botocore/py3/botocore/data/savingsplans/2019-06-28/service-2.json b/contrib/python/botocore/py3/botocore/data/savingsplans/2019-06-28/service-2.json
index 4ddcf8c45eb..507528f07bb 100644
--- a/contrib/python/botocore/py3/botocore/data/savingsplans/2019-06-28/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/savingsplans/2019-06-28/service-2.json
@@ -164,7 +164,7 @@
         },
         "commitment":{
           "shape":"Amount",
-          "documentation":"<p>The hourly commitment, in USD. This is a value between 0.001 and 1 million. You cannot specify more than three digits after the decimal point.</p>"
+          "documentation":"<p>The hourly commitment, in USD. This is a value between 0.001 and 1 million. You cannot specify more than five digits after the decimal point.</p>"
         },
         "upfrontPaymentAmount":{
           "shape":"Amount",
diff --git a/contrib/python/botocore/py3/botocore/data/sdk-default-configuration.json b/contrib/python/botocore/py3/botocore/data/sdk-default-configuration.json
new file mode 100644
index 00000000000..3db13b26cc5
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/sdk-default-configuration.json
@@ -0,0 +1,55 @@
+{
+  "version": 1,
+  "base": {
+    "retryMode": "standard",
+    "stsRegionalEndpoints": "regional",
+    "s3UsEast1RegionalEndpoints": "regional",
+    "connectTimeoutInMillis": 1100,
+    "tlsNegotiationTimeoutInMillis": 1100
+  },
+  "modes": {
+    "standard": {
+      "connectTimeoutInMillis": {
+        "override": 3100
+      },
+      "tlsNegotiationTimeoutInMillis": {
+        "override": 3100
+      }
+    },
+    "in-region": {
+    },
+    "cross-region": {
+      "connectTimeoutInMillis": {
+        "override": 3100
+      },
+      "tlsNegotiationTimeoutInMillis": {
+        "override": 3100
+      }
+    },
+    "mobile": {
+      "connectTimeoutInMillis": {
+        "override": 30000
+      },
+      "tlsNegotiationTimeoutInMillis": {
+        "override": 30000
+      }
+    }
+  },
+  "documentation": {
+    "modes": {
+      "standard": "<p>The STANDARD mode provides the latest recommended default values that should be safe to run in most scenarios</p><p>Note that the default values vended from this mode might change as best practices may evolve. As a result, it is encouraged to perform tests when upgrading the SDK</p>",
+      "in-region": "<p>The IN_REGION mode builds on the standard mode and includes optimization tailored for applications which call AWS services from within the same AWS region</p><p>Note that the default values vended from this mode might change as best practices may evolve. As a result, it is encouraged to perform tests when upgrading the SDK</p>",
+      "cross-region": "<p>The CROSS_REGION mode builds on the standard mode and includes optimization tailored for applications which call AWS services in a different region</p><p>Note that the default values vended from this mode might change as best practices may evolve. As a result, it is encouraged to perform tests when upgrading the SDK</p>",
+      "mobile": "<p>The MOBILE mode builds on the standard mode and includes optimization tailored for mobile applications</p><p>Note that the default values vended from this mode might change as best practices may evolve. As a result, it is encouraged to perform tests when upgrading the SDK</p>",
+      "auto": "<p>The AUTO mode is an experimental mode that builds on the standard mode. The SDK will attempt to discover the execution environment to determine the appropriate settings automatically.</p><p>Note that the auto detection is heuristics-based and does not guarantee 100% accuracy. STANDARD mode will be used if the execution environment cannot be determined. The auto detection might query <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html\">EC2 Instance Metadata service</a>, which might introduce latency. Therefore we recommend choosing an explicit defaults_mode instead if startup latency is critical to your application</p>",
+      "legacy": "<p>The LEGACY mode provides default settings that vary per SDK and were used prior to establishment of defaults_mode</p>"
+    },
+    "configuration": {
+      "retryMode": "<p>A retry mode specifies how the SDK attempts retries. See <a href=\"https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html\">Retry Mode</a></p>",
+      "stsRegionalEndpoints": "<p>Specifies how the SDK determines the AWS service endpoint that it uses to talk to the AWS Security Token Service (AWS STS). See <a href=\"https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html\">Setting STS Regional endpoints</a></p>",
+      "s3UsEast1RegionalEndpoints": "<p>Specifies how the SDK determines the AWS service endpoint that it uses to talk to the Amazon S3 for the us-east-1 region</p>",
+      "connectTimeoutInMillis": "<p>The amount of time after making an initial connection attempt on a socket, where if the client does not receive a completion of the connect handshake, the client gives up and fails the operation</p>",
+      "tlsNegotiationTimeoutInMillis": "<p>The maximum amount of time that a TLS handshake is allowed to take from the time the CLIENT HELLO message is sent to ethe time the client and server have fully negotiated ciphers and exchanged keys</p>"
+    }
+  }
+}
\ No newline at end of file
diff --git a/contrib/python/botocore/py3/botocore/data/secretsmanager/2017-10-17/service-2.json b/contrib/python/botocore/py3/botocore/data/secretsmanager/2017-10-17/service-2.json
index f19ed812f53..2ab0e1dbf04 100644
--- a/contrib/python/botocore/py3/botocore/data/secretsmanager/2017-10-17/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/secretsmanager/2017-10-17/service-2.json
@@ -27,7 +27,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"InvalidRequestException"}
       ],
-      "documentation":"<p>Disables automatic scheduled rotation and cancels the rotation of a secret if currently in progress.</p> <p>To re-enable scheduled rotation, call <a>RotateSecret</a> with <code>AutomaticallyRotateAfterDays</code> set to a value greater than 0. This immediately rotates your secret and then enables the automatic schedule.</p> <note> <p>If you cancel a rotation while in progress, it can leave the <code>VersionStage</code> labels in an unexpected state. Depending on the step of the rotation in progress, you might need to remove the staging label <code>AWSPENDING</code> from the partially created version, specified by the <code>VersionId</code> response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version <code>VersionStage</code> field.</p> </note> <p>To successfully start a rotation, the staging label <code>AWSPENDING</code> must be in one of the following states:</p> <ul> <li> <p>Not attached to any version at all</p> </li> <li> <p>Attached to the same version as the staging label <code>AWSCURRENT</code> </p> </li> </ul> <p>If the staging label <code>AWSPENDING</code> attached to a different version than the version with <code>AWSCURRENT</code> then the attempt to rotate fails.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:CancelRotateSecret</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To configure rotation for a secret or to manually trigger a rotation, use <a>RotateSecret</a>.</p> </li> <li> <p>To get the rotation configuration details for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> <li> <p>To list all of the versions currently associated with a secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul>"
+      "documentation":"<p>Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation.</p> <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p> <note> <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code> labels in an unexpected state. Depending on the step of the rotation in progress, you might need to remove the staging label <code>AWSPENDING</code> from the partially created version, specified by the <code>VersionId</code> response value. We recommend you also evaluate the partially rotated new version to see if it should be deleted. You can delete a version by removing all staging labels from it.</p> </note> <p> <b>Required permissions: </b> <code>secretsmanager:CancelRotateSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "CreateSecret":{
       "name":"CreateSecret",
@@ -46,9 +46,10 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"MalformedPolicyDocumentException"},
         {"shape":"InternalServiceError"},
-        {"shape":"PreconditionNotMetException"}
+        {"shape":"PreconditionNotMetException"},
+        {"shape":"DecryptionFailure"}
       ],
-      "documentation":"<p>Creates a new secret. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.</p> <p>Secrets Manager stores the encrypted secret data in one of a collection of \"versions\" associated with the secret. Each version contains a copy of the encrypted secret data. Each version is associated with one or more \"staging labels\" that identify where the version is in the rotation cycle. The <code>SecretVersionsToStages</code> field of the secret contains the mapping of staging labels to the active versions of the secret. Versions without a staging label are considered deprecated and not included in the list.</p> <p>You provide the secret data to be encrypted by putting text in either the <code>SecretString</code> parameter or binary data in the <code>SecretBinary</code> parameter, but not both. If you include <code>SecretString</code> or <code>SecretBinary</code> then Secrets Manager also creates an initial secret version and automatically attaches the staging label <code>AWSCURRENT</code> to the new version.</p> <note> <ul> <li> <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> or <code>SecretBinary</code> for a secret in the same account as the calling user and that secret doesn't specify a Amazon Web Services KMS encryption key, Secrets Manager uses the account's default Amazon Web Services managed customer master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key doesn't already exist in your account then Secrets Manager creates it for you automatically. All users and roles in the same Amazon Web Services account automatically have access to use the default CMK. Note that if an Secrets Manager API call results in Amazon Web Services creating the account's Amazon Web Services-managed CMK, it can result in a one-time significant delay in returning the result.</p> </li> <li> <p>If the secret resides in a different Amazon Web Services account from the credentials calling an API that requires encryption or decryption of the secret value then you must create and use a custom Amazon Web Services KMS CMK because you can't access the default CMK for the account using credentials from a different Amazon Web Services account. Store the ARN of the CMK in the secret when you create the secret or when you update it by including it in the <code>KMSKeyId</code>. If you call an API that must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> using credentials from a different account then the Amazon Web Services KMS key policy must grant cross-account access to that other account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> </note> <p> </p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:CreateSecret</p> </li> <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account default Amazon Web Services managed CMK for Secrets Manager.</p> </li> <li> <p>kms:Decrypt - needed only if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account default Amazon Web Services managed CMK for Secrets Manager.</p> </li> <li> <p>secretsmanager:TagResource - needed only if you include the <code>Tags</code> parameter. </p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To delete a secret, use <a>DeleteSecret</a>.</p> </li> <li> <p>To modify an existing secret, use <a>UpdateSecret</a>.</p> </li> <li> <p>To create a new version of a secret, use <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the encrypted secure string and secure binary values, use <a>GetSecretValue</a>.</p> </li> <li> <p>To retrieve all other details for a secret, use <a>DescribeSecret</a>. This does not include the encrypted secure string and secure binary values.</p> </li> <li> <p>To retrieve the list of secret versions associated with the current secret, use <a>DescribeSecret</a> and examine the <code>SecretVersionsToStages</code> response value.</p> </li> </ul>"
+      "documentation":"<p>Creates a new secret. A <i>secret</i> is a set of credentials, such as a user name and password, that you store in an encrypted form in Secrets Manager. The secret also includes the connection information to access a database or other service, which Secrets Manager doesn't encrypt. A secret in Secrets Manager consists of both the protected secret data and the important information needed to manage the secret.</p> <p>For information about creating a secret in the console, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html\">Create a secret</a>.</p> <p>To create a secret, you can provide the secret value to be encrypted in either the <code>SecretString</code> parameter or the <code>SecretBinary</code> parameter, but not both. If you include <code>SecretString</code> or <code>SecretBinary</code> then Secrets Manager creates an initial secret version and automatically attaches the staging label <code>AWSCURRENT</code> to it.</p> <p>If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If this key doesn't already exist in your account, then Secrets Manager creates it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use <code>aws/secretsmanager</code>. Creating <code>aws/secretsmanager</code> can result in a one-time significant delay in returning the result.</p> <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create and use a customer managed KMS key. </p> <p> <b>Required permissions: </b> <code>secretsmanager:CreateSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "DeleteResourcePolicy":{
       "name":"DeleteResourcePolicy",
@@ -64,7 +65,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Deletes the resource-based permission policy attached to the secret.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:DeleteResourcePolicy</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To attach a resource policy to a secret, use <a>PutResourcePolicy</a>.</p> </li> <li> <p>To retrieve the current resource-based policy attached to a secret, use <a>GetResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> </ul>"
+      "documentation":"<p>Deletes the resource-based permission policy attached to the secret. To attach a policy to a secret, use <a>PutResourcePolicy</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:DeleteResourcePolicy</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "DeleteSecret":{
       "name":"DeleteSecret",
@@ -80,7 +81,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Deletes an entire secret and all of the versions. You can optionally include a recovery window during which you can restore the secret. If you don't specify a recovery window value, the operation defaults to 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.</p> <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p> <p>You cannot access the encrypted secret information in any secret scheduled for deletion. If you need to access that information, you must cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p> <note> <ul> <li> <p>There is no explicit operation to delete a version of a secret. Instead, remove all staging labels from the <code>VersionStage</code> field of a version. That marks the version as deprecated and allows Secrets Manager to delete it as needed. Versions without any staging labels do not show up in <a>ListSecretVersionIds</a> unless you specify <code>IncludeDeprecated</code>.</p> </li> <li> <p>The permanent secret deletion at the end of the waiting period is performed as a background task with low priority. There is no guarantee of a specific time after the recovery window for the actual delete operation to occur.</p> </li> </ul> </note> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:DeleteSecret</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use <a>CreateSecret</a>.</p> </li> <li> <p>To cancel deletion of a version of a secret before the recovery window has expired, use <a>RestoreSecret</a>.</p> </li> </ul>"
+      "documentation":"<p>Deletes a secret and all of its versions. You can specify a recovery window during which you can restore the secret. The minimum recovery window is 7 days. The default recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to the secret that specifies the end of the recovery window. At the end of the recovery window, Secrets Manager deletes the secret permanently.</p> <p>For information about deleting a secret in the console, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html\">https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html</a>. </p> <p>Secrets Manager performs the permanent secret deletion at the end of the waiting period as a background task with low priority. There is no guarantee of a specific time after the recovery window for the permanent delete to occur.</p> <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p> <p>In a secret scheduled for deletion, you cannot access the encrypted secret value. To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p> <p> <b>Required permissions: </b> <code>secretsmanager:DeleteSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "DescribeSecret":{
       "name":"DescribeSecret",
@@ -95,7 +96,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Retrieves the details of a secret. It does not include the encrypted fields. Secrets Manager only returns fields populated with a value in the response. </p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:DescribeSecret</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a secret, use <a>CreateSecret</a>.</p> </li> <li> <p>To modify a secret, use <a>UpdateSecret</a>.</p> </li> <li> <p>To retrieve the encrypted secret information in a version of the secret, use <a>GetSecretValue</a>.</p> </li> <li> <p>To list all of the secrets in the Amazon Web Services account, use <a>ListSecrets</a>.</p> </li> </ul>"
+      "documentation":"<p>Retrieves the details of a secret. It does not include the encrypted secret value. Secrets Manager only returns fields that have a value in the response. </p> <p> <b>Required permissions: </b> <code>secretsmanager:DescribeSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "GetRandomPassword":{
       "name":"GetRandomPassword",
@@ -110,7 +111,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Generates a random password of the specified complexity. This operation is intended for use in the Lambda rotation function. Per best practice, we recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:GetRandomPassword</p> </li> </ul>"
+      "documentation":"<p>Generates a random password. We recommend that you specify the maximum length and include every character type that the system you are generating a password for can support.</p> <p> <b>Required permissions: </b> <code>secretsmanager:GetRandomPassword</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "GetResourcePolicy":{
       "name":"GetResourcePolicy",
@@ -126,7 +127,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Retrieves the JSON text of the resource-based policy document attached to the specified secret. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:GetResourcePolicy</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To attach a resource policy to a secret, use <a>PutResourcePolicy</a>.</p> </li> <li> <p>To delete the resource-based policy attached to a secret, use <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> </ul>"
+      "documentation":"<p>Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about permissions policies attached to a secret, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html\">Permissions policies attached to a secret</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:GetResourcePolicy</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "GetSecretValue":{
       "name":"GetSecretValue",
@@ -143,7 +144,7 @@
         {"shape":"DecryptionFailure"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Retrieves the contents of the encrypted fields <code>SecretString</code> or <code>SecretBinary</code> from the specified version of a secret, whichever contains content.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:GetSecretValue</p> </li> <li> <p>kms:Decrypt - required only if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account's default Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a new version of the secret with different encrypted information, use <a>PutSecretValue</a>.</p> </li> <li> <p>To retrieve the non-encrypted details for the secret, use <a>DescribeSecret</a>.</p> </li> </ul>"
+      "documentation":"<p>Retrieves the contents of the encrypted fields <code>SecretString</code> or <code>SecretBinary</code> from the specified version of a secret, whichever contains content.</p> <p>We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html\">Cache secrets for your applications</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:GetSecretValue</code>. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key <code>aws/secretsmanager</code>, then you also need <code>kms:Decrypt</code> permissions for that key. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "ListSecretVersionIds":{
       "name":"ListSecretVersionIds",
@@ -159,7 +160,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Lists all of the versions attached to the specified secret. The output does not include the <code>SecretString</code> or <code>SecretBinary</code> fields. By default, the list includes only versions that have at least one staging label in <code>VersionStage</code> attached.</p> <note> <p>Always check the <code>NextToken</code> response parameter when calling any of the <code>List*</code> operations. These operations can occasionally return an empty or shorter than expected list of results even when there more results become available. When this happens, the <code>NextToken</code> response parameter contains a value to pass to the next call to the same API to request the next part of the list.</p> </note> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:ListSecretVersionIds</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To list the secrets in an account, use <a>ListSecrets</a>.</p> </li> </ul>"
+      "documentation":"<p>Lists the versions for a secret. </p> <p>To list the secrets in the account, use <a>ListSecrets</a>.</p> <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>, call <a>GetSecretValue</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:ListSecretVersionIds</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "ListSecrets":{
       "name":"ListSecrets",
@@ -174,7 +175,7 @@
         {"shape":"InvalidNextTokenException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Lists all of the secrets that are stored by Secrets Manager in the Amazon Web Services account. To list the versions currently stored for a specific secret, use <a>ListSecretVersionIds</a>. The encrypted fields <code>SecretString</code> and <code>SecretBinary</code> are not included in the output. To get that information, call the <a>GetSecretValue</a> operation.</p> <note> <p>Always check the <code>NextToken</code> response parameter when calling any of the <code>List*</code> operations. These operations can occasionally return an empty or shorter than expected list of results even when there more results become available. When this happens, the <code>NextToken</code> response parameter contains a value to pass to the next call to the same API to request the next part of the list.</p> </note> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:ListSecrets</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To list the versions attached to a secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul>"
+      "documentation":"<p>Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account. </p> <p>To list the versions of a secret, use <a>ListSecretVersionIds</a>.</p> <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>, call <a>GetSecretValue</a>.</p> <p>For information about finding secrets in the console, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html\">Enhanced search capabilities for secrets in Secrets Manager</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:ListSecrets</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "PutResourcePolicy":{
       "name":"PutResourcePolicy",
@@ -192,7 +193,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"PublicPolicyException"}
       ],
-      "documentation":"<p>Attaches the contents of the specified resource-based permission policy to a secret. A resource-based policy is optional. Alternatively, you can use IAM identity-based policies that specify the secret's Amazon Resource Name (ARN) in the policy statement's <code>Resources</code> element. You can also use a combination of both identity-based and resource-based policies. The affected users and roles receive the permissions that are permitted by all of the relevant policies. For more information, see <a href=\"http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html\">Using Resource-Based Policies for Amazon Web Services Secrets Manager</a>. For the complete description of the Amazon Web Services policy syntax and grammar, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html\">IAM JSON Policy Reference</a> in the <i>IAM User Guide</i>.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:PutResourcePolicy</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To retrieve the resource policy attached to a secret, use <a>GetResourcePolicy</a>.</p> </li> <li> <p>To delete the resource-based policy attached to a secret, use <a>DeleteResourcePolicy</a>.</p> </li> <li> <p>To list all of the currently available secrets, use <a>ListSecrets</a>.</p> </li> </ul>"
+      "documentation":"<p>Attaches a resource-based permission policy to a secret. A resource-based policy is optional. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control for Secrets Manager</a> </p> <p>For information about attaching a policy in the console, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html\">Attach a permissions policy to a secret</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:PutResourcePolicy</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "PutSecretValue":{
       "name":"PutSecretValue",
@@ -209,9 +210,10 @@
         {"shape":"EncryptionFailure"},
         {"shape":"ResourceExistsException"},
         {"shape":"ResourceNotFoundException"},
-        {"shape":"InternalServiceError"}
+        {"shape":"InternalServiceError"},
+        {"shape":"DecryptionFailure"}
       ],
-      "documentation":"<p>Stores a new encrypted secret value in the specified secret. To do this, the operation creates a new version and attaches it to the secret. The version can contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> value. You can also specify the staging labels that are initially attached to the new version.</p> <p>We recommend you avoid calling <code>PutSecretValue</code> at a sustained rate of more than once every 10 minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you call <code>PutSecretValue</code> more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.</p> <ul> <li> <p>If this operation creates the first version for the secret then Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to the new version.</p> </li> <li> <p>If you do not specify a value for VersionStages then Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to this new version.</p> </li> <li> <p>If this operation moves the staging label <code>AWSCURRENT</code> from another version to this version, then Secrets Manager also automatically moves the staging label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p> </li> <li> <p>This operation is idempotent. If a version with a <code>VersionId</code> with the same value as the <code>ClientRequestToken</code> parameter already exists and you specify the same secret data, the operation succeeds but does nothing. However, if the secret data is different, then the operation fails because you cannot modify an existing version; you can only create new ones.</p> </li> </ul> <note> <ul> <li> <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> or <code>SecretBinary</code> for a secret in the same account as the calling user and that secret doesn't specify a Amazon Web Services KMS encryption key, Secrets Manager uses the account's default Amazon Web Services managed customer master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key doesn't already exist in your account then Secrets Manager creates it for you automatically. All users and roles in the same Amazon Web Services account automatically have access to use the default CMK. Note that if an Secrets Manager API call results in Amazon Web Services creating the account's Amazon Web Services-managed CMK, it can result in a one-time significant delay in returning the result.</p> </li> <li> <p>If the secret resides in a different Amazon Web Services account from the credentials calling an API that requires encryption or decryption of the secret value then you must create and use a custom Amazon Web Services KMS CMK because you can't access the default CMK for the account using credentials from a different Amazon Web Services account. Store the ARN of the CMK in the secret when you create the secret or when you update it by including it in the <code>KMSKeyId</code>. If you call an API that must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> using credentials from a different account then the Amazon Web Services KMS key policy must grant cross-account access to that other account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> </note> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:PutSecretValue</p> </li> <li> <p>kms:GenerateDataKey - needed only if you use a customer-managed Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account's default Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To retrieve the encrypted value you store in the version of a secret, use <a>GetSecretValue</a>.</p> </li> <li> <p>To create a secret, use <a>CreateSecret</a>.</p> </li> <li> <p>To get the details for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions attached to a secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul>"
+      "documentation":"<p>Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a new <code>SecretString</code> value or a new <code>SecretBinary</code> value. </p> <p>We recommend you avoid calling <code>PutSecretValue</code> at a sustained rate of more than once every 10 minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you call <code>PutSecretValue</code> more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.</p> <p>You can specify the staging labels to attach to the new version in <code>VersionStages</code>. If you don't include <code>VersionStages</code>, then Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to this version. If this operation creates the first version for the secret, then Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to it .</p> <p>If this operation moves the staging label <code>AWSCURRENT</code> from another version to this version, then Secrets Manager also automatically moves the staging label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p> <p>This operation is idempotent. If a version with a <code>VersionId</code> with the same value as the <code>ClientRequestToken</code> parameter already exists, and you specify the same secret data, the operation succeeds but does nothing. However, if the secret data is different, then the operation fails because you can't modify an existing version; you can only create new ones.</p> <p> <b>Required permissions: </b> <code>secretsmanager:PutSecretValue</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "RemoveRegionsFromReplication":{
       "name":"RemoveRegionsFromReplication",
@@ -227,7 +229,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Remove regions from replication.</p>"
+      "documentation":"<p>For a secret that is replicated to other Regions, deletes the secret replicas from the Regions you specify.</p> <p> <b>Required permissions: </b> <code>secretsmanager:RemoveRegionsFromReplication</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "ReplicateSecretToRegions":{
       "name":"ReplicateSecretToRegions",
@@ -243,7 +245,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Converts an existing secret to a multi-Region secret and begins replication the secret to a list of new regions. </p>"
+      "documentation":"<p>Replicates the secret to a new Regions. See <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html\">Multi-Region secrets</a>.</p> <p> <b>Required permissions: </b> <code>secretsmanager:ReplicateSecretToRegions</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "RestoreSecret":{
       "name":"RestoreSecret",
@@ -259,7 +261,7 @@
         {"shape":"InvalidRequestException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time stamp. This makes the secret accessible to query once again.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:RestoreSecret</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To delete a secret, use <a>DeleteSecret</a>.</p> </li> </ul>"
+      "documentation":"<p>Cancels the scheduled deletion of a secret by removing the <code>DeletedDate</code> time stamp. You can access a secret again after it has been restored.</p> <p> <b>Required permissions: </b> <code>secretsmanager:RestoreSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "RotateSecret":{
       "name":"RotateSecret",
@@ -275,7 +277,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"InvalidRequestException"}
       ],
-      "documentation":"<p>Configures and starts the asynchronous process of rotating this secret. If you include the configuration parameters, the operation sets those values for the secret and then immediately starts a rotation. If you do not include the configuration parameters, the operation starts a rotation with the values already stored in the secret. After the rotation completes, the protected service and its clients all use the new version of the secret. </p> <p>This required configuration information includes the ARN of an Amazon Web Services Lambda function and optionally, the time between scheduled rotations. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the protected service to match. After testing the new credentials, the function marks the new secret with the staging label <code>AWSCURRENT</code> so that your clients all immediately begin to use the new version. For more information about rotating secrets and how to configure a Lambda function to rotate the secrets for your protected service, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html\">Rotating Secrets in Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p> <p>Secrets Manager schedules the next rotation when the previous one completes. Secrets Manager schedules the date by adding the rotation interval (number of days) to the actual date of the last rotation. The service chooses the hour within that 24-hour date window randomly. The minute is also chosen somewhat randomly, but weighted towards the top of the hour and influenced by a variety of factors that help distribute load.</p> <p>The rotation function must end with the versions of the secret in one of two states:</p> <ul> <li> <p>The <code>AWSPENDING</code> and <code>AWSCURRENT</code> staging labels are attached to the same version of the secret, or</p> </li> <li> <p>The <code>AWSPENDING</code> staging label is not attached to any version of the secret.</p> </li> </ul> <p>If the <code>AWSPENDING</code> staging label is present but not attached to the same version as <code>AWSCURRENT</code> then any later invocation of <code>RotateSecret</code> assumes that a previous rotation request is still in progress and returns an error.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:RotateSecret</p> </li> <li> <p>lambda:InvokeFunction (on the function specified in the secret's metadata)</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To list the secrets in your account, use <a>ListSecrets</a>.</p> </li> <li> <p>To get the details for a version of a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To create a new version of a secret, use <a>CreateSecret</a>.</p> </li> <li> <p>To attach staging labels to or remove staging labels from a version of a secret, use <a>UpdateSecretVersionStage</a>.</p> </li> </ul>"
+      "documentation":"<p>Configures and starts the asynchronous process of rotating the secret.</p> <p>If you include the configuration parameters, the operation sets the values for the secret and then immediately starts a rotation. If you don't include the configuration parameters, the operation starts a rotation with the values already stored in the secret. For more information about rotation, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html\">Rotate secrets</a>.</p> <p>To configure rotation, you include the ARN of an Amazon Web Services Lambda function and the schedule for the rotation. The Lambda rotation function creates a new version of the secret and creates or updates the credentials on the database or service to match. After testing the new credentials, the function marks the new secret version with the staging label <code>AWSCURRENT</code>. Then anyone who retrieves the secret gets the new version. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html\">How rotation works</a>.</p> <p>When rotation is successful, the <code>AWSPENDING</code> staging label might be attached to the same version as the <code>AWSCURRENT</code> version, or it might not be attached to any version.</p> <p>If the <code>AWSPENDING</code> staging label is present but not attached to the same version as <code>AWSCURRENT</code>, then any later invocation of <code>RotateSecret</code> assumes that a previous rotation request is still in progress and returns an error.</p> <p> <b>Required permissions: </b> <code>secretsmanager:RotateSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. You also need <code>lambda:InvokeFunction</code> permissions on the rotation function. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html\"> Permissions for rotation</a>.</p>"
     },
     "StopReplicationToReplica":{
       "name":"StopReplicationToReplica",
@@ -291,7 +293,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Removes the secret from replication and promotes the secret to a regional secret in the replica Region.</p>"
+      "documentation":"<p>Removes the link between the replica secret and the primary secret and promotes the replica to a primary secret in the replica Region.</p> <p>You must call this operation from the Region in which you want to promote the replica to a primary secret.</p> <p> <b>Required permissions: </b> <code>secretsmanager:StopReplicationToReplica</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -306,7 +308,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Attaches one or more tags, each consisting of a key name and a value, to the specified secret. Tags are part of the secret's overall metadata, and are not associated with any specific version of the secret. This operation only appends tags to the existing list of tags. To remove tags, you must use <a>UntagResource</a>.</p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per secret—50</p> </li> <li> <p>Maximum key length—127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length—255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.</p> </li> <li> <p>If you use your tagging schema across multiple services and resources, remember other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.</p> </li> </ul> <important> <p>If you use tags as part of your security strategy, then adding or removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.</p> </important> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:TagResource</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To remove one or more tags from the collection attached to a secret, use <a>UntagResource</a>.</p> </li> <li> <p>To view the list of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> </ul>"
+      "documentation":"<p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p> <p>The following restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per secret: 50</p> </li> <li> <p>Maximum key length: 127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.</p> </li> <li> <p>If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.</p> </li> </ul> <important> <p>If you use tags as part of your security strategy, then adding or removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.</p> </important> <p> <b>Required permissions: </b> <code>secretsmanager:TagResource</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "UntagResource":{
       "name":"UntagResource",
@@ -321,7 +323,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Removes one or more tags from the specified secret.</p> <p>This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the secret metadata is unchanged.</p> <important> <p>If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.</p> </important> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:UntagResource</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To add one or more tags to the collection attached to a secret, use <a>TagResource</a>.</p> </li> <li> <p>To view the list of tags attached to a secret, use <a>DescribeSecret</a>.</p> </li> </ul>"
+      "documentation":"<p>Removes specific tags from a secret.</p> <p>This operation is idempotent. If a requested tag is not attached to the secret, no error is returned and the secret metadata is unchanged.</p> <important> <p>If you use tags as part of your security strategy, then removing a tag can change permissions. If successfully completing this operation would result in you losing your permissions for this secret, then the operation is blocked and returns an Access Denied error.</p> </important> <p> <b>Required permissions: </b> <code>secretsmanager:UntagResource</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "UpdateSecret":{
       "name":"UpdateSecret",
@@ -340,9 +342,10 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"MalformedPolicyDocumentException"},
         {"shape":"InternalServiceError"},
-        {"shape":"PreconditionNotMetException"}
+        {"shape":"PreconditionNotMetException"},
+        {"shape":"DecryptionFailure"}
       ],
-      "documentation":"<p>Modifies many of the details of the specified secret. </p> <p>To change the secret value, you can also use <a>PutSecretValue</a>.</p> <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.</p> <note> <p>The Secrets Manager console uses only the <code>SecretString</code> parameter and therefore limits you to encrypting and storing only a text string. To encrypt and store binary data as part of the version of a secret, you must use either the Amazon Web Services CLI or one of the Amazon Web Services SDKs.</p> </note> <ul> <li> <p>If a version with a <code>VersionId</code> with the same value as the <code>ClientRequestToken</code> parameter already exists, the operation results in an error. You cannot modify an existing version, you can only create a new version.</p> </li> <li> <p>If you include <code>SecretString</code> or <code>SecretBinary</code> to create a new secret version, Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to the new version. </p> </li> </ul> <note> <ul> <li> <p>If you call an operation to encrypt or decrypt the <code>SecretString</code> or <code>SecretBinary</code> for a secret in the same account as the calling user and that secret doesn't specify a Amazon Web Services KMS encryption key, Secrets Manager uses the account's default Amazon Web Services managed customer master key (CMK) with the alias <code>aws/secretsmanager</code>. If this key doesn't already exist in your account then Secrets Manager creates it for you automatically. All users and roles in the same Amazon Web Services account automatically have access to use the default CMK. Note that if an Secrets Manager API call results in Amazon Web Services creating the account's Amazon Web Services-managed CMK, it can result in a one-time significant delay in returning the result.</p> </li> <li> <p>If the secret resides in a different Amazon Web Services account from the credentials calling an API that requires encryption or decryption of the secret value then you must create and use a custom Amazon Web Services KMS CMK because you can't access the default CMK for the account using credentials from a different Amazon Web Services account. Store the ARN of the CMK in the secret when you create the secret or when you update it by including it in the <code>KMSKeyId</code>. If you call an API that must encrypt or decrypt <code>SecretString</code> or <code>SecretBinary</code> using credentials from a different account then the Amazon Web Services KMS key policy must grant cross-account access to that other account's user or role for both the kms:GenerateDataKey and kms:Decrypt operations.</p> </li> </ul> </note> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:UpdateSecret</p> </li> <li> <p>kms:GenerateDataKey - needed only if you use a custom Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account's Amazon Web Services managed CMK for Secrets Manager.</p> </li> <li> <p>kms:Decrypt - needed only if you use a custom Amazon Web Services KMS key to encrypt the secret. You do not need this permission to use the account's Amazon Web Services managed CMK for Secrets Manager.</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To create a new secret, use <a>CreateSecret</a>.</p> </li> <li> <p>To add only a new version to an existing secret, use <a>PutSecretValue</a>.</p> </li> <li> <p>To get the details for a secret, use <a>DescribeSecret</a>.</p> </li> <li> <p>To list the versions contained in a secret, use <a>ListSecretVersionIds</a>.</p> </li> </ul>"
+      "documentation":"<p>Modifies the details of a secret, including metadata and the secret value. To change the secret value, you can also use <a>PutSecretValue</a>.</p> <p>To change the rotation configuration of a secret, use <a>RotateSecret</a> instead.</p> <p>We recommend you avoid calling <code>UpdateSecret</code> at a sustained rate of more than once every 10 minutes. When you call <code>UpdateSecret</code> to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.</p> <p>If you include <code>SecretString</code> or <code>SecretBinary</code> to create a new secret version, Secrets Manager automatically attaches the staging label <code>AWSCURRENT</code> to the new version. </p> <p>If you call this operation with a <code>VersionId</code> that matches an existing version's <code>ClientRequestToken</code>, the operation results in an error. You can't modify an existing version, you can only create a new version. To remove a version, remove all staging labels from it. See <a>UpdateSecretVersionStage</a>.</p> <p>If you don't specify an KMS encryption key, Secrets Manager uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If this key doesn't already exist in your account, then Secrets Manager creates it for you automatically. All users and roles in the Amazon Web Services account automatically have access to use <code>aws/secretsmanager</code>. Creating <code>aws/secretsmanager</code> can result in a one-time significant delay in returning the result. </p> <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create and use a customer managed key. </p> <p> <b>Required permissions: </b> <code>secretsmanager:UpdateSecret</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. If you use a customer managed key, you must also have <code>kms:GenerateDataKey</code> and <code>kms:Decrypt</code> permissions on the key. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html\"> Secret encryption and decryption</a>.</p>"
     },
     "UpdateSecretVersionStage":{
       "name":"UpdateSecretVersionStage",
@@ -359,7 +362,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InternalServiceError"}
       ],
-      "documentation":"<p>Modifies the staging labels attached to a version of a secret. Staging labels are used to track a version as it progresses through the secret rotation process. You can attach a staging label to only one version of a secret at a time. If a staging label to be added is already attached to another version, then it is moved--removed from the other version first and then attached to this one. For more information about staging labels, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label\">Staging Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p> <p>The staging labels that you specify in the <code>VersionStage</code> parameter are added to the existing list of staging labels--they don't replace it.</p> <p>You can move the <code>AWSCURRENT</code> staging label to this version by including it in this call.</p> <note> <p>Whenever you move <code>AWSCURRENT</code>, Secrets Manager automatically moves the label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p> </note> <p>If this action results in the last label being removed from a version, then the version is considered to be 'deprecated' and can be deleted by Secrets Manager.</p> <p> <b>Minimum permissions</b> </p> <p>To run this command, you must have the following permissions:</p> <ul> <li> <p>secretsmanager:UpdateSecretVersionStage</p> </li> </ul> <p> <b>Related operations</b> </p> <ul> <li> <p>To get the list of staging labels that are currently associated with a version of a secret, use <code> <a>DescribeSecret</a> </code> and examine the <code>SecretVersionsToStages</code> response value. </p> </li> </ul>"
+      "documentation":"<p>Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to track a version as it progresses through the secret rotation process. Each staging label can be attached to only one version at a time. To add a staging label to a version when it is already attached to another version, Secrets Manager first removes it from the other version first and then attaches it to this one. For more information about versions and staging labels, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version\">Concepts: Version</a>. </p> <p>The staging labels that you specify in the <code>VersionStage</code> parameter are added to the existing list of staging labels for the version. </p> <p>You can move the <code>AWSCURRENT</code> staging label to this version by including it in this call.</p> <note> <p>Whenever you move <code>AWSCURRENT</code>, Secrets Manager automatically moves the label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p> </note> <p>If this action results in the last label being removed from a version, then the version is considered to be 'deprecated' and can be deleted by Secrets Manager.</p> <p> <b>Required permissions: </b> <code>secretsmanager:UpdateSecretVersionStage</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     },
     "ValidateResourcePolicy":{
       "name":"ValidateResourcePolicy",
@@ -376,7 +379,7 @@
         {"shape":"InternalServiceError"},
         {"shape":"InvalidRequestException"}
       ],
-      "documentation":"<p>Validates that the resource policy does not grant a wide range of IAM principals access to your secret. The JSON request string input and response output displays formatted code with white space and line breaks for better readability. Submit your input as a single line JSON string. A resource-based policy is optional for secrets.</p> <p>The API performs three checks when validating the secret:</p> <ul> <li> <p>Sends a call to <a href=\"https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/\">Zelkova</a>, an automated reasoning engine, to ensure your Resource Policy does not allow broad access to your secret.</p> </li> <li> <p>Checks for correct syntax in a policy.</p> </li> <li> <p>Verifies the policy does not lock out a caller.</p> </li> </ul> <p> <b>Minimum Permissions</b> </p> <p>You must have the permissions required to access the following APIs:</p> <ul> <li> <p> <code>secretsmanager:PutResourcePolicy</code> </p> </li> <li> <p> <code>secretsmanager:ValidateResourcePolicy</code> </p> </li> </ul>"
+      "documentation":"<p>Validates that a resource policy does not grant a wide range of principals access to your secret. A resource-based policy is optional for secrets.</p> <p>The API performs three checks when validating the policy:</p> <ul> <li> <p>Sends a call to <a href=\"https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/\">Zelkova</a>, an automated reasoning engine, to ensure your resource policy does not allow broad access to your secret, for example policies that use a wildcard for the principal.</p> </li> <li> <p>Checks for correct syntax in a policy.</p> </li> <li> <p>Verifies the policy does not lock out a caller.</p> </li> </ul> <p> <b>Required permissions: </b> <code>secretsmanager:ValidateResourcePolicy</code>. For more information, see <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions\"> IAM policy actions for Secrets Manager</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control in Secrets Manager</a>. </p>"
     }
   },
   "shapes":{
@@ -397,7 +400,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret to cancel a rotation request. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         }
       }
     },
@@ -406,15 +409,15 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The ARN of the secret for which rotation was canceled.</p>"
+          "documentation":"<p>The ARN of the secret.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret for which rotation was canceled.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>The unique identifier of the version of the secret created during the rotation. This version might not be complete, and should be evaluated for possible deletion. At the very least, you should remove the <code>VersionStage</code> value <code>AWSPENDING</code> to enable this version to be deleted. Failing to clean up a cancelled rotation can block you from successfully starting future rotations.</p>"
+          "documentation":"<p>The unique identifier of the version of the secret created during the rotation. This version might not be complete, and should be evaluated for possible deletion. We recommend that you remove the <code>VersionStage</code> value <code>AWSPENDING</code> from this version so that Secrets Manager can delete it. Failing to clean up a cancelled rotation can block you from starting future rotations.</p>"
         }
       }
     },
@@ -429,40 +432,40 @@
       "members":{
         "Name":{
           "shape":"NameType",
-          "documentation":"<p>Specifies the friendly name of the new secret.</p> <p>The secret name must be ASCII letters, digits, or the following characters : /_+=.@-</p> <note> <p>Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters at the end of the ARN.</p> </note>"
+          "documentation":"<p>The name of the new secret.</p> <p>The secret name can contain ASCII letters, numbers, and the following characters: /_+=.@-</p> <p>Do not end your secret name with a hyphen followed by six characters. If you do so, you risk confusion and unexpected results when searching for a secret by partial ARN. Secrets Manager automatically adds a hyphen and six random characters after the secret name at the end of the ARN.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenType",
-          "documentation":"<p>(Optional) If you include <code>SecretString</code> or <code>SecretBinary</code>, then an initial version is created as part of the secret, and this parameter specifies a unique identifier for the new version. </p> <note> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for the new version and include the value in the request.</p> </note> <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p> <ul> <li> <p>If the <code>ClientRequestToken</code> value isn't already associated with a version of the secret then a new version of the secret is created. </p> </li> <li> <p>If a version with this value already exists and the version <code>SecretString</code> and <code>SecretBinary</code> values are the same as those in the request, then the request is ignored.</p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> and <code>SecretBinary</code> values are different from those in the request, then the request fails because you cannot modify an existing version. Instead, use <a>PutSecretValue</a> to create a new version.</p> </li> </ul> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
+          "documentation":"<p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager creates an initial version for the secret, and this parameter specifies the unique identifier for the new version. </p> <note> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for the new version and include the value in the request.</p> </note> <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p> <ul> <li> <p>If the <code>ClientRequestToken</code> value isn't already associated with a version of the secret then a new version of the secret is created. </p> </li> <li> <p>If a version with this value already exists and the version <code>SecretString</code> and <code>SecretBinary</code> values are the same as those in the request, then the request is ignored.</p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> and <code>SecretBinary</code> values are different from those in the request, then the request fails because you cannot modify an existing version. Instead, use <a>PutSecretValue</a> to create a new version.</p> </li> </ul> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
           "idempotencyToken":true
         },
         "Description":{
           "shape":"DescriptionType",
-          "documentation":"<p>(Optional) Specifies a user-provided description of the secret.</p>"
+          "documentation":"<p>The description of the secret.</p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyIdType",
-          "documentation":"<p>(Optional) Specifies the ARN, Key ID, or alias of the Amazon Web Services KMS customer master key (CMK) to be used to encrypt the <code>SecretString</code> or <code>SecretBinary</code> values in the versions stored in this secret.</p> <p>You can specify any of the supported ways to identify a Amazon Web Services KMS key ID. If you need to reference a CMK in a different account, you can use only the key ARN or the alias ARN.</p> <p>If you don't specify this value, then Secrets Manager defaults to using the Amazon Web Services account's default CMK (the one named <code>aws/secretsmanager</code>). If a Amazon Web Services KMS CMK with that name doesn't yet exist, then Secrets Manager creates it for you automatically the first time it needs to encrypt a version's <code>SecretString</code> or <code>SecretBinary</code> fields.</p> <important> <p>You can use the account default CMK to encrypt and decrypt only if you call this operation using credentials from the same account that owns the secret. If the secret resides in a different account, then you must create a custom CMK and specify the ARN in this field. </p> </important>"
+          "documentation":"<p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt the secret value in the secret.</p> <p>To use a KMS key in a different account, use the key ARN or the alias ARN.</p> <p>If you don't specify this value, then Secrets Manager uses the key <code>aws/secretsmanager</code>. If that key doesn't yet exist, then Secrets Manager creates it for you automatically the first time it encrypts the secret value.</p> <p>If the secret is in a different Amazon Web Services account from the credentials calling the API, then you can't use <code>aws/secretsmanager</code> to encrypt the secret, and you must create and use a customer managed KMS key. </p>"
         },
         "SecretBinary":{
           "shape":"SecretBinaryType",
-          "documentation":"<p>(Optional) Specifies binary data that you want to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then use the appropriate technique for your tool to pass the contents of the file as a parameter.</p> <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not both. They cannot both be empty.</p> <p>This parameter is not available using the Secrets Manager console. It can be accessed only by using the Amazon Web Services CLI or one of the Amazon Web Services SDKs.</p>"
+          "documentation":"<p>The binary data to encrypt and store in the new version of the secret. We recommend that you store your binary data in a file and then pass the contents of the file as a parameter.</p> <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not both.</p> <p>This parameter is not available in the Secrets Manager console.</p>"
         },
         "SecretString":{
           "shape":"SecretStringType",
-          "documentation":"<p>(Optional) Specifies text data that you want to encrypt and store in this new version of the secret.</p> <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not both. They cannot both be empty.</p> <p>If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the information as a JSON structure of key/value pairs that the Lambda rotation function knows how to parse.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
+          "documentation":"<p>The text data to encrypt and store in this new version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value.</p> <p>Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not both.</p> <p>If you create a secret by using the Secrets Manager console then Secrets Manager puts the protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the information as a JSON structure of key/value pairs that a Lambda rotation function can parse.</p>"
         },
         "Tags":{
           "shape":"TagListType",
-          "documentation":"<p>(Optional) Specifies a list of user-defined tags that are attached to the secret. Each tag is a \"Key\" and \"Value\" pair of strings. This operation only appends tags to the existing list of tags. To remove tags, you must use <a>UntagResource</a>.</p> <important> <ul> <li> <p>Secrets Manager tag key names are case sensitive. A tag with the key \"ABC\" is a different tag from one with key \"abc\".</p> </li> <li> <p>If you check tags in IAM policy <code>Condition</code> elements as part of your security strategy, then adding or removing a tag can change permissions. If the successful completion of this operation would result in you losing your permissions for this secret, then this operation is blocked and returns an <code>Access Denied</code> error.</p> </li> </ul> </important> <p>This parameter requires a JSON text string argument. For information on how to format a JSON parameter for the various command line tool environments, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json\">Using JSON for Parameters</a> in the <i>CLI User Guide</i>. For example:</p> <p> <code>[{\"Key\":\"CostCenter\",\"Value\":\"12345\"},{\"Key\":\"environment\",\"Value\":\"production\"}]</code> </p> <p>If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text. </p> <p>The following basic restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per secret—50</p> </li> <li> <p>Maximum key length—127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length—255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.</p> </li> <li> <p>If you use your tagging schema across multiple services and resources, remember other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.</p> </li> </ul>"
+          "documentation":"<p>A list of tags to attach to the secret. Each tag is a key and value pair of strings in a JSON text string, for example:</p> <p> <code>[{\"Key\":\"CostCenter\",\"Value\":\"12345\"},{\"Key\":\"environment\",\"Value\":\"production\"}]</code> </p> <p>Secrets Manager tag key names are case sensitive. A tag with the key \"ABC\" is a different tag from one with key \"abc\".</p> <p>If you check tags in permissions policies as part of your security strategy, then adding or removing a tag can change permissions. If the completion of this operation would result in you losing your permissions for this secret, then Secrets Manager blocks the operation and returns an <code>Access Denied</code> error. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#tag-secrets-abac\">Control access to secrets using tags</a> and <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html#auth-and-access_tags2\">Limit access to identities with tags that match secrets' tags</a>.</p> <p>For information about how to format a JSON parameter for the various command line tool environments, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json\">Using JSON for Parameters</a>. If your command-line tool or SDK requires quotation marks around the parameter, you should use single quotes to avoid confusion with the double quotes required in the JSON text.</p> <p>The following restrictions apply to tags:</p> <ul> <li> <p>Maximum number of tags per secret: 50</p> </li> <li> <p>Maximum key length: 127 Unicode characters in UTF-8</p> </li> <li> <p>Maximum value length: 255 Unicode characters in UTF-8</p> </li> <li> <p>Tag keys and values are case sensitive.</p> </li> <li> <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it for Amazon Web Services use. You can't edit or delete tag names or values with this prefix. Tags with this prefix do not count against your tags per secret limit.</p> </li> <li> <p>If you use your tagging schema across multiple services and resources, other services might have restrictions on allowed characters. Generally allowed characters: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @.</p> </li> </ul>"
         },
         "AddReplicaRegions":{
           "shape":"AddReplicaRegionListType",
-          "documentation":"<p>(Optional) Add a list of regions to replicate secrets. Secrets Manager replicates the KMSKeyID objects to the list of regions specified in the parameter.</p>"
+          "documentation":"<p>A list of Regions and KMS keys to replicate secrets.</p>"
         },
         "ForceOverwriteReplicaSecret":{
           "shape":"BooleanType",
-          "documentation":"<p>(Optional) If set, the replication overwrites a secret with the same name in the destination region.</p>"
+          "documentation":"<p>Specifies whether to overwrite a secret with the same name in the destination Region.</p>"
         }
       }
     },
@@ -471,19 +474,19 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the secret that you just created.</p> <note> <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when you initially create a secret. This affects only the ARN and not the actual friendly name. This ensures that if you create a new secret with the same name as an old secret that you previously deleted, then users with access to the old secret <i>don't</i> automatically get access to the new secret because the ARNs are different.</p> </note>"
+          "documentation":"<p>The ARN of the new secret. The ARN includes the name of the secret followed by six random characters. This ensures that if you create a new secret with the same name as a deleted secret, then users with access to the old secret don't get access to the new secret because the ARNs are different.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret that you just created.</p>"
+          "documentation":"<p>The name of the new secret.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>The unique identifier associated with the version of the secret you just created.</p>"
+          "documentation":"<p>The unique identifier associated with the version of the new secret.</p>"
         },
         "ReplicationStatus":{
           "shape":"ReplicationStatusListType",
-          "documentation":"<p>Describes a list of replication status objects as <code>InProgress</code>, <code>Failed</code> or <code>InSync</code>.</p>"
+          "documentation":"<p>A list of the replicas of this secret and their status:</p> <ul> <li> <p> <code>Failed</code>, which indicates that the replica was not created.</p> </li> <li> <p> <code>InProgress</code>, which indicates that Secrets Manager is in the process of creating the replica.</p> </li> <li> <p> <code>InSync</code>, which indicates that the replica was created.</p> </li> </ul>"
         }
       }
     },
@@ -502,7 +505,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to delete the attached resource-based policy for. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to delete the attached resource-based policy for.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         }
       }
     },
@@ -515,7 +518,7 @@
         },
         "Name":{
           "shape":"NameType",
-          "documentation":"<p>The friendly name of the secret that the resource-based policy was deleted for.</p>"
+          "documentation":"<p>The name of the secret that the resource-based policy was deleted for.</p>"
         }
       }
     },
@@ -525,16 +528,16 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret to delete. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to delete.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "RecoveryWindowInDays":{
           "shape":"RecoveryWindowInDaysType",
-          "documentation":"<p>(Optional) Specifies the number of days that Secrets Manager waits before Secrets Manager can delete the secret. You can't use both this parameter and the <code>ForceDeleteWithoutRecovery</code> parameter in the same API call.</p> <p>This value can range from 7 to 30 days with a default value of 30.</p>",
+          "documentation":"<p>The number of days from 7 to 30 that Secrets Manager waits before permanently deleting the secret. You can't use both this parameter and <code>ForceDeleteWithoutRecovery</code> in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.</p>",
           "box":true
         },
         "ForceDeleteWithoutRecovery":{
           "shape":"BooleanType",
-          "documentation":"<p>(Optional) Specifies that the secret is to be deleted without any recovery window. You can't use both this parameter and the <code>RecoveryWindowInDays</code> parameter in the same API call.</p> <p>An asynchronous background process performs the actual deletion, so there can be a short delay before the operation completes. If you write code to delete and then immediately recreate a secret with the same name, ensure that your code includes appropriate back off and retry logic.</p> <important> <p>Use this parameter with caution. This parameter causes the operation to skip the normal waiting period before the permanent deletion that Amazon Web Services would normally impose with the <code>RecoveryWindowInDays</code> parameter. If you delete a secret with the <code>ForceDeleteWithouRecovery</code> parameter, then you have no opportunity to recover the secret. You lose the secret permanently.</p> </important> <important> <p>If you use this parameter and include a previously deleted or nonexistent secret, the operation does not return the error <code>ResourceNotFoundException</code> in order to correctly handle retries.</p> </important>",
+          "documentation":"<p>Specifies whether to delete the secret without any recovery window. You can't use both this parameter and <code>RecoveryWindowInDays</code> in the same call. If you don't use either, then Secrets Manager defaults to a 30 day recovery window.</p> <p>Secrets Manager performs the actual deletion with an asynchronous background process, so there might be a short delay before the secret is permanently deleted. If you delete a secret and then immediately create a secret with the same name, use appropriate back off and retry logic.</p> <important> <p>Use this parameter with caution. This parameter causes the operation to skip the normal recovery window before the permanent deletion that Secrets Manager would normally impose with the <code>RecoveryWindowInDays</code> parameter. If you delete a secret with the <code>ForceDeleteWithouRecovery</code> parameter, then you have no opportunity to recover the secret. You lose the secret permanently.</p> </important>",
           "box":true
         }
       }
@@ -544,15 +547,15 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The ARN of the secret that is now scheduled for deletion.</p>"
+          "documentation":"<p>The ARN of the secret.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret currently scheduled for deletion.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         },
         "DeletionDate":{
           "shape":"DeletionDateType",
-          "documentation":"<p>The date and time after which this secret can be deleted by Secrets Manager and can no longer be restored. This value is the date and time of the delete request plus the number of days specified in <code>RecoveryWindowInDays</code>.</p>",
+          "documentation":"<p>The date and time after which this secret Secrets Manager can permanently delete this secret, and it can no longer be restored. This value is the date and time of the delete request plus the number of days in <code>RecoveryWindowInDays</code>.</p>",
           "box":true
         }
       }
@@ -565,7 +568,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>The identifier of the secret whose details you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret. </p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         }
       }
     },
@@ -578,32 +581,32 @@
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The user-provided friendly name of the secret.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         },
         "Description":{
           "shape":"DescriptionType",
-          "documentation":"<p>The user-provided description of the secret.</p>"
+          "documentation":"<p>The description of the secret.</p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyIdType",
-          "documentation":"<p>The ARN or alias of the Amazon Web Services KMS customer master key (CMK) that's used to encrypt the <code>SecretString</code> or <code>SecretBinary</code> fields in each version of the secret. If you don't provide a key, then Secrets Manager defaults to encrypting the secret fields with the default Amazon Web Services KMS CMK (the one named <code>awssecretsmanager</code>) for this account.</p>"
+          "documentation":"<p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with the Amazon Web Services managed key <code>aws/secretsmanager</code>, this field is omitted.</p>"
         },
         "RotationEnabled":{
           "shape":"RotationEnabledType",
-          "documentation":"<p>Specifies whether automatic rotation is enabled for this secret.</p> <p>To enable rotation, use <a>RotateSecret</a> with <code>AutomaticallyRotateAfterDays</code> set to a value greater than 0. To disable rotation, use <a>CancelRotateSecret</a>.</p>",
+          "documentation":"<p>Specifies whether automatic rotation is turned on for this secret.</p> <p>To turn on rotation, use <a>RotateSecret</a>. To turn off rotation, use <a>CancelRotateSecret</a>.</p>",
           "box":true
         },
         "RotationLambdaARN":{
           "shape":"RotationLambdaARNType",
-          "documentation":"<p>The ARN of a Lambda function that's invoked by Secrets Manager to rotate the secret either automatically per the schedule or manually by a call to <code>RotateSecret</code>.</p>"
+          "documentation":"<p>The ARN of the Lambda function that Secrets Manager invokes to rotate the secret. </p>"
         },
         "RotationRules":{
           "shape":"RotationRulesType",
-          "documentation":"<p>A structure with the rotation configuration for this secret. This field is only populated if rotation is configured.</p>"
+          "documentation":"<p>The rotation schedule and Lambda function for this secret. If the secret previously had rotation turned on, but it is now turned off, this field shows the previous rotation schedule and rotation function. If the secret never had rotation turned on, this field is omitted.</p>"
         },
         "LastRotatedDate":{
           "shape":"LastRotatedDateType",
-          "documentation":"<p>The last date and time that the rotation process for this secret was invoked.</p> <p>The most recent date and time that the Secrets Manager rotation process successfully completed. If the secret doesn't rotate, Secrets Manager returns a null value.</p>",
+          "documentation":"<p>The last date and time that Secrets Manager rotated the secret. If the secret isn't configured for rotation, Secrets Manager returns null.</p>",
           "box":true
         },
         "LastChangedDate":{
@@ -613,38 +616,38 @@
         },
         "LastAccessedDate":{
           "shape":"LastAccessedDateType",
-          "documentation":"<p>The last date that this secret was accessed. This value is truncated to midnight of the date and therefore shows only the date, not the time.</p>",
+          "documentation":"<p>The last date that the secret value was retrieved. This value does not include the time. This field is omitted if the secret has never been retrieved.</p>",
           "box":true
         },
         "DeletedDate":{
           "shape":"DeletedDateType",
-          "documentation":"<p>This value exists if the secret is scheduled for deletion. Some time after the specified date and time, Secrets Manager deletes the secret and all of its versions.</p> <p>If a secret is scheduled for deletion, then its details, including the encrypted secret information, is not accessible. To cancel a scheduled deletion and restore access, use <a>RestoreSecret</a>.</p>",
+          "documentation":"<p>The date the secret is scheduled for deletion. If it is not scheduled for deletion, this field is omitted. When you delete a secret, Secrets Manager requires a recovery window of at least 7 days before deleting the secret. Some time after the deleted date, Secrets Manager deletes the secret, including all of its versions.</p> <p>If a secret is scheduled for deletion, then its details, including the encrypted secret value, is not accessible. To cancel a scheduled deletion and restore access to the secret, use <a>RestoreSecret</a>.</p>",
           "box":true
         },
         "Tags":{
           "shape":"TagListType",
-          "documentation":"<p>The list of user-defined tags that are associated with the secret. To add tags to a secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>"
+          "documentation":"<p>The list of tags attached to the secret. To add tags to a secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>"
         },
         "VersionIdsToStages":{
           "shape":"SecretVersionsToStagesMapType",
-          "documentation":"<p>A list of all of the currently assigned <code>VersionStage</code> staging labels and the <code>VersionId</code> that each is attached to. Staging labels are used to keep track of the different versions during the rotation process.</p> <note> <p>A version that does not have any staging labels attached is considered deprecated and subject to deletion. Such versions are not included in this list.</p> </note>"
+          "documentation":"<p>A list of the versions of the secret that have staging labels attached. Versions that don't have staging labels are considered deprecated and Secrets Manager can delete them.</p> <p>Secrets Manager uses staging labels to indicate the status of a secret version during rotation. The three staging labels for rotation are: </p> <ul> <li> <p> <code>AWSCURRENT</code>, which indicates the current version of the secret.</p> </li> <li> <p> <code>AWSPENDING</code>, which indicates the version of the secret that contains new secret information that will become the next current version when rotation finishes.</p> <p>During rotation, Secrets Manager creates an <code>AWSPENDING</code> version ID before creating the new secret version. To check if a secret version exists, call <a>GetSecretValue</a>.</p> </li> <li> <p> <code>AWSPREVIOUS</code>, which indicates the previous current version of the secret. You can use this as the <i>last known good</i> version.</p> </li> </ul> <p>For more information about rotation and staging labels, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html\">How rotation works</a>.</p>"
         },
         "OwningService":{
           "shape":"OwningServiceType",
-          "documentation":"<p>Returns the name of the service that created this secret.</p>"
+          "documentation":"<p>The name of the service that created this secret.</p>"
         },
         "CreatedDate":{
           "shape":"TimestampType",
-          "documentation":"<p>The date you created the secret.</p>",
+          "documentation":"<p>The date the secret was created.</p>",
           "box":true
         },
         "PrimaryRegion":{
           "shape":"RegionType",
-          "documentation":"<p>Specifies the primary region for secret replication. </p>"
+          "documentation":"<p>The Region the secret is in. If a secret is replicated to other Regions, the replicas are listed in <code>ReplicationStatus</code>. </p>"
         },
         "ReplicationStatus":{
           "shape":"ReplicationStatusListType",
-          "documentation":"<p>Describes a list of replication status objects as <code>InProgress</code>, <code>Failed</code> or <code>InSync</code>.<code>P</code> </p>"
+          "documentation":"<p>A list of the replicas of this secret and their status: </p> <ul> <li> <p> <code>Failed</code>, which indicates that the replica was not created.</p> </li> <li> <p> <code>InProgress</code>, which indicates that Secrets Manager is in the process of creating the replica.</p> </li> <li> <p> <code>InSync</code>, which indicates that the replica was created.</p> </li> </ul>"
         }
       }
     },
@@ -652,12 +655,18 @@
       "type":"string",
       "max":2048
     },
+    "DurationType":{
+      "type":"string",
+      "max":3,
+      "min":2,
+      "pattern":"[0-9h]+"
+    },
     "EncryptionFailure":{
       "type":"structure",
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the customer master key (CMK) is available, enabled, and not in an invalid state. For more information, see <a href=\"http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">How Key State Affects Use of a Customer Master Key</a>.</p>",
+      "documentation":"<p>Secrets Manager can't encrypt the protected secret text using the provided KMS key. Check that the KMS key is available, enabled, and not in an invalid state. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html\">Key state: Effect on your KMS key</a>.</p>",
       "exception":true
     },
     "ErrorMessage":{"type":"string"},
@@ -675,14 +684,14 @@
       "members":{
         "Key":{
           "shape":"FilterNameStringType",
-          "documentation":"<p>Filters your list of secrets by a specific key.</p>"
+          "documentation":"<p>The following are keys you can use:</p> <ul> <li> <p> <b>description</b>: Prefix match, not case-sensitive.</p> </li> <li> <p> <b>name</b>: Prefix match, case-sensitive.</p> </li> <li> <p> <b>tag-key</b>: Prefix match, case-sensitive.</p> </li> <li> <p> <b>tag-value</b>: Prefix match, case-sensitive.</p> </li> <li> <p> <b>primary-region</b>: Prefix match, case-sensitive.</p> </li> <li> <p> <b>all</b>: Breaks the filter value string into words and then searches all attributes for matches. Not case-sensitive.</p> </li> </ul>"
         },
         "Values":{
           "shape":"FilterValuesStringList",
-          "documentation":"<p>Filters your list of secrets by a specific value.</p> <p>You can prefix your search value with an exclamation mark (<code>!</code>) in order to perform negation filters. </p>"
+          "documentation":"<p>The keyword to filter for.</p> <p>You can prefix your search value with an exclamation mark (<code>!</code>) in order to perform negation filters. </p>"
         }
       },
-      "documentation":"<p>Allows you to add filters when you use the search function in Secrets Manager.</p>"
+      "documentation":"<p>Allows you to add filters when you use the search function in Secrets Manager. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html\">Find secrets in Secrets Manager</a>.</p>"
     },
     "FilterNameStringType":{
       "type":"string",
@@ -716,41 +725,41 @@
       "members":{
         "PasswordLength":{
           "shape":"PasswordLengthType",
-          "documentation":"<p>The desired length of the generated password. The default value if you do not include this parameter is 32 characters.</p>",
+          "documentation":"<p>The length of the password. If you don't include this parameter, the default length is 32 characters.</p>",
           "box":true
         },
         "ExcludeCharacters":{
           "shape":"ExcludeCharactersType",
-          "documentation":"<p>A string that includes characters that should not be included in the generated password. The default is that all characters from the included sets can be used.</p>"
+          "documentation":"<p>A string of the characters that you don't want in the password.</p>"
         },
         "ExcludeNumbers":{
           "shape":"ExcludeNumbersType",
-          "documentation":"<p>Specifies that the generated password should not include digits. The default if you do not include this switch parameter is that digits can be included.</p>",
+          "documentation":"<p>Specifies whether to exclude numbers from the password. If you don't include this switch, the password can contain numbers.</p>",
           "box":true
         },
         "ExcludePunctuation":{
           "shape":"ExcludePunctuationType",
-          "documentation":"<p>Specifies that the generated password should not include punctuation characters. The default if you do not include this switch parameter is that punctuation characters can be included.</p> <p>The following are the punctuation characters that <i>can</i> be included in the generated password if you don't explicitly exclude them with <code>ExcludeCharacters</code> or <code>ExcludePunctuation</code>:</p> <p> <code>! \" # $ % &amp; ' ( ) * + , - . / : ; &lt; = &gt; ? @ [ \\ ] ^ _ ` { | } ~</code> </p>",
+          "documentation":"<p>Specifies whether to exclude the following punctuation characters from the password: <code>! \" # $ % &amp; ' ( ) * + , - . / : ; &lt; = &gt; ? @ [ \\ ] ^ _ ` { | } ~</code>. If you don't include this switch, the password can contain punctuation.</p>",
           "box":true
         },
         "ExcludeUppercase":{
           "shape":"ExcludeUppercaseType",
-          "documentation":"<p>Specifies that the generated password should not include uppercase letters. The default if you do not include this switch parameter is that uppercase letters can be included.</p>",
+          "documentation":"<p>Specifies whether to exclude uppercase letters from the password. If you don't include this switch, the password can contain uppercase letters.</p>",
           "box":true
         },
         "ExcludeLowercase":{
           "shape":"ExcludeLowercaseType",
-          "documentation":"<p>Specifies that the generated password should not include lowercase letters. The default if you do not include this switch parameter is that lowercase letters can be included.</p>",
+          "documentation":"<p>Specifies whether to exclude lowercase letters from the password. If you don't include this switch, the password can contain lowercase letters.</p>",
           "box":true
         },
         "IncludeSpace":{
           "shape":"IncludeSpaceType",
-          "documentation":"<p>Specifies that the generated password can include the space character. The default if you do not include this switch parameter is that the space character is not included.</p>",
+          "documentation":"<p>Specifies whether to include the space character. If you include this switch, the password can contain space characters.</p>",
           "box":true
         },
         "RequireEachIncludedType":{
           "shape":"RequireEachIncludedTypeType",
-          "documentation":"<p>A boolean value that specifies whether the generated password must include at least one of every allowed character type. The default value is <code>True</code> and the operation requires at least one of every character type.</p>",
+          "documentation":"<p>Specifies whether to include at least one upper and lowercase letter, one number, and one punctuation. If you don't include this switch, the password contains at least one of every character type.</p>",
           "box":true
         }
       }
@@ -760,7 +769,7 @@
       "members":{
         "RandomPassword":{
           "shape":"RandomPasswordType",
-          "documentation":"<p>A string with the generated password.</p>"
+          "documentation":"<p>A string with the password.</p>"
         }
       }
     },
@@ -770,7 +779,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to retrieve the attached resource-based policy for. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to retrieve the attached resource-based policy for.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         }
       }
     },
@@ -783,11 +792,11 @@
         },
         "Name":{
           "shape":"NameType",
-          "documentation":"<p>The friendly name of the secret that the resource-based policy was retrieved for.</p>"
+          "documentation":"<p>The name of the secret that the resource-based policy was retrieved for.</p>"
         },
         "ResourcePolicy":{
           "shape":"NonEmptyResourcePolicyType",
-          "documentation":"<p>A JSON-formatted string that describes the permissions that are associated with the attached secret. These permissions are combined with any permissions that are associated with the user or role that attempts to access this secret. The combined permissions specify who can access the secret and what actions they can perform. For more information, see <a href=\"http://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and Access Control for Amazon Web Services Secrets Manager</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p>"
+          "documentation":"<p>A JSON-formatted string that contains the permissions policy attached to the secret. For more information about permissions policies, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html\">Authentication and access control for Secrets Manager</a>.</p>"
         }
       }
     },
@@ -797,15 +806,15 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to retrieve.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>Specifies the unique identifier of the version of the secret that you want to retrieve. If you specify both this parameter and <code>VersionStage</code>, the two parameters must refer to the same secret version. If you don't specify either a <code>VersionStage</code> or <code>VersionId</code> then the default is to perform the operation on the version with the <code>VersionStage</code> value of <code>AWSCURRENT</code>.</p> <p>This value is typically a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value with 32 hexadecimal digits.</p>"
+          "documentation":"<p>The unique identifier of the version of the secret to retrieve. If you include both this parameter and <code>VersionStage</code>, the two parameters must refer to the same secret version. If you don't specify either a <code>VersionStage</code> or <code>VersionId</code>, then Secrets Manager returns the <code>AWSCURRENT</code> version.</p> <p>This value is typically a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value with 32 hexadecimal digits.</p>"
         },
         "VersionStage":{
           "shape":"SecretVersionStageType",
-          "documentation":"<p>Specifies the secret version that you want to retrieve by the staging label attached to the version.</p> <p>Staging labels are used to keep track of different versions during the rotation process. If you specify both this parameter and <code>VersionId</code>, the two parameters must refer to the same secret version . If you don't specify either a <code>VersionStage</code> or <code>VersionId</code>, then the default is to perform the operation on the version with the <code>VersionStage</code> value of <code>AWSCURRENT</code>.</p>"
+          "documentation":"<p>The staging label of the version of the secret to retrieve. </p> <p>Secrets Manager uses staging labels to keep track of different versions during the rotation process. If you include both this parameter and <code>VersionId</code>, the two parameters must refer to the same secret version. If you don't specify either a <code>VersionStage</code> or <code>VersionId</code>, Secrets Manager returns the <code>AWSCURRENT</code> version.</p>"
         }
       }
     },
@@ -826,11 +835,11 @@
         },
         "SecretBinary":{
           "shape":"SecretBinaryType",
-          "documentation":"<p>The decrypted part of the protected secret information that was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a <a href=\"https://tools.ietf.org/html/rfc4648#section-4\">base64-encoded</a> string.</p> <p>This parameter is not used if the secret is created by the Secrets Manager console.</p> <p>If you store custom information in this field of the secret, then you must code your Lambda rotation function to parse and interpret whatever you store in the <code>SecretString</code> or <code>SecretBinary</code> fields.</p>"
+          "documentation":"<p>The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The response parameter represents the binary data as a <a href=\"https://tools.ietf.org/html/rfc4648#section-4\">base64-encoded</a> string.</p> <p>If the secret was created by using the Secrets Manager console, or if the secret value was originally provided as a string, then this field is omitted. The secret value appears in <code>SecretString</code> instead.</p>"
         },
         "SecretString":{
           "shape":"SecretStringType",
-          "documentation":"<p>The decrypted part of the protected secret information that was originally provided as a string.</p> <p>If you create this secret by using the Secrets Manager console then only the <code>SecretString</code> parameter contains data. Secrets Manager stores the information as a JSON structure of key/value pairs that the Lambda rotation function knows how to parse.</p> <p>If you store custom information in the secret by using the <a>CreateSecret</a>, <a>UpdateSecret</a>, or <a>PutSecretValue</a> API operations instead of the Secrets Manager console, or by using the <b>Other secret type</b> in the console, then you must code your Lambda rotation function to parse and interpret those values.</p>"
+          "documentation":"<p>The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.</p> <p>If this secret was created by using the console, then Secrets Manager stores the information as a JSON structure of key/value pairs. </p>"
         },
         "VersionStages":{
           "shape":"SecretVersionStagesType",
@@ -838,7 +847,7 @@
         },
         "CreatedDate":{
           "shape":"CreatedDateType",
-          "documentation":"<p>The date and time that this version of the secret was created.</p>",
+          "documentation":"<p>The date and time that this version of the secret was created. If you don't specify which version in <code>VersionId</code> or <code>VersionStage</code>, then Secrets Manager uses the <code>AWSCURRENT</code> version.</p>",
           "box":true
         }
       }
@@ -858,7 +867,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>You provided an invalid <code>NextToken</code> value.</p>",
+      "documentation":"<p>The <code>NextToken</code> value is invalid.</p>",
       "exception":true
     },
     "InvalidParameterException":{
@@ -866,7 +875,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>You provided an invalid value for a parameter.</p>",
+      "documentation":"<p>The parameter name or value is invalid.</p>",
       "exception":true
     },
     "InvalidRequestException":{
@@ -874,7 +883,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>You provided a parameter value that is not valid for the current state of the resource.</p> <p>Possible causes:</p> <ul> <li> <p>You tried to perform the operation on a secret that's currently marked deleted.</p> </li> <li> <p>You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call. </p> </li> </ul>",
+      "documentation":"<p>A parameter value is not valid for the current state of the resource.</p> <p>Possible causes:</p> <ul> <li> <p>The secret is scheduled for deletion.</p> </li> <li> <p>You tried to enable rotation on a secret that doesn't already have a Lambda function ARN configured and you didn't include such an ARN as a parameter in this call. </p> </li> </ul>",
       "exception":true
     },
     "KmsKeyIdListType":{
@@ -894,7 +903,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The request failed because it would exceed one of the Secrets Manager internal limits.</p>",
+      "documentation":"<p>The request failed because it would exceed one of the Secrets Manager quotas.</p>",
       "exception":true
     },
     "ListSecretVersionIdsRequest":{
@@ -903,20 +912,20 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>The identifier for the secret containing the versions you want to list. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret whose versions you want to list.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "MaxResults":{
           "shape":"MaxResultsType",
-          "documentation":"<p>(Optional) Limits the number of results you want to include in the response. If you don't include this parameter, it defaults to a value that's specific to the operation. If additional items exist beyond the maximum you specify, the <code>NextToken</code> response element is present and has a value (isn't null). Include that value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that Secrets Manager might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>",
+          "documentation":"<p>The number of results to include in the response.</p> <p>If there are more results available, in the response, Secrets Manager includes <code>NextToken</code>. To get the next results, call <code>ListSecretVersionIds</code> again with the value from <code>NextToken</code>. </p>",
           "box":true
         },
         "NextToken":{
           "shape":"NextTokenType",
-          "documentation":"<p>(Optional) Use this parameter in a request if you receive a <code>NextToken</code> response in a previous request indicating there's more output available. In a subsequent call, set it to the value of the previous call <code>NextToken</code> response to indicate where the output should continue from.</p>"
+          "documentation":"<p>A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call <code>ListSecretVersionIds</code> again with this value.</p>"
         },
         "IncludeDeprecated":{
           "shape":"BooleanType",
-          "documentation":"<p>(Optional) Specifies that you want the results to include versions that do not have any staging labels attached to them. Such versions are considered deprecated and are subject to deletion by Secrets Manager as needed.</p>",
+          "documentation":"<p>Specifies whether to include versions of secrets that don't have any staging labels attached to them. Versions without staging labels are considered deprecated and are subject to deletion by Secrets Manager.</p>",
           "box":true
         }
       }
@@ -926,19 +935,19 @@
       "members":{
         "Versions":{
           "shape":"SecretVersionsListType",
-          "documentation":"<p>The list of the currently available versions of the specified secret.</p>"
+          "documentation":"<p>A list of the versions of the secret.</p>"
         },
         "NextToken":{
           "shape":"NextTokenType",
-          "documentation":"<p>If present in the response, this value indicates that there's more output available than included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a very long list. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to continue processing and get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back empty (as <code>null</code>).</p>"
+          "documentation":"<p>Secrets Manager includes this value if there's more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call <code>ListSecretVersionIds</code> again with this value. </p>"
         },
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the secret.</p> <note> <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when you initially create a secret. This affects only the ARN and not the actual friendly name. This ensures that if you create a new secret with the same name as an old secret that you previously deleted, then users with access to the old secret <i>don't</i> automatically get access to the new secret because the ARNs are different.</p> </note>"
+          "documentation":"<p>The ARN of the secret.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         }
       }
     },
@@ -947,16 +956,16 @@
       "members":{
         "MaxResults":{
           "shape":"MaxResultsType",
-          "documentation":"<p>(Optional) Limits the number of results you want to include in the response. If you don't include this parameter, it defaults to a value that's specific to the operation. If additional items exist beyond the maximum you specify, the <code>NextToken</code> response element is present and has a value (isn't null). Include that value as the <code>NextToken</code> request parameter in the next call to the operation to get the next part of the results. Note that Secrets Manager might return fewer results than the maximum even when there are more results available. You should check <code>NextToken</code> after every operation to ensure that you receive all of the results.</p>",
+          "documentation":"<p>The number of results to include in the response.</p> <p>If there are more results available, in the response, Secrets Manager includes <code>NextToken</code>. To get the next results, call <code>ListSecrets</code> again with the value from <code>NextToken</code>.</p>",
           "box":true
         },
         "NextToken":{
           "shape":"NextTokenType",
-          "documentation":"<p>(Optional) Use this parameter in a request if you receive a <code>NextToken</code> response in a previous request indicating there's more output available. In a subsequent call, set it to the value of the previous call <code>NextToken</code> response to indicate where the output should continue from.</p>"
+          "documentation":"<p>A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call <code>ListSecrets</code> again with this value.</p>"
         },
         "Filters":{
           "shape":"FiltersListType",
-          "documentation":"<p>Lists the secret request filters.</p>"
+          "documentation":"<p>The filters to apply to the list of secrets.</p>"
         },
         "SortOrder":{
           "shape":"SortOrderType",
@@ -973,7 +982,7 @@
         },
         "NextToken":{
           "shape":"NextTokenType",
-          "documentation":"<p>If present in the response, this value indicates that there's more output available than included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a very long list. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to continue processing and get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back empty (as <code>null</code>).</p>"
+          "documentation":"<p>Secrets Manager includes this value if there's more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call <code>ListSecrets</code> again with this value.</p>"
         }
       }
     },
@@ -982,7 +991,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>You provided a resource-based policy with syntax errors.</p>",
+      "documentation":"<p>The resource policy has syntax errors.</p>",
       "exception":true
     },
     "MaxResultsType":{
@@ -1028,7 +1037,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The BlockPublicPolicy parameter is set to true and the resource policy did not prevent broad access to the secret.</p>",
+      "documentation":"<p>The <code>BlockPublicPolicy</code> parameter is set to true, and the resource policy did not prevent broad access to the secret.</p>",
       "exception":true
     },
     "PutResourcePolicyRequest":{
@@ -1040,15 +1049,15 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to attach the resource-based policy. You can specify either the ARN or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to attach the resource-based policy.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "ResourcePolicy":{
           "shape":"NonEmptyResourcePolicyType",
-          "documentation":"<p>A JSON-formatted string constructed according to the grammar and syntax for an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For information on how to format a JSON parameter for the various command line tool environments, see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json\">Using JSON for Parameters</a> in the <i>CLI User Guide</i>.</p>"
+          "documentation":"<p>A JSON-formatted string for an Amazon Web Services resource-based policy. For example policies, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html\">Permissions policy examples</a>.</p>"
         },
         "BlockPublicPolicy":{
           "shape":"BooleanType",
-          "documentation":"<p>(Optional) If you set the parameter, <code>BlockPublicPolicy</code> to true, then you block resource-based policies that allow broad access to the secret.</p>",
+          "documentation":"<p>Specifies whether to block resource-based policies that allow broad access to the secret. By default, Secrets Manager blocks policies that allow broad access, for example those that use a wildcard for the principal.</p>",
           "box":true
         }
       }
@@ -1058,11 +1067,11 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The ARN of the secret retrieved by the resource-based policy.</p>"
+          "documentation":"<p>The ARN of the secret.</p>"
         },
         "Name":{
           "shape":"NameType",
-          "documentation":"<p>The friendly name of the secret retrieved by the resource-based policy.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         }
       }
     },
@@ -1072,24 +1081,24 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to add a new version to.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p> <p>If the secret doesn't already exist, use <code>CreateSecret</code> instead.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenType",
-          "documentation":"<p>(Optional) Specifies a unique identifier for the new version of the secret. </p> <note> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new versions and include that value in the request. </p> </note> <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during the Lambda rotation function's processing. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness within the specified secret. </p> <ul> <li> <p>If the <code>ClientRequestToken</code> value isn't already associated with a version of the secret then a new version of the secret is created. </p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> or <code>SecretBinary</code> values are the same as those in the request then the request is ignored (the operation is idempotent). </p> </li> <li> <p>If a version with this value already exists and the version of the <code>SecretString</code> and <code>SecretBinary</code> values are different from those in the request then the request fails because you cannot modify an existing secret version. You can only create new versions to store new secret values.</p> </li> </ul> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
+          "documentation":"<p>A unique identifier for the new version of the secret. </p> <note> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty because they generate a random UUID for you. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new versions and include that value in the request. </p> </note> <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during the Lambda rotation function processing. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness within the specified secret. </p> <ul> <li> <p>If the <code>ClientRequestToken</code> value isn't already associated with a version of the secret then a new version of the secret is created. </p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> or <code>SecretBinary</code> values are the same as those in the request then the request is ignored. The operation is idempotent. </p> </li> <li> <p>If a version with this value already exists and the version of the <code>SecretString</code> and <code>SecretBinary</code> values are different from those in the request, then the request fails because you can't modify a secret version. You can only create new versions to store new secret values.</p> </li> </ul> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
           "idempotencyToken":true
         },
         "SecretBinary":{
           "shape":"SecretBinaryType",
-          "documentation":"<p>(Optional) Specifies binary data that you want to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then use the appropriate technique for your tool to pass the contents of the file as a parameter. Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but not both. They cannot both be empty.</p> <p>This parameter is not accessible if the secret using the Secrets Manager console.</p> <p/>"
+          "documentation":"<p>The binary data to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then pass the contents of the file as a parameter. </p> <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not both.</p> <p>You can't access this value from the Secrets Manager console.</p>"
         },
         "SecretString":{
           "shape":"SecretStringType",
-          "documentation":"<p>(Optional) Specifies text data that you want to encrypt and store in this new version of the secret. Either <code>SecretString</code> or <code>SecretBinary</code> must have a value, but not both. They cannot both be empty.</p> <p>If you create this secret by using the Secrets Manager console then Secrets Manager puts the protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the information as a JSON structure of key/value pairs that the default Lambda rotation function knows how to parse.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
+          "documentation":"<p>The text to encrypt and store in the new version of the secret. </p> <p>You must include <code>SecretBinary</code> or <code>SecretString</code>, but not both.</p> <p>We recommend you create the secret string as JSON key/value pairs, as shown in the example.</p>"
         },
         "VersionStages":{
           "shape":"SecretVersionStagesType",
-          "documentation":"<p>(Optional) Specifies a list of staging labels that are attached to this version of the secret. These staging labels are used to track the versions through the rotation process by the Lambda rotation function.</p> <p>A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version.</p> <p>If you do not specify a value for <code>VersionStages</code> then Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to this new version.</p>"
+          "documentation":"<p>A list of staging labels to attach to this version of the secret. Secrets Manager uses staging labels to track versions of a secret through the rotation process.</p> <p>If you specify a staging label that's already associated with a different version of the same secret, then Secrets Manager removes the label from the other version and attaches it to this version. If you specify <code>AWSCURRENT</code>, and it is already attached to another version, then Secrets Manager also moves the staging label <code>AWSPREVIOUS</code> to the version that <code>AWSCURRENT</code> was removed from.</p> <p>If you don't include <code>VersionStages</code>, then Secrets Manager automatically moves the staging label <code>AWSCURRENT</code> to this version.</p>"
         }
       }
     },
@@ -1098,19 +1107,19 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the secret for which you just created a version.</p>"
+          "documentation":"<p>The ARN of the secret.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret for which you just created or updated a version.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>The unique identifier of the version of the secret you just created or updated.</p>"
+          "documentation":"<p>The unique identifier of the version of the secret.</p>"
         },
         "VersionStages":{
           "shape":"SecretVersionStagesType",
-          "documentation":"<p>The list of staging labels that are currently attached to this version of the secret. Staging labels are used to track a version as it progresses through the secret rotation process.</p>"
+          "documentation":"<p>The list of staging labels that are currently attached to this version of the secret. Secrets Manager uses staging labels to track a version as it progresses through the secret rotation process.</p>"
         }
       }
     },
@@ -1136,11 +1145,11 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Remove a secret by <code>SecretId</code> from replica Regions.</p>"
+          "documentation":"<p>The ARN or name of the secret.</p>"
         },
         "RemoveReplicaRegions":{
           "shape":"RemoveReplicaRegionListType",
-          "documentation":"<p>Remove replication from specific Regions.</p>"
+          "documentation":"<p>The Regions of the replicas to remove.</p>"
         }
       }
     },
@@ -1149,11 +1158,11 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The secret <code>ARN</code> removed from replication regions.</p>"
+          "documentation":"<p>The ARN of the primary secret.</p>"
         },
         "ReplicationStatus":{
           "shape":"ReplicationStatusListType",
-          "documentation":"<p>Describes the remaining replication status after you remove regions from the replication list.</p>"
+          "documentation":"<p>The status of replicas for this secret after you remove Regions.</p>"
         }
       }
     },
@@ -1167,14 +1176,14 @@
       "members":{
         "Region":{
           "shape":"RegionType",
-          "documentation":"<p>Describes a single instance of Region objects.</p>"
+          "documentation":"<p>A Region code. For a list of Region codes, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints\">Name and code of Regions</a>.</p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyIdType",
-          "documentation":"<p>Can be an <code>ARN</code>, <code>Key ID</code>, or <code>Alias</code>. </p>"
+          "documentation":"<p>The ARN, key ID, or alias of the KMS key to encrypt the secret. If you don't include this field, Secrets Manager uses <code>aws/secretsmanager</code>.</p>"
         }
       },
-      "documentation":"<p>(Optional) Custom type consisting of a <code>Region</code> (required) and the <code>KmsKeyId</code> which can be an <code>ARN</code>, <code>Key ID</code>, or <code>Alias</code>.</p>"
+      "documentation":"<p>A custom type that specifies a <code>Region</code> and the <code>KmsKeyId</code> for a replica secret.</p>"
     },
     "ReplicateSecretToRegionsRequest":{
       "type":"structure",
@@ -1185,15 +1194,15 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Use the <code>Secret Id</code> to replicate a secret to regions.</p>"
+          "documentation":"<p>The ARN or name of the secret to replicate.</p>"
         },
         "AddReplicaRegions":{
           "shape":"AddReplicaRegionListType",
-          "documentation":"<p>Add Regions to replicate the secret.</p>"
+          "documentation":"<p>A list of Regions in which to replicate the secret.</p>"
         },
         "ForceOverwriteReplicaSecret":{
           "shape":"BooleanType",
-          "documentation":"<p>(Optional) If set, Secrets Manager replication overwrites a secret with the same name in the destination region.</p>"
+          "documentation":"<p>Specifies whether to overwrite a secret with the same name in the destination Region.</p>"
         }
       }
     },
@@ -1202,11 +1211,11 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>Replicate a secret based on the <code>ReplicaRegionType</code>&gt; consisting of a Region(required) and a KMSKeyId (optional) which can be the ARN, KeyID, or Alias. </p>"
+          "documentation":"<p>The ARN of the primary secret.</p>"
         },
         "ReplicationStatus":{
           "shape":"ReplicationStatusListType",
-          "documentation":"<p>Describes the secret replication status as <code>PENDING</code>, <code>SUCCESS</code> or <code>FAIL</code>.</p>"
+          "documentation":"<p>The status of replication.</p>"
         }
       }
     },
@@ -1254,7 +1263,7 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>We can't find the resource that you asked for.</p>",
+      "documentation":"<p>Secrets Manager can't find the resource that you asked for.</p>",
       "exception":true
     },
     "RestoreSecretRequest":{
@@ -1263,7 +1272,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to restore from a previously scheduled deletion. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to restore.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         }
       }
     },
@@ -1276,7 +1285,7 @@
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret that was restored.</p>"
+          "documentation":"<p>The name of the secret that was restored.</p>"
         }
       }
     },
@@ -1286,20 +1295,25 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to rotate. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret to rotate.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenType",
-          "documentation":"<p>(Optional) Specifies a unique identifier for the new version of the secret that helps ensure idempotency. </p> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new versions and include that value in the request.</p> <p>You only need to specify your own value if you implement your own retry logic and want to ensure that a given secret is not created twice. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness within the specified secret. </p> <p>Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during the function's processing. This value becomes the <code>VersionId</code> of the new version.</p>",
+          "documentation":"<p>A unique identifier for the new version of the secret that helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during rotation. This value becomes the <code>VersionId</code> of the new version.</p> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new versions and include that value in the request.</p> <p>You only need to specify this value if you implement your own retry logic and you want to ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness within the specified secret. </p>",
           "idempotencyToken":true
         },
         "RotationLambdaARN":{
           "shape":"RotationLambdaARNType",
-          "documentation":"<p>(Optional) Specifies the ARN of the Lambda function that can rotate the secret.</p>"
+          "documentation":"<p>The ARN of the Lambda rotation function that can rotate the secret.</p>"
         },
         "RotationRules":{
           "shape":"RotationRulesType",
           "documentation":"<p>A structure that defines the rotation configuration for this secret.</p>"
+        },
+        "RotateImmediately":{
+          "shape":"BooleanType",
+          "documentation":"<p>Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in <a>RotateSecretRequest$RotationRules</a>.</p> <p>If you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html\"> <code>testSecret</code> step</a> of the Lambda rotation function. The test creates an <code>AWSPENDING</code> version of the secret and then removes it.</p> <p>If you don't specify this value, then by default, Secrets Manager rotates the secret immediately.</p>",
+          "box":true
         }
       }
     },
@@ -1312,11 +1326,11 @@
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret.</p>"
+          "documentation":"<p>The name of the secret.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>The ID of the new version of the secret created by the rotation started by this request.</p>",
+          "documentation":"<p>The ID of the new version of the secret.</p>",
           "box":true
         }
       }
@@ -1332,12 +1346,26 @@
       "members":{
         "AutomaticallyAfterDays":{
           "shape":"AutomaticallyRotateAfterDaysType",
-          "documentation":"<p>Specifies the number of days between automatic scheduled rotations of the secret.</p> <p>Secrets Manager schedules the next rotation when the previous one is complete. Secrets Manager schedules the date by adding the rotation interval (number of days) to the actual date of the last rotation. The service chooses the hour within that 24-hour date window randomly. The minute is also chosen somewhat randomly, but weighted towards the top of the hour and influenced by a variety of factors that help distribute load.</p>",
+          "documentation":"<p>The number of days between automatic scheduled rotations of the secret. You can use this value to check that your secret meets your compliance guidelines for how often secrets must be rotated.</p> <p>In <code>DescribeSecret</code> and <code>ListSecrets</code>, this value is calculated from the rotation schedule after every successful rotation. In <code>RotateSecret</code>, you can set the rotation schedule in <code>RotationRules</code> with <code>AutomaticallyAfterDays</code> or <code>ScheduleExpression</code>, but not both.</p>",
           "box":true
+        },
+        "Duration":{
+          "shape":"DurationType",
+          "documentation":"<p>The length of the rotation window in hours, for example <code>3h</code> for a three hour window. Secrets Manager rotates your secret at any time during this window. The window must not go into the next UTC day. If you don't specify this value, the window automatically ends at the end of the UTC day. The window begins according to the <code>ScheduleExpression</code>. For more information, including examples, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html\">Schedule expressions in Secrets Manager rotation</a>.</p>"
+        },
+        "ScheduleExpression":{
+          "shape":"ScheduleExpressionType",
+          "documentation":"<p>A <code>cron()</code> or <code>rate()</code> expression that defines the schedule for rotating your secret. Secrets Manager rotation schedules use UTC time zone. </p> <p>Secrets Manager <code>rate()</code> expressions represent the interval in days that you want to rotate your secret, for example <code>rate(10 days)</code>. If you use a <code>rate()</code> expression, the rotation window opens at midnight, and Secrets Manager rotates your secret any time that day after midnight. You can set a <code>Duration</code> to shorten the rotation window.</p> <p>You can use a <code>cron()</code> expression to create rotation schedules that are more detailed than a rotation interval. For more information, including examples, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html\">Schedule expressions in Secrets Manager rotation</a>. If you use a <code>cron()</code> expression, Secrets Manager rotates your secret any time during that day after the window opens. For example, <code>cron(0 8 1 * ? *)</code> represents a rotation window that occurs on the first day of every month beginning at 8:00 AM UTC. Secrets Manager rotates the secret any time that day after 8:00 AM. You can set a <code>Duration</code> to shorten the rotation window.</p>"
         }
       },
       "documentation":"<p>A structure that defines the rotation configuration for the secret.</p>"
     },
+    "ScheduleExpressionType":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"[0-9A-Za-z\\(\\)#\\?\\*\\-\\/, ]+"
+    },
     "SecretARNType":{
       "type":"string",
       "max":2048,
@@ -1359,7 +1387,7 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the secret.</p> <p>For more information about ARNs in Secrets Manager, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#iam-resources\">Policy Resources</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the secret.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
@@ -1371,7 +1399,7 @@
         },
         "KmsKeyId":{
           "shape":"KmsKeyIdType",
-          "documentation":"<p>The ARN or alias of the Amazon Web Services KMS customer master key (CMK) used to encrypt the <code>SecretString</code> and <code>SecretBinary</code> fields in each version of the secret. If you don't provide a key, then Secrets Manager defaults to encrypting the secret fields with the default KMS CMK, the key named <code>awssecretsmanager</code>, for this account.</p>"
+          "documentation":"<p>The ARN of the KMS key that Secrets Manager uses to encrypt the secret value. If the secret is encrypted with the Amazon Web Services managed key <code>aws/secretsmanager</code>, this field is omitted.</p>"
         },
         "RotationEnabled":{
           "shape":"RotationEnabledType",
@@ -1380,7 +1408,7 @@
         },
         "RotationLambdaARN":{
           "shape":"RotationLambdaARNType",
-          "documentation":"<p>The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to <a>RotateSecret</a>.</p>"
+          "documentation":"<p>The ARN of an Amazon Web Services Lambda function invoked by Secrets Manager to rotate and expire the secret either automatically per the schedule or manually by a call to <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html\"> <code>RotateSecret</code> </a>.</p>"
         },
         "RotationRules":{
           "shape":"RotationRulesType",
@@ -1403,11 +1431,11 @@
         },
         "DeletedDate":{
           "shape":"DeletedDateType",
-          "documentation":"<p>The date and time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the <code>RecoveryWindowInDays</code> parameter of the <a>DeleteSecret</a> operation.</p>"
+          "documentation":"<p>The date and time the deletion of the secret occurred. Not present on active secrets. The secret can be recovered until the number of days in the recovery window has passed, as specified in the <code>RecoveryWindowInDays</code> parameter of the <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html\"> <code>DeleteSecret</code> </a> operation.</p>"
         },
         "Tags":{
           "shape":"TagListType",
-          "documentation":"<p>The list of user-defined tags associated with the secret. To add tags to a secret, use <a>TagResource</a>. To remove tags, use <a>UntagResource</a>.</p>"
+          "documentation":"<p>The list of user-defined tags associated with the secret. To add tags to a secret, use <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html\"> <code>TagResource</code> </a>. To remove tags, use <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html\"> <code>UntagResource</code> </a>.</p>"
         },
         "SecretVersionsToStages":{
           "shape":"SecretVersionsToStagesMapType",
@@ -1427,7 +1455,7 @@
           "documentation":"<p>The Region where Secrets Manager originated the secret.</p>"
         }
       },
-      "documentation":"<p>A structure that contains the details about a secret. It does not include the encrypted <code>SecretString</code> and <code>SecretBinary</code> values. To get those values, use the <a>GetSecretValue</a> operation.</p>"
+      "documentation":"<p>A structure that contains the details about a secret. It does not include the encrypted <code>SecretString</code> and <code>SecretBinary</code> values. To get those values, use <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html\">GetSecretValue</a> .</p>"
     },
     "SecretListType":{
       "type":"list",
@@ -1523,7 +1551,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Response to <code>StopReplicationToReplica</code> of a secret, based on the <code>SecretId</code>.</p>"
+          "documentation":"<p>The ARN of the primary secret. </p>"
         }
       }
     },
@@ -1532,7 +1560,7 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>Response <code>StopReplicationToReplica</code> of a secret, based on the <code>ARN,</code>.</p>"
+          "documentation":"<p>The ARN of the promoted secret. The ARN is the same as the original primary secret except the Region is changed.</p>"
         }
       }
     },
@@ -1572,11 +1600,11 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>The identifier for the secret that you want to attach tags to. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The identifier for the secret to attach tags to. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "Tags":{
           "shape":"TagListType",
-          "documentation":"<p>The tags to attach to the secret. Each element in the list consists of a <code>Key</code> and a <code>Value</code>.</p> <p>This parameter to the API requires a JSON text string argument.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
+          "documentation":"<p>The tags to attach to the secret as a JSON text string argument. Each element in the list consists of a <code>Key</code> and a <code>Value</code>.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
         }
       }
     },
@@ -1595,11 +1623,11 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>The identifier for the secret that you want to remove tags from. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "TagKeys":{
           "shape":"TagKeyListType",
-          "documentation":"<p>A list of tag key names to remove from the secret. You don't specify the value. Both the key and its associated value are removed.</p> <p>This parameter to the API requires a JSON text string argument.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
+          "documentation":"<p>A list of tag key names to remove from the secret. You don't specify the value. Both the key and its associated value are removed.</p> <p>This parameter requires a JSON text string argument.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
         }
       }
     },
@@ -1609,28 +1637,28 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret that you want to modify or to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "ClientRequestToken":{
           "shape":"ClientRequestTokenType",
-          "documentation":"<p>(Optional) If you want to add a new version to the secret, this parameter specifies a unique identifier for the new version that helps ensure idempotency. </p> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for new versions and include that value in the request.</p> <p>You typically only need to interact with this value if you implement your own retry logic and want to ensure that a given secret is not created twice. We recommend that you generate a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID-type</a> value to ensure uniqueness within the specified secret. </p> <p>Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during the Lambda rotation function's processing.</p> <ul> <li> <p>If the <code>ClientRequestToken</code> value isn't already associated with a version of the secret then a new version of the secret is created. </p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> and <code>SecretBinary</code> values are the same as those in the request then the request is ignored (the operation is idempotent). </p> </li> <li> <p>If a version with this value already exists and that version's <code>SecretString</code> and <code>SecretBinary</code> values are different from the request then an error occurs because you cannot modify an existing secret value.</p> </li> </ul> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
+          "documentation":"<p>If you include <code>SecretString</code> or <code>SecretBinary</code>, then Secrets Manager creates a new version for the secret, and this parameter specifies the unique identifier for the new version.</p> <note> <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. If you don't use the SDK and instead generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself for the new version and include the value in the request.</p> </note> <p>This value becomes the <code>VersionId</code> of the new version.</p>",
           "idempotencyToken":true
         },
         "Description":{
           "shape":"DescriptionType",
-          "documentation":"<p>(Optional) Specifies an updated user-provided description of the secret.</p>"
+          "documentation":"<p>The description of the secret.</p>"
         },
         "KmsKeyId":{
           "shape":"KmsKeyIdType",
-          "documentation":"<p>(Optional) Specifies an updated ARN or alias of the Amazon Web Services KMS customer master key (CMK) that Secrets Manager uses to encrypt the protected text in new versions of this secret as well as any existing versions of this secret that have the staging labels AWSCURRENT, AWSPENDING, or AWSPREVIOUS. For more information about staging labels, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label\">Staging Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>.</p> <important> <p>You can only use the account's default CMK to encrypt and decrypt if you call this operation using credentials from the same account that owns the secret. If the secret is in a different account, then you must create a custom CMK and provide the ARN of that CMK in this field. The user making the call must have permissions to both the secret and the CMK in their respective accounts.</p> </important>"
+          "documentation":"<p>The ARN, key ID, or alias of the KMS key that Secrets Manager uses to encrypt new secret versions as well as any existing versions the staging labels <code>AWSCURRENT</code>, <code>AWSPENDING</code>, or <code>AWSPREVIOUS</code>. For more information about versions and staging labels, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version\">Concepts: Version</a>.</p> <important> <p>You can only use the Amazon Web Services managed key <code>aws/secretsmanager</code> if you call this operation using credentials from the same Amazon Web Services account that owns the secret. If the secret is in a different account, then you must use a customer managed key and provide the ARN of that KMS key in this field. The user making the call must have permissions to both the secret and the KMS key in their respective accounts.</p> </important>"
         },
         "SecretBinary":{
           "shape":"SecretBinaryType",
-          "documentation":"<p>(Optional) Specifies updated binary data that you want to encrypt and store in the new version of the secret. To use this parameter in the command-line tools, we recommend that you store your binary data in a file and then use the appropriate technique for your tool to pass the contents of the file as a parameter. Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but not both. They cannot both be empty.</p> <p>This parameter is not accessible using the Secrets Manager console.</p>"
+          "documentation":"<p>The binary data to encrypt and store in the new version of the secret. We recommend that you store your binary data in a file and then pass the contents of the file as a parameter. </p> <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but not both.</p> <p>You can't access this parameter in the Secrets Manager console.</p>"
         },
         "SecretString":{
           "shape":"SecretStringType",
-          "documentation":"<p>(Optional) Specifies updated text data that you want to encrypt and store in this new version of the secret. Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but not both. They cannot both be empty.</p> <p>If you create this secret by using the Secrets Manager console then Secrets Manager puts the protected secret text in only the <code>SecretString</code> parameter. The Secrets Manager console stores the information as a JSON structure of key/value pairs that the default Lambda rotation function knows how to parse.</p> <p>For storing multiple values, we recommend that you use a JSON text string argument and specify key/value pairs. For more information, see <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html\">Specifying parameter values for the Amazon Web Services CLI</a> in the Amazon Web Services CLI User Guide.</p>"
+          "documentation":"<p>The text data to encrypt and store in the new version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value. </p> <p>Either <code>SecretBinary</code> or <code>SecretString</code> must have a value, but not both. </p>"
         }
       }
     },
@@ -1639,15 +1667,15 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The ARN of the secret that was updated.</p> <note> <p>Secrets Manager automatically adds several random characters to the name at the end of the ARN when you initially create a secret. This affects only the ARN and not the actual friendly name. This ensures that if you create a new secret with the same name as an old secret that you previously deleted, then users with access to the old secret <i>don't</i> automatically get access to the new secret because the ARNs are different.</p> </note>"
+          "documentation":"<p>The ARN of the secret that was updated.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret that was updated.</p>"
+          "documentation":"<p>The name of the secret that was updated.</p>"
         },
         "VersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>If a new version of the secret was created by this operation, then <code>VersionId</code> contains the unique identifier of the new version.</p>"
+          "documentation":"<p>If Secrets Manager created a new version of the secret during this operation, then <code>VersionId</code> contains the unique identifier of the new version.</p>"
         }
       }
     },
@@ -1660,7 +1688,7 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p>Specifies the secret with the version with the list of staging labels you want to modify. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>The ARN or the name of the secret with the version and staging labelsto modify.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
         },
         "VersionStage":{
           "shape":"SecretVersionStageType",
@@ -1668,12 +1696,12 @@
         },
         "RemoveFromVersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>Specifies the secret version ID of the version that the staging label is to be removed from. If the staging label you are trying to attach to one version is already attached to a different version, then you must include this parameter and specify the version that the label is to be removed from. If the label is attached and you either do not specify this parameter, or the version ID does not match, then the operation fails.</p>",
+          "documentation":"<p>The ID of the version that the staging label is to be removed from. If the staging label you are trying to attach to one version is already attached to a different version, then you must include this parameter and specify the version that the label is to be removed from. If the label is attached and you either do not specify this parameter, or the version ID does not match, then the operation fails.</p>",
           "box":true
         },
         "MoveToVersionId":{
           "shape":"SecretVersionIdType",
-          "documentation":"<p>(Optional) The secret version ID that you want to add the staging label. If you want to remove a label from a version, then do not specify this parameter.</p> <p>If the staging label is already attached to a different version of the secret, then you must also specify the <code>RemoveFromVersionId</code> parameter. </p>",
+          "documentation":"<p>The ID of the version to add the staging label to. To remove a label from a version, then do not specify this parameter.</p> <p>If the staging label is already attached to a different version of the secret, then you must also specify the <code>RemoveFromVersionId</code> parameter. </p>",
           "box":true
         }
       }
@@ -1683,11 +1711,11 @@
       "members":{
         "ARN":{
           "shape":"SecretARNType",
-          "documentation":"<p>The ARN of the secret with the modified staging label.</p>"
+          "documentation":"<p>The ARN of the secret that was updated.</p>"
         },
         "Name":{
           "shape":"SecretNameType",
-          "documentation":"<p>The friendly name of the secret with the modified staging label.</p>"
+          "documentation":"<p>The name of the secret that was updated.</p>"
         }
       }
     },
@@ -1697,11 +1725,11 @@
       "members":{
         "SecretId":{
           "shape":"SecretIdType",
-          "documentation":"<p> (Optional) The identifier of the secret with the resource-based policy you want to validate. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.</p> <p>For an ARN, we recommend that you specify a complete ARN rather than a partial ARN.</p>"
+          "documentation":"<p>This field is reserved for internal use.</p>"
         },
         "ResourcePolicy":{
           "shape":"NonEmptyResourcePolicyType",
-          "documentation":"<p>A JSON-formatted string constructed according to the grammar and syntax for an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For information on how to format a JSON parameter for the various command line tool environments, see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json\">Using JSON for Parameters</a> in the <i>CLI User Guide</i>.publi</p>"
+          "documentation":"<p>A JSON-formatted string that contains an Amazon Web Services resource-based policy. The policy in the string identifies who can access or manage this secret and its versions. For example policies, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html\">Permissions policy examples</a>.</p>"
         }
       }
     },
@@ -1710,11 +1738,11 @@
       "members":{
         "PolicyValidationPassed":{
           "shape":"BooleanType",
-          "documentation":"<p>Returns a message stating that your Reource Policy passed validation. </p>"
+          "documentation":"<p>True if your policy passes validation, otherwise false.</p>"
         },
         "ValidationErrors":{
           "shape":"ValidationErrorsType",
-          "documentation":"<p>Returns an error message if your policy doesn't pass validatation.</p>"
+          "documentation":"<p>Validation errors if your policy didn't pass validation.</p>"
         }
       }
     },
@@ -1737,5 +1765,5 @@
       "member":{"shape":"ValidationErrorsEntry"}
     }
   },
-  "documentation":"<fullname>Amazon Web Services Secrets Manager</fullname> <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p> <p>This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html\">Amazon Web Services Secrets Manager User Guide</a>.</p> <p> <b>API Version</b> </p> <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p> <note> <p>As an alternative to using the API, you can use one of the Amazon Web Services SDKs, which consist of libraries and sample code for various programming languages and platforms such as Java, Ruby, .NET, iOS, and Android. The SDKs provide a convenient way to create programmatic access to Amazon Web Services Secrets Manager. For example, the SDKs provide cryptographically signing requests, managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including downloading and installing them, see <a href=\"http://aws.amazon.com/tools/\">Tools for Amazon Web Services</a>.</p> </note> <p>We recommend you use the Amazon Web Services SDKs to make programmatic API calls to Secrets Manager. However, you also can use the Secrets Manager HTTP Query API to make direct calls to the Secrets Manager web service. To learn more about the Secrets Manager HTTP Query API, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/query-requests.html\">Making Query Requests</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p> <p>Secrets Manager API supports GET and POST requests for all actions, and doesn't require you to use GET for some actions and POST for others. However, GET requests are subject to the limitation size of a URL. Therefore, for operations that require larger sizes, use a POST request.</p> <p> <b>Support and Feedback for Amazon Web Services Secrets Manager</b> </p> <p>We welcome your feedback. Send your comments to <a href=\"mailto:awssecretsmanager-feedback@amazon.com\">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href=\"http://forums.aws.amazon.com/forum.jspa?forumID=296\">Amazon Web Services Secrets Manager Discussion Forum</a>. For more information about the Amazon Web Services Discussion Forums, see <a href=\"http://forums.aws.amazon.com/help.jspa\">Forums Help</a>.</p> <p> <b>How examples are presented</b> </p> <p>The JSON that Amazon Web Services Secrets Manager expects as your request parameters and the service returns as a response to HTTP query requests contain single, long strings without line breaks or white space formatting. The JSON shown in the examples displays the code formatted with both line breaks and white space to improve readability. When example input parameters can also cause long strings extending beyond the screen, you can insert line breaks to enhance readability. You should always submit the input as a single JSON text string.</p> <p> <b>Logging API Requests</b> </p> <p>Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see <a href=\"http://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail\">Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. To learn more about CloudTrail, including enabling it and find your log files, see the <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html\">Amazon Web Services CloudTrail User Guide</a>.</p>"
+  "documentation":"<fullname>Amazon Web Services Secrets Manager</fullname> <p>Amazon Web Services Secrets Manager provides a service to enable you to store, manage, and retrieve, secrets.</p> <p>This guide provides descriptions of the Secrets Manager API. For more information about using this service, see the <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/introduction.html\">Amazon Web Services Secrets Manager User Guide</a>.</p> <p> <b>API Version</b> </p> <p>This version of the Secrets Manager API Reference documents the Secrets Manager API version 2017-10-17.</p> <p> <b>Support and Feedback for Amazon Web Services Secrets Manager</b> </p> <p>We welcome your feedback. Send your comments to <a href=\"mailto:awssecretsmanager-feedback@amazon.com\">awssecretsmanager-feedback@amazon.com</a>, or post your feedback and questions in the <a href=\"http://forums.aws.amazon.com/forum.jspa?forumID=296\">Amazon Web Services Secrets Manager Discussion Forum</a>. For more information about the Amazon Web Services Discussion Forums, see <a href=\"http://forums.aws.amazon.com/help.jspa\">Forums Help</a>.</p> <p> <b>Logging API Requests</b> </p> <p>Amazon Web Services Secrets Manager supports Amazon Web Services CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information that's collected by Amazon Web Services CloudTrail, you can determine the requests successfully made to Secrets Manager, who made the request, when it was made, and so on. For more about Amazon Web Services Secrets Manager and support for Amazon Web Services CloudTrail, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html#monitoring_cloudtrail\">Logging Amazon Web Services Secrets Manager Events with Amazon Web Services CloudTrail</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. To learn more about CloudTrail, including enabling it and find your log files, see the <a href=\"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html\">Amazon Web Services CloudTrail User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/securityhub/2018-10-26/service-2.json b/contrib/python/botocore/py3/botocore/data/securityhub/2018-10-26/service-2.json
index 7fd73ae7768..14d5c9cf803 100644
--- a/contrib/python/botocore/py3/botocore/data/securityhub/2018-10-26/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/securityhub/2018-10-26/service-2.json
@@ -94,7 +94,7 @@
         {"shape":"LimitExceededException"},
         {"shape":"InvalidAccessException"}
       ],
-      "documentation":"<p>Imports security findings generated from an integrated product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.</p> <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.</p> <p>After a finding is created, <code>BatchImportFindings</code> cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.</p> <ul> <li> <p> <code>Note</code> </p> </li> <li> <p> <code>UserDefinedFields</code> </p> </li> <li> <p> <code>VerificationState</code> </p> </li> <li> <p> <code>Workflow</code> </p> </li> </ul> <p>Finding providers also should not use <code>BatchImportFindings</code> to update the following attributes.</p> <ul> <li> <p> <code>Confidence</code> </p> </li> <li> <p> <code>Criticality</code> </p> </li> <li> <p> <code>RelatedFindings</code> </p> </li> <li> <p> <code>Severity</code> </p> </li> <li> <p> <code>Types</code> </p> </li> </ul> <p>Instead, finding providers use <code>FindingProviderFields</code> to provide values for these attributes.</p>"
+      "documentation":"<p>Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.</p> <p> <code>BatchImportFindings</code> must be called by one of the following:</p> <ul> <li> <p>The account that is associated with the findings. The identifier of the associated account is the value of the <code>AwsAccountId</code> attribute for the finding.</p> </li> <li> <p>An account that is allow-listed for an official Security Hub partner integration.</p> </li> </ul> <p>The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.</p> <p>After a finding is created, <code>BatchImportFindings</code> cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.</p> <ul> <li> <p> <code>Note</code> </p> </li> <li> <p> <code>UserDefinedFields</code> </p> </li> <li> <p> <code>VerificationState</code> </p> </li> <li> <p> <code>Workflow</code> </p> </li> </ul> <p>Finding providers also should not use <code>BatchImportFindings</code> to update the following attributes.</p> <ul> <li> <p> <code>Confidence</code> </p> </li> <li> <p> <code>Criticality</code> </p> </li> <li> <p> <code>RelatedFindings</code> </p> </li> <li> <p> <code>Severity</code> </p> </li> <li> <p> <code>Types</code> </p> </li> </ul> <p>Instead, finding providers use <code>FindingProviderFields</code> to provide values for these attributes.</p>"
     },
     "BatchUpdateFindings":{
       "name":"BatchUpdateFindings",
@@ -1603,6 +1603,20 @@
       },
       "documentation":"<p>Contains information about a version 2 stage for Amazon API Gateway.</p>"
     },
+    "AwsAutoScalingAutoScalingGroupAvailabilityZonesList":{
+      "type":"list",
+      "member":{"shape":"AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails"}
+    },
+    "AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails":{
+      "type":"structure",
+      "members":{
+        "Value":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the Availability Zone.</p>"
+        }
+      },
+      "documentation":"<p>An Availability Zone for the automatic scaling group.</p>"
+    },
     "AwsAutoScalingAutoScalingGroupDetails":{
       "type":"structure",
       "members":{
@@ -1625,10 +1639,112 @@
         "CreatedTime":{
           "shape":"NonEmptyString",
           "documentation":"<p>Indicates when the auto scaling group was created.</p> <p>Uses the <code>date-time</code> format specified in <a href=\"https://tools.ietf.org/html/rfc3339#section-5.6\">RFC 3339 section 5.6, Internet Date/Time Format</a>. The value cannot contain spaces. For example, <code>2020-03-22T13:22:13.933Z</code>.</p>"
+        },
+        "MixedInstancesPolicy":{
+          "shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails",
+          "documentation":"<p>The mixed instances policy for the automatic scaling group.</p>"
+        },
+        "AvailabilityZones":{
+          "shape":"AwsAutoScalingAutoScalingGroupAvailabilityZonesList",
+          "documentation":"<p>The list of Availability Zones for the automatic scaling group.</p>"
         }
       },
       "documentation":"<p>Provides details about an auto scaling group.</p>"
     },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails":{
+      "type":"structure",
+      "members":{
+        "InstancesDistribution":{
+          "shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails",
+          "documentation":"<p>The instances distribution. The instances distribution specifies the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances, and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacity.</p>"
+        },
+        "LaunchTemplate":{
+          "shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails",
+          "documentation":"<p>The launch template to use and the instance types (overrides) to use to provision EC2 instances to fulfill On-Demand and Spot capacities.</p>"
+        }
+      },
+      "documentation":"<p>The mixed instances policy for the automatic scaling group.</p>"
+    },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails":{
+      "type":"structure",
+      "members":{
+        "OnDemandAllocationStrategy":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>How to allocate instance types to fulfill On-Demand capacity.</p>"
+        },
+        "OnDemandBaseCapacity":{
+          "shape":"Integer",
+          "documentation":"<p>The minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances.</p>"
+        },
+        "OnDemandPercentageAboveBaseCapacity":{
+          "shape":"Integer",
+          "documentation":"<p>The percentage of On-Demand Instances and Spot Instances for additional capacity beyond <code>OnDemandBaseCapacity</code>.</p>"
+        },
+        "SpotAllocationStrategy":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>How to allocate instances across Spot Instance pools.</p>"
+        },
+        "SpotInstancePools":{
+          "shape":"Integer",
+          "documentation":"<p>The number of Spot Instance pools across which to allocate your Spot Instances.</p>"
+        },
+        "SpotMaxPrice":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The maximum price per unit hour that you are willing to pay for a Spot Instance.</p>"
+        }
+      },
+      "documentation":"<p>Information about the instances distribution.</p>"
+    },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails":{
+      "type":"structure",
+      "members":{
+        "LaunchTemplateSpecification":{
+          "shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification",
+          "documentation":"<p>The launch template to use.</p>"
+        },
+        "Overrides":{
+          "shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesList",
+          "documentation":"<p>Property values to use to override the values in the launch template.</p>"
+        }
+      },
+      "documentation":"<p>Describes a launch template and overrides for a mixed instances policy.</p>"
+    },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification":{
+      "type":"structure",
+      "members":{
+        "LaunchTemplateId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the launch template. You must specify either <code>LaunchTemplateId</code> or <code>LaunchTemplateName</code>.</p>"
+        },
+        "LaunchTemplateName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the launch template. You must specify either <code>LaunchTemplateId</code> or <code>LaunchTemplateName</code>.</p>"
+        },
+        "Version":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Identifies the version of the launch template. You can specify a version identifier, or use the values <code>$Latest</code> or <code>$Default</code>.</p>"
+        }
+      },
+      "documentation":"<p>Details about the launch template to use.</p>"
+    },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesList":{
+      "type":"list",
+      "member":{"shape":"AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails"}
+    },
+    "AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails":{
+      "type":"structure",
+      "members":{
+        "InstanceType":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The instance type. For example, <code>m3.xlarge</code>.</p>"
+        },
+        "WeightedCapacity":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The number of capacity units provided by the specified instance type in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic.</p>"
+        }
+      },
+      "documentation":"<p>Property values to use to override the values in the launch template.</p>"
+    },
     "AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails":{
       "type":"structure",
       "members":{
@@ -1759,6 +1875,10 @@
         "UserData":{
           "shape":"NonEmptyString",
           "documentation":"<p>The user data to make available to the launched EC2 instances. Must be base64-encoded text.</p>"
+        },
+        "MetadataOptions":{
+          "shape":"AwsAutoScalingLaunchConfigurationMetadataOptions",
+          "documentation":"<p>The metadata options for the instances.</p>"
         }
       },
       "documentation":"<p>Details about a launch configuration.</p>"
@@ -1773,6 +1893,24 @@
       },
       "documentation":"<p>Information about the type of monitoring for instances in the group.</p>"
     },
+    "AwsAutoScalingLaunchConfigurationMetadataOptions":{
+      "type":"structure",
+      "members":{
+        "HttpEndpoint":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Enables or disables the HTTP metadata endpoint on your instances. By default, the metadata endpoint is enabled.</p>"
+        },
+        "HttpPutResponseHopLimit":{
+          "shape":"Integer",
+          "documentation":"<p>The HTTP <code>PUT</code> response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.</p>"
+        },
+        "HttpTokens":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether token usage is <code>required</code> or <code>optional</code> for metadata requests. By default, token usage is <code>optional</code>.</p>"
+        }
+      },
+      "documentation":"<p>The metadata options for the instances.</p>"
+    },
     "AwsCertificateManagerCertificateDetails":{
       "type":"structure",
       "members":{
@@ -6561,6 +6699,126 @@
       "documentation":"<p>Details about a Lambda layer version.</p>"
     },
     "AwsLambdaLayerVersionNumber":{"type":"long"},
+    "AwsNetworkFirewallFirewallDetails":{
+      "type":"structure",
+      "members":{
+        "DeleteProtection":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the firewall is protected from deletion. If set to <code>true</code>, then the firewall cannot be deleted.</p>"
+        },
+        "Description":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A description of the firewall.</p>"
+        },
+        "FirewallArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the firewall.</p>"
+        },
+        "FirewallId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the firewall.</p>"
+        },
+        "FirewallName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A descriptive name of the firewall.</p>"
+        },
+        "FirewallPolicyArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the firewall policy.</p>"
+        },
+        "FirewallPolicyChangeProtection":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the firewall is protected from a change to the firewall policy. If set to <code>true</code>, you cannot associate a different policy with the firewall.</p>"
+        },
+        "SubnetChangeProtection":{
+          "shape":"Boolean",
+          "documentation":"<p>Whether the firewall is protected from a change to the subnet associations. If set to <code>true</code>, you cannot map different subnets to the firewall.</p>"
+        },
+        "SubnetMappings":{
+          "shape":"AwsNetworkFirewallFirewallSubnetMappingsList",
+          "documentation":"<p>The public subnets that Network Firewall uses for the firewall. Each subnet must belong to a different Availability Zone.</p>"
+        },
+        "VpcId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the VPC where the firewall is used.</p>"
+        }
+      },
+      "documentation":"<p>Details about an Network Firewall firewall.</p>"
+    },
+    "AwsNetworkFirewallFirewallPolicyDetails":{
+      "type":"structure",
+      "members":{
+        "FirewallPolicy":{
+          "shape":"FirewallPolicyDetails",
+          "documentation":"<p>The firewall policy configuration.</p>"
+        },
+        "FirewallPolicyArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the firewall policy.</p>"
+        },
+        "FirewallPolicyId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the firewall policy.</p>"
+        },
+        "FirewallPolicyName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the firewall policy.</p>"
+        },
+        "Description":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A description of the firewall policy.</p>"
+        }
+      },
+      "documentation":"<p>Details about a firewall policy. A firewall policy defines the behavior of a network firewall.</p>"
+    },
+    "AwsNetworkFirewallFirewallSubnetMappingsDetails":{
+      "type":"structure",
+      "members":{
+        "SubnetId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the subnet</p>"
+        }
+      },
+      "documentation":"<p>A public subnet that Network Firewall uses for the firewall.</p>"
+    },
+    "AwsNetworkFirewallFirewallSubnetMappingsList":{
+      "type":"list",
+      "member":{"shape":"AwsNetworkFirewallFirewallSubnetMappingsDetails"}
+    },
+    "AwsNetworkFirewallRuleGroupDetails":{
+      "type":"structure",
+      "members":{
+        "Capacity":{
+          "shape":"Integer",
+          "documentation":"<p>The maximum number of operating resources that this rule group can use.</p>"
+        },
+        "Description":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A description of the rule group.</p>"
+        },
+        "RuleGroup":{
+          "shape":"RuleGroupDetails",
+          "documentation":"<p>Details about the rule group.</p>"
+        },
+        "RuleGroupArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the rule group.</p>"
+        },
+        "RuleGroupId":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The identifier of the rule group.</p>"
+        },
+        "RuleGroupName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The descriptive name of the rule group.</p>"
+        },
+        "Type":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The type of rule group. A rule group can be stateful or stateless.</p>"
+        }
+      },
+      "documentation":"<p>Details about an Network Firewall rule group. Rule groups are used to inspect and control network traffic. Stateless rule groups apply to individual packets. Stateful rule groups apply to packets in the context of their traffic flow.</p> <p>Rule groups are referenced in firewall policies. </p>"
+    },
     "AwsOpenSearchServiceDomainClusterConfigDetails":{
       "type":"structure",
       "members":{
@@ -8504,6 +8762,20 @@
       "type":"list",
       "member":{"shape":"AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails"}
     },
+    "AwsS3BucketBucketVersioningConfiguration":{
+      "type":"structure",
+      "members":{
+        "IsMfaDeleteEnabled":{
+          "shape":"Boolean",
+          "documentation":"<p>Specifies whether MFA delete is currently enabled in the S3 bucket versioning configuration. If the S3 bucket was never configured with MFA delete, then this attribute is not included.</p>"
+        },
+        "Status":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The versioning status of the S3 bucket.</p>"
+        }
+      },
+      "documentation":"<p>Describes the versioning state of an S3 bucket.</p>"
+    },
     "AwsS3BucketDetails":{
       "type":"structure",
       "members":{
@@ -8550,6 +8822,10 @@
         "BucketNotificationConfiguration":{
           "shape":"AwsS3BucketNotificationConfiguration",
           "documentation":"<p>The notification configuration for the S3 bucket.</p>"
+        },
+        "BucketVersioningConfiguration":{
+          "shape":"AwsS3BucketBucketVersioningConfiguration",
+          "documentation":"<p>The versioning state of an S3 bucket.</p>"
         }
       },
       "documentation":"<p>The details of an Amazon S3 bucket.</p>"
@@ -9033,6 +9309,10 @@
         "FindingProviderFields":{
           "shape":"FindingProviderFields",
           "documentation":"<p>In a <code>BatchImportFindings</code> request, finding providers use <code>FindingProviderFields</code> to provide and update their own values for confidence, criticality, related findings, severity, and types.</p>"
+        },
+        "Sample":{
+          "shape":"Boolean",
+          "documentation":"<p>Indicates whether the finding is a sample finding.</p>"
         }
       },
       "documentation":"<p>Provides consistent format for the contents of the Security Hub-aggregated findings. <code>AwsSecurityFinding</code> format enables you to share findings between Amazon Web Services security services and third-party solutions, and security standards checks.</p> <note> <p>A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.</p> </note>"
@@ -9364,7 +9644,7 @@
         },
         "WorkflowStatus":{
           "shape":"StringFilterList",
-          "documentation":"<p>The status of the investigation into a finding. Allowed values are the following.</p> <ul> <li> <p> <code>NEW</code> - The initial state of a finding, before it is reviewed.</p> <p>Security Hub also resets the workflow status from <code>NOTIFIED</code> or <code>RESOLVED</code> to <code>NEW</code> in the following cases:</p> <ul> <li> <p>The record state changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p>The compliance status changes from <code>PASSED</code> to either <code>WARNING</code>, <code>FAILED</code>, or <code>NOT_AVAILABLE</code>.</p> </li> </ul> </li> <li> <p> <code>NOTIFIED</code> - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.</p> </li> <li> <p> <code>SUPPRESSED</code> - The finding will not be reviewed again and will not be acted upon.</p> </li> <li> <p> <code>RESOLVED</code> - The finding was reviewed and remediated and is now considered resolved. </p> </li> </ul>"
+          "documentation":"<p>The status of the investigation into a finding. Allowed values are the following.</p> <ul> <li> <p> <code>NEW</code> - The initial state of a finding, before it is reviewed.</p> <p>Security Hub also resets the workflow status from <code>NOTIFIED</code> or <code>RESOLVED</code> to <code>NEW</code> in the following cases:</p> <ul> <li> <p> <code>RecordState</code> changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p> <code>Compliance.Status</code> changes from <code>PASSED</code> to either <code>WARNING</code>, <code>FAILED</code>, or <code>NOT_AVAILABLE</code>.</p> </li> </ul> </li> <li> <p> <code>NOTIFIED</code> - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.</p> <p>If one of the following occurs, the workflow status is changed automatically from <code>NOTIFIED</code> to <code>NEW</code>:</p> <ul> <li> <p> <code>RecordState</code> changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p> <code>Compliance.Status</code> changes from <code>PASSED</code> to <code>FAILED</code>, <code>WARNING</code>, or <code>NOT_AVAILABLE</code>.</p> </li> </ul> </li> <li> <p> <code>SUPPRESSED</code> - Indicates that you reviewed the finding and do not believe that any action is needed.</p> <p>The workflow status of a <code>SUPPRESSED</code> finding does not change if <code>RecordState</code> changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p> <code>RESOLVED</code> - The finding was reviewed and remediated and is now considered resolved. </p> <p>The finding remains <code>RESOLVED</code> unless one of the following occurs:</p> <ul> <li> <p> <code>RecordState</code> changes from <code>ARCHIVED</code> to <code>ACTIVE</code>.</p> </li> <li> <p> <code>Compliance.Status</code> changes from <code>PASSED</code> to <code>FAILED</code>, <code>WARNING</code>, or <code>NOT_AVAILABLE</code>.</p> </li> </ul> <p>In those cases, the workflow status is automatically reset to <code>NEW</code>.</p> <p>For findings from controls, if <code>Compliance.Status</code> is <code>PASSED</code>, then Security Hub automatically sets the workflow status to <code>RESOLVED</code>.</p> </li> </ul>"
         },
         "RecordState":{
           "shape":"StringFilterList",
@@ -9423,6 +9703,10 @@
         "FindingProviderFieldsTypes":{
           "shape":"StringFilterList",
           "documentation":"<p>One or more finding types that the finding provider assigned to the finding. Uses the format of <code>namespace/category/classifier</code> that classify a finding.</p> <p>Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications</p>"
+        },
+        "Sample":{
+          "shape":"BooleanFilterList",
+          "documentation":"<p>Indicates whether or not sample findings are included in the filter results.</p>"
         }
       },
       "documentation":"<p>A collection of attributes that are applied to all active Security Hub-aggregated findings and that result in a subset of findings that are included in this insight.</p> <p>You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.</p>"
@@ -9954,6 +10238,20 @@
       "member":{"shape":"BatchUpdateFindingsUnprocessedFinding"}
     },
     "Boolean":{"type":"boolean"},
+    "BooleanFilter":{
+      "type":"structure",
+      "members":{
+        "Value":{
+          "shape":"Boolean",
+          "documentation":"<p>The value of the boolean.</p>"
+        }
+      },
+      "documentation":"<p>Boolean filter for querying findings.</p>"
+    },
+    "BooleanFilterList":{
+      "type":"list",
+      "member":{"shape":"BooleanFilter"}
+    },
     "CategoryList":{
       "type":"list",
       "member":{"shape":"NonEmptyString"}
@@ -10883,6 +11181,82 @@
       },
       "documentation":"<p>The severity assigned to the finding by the finding provider.</p>"
     },
+    "FirewallPolicyDetails":{
+      "type":"structure",
+      "members":{
+        "StatefulRuleGroupReferences":{
+          "shape":"FirewallPolicyStatefulRuleGroupReferencesList",
+          "documentation":"<p>The stateful rule groups that are used in the firewall policy.</p>"
+        },
+        "StatelessCustomActions":{
+          "shape":"FirewallPolicyStatelessCustomActionsList",
+          "documentation":"<p>The custom action definitions that are available to use in the firewall policy's <code>StatelessDefaultActions</code> setting.</p>"
+        },
+        "StatelessDefaultActions":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The actions to take on a packet if it doesn't match any of the stateless rules in the policy.</p> <p>You must specify a standard action (<code>aws:pass</code>, <code>aws:drop</code>, <code>aws:forward_to_sfe</code>), and can optionally include a custom action from <code>StatelessCustomActions</code>. </p>"
+        },
+        "StatelessFragmentDefaultActions":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.</p> <p>You must specify a standard action (<code>aws:pass</code>, <code>aws:drop</code>, <code>aws:forward_to_sfe</code>), and can optionally include a custom action from <code>StatelessCustomActions</code>. </p>"
+        },
+        "StatelessRuleGroupReferences":{
+          "shape":"FirewallPolicyStatelessRuleGroupReferencesList",
+          "documentation":"<p>The stateless rule groups that are used in the firewall policy.</p>"
+        }
+      },
+      "documentation":"<p>Defines the behavior of the firewall.</p>"
+    },
+    "FirewallPolicyStatefulRuleGroupReferencesDetails":{
+      "type":"structure",
+      "members":{
+        "ResourceArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the stateful rule group.</p>"
+        }
+      },
+      "documentation":"<p>A stateful rule group that is used by the firewall policy.</p>"
+    },
+    "FirewallPolicyStatefulRuleGroupReferencesList":{
+      "type":"list",
+      "member":{"shape":"FirewallPolicyStatefulRuleGroupReferencesDetails"}
+    },
+    "FirewallPolicyStatelessCustomActionsDetails":{
+      "type":"structure",
+      "members":{
+        "ActionDefinition":{
+          "shape":"StatelessCustomActionDefinition",
+          "documentation":"<p>The definition of the custom action.</p>"
+        },
+        "ActionName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The name of the custom action.</p>"
+        }
+      },
+      "documentation":"<p>A custom action that can be used for stateless packet handling.</p>"
+    },
+    "FirewallPolicyStatelessCustomActionsList":{
+      "type":"list",
+      "member":{"shape":"FirewallPolicyStatelessCustomActionsDetails"}
+    },
+    "FirewallPolicyStatelessRuleGroupReferencesDetails":{
+      "type":"structure",
+      "members":{
+        "Priority":{
+          "shape":"Integer",
+          "documentation":"<p>The order in which to run the stateless rule group.</p>"
+        },
+        "ResourceArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the stateless rule group.</p>"
+        }
+      },
+      "documentation":"<p>A stateless rule group that is used by the firewall policy.</p>"
+    },
+    "FirewallPolicyStatelessRuleGroupReferencesList":{
+      "type":"list",
+      "member":{"shape":"FirewallPolicyStatelessRuleGroupReferencesDetails"}
+    },
     "GeoLocation":{
       "type":"structure",
       "members":{
@@ -12596,6 +12970,18 @@
         "AwsEksCluster":{
           "shape":"AwsEksClusterDetails",
           "documentation":"<p>Details about an Amazon EKS cluster.</p>"
+        },
+        "AwsNetworkFirewallFirewallPolicy":{
+          "shape":"AwsNetworkFirewallFirewallPolicyDetails",
+          "documentation":"<p>Details about an Network Firewall firewall policy.</p>"
+        },
+        "AwsNetworkFirewallFirewall":{
+          "shape":"AwsNetworkFirewallFirewallDetails",
+          "documentation":"<p>Details about an Network Firewall firewall.</p>"
+        },
+        "AwsNetworkFirewallRuleGroup":{
+          "shape":"AwsNetworkFirewallRuleGroupDetails",
+          "documentation":"<p>Details about an Network Firewall rule group.</p>"
         }
       },
       "documentation":"<p>Additional details about a resource related to a finding.</p> <p>To provide the details, use the object that corresponds to the resource type. For example, if the resource type is <code>AwsEc2Instance</code>, then you use the <code>AwsEc2Instance</code> object to provide the details.</p> <p>If the type-specific object does not contain all of the fields you want to populate, then you use the <code>Other</code> object to populate those additional fields.</p> <p>You also use the <code>Other</code> object to populate the details when the selected type does not have a corresponding object.</p>"
@@ -12632,6 +13018,348 @@
       "type":"list",
       "member":{"shape":"Result"}
     },
+    "RuleGroupDetails":{
+      "type":"structure",
+      "members":{
+        "RuleVariables":{
+          "shape":"RuleGroupVariables",
+          "documentation":"<p>Additional settings to use in the specified rules.</p>"
+        },
+        "RulesSource":{
+          "shape":"RuleGroupSource",
+          "documentation":"<p>The rules and actions for the rule group.</p> <p>For stateful rule groups, can contain <code>RulesString</code>, <code>RulesSourceList</code>, or <code>StatefulRules</code>.</p> <p>For stateless rule groups, contains <code>StatelessRulesAndCustomActions</code>.</p>"
+        }
+      },
+      "documentation":"<p>Details about the rule group.</p>"
+    },
+    "RuleGroupSource":{
+      "type":"structure",
+      "members":{
+        "RulesSourceList":{
+          "shape":"RuleGroupSourceListDetails",
+          "documentation":"<p>Stateful inspection criteria for a domain list rule group. A domain list rule group determines access by specific protocols to specific domains.</p>"
+        },
+        "RulesString":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules.</p>"
+        },
+        "StatefulRules":{
+          "shape":"RuleGroupSourceStatefulRulesList",
+          "documentation":"<p>Suricata rule specifications.</p>"
+        },
+        "StatelessRulesAndCustomActions":{
+          "shape":"RuleGroupSourceStatelessRulesAndCustomActionsDetails",
+          "documentation":"<p>The stateless rules and custom actions used by a stateless rule group.</p>"
+        }
+      },
+      "documentation":"<p>The rules and actions for the rule group.</p>"
+    },
+    "RuleGroupSourceCustomActionsDetails":{
+      "type":"structure",
+      "members":{
+        "ActionDefinition":{
+          "shape":"StatelessCustomActionDefinition",
+          "documentation":"<p>The definition of a custom action.</p>"
+        },
+        "ActionName":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A descriptive name of the custom action.</p>"
+        }
+      },
+      "documentation":"<p>A custom action definition. A custom action is an optional, non-standard action to use for stateless packet handling.</p>"
+    },
+    "RuleGroupSourceCustomActionsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceCustomActionsDetails"}
+    },
+    "RuleGroupSourceListDetails":{
+      "type":"structure",
+      "members":{
+        "GeneratedRulesType":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to allow or deny access to the domains listed in <code>Targets</code>.</p>"
+        },
+        "TargetTypes":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The protocols that you want to inspect. Specify <code>LS_SNI</code> for HTTPS. Specify <code>HTTP_HOST</code> for HTTP. You can specify either or both.</p>"
+        },
+        "Targets":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The domains that you want to inspect for in your traffic flows. You can provide full domain names, or use the '.' prefix as a wildcard. For example, <code>.example.com</code> matches all domains that end with <code>example.com</code>.</p>"
+        }
+      },
+      "documentation":"<p>Stateful inspection criteria for a domain list rule group.</p>"
+    },
+    "RuleGroupSourceStatefulRulesDetails":{
+      "type":"structure",
+      "members":{
+        "Action":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria.</p>"
+        },
+        "Header":{
+          "shape":"RuleGroupSourceStatefulRulesHeaderDetails",
+          "documentation":"<p>The stateful inspection criteria for the rule.</p>"
+        },
+        "RuleOptions":{
+          "shape":"RuleGroupSourceStatefulRulesOptionsList",
+          "documentation":"<p>Additional options for the rule.</p>"
+        }
+      },
+      "documentation":"<p>A Suricata rule specification.</p>"
+    },
+    "RuleGroupSourceStatefulRulesHeaderDetails":{
+      "type":"structure",
+      "members":{
+        "Destination":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify <code>ANY</code>.</p>"
+        },
+        "DestinationPort":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The destination port to inspect for. You can specify an individual port, such as <code>1994</code>. You also can specify a port range, such as <code>1990:1994</code>. To match with any port, specify <code>ANY</code>.</p>"
+        },
+        "Direction":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The direction of traffic flow to inspect. If set to <code>ANY</code>, the inspection matches bidirectional traffic, both from the source to the destination and from the destination to the source. If set to <code>FORWARD</code>, the inspection only matches traffic going from the source to the destination.</p>"
+        },
+        "Protocol":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The protocol to inspect for. To inspector for all protocols, use <code>IP</code>.</p>"
+        },
+        "Source":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source IP address or address range to inspect for, in CIDR notation. To match with any address, specify <code>ANY</code>.</p>"
+        },
+        "SourcePort":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The source port to inspect for. You can specify an individual port, such as <code>1994</code>. You also can specify a port range, such as <code>1990:1994</code>. To match with any port, specify <code>ANY</code>.</p>"
+        }
+      },
+      "documentation":"<p>The inspection criteria for a stateful rule.</p>"
+    },
+    "RuleGroupSourceStatefulRulesList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatefulRulesDetails"}
+    },
+    "RuleGroupSourceStatefulRulesOptionsDetails":{
+      "type":"structure",
+      "members":{
+        "Keyword":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>A keyword to look for.</p>"
+        },
+        "Settings":{
+          "shape":"RuleGroupSourceStatefulRulesRuleOptionsSettingsList",
+          "documentation":"<p>A list of settings.</p>"
+        }
+      },
+      "documentation":"<p>A rule option for a stateful rule.</p>"
+    },
+    "RuleGroupSourceStatefulRulesOptionsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatefulRulesOptionsDetails"}
+    },
+    "RuleGroupSourceStatefulRulesRuleOptionsSettingsList":{
+      "type":"list",
+      "member":{"shape":"NonEmptyString"}
+    },
+    "RuleGroupSourceStatelessRuleDefinition":{
+      "type":"structure",
+      "members":{
+        "Actions":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action (<code>aws:pass</code>, <code>aws:drop</code>, or <code>aws:forward_to_sfe</code>). You can then add custom actions.</p>"
+        },
+        "MatchAttributes":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributes",
+          "documentation":"<p>The criteria for Network Firewall to use to inspect an individual packet in a stateless rule inspection.</p>"
+        }
+      },
+      "documentation":"<p>The definition of the stateless rule.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributes":{
+      "type":"structure",
+      "members":{
+        "DestinationPorts":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesDestinationPortsList",
+          "documentation":"<p>A list of port ranges to specify the destination ports to inspect for.</p>"
+        },
+        "Destinations":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesDestinationsList",
+          "documentation":"<p>The destination IP addresses and address ranges to inspect for, in CIDR notation.</p>"
+        },
+        "Protocols":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesProtocolsList",
+          "documentation":"<p>The protocols to inspect for.</p>"
+        },
+        "SourcePorts":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesSourcePortsList",
+          "documentation":"<p>A list of port ranges to specify the source ports to inspect for.</p>"
+        },
+        "Sources":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesSourcesList",
+          "documentation":"<p>The source IP addresses and address ranges to inspect for, in CIDR notation.</p>"
+        },
+        "TcpFlags":{
+          "shape":"RuleGroupSourceStatelessRuleMatchAttributesTcpFlagsList",
+          "documentation":"<p>The TCP flags and masks to inspect for.</p>"
+        }
+      },
+      "documentation":"<p>Criteria for the stateless rule.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts":{
+      "type":"structure",
+      "members":{
+        "FromPort":{
+          "shape":"Integer",
+          "documentation":"<p>The starting port value for the port range.</p>"
+        },
+        "ToPort":{
+          "shape":"Integer",
+          "documentation":"<p>The ending port value for the port range.</p>"
+        }
+      },
+      "documentation":"<p>A port range to specify the destination ports to inspect for.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesDestinationPortsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts"}
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesDestinations":{
+      "type":"structure",
+      "members":{
+        "AddressDefinition":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>An IP address or a block of IP addresses.</p>"
+        }
+      },
+      "documentation":"<p>A destination IP address or range.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesDestinationsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRuleMatchAttributesDestinations"}
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesProtocolsList":{
+      "type":"list",
+      "member":{"shape":"Integer"}
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesSourcePorts":{
+      "type":"structure",
+      "members":{
+        "FromPort":{
+          "shape":"Integer",
+          "documentation":"<p>The starting port value for the port range.</p>"
+        },
+        "ToPort":{
+          "shape":"Integer",
+          "documentation":"<p>The ending port value for the port range.</p>"
+        }
+      },
+      "documentation":"<p>A port range to specify the source ports to inspect for.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesSourcePortsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRuleMatchAttributesSourcePorts"}
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesSources":{
+      "type":"structure",
+      "members":{
+        "AddressDefinition":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>An IP address or a block of IP addresses.</p>"
+        }
+      },
+      "documentation":"<p>A source IP addresses and address range to inspect for.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesSourcesList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRuleMatchAttributesSources"}
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesTcpFlags":{
+      "type":"structure",
+      "members":{
+        "Flags":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>Defines the flags from the <code>Masks</code> setting that must be set in order for the packet to match. Flags that are listed must be set. Flags that are not listed must not be set.</p>"
+        },
+        "Masks":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The set of flags to consider in the inspection. If not specified, then all flags are inspected.</p>"
+        }
+      },
+      "documentation":"<p>A set of TCP flags and masks to inspect for.</p>"
+    },
+    "RuleGroupSourceStatelessRuleMatchAttributesTcpFlagsList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRuleMatchAttributesTcpFlags"}
+    },
+    "RuleGroupSourceStatelessRulesAndCustomActionsDetails":{
+      "type":"structure",
+      "members":{
+        "CustomActions":{
+          "shape":"RuleGroupSourceCustomActionsList",
+          "documentation":"<p>Custom actions for the rule group.</p>"
+        },
+        "StatelessRules":{
+          "shape":"RuleGroupSourceStatelessRulesList",
+          "documentation":"<p>Stateless rules for the rule group.</p>"
+        }
+      },
+      "documentation":"<p>Stateless rules and custom actions for a stateless rule group.</p>"
+    },
+    "RuleGroupSourceStatelessRulesDetails":{
+      "type":"structure",
+      "members":{
+        "Priority":{
+          "shape":"Integer",
+          "documentation":"<p>Indicates the order in which to run this rule relative to all of the rules in the stateless rule group.</p>"
+        },
+        "RuleDefinition":{
+          "shape":"RuleGroupSourceStatelessRuleDefinition",
+          "documentation":"<p>Provides the definition of the stateless rule.</p>"
+        }
+      },
+      "documentation":"<p>A stateless rule in the rule group.</p>"
+    },
+    "RuleGroupSourceStatelessRulesList":{
+      "type":"list",
+      "member":{"shape":"RuleGroupSourceStatelessRulesDetails"}
+    },
+    "RuleGroupVariables":{
+      "type":"structure",
+      "members":{
+        "IpSets":{
+          "shape":"RuleGroupVariablesIpSetsDetails",
+          "documentation":"<p>A list of IP addresses and address ranges, in CIDR notation.</p>"
+        },
+        "PortSets":{
+          "shape":"RuleGroupVariablesPortSetsDetails",
+          "documentation":"<p>A list of port ranges.</p>"
+        }
+      },
+      "documentation":"<p>Additional settings to use in the specified rules.</p>"
+    },
+    "RuleGroupVariablesIpSetsDetails":{
+      "type":"structure",
+      "members":{
+        "Definition":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The list of IP addresses and ranges.</p>"
+        }
+      },
+      "documentation":"<p>A list of IP addresses and address ranges, in CIDR notation.</p>"
+    },
+    "RuleGroupVariablesPortSetsDetails":{
+      "type":"structure",
+      "members":{
+        "Definition":{
+          "shape":"NonEmptyStringList",
+          "documentation":"<p>The list of port ranges.</p>"
+        }
+      },
+      "documentation":"<p>A list of port ranges.</p>"
+    },
     "SecurityGroups":{
       "type":"list",
       "member":{"shape":"NonEmptyString"}
@@ -12894,6 +13622,17 @@
         "INCOMPLETE"
       ]
     },
+    "StandardsStatusReason":{
+      "type":"structure",
+      "required":["StatusReasonCode"],
+      "members":{
+        "StatusReasonCode":{
+          "shape":"StatusReasonCode",
+          "documentation":"<p>The reason code that represents the reason for the current status of a standard subscription.</p>"
+        }
+      },
+      "documentation":"<p>The reason for the current status of a standard subscription.</p>"
+    },
     "StandardsSubscription":{
       "type":"structure",
       "required":[
@@ -12918,6 +13657,10 @@
         "StandardsStatus":{
           "shape":"StandardsStatus",
           "documentation":"<p>The status of the standard subscription.</p> <p>The status values are as follows:</p> <ul> <li> <p> <code>PENDING</code> - Standard is in the process of being enabled.</p> </li> <li> <p> <code>READY</code> - Standard is enabled.</p> </li> <li> <p> <code>INCOMPLETE</code> - Standard could not be enabled completely. Some controls may not be available.</p> </li> <li> <p> <code>DELETING</code> - Standard is in the process of being disabled.</p> </li> <li> <p> <code>FAILED</code> - Standard could not be disabled.</p> </li> </ul>"
+        },
+        "StandardsStatusReason":{
+          "shape":"StandardsStatusReason",
+          "documentation":"<p>The reason for the current status.</p>"
         }
       },
       "documentation":"<p>A resource that represents your subscription to a supported standard.</p>"
@@ -12953,6 +13696,40 @@
       "type":"list",
       "member":{"shape":"StandardsSubscription"}
     },
+    "StatelessCustomActionDefinition":{
+      "type":"structure",
+      "members":{
+        "PublishMetricAction":{
+          "shape":"StatelessCustomPublishMetricAction",
+          "documentation":"<p>Information about metrics to publish to CloudWatch.</p>"
+        }
+      },
+      "documentation":"<p>The definition of a custom action that can be used for stateless packet handling.</p>"
+    },
+    "StatelessCustomPublishMetricAction":{
+      "type":"structure",
+      "members":{
+        "Dimensions":{
+          "shape":"StatelessCustomPublishMetricActionDimensionsList",
+          "documentation":"<p>Defines CloudWatch dimension values to publish.</p>"
+        }
+      },
+      "documentation":"<p>Information about metrics to publish to CloudWatch.</p>"
+    },
+    "StatelessCustomPublishMetricActionDimension":{
+      "type":"structure",
+      "members":{
+        "Value":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The value to use for the custom metric dimension.</p>"
+        }
+      },
+      "documentation":"<p>Defines a CloudWatch dimension value to publish.</p>"
+    },
+    "StatelessCustomPublishMetricActionDimensionsList":{
+      "type":"list",
+      "member":{"shape":"StatelessCustomPublishMetricActionDimension"}
+    },
     "StatusReason":{
       "type":"structure",
       "required":["ReasonCode"],
@@ -12968,6 +13745,13 @@
       },
       "documentation":"<p>Provides additional context for the value of <code>Compliance.Status</code>.</p>"
     },
+    "StatusReasonCode":{
+      "type":"string",
+      "enum":[
+        "NO_AVAILABLE_CONFIGURATION_RECORDER",
+        "INTERNAL_ERROR"
+      ]
+    },
     "StatusReasonsList":{
       "type":"list",
       "member":{"shape":"StatusReason"}
diff --git a/contrib/python/botocore/py3/botocore/data/shield/2016-06-02/service-2.json b/contrib/python/botocore/py3/botocore/data/shield/2016-06-02/service-2.json
index f4fce91164b..18d41d82f93 100644
--- a/contrib/python/botocore/py3/botocore/data/shield/2016-06-02/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/shield/2016-06-02/service-2.json
@@ -31,7 +31,7 @@
         {"shape":"OptimisticLockException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p> <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
+      "documentation":"<p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p> <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://docs.aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://docs.aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
     },
     "AssociateDRTRole":{
       "name":"AssociateDRTRole",
@@ -49,7 +49,7 @@
         {"shape":"OptimisticLockException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your WAF configuration and create or update WAF rules and web ACLs.</p> <p>You can associate only one <code>RoleArn</code> with your subscription. If you submit an <code>AssociateDRTRole</code> request for an account that already has an associated role, the new <code>RoleArn</code> will replace the existing <code>RoleArn</code>. </p> <p>Prior to making the <code>AssociateDRTRole</code> request, you must attach the <a href=\"https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy\">AWSShieldDRTAccessPolicy</a> managed policy to the role you will specify in the request. For more information see <a href=\" https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html\">Attaching and Detaching IAM Policies</a>. The role must also trust the service principal <code> drt.shield.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html\">IAM JSON Policy Elements: Principal</a>.</p> <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p> <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an Amazon Web Services Service</a>. </p> <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
+      "documentation":"<p>Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your WAF configuration and create or update WAF rules and web ACLs.</p> <p>You can associate only one <code>RoleArn</code> with your subscription. If you submit an <code>AssociateDRTRole</code> request for an account that already has an associated role, the new <code>RoleArn</code> will replace the existing <code>RoleArn</code>. </p> <p>Prior to making the <code>AssociateDRTRole</code> request, you must attach the <code>AWSShieldDRTAccessPolicy</code> managed policy to the role that you'll specify in the request. You can access this policy in the IAM console at <a href=\"https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy\">AWSShieldDRTAccessPolicy</a>. For more information see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html\">Adding and removing IAM identity permissions</a>. The role must also trust the service principal <code>drt.shield.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html\">IAM JSON policy elements: Principal</a>.</p> <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p> <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a user permissions to pass a role to an Amazon Web Services service</a>. </p> <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href=\"https://docs.aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://docs.aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>.</p>"
     },
     "AssociateHealthCheck":{
       "name":"AssociateHealthCheck",
@@ -64,9 +64,10 @@
         {"shape":"LimitsExceededException"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidParameterException"},
-        {"shape":"OptimisticLockException"}
+        {"shape":"OptimisticLockException"},
+        {"shape":"InvalidResourceException"}
       ],
-      "documentation":"<p>Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and mitigation. </p> <p>You define the health check in Route 53 and then associate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <i>WAF Developer Guide</i>. </p>"
+      "documentation":"<p>Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and response. </p> <p>You define the health check in Route 53 and then associate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <i>WAF Developer Guide</i>. </p>"
     },
     "AssociateProactiveEngagementDetails":{
       "name":"AssociateProactiveEngagementDetails",
@@ -103,7 +104,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p> <p>You can add protection to only a single resource with each CreateProtection request. If you want to add protection to multiple resources at once, use the <a href=\"https://console.aws.amazon.com/waf/\">WAF console</a>. For more information see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html\">Getting Started with Shield Advanced</a> and <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html\">Add Shield Advanced Protection to more Amazon Web Services Resources</a>.</p>"
+      "documentation":"<p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p> <p>You can add protection to only a single resource with each <code>CreateProtection</code> request. You can add protection to multiple resources at once through the Shield Advanced console at <a href=\"https://console.aws.amazon.com/wafv2/shieldv2#/\">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html\">Getting Started with Shield Advanced</a> and <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html\">Adding Shield Advanced protection to Amazon Web Services resources</a>.</p>"
     },
     "CreateProtectionGroup":{
       "name":"CreateProtectionGroup",
@@ -281,6 +282,23 @@
       ],
       "documentation":"<p>Provides details about the Shield Advanced subscription for an account.</p>"
     },
+    "DisableApplicationLayerAutomaticResponse":{
+      "name":"DisableApplicationLayerAutomaticResponse",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DisableApplicationLayerAutomaticResponseRequest"},
+      "output":{"shape":"DisableApplicationLayerAutomaticResponseResponse"},
+      "errors":[
+        {"shape":"InternalErrorException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"OptimisticLockException"},
+        {"shape":"InvalidOperationException"}
+      ],
+      "documentation":"<p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the resource. This stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource. </p>"
+    },
     "DisableProactiveEngagement":{
       "name":"DisableProactiveEngagement",
       "http":{
@@ -314,7 +332,7 @@
         {"shape":"OptimisticLockException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously.</p> <p>To make a <code>DisassociateDRTLogBucket</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the SRT access to your account, you can submit a <code>DisassociateDRTLogBucket</code> request to remove this access.</p>"
+      "documentation":"<p>Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously.</p>"
     },
     "DisassociateDRTRole":{
       "name":"DisassociateDRTRole",
@@ -330,7 +348,7 @@
         {"shape":"OptimisticLockException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Removes the Shield Response Team's (SRT) access to your Amazon Web Services account.</p> <p>To make a <code>DisassociateDRTRole</code> request, you must be subscribed to the <a href=\"https://aws.amazon.com/premiumsupport/business-support/\">Business Support plan</a> or the <a href=\"https://aws.amazon.com/premiumsupport/enterprise-support/\">Enterprise Support plan</a>. However, if you are not subscribed to one of these support plans, but had been previously and had granted the SRT access to your account, you can submit a <code>DisassociateDRTRole</code> request to remove this access.</p>"
+      "documentation":"<p>Removes the Shield Response Team's (SRT) access to your Amazon Web Services account.</p>"
     },
     "DisassociateHealthCheck":{
       "name":"DisassociateHealthCheck",
@@ -344,9 +362,28 @@
         {"shape":"InternalErrorException"},
         {"shape":"InvalidParameterException"},
         {"shape":"ResourceNotFoundException"},
-        {"shape":"OptimisticLockException"}
+        {"shape":"OptimisticLockException"},
+        {"shape":"InvalidResourceException"}
+      ],
+      "documentation":"<p>Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and response. </p> <p>You define the health check in Route 53 and then associate or disassociate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <i>WAF Developer Guide</i>. </p>"
+    },
+    "EnableApplicationLayerAutomaticResponse":{
+      "name":"EnableApplicationLayerAutomaticResponse",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"EnableApplicationLayerAutomaticResponseRequest"},
+      "output":{"shape":"EnableApplicationLayerAutomaticResponseResponse"},
+      "errors":[
+        {"shape":"LimitsExceededException"},
+        {"shape":"InternalErrorException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OptimisticLockException"},
+        {"shape":"InvalidOperationException"}
       ],
-      "documentation":"<p>Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and mitigation. </p> <p>You define the health check in Route 53 and then associate or disassociate it with your Shield Advanced protection. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option\">Shield Advanced Health-Based Detection</a> in the <i>WAF Developer Guide</i>. </p>"
+      "documentation":"<p>Enable the Shield Advanced automatic application layer DDoS mitigation for the resource. </p> <note> <p>This feature is available for Amazon CloudFront distributions only.</p> </note> <p>This causes Shield Advanced to create, verify, and apply WAF rules for DDoS attacks that it detects for the resource. Shield Advanced applies the rules in a Shield rule group inside the web ACL that you've associated with the resource. For information about how automatic mitigation works and the requirements for using it, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html\">Shield Advanced automatic application layer DDoS mitigation</a>.</p> <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p> <p>To use this feature, you must associate a web ACL with the protected resource. The web ACL must be created using the latest version of WAF (v2). You can associate the web ACL through the Shield Advanced console at <a href=\"https://console.aws.amazon.com/wafv2/shieldv2#/\">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html\">Getting Started with Shield Advanced</a>.</p> <p>You can also do this through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/\">WAF Developer Guide</a>.</p>"
     },
     "EnableProactiveEngagement":{
       "name":"EnableProactiveEngagement",
@@ -485,6 +522,23 @@
       ],
       "documentation":"<p>Removes tags from a resource in Shield.</p>"
     },
+    "UpdateApplicationLayerAutomaticResponse":{
+      "name":"UpdateApplicationLayerAutomaticResponse",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateApplicationLayerAutomaticResponseRequest"},
+      "output":{"shape":"UpdateApplicationLayerAutomaticResponseResponse"},
+      "errors":[
+        {"shape":"InternalErrorException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OptimisticLockException"},
+        {"shape":"InvalidOperationException"}
+      ],
+      "documentation":"<p>Updates an existing Shield Advanced automatic application layer DDoS mitigation configuration for the specified resource.</p>"
+    },
     "UpdateEmergencyContactSettings":{
       "name":"UpdateEmergencyContactSettings",
       "http":{
@@ -552,6 +606,28 @@
       "documentation":"<p>In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the <code>iam:PassRole</code> permission. This error indicates the user did not have the appropriate permissions. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html\">Granting a User Permissions to Pass a Role to an Amazon Web Services Service</a>. </p>",
       "exception":true
     },
+    "ApplicationLayerAutomaticResponseConfiguration":{
+      "type":"structure",
+      "required":[
+        "Status",
+        "Action"
+      ],
+      "members":{
+        "Status":{
+          "shape":"ApplicationLayerAutomaticResponseStatus",
+          "documentation":"<p>Indicates whether automatic application layer DDoS mitigation is enabled for the protection. </p>"
+        },
+        "Action":{"shape":"ResponseAction"}
+      },
+      "documentation":"<p>The automatic application layer DDoS mitigation settings for a <a>Protection</a>. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. </p>"
+    },
+    "ApplicationLayerAutomaticResponseStatus":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "AssociateDRTLogBucketRequest":{
       "type":"structure",
       "required":["LogBucket"],
@@ -636,11 +712,11 @@
         },
         "StartTime":{
           "shape":"AttackTimestamp",
-          "documentation":"<p>The time the attack started, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "documentation":"<p>The time the attack started, in Unix time in seconds. </p>"
         },
         "EndTime":{
           "shape":"AttackTimestamp",
-          "documentation":"<p>The time the attack ended, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "documentation":"<p>The time the attack ended, in Unix time in seconds. </p>"
         },
         "AttackCounters":{
           "shape":"SummarizedCounterList",
@@ -648,7 +724,7 @@
         },
         "AttackProperties":{
           "shape":"AttackProperties",
-          "documentation":"<p>The array of objects that provide details of the Shield event. </p> <p>For infrastructure layer events (L3 and L4 events) after January 25, 2021, you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms\">Shield metrics and alarms</a> in the <i>WAF Developer Guide</i>. </p>"
+          "documentation":"<p>The array of objects that provide details of the Shield event. </p> <p>For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms\">Shield metrics and alarms</a> in the <i>WAF Developer Guide</i>. </p>"
         },
         "Mitigations":{
           "shape":"MitigationList",
@@ -679,7 +755,7 @@
       "members":{
         "AttackLayer":{
           "shape":"AttackLayer",
-          "documentation":"<p>The type of Shield event that was observed. <code>NETWORK</code> indicates layer 3 and layer 4 events and <code>APPLICATION</code> indicates layer 7 events.</p> <p>For infrastructure layer events (L3 and L4 events) after January 25, 2021, you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms\">Shield metrics and alarms</a> in the <i>WAF Developer Guide</i>. </p>"
+          "documentation":"<p>The type of Shield event that was observed. <code>NETWORK</code> indicates layer 3 and layer 4 events and <code>APPLICATION</code> indicates layer 7 events.</p> <p>For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms\">Shield metrics and alarms</a> in the <i>WAF Developer Guide</i>. </p>"
         },
         "AttackPropertyIdentifier":{
           "shape":"AttackPropertyIdentifier",
@@ -687,7 +763,7 @@
         },
         "TopContributors":{
           "shape":"TopContributors",
-          "documentation":"<p>Contributor objects for the top five contributors to a Shield event. </p>"
+          "documentation":"<p>Contributor objects for the top five contributors to a Shield event. A contributor is a source of traffic that Shield Advanced identifies as responsible for some or all of an event.</p>"
         },
         "Unit":{
           "shape":"Unit",
@@ -749,11 +825,11 @@
         },
         "StartTime":{
           "shape":"AttackTimestamp",
-          "documentation":"<p>The start time of the attack, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "documentation":"<p>The start time of the attack, in Unix time in seconds. </p>"
         },
         "EndTime":{
           "shape":"AttackTimestamp",
-          "documentation":"<p>The end time of the attack, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "documentation":"<p>The end time of the attack, in Unix time in seconds. </p>"
         },
         "AttackVectors":{
           "shape":"AttackVectorDescriptionList",
@@ -814,6 +890,12 @@
         "DISABLED"
       ]
     },
+    "BlockAction":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Block</code> action. </p> <p>This is only used in the context of the <code>ResponseAction</code> setting. </p> <p>JSON specification: <code>\"Block\": {}</code> </p>"
+    },
     "ContactNotes":{
       "type":"string",
       "max":1024,
@@ -825,14 +907,20 @@
       "members":{
         "Name":{
           "shape":"String",
-          "documentation":"<p>The name of the contributor. This is dependent on the <code>AttackPropertyIdentifier</code>. For example, if the <code>AttackPropertyIdentifier</code> is <code>SOURCE_COUNTRY</code>, the <code>Name</code> could be <code>United States</code>.</p>"
+          "documentation":"<p>The name of the contributor. The type of name that you'll find here depends on the <code>AttackPropertyIdentifier</code> setting in the <code>AttackProperty</code> where this contributor is defined. For example, if the <code>AttackPropertyIdentifier</code> is <code>SOURCE_COUNTRY</code>, the <code>Name</code> could be <code>United States</code>.</p>"
         },
         "Value":{
           "shape":"Long",
           "documentation":"<p>The contribution of this contributor expressed in <a>Protection</a> units. For example <code>10,000</code>.</p>"
         }
       },
-      "documentation":"<p>A contributor to the attack and their contribution.</p>"
+      "documentation":"<p>A contributor to the attack and their contribution. </p>"
+    },
+    "CountAction":{
+      "type":"structure",
+      "members":{
+      },
+      "documentation":"<p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Count</code> action. </p> <p>This is only used in the context of the <code>ResponseAction</code> setting. </p> <p>JSON specification: <code>\"Count\": {}</code> </p>"
     },
     "CreateProtectionGroupRequest":{
       "type":"structure",
@@ -886,7 +974,7 @@
         },
         "ResourceArn":{
           "shape":"ResourceArn",
-          "documentation":"<p>The ARN (Amazon Resource Name) of the resource to be protected.</p> <p>The ARN should be in one of the following formats:</p> <ul> <li> <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i> </code> </p> </li> <li> <p>For an Elastic Load Balancer (Classic Load Balancer): <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/<i>load-balancer-name</i> </code> </p> </li> <li> <p>For an Amazon CloudFront distribution: <code>arn:aws:cloudfront::<i>account-id</i>:distribution/<i>distribution-id</i> </code> </p> </li> <li> <p>For an Global Accelerator accelerator: <code>arn:aws:globalaccelerator::<i>account-id</i>:accelerator/<i>accelerator-id</i> </code> </p> </li> <li> <p>For Amazon Route 53: <code>arn:aws:route53:::hostedzone/<i>hosted-zone-id</i> </code> </p> </li> <li> <p>For an Elastic IP address: <code>arn:aws:ec2:<i>region</i>:<i>account-id</i>:eip-allocation/<i>allocation-id</i> </code> </p> </li> </ul>"
+          "documentation":"<p>The ARN (Amazon Resource Name) of the resource to be protected.</p> <p>The ARN should be in one of the following formats:</p> <ul> <li> <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i> </code> </p> </li> <li> <p>For an Elastic Load Balancer (Classic Load Balancer): <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/<i>load-balancer-name</i> </code> </p> </li> <li> <p>For an Amazon CloudFront distribution: <code>arn:aws:cloudfront::<i>account-id</i>:distribution/<i>distribution-id</i> </code> </p> </li> <li> <p>For an Global Accelerator accelerator: <code>arn:aws:globalaccelerator::<i>account-id</i>:accelerator/<i>accelerator-id</i> </code> </p> </li> <li> <p>For Amazon Route 53: <code>arn:aws:route53:::hostedzone/<i>hosted-zone-id</i> </code> </p> </li> <li> <p>For an Elastic IP address: <code>arn:aws:ec2:<i>region</i>:<i>account-id</i>:eip-allocation/<i>allocation-id</i> </code> </p> </li> </ul>"
         },
         "Tags":{
           "shape":"TagList",
@@ -961,7 +1049,7 @@
       "members":{
         "AttackId":{
           "shape":"AttackId",
-          "documentation":"<p>The unique identifier (ID) for the attack that to be described.</p>"
+          "documentation":"<p>The unique identifier (ID) for the attack.</p>"
         }
       }
     },
@@ -1081,6 +1169,21 @@
         }
       }
     },
+    "DisableApplicationLayerAutomaticResponseRequest":{
+      "type":"structure",
+      "required":["ResourceArn"],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN (Amazon Resource Name) of the resource.</p>"
+        }
+      }
+    },
+    "DisableApplicationLayerAutomaticResponseResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DisableProactiveEngagementRequest":{
       "type":"structure",
       "members":{
@@ -1174,6 +1277,28 @@
       "max":10,
       "min":0
     },
+    "EnableApplicationLayerAutomaticResponseRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Action"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN (Amazon Resource Name) of the resource.</p>"
+        },
+        "Action":{
+          "shape":"ResponseAction",
+          "documentation":"<p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>"
+        }
+      }
+    },
+    "EnableApplicationLayerAutomaticResponseResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "EnableProactiveEngagementRequest":{
       "type":"structure",
       "members":{
@@ -1233,7 +1358,7 @@
       "members":{
         "message":{"shape":"errorMessage"}
       },
-      "documentation":"<p>Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the response.</p>",
+      "documentation":"<p>Exception that indicates that the <code>NextToken</code> specified in the request is invalid. Submit the request using the <code>NextToken</code> value that was returned in the prior response.</p>",
       "exception":true
     },
     "InvalidParameterException":{
@@ -1301,23 +1426,23 @@
       "members":{
         "ResourceArns":{
           "shape":"ResourceArnFilterList",
-          "documentation":"<p>The ARN (Amazon Resource Name) of the resource that was attacked. If this is left blank, all applicable resources for this account will be included.</p>"
+          "documentation":"<p>The ARNs (Amazon Resource Names) of the resources that were attacked. If you leave this blank, all applicable resources for this account will be included.</p>"
         },
         "StartTime":{
           "shape":"TimeRange",
-          "documentation":"<p>The start of the time period for the attacks. This is a <code>timestamp</code> type. The sample request above indicates a <code>number</code> type because the default used by WAF is Unix time in seconds. However any valid <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp format</a> is allowed. </p>"
+          "documentation":"<p>The start of the time period for the attacks. This is a <code>timestamp</code> type. The request syntax listing for this call indicates a <code>number</code> type, but you can provide the time in any valid <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp\">timestamp format</a> setting. </p>"
         },
         "EndTime":{
           "shape":"TimeRange",
-          "documentation":"<p>The end of the time period for the attacks. This is a <code>timestamp</code> type. The sample request above indicates a <code>number</code> type because the default used by WAF is Unix time in seconds. However any valid <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp format</a> is allowed. </p>"
+          "documentation":"<p>The end of the time period for the attacks. This is a <code>timestamp</code> type. The request syntax listing for this call indicates a <code>number</code> type, but you can provide the time in any valid <a href=\"https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp\">timestamp format</a> setting. </p>"
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>The <code>ListAttacksRequest.NextMarker</code> value from a previous call to <code>ListAttacksRequest</code>. Pass null if this is the first call.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p> <p>On your first call to a list operation, leave this setting empty.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of <a>AttackSummary</a> objects to return. If you leave this blank, Shield Advanced returns the first 20 results.</p> <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>"
+          "documentation":"<p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value in the response.</p> <p>The default setting is 20.</p>"
         }
       }
     },
@@ -1330,7 +1455,7 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>The token returned by a previous call to indicate that there is more data available. If not null, more results are available. Pass this value for the <code>NextMarker</code> parameter in a subsequent call to <code>ListAttacks</code> to retrieve the next set of items.</p> <p>Shield Advanced might return the list of <a>AttackSummary</a> objects in batches smaller than the number specified by MaxResults. If there are more attack summary objects to return, Shield Advanced will always also return a <code>NextToken</code>.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>"
         }
       }
     },
@@ -1339,11 +1464,11 @@
       "members":{
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>The next token value from a previous call to <code>ListProtectionGroups</code>. Pass null if this is the first call.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p> <p>On your first call to a list operation, leave this setting empty.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of <a>ProtectionGroup</a> objects to return. If you leave this blank, Shield Advanced returns the first 20 results.</p> <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>"
+          "documentation":"<p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value in the response.</p> <p>The default setting is 20.</p>"
         }
       }
     },
@@ -1357,7 +1482,7 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>If you specify a value for <code>MaxResults</code> and you have more protection groups than the value of MaxResults, Shield Advanced returns this token that you can use in your next request, to get the next batch of objects. </p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>"
         }
       }
     },
@@ -1366,11 +1491,11 @@
       "members":{
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>The <code>ListProtectionsRequest.NextToken</code> value from a previous call to <code>ListProtections</code>. Pass null if this is the first call.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p> <p>On your first call to a list operation, leave this setting empty.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of <a>Protection</a> objects to return. If you leave this blank, Shield Advanced returns the first 20 results.</p> <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>"
+          "documentation":"<p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value in the response.</p> <p>The default setting is 20.</p>"
         }
       }
     },
@@ -1383,7 +1508,7 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>If you specify a value for <code>MaxResults</code> and you have more Protections than the value of MaxResults, Shield Advanced returns a NextToken value in the response that allows you to list another group of Protections. For the second and subsequent ListProtections requests, specify the value of NextToken from the previous response to get information about another batch of Protections.</p> <p>Shield Advanced might return the list of <a>Protection</a> objects in batches smaller than the number specified by MaxResults. If there are more <a>Protection</a> objects to return, Shield Advanced will always also return a <code>NextToken</code>.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>"
         }
       }
     },
@@ -1397,11 +1522,11 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>The next token value from a previous call to <code>ListResourcesInProtectionGroup</code>. Pass null if this is the first call.</p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p> <p>On your first call to a list operation, leave this setting empty.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
-          "documentation":"<p>The maximum number of resource ARN objects to return. If you leave this blank, Shield Advanced returns the first 20 results.</p> <p>This is a maximum value. Shield Advanced might return the results in smaller batches. That is, the number of objects returned could be less than <code>MaxResults</code>, even if there are still more objects yet to return. If there are more objects to return, Shield Advanced returns a value in <code>NextToken</code> that you can use in your next request, to get the next batch of objects.</p>"
+          "documentation":"<p>The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a <code>NextToken</code> value in the response.</p> <p>The default setting is 20.</p>"
         }
       }
     },
@@ -1415,7 +1540,7 @@
         },
         "NextToken":{
           "shape":"Token",
-          "documentation":"<p>If you specify a value for <code>MaxResults</code> and you have more resources in the protection group than the value of MaxResults, Shield Advanced returns this token that you can use in your next request, to get the next batch of objects. </p>"
+          "documentation":"<p>When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a <code>NextToken</code> value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request. </p> <p>You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the <code>MaxResults</code> setting. Shield Advanced will not return more than <code>MaxResults</code> objects, but may return fewer, even if more objects are still available.</p> <p>Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a <code>NextToken</code> value.</p>"
         }
       }
     },
@@ -1537,11 +1662,15 @@
         },
         "HealthCheckIds":{
           "shape":"HealthCheckIds",
-          "documentation":"<p>The unique identifier (ID) for the Route 53 health check that's associated with the protection. </p>"
+          "documentation":"<p>The unique identifier (ID) for the Route 53 health check that's associated with the protection. </p>"
         },
         "ProtectionArn":{
           "shape":"ResourceArn",
           "documentation":"<p>The ARN (Amazon Resource Name) of the protection.</p>"
+        },
+        "ApplicationLayerAutomaticResponseConfiguration":{
+          "shape":"ApplicationLayerAutomaticResponseConfiguration",
+          "documentation":"<p>The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks. </p>"
         }
       },
       "documentation":"<p>An object that represents a resource that is under DDoS protection.</p>"
@@ -1657,7 +1786,7 @@
     "ProtectionId":{
       "type":"string",
       "max":36,
-      "min":1,
+      "min":36,
       "pattern":"[a-zA-Z0-9\\\\-]*"
     },
     "ProtectionLimits":{
@@ -1719,6 +1848,20 @@
       "documentation":"<p>Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties. </p>",
       "exception":true
     },
+    "ResponseAction":{
+      "type":"structure",
+      "members":{
+        "Block":{
+          "shape":"BlockAction",
+          "documentation":"<p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Block</code> action. </p> <p>You must specify exactly one action, either <code>Block</code> or <code>Count</code>.</p>"
+        },
+        "Count":{
+          "shape":"CountAction",
+          "documentation":"<p>Specifies that Shield Advanced should configure its WAF rules with the WAF <code>Count</code> action. </p> <p>You must specify exactly one action, either <code>Block</code> or <code>Count</code>.</p>"
+        }
+      },
+      "documentation":"<p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>"
+    },
     "RoleArn":{
       "type":"string",
       "max":2048,
@@ -1765,7 +1908,7 @@
       "members":{
         "StartTime":{
           "shape":"Timestamp",
-          "documentation":"<p>The start time of the subscription, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "documentation":"<p>The start time of the subscription, in Unix time in seconds. </p>"
         },
         "EndTime":{
           "shape":"Timestamp",
@@ -1938,12 +2081,12 @@
       "type":"structure",
       "members":{
         "FromInclusive":{
-          "shape":"AttackTimestamp",
-          "documentation":"<p>The start time, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "shape":"Timestamp",
+          "documentation":"<p>The start time, in Unix time in seconds. </p>"
         },
         "ToExclusive":{
-          "shape":"AttackTimestamp",
-          "documentation":"<p>The end time, in Unix time in seconds. For more information see <a href=\"http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types\">timestamp</a>.</p>"
+          "shape":"Timestamp",
+          "documentation":"<p>The end time, in Unix time in seconds. </p>"
         }
       },
       "documentation":"<p>The time range. </p>"
@@ -1990,6 +2133,28 @@
       "members":{
       }
     },
+    "UpdateApplicationLayerAutomaticResponseRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceArn",
+        "Action"
+      ],
+      "members":{
+        "ResourceArn":{
+          "shape":"ResourceArn",
+          "documentation":"<p>The ARN (Amazon Resource Name) of the resource.</p>"
+        },
+        "Action":{
+          "shape":"ResponseAction",
+          "documentation":"<p>Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource. </p>"
+        }
+      }
+    },
+    "UpdateApplicationLayerAutomaticResponseResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdateEmergencyContactSettingsRequest":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/sms/2016-10-24/service-2.json b/contrib/python/botocore/py3/botocore/data/sms/2016-10-24/service-2.json
index 43711e9ce36..dbb5ca4606c 100644
--- a/contrib/python/botocore/py3/botocore/data/sms/2016-10-24/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sms/2016-10-24/service-2.json
@@ -49,7 +49,7 @@
         {"shape":"InternalError"},
         {"shape":"TemporarilyUnavailableException"}
       ],
-      "documentation":"<p>Creates a replication job. The replication job schedules periodic replication runs to replicate your server to AWS. Each replication run creates an Amazon Machine Image (AMI).</p>"
+      "documentation":"<p>Creates a replication job. The replication job schedules periodic replication runs to replicate your server to Amazon Web Services. Each replication run creates an Amazon Machine Image (AMI).</p>"
     },
     "DeleteApp":{
       "name":"DeleteApp",
@@ -66,7 +66,7 @@
         {"shape":"InternalError"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Deletes the specified application. Optionally deletes the launched stack associated with the application and all AWS SMS replication jobs for servers in the application.</p>"
+      "documentation":"<p>Deletes the specified application. Optionally deletes the launched stack associated with the application and all Server Migration Service replication jobs for servers in the application.</p>"
     },
     "DeleteAppLaunchConfiguration":{
       "name":"DeleteAppLaunchConfiguration",
@@ -134,7 +134,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"ReplicationJobNotFoundException"}
       ],
-      "documentation":"<p>Deletes the specified replication job.</p> <p>After you delete a replication job, there are no further replication runs. AWS deletes the contents of the Amazon S3 bucket used to store AWS SMS artifacts. The AMIs created by the replication runs are not deleted.</p>"
+      "documentation":"<p>Deletes the specified replication job.</p> <p>After you delete a replication job, there are no further replication runs. Amazon Web Services deletes the contents of the Amazon S3 bucket used to store Server Migration Service artifacts. The AMIs created by the replication runs are not deleted.</p>"
     },
     "DeleteServerCatalog":{
       "name":"DeleteServerCatalog",
@@ -166,7 +166,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Disassociates the specified connector from AWS SMS.</p> <p>After you disassociate a connector, it is no longer available to support replication jobs.</p>"
+      "documentation":"<p>Disassociates the specified connector from Server Migration Service.</p> <p>After you disassociate a connector, it is no longer available to support replication jobs.</p>"
     },
     "GenerateChangeSet":{
       "name":"GenerateChangeSet",
@@ -200,7 +200,7 @@
         {"shape":"InternalError"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Generates an AWS CloudFormation template based on the current launch configuration and writes it to an Amazon S3 object in the customer’s Amazon S3 bucket.</p>"
+      "documentation":"<p>Generates an CloudFormation template based on the current launch configuration and writes it to an Amazon S3 object in the customer’s Amazon S3 bucket.</p>"
     },
     "GetApp":{
       "name":"GetApp",
@@ -298,7 +298,7 @@
       "errors":[
         {"shape":"UnauthorizedOperationException"}
       ],
-      "documentation":"<p>Describes the connectors registered with the AWS SMS.</p>"
+      "documentation":"<p>Describes the connectors registered with the Server Migration Service.</p>"
     },
     "GetReplicationJobs":{
       "name":"GetReplicationJobs",
@@ -361,7 +361,7 @@
         {"shape":"InternalError"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Allows application import from AWS Migration Hub.</p>"
+      "documentation":"<p>Allows application import from Migration Hub.</p>"
     },
     "ImportServerCatalog":{
       "name":"ImportServerCatalog",
@@ -395,7 +395,7 @@
         {"shape":"InternalError"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Launches the specified application as a stack in AWS CloudFormation.</p>"
+      "documentation":"<p>Launches the specified application as a stack in CloudFormation.</p>"
     },
     "ListApps":{
       "name":"ListApps",
@@ -429,7 +429,7 @@
         {"shape":"InternalError"},
         {"shape":"OperationNotPermittedException"}
       ],
-      "documentation":"<p>Provides information to AWS SMS about whether application validation is successful.</p>"
+      "documentation":"<p>Provides information to Server Migration Service about whether application validation is successful.</p>"
     },
     "PutAppLaunchConfiguration":{
       "name":"PutAppLaunchConfiguration",
@@ -757,7 +757,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the service role in the customer's account used by AWS SMS.</p>"
+          "documentation":"<p>The name of the service role in the customer's account used by Server Migration Service.</p>"
         },
         "totalServerGroups":{
           "shape":"TotalServerGroups",
@@ -909,7 +909,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the service role in the customer's account to be used by AWS SMS.</p>"
+          "documentation":"<p>The name of the service role in the customer's account to be used by Server Migration Service.</p>"
         },
         "clientToken":{
           "shape":"ClientToken",
@@ -971,7 +971,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the IAM role to be used by the AWS SMS.</p>"
+          "documentation":"<p>The name of the IAM role to be used by the Server Migration Service.</p>"
         },
         "description":{
           "shape":"Description",
@@ -1152,11 +1152,11 @@
       "members":{
         "appId":{
           "shape":"AppId",
-          "documentation":"<p>The ID of the application associated with the AWS CloudFormation template.</p>"
+          "documentation":"<p>The ID of the application associated with the CloudFormation template.</p>"
         },
         "templateFormat":{
           "shape":"OutputFormat",
-          "documentation":"<p>The format for generating the AWS CloudFormation template.</p>"
+          "documentation":"<p>The format for generating the CloudFormation template.</p>"
         }
       }
     },
@@ -1187,7 +1187,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the service role in the customer's account that AWS CloudFormation uses to launch the application.</p>"
+          "documentation":"<p>The name of the service role in the customer's account that CloudFormation uses to launch the application.</p>"
         },
         "autoLaunch":{
           "shape":"AutoLaunch",
@@ -1419,7 +1419,7 @@
       "members":{
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the service role. If you omit this parameter, we create a service-linked role for AWS Migration Hub in your account. Otherwise, the role that you provide must have the <a href=\"https://docs.aws.amazon.com/migrationhub/latest/ug/new-customer-setup.html#sms-managed\">policy and trust policy</a> described in the <i>AWS Migration Hub User Guide</i>.</p>"
+          "documentation":"<p>The name of the service role. If you omit this parameter, we create a service-linked role for Migration Hub in your account. Otherwise, the role that you provide must have the <a href=\"https://docs.aws.amazon.com/migrationhub/latest/ug/new-customer-setup.html#sms-managed\">policy and trust policy</a> described in the <i>Migration Hub User Guide</i>.</p>"
         }
       }
     },
@@ -1621,7 +1621,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of service role in the customer's account that AWS CloudFormation uses to launch the application.</p>"
+          "documentation":"<p>The name of service role in the customer's account that CloudFormation uses to launch the application.</p>"
         },
         "autoLaunch":{
           "shape":"AutoLaunch",
@@ -1720,7 +1720,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the IAM role to be used by AWS SMS.</p>"
+          "documentation":"<p>The name of the IAM role to be used by Server Migration Service.</p>"
         },
         "latestAmiId":{
           "shape":"AmiId",
@@ -1941,7 +1941,7 @@
         },
         "command":{
           "shape":"Command",
-          "documentation":"<p>The command to run the validation script</p>"
+          "documentation":"<p>The command to run the validation script.</p>"
         },
         "executionTimeoutSeconds":{
           "shape":"ExecutionTimeoutSeconds",
@@ -2098,7 +2098,7 @@
         },
         "logicalId":{
           "shape":"LogicalId",
-          "documentation":"<p>The logical ID of the server in the AWS CloudFormation template.</p>"
+          "documentation":"<p>The logical ID of the server in the CloudFormation template.</p>"
         },
         "vpc":{
           "shape":"VPC",
@@ -2392,7 +2392,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the service role in the customer's account used by AWS SMS.</p>"
+          "documentation":"<p>The name of the service role in the customer's account used by Server Migration Service.</p>"
         },
         "serverGroups":{
           "shape":"ServerGroups",
@@ -2443,7 +2443,7 @@
         },
         "roleName":{
           "shape":"RoleName",
-          "documentation":"<p>The name of the IAM role to be used by AWS SMS.</p>"
+          "documentation":"<p>The name of the IAM role to be used by Server Migration Service.</p>"
         },
         "description":{
           "shape":"Description",
@@ -2607,5 +2607,5 @@
       "member":{"shape":"VmServerAddress"}
     }
   },
-  "documentation":"<fullname>AWS Server Migration Service</fullname> <p>AWS Server Migration Service (AWS SMS) makes it easier and faster for you to migrate your on-premises workloads to AWS. To learn more about AWS SMS, see the following resources:</p> <ul> <li> <p> <a href=\"http://aws.amazon.com/server-migration-service/\">AWS Server Migration Service product page</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/server-migration-service/latest/userguide/\">AWS Server Migration Service User Guide</a> </p> </li> </ul>"
+  "documentation":"<important> <p> <b>Product update</b> </p> <p>As of March 31, 2022, Amazon Web Services will discontinue Server Migration Service (Amazon Web Services SMS). Going forward, we recommend <a href=\"http://aws.amazon.com/application-migration-service\">Amazon Web Services Application Migration Service</a> (Amazon Web Services MGN) as the primary migration service for lift-and-shift migrations.</p> <p>You can initiate new migration jobs in Server Migration Service until January 1, 2022. Complete these active migration projects by March 31, 2022. For more information, see <a href=\"http://aws.amazon.com/application-migration-service/when-to-choose-aws-mgn/\">When to Choose AWS Application Migration Service</a>.</p> </important> <p>Server Migration Service (Server Migration Service) makes it easier and faster for you to migrate your on-premises workloads to Amazon Web Services. To learn more about Server Migration Service, see the following resources:</p> <ul> <li> <p> <a href=\"http://aws.amazon.com/server-migration-service/\">Server Migration Service product page</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/server-migration-service/latest/userguide/\">Server Migration Service User Guide</a> </p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/snowball/2016-06-30/service-2.json b/contrib/python/botocore/py3/botocore/data/snowball/2016-06-30/service-2.json
index 92bc424a83d..1f2bc55ce0a 100644
--- a/contrib/python/botocore/py3/botocore/data/snowball/2016-06-30/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/snowball/2016-06-30/service-2.json
@@ -88,7 +88,7 @@
         {"shape":"ClusterLimitExceededException"},
         {"shape":"Ec2RequestFailedException"}
       ],
-      "documentation":"<p>Creates a job to import or export data between Amazon S3 and your on-premises data center. Your AWS account must have the right trust policies and permissions in place to create a job for a Snow device. If you're creating a job for a node in a cluster, you only need to provide the <code>clusterId</code> value; the other job attributes are inherited from the cluster. </p> <note> <p>Only the Snowball; Edge device type is supported when ordering clustered jobs.</p> <p>The device capacity is optional.</p> <p>Availability of device types differ by AWS Region. For more information about Region availability, see <a href=\"https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/?p=ngi&amp;loc=4\">AWS Regional Services</a>.</p> </note> <p/> <p class=\"title\"> <b>AWS Snow Family device types and their capacities.</b> </p> <ul> <li> <p>Snow Family device type: <b>SNC1_SSD</b> </p> <ul> <li> <p>Capacity: T14</p> </li> <li> <p>Description: Snowcone </p> </li> </ul> <p/> </li> <li> <p>Snow Family device type: <b>SNC1_HDD</b> </p> <ul> <li> <p>Capacity: T8</p> </li> <li> <p>Description: Snowcone </p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_S</b> </p> <ul> <li> <p>Capacity: T98</p> </li> <li> <p>Description: Snowball Edge Storage Optimized for data transfer only </p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_CG</b> </p> <ul> <li> <p>Capacity: T42</p> </li> <li> <p>Description: Snowball Edge Compute Optimized with GPU</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_C</b> </p> <ul> <li> <p>Capacity: T42</p> </li> <li> <p>Description: Snowball Edge Compute Optimized without GPU</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE</b> </p> <ul> <li> <p>Capacity: T100</p> </li> <li> <p>Description: Snowball Edge Storage Optimized with EC2 Compute</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>STANDARD</b> </p> <ul> <li> <p>Capacity: T50</p> </li> <li> <p>Description: Original Snowball device</p> <note> <p>This device is only available in the Ningxia, Beijing, and Singapore AWS Regions. </p> </note> </li> </ul> <p/> </li> <li> <p>Device type: <b>STANDARD</b> </p> <ul> <li> <p>Capacity: T80</p> </li> <li> <p>Description: Original Snowball device</p> <note> <p>This device is only available in the Ningxia, Beijing, and Singapore AWS Regions. </p> </note> </li> </ul> <p/> </li> </ul>"
+      "documentation":"<p>Creates a job to import or export data between Amazon S3 and your on-premises data center. Your Amazon Web Services account must have the right trust policies and permissions in place to create a job for a Snow device. If you're creating a job for a node in a cluster, you only need to provide the <code>clusterId</code> value; the other job attributes are inherited from the cluster. </p> <note> <p>Only the Snowball; Edge device type is supported when ordering clustered jobs.</p> <p>The device capacity is optional.</p> <p>Availability of device types differ by Amazon Web Services Region. For more information about Region availability, see <a href=\"https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/?p=ngi&amp;loc=4\">Amazon Web Services Regional Services</a>.</p> </note> <p/> <p class=\"title\"> <b>Snow Family Devices and their capacities.</b> </p> <ul> <li> <p>Snow Family device type: <b>SNC1_SSD</b> </p> <ul> <li> <p>Capacity: T14</p> </li> <li> <p>Description: Snowcone </p> </li> </ul> <p/> </li> <li> <p>Snow Family device type: <b>SNC1_HDD</b> </p> <ul> <li> <p>Capacity: T8</p> </li> <li> <p>Description: Snowcone </p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_S</b> </p> <ul> <li> <p>Capacity: T98</p> </li> <li> <p>Description: Snowball Edge Storage Optimized for data transfer only </p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_CG</b> </p> <ul> <li> <p>Capacity: T42</p> </li> <li> <p>Description: Snowball Edge Compute Optimized with GPU</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE_C</b> </p> <ul> <li> <p>Capacity: T42</p> </li> <li> <p>Description: Snowball Edge Compute Optimized without GPU</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>EDGE</b> </p> <ul> <li> <p>Capacity: T100</p> </li> <li> <p>Description: Snowball Edge Storage Optimized with EC2 Compute</p> </li> </ul> <p/> </li> <li> <p>Device type: <b>STANDARD</b> </p> <ul> <li> <p>Capacity: T50</p> </li> <li> <p>Description: Original Snowball device</p> <note> <p>This device is only available in the Ningxia, Beijing, and Singapore Amazon Web Services Region </p> </note> </li> </ul> <p/> </li> <li> <p>Device type: <b>STANDARD</b> </p> <ul> <li> <p>Capacity: T80</p> </li> <li> <p>Description: Original Snowball device</p> <note> <p>This device is only available in the Ningxia, Beijing, and Singapore Amazon Web Services Region. </p> </note> </li> </ul> <p/> </li> </ul>"
     },
     "CreateLongTermPricing":{
       "name":"CreateLongTermPricing",
@@ -101,7 +101,7 @@
       "errors":[
         {"shape":"InvalidResourceException"}
       ],
-      "documentation":"<p>Creates a job with the long-term usage option for a device. The long-term usage is a 1-year or 3-year long-term pricing type for the device. You are billed upfront, and AWS provides discounts for long-term pricing. </p>"
+      "documentation":"<p>Creates a job with the long-term usage option for a device. The long-term usage is a 1-year or 3-year long-term pricing type for the device. You are billed upfront, and Amazon Web Services provides discounts for long-term pricing. </p>"
     },
     "CreateReturnShippingLabel":{
       "name":"CreateReturnShippingLabel",
@@ -118,7 +118,7 @@
         {"shape":"ConflictException"},
         {"shape":"ReturnShippingLabelAlreadyExistsException"}
       ],
-      "documentation":"<p>Creates a shipping label that will be used to return the Snow device to AWS.</p>"
+      "documentation":"<p>Creates a shipping label that will be used to return the Snow device to Amazon Web Services.</p>"
     },
     "DescribeAddress":{
       "name":"DescribeAddress",
@@ -186,7 +186,7 @@
         {"shape":"InvalidJobStateException"},
         {"shape":"ConflictException"}
       ],
-      "documentation":"<p>Information on the shipping label of a Snow device that is being returned to AWS.</p>"
+      "documentation":"<p>Information on the shipping label of a Snow device that is being returned to Amazon Web Services.</p>"
     },
     "GetJobManifest":{
       "name":"GetJobManifest",
@@ -224,7 +224,7 @@
       },
       "input":{"shape":"GetSnowballUsageRequest"},
       "output":{"shape":"GetSnowballUsageResult"},
-      "documentation":"<p>Returns information about the Snow Family service limit for your account, and also the number of Snow devices your account has in use.</p> <p>The default service limit for the number of Snow devices that you can have at one time is 1. If you want to increase your service limit, contact AWS Support.</p>"
+      "documentation":"<p>Returns information about the Snow Family service limit for your account, and also the number of Snow devices your account has in use.</p> <p>The default service limit for the number of Snow devices that you can have at one time is 1. If you want to increase your service limit, contact Amazon Web Services Support.</p>"
     },
     "GetSoftwareUpdates":{
       "name":"GetSoftwareUpdates",
@@ -279,7 +279,7 @@
         {"shape":"InvalidNextTokenException"},
         {"shape":"Ec2RequestFailedException"}
       ],
-      "documentation":"<p>This action returns a list of the different Amazon EC2 Amazon Machine Images (AMIs) that are owned by your AWS account that would be supported for use on a Snow device. Currently, supported AMIs are based on the CentOS 7 (x86_64) - with Updates HVM, Ubuntu Server 14.04 LTS (HVM), and Ubuntu 16.04 LTS - Xenial (HVM) images, available on the AWS Marketplace.</p>"
+      "documentation":"<p>This action returns a list of the different Amazon EC2 Amazon Machine Images (AMIs) that are owned by your Amazon Web Services accountthat would be supported for use on a Snow device. Currently, supported AMIs are based on the CentOS 7 (x86_64) - with Updates HVM, Ubuntu Server 14.04 LTS (HVM), and Ubuntu 16.04 LTS - Xenial (HVM) images, available on the Amazon Web Services Marketplace.</p>"
     },
     "ListJobs":{
       "name":"ListJobs",
@@ -534,11 +534,11 @@
         },
         "KmsKeyARN":{
           "shape":"KmsKeyARN",
-          "documentation":"<p>The <code>KmsKeyARN</code> Amazon Resource Name (ARN) associated with this cluster. This ARN was created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in AWS Key Management Service (AWS KMS).</p>"
+          "documentation":"<p>The <code>KmsKeyARN</code> Amazon Resource Name (ARN) associated with this cluster. This ARN was created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in Key Management Service (KMS.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The role ARN associated with this cluster. This ARN was created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in AWS Identity and Access Management (IAM).</p>"
+          "documentation":"<p>The role ARN associated with this cluster. This ARN was created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in Identity and Access Management (IAM).</p>"
         },
         "ClusterState":{
           "shape":"ClusterState",
@@ -550,7 +550,7 @@
         },
         "SnowballType":{
           "shape":"SnowballType",
-          "documentation":"<p>The type of AWS Snow device to use for this cluster. </p> <note> <p>For cluster jobs, AWS Snow Family currently supports only the <code>EDGE</code> device type.</p> </note>"
+          "documentation":"<p>The type of Snowcone device to use for this cluster. </p> <note> <p>For cluster jobs, Amazon Web Services Snow Family currently supports only the <code>EDGE</code> device type.</p> </note>"
         },
         "CreationDate":{
           "shape":"Timestamp",
@@ -578,11 +578,11 @@
         },
         "TaxDocuments":{
           "shape":"TaxDocuments",
-          "documentation":"<p>The tax documents required in your AWS Region.</p>"
+          "documentation":"<p>The tax documents required in your Amazon Web Services Region.</p>"
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Represents metadata and configuration settings for services on an AWS Snow Family device.</p>"
+          "documentation":"<p>Represents metadata and configuration settings for services on an Amazon Web Services Snow Family device.</p>"
         }
       },
       "documentation":"<p>Contains metadata about a specific cluster.</p>"
@@ -618,7 +618,10 @@
     "ConflictException":{
       "type":"structure",
       "members":{
-        "ConflictResource":{"shape":"String"},
+        "ConflictResource":{
+          "shape":"String",
+          "documentation":"<p>You get this resource when you call <code>CreateReturnShippingLabel</code> more than once when other requests are not completed. .</p>"
+        },
         "Message":{"shape":"String"}
       },
       "documentation":"<p>You get this exception when you call <code>CreateReturnShippingLabel</code> more than once when other requests are not completed.</p>",
@@ -660,11 +663,11 @@
         },
         "Resources":{
           "shape":"JobResource",
-          "documentation":"<p>The resources associated with the cluster job. These resources include Amazon S3 buckets and optional AWS Lambda functions written in the Python language. </p>"
+          "documentation":"<p>The resources associated with the cluster job. These resources include Amazon S3 buckets and optional Lambda functions written in the Python language. </p>"
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family device clusters support Amazon S3 and NFS (Network File System).</p>"
         },
         "Description":{
           "shape":"String",
@@ -676,15 +679,15 @@
         },
         "KmsKeyARN":{
           "shape":"KmsKeyARN",
-          "documentation":"<p>The <code>KmsKeyARN</code> value that you want to associate with this cluster. <code>KmsKeyARN</code> values are created by using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in AWS Key Management Service (AWS KMS). </p>"
+          "documentation":"<p>The <code>KmsKeyARN</code> value that you want to associate with this cluster. <code>KmsKeyARN</code> values are created by using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in Key Management Service (KMS). </p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The <code>RoleARN</code> that you want to associate with this cluster. <code>RoleArn</code> values are created by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in AWS Identity and Access Management (IAM).</p>"
+          "documentation":"<p>The <code>RoleARN</code> that you want to associate with this cluster. <code>RoleArn</code> values are created by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in Identity and Access Management (IAM).</p>"
         },
         "SnowballType":{
           "shape":"SnowballType",
-          "documentation":"<p>The type of AWS Snow Family device to use for this cluster. </p> <note> <p>For cluster jobs, AWS Snow Family currently supports only the <code>EDGE</code> device type.</p> </note> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
+          "documentation":"<p>The type of Snow Family Devices to use for this cluster. </p> <note> <p>For cluster jobs, Amazon Web Services Snow Family currently supports only the <code>EDGE</code> device type.</p> </note> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
         },
         "ShippingOption":{
           "shape":"ShippingOption",
@@ -700,7 +703,7 @@
         },
         "TaxDocuments":{
           "shape":"TaxDocuments",
-          "documentation":"<p>The tax documents required in your AWS Region.</p>"
+          "documentation":"<p>The tax documents required in your Amazon Web Services Region.</p>"
         },
         "RemoteManagement":{
           "shape":"RemoteManagement",
@@ -730,7 +733,7 @@
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family supports Amazon S3 and NFS (Network File System) and the Amazon Web Services Storage Gateway service Tape Gateway type.</p>"
         },
         "Description":{
           "shape":"String",
@@ -742,11 +745,11 @@
         },
         "KmsKeyARN":{
           "shape":"KmsKeyARN",
-          "documentation":"<p>The <code>KmsKeyARN</code> that you want to associate with this job. <code>KmsKeyARN</code>s are created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> AWS Key Management Service (KMS) API action.</p>"
+          "documentation":"<p>The <code>KmsKeyARN</code> that you want to associate with this job. <code>KmsKeyARN</code>s are created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> Key Management Service (KMS) API action.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The <code>RoleARN</code> that you want to associate with this job. <code>RoleArn</code>s are created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> AWS Identity and Access Management (IAM) API action.</p>"
+          "documentation":"<p>The <code>RoleARN</code> that you want to associate with this job. <code>RoleArn</code>s are created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> Identity and Access Management (IAM) API action.</p>"
         },
         "SnowballCapacityPreference":{
           "shape":"SnowballCapacity",
@@ -766,7 +769,7 @@
         },
         "SnowballType":{
           "shape":"SnowballType",
-          "documentation":"<p>The type of AWS Snow Family device to use for this job. </p> <note> <p>For cluster jobs, AWS Snow Family currently supports only the <code>EDGE</code> device type.</p> </note> <p>The type of AWS Snow device to use for this job. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
+          "documentation":"<p>The type of Snow Family Devices to use for this job. </p> <note> <p>For cluster jobs, Amazon Web Services Snow Family currently supports only the <code>EDGE</code> device type.</p> </note> <p>The type of Amazon Web Services Snow device to use for this job. Currently, the only supported device type for cluster jobs is <code>EDGE</code>.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html\">Snowball Edge Device Options</a> in the Snowball Edge Developer Guide.</p> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
         },
         "ForwardingAddressId":{
           "shape":"AddressId",
@@ -774,11 +777,11 @@
         },
         "TaxDocuments":{
           "shape":"TaxDocuments",
-          "documentation":"<p>The tax documents required in your AWS Region.</p>"
+          "documentation":"<p>The tax documents required in your Amazon Web Services Region.</p>"
         },
         "DeviceConfiguration":{
           "shape":"DeviceConfiguration",
-          "documentation":"<p>Defines the device configuration for an AWS Snowcone job.</p> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
+          "documentation":"<p>Defines the device configuration for an Snowcone job.</p> <p>For more information, see \"https://docs.aws.amazon.com/snowball/latest/snowcone-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i> or \"https://docs.aws.amazon.com/snowball/latest/developer-guide/snow-device-types.html\" (Snow Family Devices and Capacity) in the <i>Snowcone User Guide</i>.</p>"
         },
         "RemoteManagement":{
           "shape":"RemoteManagement",
@@ -813,7 +816,7 @@
         },
         "SnowballType":{
           "shape":"SnowballType",
-          "documentation":"<p>The type of AWS Snow Family device to use for the long-term pricing job.</p>"
+          "documentation":"<p>The type of Snow Family Devices to use for the long-term pricing job.</p>"
         }
       }
     },
@@ -836,7 +839,7 @@
         },
         "ShippingOption":{
           "shape":"ShippingOption",
-          "documentation":"<p>The shipping speed for a particular job. This speed doesn't dictate how soon the device is returned to AWS. This speed represents how quickly it moves to its destination while in transit. Regional shipping speeds are as follows:</p>"
+          "documentation":"<p>The shipping speed for a particular job. This speed doesn't dictate how soon the device is returned to Amazon Web Services. This speed represents how quickly it moves to its destination while in transit. Regional shipping speeds are as follows:</p>"
         }
       }
     },
@@ -845,7 +848,7 @@
       "members":{
         "Status":{
           "shape":"ShippingLabelStatus",
-          "documentation":"<p>The status information of the task on a Snow device that is being returned to AWS.</p>"
+          "documentation":"<p>The status information of the task on a Snow device that is being returned to Amazon Web Services.</p>"
         }
       }
     },
@@ -869,7 +872,7 @@
           "documentation":"<p>The total number of objects for a transfer between a Snow device and Amazon S3. This value is set to 0 (zero) until all the keys that will be transferred have been listed.</p>"
         }
       },
-      "documentation":"<p>Defines the real-time status of a Snow device's data transfer while the device is at AWS. This data is only available while a job has a <code>JobState</code> value of <code>InProgress</code>, for both import and export jobs.</p>"
+      "documentation":"<p>Defines the real-time status of a Snow device's data transfer while the device is at Amazon Web Services. This data is only available while a job has a <code>JobState</code> value of <code>InProgress</code>, for both import and export jobs.</p>"
     },
     "DescribeAddressRequest":{
       "type":"structure",
@@ -973,11 +976,15 @@
       "members":{
         "Status":{
           "shape":"ShippingLabelStatus",
-          "documentation":"<p>The status information of the task on a Snow device that is being returned to AWS.</p>"
+          "documentation":"<p>The status information of the task on a Snow device that is being returned to Amazon Web Services.</p>"
         },
         "ExpirationDate":{
           "shape":"Timestamp",
           "documentation":"<p>The expiration date of the current return shipping label.</p>"
+        },
+        "ReturnShippingLabelURI":{
+          "shape":"String",
+          "documentation":"<p>The pre-signed Amazon S3 URI used to download the return shipping label.</p>"
         }
       }
     },
@@ -986,7 +993,7 @@
       "members":{
         "SnowconeDeviceConfiguration":{
           "shape":"SnowconeDeviceConfiguration",
-          "documentation":"<p>Returns information about the device configuration for an AWS Snowcone job.</p>"
+          "documentation":"<p>Returns information about the device configuration for an Snowcone job.</p>"
         }
       },
       "documentation":"<p>The container for <code>SnowconeDeviceConfiguration</code>. </p>"
@@ -1011,7 +1018,7 @@
           "documentation":"<p>The ID of the AMI on the Snow device.</p>"
         }
       },
-      "documentation":"<p>A JSON-formatted object that contains the IDs for an Amazon Machine Image (AMI), including the Amazon EC2 AMI ID and the Snow device AMI ID. Each AMI has these two IDs to simplify identifying the AMI in both the AWS Cloud and on the device.</p>"
+      "documentation":"<p>A JSON-formatted object that contains the IDs for an Amazon Machine Image (AMI), including the Amazon EC2 AMI ID and the Snow device AMI ID. Each AMI has these two IDs to simplify identifying the AMI in both the Amazon Web Services Cloud and on the device.</p>"
     },
     "Ec2AmiResourceList":{
       "type":"list",
@@ -1030,7 +1037,7 @@
       "members":{
         "EventResourceARN":{
           "shape":"ResourceARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) for any local Amazon S3 resource that is an AWS Lambda function's event trigger associated with this job.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for any local Amazon S3 resource that is an Lambda function's event trigger associated with this job.</p>"
         }
       },
       "documentation":"<p>The container for the <a>EventTriggerDefinition$EventResourceARN</a>.</p>"
@@ -1041,6 +1048,8 @@
     },
     "GSTIN":{
       "type":"string",
+      "max":15,
+      "min":15,
       "pattern":"\\d{2}[A-Z]{5}\\d{4}[A-Z]{1}[A-Z\\d]{1}[Z]{1}[A-Z\\d]{1}"
     },
     "GetJobManifestRequest":{
@@ -1123,10 +1132,10 @@
       "members":{
         "GSTIN":{
           "shape":"GSTIN",
-          "documentation":"<p>The Goods and Services Tax (GST) documents required in AWS Regions in India.</p>"
+          "documentation":"<p>The Goods and Services Tax (GST) documents required in Amazon Web Services Region in India.</p>"
         }
       },
-      "documentation":"<p>The tax documents required in AWS Regions in India.</p>"
+      "documentation":"<p>The tax documents required in Amazon Web Services Region in India.</p>"
     },
     "Integer":{"type":"integer"},
     "InvalidAddressException":{
@@ -1269,11 +1278,11 @@
         },
         "KmsKeyARN":{
           "shape":"KmsKeyARN",
-          "documentation":"<p>The Amazon Resource Name (ARN) for the AWS Key Management Service (AWS KMS) key associated with this job. This ARN was created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in AWS KMS.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) for the Key Management Service (KMS) key associated with this job. This ARN was created using the <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html\">CreateKey</a> API action in KMS.</p>"
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The role ARN associated with this job. This ARN was created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in AWS Identity and Access Management (IAM).</p>"
+          "documentation":"<p>The role ARN associated with this job. This ARN was created using the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in Identity and Access Management.</p>"
         },
         "AddressId":{
           "shape":"AddressId",
@@ -1293,7 +1302,7 @@
         },
         "DataTransferProgress":{
           "shape":"DataTransfer",
-          "documentation":"<p>A value that defines the real-time status of a Snow device's data transfer while the device is at AWS. This data is only available while a job has a <code>JobState</code> value of <code>InProgress</code>, for both import and export jobs.</p>"
+          "documentation":"<p>A value that defines the real-time status of a Snow device's data transfer while the device is at Amazon Web Services. This data is only available while a job has a <code>JobState</code> value of <code>InProgress</code>, for both import and export jobs.</p>"
         },
         "JobLogInfo":{
           "shape":"JobLogs",
@@ -1309,7 +1318,7 @@
         },
         "TaxDocuments":{
           "shape":"TaxDocuments",
-          "documentation":"<p>The metadata associated with the tax documents required in your AWS Region.</p>"
+          "documentation":"<p>The metadata associated with the tax documents required in your Amazon Web Services Region.</p>"
         },
         "DeviceConfiguration":{"shape":"DeviceConfiguration"},
         "RemoteManagement":{
@@ -1322,7 +1331,7 @@
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Represents metadata and configuration settings for services on an AWS Snow Family device.</p>"
+          "documentation":"<p>Represents metadata and configuration settings for services on an Amazon Web Services Snow Family device.</p>"
         }
       },
       "documentation":"<p>Contains information about a specific job including shipping information, job status, and other important metadata. This information is returned as a part of the response syntax of the <code>DescribeJob</code> action.</p>"
@@ -1347,7 +1356,7 @@
           "documentation":"<p>The Amazon Machine Images (AMIs) associated with this job.</p>"
         }
       },
-      "documentation":"<p>Contains an array of AWS resource objects. Each object represents an Amazon S3 bucket, an AWS Lambda function, or an Amazon Machine Image (AMI) based on Amazon EC2 that is associated with a particular job.</p>"
+      "documentation":"<p>Contains an array of Amazon Web Services resource objects. Each object represents an Amazon S3 bucket, an Lambda function, or an Amazon Machine Image (AMI) based on Amazon EC2 that is associated with a particular job.</p>"
     },
     "JobState":{
       "type":"string",
@@ -1384,7 +1393,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The provided AWS Key Management Service key lacks the permissions to perform the specified <a>CreateJob</a> or <a>UpdateJob</a> action.</p>",
+      "documentation":"<p>The provided Key Management Service key lacks the permissions to perform the specified <a>CreateJob</a> or <a>UpdateJob</a> action.</p>",
       "exception":true
     },
     "KeyRange":{
@@ -1411,7 +1420,7 @@
       "members":{
         "LambdaArn":{
           "shape":"ResourceARN",
-          "documentation":"<p>An Amazon Resource Name (ARN) that represents an AWS Lambda function to be triggered by PUT object actions on the associated local Amazon S3 resource.</p>"
+          "documentation":"<p>An Amazon Resource Name (ARN) that represents an Lambda function to be triggered by PUT object actions on the associated local Amazon S3 resource.</p>"
         },
         "EventTriggers":{
           "shape":"EventTriggerDefinitionList",
@@ -1616,7 +1625,7 @@
         },
         "SnowballType":{
           "shape":"SnowballType",
-          "documentation":"<p>The type of AWS Snow Family device associated with this long-term pricing job.</p>"
+          "documentation":"<p>The type of Snow Family Devices associated with this long-term pricing job.</p>"
         },
         "JobIds":{
           "shape":"LongTermPricingAssociatedJobIdList",
@@ -1637,21 +1646,21 @@
       "members":{
         "StorageLimit":{
           "shape":"StorageLimit",
-          "documentation":"<p>The maximum NFS storage for one Snowball Family device.</p>"
+          "documentation":"<p>The maximum NFS storage for one Snow Family device.</p>"
         },
         "StorageUnit":{
           "shape":"StorageUnit",
           "documentation":"<p>The scale unit of the NFS storage on the device.</p> <p>Valid values: TB.</p>"
         }
       },
-      "documentation":"<p>An object that represents metadata and configuration settings for NFS service on an AWS Snow Family device.</p>"
+      "documentation":"<p>An object that represents the metadata and configuration settings for the NFS (Network File System) service on an Amazon Web Services Snow Family device.</p>"
     },
     "Notification":{
       "type":"structure",
       "members":{
         "SnsTopicARN":{
           "shape":"SnsTopicARN",
-          "documentation":"<p>The new SNS <code>TopicArn</code> that you want to associate with this job. You can create Amazon Resource Names (ARNs) for topics by using the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_CreateTopic.html\">CreateTopic</a> Amazon SNS API action.</p> <p>You can subscribe email addresses to an Amazon SNS topic through the AWS Management Console, or by using the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html\">Subscribe</a> Amazon Simple Notification Service (Amazon SNS) API action.</p>"
+          "documentation":"<p>The new SNS <code>TopicArn</code> that you want to associate with this job. You can create Amazon Resource Names (ARNs) for topics by using the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_CreateTopic.html\">CreateTopic</a> Amazon SNS API action.</p> <p>You can subscribe email addresses to an Amazon SNS topic through the Amazon Web Services Management Console, or by using the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html\">Subscribe</a> Amazon Simple Notification Service (Amazon SNS) API action.</p>"
         },
         "JobStatesToNotify":{
           "shape":"JobStateList",
@@ -1669,10 +1678,14 @@
       "members":{
         "NFSOnDeviceService":{
           "shape":"NFSOnDeviceServiceConfiguration",
-          "documentation":"<p>Represents the NFS service on a Snow Family device.</p>"
+          "documentation":"<p>Represents the NFS (Network File System) service on a Snow Family device.</p>"
+        },
+        "TGWOnDeviceService":{
+          "shape":"TGWOnDeviceServiceConfiguration",
+          "documentation":"<p>Represents the Storage Gateway service Tape Gateway type on a Snow Family device.</p>"
         }
       },
-      "documentation":"<p>An object that represents metadata and configuration settings for services on an AWS Snow Family device.</p>"
+      "documentation":"<p>An object that represents the metadata and configuration settings for services on an Amazon Web Services Snow Family device.</p>"
     },
     "RemoteManagement":{
       "type":"string",
@@ -1691,7 +1704,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>You get this exception if you call <code>CreateReturnShippingLabel</code> and a valid return shipping label already exists. In this case, use <code>DescribeReturnShippingLabel</code> to get the url.</p>",
+      "documentation":"<p>You get this exception if you call <code>CreateReturnShippingLabel</code> and a valid return shipping label already exists. In this case, use <code>DescribeReturnShippingLabel</code> to get the URL.</p>",
       "exception":true
     },
     "RoleARN":{
@@ -1712,7 +1725,7 @@
         },
         "TargetOnDeviceServices":{
           "shape":"TargetOnDeviceServiceList",
-          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family supports Amazon S3 and NFS (Network File System).</p>"
         }
       },
       "documentation":"<p>Each <code>S3Resource</code> object represents an Amazon S3 bucket that your transferred data will be exported from or imported into. For export jobs, this object can have an optional <code>KeyRange</code> value. The length of the range is defined at job creation, and has either an inclusive <code>BeginMarker</code>, an inclusive <code>EndMarker</code>, or both. Ranges are UTF-8 binary sorted.</p>"
@@ -1751,7 +1764,7 @@
         },
         "InboundShipment":{
           "shape":"Shipment",
-          "documentation":"<p>The <code>Status</code> and <code>TrackingNumber</code> values for a Snow device being returned to AWS for a particular job.</p>"
+          "documentation":"<p>The <code>Status</code> and <code>TrackingNumber</code> values for a Snow device being returned to Amazon Web Services for a particular job.</p>"
         },
         "OutboundShipment":{
           "shape":"Shipment",
@@ -1808,10 +1821,10 @@
       "members":{
         "WirelessConnection":{
           "shape":"WirelessConnection",
-          "documentation":"<p>Configures the wireless connection for the AWS Snowcone device.</p>"
+          "documentation":"<p>Configures the wireless connection for the Snowcone device.</p>"
         }
       },
-      "documentation":"<p>Specifies the device configuration for an AWS Snowcone job. </p>"
+      "documentation":"<p>Specifies the device configuration for an Snowcone job.</p>"
     },
     "SnsTopicARN":{
       "type":"string",
@@ -1829,7 +1842,22 @@
     "String":{
       "type":"string",
       "max":1024,
-      "min":1
+      "min":1,
+      "pattern":".*"
+    },
+    "TGWOnDeviceServiceConfiguration":{
+      "type":"structure",
+      "members":{
+        "StorageLimit":{
+          "shape":"StorageLimit",
+          "documentation":"<p>The maximum number of virtual tapes to store on one Snow Family device. Due to physical resource limitations, this value must be set to 80 for Snowball Edge.</p>"
+        },
+        "StorageUnit":{
+          "shape":"StorageUnit",
+          "documentation":"<p>The scale unit of the virtual tapes on the device.</p>"
+        }
+      },
+      "documentation":"<p>An object that represents the metadata and configuration settings for the Storage Gateway service Tape Gateway type on an Amazon Web Services Snow Family device.</p>"
     },
     "TargetOnDeviceService":{
       "type":"structure",
@@ -1843,7 +1871,7 @@
           "documentation":"<p>Specifies whether the data is being imported or exported. You can import or export the data, or use it locally on the device.</p>"
         }
       },
-      "documentation":"<p>An object that represents the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+      "documentation":"<p>An object that represents the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family supports Amazon S3 and NFS (Network File System).</p>"
     },
     "TargetOnDeviceServiceList":{
       "type":"list",
@@ -1854,7 +1882,7 @@
       "members":{
         "IND":{"shape":"INDTaxDocuments"}
       },
-      "documentation":"<p>The tax documents required in your AWS Region.</p>"
+      "documentation":"<p>The tax documents required in your Amazon Web Services Region.</p>"
     },
     "Timestamp":{"type":"timestamp"},
     "TransferOption":{
@@ -1870,7 +1898,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The address is either outside the serviceable area for your region, or an error occurred. Check the address with your region's carrier and try again. If the issue persists, contact AWS Support.</p>",
+      "documentation":"<p>The address is either outside the serviceable area for your region, or an error occurred. Check the address with your region's carrier and try again. If the issue persists, contact Amazon Web Services Support.</p>",
       "exception":true
     },
     "UpdateClusterRequest":{
@@ -1883,7 +1911,7 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The new role Amazon Resource Name (ARN) that you want to associate with this cluster. To create a role ARN, use the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in AWS Identity and Access Management (IAM).</p>"
+          "documentation":"<p>The new role Amazon Resource Name (ARN) that you want to associate with this cluster. To create a role ARN, use the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a> API action in Identity and Access Management (IAM).</p>"
         },
         "Description":{
           "shape":"String",
@@ -1895,7 +1923,7 @@
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family device clusters support Amazon S3 and NFS (Network File System).</p>"
         },
         "AddressId":{
           "shape":"AddressId",
@@ -1930,7 +1958,7 @@
         },
         "RoleARN":{
           "shape":"RoleARN",
-          "documentation":"<p>The new role Amazon Resource Name (ARN) that you want to associate with this job. To create a role ARN, use the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a>AWS Identity and Access Management (IAM) API action.</p>"
+          "documentation":"<p>The new role Amazon Resource Name (ARN) that you want to associate with this job. To create a role ARN, use the <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html\">CreateRole</a>Identity and Access Management (IAM) API action.</p>"
         },
         "Notification":{
           "shape":"Notification",
@@ -1942,7 +1970,7 @@
         },
         "OnDeviceServiceConfiguration":{
           "shape":"OnDeviceServiceConfiguration",
-          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. AWS Snow Family supports Amazon S3 and NFS (Network File System).</p>"
+          "documentation":"<p>Specifies the service or services on the Snow Family device that your transferred data will be exported from or imported into. Amazon Web Services Snow Family supports Amazon S3 and NFS (Network File System) and the Amazon Web Services Storage Gateway service Tape Gateway type.</p>"
         },
         "AddressId":{
           "shape":"AddressId",
@@ -1984,7 +2012,7 @@
         },
         "ShipmentState":{
           "shape":"ShipmentState",
-          "documentation":"<p>The state of a device when it is being shipped. </p> <p>Set to <code>RECEIVED</code> when the device arrives at your location.</p> <p>Set to <code>RETURNED</code> when you have returned the device to AWS.</p>"
+          "documentation":"<p>The state of a device when it is being shipped. </p> <p>Set to <code>RECEIVED</code> when the device arrives at your location.</p> <p>Set to <code>RETURNED</code> when you have returned the device to Amazon Web Services.</p>"
         }
       }
     },
@@ -2021,11 +2049,11 @@
       "members":{
         "IsWifiEnabled":{
           "shape":"Boolean",
-          "documentation":"<p>Enables the Wi-Fi adapter on an AWS Snowcone device.</p>"
+          "documentation":"<p>Enables the Wi-Fi adapter on an Snowcone device.</p>"
         }
       },
-      "documentation":"<p>Configures the wireless connection on an AWS Snowcone device.</p>"
+      "documentation":"<p>Configures the wireless connection on an Snowcone device.</p>"
     }
   },
-  "documentation":"<p>AWS Snow Family is a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3). The Snow commands described here provide access to the same functionality that is available in the AWS Snow Family Management Console, which enables you to create and manage jobs for a Snow device. To transfer data locally with a Snow device, you'll need to use the Snowball Edge client or the Amazon S3 API Interface for Snowball or AWS OpsHub for Snow Family. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSImportExport/latest/ug/api-reference.html\">User Guide</a>.</p>"
+  "documentation":"<p>The Amazon Web Services Snow Family provides a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3). The Snow Family commands described here provide access to the same functionality that is available in the Amazon Web Services Snow Family Management Console, which enables you to create and manage jobs for a Snow Family device. To transfer data locally with a Snow Family device, you'll need to use the Snowball Edge client or the Amazon S3 API Interface for Snowball or OpsHub for Snow Family. For more information, see the <a href=\"https://docs.aws.amazon.com/AWSImportExport/latest/ug/api-reference.html\">User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/sns/2010-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/sns/2010-03-31/service-2.json
index 16cdc2b2108..4063a054545 100644
--- a/contrib/python/botocore/py3/botocore/data/sns/2010-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sns/2010-03-31/service-2.json
@@ -25,7 +25,7 @@
         {"shape":"AuthorizationErrorException"},
         {"shape":"NotFoundException"}
       ],
-      "documentation":"<p>Adds a statement to a topic's access control policy, granting access for the specified accounts to the specified actions.</p>"
+      "documentation":"<p>Adds a statement to a topic's access control policy, granting access for the specified Amazon Web Services accounts to the specified actions.</p>"
     },
     "CheckIfPhoneNumberIsOptedOut":{
       "name":"CheckIfPhoneNumberIsOptedOut",
@@ -44,7 +44,7 @@
         {"shape":"AuthorizationErrorException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Accepts a phone number and indicates whether the phone holder has opted out of receiving SMS messages from your account. You cannot send SMS messages to a number that is opted out.</p> <p>To resume sending messages, you can opt in the number by using the <code>OptInPhoneNumber</code> action.</p>"
+      "documentation":"<p>Accepts a phone number and indicates whether the phone holder has opted out of receiving SMS messages from your Amazon Web Services account. You cannot send SMS messages to a number that is opted out.</p> <p>To resume sending messages, you can opt in the number by using the <code>OptInPhoneNumber</code> action.</p>"
     },
     "ConfirmSubscription":{
       "name":"ConfirmSubscription",
@@ -83,7 +83,7 @@
         {"shape":"InternalErrorException"},
         {"shape":"AuthorizationErrorException"}
       ],
-      "documentation":"<p>Creates a platform application object for one of the supported push notification services, such as APNS and GCM (Firebase Cloud Messaging), to which devices and mobile apps may register. You must specify <code>PlatformPrincipal</code> and <code>PlatformCredential</code> attributes when using the <code>CreatePlatformApplication</code> action.</p> <p> <code>PlatformPrincipal</code> and <code>PlatformCredential</code> are received from the notification service.</p> <ul> <li> <p>For <code>ADM</code>, <code>PlatformPrincipal</code> is <code>client id</code> and <code>PlatformCredential</code> is <code>client secret</code>.</p> </li> <li> <p>For <code>Baidu</code>, <code>PlatformPrincipal</code> is <code>API key</code> and <code>PlatformCredential</code> is <code>secret key</code>.</p> </li> <li> <p>For <code>APNS</code> and <code>APNS_SANDBOX</code>, <code>PlatformPrincipal</code> is <code>SSL certificate</code> and <code>PlatformCredential</code> is <code>private key</code>.</p> </li> <li> <p>For <code>GCM</code> (Firebase Cloud Messaging), there is no <code>PlatformPrincipal</code> and the <code>PlatformCredential</code> is <code>API key</code>.</p> </li> <li> <p>For <code>MPNS</code>, <code>PlatformPrincipal</code> is <code>TLS certificate</code> and <code>PlatformCredential</code> is <code>private key</code>.</p> </li> <li> <p>For <code>WNS</code>, <code>PlatformPrincipal</code> is <code>Package Security Identifier</code> and <code>PlatformCredential</code> is <code>secret key</code>.</p> </li> </ul> <p>You can use the returned <code>PlatformApplicationArn</code> as an attribute for the <code>CreatePlatformEndpoint</code> action.</p>"
+      "documentation":"<p>Creates a platform application object for one of the supported push notification services, such as APNS and GCM (Firebase Cloud Messaging), to which devices and mobile apps may register. You must specify <code>PlatformPrincipal</code> and <code>PlatformCredential</code> attributes when using the <code>CreatePlatformApplication</code> action.</p> <p> <code>PlatformPrincipal</code> and <code>PlatformCredential</code> are received from the notification service.</p> <ul> <li> <p>For <code>ADM</code>, <code>PlatformPrincipal</code> is <code>client id</code> and <code>PlatformCredential</code> is <code>client secret</code>.</p> </li> <li> <p>For <code>Baidu</code>, <code>PlatformPrincipal</code> is <code>API key</code> and <code>PlatformCredential</code> is <code>secret key</code>.</p> </li> <li> <p>For <code>APNS</code> and <code>APNS_SANDBOX</code> using certificate credentials, <code>PlatformPrincipal</code> is <code>SSL certificate</code> and <code>PlatformCredential</code> is <code>private key</code>.</p> </li> <li> <p>For <code>APNS</code> and <code>APNS_SANDBOX</code> using token credentials, <code>PlatformPrincipal</code> is <code>signing key ID</code> and <code>PlatformCredential</code> is <code>signing key</code>.</p> </li> <li> <p>For <code>GCM</code> (Firebase Cloud Messaging), there is no <code>PlatformPrincipal</code> and the <code>PlatformCredential</code> is <code>API key</code>.</p> </li> <li> <p>For <code>MPNS</code>, <code>PlatformPrincipal</code> is <code>TLS certificate</code> and <code>PlatformCredential</code> is <code>private key</code>.</p> </li> <li> <p>For <code>WNS</code>, <code>PlatformPrincipal</code> is <code>Package Security Identifier</code> and <code>PlatformCredential</code> is <code>secret key</code>.</p> </li> </ul> <p>You can use the returned <code>PlatformApplicationArn</code> as an attribute for the <code>CreatePlatformEndpoint</code> action.</p>"
     },
     "CreatePlatformEndpoint":{
       "name":"CreatePlatformEndpoint",
@@ -123,7 +123,7 @@
         {"shape":"UserErrorException"},
         {"shape":"ThrottledException"}
       ],
-      "documentation":"<p>Adds a destination phone number to an account in the SMS sandbox and sends a one-time password (OTP) to that phone number.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Adds a destination phone number to an Amazon Web Services account in the SMS sandbox and sends a one-time password (OTP) to that phone number.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "CreateTopic":{
       "name":"CreateTopic",
@@ -196,7 +196,7 @@
         {"shape":"UserErrorException"},
         {"shape":"ThrottledException"}
       ],
-      "documentation":"<p>Deletes an account's verified or pending phone number from the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Deletes an Amazon Web Services account's verified or pending phone number from the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "DeleteTopic":{
       "name":"DeleteTopic",
@@ -271,7 +271,7 @@
         {"shape":"AuthorizationErrorException"},
         {"shape":"InvalidParameterException"}
       ],
-      "documentation":"<p>Returns the settings for sending SMS messages from your account.</p> <p>These settings are set with the <code>SetSMSAttributes</code> action.</p>"
+      "documentation":"<p>Returns the settings for sending SMS messages from your Amazon Web Services account.</p> <p>These settings are set with the <code>SetSMSAttributes</code> action.</p>"
     },
     "GetSMSSandboxAccountStatus":{
       "name":"GetSMSSandboxAccountStatus",
@@ -289,7 +289,7 @@
         {"shape":"InternalErrorException"},
         {"shape":"ThrottledException"}
       ],
-      "documentation":"<p>Retrieves the SMS sandbox status for the calling account in the target Region.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Retrieves the SMS sandbox status for the calling Amazon Web Services account in the target Amazon Web Services Region.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "GetSubscriptionAttributes":{
       "name":"GetSubscriptionAttributes",
@@ -367,7 +367,7 @@
         {"shape":"InvalidParameterException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Lists the calling account's dedicated origination numbers and their metadata. For more information about origination numbers, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/channels-sms-originating-identities-origination-numbers.html\">Origination numbers</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Lists the calling Amazon Web Services account's dedicated origination numbers and their metadata. For more information about origination numbers, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/channels-sms-originating-identities-origination-numbers.html\">Origination numbers</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "ListPhoneNumbersOptedOut":{
       "name":"ListPhoneNumbersOptedOut",
@@ -424,7 +424,7 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ThrottledException"}
       ],
-      "documentation":"<p>Lists the calling account's current verified and pending destination phone numbers in the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Lists the calling Amazon Web Services account's current verified and pending destination phone numbers in the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "ListSubscriptions":{
       "name":"ListSubscriptions",
@@ -547,7 +547,41 @@
         {"shape":"KMSAccessDeniedException"},
         {"shape":"InvalidSecurityException"}
       ],
-      "documentation":"<p>Sends a message to an Amazon SNS topic, a text message (SMS message) directly to a phone number, or a message to a mobile platform endpoint (when you specify the <code>TargetArn</code>).</p> <p>If you send a message to a topic, Amazon SNS delivers the message to each endpoint that is subscribed to the topic. The format of the message depends on the notification protocol for each subscribed endpoint.</p> <p>When a <code>messageId</code> is returned, the message has been saved and Amazon SNS will attempt to deliver it shortly.</p> <p>To use the <code>Publish</code> action for sending a message to a mobile endpoint, such as an app on a Kindle device or mobile phone, you must specify the EndpointArn for the TargetArn parameter. The EndpointArn is returned when making a call with the <code>CreatePlatformEndpoint</code> action. </p> <p>For more information about formatting messages, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-custommessage.html\">Send Custom Platform-Specific Payloads in Messages to Mobile Devices</a>. </p> <important> <p>You can publish messages only to topics and endpoints in the same Region.</p> </important>"
+      "documentation":"<p>Sends a message to an Amazon SNS topic, a text message (SMS message) directly to a phone number, or a message to a mobile platform endpoint (when you specify the <code>TargetArn</code>).</p> <p>If you send a message to a topic, Amazon SNS delivers the message to each endpoint that is subscribed to the topic. The format of the message depends on the notification protocol for each subscribed endpoint.</p> <p>When a <code>messageId</code> is returned, the message is saved and Amazon SNS immediately delivers it to subscribers.</p> <p>To use the <code>Publish</code> action for publishing a message to a mobile endpoint, such as an app on a Kindle device or mobile phone, you must specify the EndpointArn for the TargetArn parameter. The EndpointArn is returned when making a call with the <code>CreatePlatformEndpoint</code> action. </p> <p>For more information about formatting messages, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-custommessage.html\">Send Custom Platform-Specific Payloads in Messages to Mobile Devices</a>. </p> <important> <p>You can publish messages only to topics and endpoints in the same Amazon Web Services Region.</p> </important>"
+    },
+    "PublishBatch":{
+      "name":"PublishBatch",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PublishBatchInput"},
+      "output":{
+        "shape":"PublishBatchResponse",
+        "resultWrapper":"PublishBatchResult"
+      },
+      "errors":[
+        {"shape":"InvalidParameterException"},
+        {"shape":"InvalidParameterValueException"},
+        {"shape":"InternalErrorException"},
+        {"shape":"NotFoundException"},
+        {"shape":"EndpointDisabledException"},
+        {"shape":"PlatformApplicationDisabledException"},
+        {"shape":"AuthorizationErrorException"},
+        {"shape":"BatchEntryIdsNotDistinctException"},
+        {"shape":"BatchRequestTooLongException"},
+        {"shape":"EmptyBatchRequestException"},
+        {"shape":"InvalidBatchEntryIdException"},
+        {"shape":"TooManyEntriesInBatchRequestException"},
+        {"shape":"KMSDisabledException"},
+        {"shape":"KMSInvalidStateException"},
+        {"shape":"KMSNotFoundException"},
+        {"shape":"KMSOptInRequired"},
+        {"shape":"KMSThrottlingException"},
+        {"shape":"KMSAccessDeniedException"},
+        {"shape":"InvalidSecurityException"}
+      ],
+      "documentation":"<p>Publishes up to ten messages to the specified topic. This is a batch version of <code>Publish</code>. For FIFO topics, multiple messages within a single batch are published in the order they are sent, and messages are deduplicated within the batch and across batches for 5 minutes.</p> <p>The result of publishing each message is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of <code>200</code>.</p> <p>The maximum allowed individual message size and the maximum total payload size (the sum of the individual lengths of all of the batched messages) are both 256 KB (262,144 bytes). </p> <p>Some actions take lists of parameters. These lists are specified using the <code>param.n</code> notation. Values of <code>n</code> are integers starting from 1. For example, a parameter list with two elements looks like this: </p> <p>&amp;AttributeName.1=first</p> <p>&amp;AttributeName.2=second</p> <p>If you send a batch message to a topic, Amazon SNS publishes the batch message to each endpoint that is subscribed to the topic. The format of the batch message depends on the notification protocol for each subscribed endpoint.</p> <p>When a <code>messageId</code> is returned, the batch message is saved and Amazon SNS immediately delivers the message to subscribers.</p>"
     },
     "RemovePermission":{
       "name":"RemovePermission",
@@ -665,7 +699,7 @@
         {"shape":"AuthorizationErrorException"},
         {"shape":"InvalidSecurityException"}
       ],
-      "documentation":"<p>Subscribes an endpoint to an Amazon SNS topic. If the endpoint type is HTTP/S or email, or if the endpoint and the topic are not in the same account, the endpoint owner must run the <code>ConfirmSubscription</code> action to confirm the subscription.</p> <p>You call the <code>ConfirmSubscription</code> action with the token from the subscription response. Confirmation tokens are valid for three days.</p> <p>This action is throttled at 100 transactions per second (TPS).</p>"
+      "documentation":"<p>Subscribes an endpoint to an Amazon SNS topic. If the endpoint type is HTTP/S or email, or if the endpoint and the topic are not in the same Amazon Web Services account, the endpoint owner must run the <code>ConfirmSubscription</code> action to confirm the subscription.</p> <p>You call the <code>ConfirmSubscription</code> action with the token from the subscription response. Confirmation tokens are valid for three days.</p> <p>This action is throttled at 100 transactions per second (TPS).</p>"
     },
     "TagResource":{
       "name":"TagResource",
@@ -687,7 +721,7 @@
         {"shape":"AuthorizationErrorException"},
         {"shape":"ConcurrentAccessException"}
       ],
-      "documentation":"<p>Add tags to the specified Amazon SNS topic. For an overview, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-tags.html\">Amazon SNS Tags</a> in the <i>Amazon SNS Developer Guide</i>.</p> <p>When you use topic tags, keep the following guidelines in mind:</p> <ul> <li> <p>Adding more than 50 tags to a topic isn't recommended.</p> </li> <li> <p>Tags don't have any semantic meaning. Amazon SNS interprets tags as character strings.</p> </li> <li> <p>Tags are case-sensitive.</p> </li> <li> <p>A new tag with a key identical to that of an existing tag overwrites the existing tag.</p> </li> <li> <p>Tagging actions are limited to 10 TPS per account, per Region. If your application requires a higher throughput, file a <a href=\"https://console.aws.amazon.com/support/home#/case/create?issueType=technical\">technical support request</a>.</p> </li> </ul>"
+      "documentation":"<p>Add tags to the specified Amazon SNS topic. For an overview, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-tags.html\">Amazon SNS Tags</a> in the <i>Amazon SNS Developer Guide</i>.</p> <p>When you use topic tags, keep the following guidelines in mind:</p> <ul> <li> <p>Adding more than 50 tags to a topic isn't recommended.</p> </li> <li> <p>Tags don't have any semantic meaning. Amazon SNS interprets tags as character strings.</p> </li> <li> <p>Tags are case-sensitive.</p> </li> <li> <p>A new tag with a key identical to that of an existing tag overwrites the existing tag.</p> </li> <li> <p>Tagging actions are limited to 10 TPS per Amazon Web Services account, per Amazon Web Services Region. If your application requires a higher throughput, file a <a href=\"https://console.aws.amazon.com/support/home#/case/create?issueType=technical\">technical support request</a>.</p> </li> </ul>"
     },
     "Unsubscribe":{
       "name":"Unsubscribe",
@@ -746,7 +780,7 @@
         {"shape":"VerificationException"},
         {"shape":"ThrottledException"}
       ],
-      "documentation":"<p>Verifies a destination phone number with a one-time password (OTP) for the calling account.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>Verifies a destination phone number with a one-time password (OTP) for the calling Amazon Web Services account.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     }
   },
   "shapes":{
@@ -773,7 +807,7 @@
         },
         "AWSAccountId":{
           "shape":"DelegatesList",
-          "documentation":"<p>The account IDs of the users (principals) who will be given access to the specified actions. The users must have account, but do not need to be signed up for this service.</p>"
+          "documentation":"<p>The Amazon Web Services account IDs of the users (principals) who will be given access to the specified actions. The users must have Amazon Web Services account, but do not need to be signed up for this service.</p>"
         },
         "ActionName":{
           "shape":"ActionsList",
@@ -799,6 +833,63 @@
       },
       "exception":true
     },
+    "BatchEntryIdsNotDistinctException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"string"}
+      },
+      "documentation":"<p>Two or more batch entries in the request have the same <code>Id</code>.</p>",
+      "error":{
+        "code":"BatchEntryIdsNotDistinct",
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "BatchRequestTooLongException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"string"}
+      },
+      "documentation":"<p>The length of all the batch messages put together is more than the limit.</p>",
+      "error":{
+        "code":"BatchRequestTooLong",
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "BatchResultErrorEntry":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "Code",
+        "SenderFault"
+      ],
+      "members":{
+        "Id":{
+          "shape":"String",
+          "documentation":"<p>The <code>Id</code> of an entry in a batch request</p>"
+        },
+        "Code":{
+          "shape":"String",
+          "documentation":"<p>An error code representing why the action failed on this entry.</p>"
+        },
+        "Message":{
+          "shape":"String",
+          "documentation":"<p>A message explaining why the action failed on this entry.</p>"
+        },
+        "SenderFault":{
+          "shape":"boolean",
+          "documentation":"<p>Specifies whether the error happened due to the caller of the batch API action.</p>"
+        }
+      },
+      "documentation":"<p>Gives a detailed description of failed messages in the batch.</p>"
+    },
+    "BatchResultErrorEntryList":{
+      "type":"list",
+      "member":{"shape":"BatchResultErrorEntry"}
+    },
     "Binary":{"type":"blob"},
     "CheckIfPhoneNumberIsOptedOutInput":{
       "type":"structure",
@@ -1034,19 +1125,32 @@
         }
       }
     },
+    "EmptyBatchRequestException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"string"}
+      },
+      "documentation":"<p>The batch request doesn't contain any entries.</p>",
+      "error":{
+        "code":"EmptyBatchRequest",
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
     "Endpoint":{
       "type":"structure",
       "members":{
         "EndpointArn":{
           "shape":"String",
-          "documentation":"<p>EndpointArn for mobile app and device.</p>"
+          "documentation":"<p>The <code>EndpointArn</code> for mobile app and device.</p>"
         },
         "Attributes":{
           "shape":"MapStringToString",
           "documentation":"<p>Attributes for endpoint.</p>"
         }
       },
-      "documentation":"<p>Endpoint for mobile app and device.</p>"
+      "documentation":"<p>The endpoint for mobile app and device.</p>"
     },
     "EndpointDisabledException":{
       "type":"structure",
@@ -1069,7 +1173,7 @@
       "members":{
         "message":{"shape":"string"}
       },
-      "documentation":"<p>Indicates that the number of filter polices in your account exceeds the limit. To add more filter polices, submit an SNS Limit Increase case in the Amazon Web Services Support Center.</p>",
+      "documentation":"<p>Indicates that the number of filter polices in your Amazon Web Services account exceeds the limit. To add more filter polices, submit an Amazon SNS Limit Increase case in the Amazon Web Services Support Center.</p>",
       "error":{
         "code":"FilterPolicyLimitExceeded",
         "httpStatusCode":403,
@@ -1114,7 +1218,7 @@
       "members":{
         "Attributes":{
           "shape":"MapStringToString",
-          "documentation":"<p>Attributes include the following:</p> <ul> <li> <p> <code>EventEndpointCreated</code> – Topic ARN to which EndpointCreated event notifications should be sent.</p> </li> <li> <p> <code>EventEndpointDeleted</code> – Topic ARN to which EndpointDeleted event notifications should be sent.</p> </li> <li> <p> <code>EventEndpointUpdated</code> – Topic ARN to which EndpointUpdate event notifications should be sent.</p> </li> <li> <p> <code>EventDeliveryFailure</code> – Topic ARN to which DeliveryFailure event notifications should be sent upon Direct Publish delivery failure (permanent) to one of the application's endpoints.</p> </li> </ul>"
+          "documentation":"<p>Attributes include the following:</p> <ul> <li> <p> <code>AppleCertificateExpiryDate</code> – The expiry date of the SSL certificate used to configure certificate-based authentication.</p> </li> <li> <p> <code>ApplePlatformTeamID</code> – The Apple developer account ID used to configure token-based authentication.</p> </li> <li> <p> <code>ApplePlatformBundleID</code> – The app identifier used to configure token-based authentication.</p> </li> <li> <p> <code>EventEndpointCreated</code> – Topic ARN to which EndpointCreated event notifications should be sent.</p> </li> <li> <p> <code>EventEndpointDeleted</code> – Topic ARN to which EndpointDeleted event notifications should be sent.</p> </li> <li> <p> <code>EventEndpointUpdated</code> – Topic ARN to which EndpointUpdate event notifications should be sent.</p> </li> <li> <p> <code>EventDeliveryFailure</code> – Topic ARN to which DeliveryFailure event notifications should be sent upon Direct Publish delivery failure (permanent) to one of the application's endpoints.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Response for GetPlatformApplicationAttributes action.</p>"
@@ -1150,7 +1254,7 @@
       "members":{
         "IsInSandbox":{
           "shape":"boolean",
-          "documentation":"<p>Indicates whether the calling account is in the SMS sandbox.</p>"
+          "documentation":"<p>Indicates whether the calling Amazon Web Services account is in the SMS sandbox.</p>"
         }
       }
     },
@@ -1170,7 +1274,7 @@
       "members":{
         "Attributes":{
           "shape":"SubscriptionAttributesMap",
-          "documentation":"<p>A map of the subscription's attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>ConfirmationWasAuthenticated</code> – <code>true</code> if the subscription confirmation request was authenticated.</p> </li> <li> <p> <code>DeliveryPolicy</code> – The JSON serialization of the subscription's delivery policy.</p> </li> <li> <p> <code>EffectiveDeliveryPolicy</code> – The JSON serialization of the effective delivery policy that takes into account the topic delivery policy and account system defaults.</p> </li> <li> <p> <code>FilterPolicy</code> – The filter policy JSON that is assigned to the subscription. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-message-filtering.html\">Amazon SNS Message Filtering</a> in the <i>Amazon SNS Developer Guide</i>.</p> </li> <li> <p> <code>Owner</code> – The account ID of the subscription's owner.</p> </li> <li> <p> <code>PendingConfirmation</code> – <code>true</code> if the subscription hasn't been confirmed. To confirm a pending subscription, call the <code>ConfirmSubscription</code> action with a confirmation token.</p> </li> <li> <p> <code>RawMessageDelivery</code> – <code>true</code> if raw message delivery is enabled for the subscription. Raw messages are free of JSON formatting and can be sent to HTTP/S and Amazon SQS endpoints.</p> </li> <li> <p> <code>RedrivePolicy</code> – When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.</p> </li> <li> <p> <code>SubscriptionArn</code> – The subscription's ARN.</p> </li> <li> <p> <code>TopicArn</code> – The topic ARN that the subscription is associated with.</p> </li> </ul> <p>The following attribute applies only to Amazon Kinesis Data Firehose delivery stream subscriptions:</p> <ul> <li> <p> <code>SubscriptionRoleArn</code> – The ARN of the IAM role that has the following:</p> <ul> <li> <p>Permission to write to the Kinesis Data Firehose delivery stream</p> </li> <li> <p>Amazon SNS listed as a trusted entity</p> </li> </ul> <p>Specifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html\">Fanout to Kinesis Data Firehose delivery streams</a> in the <i>Amazon SNS Developer Guide</i>.</p> </li> </ul>"
+          "documentation":"<p>A map of the subscription's attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>ConfirmationWasAuthenticated</code> – <code>true</code> if the subscription confirmation request was authenticated.</p> </li> <li> <p> <code>DeliveryPolicy</code> – The JSON serialization of the subscription's delivery policy.</p> </li> <li> <p> <code>EffectiveDeliveryPolicy</code> – The JSON serialization of the effective delivery policy that takes into account the topic delivery policy and account system defaults.</p> </li> <li> <p> <code>FilterPolicy</code> – The filter policy JSON that is assigned to the subscription. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-message-filtering.html\">Amazon SNS Message Filtering</a> in the <i>Amazon SNS Developer Guide</i>.</p> </li> <li> <p> <code>Owner</code> – The Amazon Web Services account ID of the subscription's owner.</p> </li> <li> <p> <code>PendingConfirmation</code> – <code>true</code> if the subscription hasn't been confirmed. To confirm a pending subscription, call the <code>ConfirmSubscription</code> action with a confirmation token.</p> </li> <li> <p> <code>RawMessageDelivery</code> – <code>true</code> if raw message delivery is enabled for the subscription. Raw messages are free of JSON formatting and can be sent to HTTP/S and Amazon SQS endpoints.</p> </li> <li> <p> <code>RedrivePolicy</code> – When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.</p> </li> <li> <p> <code>SubscriptionArn</code> – The subscription's ARN.</p> </li> <li> <p> <code>TopicArn</code> – The topic ARN that the subscription is associated with.</p> </li> </ul> <p>The following attribute applies only to Amazon Kinesis Data Firehose delivery stream subscriptions:</p> <ul> <li> <p> <code>SubscriptionRoleArn</code> – The ARN of the IAM role that has the following:</p> <ul> <li> <p>Permission to write to the Kinesis Data Firehose delivery stream</p> </li> <li> <p>Amazon SNS listed as a trusted entity</p> </li> </ul> <p>Specifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html\">Fanout to Kinesis Data Firehose delivery streams</a> in the <i>Amazon SNS Developer Guide</i>.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Response for GetSubscriptionAttributes action.</p>"
@@ -1191,7 +1295,7 @@
       "members":{
         "Attributes":{
           "shape":"TopicAttributesMap",
-          "documentation":"<p>A map of the topic's attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>DeliveryPolicy</code> – The JSON serialization of the topic's delivery policy.</p> </li> <li> <p> <code>DisplayName</code> – The human-readable name used in the <code>From</code> field for notifications to <code>email</code> and <code>email-json</code> endpoints.</p> </li> <li> <p> <code>Owner</code> – The account ID of the topic's owner.</p> </li> <li> <p> <code>Policy</code> – The JSON serialization of the topic's access control policy.</p> </li> <li> <p> <code>SubscriptionsConfirmed</code> – The number of confirmed subscriptions for the topic.</p> </li> <li> <p> <code>SubscriptionsDeleted</code> – The number of deleted subscriptions for the topic.</p> </li> <li> <p> <code>SubscriptionsPending</code> – The number of subscriptions pending confirmation for the topic.</p> </li> <li> <p> <code>TopicArn</code> – The topic's ARN.</p> </li> <li> <p> <code>EffectiveDeliveryPolicy</code> – The JSON serialization of the effective delivery policy, taking system defaults into account.</p> </li> </ul> <p>The following attribute applies only to <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> - The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms\">Key Terms</a>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html\">FIFO topics</a>:</p> <ul> <li> <p> <code>FifoTopic</code> – When this is set to <code>true</code>, a FIFO topic is created.</p> </li> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication for FIFO topics.</p> <ul> <li> <p>By default, <code>ContentBasedDeduplication</code> is set to <code>false</code>. If you create a FIFO topic and this attribute is <code>false</code>, you must specify a value for the <code>MessageDeduplicationId</code> parameter for the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_Publish.html\">Publish</a> action. </p> </li> <li> <p>When you set <code>ContentBasedDeduplication</code> to <code>true</code>, Amazon SNS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message).</p> <p>(Optional) To override the generated value, you can specify a value for the <code>MessageDeduplicationId</code> parameter for the <code>Publish</code> action.</p> </li> </ul> </li> </ul>"
+          "documentation":"<p>A map of the topic's attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>DeliveryPolicy</code> – The JSON serialization of the topic's delivery policy.</p> </li> <li> <p> <code>DisplayName</code> – The human-readable name used in the <code>From</code> field for notifications to <code>email</code> and <code>email-json</code> endpoints.</p> </li> <li> <p> <code>Owner</code> – The Amazon Web Services account ID of the topic's owner.</p> </li> <li> <p> <code>Policy</code> – The JSON serialization of the topic's access control policy.</p> </li> <li> <p> <code>SubscriptionsConfirmed</code> – The number of confirmed subscriptions for the topic.</p> </li> <li> <p> <code>SubscriptionsDeleted</code> – The number of deleted subscriptions for the topic.</p> </li> <li> <p> <code>SubscriptionsPending</code> – The number of subscriptions pending confirmation for the topic.</p> </li> <li> <p> <code>TopicArn</code> – The topic's ARN.</p> </li> <li> <p> <code>EffectiveDeliveryPolicy</code> – The JSON serialization of the effective delivery policy, taking system defaults into account.</p> </li> </ul> <p>The following attribute applies only to <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> - The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms\">Key Terms</a>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-fifo-topics.html\">FIFO topics</a>:</p> <ul> <li> <p> <code>FifoTopic</code> – When this is set to <code>true</code>, a FIFO topic is created.</p> </li> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication for FIFO topics.</p> <ul> <li> <p>By default, <code>ContentBasedDeduplication</code> is set to <code>false</code>. If you create a FIFO topic and this attribute is <code>false</code>, you must specify a value for the <code>MessageDeduplicationId</code> parameter for the <a href=\"https://docs.aws.amazon.com/sns/latest/api/API_Publish.html\">Publish</a> action. </p> </li> <li> <p>When you set <code>ContentBasedDeduplication</code> to <code>true</code>, Amazon SNS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message).</p> <p>(Optional) To override the generated value, you can specify a value for the <code>MessageDeduplicationId</code> parameter for the <code>Publish</code> action.</p> </li> </ul> </li> </ul>"
         }
       },
       "documentation":"<p>Response for GetTopicAttributes action.</p>"
@@ -1209,6 +1313,19 @@
       "exception":true,
       "fault":true
     },
+    "InvalidBatchEntryIdException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"string"}
+      },
+      "documentation":"<p>The <code>Id</code> of a batch entry in a batch request doesn't abide by the specification. </p>",
+      "error":{
+        "code":"InvalidBatchEntryId",
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
     "InvalidParameterException":{
       "type":"structure",
       "members":{
@@ -1227,7 +1344,7 @@
       "members":{
         "message":{
           "shape":"string",
-          "documentation":"<p>The parameter value is invalid.</p>"
+          "documentation":"<p>The parameter of an entry in a request doesn't abide by the specification. </p>"
         }
       },
       "documentation":"<p>Indicates that a request parameter does not comply with the associated constraints.</p>",
@@ -1692,7 +1809,7 @@
       "members":{
         "message":{"shape":"string"}
       },
-      "documentation":"<p>Indicates that the specified phone number opted out of receiving SMS messages from your account. You can't send SMS messages to phone numbers that opt out.</p>",
+      "documentation":"<p>Indicates that the specified phone number opted out of receiving SMS messages from your Amazon Web Services account. You can't send SMS messages to phone numbers that opt out.</p>",
       "error":{
         "code":"OptedOut",
         "httpStatusCode":400,
@@ -1775,6 +1892,100 @@
       },
       "exception":true
     },
+    "PublishBatchInput":{
+      "type":"structure",
+      "required":[
+        "TopicArn",
+        "PublishBatchRequestEntries"
+      ],
+      "members":{
+        "TopicArn":{
+          "shape":"topicARN",
+          "documentation":"<p>The Amazon resource name (ARN) of the topic you want to batch publish to.</p>"
+        },
+        "PublishBatchRequestEntries":{
+          "shape":"PublishBatchRequestEntryList",
+          "documentation":"<p>A list of <code>PublishBatch</code> request entries to be sent to the SNS topic.</p>"
+        }
+      }
+    },
+    "PublishBatchRequestEntry":{
+      "type":"structure",
+      "required":[
+        "Id",
+        "Message"
+      ],
+      "members":{
+        "Id":{
+          "shape":"String",
+          "documentation":"<p>An identifier for the message in this batch.</p> <note> <p>The <code>Ids</code> of a batch request must be unique within a request. </p> <p>This identifier can have up to 80 characters. The following characters are accepted: alphanumeric characters, hyphens(-), and underscores (_). </p> </note>"
+        },
+        "Message":{
+          "shape":"message",
+          "documentation":"<p>The body of the message.</p>"
+        },
+        "Subject":{
+          "shape":"subject",
+          "documentation":"<p>The subject of the batch message.</p>"
+        },
+        "MessageStructure":{
+          "shape":"messageStructure",
+          "documentation":"<p>Set <code>MessageStructure</code> to <code>json</code> if you want to send a different message for each protocol. For example, using one publish action, you can send a short message to your SMS subscribers and a longer message to your email subscribers. If you set <code>MessageStructure</code> to <code>json</code>, the value of the <code>Message</code> parameter must: </p> <ul> <li> <p>be a syntactically valid JSON object; and</p> </li> <li> <p>contain at least a top-level JSON key of \"default\" with a value that is a string.</p> </li> </ul> <p>You can define other top-level keys that define the message you want to send to a specific transport protocol (e.g. http). </p>"
+        },
+        "MessageAttributes":{
+          "shape":"MessageAttributeMap",
+          "documentation":"<p>Each message attribute consists of a <code>Name</code>, <code>Type</code>, and <code>Value</code>. For more information, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-message-attributes.html\">Amazon SNS message attributes</a> in the Amazon SNS Developer Guide.</p>"
+        },
+        "MessageDeduplicationId":{
+          "shape":"String",
+          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics.</p> <p>The token used for deduplication of messages within a 5-minute minimum deduplication interval. If a message with a particular <code>MessageDeduplicationId</code> is sent successfully, subsequent messages with the same <code>MessageDeduplicationId</code> are accepted successfully but aren't delivered.</p> <ul> <li> <p>Every message must have a unique <code>MessageDeduplicationId</code>.</p> <ul> <li> <p>You may provide a <code>MessageDeduplicationId</code> explicitly.</p> </li> <li> <p>If you aren't able to provide a <code>MessageDeduplicationId</code> and you enable <code>ContentBasedDeduplication</code> for your topic, Amazon SNS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message).</p> </li> <li> <p>If you don't provide a <code>MessageDeduplicationId</code> and the topic doesn't have <code>ContentBasedDeduplication</code> set, the action fails with an error.</p> </li> <li> <p>If the topic has a <code>ContentBasedDeduplication</code> set, your <code>MessageDeduplicationId</code> overrides the generated one. </p> </li> </ul> </li> <li> <p>When <code>ContentBasedDeduplication</code> is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.</p> </li> <li> <p>If you send one message with <code>ContentBasedDeduplication</code> enabled, and then another message with a <code>MessageDeduplicationId</code> that is the same as the one generated for the first <code>MessageDeduplicationId</code>, the two messages are treated as duplicates and only one copy of the message is delivered. </p> </li> </ul> <note> <p>The <code>MessageDeduplicationId</code> is available to the consumer of the message (this can be useful for troubleshooting delivery issues).</p> <p>If a message is sent successfully but the acknowledgement is lost and the message is resent with the same <code>MessageDeduplicationId</code> after the deduplication interval, Amazon SNS can't detect duplicate messages. </p> <p>Amazon SNS continues to keep track of the message deduplication ID even after the message is received and deleted. </p> </note> <p>The length of <code>MessageDeduplicationId</code> is 128 characters.</p> <p> <code>MessageDeduplicationId</code> can contain alphanumeric characters <code>(a-z, A-Z, 0-9)</code> and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p>"
+        },
+        "MessageGroupId":{
+          "shape":"String",
+          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics.</p> <p>The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). To interleave multiple ordered streams within a single topic, use <code>MessageGroupId</code> values (for example, session data for multiple users). In this scenario, multiple consumers can process the topic, but the session data of each user is processed in a FIFO fashion. </p> <p>You must associate a non-empty <code>MessageGroupId</code> with a message. If you don't provide a <code>MessageGroupId</code>, the action fails. </p> <p>The length of <code>MessageGroupId</code> is 128 characters.</p> <p> <code>MessageGroupId</code> can contain alphanumeric characters <code>(a-z, A-Z, 0-9)</code> and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p> <important> <p> <code>MessageGroupId</code> is required for FIFO topics. You can't use it for standard topics. </p> </important>"
+        }
+      },
+      "documentation":"<p>Contains the details of a single Amazon SNS message along with an <code>Id</code> that identifies a message within the batch. </p>"
+    },
+    "PublishBatchRequestEntryList":{
+      "type":"list",
+      "member":{"shape":"PublishBatchRequestEntry"}
+    },
+    "PublishBatchResponse":{
+      "type":"structure",
+      "members":{
+        "Successful":{
+          "shape":"PublishBatchResultEntryList",
+          "documentation":"<p>A list of successful <code>PublishBatch</code> responses.</p>"
+        },
+        "Failed":{
+          "shape":"BatchResultErrorEntryList",
+          "documentation":"<p>A list of failed <code>PublishBatch</code> responses. </p>"
+        }
+      }
+    },
+    "PublishBatchResultEntry":{
+      "type":"structure",
+      "members":{
+        "Id":{
+          "shape":"String",
+          "documentation":"<p>The <code>Id</code> of an entry in a batch request.</p>"
+        },
+        "MessageId":{
+          "shape":"messageId",
+          "documentation":"<p>An identifier for the message.</p>"
+        },
+        "SequenceNumber":{
+          "shape":"String",
+          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics.</p> <p>The large, non-consecutive number that Amazon SNS assigns to each message.</p> <p>The length of <code>SequenceNumber</code> is 128 bits. <code>SequenceNumber</code> continues to increase for a particular <code>MessageGroupId</code>.</p>"
+        }
+      },
+      "documentation":"<p>Encloses data related to a successful message in a batch request for topic.</p>"
+    },
+    "PublishBatchResultEntryList":{
+      "type":"list",
+      "member":{"shape":"PublishBatchResultEntry"}
+    },
     "PublishInput":{
       "type":"structure",
       "required":["Message"],
@@ -1809,11 +2020,11 @@
         },
         "MessageDeduplicationId":{
           "shape":"String",
-          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics. The <code>MessageDeduplicationId</code> can contain up to 128 alphanumeric characters (a-z, A-Z, 0-9) and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p> <p>Every message must have a unique <code>MessageDeduplicationId</code>, which is a token used for deduplication of sent messages. If a message with a particular <code>MessageDeduplicationId</code> is sent successfully, any message sent with the same <code>MessageDeduplicationId</code> during the 5-minute deduplication interval is treated as a duplicate. </p> <p>If the topic has <code>ContentBasedDeduplication</code> set, the system generates a <code>MessageDeduplicationId</code> based on the contents of the message. Your <code>MessageDeduplicationId</code> overrides the generated one.</p>"
+          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics. The <code>MessageDeduplicationId</code> can contain up to 128 alphanumeric characters <code>(a-z, A-Z, 0-9)</code> and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p> <p>Every message must have a unique <code>MessageDeduplicationId</code>, which is a token used for deduplication of sent messages. If a message with a particular <code>MessageDeduplicationId</code> is sent successfully, any message sent with the same <code>MessageDeduplicationId</code> during the 5-minute deduplication interval is treated as a duplicate. </p> <p>If the topic has <code>ContentBasedDeduplication</code> set, the system generates a <code>MessageDeduplicationId</code> based on the contents of the message. Your <code>MessageDeduplicationId</code> overrides the generated one.</p>"
         },
         "MessageGroupId":{
           "shape":"String",
-          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics. The <code>MessageGroupId</code> can contain up to 128 alphanumeric characters (a-z, A-Z, 0-9) and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p> <p>The <code>MessageGroupId</code> is a tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). Every message must include a <code>MessageGroupId</code>.</p>"
+          "documentation":"<p>This parameter applies only to FIFO (first-in-first-out) topics. The <code>MessageGroupId</code> can contain up to 128 alphanumeric characters <code>(a-z, A-Z, 0-9)</code> and punctuation <code>(!\"#$%&amp;'()*+,-./:;&lt;=&gt;?@[\\]^_`{|}~)</code>.</p> <p>The <code>MessageGroupId</code> is a tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a FIFO manner (however, messages in different message groups might be processed out of order). Every message must include a <code>MessageGroupId</code>.</p>"
         }
       },
       "documentation":"<p>Input for Publish action.</p>"
@@ -1884,7 +2095,7 @@
           "documentation":"<p>The destination phone number's verification status.</p>"
         }
       },
-      "documentation":"<p>A verified or pending destination phone number in the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+      "documentation":"<p>A verified or pending destination phone number in the SMS sandbox.</p> <p>When you start using Amazon SNS to send SMS messages, your Amazon Web Services account is in the <i>SMS sandbox</i>. The SMS sandbox provides a safe environment for you to try Amazon SNS features without risking your reputation as an SMS sender. While your Amazon Web Services account is in the SMS sandbox, you can use all of the features of Amazon SNS. However, you can send SMS messages only to verified destination phone numbers. For more information, including how to move out of the sandbox to send messages without restrictions, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html\">SMS sandbox</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
     },
     "SMSSandboxPhoneNumberList":{
       "type":"list",
@@ -1929,7 +2140,7 @@
         },
         "Attributes":{
           "shape":"MapStringToString",
-          "documentation":"<p>A map of the platform application attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>PlatformCredential</code> – The credential received from the notification service. For <code>APNS</code> and <code>APNS_SANDBOX</code>, <code>PlatformCredential</code> is <code>private key</code>. For <code>GCM</code> (Firebase Cloud Messaging), <code>PlatformCredential</code> is <code>API key</code>. For <code>ADM</code>, <code>PlatformCredential</code> is <code>client secret</code>.</p> </li> <li> <p> <code>PlatformPrincipal</code> – The principal received from the notification service. For <code>APNS</code> and <code>APNS_SANDBOX</code>, <code>PlatformPrincipal</code> is <code>SSL certificate</code>. For <code>GCM</code> (Firebase Cloud Messaging), there is no <code>PlatformPrincipal</code>. For <code>ADM</code>, <code>PlatformPrincipal</code> is <code>client id</code>.</p> </li> <li> <p> <code>EventEndpointCreated</code> – Topic ARN to which <code>EndpointCreated</code> event notifications are sent.</p> </li> <li> <p> <code>EventEndpointDeleted</code> – Topic ARN to which <code>EndpointDeleted</code> event notifications are sent.</p> </li> <li> <p> <code>EventEndpointUpdated</code> – Topic ARN to which <code>EndpointUpdate</code> event notifications are sent.</p> </li> <li> <p> <code>EventDeliveryFailure</code> – Topic ARN to which <code>DeliveryFailure</code> event notifications are sent upon Direct Publish delivery failure (permanent) to one of the application's endpoints.</p> </li> <li> <p> <code>SuccessFeedbackRoleArn</code> – IAM role ARN used to give Amazon SNS write access to use CloudWatch Logs on your behalf.</p> </li> <li> <p> <code>FailureFeedbackRoleArn</code> – IAM role ARN used to give Amazon SNS write access to use CloudWatch Logs on your behalf.</p> </li> <li> <p> <code>SuccessFeedbackSampleRate</code> – Sample rate percentage (0-100) of successfully delivered messages.</p> </li> </ul>"
+          "documentation":"<p>A map of the platform application attributes. Attributes in this map include the following:</p> <ul> <li> <p> <code>PlatformCredential</code> – The credential received from the notification service.</p> <ul> <li> <p>For ADM, <code>PlatformCredential</code>is client secret.</p> </li> <li> <p>For Apple Services using certificate credentials, <code>PlatformCredential</code> is private key.</p> </li> <li> <p>For Apple Services using token credentials, <code>PlatformCredential</code> is signing key.</p> </li> <li> <p>For GCM (Firebase Cloud Messaging), <code>PlatformCredential</code> is API key. </p> </li> </ul> </li> </ul> <ul> <li> <p> <code>PlatformPrincipal</code> – The principal received from the notification service.</p> <ul> <li> <p>For ADM, <code>PlatformPrincipal</code>is client id.</p> </li> <li> <p>For Apple Services using certificate credentials, <code>PlatformPrincipal</code> is SSL certificate.</p> </li> <li> <p>For Apple Services using token credentials, <code>PlatformPrincipal</code> is signing key ID.</p> </li> <li> <p>For GCM (Firebase Cloud Messaging), there is no <code>PlatformPrincipal</code>. </p> </li> </ul> </li> </ul> <ul> <li> <p> <code>EventEndpointCreated</code> – Topic ARN to which <code>EndpointCreated</code> event notifications are sent.</p> </li> <li> <p> <code>EventEndpointDeleted</code> – Topic ARN to which <code>EndpointDeleted</code> event notifications are sent.</p> </li> <li> <p> <code>EventEndpointUpdated</code> – Topic ARN to which <code>EndpointUpdate</code> event notifications are sent.</p> </li> <li> <p> <code>EventDeliveryFailure</code> – Topic ARN to which <code>DeliveryFailure</code> event notifications are sent upon Direct Publish delivery failure (permanent) to one of the application's endpoints.</p> </li> <li> <p> <code>SuccessFeedbackRoleArn</code> – IAM role ARN used to give Amazon SNS write access to use CloudWatch Logs on your behalf.</p> </li> <li> <p> <code>FailureFeedbackRoleArn</code> – IAM role ARN used to give Amazon SNS write access to use CloudWatch Logs on your behalf.</p> </li> <li> <p> <code>SuccessFeedbackSampleRate</code> – Sample rate percentage (0-100) of successfully delivered messages.</p> </li> </ul> <p>The following attributes only apply to <code>APNs</code> token-based authentication:</p> <ul> <li> <p> <code>ApplePlatformTeamID</code> – The identifier that's assigned to your Apple developer account team.</p> </li> <li> <p> <code>ApplePlatformBundleID</code> – The bundle identifier that's assigned to your iOS app.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Input for SetPlatformApplicationAttributes action.</p>"
@@ -1940,7 +2151,7 @@
       "members":{
         "attributes":{
           "shape":"MapStringToString",
-          "documentation":"<p>The default settings for sending SMS messages from your account. You can set values for the following attribute names:</p> <p> <code>MonthlySpendLimit</code> – The maximum amount in USD that you are willing to spend each month to send SMS messages. When Amazon SNS determines that sending an SMS message would incur a cost that exceeds this limit, it stops sending SMS messages within minutes.</p> <important> <p>Amazon SNS stops sending SMS messages within minutes of the limit being crossed. During that interval, if you continue to send SMS messages, you will incur costs that exceed your limit.</p> </important> <p>By default, the spend limit is set to the maximum allowed by Amazon SNS. If you want to raise the limit, submit an <a href=\"https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&amp;limitType=service-code-sns\">SNS Limit Increase case</a>. For <b>New limit value</b>, enter your desired monthly spend limit. In the <b>Use Case Description</b> field, explain that you are requesting an SMS monthly spend limit increase.</p> <p> <code>DeliveryStatusIAMRole</code> – The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs. For each SMS message that you send, Amazon SNS writes a log that includes the message price, the success or failure status, the reason for failure (if the message failed), the message dwell time, and other information.</p> <p> <code>DeliveryStatusSuccessSamplingRate</code> – The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value can be an integer from 0 - 100. For example, to write logs only for failed deliveries, set this value to <code>0</code>. To write logs for 10% of your successful deliveries, set it to <code>10</code>.</p> <p> <code>DefaultSenderID</code> – A string, such as your business brand, that is displayed as the sender on the receiving device. Support for sender IDs varies by country. The sender ID can be 1 - 11 alphanumeric characters, and it must contain at least one letter.</p> <p> <code>DefaultSMSType</code> – The type of SMS message that you will send by default. You can assign the following values:</p> <ul> <li> <p> <code>Promotional</code> – (Default) Noncritical messages, such as marketing messages. Amazon SNS optimizes the message delivery to incur the lowest cost.</p> </li> <li> <p> <code>Transactional</code> – Critical messages that support customer transactions, such as one-time passcodes for multi-factor authentication. Amazon SNS optimizes the message delivery to achieve the highest reliability.</p> </li> </ul> <p> <code>UsageReportS3Bucket</code> – The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS. Each day, Amazon SNS will deliver a usage report as a CSV file to the bucket. The report includes the following information for each SMS message that was successfully delivered by your account:</p> <ul> <li> <p>Time that the message was published (in UTC)</p> </li> <li> <p>Message ID</p> </li> <li> <p>Destination phone number</p> </li> <li> <p>Message type</p> </li> <li> <p>Delivery status</p> </li> <li> <p>Message price (in USD)</p> </li> <li> <p>Part number (a message is split into multiple parts if it is too long for a single message)</p> </li> <li> <p>Total number of parts</p> </li> </ul> <p>To receive the report, the bucket must have a policy that allows the Amazon SNS service principal to perform the <code>s3:PutObject</code> and <code>s3:GetBucketLocation</code> actions.</p> <p>For an example bucket policy and usage report, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sms_stats.html\">Monitoring SMS Activity</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
+          "documentation":"<p>The default settings for sending SMS messages from your Amazon Web Services account. You can set values for the following attribute names:</p> <p> <code>MonthlySpendLimit</code> – The maximum amount in USD that you are willing to spend each month to send SMS messages. When Amazon SNS determines that sending an SMS message would incur a cost that exceeds this limit, it stops sending SMS messages within minutes.</p> <important> <p>Amazon SNS stops sending SMS messages within minutes of the limit being crossed. During that interval, if you continue to send SMS messages, you will incur costs that exceed your limit.</p> </important> <p>By default, the spend limit is set to the maximum allowed by Amazon SNS. If you want to raise the limit, submit an <a href=\"https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase&amp;limitType=service-code-sns\">SNS Limit Increase case</a>. For <b>New limit value</b>, enter your desired monthly spend limit. In the <b>Use Case Description</b> field, explain that you are requesting an SMS monthly spend limit increase.</p> <p> <code>DeliveryStatusIAMRole</code> – The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs. For each SMS message that you send, Amazon SNS writes a log that includes the message price, the success or failure status, the reason for failure (if the message failed), the message dwell time, and other information.</p> <p> <code>DeliveryStatusSuccessSamplingRate</code> – The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value can be an integer from 0 - 100. For example, to write logs only for failed deliveries, set this value to <code>0</code>. To write logs for 10% of your successful deliveries, set it to <code>10</code>.</p> <p> <code>DefaultSenderID</code> – A string, such as your business brand, that is displayed as the sender on the receiving device. Support for sender IDs varies by country. The sender ID can be 1 - 11 alphanumeric characters, and it must contain at least one letter.</p> <p> <code>DefaultSMSType</code> – The type of SMS message that you will send by default. You can assign the following values:</p> <ul> <li> <p> <code>Promotional</code> – (Default) Noncritical messages, such as marketing messages. Amazon SNS optimizes the message delivery to incur the lowest cost.</p> </li> <li> <p> <code>Transactional</code> – Critical messages that support customer transactions, such as one-time passcodes for multi-factor authentication. Amazon SNS optimizes the message delivery to achieve the highest reliability.</p> </li> </ul> <p> <code>UsageReportS3Bucket</code> – The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS. Each day, Amazon SNS will deliver a usage report as a CSV file to the bucket. The report includes the following information for each SMS message that was successfully delivered by your Amazon Web Services account:</p> <ul> <li> <p>Time that the message was published (in UTC)</p> </li> <li> <p>Message ID</p> </li> <li> <p>Destination phone number</p> </li> <li> <p>Message type</p> </li> <li> <p>Delivery status</p> </li> <li> <p>Message price (in USD)</p> </li> <li> <p>Part number (a message is split into multiple parts if it is too long for a single message)</p> </li> <li> <p>Total number of parts</p> </li> </ul> <p>To receive the report, the bucket must have a policy that allows the Amazon SNS service principal to perform the <code>s3:PutObject</code> and <code>s3:GetBucketLocation</code> actions.</p> <p>For an example bucket policy and usage report, see <a href=\"https://docs.aws.amazon.com/sns/latest/dg/sms_stats.html\">Monitoring SMS Activity</a> in the <i>Amazon SNS Developer Guide</i>.</p>"
         }
       },
       "documentation":"<p>The input for the SetSMSAttributes action.</p>"
@@ -2189,7 +2400,7 @@
           "documentation":"<p>Throttled request.</p>"
         }
       },
-      "documentation":"<p>Indicates that the rate at which requests have been submitted for this action exceeds the limit for your account.</p>",
+      "documentation":"<p>Indicates that the rate at which requests have been submitted for this action exceeds the limit for your Amazon Web Services account.</p>",
       "error":{
         "code":"Throttled",
         "httpStatusCode":429,
@@ -2198,6 +2409,19 @@
       "exception":true
     },
     "Timestamp":{"type":"timestamp"},
+    "TooManyEntriesInBatchRequestException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"string"}
+      },
+      "documentation":"<p>The batch request contains more entries than permissible.</p>",
+      "error":{
+        "code":"TooManyEntriesInBatchRequest",
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
     "Topic":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/sqs/2012-11-05/service-2.json b/contrib/python/botocore/py3/botocore/data/sqs/2012-11-05/service-2.json
index cbd93f2b186..c1a758508ca 100644
--- a/contrib/python/botocore/py3/botocore/data/sqs/2012-11-05/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sqs/2012-11-05/service-2.json
@@ -331,7 +331,7 @@
         },
         "AWSAccountIds":{
           "shape":"AWSAccountIdList",
-          "documentation":"<p>The account numbers of the <a href=\"https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P\">principals</a> who are to receive permission. For information about locating the account identification, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication\">Your Amazon Web Services Identifiers</a> in the <i>Amazon SQS Developer Guide</i>.</p>"
+          "documentation":"<p>The Amazon Web Services account numbers of the <a href=\"https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P\">principals</a> who are to receive permission. For information about locating the Amazon Web Services account identification, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication\">Your Amazon Web Services Identifiers</a> in the <i>Amazon SQS Developer Guide</i>.</p>"
         },
         "Actions":{
           "shape":"ActionNameList",
@@ -537,7 +537,7 @@
         },
         "Attributes":{
           "shape":"QueueAttributeMap",
-          "documentation":"<p>A map of attributes with their corresponding values.</p> <p>The following lists the names, descriptions, and values of the special request parameters that the <code>CreateQueue</code> action uses:</p> <ul> <li> <p> <code>DelaySeconds</code> – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 seconds (15 minutes). Default: 0. </p> </li> <li> <p> <code>MaximumMessageSize</code> – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB). </p> </li> <li> <p> <code>MessageRetentionPeriod</code> – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer from 60 seconds (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). </p> </li> <li> <p> <code>Policy</code> – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html\">Overview of Amazon Web Services IAM Policies</a> in the <i>Amazon IAM User Guide</i>. </p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – The length of time, in seconds, for which a <code> <a>ReceiveMessage</a> </code> action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0. </p> </li> <li> <p> <code>VisibilityTimeout</code> – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">dead-letter queues:</a> </p> <ul> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> </li> <li> <p> <code>RedriveAllowPolicy</code> – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>redrivePermission</code> – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:</p> <ul> <li> <p> <code>allowAll</code> – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>denyAll</code> – No source queues can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>byQueue</code> – Only queues specified by the <code>sourceQueueArns</code> parameter can specify this queue as the dead-letter queue.</p> </li> </ul> </li> <li> <p> <code>sourceQueueArns</code> – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the <code>redrivePermission</code> parameter is set to <code>byQueue</code>. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the <code>redrivePermission</code> parameter to <code>allowAll</code>.</p> </li> </ul> </li> </ul> <note> <p>The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.</p> </note> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. While the alias of the Amazon Web Services managed CMK for Amazon SQS is always <code>alias/aws/sqs</code>, the alias of a custom CMK can, for example, be <code>alias/<i>MyAlias</i> </code>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – The length of time, in seconds, for which Amazon SQS can reuse a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys\">data key</a> to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>FifoQueue</code> – Designates a queue as FIFO. Valid values are <code>true</code> and <code>false</code>. If you don't specify the <code>FifoQueue</code> attribute, Amazon SQS creates a standard queue. You can provide this attribute only during queue creation. You can't change it for an existing queue. When you set this attribute, you must also provide the <code>MessageGroupId</code> for your messages explicitly.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html\">FIFO queue logic</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication. Valid values are <code>true</code> and <code>false</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. Note the following: </p> <ul> <li> <p>Every message must have a unique <code>MessageDeduplicationId</code>.</p> <ul> <li> <p>You may provide a <code>MessageDeduplicationId</code> explicitly.</p> </li> <li> <p>If you aren't able to provide a <code>MessageDeduplicationId</code> and you enable <code>ContentBasedDeduplication</code> for your queue, Amazon SQS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message). </p> </li> <li> <p>If you don't provide a <code>MessageDeduplicationId</code> and the queue doesn't have <code>ContentBasedDeduplication</code> set, the action fails with an error.</p> </li> <li> <p>If the queue has <code>ContentBasedDeduplication</code> set, your <code>MessageDeduplicationId</code> overrides the generated one.</p> </li> </ul> </li> <li> <p>When <code>ContentBasedDeduplication</code> is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.</p> </li> <li> <p>If you send one message with <code>ContentBasedDeduplication</code> enabled and then another message with a <code>MessageDeduplicationId</code> that is the same as the one generated for the first <code>MessageDeduplicationId</code>, the two messages are treated as duplicates and only one copy of the message is delivered. </p> </li> </ul> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>",
+          "documentation":"<p>A map of attributes with their corresponding values.</p> <p>The following lists the names, descriptions, and values of the special request parameters that the <code>CreateQueue</code> action uses:</p> <ul> <li> <p> <code>DelaySeconds</code> – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 seconds (15 minutes). Default: 0. </p> </li> <li> <p> <code>MaximumMessageSize</code> – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB). </p> </li> <li> <p> <code>MessageRetentionPeriod</code> – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer from 60 seconds (1 minute) to 1,209,600 seconds (14 days). Default: 345,600 (4 days). </p> </li> <li> <p> <code>Policy</code> – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html\">Overview of Amazon Web Services IAM Policies</a> in the <i>Amazon IAM User Guide</i>. </p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – The length of time, in seconds, for which a <code> <a>ReceiveMessage</a> </code> action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0. </p> </li> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. For more information about the redrive policy and dead-letter queues, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">Using Amazon SQS Dead-Letter Queues</a> in the <i>Amazon SQS Developer Guide</i>.</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> <note> <p>The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.</p> </note> </li> <li> <p> <code>VisibilityTimeout</code> – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. While the alias of the Amazon Web Services managed CMK for Amazon SQS is always <code>alias/aws/sqs</code>, the alias of a custom CMK can, for example, be <code>alias/<i>MyAlias</i> </code>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – The length of time, in seconds, for which Amazon SQS can reuse a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys\">data key</a> to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> <li> <p> <code>SqsManagedSseEnabled</code> – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (e.g. <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html\">SSE-KMS</a> or <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html\">SSE-SQS</a>).</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>FifoQueue</code> – Designates a queue as FIFO. Valid values are <code>true</code> and <code>false</code>. If you don't specify the <code>FifoQueue</code> attribute, Amazon SQS creates a standard queue. You can provide this attribute only during queue creation. You can't change it for an existing queue. When you set this attribute, you must also provide the <code>MessageGroupId</code> for your messages explicitly.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html\">FIFO queue logic</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication. Valid values are <code>true</code> and <code>false</code>. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. Note the following: </p> <ul> <li> <p>Every message must have a unique <code>MessageDeduplicationId</code>.</p> <ul> <li> <p>You may provide a <code>MessageDeduplicationId</code> explicitly.</p> </li> <li> <p>If you aren't able to provide a <code>MessageDeduplicationId</code> and you enable <code>ContentBasedDeduplication</code> for your queue, Amazon SQS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message). </p> </li> <li> <p>If you don't provide a <code>MessageDeduplicationId</code> and the queue doesn't have <code>ContentBasedDeduplication</code> set, the action fails with an error.</p> </li> <li> <p>If the queue has <code>ContentBasedDeduplication</code> set, your <code>MessageDeduplicationId</code> overrides the generated one.</p> </li> </ul> </li> <li> <p>When <code>ContentBasedDeduplication</code> is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.</p> </li> <li> <p>If you send one message with <code>ContentBasedDeduplication</code> enabled and then another message with a <code>MessageDeduplicationId</code> that is the same as the one generated for the first <code>MessageDeduplicationId</code>, the two messages are treated as duplicates and only one copy of the message is delivered. </p> </li> </ul> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>",
           "locationName":"Attribute"
         },
         "tags":{
@@ -690,7 +690,7 @@
         },
         "AttributeNames":{
           "shape":"AttributeNameList",
-          "documentation":"<p>A list of attributes for which to retrieve information.</p> <p>The <code>AttributeName.N</code> parameter is optional, but if you don't specify values for this parameter, the request returns empty results.</p> <note> <p>In the future, new attributes might be added. If you write code that calls this action, we recommend that you structure your code so that it can handle new attributes gracefully.</p> </note> <p>The following attributes are supported:</p> <important> <p>The <code>ApproximateNumberOfMessagesDelayed</code>, <code>ApproximateNumberOfMessagesNotVisible</code>, and <code>ApproximateNumberOfMessagesVisible</code> metrics may not achieve consistency until at least 1 minute after the producers stop sending messages. This period is required for the queue metadata to reach eventual consistency. </p> </important> <ul> <li> <p> <code>All</code> – Returns all values. </p> </li> <li> <p> <code>ApproximateNumberOfMessages</code> – Returns the approximate number of messages available for retrieval from the queue.</p> </li> <li> <p> <code>ApproximateNumberOfMessagesDelayed</code> – Returns the approximate number of messages in the queue that are delayed and not available for reading immediately. This can happen when the queue is configured as a delay queue or when a message has been sent with a delay parameter.</p> </li> <li> <p> <code>ApproximateNumberOfMessagesNotVisible</code> – Returns the approximate number of messages that are in flight. Messages are considered to be <i>in flight</i> if they have been sent to a client but have not yet been deleted or have not yet reached the end of their visibility window. </p> </li> <li> <p> <code>CreatedTimestamp</code> – Returns the time when the queue was created in seconds (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a>).</p> </li> <li> <p> <code>DelaySeconds</code> – Returns the default delay on the queue in seconds.</p> </li> <li> <p> <code>LastModifiedTimestamp</code> – Returns the time when the queue was last changed in seconds (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a>).</p> </li> <li> <p> <code>MaximumMessageSize</code> – Returns the limit of how many bytes a message can contain before Amazon SQS rejects it.</p> </li> <li> <p> <code>MessageRetentionPeriod</code> – Returns the length of time, in seconds, for which Amazon SQS retains a message.</p> </li> <li> <p> <code>Policy</code> – Returns the policy of the queue.</p> </li> <li> <p> <code>QueueArn</code> – Returns the Amazon resource name (ARN) of the queue.</p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – Returns the length of time, in seconds, for which the <code>ReceiveMessage</code> action waits for a message to arrive. </p> </li> <li> <p> <code>VisibilityTimeout</code> – Returns the visibility timeout for the queue. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">dead-letter queues:</a> </p> <ul> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> </li> <li> <p> <code>RedriveAllowPolicy</code> – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>redrivePermission</code> – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:</p> <ul> <li> <p> <code>allowAll</code> – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>denyAll</code> – No source queues can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>byQueue</code> – Only queues specified by the <code>sourceQueueArns</code> parameter can specify this queue as the dead-letter queue.</p> </li> </ul> </li> <li> <p> <code>sourceQueueArns</code> – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the <code>redrivePermission</code> parameter is set to <code>byQueue</code>. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the <code>redrivePermission</code> parameter to <code>allowAll</code>.</p> </li> </ul> </li> </ul> <note> <p>The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.</p> </note> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – Returns the ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – Returns the length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>FifoQueue</code> – Returns information about whether the queue is FIFO. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html\">FIFO queue logic</a> in the <i>Amazon SQS Developer Guide</i>.</p> <note> <p>To determine whether a queue is <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO</a>, you can check whether <code>QueueName</code> ends with the <code>.fifo</code> suffix.</p> </note> </li> <li> <p> <code>ContentBasedDeduplication</code> – Returns whether content-based deduplication is enabled for the queue. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>"
+          "documentation":"<p>A list of attributes for which to retrieve information.</p> <p>The <code>AttributeName.N</code> parameter is optional, but if you don't specify values for this parameter, the request returns empty results.</p> <note> <p>In the future, new attributes might be added. If you write code that calls this action, we recommend that you structure your code so that it can handle new attributes gracefully.</p> </note> <p>The following attributes are supported:</p> <important> <p>The <code>ApproximateNumberOfMessagesDelayed</code>, <code>ApproximateNumberOfMessagesNotVisible</code>, and <code>ApproximateNumberOfMessagesVisible</code> metrics may not achieve consistency until at least 1 minute after the producers stop sending messages. This period is required for the queue metadata to reach eventual consistency. </p> </important> <ul> <li> <p> <code>All</code> – Returns all values. </p> </li> <li> <p> <code>ApproximateNumberOfMessages</code> – Returns the approximate number of messages available for retrieval from the queue.</p> </li> <li> <p> <code>ApproximateNumberOfMessagesDelayed</code> – Returns the approximate number of messages in the queue that are delayed and not available for reading immediately. This can happen when the queue is configured as a delay queue or when a message has been sent with a delay parameter.</p> </li> <li> <p> <code>ApproximateNumberOfMessagesNotVisible</code> – Returns the approximate number of messages that are in flight. Messages are considered to be <i>in flight</i> if they have been sent to a client but have not yet been deleted or have not yet reached the end of their visibility window. </p> </li> <li> <p> <code>CreatedTimestamp</code> – Returns the time when the queue was created in seconds (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a>).</p> </li> <li> <p> <code>DelaySeconds</code> – Returns the default delay on the queue in seconds.</p> </li> <li> <p> <code>LastModifiedTimestamp</code> – Returns the time when the queue was last changed in seconds (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a>).</p> </li> <li> <p> <code>MaximumMessageSize</code> – Returns the limit of how many bytes a message can contain before Amazon SQS rejects it.</p> </li> <li> <p> <code>MessageRetentionPeriod</code> – Returns the length of time, in seconds, for which Amazon SQS retains a message.</p> </li> <li> <p> <code>Policy</code> – Returns the policy of the queue.</p> </li> <li> <p> <code>QueueArn</code> – Returns the Amazon resource name (ARN) of the queue.</p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – Returns the length of time, in seconds, for which the <code>ReceiveMessage</code> action waits for a message to arrive. </p> </li> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. For more information about the redrive policy and dead-letter queues, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">Using Amazon SQS Dead-Letter Queues</a> in the <i>Amazon SQS Developer Guide</i>.</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> </li> <li> <p> <code>VisibilityTimeout</code> – Returns the visibility timeout for the queue. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – Returns the ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – Returns the length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> <li> <p> <code>SqsManagedSseEnabled</code> – Returns information about whether the queue is using SSE-SQS encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (e.g. <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html\">SSE-KMS</a> or <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html\">SSE-SQS</a>).</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>FifoQueue</code> – Returns information about whether the queue is FIFO. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-understanding-logic.html\">FIFO queue logic</a> in the <i>Amazon SQS Developer Guide</i>.</p> <note> <p>To determine whether a queue is <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO</a>, you can check whether <code>QueueName</code> ends with the <code>.fifo</code> suffix.</p> </note> </li> <li> <p> <code>ContentBasedDeduplication</code> – Returns whether content-based deduplication is enabled for the queue. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. </p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>"
         }
       },
       "documentation":"<p/>"
@@ -716,7 +716,7 @@
         },
         "QueueOwnerAWSAccountId":{
           "shape":"String",
-          "documentation":"<p>The account ID of the account that created the queue.</p>"
+          "documentation":"<p>The Amazon Web Services account ID of the account that created the queue.</p>"
         }
       },
       "documentation":"<p/>"
@@ -856,7 +856,7 @@
       "members":{
         "MessageId":{
           "shape":"String",
-          "documentation":"<p>A unique identifier for the message. A <code>MessageId</code>is considered unique across all accounts for an extended period of time.</p>"
+          "documentation":"<p>A unique identifier for the message. A <code>MessageId</code>is considered unique across all Amazon Web Services accounts for an extended period of time.</p>"
         },
         "ReceiptHandle":{
           "shape":"String",
@@ -1103,7 +1103,8 @@
         "KmsDataKeyReusePeriodSeconds",
         "DeduplicationScope",
         "FifoThroughputLimit",
-        "RedriveAllowPolicy"
+        "RedriveAllowPolicy",
+        "SqsManagedSseEnabled"
       ]
     },
     "QueueDeletedRecently":{
@@ -1167,7 +1168,7 @@
         },
         "AttributeNames":{
           "shape":"AttributeNameList",
-          "documentation":"<p>A list of attributes that need to be returned along with each message. These attributes include:</p> <ul> <li> <p> <code>All</code> – Returns all values.</p> </li> <li> <p> <code>ApproximateFirstReceiveTimestamp</code> – Returns the time the message was first received from the queue (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a> in milliseconds).</p> </li> <li> <p> <code>ApproximateReceiveCount</code> – Returns the number of times a message has been received across all queues but not deleted.</p> </li> <li> <p> <code>AWSTraceHeader</code> – Returns the X-Ray trace header string. </p> </li> <li> <p> <code>SenderId</code> </p> <ul> <li> <p>For an IAM user, returns the IAM user ID, for example <code>ABCDEFGHI1JKLMNOPQ23R</code>.</p> </li> <li> <p>For an IAM role, returns the IAM role ID, for example <code>ABCDE1F2GH3I4JK5LMNOP:i-a123b456</code>.</p> </li> </ul> </li> <li> <p> <code>SentTimestamp</code> – Returns the time the message was sent to the queue (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a> in milliseconds).</p> </li> <li> <p> <code>MessageDeduplicationId</code> – Returns the value provided by the producer that calls the <code> <a>SendMessage</a> </code> action.</p> </li> <li> <p> <code>MessageGroupId</code> – Returns the value provided by the producer that calls the <code> <a>SendMessage</a> </code> action. Messages with the same <code>MessageGroupId</code> are returned in sequence.</p> </li> <li> <p> <code>SequenceNumber</code> – Returns the value provided by Amazon SQS.</p> </li> </ul>"
+          "documentation":"<p>A list of attributes that need to be returned along with each message. These attributes include:</p> <ul> <li> <p> <code>All</code> – Returns all values.</p> </li> <li> <p> <code>ApproximateFirstReceiveTimestamp</code> – Returns the time the message was first received from the queue (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a> in milliseconds).</p> </li> <li> <p> <code>ApproximateReceiveCount</code> – Returns the number of times a message has been received across all queues but not deleted.</p> </li> <li> <p> <code>AWSTraceHeader</code> – Returns the X-Ray trace header string. </p> </li> <li> <p> <code>SenderId</code> </p> <ul> <li> <p>For an IAM user, returns the IAM user ID, for example <code>ABCDEFGHI1JKLMNOPQ23R</code>.</p> </li> <li> <p>For an IAM role, returns the IAM role ID, for example <code>ABCDE1F2GH3I4JK5LMNOP:i-a123b456</code>.</p> </li> </ul> </li> <li> <p> <code>SentTimestamp</code> – Returns the time the message was sent to the queue (<a href=\"http://en.wikipedia.org/wiki/Unix_time\">epoch time</a> in milliseconds).</p> </li> <li> <p> <code>SqsManagedSseEnabled</code> – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (e.g. <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html\">SSE-KMS</a> or <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html\">SSE-SQS</a>).</p> </li> <li> <p> <code>MessageDeduplicationId</code> – Returns the value provided by the producer that calls the <code> <a>SendMessage</a> </code> action.</p> </li> <li> <p> <code>MessageGroupId</code> – Returns the value provided by the producer that calls the <code> <a>SendMessage</a> </code> action. Messages with the same <code>MessageGroupId</code> are returned in sequence.</p> </li> <li> <p> <code>SequenceNumber</code> – Returns the value provided by Amazon SQS.</p> </li> </ul>"
         },
         "MessageAttributeNames":{
           "shape":"MessageAttributeNameList",
@@ -1426,7 +1427,7 @@
         },
         "Attributes":{
           "shape":"QueueAttributeMap",
-          "documentation":"<p>A map of attributes to set.</p> <p>The following lists the names, descriptions, and values of the special request parameters that the <code>SetQueueAttributes</code> action uses:</p> <ul> <li> <p> <code>DelaySeconds</code> – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 (15 minutes). Default: 0. </p> </li> <li> <p> <code>MaximumMessageSize</code> – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) up to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB). </p> </li> <li> <p> <code>MessageRetentionPeriod</code> – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer representing seconds, from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). </p> </li> <li> <p> <code>Policy</code> – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html\">Overview of Amazon Web Services IAM Policies</a> in the <i>Identity and Access Management User Guide</i>. </p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – The length of time, in seconds, for which a <code> <a>ReceiveMessage</a> </code> action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0. </p> </li> <li> <p> <code>VisibilityTimeout</code> – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">dead-letter queues:</a> </p> <ul> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> </li> <li> <p> <code>RedriveAllowPolicy</code> – The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:</p> <ul> <li> <p> <code>redrivePermission</code> – The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:</p> <ul> <li> <p> <code>allowAll</code> – (Default) Any source queues in this Amazon Web Services account in the same Region can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>denyAll</code> – No source queues can specify this queue as the dead-letter queue.</p> </li> <li> <p> <code>byQueue</code> – Only queues specified by the <code>sourceQueueArns</code> parameter can specify this queue as the dead-letter queue.</p> </li> </ul> </li> <li> <p> <code>sourceQueueArns</code> – The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the <code>redrivePermission</code> parameter is set to <code>byQueue</code>. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the <code>redrivePermission</code> parameter to <code>allowAll</code>.</p> </li> </ul> </li> </ul> <note> <p>The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.</p> </note> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. While the alias of the AWS-managed CMK for Amazon SQS is always <code>alias/aws/sqs</code>, the alias of a custom CMK can, for example, be <code>alias/<i>MyAlias</i> </code>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – The length of time, in seconds, for which Amazon SQS can reuse a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys\">data key</a> to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> </ul> <p>The following attribute applies only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. Note the following: </p> <ul> <li> <p>Every message must have a unique <code>MessageDeduplicationId</code>.</p> <ul> <li> <p>You may provide a <code>MessageDeduplicationId</code> explicitly.</p> </li> <li> <p>If you aren't able to provide a <code>MessageDeduplicationId</code> and you enable <code>ContentBasedDeduplication</code> for your queue, Amazon SQS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message). </p> </li> <li> <p>If you don't provide a <code>MessageDeduplicationId</code> and the queue doesn't have <code>ContentBasedDeduplication</code> set, the action fails with an error.</p> </li> <li> <p>If the queue has <code>ContentBasedDeduplication</code> set, your <code>MessageDeduplicationId</code> overrides the generated one.</p> </li> </ul> </li> <li> <p>When <code>ContentBasedDeduplication</code> is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.</p> </li> <li> <p>If you send one message with <code>ContentBasedDeduplication</code> enabled and then another message with a <code>MessageDeduplicationId</code> that is the same as the one generated for the first <code>MessageDeduplicationId</code>, the two messages are treated as duplicates and only one copy of the message is delivered. </p> </li> </ul> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>",
+          "documentation":"<p>A map of attributes to set.</p> <p>The following lists the names, descriptions, and values of the special request parameters that the <code>SetQueueAttributes</code> action uses:</p> <ul> <li> <p> <code>DelaySeconds</code> – The length of time, in seconds, for which the delivery of all messages in the queue is delayed. Valid values: An integer from 0 to 900 (15 minutes). Default: 0. </p> </li> <li> <p> <code>MaximumMessageSize</code> – The limit of how many bytes a message can contain before Amazon SQS rejects it. Valid values: An integer from 1,024 bytes (1 KiB) up to 262,144 bytes (256 KiB). Default: 262,144 (256 KiB). </p> </li> <li> <p> <code>MessageRetentionPeriod</code> – The length of time, in seconds, for which Amazon SQS retains a message. Valid values: An integer representing seconds, from 60 (1 minute) to 1,209,600 (14 days). Default: 345,600 (4 days). </p> </li> <li> <p> <code>Policy</code> – The queue's policy. A valid Amazon Web Services policy. For more information about policy structure, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/PoliciesOverview.html\">Overview of Amazon Web Services IAM Policies</a> in the <i>Identity and Access Management User Guide</i>. </p> </li> <li> <p> <code>ReceiveMessageWaitTimeSeconds</code> – The length of time, in seconds, for which a <code> <a>ReceiveMessage</a> </code> action waits for a message to arrive. Valid values: An integer from 0 to 20 (seconds). Default: 0. </p> </li> <li> <p> <code>RedrivePolicy</code> – The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. For more information about the redrive policy and dead-letter queues, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html\">Using Amazon SQS Dead-Letter Queues</a> in the <i>Amazon SQS Developer Guide</i>.</p> <ul> <li> <p> <code>deadLetterTargetArn</code> – The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of <code>maxReceiveCount</code> is exceeded.</p> </li> <li> <p> <code>maxReceiveCount</code> – The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the <code>ReceiveCount</code> for a message exceeds the <code>maxReceiveCount</code> for a queue, Amazon SQS moves the message to the dead-letter-queue.</p> </li> </ul> <note> <p>The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.</p> </note> </li> <li> <p> <code>VisibilityTimeout</code> – The visibility timeout for the queue, in seconds. Valid values: An integer from 0 to 43,200 (12 hours). Default: 30. For more information about the visibility timeout, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html\">Visibility Timeout</a> in the <i>Amazon SQS Developer Guide</i>.</p> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html\">server-side-encryption</a>:</p> <ul> <li> <p> <code>KmsMasterKeyId</code> – The ID of an Amazon Web Services managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms\">Key Terms</a>. While the alias of the AWS-managed CMK for Amazon SQS is always <code>alias/aws/sqs</code>, the alias of a custom CMK can, for example, be <code>alias/<i>MyAlias</i> </code>. For more examples, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters\">KeyId</a> in the <i>Key Management Service API Reference</i>. </p> </li> <li> <p> <code>KmsDataKeyReusePeriodSeconds</code> – The length of time, in seconds, for which Amazon SQS can reuse a <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys\">data key</a> to encrypt or decrypt messages before calling KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). Default: 300 (5 minutes). A shorter time period provides better security but results in more calls to KMS which might incur charges after Free Tier. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-how-does-the-data-key-reuse-period-work\">How Does the Data Key Reuse Period Work?</a>. </p> </li> <li> <p> <code>SqsManagedSseEnabled</code> – Enables server-side queue encryption using SQS owned encryption keys. Only one server-side encryption option is supported per queue (e.g. <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html\">SSE-KMS</a> or <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html\">SSE-SQS</a>).</p> </li> </ul> <p>The following attribute applies only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html\">FIFO (first-in-first-out) queues</a>:</p> <ul> <li> <p> <code>ContentBasedDeduplication</code> – Enables content-based deduplication. For more information, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues-exactly-once-processing.html\">Exactly-once processing</a> in the <i>Amazon SQS Developer Guide</i>. Note the following: </p> <ul> <li> <p>Every message must have a unique <code>MessageDeduplicationId</code>.</p> <ul> <li> <p>You may provide a <code>MessageDeduplicationId</code> explicitly.</p> </li> <li> <p>If you aren't able to provide a <code>MessageDeduplicationId</code> and you enable <code>ContentBasedDeduplication</code> for your queue, Amazon SQS uses a SHA-256 hash to generate the <code>MessageDeduplicationId</code> using the body of the message (but not the attributes of the message). </p> </li> <li> <p>If you don't provide a <code>MessageDeduplicationId</code> and the queue doesn't have <code>ContentBasedDeduplication</code> set, the action fails with an error.</p> </li> <li> <p>If the queue has <code>ContentBasedDeduplication</code> set, your <code>MessageDeduplicationId</code> overrides the generated one.</p> </li> </ul> </li> <li> <p>When <code>ContentBasedDeduplication</code> is in effect, messages with identical content sent within the deduplication interval are treated as duplicates and only one copy of the message is delivered.</p> </li> <li> <p>If you send one message with <code>ContentBasedDeduplication</code> enabled and then another message with a <code>MessageDeduplicationId</code> that is the same as the one generated for the first <code>MessageDeduplicationId</code>, the two messages are treated as duplicates and only one copy of the message is delivered. </p> </li> </ul> </li> </ul> <p>The following attributes apply only to <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/high-throughput-fifo.html\">high throughput for FIFO queues</a>:</p> <ul> <li> <p> <code>DeduplicationScope</code> – Specifies whether message deduplication occurs at the message group or queue level. Valid values are <code>messageGroup</code> and <code>queue</code>.</p> </li> <li> <p> <code>FifoThroughputLimit</code> – Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are <code>perQueue</code> and <code>perMessageGroupId</code>. The <code>perMessageGroupId</code> value is allowed only when the value for <code>DeduplicationScope</code> is <code>messageGroup</code>.</p> </li> </ul> <p>To enable high throughput for FIFO queues, do the following:</p> <ul> <li> <p>Set <code>DeduplicationScope</code> to <code>messageGroup</code>.</p> </li> <li> <p>Set <code>FifoThroughputLimit</code> to <code>perMessageGroupId</code>.</p> </li> </ul> <p>If you set these attributes to anything other than the values shown for enabling high throughput, normal throughput is in effect and deduplication occurs as specified.</p> <p>For information on throughput quotas, see <a href=\"https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/quotas-messages.html\">Quotas related to messages</a> in the <i>Amazon SQS Developer Guide</i>.</p>",
           "locationName":"Attribute"
         }
       },
diff --git a/contrib/python/botocore/py3/botocore/data/ssm-incidents/2018-05-10/service-2.json b/contrib/python/botocore/py3/botocore/data/ssm-incidents/2018-05-10/service-2.json
index 1a19d7f9311..1ff42cb6736 100644
--- a/contrib/python/botocore/py3/botocore/data/ssm-incidents/2018-05-10/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ssm-incidents/2018-05-10/service-2.json
@@ -1438,7 +1438,8 @@
         "METRIC",
         "PARENT",
         "ATTACHMENT",
-        "OTHER"
+        "OTHER",
+        "AUTOMATION"
       ]
     },
     "ItemValue":{
diff --git a/contrib/python/botocore/py3/botocore/data/ssm/2014-11-06/service-2.json b/contrib/python/botocore/py3/botocore/data/ssm/2014-11-06/service-2.json
index be48c7bfac7..1ebd3125b14 100644
--- a/contrib/python/botocore/py3/botocore/data/ssm/2014-11-06/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/ssm/2014-11-06/service-2.json
@@ -28,7 +28,7 @@
         {"shape":"TooManyTagsError"},
         {"shape":"TooManyUpdates"}
       ],
-      "documentation":"<p>Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example:</p> <ul> <li> <p> <code>Key=Owner,Value=DbAdmin</code> </p> </li> <li> <p> <code>Key=Owner,Value=SysAdmin</code> </p> </li> <li> <p> <code>Key=Owner,Value=Dev</code> </p> </li> <li> <p> <code>Key=Stack,Value=Production</code> </p> </li> <li> <p> <code>Key=Stack,Value=Pre-Production</code> </p> </li> <li> <p> <code>Key=Stack,Value=Test</code> </p> </li> </ul> <p>Each resource can have a maximum of 50 tags.</p> <p>We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters. </p> <p>For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html\">Tagging your Amazon EC2 resources</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+      "documentation":"<p>Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed nodes, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed nodes that helps you track each node's owner and stack level. For example:</p> <ul> <li> <p> <code>Key=Owner,Value=DbAdmin</code> </p> </li> <li> <p> <code>Key=Owner,Value=SysAdmin</code> </p> </li> <li> <p> <code>Key=Owner,Value=Dev</code> </p> </li> <li> <p> <code>Key=Stack,Value=Production</code> </p> </li> <li> <p> <code>Key=Stack,Value=Pre-Production</code> </p> </li> <li> <p> <code>Key=Stack,Value=Test</code> </p> </li> </ul> <p>Each resource can have a maximum of 50 tags.</p> <p>We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters. </p> <p>For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html\">Tagging your Amazon EC2 resources</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
     "AssociateOpsItemRelatedItem":{
       "name":"AssociateOpsItemRelatedItem",
@@ -86,9 +86,10 @@
       "input":{"shape":"CreateActivationRequest"},
       "output":{"shape":"CreateActivationResult"},
       "errors":[
+        {"shape":"InvalidParameters"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises instances and VMs using Systems Manager, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html\">Setting up Amazon Web Services Systems Manager for hybrid environments</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. </p> <note> <p>On-premises servers or VMs that are registered with Systems Manager and Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage with Systems Manager are all called <i>managed instances</i>.</p> </note>"
+      "documentation":"<p>Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html\">Setting up Amazon Web Services Systems Manager for hybrid environments</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. </p> <note> <p>Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called <i>managed nodes</i>.</p> </note>"
     },
     "CreateAssociation":{
       "name":"CreateAssociation",
@@ -111,7 +112,7 @@
         {"shape":"InvalidTarget"},
         {"shape":"InvalidSchedule"}
       ],
-      "documentation":"<p>A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service. </p>"
+      "documentation":"<p>A State Manager association defines the state that you want to maintain on your managed nodes. For example, an association can specify that anti-virus software must be installed and running on your managed nodes, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new managed nodes are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service. </p>"
     },
     "CreateAssociationBatch":{
       "name":"CreateAssociationBatch",
@@ -134,7 +135,7 @@
         {"shape":"InvalidTarget"},
         {"shape":"InvalidSchedule"}
       ],
-      "documentation":"<p>Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified instances or targets.</p> <p>When you associate a document with one or more instances using instance IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the instance processes the document and configures the instance as specified.</p> <p>If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.</p>"
+      "documentation":"<p>Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.</p> <p>When you associate a document with one or more managed nodes using IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed node processes the document and configures the node as specified.</p> <p>If you associate a document with a managed node that already has an associated document, the system returns the AssociationAlreadyExists exception.</p>"
     },
     "CreateDocument":{
       "name":"CreateDocument",
@@ -152,7 +153,7 @@
         {"shape":"DocumentLimitExceeded"},
         {"shape":"InvalidDocumentSchemaVersion"}
       ],
-      "documentation":"<p>Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed instances. For more information about SSM documents, including information about supported schemas, features, and syntax, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html\">Amazon Web Services Systems Manager Documents</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+      "documentation":"<p>Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html\">Amazon Web Services Systems Manager Documents</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
     },
     "CreateMaintenanceWindow":{
       "name":"CreateMaintenanceWindow",
@@ -247,7 +248,7 @@
         {"shape":"InternalServerError"},
         {"shape":"TooManyUpdates"}
       ],
-      "documentation":"<p>Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation doesn't de-register managed instances. You must manually de-register managed instances.</p>"
+      "documentation":"<p>Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed nodes. Deleting an activation doesn't de-register managed nodes. You must manually de-register managed nodes.</p>"
     },
     "DeleteAssociation":{
       "name":"DeleteAssociation",
@@ -264,7 +265,7 @@
         {"shape":"InvalidInstanceId"},
         {"shape":"TooManyUpdates"}
       ],
-      "documentation":"<p>Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified instance. If you created the association by using the <code>Targets</code> parameter, then you must delete the association by using the association ID.</p> <p>When you disassociate a document from an instance, it doesn't change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.</p>"
+      "documentation":"<p>Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node. If you created the association by using the <code>Targets</code> parameter, then you must delete the association by using the association ID.</p> <p>When you disassociate a document from a managed node, it doesn't change the configuration of the node. To change the configuration state of a managed node after you disassociate a document, you must create a new document with the desired configuration and associate it with the node.</p>"
     },
     "DeleteDocument":{
       "name":"DeleteDocument",
@@ -280,7 +281,7 @@
         {"shape":"InvalidDocumentOperation"},
         {"shape":"AssociatedInstances"}
       ],
-      "documentation":"<p>Deletes the Amazon Web Services Systems Manager document (SSM document) and all instance associations to the document.</p> <p>Before you delete the document, we recommend that you use <a>DeleteAssociation</a> to disassociate all instances that are associated with the document.</p>"
+      "documentation":"<p>Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.</p> <p>Before you delete the document, we recommend that you use <a>DeleteAssociation</a> to disassociate all managed nodes that are associated with the document.</p>"
     },
     "DeleteInventory":{
       "name":"DeleteInventory",
@@ -381,7 +382,7 @@
         {"shape":"ResourceDataSyncNotFoundException"},
         {"shape":"ResourceDataSyncInvalidConfigurationException"}
       ],
-      "documentation":"<p>Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed instances are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.</p>"
+      "documentation":"<p>Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed nodes are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.</p>"
     },
     "DeregisterManagedInstance":{
       "name":"DeregisterManagedInstance",
@@ -395,7 +396,7 @@
         {"shape":"InvalidInstanceId"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.</p>"
+      "documentation":"<p>Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.</p>"
     },
     "DeregisterPatchBaselineForPatchGroup":{
       "name":"DeregisterPatchBaselineForPatchGroup",
@@ -453,7 +454,7 @@
         {"shape":"InvalidNextToken"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the instances in the activation, and the number of instances registered by using this activation.</p>"
+      "documentation":"<p>Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.</p>"
     },
     "DescribeAssociation":{
       "name":"DescribeAssociation",
@@ -470,7 +471,7 @@
         {"shape":"InvalidDocument"},
         {"shape":"InvalidInstanceId"}
       ],
-      "documentation":"<p>Describes the association for the specified target or instance. If you created the association by using the <code>Targets</code> parameter, then you must retrieve the association by using the association ID.</p>"
+      "documentation":"<p>Describes the association for the specified target or managed node. If you created the association by using the <code>Targets</code> parameter, then you must retrieve the association by using the association ID.</p>"
     },
     "DescribeAssociationExecutionTargets":{
       "name":"DescribeAssociationExecutionTargets",
@@ -594,7 +595,7 @@
         {"shape":"InvalidInstanceId"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>All associations for the instance(s).</p>"
+      "documentation":"<p>All associations for the managed node(s).</p>"
     },
     "DescribeEffectivePatchesForPatchBaseline":{
       "name":"DescribeEffectivePatchesForPatchBaseline",
@@ -625,7 +626,7 @@
         {"shape":"InvalidInstanceId"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>The status of the associations for the instance(s).</p>"
+      "documentation":"<p>The status of the associations for the managed node(s).</p>"
     },
     "DescribeInstanceInformation":{
       "name":"DescribeInstanceInformation",
@@ -642,7 +643,7 @@
         {"shape":"InvalidInstanceInformationFilterValue"},
         {"shape":"InvalidFilterKey"}
       ],
-      "documentation":"<p>Describes one or more of your instances, including information about the operating system platform, the version of SSM Agent installed on the instance, instance status, and so on.</p> <p>If you specify one or more instance IDs, it returns information for those instances. If you don't specify instance IDs, it returns information for all your instances. If you specify an instance ID that isn't valid or an instance that you don't own, you receive an error.</p> <note> <p>The <code>IamRole</code> field for this API operation is the Identity and Access Management (IAM) role assigned to on-premises instances. This call doesn't return the IAM role for EC2 instances.</p> </note>"
+      "documentation":"<p>Describes one or more of your managed nodes, including information about the operating system platform, the version of SSM Agent installed on the managed node, node status, and so on.</p> <p>If you specify one or more managed node IDs, it returns information for those managed nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you specify a node ID that isn't valid or a node that you don't own, you receive an error.</p> <note> <p>The <code>IamRole</code> field for this API operation is the Identity and Access Management (IAM) role assigned to on-premises managed nodes. This call doesn't return the IAM role for EC2 instances.</p> </note>"
     },
     "DescribeInstancePatchStates":{
       "name":"DescribeInstancePatchStates",
@@ -656,7 +657,7 @@
         {"shape":"InternalServerError"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Retrieves the high-level patch state of one or more instances.</p>"
+      "documentation":"<p>Retrieves the high-level patch state of one or more managed nodes.</p>"
     },
     "DescribeInstancePatchStatesForPatchGroup":{
       "name":"DescribeInstancePatchStatesForPatchGroup",
@@ -671,7 +672,7 @@
         {"shape":"InvalidFilter"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Retrieves the high-level patch state for the instances in the specified patch group.</p>"
+      "documentation":"<p>Retrieves the high-level patch state for the managed nodes in the specified patch group.</p>"
     },
     "DescribeInstancePatches":{
       "name":"DescribeInstancePatches",
@@ -687,7 +688,7 @@
         {"shape":"InvalidFilter"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.</p>"
+      "documentation":"<p>Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.</p>"
     },
     "DescribeInventoryDeletions":{
       "name":"DescribeInventoryDeletions",
@@ -811,7 +812,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Retrieves information about the maintenance window targets or tasks that an instance is associated with.</p>"
+      "documentation":"<p>Retrieves information about the maintenance window targets or tasks that a managed node is associated with.</p>"
     },
     "DescribeOpsItems":{
       "name":"DescribeOpsItems",
@@ -972,7 +973,7 @@
         {"shape":"InvalidPluginName"},
         {"shape":"InvocationDoesNotExist"}
       ],
-      "documentation":"<p>Returns detailed information about command execution for an invocation or plugin.</p> <p> <code>GetCommandInvocation</code> only gives the execution status of a plugin in a document. To get the command execution status on a specific instance, use <a>ListCommandInvocations</a>. To get the command execution status across instances, use <a>ListCommands</a>.</p>"
+      "documentation":"<p>Returns detailed information about command execution for an invocation or plugin.</p> <p> <code>GetCommandInvocation</code> only gives the execution status of a plugin in a document. To get the command execution status on a specific managed node, use <a>ListCommandInvocations</a>. To get the command execution status across managed nodes, use <a>ListCommands</a>.</p>"
     },
     "GetConnectionStatus":{
       "name":"GetConnectionStatus",
@@ -985,7 +986,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Retrieves the Session Manager connection status for an instance to determine whether it is running and ready to receive Session Manager connections.</p>"
+      "documentation":"<p>Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.</p>"
     },
     "GetDefaultPatchBaseline":{
       "name":"GetDefaultPatchBaseline",
@@ -1013,7 +1014,7 @@
         {"shape":"UnsupportedOperatingSystem"},
         {"shape":"UnsupportedFeatureRequiredException"}
       ],
-      "documentation":"<p>Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the <code>AWS-RunPatchBaseline</code> Systems Manager document (SSM document).</p> <note> <p>If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target an instance with a script or command. For example, run the command using the <code>AWS-RunShellScript</code> document or the <code>AWS-RunPowerShellScript</code> document.</p> </note>"
+      "documentation":"<p>Retrieves the current snapshot for the patch baseline the managed node uses. This API is primarily used by the <code>AWS-RunPatchBaseline</code> Systems Manager document (SSM document).</p> <note> <p>If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target a managed node with a script or command. For example, run the command using the <code>AWS-RunShellScript</code> document or the <code>AWS-RunPowerShellScript</code> document.</p> </note>"
     },
     "GetDocument":{
       "name":"GetDocument",
@@ -1047,7 +1048,7 @@
         {"shape":"InvalidAggregatorException"},
         {"shape":"InvalidResultAttributeException"}
       ],
-      "documentation":"<p>Query inventory information. This includes instance status, such as <code>Stopped</code> or <code>Terminated</code>.</p>"
+      "documentation":"<p>Query inventory information. This includes managed node status, such as <code>Stopped</code> or <code>Terminated</code>.</p>"
     },
     "GetInventorySchema":{
       "name":"GetInventorySchema",
@@ -1331,7 +1332,7 @@
         {"shape":"InternalServerError"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or instance by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.</p>"
+      "documentation":"<p>Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or managed node by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.</p>"
     },
     "ListCommandInvocations":{
       "name":"ListCommandInvocations",
@@ -1348,7 +1349,7 @@
         {"shape":"InvalidFilterKey"},
         {"shape":"InvalidNextToken"}
       ],
-      "documentation":"<p>An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs <code>SendCommand</code> against three instances, then a command invocation is created for each requested instance ID. <code>ListCommandInvocations</code> provide status about command execution.</p>"
+      "documentation":"<p>An invocation is copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs <code>SendCommand</code> against three managed nodes, then a command invocation is created for each requested managed node ID. <code>ListCommandInvocations</code> provide status about command execution.</p>"
     },
     "ListCommands":{
       "name":"ListCommands",
@@ -1585,7 +1586,7 @@
         {"shape":"InvalidResourceType"},
         {"shape":"InvalidResourceId"}
       ],
-      "documentation":"<p>Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.</p> <p>ComplianceType can be one of the following:</p> <ul> <li> <p>ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.</p> </li> <li> <p>ExecutionType: Specify patch, association, or Custom:<code>string</code>.</p> </li> <li> <p>ExecutionTime. The time the patch, association, or custom compliance item was applied to the instance.</p> </li> <li> <p>Id: The patch, association, or custom compliance ID.</p> </li> <li> <p>Title: A title.</p> </li> <li> <p>Status: The status of the compliance item. For example, <code>approved</code> for patches, or <code>Failed</code> for associations.</p> </li> <li> <p>Severity: A patch severity. For example, <code>critical</code>.</p> </li> <li> <p>DocumentName: An SSM document name. For example, <code>AWS-RunPatchBaseline</code>.</p> </li> <li> <p>DocumentVersion: An SSM document version number. For example, 4.</p> </li> <li> <p>Classification: A patch classification. For example, <code>security updates</code>.</p> </li> <li> <p>PatchBaselineId: A patch baseline ID.</p> </li> <li> <p>PatchSeverity: A patch severity. For example, <code>Critical</code>.</p> </li> <li> <p>PatchState: A patch state. For example, <code>InstancesWithFailedPatches</code>.</p> </li> <li> <p>PatchGroup: The name of a patch group.</p> </li> <li> <p>InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'</p> </li> </ul>"
+      "documentation":"<p>Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.</p> <p>ComplianceType can be one of the following:</p> <ul> <li> <p>ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.</p> </li> <li> <p>ExecutionType: Specify patch, association, or Custom:<code>string</code>.</p> </li> <li> <p>ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.</p> </li> <li> <p>Id: The patch, association, or custom compliance ID.</p> </li> <li> <p>Title: A title.</p> </li> <li> <p>Status: The status of the compliance item. For example, <code>approved</code> for patches, or <code>Failed</code> for associations.</p> </li> <li> <p>Severity: A patch severity. For example, <code>critical</code>.</p> </li> <li> <p>DocumentName: An SSM document name. For example, <code>AWS-RunPatchBaseline</code>.</p> </li> <li> <p>DocumentVersion: An SSM document version number. For example, 4.</p> </li> <li> <p>Classification: A patch classification. For example, <code>security updates</code>.</p> </li> <li> <p>PatchBaselineId: A patch baseline ID.</p> </li> <li> <p>PatchSeverity: A patch severity. For example, <code>Critical</code>.</p> </li> <li> <p>PatchState: A patch state. For example, <code>InstancesWithFailedPatches</code>.</p> </li> <li> <p>PatchGroup: The name of a patch group.</p> </li> <li> <p>InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'</p> </li> </ul>"
     },
     "PutInventory":{
       "name":"PutInventory",
@@ -1609,7 +1610,7 @@
         {"shape":"InvalidInventoryItemContextException"},
         {"shape":"SubTypeCountLimitExceededException"}
       ],
-      "documentation":"<p>Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.</p>"
+      "documentation":"<p>Bulk update custom inventory items on one or more managed nodes. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.</p>"
     },
     "PutParameter":{
       "name":"PutParameter",
@@ -1746,7 +1747,7 @@
         {"shape":"DoesNotExistException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Reconnects a session to an instance after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.</p> <note> <p>This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.</p> </note>"
+      "documentation":"<p>Reconnects a session to a managed node after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.</p> <note> <p>This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.</p> </note>"
     },
     "SendAutomationSignal":{
       "name":"SendAutomationSignal",
@@ -1785,7 +1786,7 @@
         {"shape":"InvalidRole"},
         {"shape":"InvalidNotificationConfig"}
       ],
-      "documentation":"<p>Runs commands on one or more managed instances.</p>"
+      "documentation":"<p>Runs commands on one or more managed nodes.</p>"
     },
     "StartAssociationsOnce":{
       "name":"StartAssociationsOnce",
@@ -1852,7 +1853,7 @@
         {"shape":"TargetNotConnected"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Initiates a connection to a target (for example, an instance) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.</p> <note> <p>Amazon Web Services CLI usage: <code>start-session</code> is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html\">Install the Session Manager plugin for the Amazon Web Services CLI</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> <p>Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.</p> </note>"
+      "documentation":"<p>Initiates a connection to a target (for example, a managed node) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.</p> <note> <p>Amazon Web Services CLI usage: <code>start-session</code> is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html\">Install the Session Manager plugin for the Amazon Web Services CLI</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> <p>Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.</p> </note>"
     },
     "StopAutomationExecution":{
       "name":"StopAutomationExecution",
@@ -1878,10 +1879,9 @@
       "input":{"shape":"TerminateSessionRequest"},
       "output":{"shape":"TerminateSessionResponse"},
       "errors":[
-        {"shape":"DoesNotExistException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the instance. A terminated session isn't be resumed.</p>"
+      "documentation":"<p>Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node. A terminated session isn't be resumed.</p>"
     },
     "UnlabelParameterVersion":{
       "name":"UnlabelParameterVersion",
@@ -1921,7 +1921,7 @@
         {"shape":"InvalidAssociationVersion"},
         {"shape":"AssociationVersionLimitExceeded"}
       ],
-      "documentation":"<p>Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output. </p> <p>In order to call this API operation, your Identity and Access Management (IAM) user account, group, or role must be configured with permission to call the <a>DescribeAssociation</a> API operation. If you don't have permission to call <code>DescribeAssociation</code>, then you receive the following error: <code>An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: &lt;user_arn&gt; isn't authorized to perform: ssm:DescribeAssociation on resource: &lt;resource_arn&gt;</code> </p> <important> <p>When you update an association, the association immediately runs against the specified targets.</p> </important>"
+      "documentation":"<p>Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output. When you call <code>UpdateAssociation</code>, the system drops all optional parameters from the request and overwrites the association with null values for those parameters. This is by design. You must specify all optional parameters in the call, even if you are not changing the parameters. This includes the <code>Name</code> parameter. Before calling this API action, we recommend that you call the <a>DescribeAssociation</a> API operation and make a note of all optional parameters required for your <code>UpdateAssociation</code> call.</p> <p>In order to call this API operation, your Identity and Access Management (IAM) user account, group, or role must be configured with permission to call the <a>DescribeAssociation</a> API operation. If you don't have permission to call <code>DescribeAssociation</code>, then you receive the following error: <code>An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: &lt;user_arn&gt; isn't authorized to perform: ssm:DescribeAssociation on resource: &lt;resource_arn&gt;</code> </p> <important> <p>When you update an association, the association immediately runs against the specified targets. You can add the <code>ApplyOnlyAtCronInterval</code> parameter to run the association during the next schedule run.</p> </important>"
     },
     "UpdateAssociationStatus":{
       "name":"UpdateAssociationStatus",
@@ -1939,7 +1939,7 @@
         {"shape":"StatusUnchanged"},
         {"shape":"TooManyUpdates"}
       ],
-      "documentation":"<p>Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified instance.</p> <p> <code>UpdateAssociationStatus</code> is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with the <code>InstanceId</code> legacy parameter.</p>"
+      "documentation":"<p>Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.</p> <p> <code>UpdateAssociationStatus</code> is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with the <code>InstanceId</code> legacy parameter.</p>"
     },
     "UpdateDocument":{
       "name":"UpdateDocument",
@@ -2049,7 +2049,7 @@
         {"shape":"InvalidInstanceId"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Changes the Identity and Access Management (IAM) role that is assigned to the on-premises instance or virtual machines (VM). IAM roles are first assigned to these hybrid instances during the activation process. For more information, see <a>CreateActivation</a>.</p>"
+      "documentation":"<p>Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM). IAM roles are first assigned to these hybrid nodes during the activation process. For more information, see <a>CreateActivation</a>.</p>"
     },
     "UpdateOpsItem":{
       "name":"UpdateOpsItem",
@@ -2180,23 +2180,23 @@
         },
         "DefaultInstanceName":{
           "shape":"DefaultInstanceName",
-          "documentation":"<p>A name for the managed instance when it is created.</p>"
+          "documentation":"<p>A name for the managed node when it is created.</p>"
         },
         "IamRole":{
           "shape":"IamRole",
-          "documentation":"<p>The Identity and Access Management (IAM) role to assign to the managed instance.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) role to assign to the managed node.</p>"
         },
         "RegistrationLimit":{
           "shape":"RegistrationLimit",
-          "documentation":"<p>The maximum number of managed instances that can be registered using this activation.</p>"
+          "documentation":"<p>The maximum number of managed nodes that can be registered using this activation.</p>"
         },
         "RegistrationsCount":{
           "shape":"RegistrationsCount",
-          "documentation":"<p>The number of managed instances already registered with this activation.</p>"
+          "documentation":"<p>The number of managed nodes already registered with this activation.</p>"
         },
         "ExpirationDate":{
           "shape":"ExpirationDate",
-          "documentation":"<p>The date when this activation can no longer be used to register managed instances.</p>"
+          "documentation":"<p>The date when this activation can no longer be used to register managed nodes.</p>"
         },
         "Expired":{
           "shape":"Boolean",
@@ -2211,7 +2211,7 @@
           "documentation":"<p>Tags assigned to the activation.</p>"
         }
       },
-      "documentation":"<p>An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed instance.</p>"
+      "documentation":"<p>An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed node.</p>"
     },
     "ActivationCode":{
       "type":"string",
@@ -2241,11 +2241,11 @@
       "members":{
         "ResourceType":{
           "shape":"ResourceTypeForTagging",
-          "documentation":"<p>Specifies the type of resource you are tagging.</p> <note> <p>The <code>ManagedInstance</code> type for this API operation is for on-premises managed instances. You must specify the name of the managed instance in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
+          "documentation":"<p>Specifies the type of resource you are tagging.</p> <note> <p>The <code>ManagedInstance</code> type for this API operation is for on-premises managed nodes. You must specify the name of the managed node in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
         },
         "ResourceId":{
           "shape":"ResourceId",
-          "documentation":"<p>The resource ID you want to tag.</p> <p>Use the ID of the resource. Here are some examples:</p> <p> <code>MaintenanceWindow</code>: <code>mw-012345abcde</code> </p> <p> <code>PatchBaseline</code>: <code>pb-012345abcde</code> </p> <p> <code>OpsMetadata</code> object: <code>ResourceID</code> for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, <code>ResourceID</code> is created from the strings that come after the word <code>opsmetadata</code> in the ARN. For example, an OpsMetadata object with an ARN of <code>arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager</code> has a <code>ResourceID</code> of either <code>aws/ssm/MyGroup/appmanager</code> or <code>/aws/ssm/MyGroup/appmanager</code>.</p> <p>For the <code>Document</code> and <code>Parameter</code> values, use the name of the resource.</p> <p> <code>ManagedInstance</code>: <code>mi-012345abcde</code> </p> <note> <p>The <code>ManagedInstance</code> type for this API operation is only for on-premises managed instances. You must specify the name of the managed instance in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
+          "documentation":"<p>The resource ID you want to tag.</p> <p>Use the ID of the resource. Here are some examples:</p> <p> <code>MaintenanceWindow</code>: <code>mw-012345abcde</code> </p> <p> <code>PatchBaseline</code>: <code>pb-012345abcde</code> </p> <p> <code>OpsMetadata</code> object: <code>ResourceID</code> for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, <code>ResourceID</code> is created from the strings that come after the word <code>opsmetadata</code> in the ARN. For example, an OpsMetadata object with an ARN of <code>arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager</code> has a <code>ResourceID</code> of either <code>aws/ssm/MyGroup/appmanager</code> or <code>/aws/ssm/MyGroup/appmanager</code>.</p> <p>For the <code>Document</code> and <code>Parameter</code> values, use the name of the resource.</p> <p> <code>ManagedInstance</code>: <code>mi-012345abcde</code> </p> <note> <p>The <code>ManagedInstance</code> type for this API operation is only for on-premises managed nodes. You must specify the name of the managed node in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
         },
         "Tags":{
           "shape":"TagList",
@@ -2322,7 +2322,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You must disassociate a document from all instances before you can delete it.</p>",
+      "documentation":"<p>You must disassociate a document from all managed nodes before you can delete it.</p>",
       "exception":true
     },
     "Association":{
@@ -2334,7 +2334,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "AssociationId":{
           "shape":"AssociationId",
@@ -2346,11 +2346,11 @@
         },
         "DocumentVersion":{
           "shape":"DocumentVersion",
-          "documentation":"<p>The version of the document used in the association.</p>"
+          "documentation":"<p>The version of the document used in the association.</p> <important> <p>State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the <code>default</code> version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to <code>default</code>.</p> </important>"
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The instances targeted by the request to create an association. You can target all instances in an Amazon Web Services account by specifying the <code>InstanceIds</code> key with a value of <code>*</code>.</p>"
+          "documentation":"<p>The managed nodes targeted by the request to create an association. You can target all managed nodes in an Amazon Web Services account by specifying the <code>InstanceIds</code> key with a value of <code>*</code>.</p>"
         },
         "LastExecutionDate":{
           "shape":"DateTime",
@@ -2369,7 +2369,7 @@
           "documentation":"<p>The association name.</p>"
         }
       },
-      "documentation":"<p>Describes an association of a Amazon Web Services Systems Manager document (SSM document) and an instance.</p>"
+      "documentation":"<p>Describes an association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.</p>"
     },
     "AssociationAlreadyExists":{
       "type":"structure",
@@ -2397,7 +2397,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "AssociationVersion":{
           "shape":"AssociationVersion",
@@ -2425,7 +2425,7 @@
         },
         "AutomationTargetParameterName":{
           "shape":"AutomationTargetParameterName",
-          "documentation":"<p>Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
+          "documentation":"<p>Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -2437,7 +2437,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The instances targeted by the request. </p>"
+          "documentation":"<p>The managed nodes targeted by the request. </p>"
         },
         "ScheduleExpression":{
           "shape":"ScheduleExpression",
@@ -2461,11 +2461,11 @@
         },
         "MaxErrors":{
           "shape":"MaxErrors",
-          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
+          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new instance starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
+          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new managed node starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
         },
         "ComplianceSeverity":{
           "shape":"AssociationComplianceSeverity",
@@ -2609,11 +2609,11 @@
         },
         "ResourceId":{
           "shape":"AssociationResourceId",
-          "documentation":"<p>The resource ID, for example, the instance ID where the association ran.</p>"
+          "documentation":"<p>The resource ID, for example, the managed node ID where the association ran.</p>"
         },
         "ResourceType":{
           "shape":"AssociationResourceType",
-          "documentation":"<p>The resource type, for example, instance.</p>"
+          "documentation":"<p>The resource type, for example, EC2.</p>"
         },
         "Status":{
           "shape":"StatusName",
@@ -2763,7 +2763,7 @@
         },
         "AssociationStatusAggregatedCount":{
           "shape":"AssociationStatusAggregatedCount",
-          "documentation":"<p>Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.</p>"
+          "documentation":"<p>Returns the number of targets for the association status. For example, if you created an association with two managed nodes, and one of them was successful, this would return the count of managed nodes by status.</p>"
         }
       },
       "documentation":"<p>Information about the association.</p>"
@@ -2874,11 +2874,11 @@
         },
         "MaxErrors":{
           "shape":"MaxErrors",
-          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
+          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new instance starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
+          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new managed node starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
         },
         "ComplianceSeverity":{
           "shape":"AssociationComplianceSeverity",
@@ -3498,11 +3498,11 @@
         },
         "ApprovedPatchesEnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is <code>false</code>. Applies to Linux instances only.</p>"
+          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>"
         },
         "Sources":{
           "shape":"PatchSourceList",
-          "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.</p>"
+          "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.</p>"
         }
       },
       "documentation":"<p>Defines the basic information about a patch baseline override.</p>"
@@ -3531,7 +3531,7 @@
         },
         "InstanceIds":{
           "shape":"InstanceIdList",
-          "documentation":"<p>(Optional) A list of instance IDs on which you want to cancel the command. If not provided, the command is canceled on every instance on which it was requested.</p>"
+          "documentation":"<p>(Optional) A list of managed node IDs on which you want to cancel the command. If not provided, the command is canceled on every node on which it was requested.</p>"
         }
       },
       "documentation":"<p/>"
@@ -3561,6 +3561,22 @@
         }
       }
     },
+    "Category":{
+      "type":"string",
+      "max":128
+    },
+    "CategoryEnumList":{
+      "type":"list",
+      "member":{"shape":"Category"},
+      "max":3,
+      "min":0
+    },
+    "CategoryList":{
+      "type":"list",
+      "member":{"shape":"Category"},
+      "max":3,
+      "min":0
+    },
     "ChangeDetailsValue":{
       "type":"string",
       "max":32768,
@@ -3625,11 +3641,11 @@
         },
         "InstanceIds":{
           "shape":"InstanceIdList",
-          "documentation":"<p>The instance IDs against which this command was requested.</p>"
+          "documentation":"<p>The managed node IDs against which this command was requested.</p>"
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.</p>"
+          "documentation":"<p>An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Targets is required if you don't provide one or more managed node IDs in the call.</p>"
         },
         "RequestedDateTime":{
           "shape":"DateTime",
@@ -3641,7 +3657,7 @@
         },
         "StatusDetails":{
           "shape":"StatusDetails",
-          "documentation":"<p>A detailed status of the command execution. <code>StatusDetails</code> includes more information than <code>Status</code> because it includes states resulting from error and concurrency control parameters. <code>StatusDetails</code> can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to any instances.</p> </li> <li> <p>In Progress: The command has been sent to at least one instance but hasn't reached a final state on all instances.</p> </li> <li> <p>Success: The command successfully ran on all invocations. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.</p> </li> <li> <p>Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.</p> </li> <li> <p>Incomplete: The command was attempted on all instances and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.</p> </li> <li> <p>Canceled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Rate Exceeded: The number of instances targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any instance. This is a terminal state.</p> </li> </ul>"
+          "documentation":"<p>A detailed status of the command execution. <code>StatusDetails</code> includes more information than <code>Status</code> because it includes states resulting from error and concurrency control parameters. <code>StatusDetails</code> can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to any managed nodes.</p> </li> <li> <p>In Progress: The command has been sent to at least one managed node but hasn't reached a final state on all managed nodes.</p> </li> <li> <p>Success: The command successfully ran on all invocations. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.</p> </li> <li> <p>Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.</p> </li> <li> <p>Incomplete: The command was attempted on all managed nodes and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.</p> </li> <li> <p>Cancelled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Rate Exceeded: The number of managed nodes targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any managed node. This is a terminal state.</p> </li> </ul>"
         },
         "OutputS3Region":{
           "shape":"S3Region",
@@ -3657,7 +3673,7 @@
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use <code>MaxConcurrency</code>, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html\">Running commands using Systems Manager Run Command</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number of managed nodes, such as 10, or a percentage of nodes, such as 10%. The default value is 50. For more information about how to use <code>MaxConcurrency</code>, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/run-command.html\">Running commands using Systems Manager Run Command</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "MaxErrors":{
           "shape":"MaxErrors",
@@ -3669,7 +3685,7 @@
         },
         "CompletedCount":{
           "shape":"CompletedCount",
-          "documentation":"<p>The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.</p>"
+          "documentation":"<p>The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Cancelled, Terminated, or Undeliverable.</p>"
         },
         "ErrorCount":{
           "shape":"ErrorCount",
@@ -3707,14 +3723,14 @@
       "members":{
         "key":{
           "shape":"CommandFilterKey",
-          "documentation":"<p>The name of the filter.</p>"
+          "documentation":"<p>The name of the filter.</p> <note> <p>The <code>ExecutionStage</code> filter can't be used with the <code>ListCommandInvocations</code> operation, only with <code>ListCommands</code>.</p> </note>"
         },
         "value":{
           "shape":"CommandFilterValue",
-          "documentation":"<p>The filter value. Valid values for each filter key are as follows:</p> <ul> <li> <p> <b>InvokedAfter</b>: Specify a timestamp to limit your results. For example, specify <code>2021-07-07T00:00:00Z</code> to see a list of command executions occurring July 7, 2021, and later.</p> </li> <li> <p> <b>InvokedBefore</b>: Specify a timestamp to limit your results. For example, specify <code>2021-07-07T00:00:00Z</code> to see a list of command executions from before July 7, 2021.</p> </li> <li> <p> <b>Status</b>: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.</p> <p>The status values you can specify for <code>ListCommands</code> are:</p> <ul> <li> <p> <code>Pending</code> </p> </li> <li> <p> <code>InProgress</code> </p> </li> <li> <p> <code>Success</code> </p> </li> <li> <p> <code>Cancelled</code> </p> </li> <li> <p> <code>Failed</code> </p> </li> <li> <p> <code>TimedOut</code> (this includes both Delivery and Execution time outs) </p> </li> <li> <p> <code>AccessDenied</code> </p> </li> <li> <p> <code>DeliveryTimedOut</code> </p> </li> <li> <p> <code>ExecutionTimedOut</code> </p> </li> <li> <p> <code>Incomplete</code> </p> </li> <li> <p> <code>NoInstancesInTag</code> </p> </li> <li> <p> <code>LimitExceeded</code> </p> </li> </ul> <p>The status values you can specify for <code>ListCommandInvocations</code> are:</p> <ul> <li> <p> <code>Pending</code> </p> </li> <li> <p> <code>InProgress</code> </p> </li> <li> <p> <code>Delayed</code> </p> </li> <li> <p> <code>Success</code> </p> </li> <li> <p> <code>Cancelled</code> </p> </li> <li> <p> <code>Failed</code> </p> </li> <li> <p> <code>TimedOut</code> (this includes both Delivery and Execution time outs) </p> </li> <li> <p> <code>AccessDenied</code> </p> </li> <li> <p> <code>DeliveryTimedOut</code> </p> </li> <li> <p> <code>ExecutionTimedOut</code> </p> </li> <li> <p> <code>Undeliverable</code> </p> </li> <li> <p> <code>InvalidPlatform</code> </p> </li> <li> <p> <code>Terminated</code> </p> </li> </ul> </li> <li> <p> <b>DocumentName</b>: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify <code>AWS-RunPatchBaseline</code> to see command executions that used this SSM document to perform security patching operations on instances. </p> </li> <li> <p> <b>ExecutionStage</b>: Specify one of the following values:</p> <ul> <li> <p> <code>Executing</code>: Returns a list of command executions that are currently still running.</p> </li> <li> <p> <code>Complete</code>: Returns a list of command executions that have already completed. </p> </li> </ul> </li> </ul>"
+          "documentation":"<p>The filter value. Valid values for each filter key are as follows:</p> <ul> <li> <p> <b>InvokedAfter</b>: Specify a timestamp to limit your results. For example, specify <code>2021-07-07T00:00:00Z</code> to see a list of command executions occurring July 7, 2021, and later.</p> </li> <li> <p> <b>InvokedBefore</b>: Specify a timestamp to limit your results. For example, specify <code>2021-07-07T00:00:00Z</code> to see a list of command executions from before July 7, 2021.</p> </li> <li> <p> <b>Status</b>: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.</p> <p>The status values you can specify for <code>ListCommands</code> are:</p> <ul> <li> <p> <code>Pending</code> </p> </li> <li> <p> <code>InProgress</code> </p> </li> <li> <p> <code>Success</code> </p> </li> <li> <p> <code>Cancelled</code> </p> </li> <li> <p> <code>Failed</code> </p> </li> <li> <p> <code>TimedOut</code> (this includes both Delivery and Execution time outs) </p> </li> <li> <p> <code>AccessDenied</code> </p> </li> <li> <p> <code>DeliveryTimedOut</code> </p> </li> <li> <p> <code>ExecutionTimedOut</code> </p> </li> <li> <p> <code>Incomplete</code> </p> </li> <li> <p> <code>NoInstancesInTag</code> </p> </li> <li> <p> <code>LimitExceeded</code> </p> </li> </ul> <p>The status values you can specify for <code>ListCommandInvocations</code> are:</p> <ul> <li> <p> <code>Pending</code> </p> </li> <li> <p> <code>InProgress</code> </p> </li> <li> <p> <code>Delayed</code> </p> </li> <li> <p> <code>Success</code> </p> </li> <li> <p> <code>Cancelled</code> </p> </li> <li> <p> <code>Failed</code> </p> </li> <li> <p> <code>TimedOut</code> (this includes both Delivery and Execution time outs) </p> </li> <li> <p> <code>AccessDenied</code> </p> </li> <li> <p> <code>DeliveryTimedOut</code> </p> </li> <li> <p> <code>ExecutionTimedOut</code> </p> </li> <li> <p> <code>Undeliverable</code> </p> </li> <li> <p> <code>InvalidPlatform</code> </p> </li> <li> <p> <code>Terminated</code> </p> </li> </ul> </li> <li> <p> <b>DocumentName</b>: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify <code>AWS-RunPatchBaseline</code> to see command executions that used this SSM document to perform security patching operations on managed nodes. </p> </li> <li> <p> <b>ExecutionStage</b>: Specify one of the following values (<code>ListCommands</code> operations only):</p> <ul> <li> <p> <code>Executing</code>: Returns a list of command executions that are currently still running.</p> </li> <li> <p> <code>Complete</code>: Returns a list of command executions that have already completed. </p> </li> </ul> </li> </ul>"
         }
       },
-      "documentation":"<p>Describes a command filter.</p> <note> <p>An instance ID can't be specified when a command status is <code>Pending</code> because the command hasn't run on the instance yet.</p> </note>"
+      "documentation":"<p>Describes a command filter.</p> <note> <p>A managed node ID can't be specified when a command status is <code>Pending</code> because the command hasn't run on the node yet.</p> </note>"
     },
     "CommandFilterKey":{
       "type":"string",
@@ -3751,11 +3767,11 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID in which this invocation was requested.</p>"
+          "documentation":"<p>The managed node ID in which this invocation was requested.</p>"
         },
         "InstanceName":{
           "shape":"InstanceTagName",
-          "documentation":"<p>The fully qualified host name of the managed instance.</p>"
+          "documentation":"<p>The fully qualified host name of the managed node.</p>"
         },
         "Comment":{
           "shape":"Comment",
@@ -3771,7 +3787,7 @@
         },
         "RequestedDateTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time and date the request was sent to this instance.</p>"
+          "documentation":"<p>The time and date the request was sent to this managed node.</p>"
         },
         "Status":{
           "shape":"CommandInvocationStatus",
@@ -3779,7 +3795,7 @@
         },
         "StatusDetails":{
           "shape":"StatusDetails",
-          "documentation":"<p>A detailed status of the command execution for each invocation (each instance targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the instance.</p> </li> <li> <p>In Progress: The command has been sent to the instance but hasn't reached a terminal state.</p> </li> <li> <p>Success: The execution of the command or plugin was successfully completed. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: Command execution started on the instance, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't successful on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Canceled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the instance. The instance might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
+          "documentation":"<p>A detailed status of the command execution for each invocation (each managed node targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the managed node.</p> </li> <li> <p>In Progress: The command has been sent to the managed node but hasn't reached a terminal state.</p> </li> <li> <p>Success: The execution of the command or plugin was successfully completed. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Cancelled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the managed node. The managed node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
         },
         "TraceOutput":{
           "shape":"InvocationTraceOutput",
@@ -3799,18 +3815,18 @@
         },
         "ServiceRole":{
           "shape":"ServiceRole",
-          "documentation":"<p>The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per instance basis.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per managed node basis.</p>"
         },
         "NotificationConfig":{
           "shape":"NotificationConfig",
-          "documentation":"<p>Configurations for sending notifications about command status changes on a per instance basis.</p>"
+          "documentation":"<p>Configurations for sending notifications about command status changes on a per managed node basis.</p>"
         },
         "CloudWatchOutputConfig":{
           "shape":"CloudWatchOutputConfig",
           "documentation":"<p>Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.</p>"
         }
       },
-      "documentation":"<p>An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. A command invocation returns status and detail information about a command you ran. </p>"
+      "documentation":"<p>An invocation is a copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs <code>SendCommand</code> against three managed nodes, then a command invocation is created for each requested managed node ID. A command invocation returns status and detail information about a command you ran. </p>"
     },
     "CommandInvocationList":{
       "type":"list",
@@ -3851,7 +3867,7 @@
         },
         "StatusDetails":{
           "shape":"StatusDetails",
-          "documentation":"<p>A detailed status of the plugin execution. <code>StatusDetails</code> includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the instance.</p> </li> <li> <p>In Progress: The command has been sent to the instance but hasn't reached a terminal state.</p> </li> <li> <p>Success: The execution of the command or plugin was successfully completed. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: Command execution started on the instance, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't successful on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.</p> </li> <li> <p>Canceled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the instance. The instance might not exist, or it might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit, and they don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
+          "documentation":"<p>A detailed status of the plugin execution. <code>StatusDetails</code> includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. StatusDetails can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the managed node.</p> </li> <li> <p>In Progress: The command has been sent to the managed node but hasn't reached a terminal state.</p> </li> <li> <p>Success: The execution of the command or plugin was successfully completed. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.</p> </li> <li> <p>Cancelled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the managed node. The managed node might not exist, or it might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit, and they don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
         },
         "ResponseCode":{
           "shape":"ResponseCode",
@@ -3883,11 +3899,11 @@
         },
         "OutputS3BucketName":{
           "shape":"S3BucketName",
-          "documentation":"<p>The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:</p> <p> <code>doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript</code> </p> <p> <code>doc-example-bucket</code> is the name of the S3 bucket;</p> <p> <code>ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix</code> is the name of the S3 prefix;</p> <p> <code>i-02573cafcfEXAMPLE</code> is the instance ID;</p> <p> <code>awsrunShellScript</code> is the name of the plugin.</p>"
+          "documentation":"<p>The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:</p> <p> <code>doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript</code> </p> <p> <code>doc-example-bucket</code> is the name of the S3 bucket;</p> <p> <code>ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix</code> is the name of the S3 prefix;</p> <p> <code>i-02573cafcfEXAMPLE</code> is the managed node ID;</p> <p> <code>awsrunShellScript</code> is the name of the plugin.</p>"
         },
         "OutputS3KeyPrefix":{
           "shape":"S3KeyPrefix",
-          "documentation":"<p>The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:</p> <p> <code>doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript</code> </p> <p> <code>doc-example-bucket</code> is the name of the S3 bucket;</p> <p> <code>ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix</code> is the name of the S3 prefix;</p> <p> <code>i-02573cafcfEXAMPLE</code> is the instance ID;</p> <p> <code>awsrunShellScript</code> is the name of the plugin.</p>"
+          "documentation":"<p>The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:</p> <p> <code>doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript</code> </p> <p> <code>doc-example-bucket</code> is the name of the S3 bucket;</p> <p> <code>ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix</code> is the name of the S3 prefix;</p> <p> <code>i-02573cafcfEXAMPLE</code> is the managed node ID;</p> <p> <code>awsrunShellScript</code> is the name of the plugin.</p>"
         }
       },
       "documentation":"<p>Describes plugin details.</p>"
@@ -3973,7 +3989,7 @@
         },
         "ResourceId":{
           "shape":"ComplianceResourceId",
-          "documentation":"<p>An ID for the resource. For a managed instance, this is the instance ID.</p>"
+          "documentation":"<p>An ID for the resource. For a managed node, this is the node ID.</p>"
         },
         "Id":{
           "shape":"ComplianceItemId",
@@ -4218,15 +4234,15 @@
         },
         "DefaultInstanceName":{
           "shape":"DefaultInstanceName",
-          "documentation":"<p>The name of the registered, managed instance as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.</p> <important> <p>Don't enter personally identifiable information in this field.</p> </important>"
+          "documentation":"<p>The name of the registered, managed node as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.</p> <important> <p>Don't enter personally identifiable information in this field.</p> </important>"
         },
         "IamRole":{
           "shape":"IamRole",
-          "documentation":"<p>The name of the Identity and Access Management (IAM) role that you want to assign to the managed instance. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal <code>ssm.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html\">Create an IAM service role for a hybrid environment</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal <code>ssm.amazonaws.com</code>. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html\">Create an IAM service role for a hybrid environment</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "RegistrationLimit":{
           "shape":"RegistrationLimit",
-          "documentation":"<p>Specify the maximum number of managed instances you want to register. The default value is <code>1</code>.</p>",
+          "documentation":"<p>Specify the maximum number of managed nodes you want to register. The default value is <code>1</code>.</p>",
           "box":true
         },
         "ExpirationDate":{
@@ -4235,7 +4251,11 @@
         },
         "Tags":{
           "shape":"TagList",
-          "documentation":"<p>Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:</p> <ul> <li> <p> <code>Key=OS,Value=Windows</code> </p> </li> <li> <p> <code>Key=Environment,Value=Production</code> </p> </li> </ul> <important> <p>When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.</p> </important> <p>You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with \"mi-\". For information about how to add tags to your managed instances, see <a>AddTagsToResource</a>. For information about how to remove tags from your managed instances, see <a>RemoveTagsFromResource</a>.</p>"
+          "documentation":"<p>Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:</p> <ul> <li> <p> <code>Key=OS,Value=Windows</code> </p> </li> <li> <p> <code>Key=Environment,Value=Production</code> </p> </li> </ul> <important> <p>When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.</p> </important> <p>You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers, edge devices, and VMs after they connect to Systems Manager for the first time and are assigned a managed node ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with \"mi-\". For information about how to add tags to your managed nodes, see <a>AddTagsToResource</a>. For information about how to remove tags from your managed nodes, see <a>RemoveTagsFromResource</a>.</p>"
+        },
+        "RegistrationMetadata":{
+          "shape":"RegistrationMetadataList",
+          "documentation":"<p>Reserved for internal use.</p>"
         }
       }
     },
@@ -4273,11 +4293,11 @@
       "members":{
         "Name":{
           "shape":"DocumentARN",
-          "documentation":"<p>The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:aws:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
+          "documentation":"<p>The name of the SSM document that contains the configuration information for the managed node. You can specify Command or Automation runbooks.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:aws:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify an instance ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
+          "documentation":"<p>The managed node ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify a managed node ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -4293,7 +4313,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The instances targeted by the request.</p>"
+          "documentation":"<p>The managed nodes targeted by the request.</p>"
         },
         "ScheduleExpression":{
           "shape":"ScheduleExpression",
@@ -4309,11 +4329,11 @@
         },
         "MaxErrors":{
           "shape":"MaxErrors",
-          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
+          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new instance starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
+          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new managed node starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
         },
         "ComplianceSeverity":{
           "shape":"AssociationComplianceSeverity",
@@ -4336,7 +4356,7 @@
           "documentation":"<p>Use this action to create an association in multiple Regions and multiple accounts.</p>"
         }
       },
-      "documentation":"<p>Describes the association of a Amazon Web Services Systems Manager document (SSM document) and an instance.</p>"
+      "documentation":"<p>Describes the association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.</p>"
     },
     "CreateAssociationBatchResult":{
       "type":"structure",
@@ -4357,15 +4377,15 @@
       "members":{
         "Name":{
           "shape":"DocumentARN",
-          "documentation":"<p>The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:<i>partition</i>:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
+          "documentation":"<p>The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:<i>partition</i>:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
         },
         "DocumentVersion":{
           "shape":"DocumentVersion",
-          "documentation":"<p>The document version you want to associate with the target(s). Can be a specific version or the default version.</p>"
+          "documentation":"<p>The document version you want to associate with the target(s). Can be a specific version or the default version.</p> <important> <p>State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the <code>default</code> version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to <code>default</code>.</p> </important>"
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify an instance ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
+          "documentation":"<p>The managed node ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify a managed node ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
         },
         "Parameters":{
           "shape":"Parameters",
@@ -4373,7 +4393,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an Amazon Web Services account, or individual instance IDs. You can target all instances in an Amazon Web Services account by specifying the <code>InstanceIds</code> key with a value of <code>*</code>. For more information about choosing targets for an association, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state-manager-targets-and-rate-controls.html\">Using targets and rate controls with State Manager associations</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the <code>InstanceIds</code> key with a value of <code>*</code>. For more information about choosing targets for an association, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state-manager-targets-and-rate-controls.html\">Using targets and rate controls with State Manager associations</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "ScheduleExpression":{
           "shape":"ScheduleExpression",
@@ -4389,15 +4409,15 @@
         },
         "AutomationTargetParameterName":{
           "shape":"AutomationTargetParameterName",
-          "documentation":"<p>Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
+          "documentation":"<p>Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
         },
         "MaxErrors":{
           "shape":"MaxErrors",
-          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
+          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new instance starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
+          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new managed node starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
         },
         "ComplianceSeverity":{
           "shape":"AssociationComplianceSeverity",
@@ -4537,7 +4557,7 @@
         },
         "AllowUnassociatedTargets":{
           "shape":"MaintenanceWindowAllowUnassociatedTargets",
-          "documentation":"<p>Enables a maintenance window task to run on managed instances, even if you haven't registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.</p> <p>If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.</p>"
+          "documentation":"<p>Enables a maintenance window task to run on managed nodes, even if you haven't registered those nodes as targets. If enabled, then you must specify the unregistered managed nodes (by node ID) when you register a task with the maintenance window.</p> <p>If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.</p>"
         },
         "ClientToken":{
           "shape":"ClientToken",
@@ -4695,7 +4715,7 @@
         },
         "ApprovedPatchesEnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is <code>false</code>. Applies to Linux instances only.</p>",
+          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>",
           "box":true
         },
         "RejectedPatches":{
@@ -4712,7 +4732,7 @@
         },
         "Sources":{
           "shape":"PatchSourceList",
-          "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.</p>"
+          "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.</p>"
         },
         "ClientToken":{
           "shape":"ClientToken",
@@ -4802,7 +4822,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify an instance ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
+          "documentation":"<p>The managed node ID.</p> <note> <p> <code>InstanceId</code> has been deprecated. To specify a managed node ID for an association, use the <code>Targets</code> parameter. Requests that include the parameter <code>InstanceID</code> with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter <code>InstanceId</code>, you can't use the parameters <code>AssociationName</code>, <code>DocumentVersion</code>, <code>MaxErrors</code>, <code>MaxConcurrency</code>, <code>OutputLocation</code>, or <code>ScheduleExpression</code>. To use these parameters, you must use the <code>Targets</code> parameter.</p> </note>"
         },
         "AssociationId":{
           "shape":"AssociationId",
@@ -4999,7 +5019,7 @@
       "members":{
         "InstanceId":{
           "shape":"ManagedInstanceId",
-          "documentation":"<p>The ID assigned to the managed instance when you registered it using the activation process. </p>"
+          "documentation":"<p>The ID assigned to the managed node when you registered it using the activation process. </p>"
         }
       }
     },
@@ -5248,7 +5268,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "AssociationId":{
           "shape":"AssociationId",
@@ -5256,7 +5276,7 @@
         },
         "AssociationVersion":{
           "shape":"AssociationVersion",
-          "documentation":"<p>Specify the association version to retrieve. To view the latest version, either specify <code>$LATEST</code> for this parameter, or omit this parameter. To view a list of all associations for an instance, use <a>ListAssociations</a>. To get a list of versions for a specific association, use <a>ListAssociationVersions</a>. </p>"
+          "documentation":"<p>Specify the association version to retrieve. To view the latest version, either specify <code>$LATEST</code> for this parameter, or omit this parameter. To view a list of all associations for a managed node, use <a>ListAssociations</a>. To get a list of versions for a specific association, use <a>ListAssociationVersions</a>. </p>"
         }
       }
     },
@@ -5346,7 +5366,7 @@
       "members":{
         "Filters":{
           "shape":"PatchOrchestratorFilterList",
-          "documentation":"<p>Each element in the array is a structure containing a key-value pair.</p> <p> <b>Windows Server</b> </p> <p>Supported keys for Windows Server instance patches include the following:</p> <ul> <li> <p> <b> <code>PATCH_SET</code> </b> </p> <p>Sample values: <code>OS</code> | <code>APPLICATION</code> </p> </li> <li> <p> <b> <code>PRODUCT</code> </b> </p> <p>Sample values: <code>WindowsServer2012</code> | <code>Office 2010</code> | <code>MicrosoftDefenderAntivirus</code> </p> </li> <li> <p> <b> <code>PRODUCT_FAMILY</code> </b> </p> <p>Sample values: <code>Windows</code> | <code>Office</code> </p> </li> <li> <p> <b> <code>MSRC_SEVERITY</code> </b> </p> <p>Sample values: <code>ServicePacks</code> | <code>Important</code> | <code>Moderate</code> </p> </li> <li> <p> <b> <code>CLASSIFICATION</code> </b> </p> <p>Sample values: <code>ServicePacks</code> | <code>SecurityUpdates</code> | <code>DefinitionUpdates</code> </p> </li> <li> <p> <b> <code>PATCH_ID</code> </b> </p> <p>Sample values: <code>KB123456</code> | <code>KB4516046</code> </p> </li> </ul> <p> <b>Linux</b> </p> <important> <p>When specifying filters for Linux patches, you must specify a key-pair for <code>PRODUCT</code>. For example, using the Command Line Interface (CLI), the following command fails:</p> <p> <code>aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615</code> </p> <p>However, the following command succeeds:</p> <p> <code>aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615</code> </p> </important> <p>Supported keys for Linux instance patches include the following:</p> <ul> <li> <p> <b> <code>PRODUCT</code> </b> </p> <p>Sample values: <code>AmazonLinux2018.03</code> | <code>AmazonLinux2.0</code> </p> </li> <li> <p> <b> <code>NAME</code> </b> </p> <p>Sample values: <code>kernel-headers</code> | <code>samba-python</code> | <code>php</code> </p> </li> <li> <p> <b> <code>SEVERITY</code> </b> </p> <p>Sample values: <code>Critical</code> | <code>Important</code> | <code>Medium</code> | <code>Low</code> </p> </li> <li> <p> <b> <code>EPOCH</code> </b> </p> <p>Sample values: <code>0</code> | <code>1</code> </p> </li> <li> <p> <b> <code>VERSION</code> </b> </p> <p>Sample values: <code>78.6.1</code> | <code>4.10.16</code> </p> </li> <li> <p> <b> <code>RELEASE</code> </b> </p> <p>Sample values: <code>9.56.amzn1</code> | <code>1.amzn2</code> </p> </li> <li> <p> <b> <code>ARCH</code> </b> </p> <p>Sample values: <code>i686</code> | <code>x86_64</code> </p> </li> <li> <p> <b> <code>REPOSITORY</code> </b> </p> <p>Sample values: <code>Core</code> | <code>Updates</code> </p> </li> <li> <p> <b> <code>ADVISORY_ID</code> </b> </p> <p>Sample values: <code>ALAS-2018-1058</code> | <code>ALAS2-2021-1594</code> </p> </li> <li> <p> <b> <code>CVE_ID</code> </b> </p> <p>Sample values: <code>CVE-2018-3615</code> | <code>CVE-2020-1472</code> </p> </li> <li> <p> <b> <code>BUGZILLA_ID</code> </b> </p> <p>Sample values: <code>1463241</code> </p> </li> </ul>"
+          "documentation":"<p>Each element in the array is a structure containing a key-value pair.</p> <p> <b>Windows Server</b> </p> <p>Supported keys for Windows Server managed node patches include the following:</p> <ul> <li> <p> <b> <code>PATCH_SET</code> </b> </p> <p>Sample values: <code>OS</code> | <code>APPLICATION</code> </p> </li> <li> <p> <b> <code>PRODUCT</code> </b> </p> <p>Sample values: <code>WindowsServer2012</code> | <code>Office 2010</code> | <code>MicrosoftDefenderAntivirus</code> </p> </li> <li> <p> <b> <code>PRODUCT_FAMILY</code> </b> </p> <p>Sample values: <code>Windows</code> | <code>Office</code> </p> </li> <li> <p> <b> <code>MSRC_SEVERITY</code> </b> </p> <p>Sample values: <code>ServicePacks</code> | <code>Important</code> | <code>Moderate</code> </p> </li> <li> <p> <b> <code>CLASSIFICATION</code> </b> </p> <p>Sample values: <code>ServicePacks</code> | <code>SecurityUpdates</code> | <code>DefinitionUpdates</code> </p> </li> <li> <p> <b> <code>PATCH_ID</code> </b> </p> <p>Sample values: <code>KB123456</code> | <code>KB4516046</code> </p> </li> </ul> <p> <b>Linux</b> </p> <important> <p>When specifying filters for Linux patches, you must specify a key-pair for <code>PRODUCT</code>. For example, using the Command Line Interface (CLI), the following command fails:</p> <p> <code>aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615</code> </p> <p>However, the following command succeeds:</p> <p> <code>aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615</code> </p> </important> <p>Supported keys for Linux managed node patches include the following:</p> <ul> <li> <p> <b> <code>PRODUCT</code> </b> </p> <p>Sample values: <code>AmazonLinux2018.03</code> | <code>AmazonLinux2.0</code> </p> </li> <li> <p> <b> <code>NAME</code> </b> </p> <p>Sample values: <code>kernel-headers</code> | <code>samba-python</code> | <code>php</code> </p> </li> <li> <p> <b> <code>SEVERITY</code> </b> </p> <p>Sample values: <code>Critical</code> | <code>Important</code> | <code>Medium</code> | <code>Low</code> </p> </li> <li> <p> <b> <code>EPOCH</code> </b> </p> <p>Sample values: <code>0</code> | <code>1</code> </p> </li> <li> <p> <b> <code>VERSION</code> </b> </p> <p>Sample values: <code>78.6.1</code> | <code>4.10.16</code> </p> </li> <li> <p> <b> <code>RELEASE</code> </b> </p> <p>Sample values: <code>9.56.amzn1</code> | <code>1.amzn2</code> </p> </li> <li> <p> <b> <code>ARCH</code> </b> </p> <p>Sample values: <code>i686</code> | <code>x86_64</code> </p> </li> <li> <p> <b> <code>REPOSITORY</code> </b> </p> <p>Sample values: <code>Core</code> | <code>Updates</code> </p> </li> <li> <p> <b> <code>ADVISORY_ID</code> </b> </p> <p>Sample values: <code>ALAS-2018-1058</code> | <code>ALAS2-2021-1594</code> </p> </li> <li> <p> <b> <code>CVE_ID</code> </b> </p> <p>Sample values: <code>CVE-2018-3615</code> | <code>CVE-2020-1472</code> </p> </li> <li> <p> <b> <code>BUGZILLA_ID</code> </b> </p> <p>Sample values: <code>1463241</code> </p> </li> </ul>"
         },
         "MaxResults":{
           "shape":"PatchBaselineMaxResults",
@@ -5448,7 +5468,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID for which you want to view all associations.</p>"
+          "documentation":"<p>The managed node ID for which you want to view all associations.</p>"
         },
         "MaxResults":{
           "shape":"EffectiveInstanceAssociationMaxResults",
@@ -5466,7 +5486,7 @@
       "members":{
         "Associations":{
           "shape":"InstanceAssociationList",
-          "documentation":"<p>The associations for the requested instance.</p>"
+          "documentation":"<p>The associations for the requested managed node.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -5512,7 +5532,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance IDs for which you want association status information.</p>"
+          "documentation":"<p>The managed node IDs for which you want association status information.</p>"
         },
         "MaxResults":{
           "shape":"MaxResults",
@@ -5543,11 +5563,11 @@
       "members":{
         "InstanceInformationFilterList":{
           "shape":"InstanceInformationFilterList",
-          "documentation":"<p>This is a legacy method. We recommend that you don't use this method. Instead, use the <code>Filters</code> data type. <code>Filters</code> enables you to return instance information by filtering based on tags applied to managed instances.</p> <note> <p>Attempting to use <code>InstanceInformationFilterList</code> and <code>Filters</code> leads to an exception error. </p> </note>"
+          "documentation":"<p>This is a legacy method. We recommend that you don't use this method. Instead, use the <code>Filters</code> data type. <code>Filters</code> enables you to return node information by filtering based on tags applied to managed nodes.</p> <note> <p>Attempting to use <code>InstanceInformationFilterList</code> and <code>Filters</code> leads to an exception error. </p> </note>"
         },
         "Filters":{
           "shape":"InstanceInformationStringFilterList",
-          "documentation":"<p>One or more filters. Use a filter to return a more specific list of instances. You can filter based on tags applied to EC2 instances. Use this <code>Filters</code> data type instead of <code>InstanceInformationFilterList</code>, which is deprecated.</p>"
+          "documentation":"<p>One or more filters. Use a filter to return a more specific list of managed nodes. You can filter based on tags applied to EC2 instances. Use this <code>Filters</code> data type instead of <code>InstanceInformationFilterList</code>, which is deprecated.</p>"
         },
         "MaxResults":{
           "shape":"MaxResultsEC2Compatible",
@@ -5565,7 +5585,7 @@
       "members":{
         "InstanceInformationList":{
           "shape":"InstanceInformationList",
-          "documentation":"<p>The instance information list.</p>"
+          "documentation":"<p>The managed node information list.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -5601,7 +5621,7 @@
       "members":{
         "InstancePatchStates":{
           "shape":"InstancePatchStatesList",
-          "documentation":"<p>The high-level patch state for the requested instances. </p>"
+          "documentation":"<p>The high-level patch state for the requested managed nodes. </p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -5615,7 +5635,7 @@
       "members":{
         "InstanceIds":{
           "shape":"InstanceIdList",
-          "documentation":"<p>The ID of the instance for which patch state information should be retrieved.</p>"
+          "documentation":"<p>The ID of the managed node for which patch state information should be retrieved.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -5623,7 +5643,7 @@
         },
         "MaxResults":{
           "shape":"PatchComplianceMaxResults",
-          "documentation":"<p>The maximum number of instances to return (per page).</p>",
+          "documentation":"<p>The maximum number of managed nodes to return (per page).</p>",
           "box":true
         }
       }
@@ -5633,7 +5653,7 @@
       "members":{
         "InstancePatchStates":{
           "shape":"InstancePatchStateList",
-          "documentation":"<p>The high-level patch state for the requested instances.</p>"
+          "documentation":"<p>The high-level patch state for the requested managed nodes.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -5647,7 +5667,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The ID of the instance whose patch state information should be retrieved.</p>"
+          "documentation":"<p>The ID of the managed node whose patch state information should be retrieved.</p>"
         },
         "Filters":{
           "shape":"PatchOrchestratorFilterList",
@@ -5832,7 +5852,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The instance ID or key-value pair to retrieve information about.</p>"
+          "documentation":"<p>The managed node ID or key-value pair to retrieve information about.</p>"
         },
         "ResourceType":{
           "shape":"MaintenanceWindowResourceType",
@@ -5947,7 +5967,7 @@
       "members":{
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The instance ID or key-value pair to retrieve information about.</p>"
+          "documentation":"<p>The managed node ID or key-value pair to retrieve information about.</p>"
         },
         "ResourceType":{
           "shape":"MaintenanceWindowResourceType",
@@ -5969,7 +5989,7 @@
       "members":{
         "WindowIdentities":{
           "shape":"MaintenanceWindowsForTargetList",
-          "documentation":"<p>Information about the maintenance window targets and tasks an instance is associated with.</p>"
+          "documentation":"<p>Information about the maintenance window targets and tasks a managed node is associated with.</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -6119,56 +6139,56 @@
       "members":{
         "Instances":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances in the patch group.</p>"
+          "documentation":"<p>The number of managed nodes in the patch group.</p>"
         },
         "InstancesWithInstalledPatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with installed patches.</p>"
+          "documentation":"<p>The number of managed nodes with installed patches.</p>"
         },
         "InstancesWithInstalledOtherPatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with patches installed that aren't defined in the patch baseline.</p>"
+          "documentation":"<p>The number of managed nodes with patches installed that aren't defined in the patch baseline.</p>"
         },
         "InstancesWithInstalledPendingRebootPatches":{
           "shape":"InstancesCount",
-          "documentation":"<p>The number of instances with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         },
         "InstancesWithInstalledRejectedPatches":{
           "shape":"InstancesCount",
-          "documentation":"<p>The number of instances with patches installed that are specified in a <code>RejectedPatches</code> list. Patches with a status of <code>INSTALLED_REJECTED</code> were typically installed before they were added to a <code>RejectedPatches</code> list.</p> <note> <p>If <code>ALLOW_AS_DEPENDENCY</code> is the specified option for <code>RejectedPatchesAction</code>, the value of <code>InstancesWithInstalledRejectedPatches</code> will always be <code>0</code> (zero).</p> </note>",
+          "documentation":"<p>The number of managed nodes with patches installed that are specified in a <code>RejectedPatches</code> list. Patches with a status of <code>INSTALLED_REJECTED</code> were typically installed before they were added to a <code>RejectedPatches</code> list.</p> <note> <p>If <code>ALLOW_AS_DEPENDENCY</code> is the specified option for <code>RejectedPatchesAction</code>, the value of <code>InstancesWithInstalledRejectedPatches</code> will always be <code>0</code> (zero).</p> </note>",
           "box":true
         },
         "InstancesWithMissingPatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with missing patches from the patch baseline.</p>"
+          "documentation":"<p>The number of managed nodes with missing patches from the patch baseline.</p>"
         },
         "InstancesWithFailedPatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with patches from the patch baseline that failed to install.</p>"
+          "documentation":"<p>The number of managed nodes with patches from the patch baseline that failed to install.</p>"
         },
         "InstancesWithNotApplicablePatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with patches that aren't applicable.</p>"
+          "documentation":"<p>The number of managed nodes with patches that aren't applicable.</p>"
         },
         "InstancesWithUnreportedNotApplicablePatches":{
           "shape":"Integer",
-          "documentation":"<p>The number of instances with <code>NotApplicable</code> patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.</p>",
+          "documentation":"<p>The number of managed nodes with <code>NotApplicable</code> patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.</p>",
           "box":true
         },
         "InstancesWithCriticalNonCompliantPatches":{
           "shape":"InstancesCount",
-          "documentation":"<p>The number of instances where patches that are specified as <code>Critical</code> for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes where patches that are specified as <code>Critical</code> for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         },
         "InstancesWithSecurityNonCompliantPatches":{
           "shape":"InstancesCount",
-          "documentation":"<p>The number of instances where patches that are specified as <code>Security</code> in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes where patches that are specified as <code>Security</code> in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         },
         "InstancesWithOtherNonCompliantPatches":{
           "shape":"InstancesCount",
-          "documentation":"<p>The number of instances with patches installed that are specified as other than <code>Critical</code> or <code>Security</code> but aren't compliant with the patch baseline. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes with patches installed that are specified as other than <code>Critical</code> or <code>Security</code> but aren't compliant with the patch baseline. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         }
       }
@@ -6398,7 +6418,7 @@
         },
         "PlatformTypes":{
           "shape":"PlatformTypeList",
-          "documentation":"<p>The list of OS platforms compatible with this SSM document. </p>"
+          "documentation":"<p>The list of operating system (OS) platforms compatible with this SSM document. </p>"
         },
         "DocumentType":{
           "shape":"DocumentType",
@@ -6455,9 +6475,17 @@
         "ReviewStatus":{
           "shape":"ReviewStatus",
           "documentation":"<p>The current status of the review.</p>"
+        },
+        "Category":{
+          "shape":"CategoryList",
+          "documentation":"<p>The classification of a document to help you identify and categorize its use.</p>"
+        },
+        "CategoryEnum":{
+          "shape":"CategoryEnumList",
+          "documentation":"<p>The value that identifies a document's category.</p>"
         }
       },
-      "documentation":"<p>Describes a Amazon Web Services Systems Manager document (SSM document). </p>"
+      "documentation":"<p>Describes an Amazon Web Services Systems Manager document (SSM document). </p>"
     },
     "DocumentDisplayName":{
       "type":"string",
@@ -6941,7 +6969,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>You can't specify an instance ID in more than one association.</p>",
+      "documentation":"<p>You can't specify a managed node ID in more than one association.</p>",
       "exception":true
     },
     "EffectiveInstanceAssociationMaxResults":{
@@ -7101,7 +7129,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.</p>"
+          "documentation":"<p>(Required) The ID of the managed node targeted by the command. A <i>managed node</i> can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, and on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.</p>"
         },
         "PluginName":{
           "shape":"CommandPluginName",
@@ -7118,7 +7146,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The ID of the managed instance targeted by the command. A managed instance can be an EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.</p>"
+          "documentation":"<p>The ID of the managed node targeted by the command. A <i>managed node</i> can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, or on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.</p>"
         },
         "Comment":{
           "shape":"Comment",
@@ -7138,7 +7166,7 @@
         },
         "ResponseCode":{
           "shape":"ResponseCode",
-          "documentation":"<p>The error level response code for the plugin script. If the response code is <code>-1</code>, then the command hasn't started running on the instance, or it wasn't received by the instance.</p>"
+          "documentation":"<p>The error level response code for the plugin script. If the response code is <code>-1</code>, then the command hasn't started running on the managed node, or it wasn't received by the node.</p>"
         },
         "ExecutionStartDateTime":{
           "shape":"StringDateTime",
@@ -7158,7 +7186,7 @@
         },
         "StatusDetails":{
           "shape":"StatusDetails",
-          "documentation":"<p>A detailed status of the command execution for an invocation. <code>StatusDetails</code> includes more information than <code>Status</code> because it includes states resulting from error and concurrency control parameters. <code>StatusDetails</code> can show different results than <code>Status</code>. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. <code>StatusDetails</code> can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the instance.</p> </li> <li> <p>In Progress: The command has been sent to the instance but hasn't reached a terminal state.</p> </li> <li> <p>Delayed: The system attempted to send the command to the target, but the target wasn't available. The instance might not be available because of network issues, because the instance was stopped, or for similar reasons. The system will try to send the command again.</p> </li> <li> <p>Success: The command or plugin ran successfully. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: The command started to run on the instance, but the execution wasn't complete before the timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't run successfully on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Canceled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the instance. The instance might not exist or might not be responding. Undeliverable invocations don't count against the parent command's <code>MaxErrors</code> limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its <code>MaxErrors</code> limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
+          "documentation":"<p>A detailed status of the command execution for an invocation. <code>StatusDetails</code> includes more information than <code>Status</code> because it includes states resulting from error and concurrency control parameters. <code>StatusDetails</code> can show different results than <code>Status</code>. For more information about these statuses, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/monitor-commands.html\">Understanding command statuses</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. <code>StatusDetails</code> can be one of the following values:</p> <ul> <li> <p>Pending: The command hasn't been sent to the managed node.</p> </li> <li> <p>In Progress: The command has been sent to the managed node but hasn't reached a terminal state.</p> </li> <li> <p>Delayed: The system attempted to send the command to the target, but the target wasn't available. The managed node might not be available because of network issues, because the node was stopped, or for similar reasons. The system will try to send the command again.</p> </li> <li> <p>Success: The command or plugin ran successfully. This is a terminal state.</p> </li> <li> <p>Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's <code>MaxErrors</code> limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Execution Timed Out: The command started to run on the managed node, but the execution wasn't complete before the timeout expired. Execution timeouts count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Failed: The command wasn't run successfully on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the <code>MaxErrors</code> limit of the parent command. This is a terminal state.</p> </li> <li> <p>Cancelled: The command was terminated before it was completed. This is a terminal state.</p> </li> <li> <p>Undeliverable: The command can't be delivered to the managed node. The node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's <code>MaxErrors</code> limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.</p> </li> <li> <p>Terminated: The parent command exceeded its <code>MaxErrors</code> limit and subsequent command invocations were canceled by the system. This is a terminal state.</p> </li> </ul>"
         },
         "StandardOutputContent":{
           "shape":"StandardOutputContent",
@@ -7188,7 +7216,7 @@
       "members":{
         "Target":{
           "shape":"SessionTarget",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         }
       }
     },
@@ -7197,11 +7225,11 @@
       "members":{
         "Target":{
           "shape":"SessionTarget",
-          "documentation":"<p>The ID of the instance to check connection status. </p>"
+          "documentation":"<p>The ID of the managed node to check connection status. </p>"
         },
         "Status":{
           "shape":"ConnectionStatus",
-          "documentation":"<p>The status of the connection to the instance. For example, 'Connected' or 'Not Connected'.</p>"
+          "documentation":"<p>The status of the connection to the managed node. For example, 'Connected' or 'Not Connected'.</p>"
         }
       }
     },
@@ -7236,7 +7264,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The ID of the instance for which the appropriate patch snapshot should be retrieved.</p>"
+          "documentation":"<p>The ID of the managed node for which the appropriate patch snapshot should be retrieved.</p>"
         },
         "SnapshotId":{
           "shape":"SnapshotId",
@@ -7253,7 +7281,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "SnapshotId":{
           "shape":"SnapshotId",
@@ -7265,7 +7293,7 @@
         },
         "Product":{
           "shape":"Product",
-          "documentation":"<p>Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the instance for the specified patch snapshot.</p>"
+          "documentation":"<p>Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the managed node for the specified patch snapshot.</p>"
         }
       }
     },
@@ -7357,7 +7385,7 @@
         },
         "Aggregators":{
           "shape":"InventoryAggregatorList",
-          "documentation":"<p>Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the <code>AWS:InstanceInformation.PlatformType</code> type, you can see a count of how many Windows and Linux instances exist in your inventoried fleet.</p>"
+          "documentation":"<p>Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the <code>AWS:InstanceInformation.PlatformType</code> type, you can see a count of how many Windows and Linux managed nodes exist in your inventoried fleet.</p>"
         },
         "ResultAttributes":{
           "shape":"ResultAttributeList",
@@ -7379,7 +7407,7 @@
       "members":{
         "Entities":{
           "shape":"InventoryResultEntityList",
-          "documentation":"<p>Collection of inventory entities such as a collection of instance inventory. </p>"
+          "documentation":"<p>Collection of inventory entities such as a collection of managed node inventory. </p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -8096,7 +8124,7 @@
         },
         "ApprovedPatchesEnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is <code>false</code>. Applies to Linux instances only.</p>",
+          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>",
           "box":true
         },
         "RejectedPatches":{
@@ -8125,7 +8153,7 @@
         },
         "Sources":{
           "shape":"PatchSourceList",
-          "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.</p>"
+          "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.</p>"
         }
       }
     },
@@ -8219,7 +8247,7 @@
         },
         "InstanceAssociationStatusAggregatedCount":{
           "shape":"InstanceAssociationStatusAggregatedCount",
-          "documentation":"<p>The number of associations for the instance(s).</p>"
+          "documentation":"<p>The number of associations for the managed node(s).</p>"
         }
       },
       "documentation":"<p>Status information about the aggregated associations.</p>"
@@ -8233,18 +8261,18 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "Content":{
           "shape":"DocumentContent",
-          "documentation":"<p>The content of the association document for the instance(s).</p>"
+          "documentation":"<p>The content of the association document for the managed node(s).</p>"
         },
         "AssociationVersion":{
           "shape":"AssociationVersion",
-          "documentation":"<p>Version information for the association on the instance.</p>"
+          "documentation":"<p>Version information for the association on the managed node.</p>"
         }
       },
-      "documentation":"<p>One or more association documents on the instance. </p>"
+      "documentation":"<p>One or more association documents on the managed node. </p>"
     },
     "InstanceAssociationExecutionSummary":{
       "type":"string",
@@ -8297,23 +8325,23 @@
         },
         "AssociationVersion":{
           "shape":"AssociationVersion",
-          "documentation":"<p>The version of the association applied to the instance.</p>"
+          "documentation":"<p>The version of the association applied to the managed node.</p>"
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID where the association was created.</p>"
+          "documentation":"<p>The managed node ID where the association was created.</p>"
         },
         "ExecutionDate":{
           "shape":"DateTime",
-          "documentation":"<p>The date the instance association ran. </p>"
+          "documentation":"<p>The date the association ran. </p>"
         },
         "Status":{
           "shape":"StatusName",
-          "documentation":"<p>Status information about the instance association.</p>"
+          "documentation":"<p>Status information about the association.</p>"
         },
         "DetailedStatus":{
           "shape":"StatusName",
-          "documentation":"<p>Detailed status information about the instance association.</p>"
+          "documentation":"<p>Detailed status information about the association.</p>"
         },
         "ExecutionSummary":{
           "shape":"InstanceAssociationExecutionSummary",
@@ -8329,10 +8357,10 @@
         },
         "AssociationName":{
           "shape":"AssociationName",
-          "documentation":"<p>The name of the association applied to the instance.</p>"
+          "documentation":"<p>The name of the association applied to the managed node.</p>"
         }
       },
-      "documentation":"<p>Status information about the instance association.</p>"
+      "documentation":"<p>Status information about the association.</p>"
     },
     "InstanceAssociationStatusInfos":{
       "type":"list",
@@ -8354,7 +8382,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID. </p>"
+          "documentation":"<p>The managed node ID. </p>"
         },
         "PingStatus":{
           "shape":"PingStatus",
@@ -8367,11 +8395,11 @@
         },
         "AgentVersion":{
           "shape":"Version",
-          "documentation":"<p>The version of SSM Agent running on your Linux instance. </p>"
+          "documentation":"<p>The version of SSM Agent running on your Linux managed node. </p>"
         },
         "IsLatestVersion":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the latest version of SSM Agent is running on your Linux Managed Instance. This field doesn't indicate whether or not the latest version is installed on Windows managed instances, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.</p>",
+          "documentation":"<p>Indicates whether the latest version of SSM Agent is running on your Linux managed node. This field doesn't indicate whether or not the latest version is installed on Windows managed nodes, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.</p>",
           "box":true
         },
         "PlatformType":{
@@ -8380,11 +8408,11 @@
         },
         "PlatformName":{
           "shape":"String",
-          "documentation":"<p>The name of the operating system platform running on your instance. </p>"
+          "documentation":"<p>The name of the operating system platform running on your managed node. </p>"
         },
         "PlatformVersion":{
           "shape":"String",
-          "documentation":"<p>The version of the OS platform running on your instance. </p>"
+          "documentation":"<p>The version of the OS platform running on your managed node. </p>"
         },
         "ActivationId":{
           "shape":"ActivationId",
@@ -8392,11 +8420,11 @@
         },
         "IamRole":{
           "shape":"IamRole",
-          "documentation":"<p>The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed instance. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2 <code>DescribeInstances</code> operation. For information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\">DescribeInstances</a> in the <i>Amazon EC2 API Reference</i> or <a href=\"https://docs.aws.amazon.com/cli/latest/ec2/describe-instances.html\">describe-instances</a> in the <i>Amazon Web Services CLI Command Reference</i>.</p>"
+          "documentation":"<p>The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed node. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2 <code>DescribeInstances</code> operation. For information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\">DescribeInstances</a> in the <i>Amazon EC2 API Reference</i> or <a href=\"https://docs.aws.amazon.com/cli/latest/ec2/describe-instances.html\">describe-instances</a> in the <i>Amazon Web Services CLI Command Reference</i>.</p>"
         },
         "RegistrationDate":{
           "shape":"DateTime",
-          "documentation":"<p>The date the server or VM was registered with Amazon Web Services as a managed instance.</p>",
+          "documentation":"<p>The date the server or VM was registered with Amazon Web Services as a managed node.</p>",
           "box":true
         },
         "ResourceType":{
@@ -8405,15 +8433,15 @@
         },
         "Name":{
           "shape":"String",
-          "documentation":"<p>The name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance. The name is specified as the <code>DefaultInstanceName</code> property using the <a>CreateActivation</a> command. It is applied to the managed instance by specifying the Activation Code and Activation ID when you install SSM Agent on the instance, as explained in <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-linux.html\">Install SSM Agent for a hybrid environment (Linux)</a> and <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html\">Install SSM Agent for a hybrid environment (Windows)</a>. To retrieve the Name tag of an EC2 instance, use the Amazon EC2 <code>DescribeInstances</code> operation. For information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\">DescribeInstances</a> in the <i>Amazon EC2 API Reference</i> or <a href=\"https://docs.aws.amazon.com/cli/latest/ec2/describe-instances.html\">describe-instances</a> in the <i>Amazon Web Services CLI Command Reference</i>.</p>"
+          "documentation":"<p>The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the <code>DefaultInstanceName</code> property using the <a>CreateActivation</a> command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-linux.html\">Install SSM Agent for a hybrid environment (Linux)</a> and <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-install-managed-win.html\">Install SSM Agent for a hybrid environment (Windows)</a>. To retrieve the <code>Name</code> tag of an EC2 instance, use the Amazon EC2 <code>DescribeInstances</code> operation. For information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html\">DescribeInstances</a> in the <i>Amazon EC2 API Reference</i> or <a href=\"https://docs.aws.amazon.com/cli/latest/ec2/describe-instances.html\">describe-instances</a> in the <i>Amazon Web Services CLI Command Reference</i>.</p>"
         },
         "IPAddress":{
           "shape":"IPAddress",
-          "documentation":"<p>The IP address of the managed instance.</p>"
+          "documentation":"<p>The IP address of the managed node.</p>"
         },
         "ComputerName":{
           "shape":"ComputerName",
-          "documentation":"<p>The fully qualified host name of the managed instance.</p>"
+          "documentation":"<p>The fully qualified host name of the managed node.</p>"
         },
         "AssociationStatus":{
           "shape":"StatusName",
@@ -8430,9 +8458,17 @@
         "AssociationOverview":{
           "shape":"InstanceAggregatedAssociationOverview",
           "documentation":"<p>Information about the association.</p>"
+        },
+        "SourceId":{
+          "shape":"SourceId",
+          "documentation":"<p>The ID of the source resource. For IoT Greengrass devices, <code>SourceId</code> is the Thing name. </p>"
+        },
+        "SourceType":{
+          "shape":"SourceType",
+          "documentation":"<p>The type of the source resource. For IoT Greengrass devices, <code>SourceType</code> is <code>AWS::IoT::Thing</code>. </p>"
         }
       },
-      "documentation":"<p>Describes a filter for a specific list of instances. </p>"
+      "documentation":"<p>Describes a filter for a specific list of managed nodes. </p>"
     },
     "InstanceInformationFilter":{
       "type":"structure",
@@ -8450,7 +8486,7 @@
           "documentation":"<p>The filter values.</p>"
         }
       },
-      "documentation":"<p>Describes a filter for a specific list of instances. You can filter instances information by using tags. You specify tags by using a key-value mapping.</p> <p>Use this operation instead of the <a>DescribeInstanceInformationRequest$InstanceInformationFilterList</a> method. The <code>InstanceInformationFilterList</code> method is a legacy method and doesn't support tags. </p>"
+      "documentation":"<p>Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.</p> <p>Use this operation instead of the <a>DescribeInstanceInformationRequest$InstanceInformationFilterList</a> method. The <code>InstanceInformationFilterList</code> method is a legacy method and doesn't support tags. </p>"
     },
     "InstanceInformationFilterKey":{
       "type":"string",
@@ -8493,14 +8529,14 @@
       "members":{
         "Key":{
           "shape":"InstanceInformationStringFilterKey",
-          "documentation":"<p>The filter key name to describe your instances. For example:</p> <p>\"InstanceIds\"|\"AgentVersion\"|\"PingStatus\"|\"PlatformTypes\"|\"ActivationIds\"|\"IamRole\"|\"ResourceType\"|\"AssociationStatus\"|\"Tag Key\"</p> <important> <p> <code>Tag key</code> isn't a valid filter. You must specify either <code>tag-key</code> or <code>tag:keyname</code> and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some <i>invalid</i> examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.</p> </important>"
+          "documentation":"<p>The filter key name to describe your managed nodes. For example:</p> <p>\"InstanceIds\"|\"AgentVersion\"|\"PingStatus\"|\"PlatformTypes\"|\"ActivationIds\"|\"IamRole\"|\"ResourceType\"|\"AssociationStatus\"|\"Tag Key\"</p> <important> <p> <code>Tag key</code> isn't a valid filter. You must specify either <code>tag-key</code> or <code>tag:keyname</code> and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some <i>invalid</i> examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.</p> </important>"
         },
         "Values":{
           "shape":"InstanceInformationFilterValueSet",
           "documentation":"<p>The filter values.</p>"
         }
       },
-      "documentation":"<p>The filters to describe or get information about your managed instances.</p>"
+      "documentation":"<p>The filters to describe or get information about your managed nodes.</p>"
     },
     "InstanceInformationStringFilterKey":{
       "type":"string",
@@ -8524,15 +8560,15 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The ID of the managed instance the high-level patch compliance information was collected for.</p>"
+          "documentation":"<p>The ID of the managed node the high-level patch compliance information was collected for.</p>"
         },
         "PatchGroup":{
           "shape":"PatchGroup",
-          "documentation":"<p>The name of the patch group the managed instance belongs to.</p>"
+          "documentation":"<p>The name of the patch group the managed node belongs to.</p>"
         },
         "BaselineId":{
           "shape":"BaselineId",
-          "documentation":"<p>The ID of the patch baseline used to patch the instance.</p>"
+          "documentation":"<p>The ID of the patch baseline used to patch the managed node.</p>"
         },
         "SnapshotId":{
           "shape":"SnapshotId",
@@ -8548,25 +8584,25 @@
         },
         "InstalledCount":{
           "shape":"PatchInstalledCount",
-          "documentation":"<p>The number of patches from the patch baseline that are installed on the instance.</p>"
+          "documentation":"<p>The number of patches from the patch baseline that are installed on the managed node.</p>"
         },
         "InstalledOtherCount":{
           "shape":"PatchInstalledOtherCount",
-          "documentation":"<p>The number of patches not specified in the patch baseline that are installed on the instance.</p>"
+          "documentation":"<p>The number of patches not specified in the patch baseline that are installed on the managed node.</p>"
         },
         "InstalledPendingRebootCount":{
           "shape":"PatchInstalledPendingRebootCount",
-          "documentation":"<p>The number of patches installed by Patch Manager since the last time the instance was rebooted.</p>",
+          "documentation":"<p>The number of patches installed by Patch Manager since the last time the managed node was rebooted.</p>",
           "box":true
         },
         "InstalledRejectedCount":{
           "shape":"PatchInstalledRejectedCount",
-          "documentation":"<p>The number of patches installed on an instance that are specified in a <code>RejectedPatches</code> list. Patches with a status of <code>InstalledRejected</code> were typically installed before they were added to a <code>RejectedPatches</code> list.</p> <note> <p>If <code>ALLOW_AS_DEPENDENCY</code> is the specified option for <code>RejectedPatchesAction</code>, the value of <code>InstalledRejectedCount</code> will always be <code>0</code> (zero).</p> </note>",
+          "documentation":"<p>The number of patches installed on a managed node that are specified in a <code>RejectedPatches</code> list. Patches with a status of <code>InstalledRejected</code> were typically installed before they were added to a <code>RejectedPatches</code> list.</p> <note> <p>If <code>ALLOW_AS_DEPENDENCY</code> is the specified option for <code>RejectedPatchesAction</code>, the value of <code>InstalledRejectedCount</code> will always be <code>0</code> (zero).</p> </note>",
           "box":true
         },
         "MissingCount":{
           "shape":"PatchMissingCount",
-          "documentation":"<p>The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.</p>"
+          "documentation":"<p>The number of patches from the patch baseline that are applicable for the managed node but aren't currently installed.</p>"
         },
         "FailedCount":{
           "shape":"PatchFailedCount",
@@ -8579,15 +8615,15 @@
         },
         "NotApplicableCount":{
           "shape":"PatchNotApplicableCount",
-          "documentation":"<p>The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in <code>UnreportedNotApplicableCount</code>.</p>"
+          "documentation":"<p>The number of patches from the patch baseline that aren't applicable for the managed node and therefore aren't installed on the node. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in <code>UnreportedNotApplicableCount</code>.</p>"
         },
         "OperationStartTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time the most recent patching operation was started on the instance.</p>"
+          "documentation":"<p>The time the most recent patching operation was started on the managed node.</p>"
         },
         "OperationEndTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time the most recent patching operation completed on the instance.</p>"
+          "documentation":"<p>The time the most recent patching operation completed on the managed node.</p>"
         },
         "Operation":{
           "shape":"PatchOperationType",
@@ -8595,29 +8631,29 @@
         },
         "LastNoRebootInstallOperationTime":{
           "shape":"DateTime",
-          "documentation":"<p>The time of the last attempt to patch the instance with <code>NoReboot</code> specified as the reboot option.</p>"
+          "documentation":"<p>The time of the last attempt to patch the managed node with <code>NoReboot</code> specified as the reboot option.</p>"
         },
         "RebootOption":{
           "shape":"RebootOption",
-          "documentation":"<p>Indicates the reboot option specified in the patch baseline.</p> <note> <p>Reboot options apply to <code>Install</code> operations only. Reboots aren't attempted for Patch Manager <code>Scan</code> operations.</p> </note> <ul> <li> <p> <code>RebootIfNeeded</code>: Patch Manager tries to reboot the instance if it installed any patches, or if any patches are detected with a status of <code>InstalledPendingReboot</code>.</p> </li> <li> <p> <code>NoReboot</code>: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status of <code>InstalledPendingReboot</code>. These patches might not be in effect until a reboot is performed.</p> </li> </ul>"
+          "documentation":"<p>Indicates the reboot option specified in the patch baseline.</p> <note> <p>Reboot options apply to <code>Install</code> operations only. Reboots aren't attempted for Patch Manager <code>Scan</code> operations.</p> </note> <ul> <li> <p> <code>RebootIfNeeded</code>: Patch Manager tries to reboot the managed node if it installed any patches, or if any patches are detected with a status of <code>InstalledPendingReboot</code>.</p> </li> <li> <p> <code>NoReboot</code>: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status of <code>InstalledPendingReboot</code>. These patches might not be in effect until a reboot is performed.</p> </li> </ul>"
         },
         "CriticalNonCompliantCount":{
           "shape":"PatchCriticalNonCompliantCount",
-          "documentation":"<p>The number of instances where patches that are specified as <code>Critical</code> for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes where patches that are specified as <code>Critical</code> for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         },
         "SecurityNonCompliantCount":{
           "shape":"PatchSecurityNonCompliantCount",
-          "documentation":"<p>The number of instances where patches that are specified as <code>Security</code> in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes where patches that are specified as <code>Security</code> in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         },
         "OtherNonCompliantCount":{
           "shape":"PatchOtherNonCompliantCount",
-          "documentation":"<p>The number of instances with patches installed that are specified as other than <code>Critical</code> or <code>Security</code> but aren't compliant with the patch baseline. The status of these instances is <code>NON_COMPLIANT</code>.</p>",
+          "documentation":"<p>The number of managed nodes with patches installed that are specified as other than <code>Critical</code> or <code>Security</code> but aren't compliant with the patch baseline. The status of these managed nodes is <code>NON_COMPLIANT</code>.</p>",
           "box":true
         }
       },
-      "documentation":"<p>Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.</p>"
+      "documentation":"<p>Defines the high-level patch compliance state for a managed node, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the managed node.</p>"
     },
     "InstancePatchStateFilter":{
       "type":"structure",
@@ -8640,7 +8676,7 @@
           "documentation":"<p>The type of comparison that should be performed for the value.</p>"
         }
       },
-      "documentation":"<p>Defines a filter used in <a>DescribeInstancePatchStatesForPatchGroup</a> to scope down the information returned by the API.</p> <p> <b>Example</b>: To filter for all instances in a patch group having more than three patches with a <code>FailedCount</code> status, use the following for the filter:</p> <ul> <li> <p>Value for <code>Key</code>: <code>FailedCount</code> </p> </li> <li> <p>Value for <code>Type</code>: <code>GreaterThan</code> </p> </li> <li> <p>Value for <code>Values</code>: <code>3</code> </p> </li> </ul>"
+      "documentation":"<p>Defines a filter used in <a>DescribeInstancePatchStatesForPatchGroup</a> to scope down the information returned by the API.</p> <p> <b>Example</b>: To filter for all managed nodes in a patch group having more than three patches with a <code>FailedCount</code> status, use the following for the filter:</p> <ul> <li> <p>Value for <code>Key</code>: <code>FailedCount</code> </p> </li> <li> <p>Value for <code>Type</code>: <code>GreaterThan</code> </p> </li> <li> <p>Value for <code>Values</code>: <code>3</code> </p> </li> </ul>"
     },
     "InstancePatchStateFilterKey":{
       "type":"string",
@@ -8885,7 +8921,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The following problems can cause this exception:</p> <ul> <li> <p>You don't have permission to access the instance.</p> </li> <li> <p>Amazon Web Services Systems Manager Agent(SSM Agent) isn't running. Verify that SSM Agent is running.</p> </li> <li> <p>SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.</p> </li> <li> <p>The instance isn't in valid state. Valid states are: <code>Running</code>, <code>Pending</code>, <code>Stopped</code>, and <code>Stopping</code>. Invalid states are: <code>Shutting-down</code> and <code>Terminated</code>.</p> </li> </ul>",
+      "documentation":"<p>The following problems can cause this exception:</p> <ul> <li> <p>You don't have permission to access the managed node.</p> </li> <li> <p>Amazon Web Services Systems Manager Agent(SSM Agent) isn't running. Verify that SSM Agent is running.</p> </li> <li> <p>SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.</p> </li> <li> <p>The managed node isn't in valid state. Valid states are: <code>Running</code>, <code>Pending</code>, <code>Stopped</code>, and <code>Stopping</code>. Invalid states are: <code>Shutting-down</code> and <code>Terminated</code>.</p> </li> </ul>",
       "exception":true
     },
     "InvalidInstanceInformationFilterValue":{
@@ -9025,7 +9061,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The resource type isn't valid. For example, if you are attempting to tag an instance, the instance must be a registered, managed instance.</p>",
+      "documentation":"<p>The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.</p>",
       "exception":true
     },
     "InvalidResultAttributeException":{
@@ -9213,7 +9249,7 @@
         },
         "Values":{
           "shape":"InventoryFilterValueList",
-          "documentation":"<p>Inventory filter values. Example: inventory filter where instance IDs are specified as values <code>Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal</code>. </p>"
+          "documentation":"<p>Inventory filter values. Example: inventory filter where managed node IDs are specified as values <code>Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal</code>. </p>"
         },
         "Type":{
           "shape":"InventoryQueryOperatorType",
@@ -9302,7 +9338,7 @@
           "documentation":"<p>A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the <code>ExecutionId</code>, <code>ExecutionType</code>, <code>ComplianceType</code> properties of the <code>AWS:ComplianceItem</code> type.</p>"
         }
       },
-      "documentation":"<p>Information collected from managed instances based on your inventory policy document</p>"
+      "documentation":"<p>Information collected from managed nodes based on your inventory policy document</p>"
     },
     "InventoryItemAttribute":{
       "type":"structure",
@@ -9424,7 +9460,7 @@
       "members":{
         "Id":{
           "shape":"InventoryResultEntityId",
-          "documentation":"<p>ID of the inventory result entity. For example, for managed instance inventory the result will be the managed instance ID. For EC2 instance inventory, the result will be the instance ID. </p>"
+          "documentation":"<p>ID of the inventory result entity. For example, for managed node inventory the result will be the managed node ID. For EC2 instance inventory, the result will be the instance ID. </p>"
         },
         "Data":{
           "shape":"InventoryResultItemMap",
@@ -9487,7 +9523,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The command ID and instance ID you specified didn't match any invocations. Verify the command ID and the instance ID and try again. </p>",
+      "documentation":"<p>The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again. </p>",
       "exception":true
     },
     "InvocationTraceOutput":{
@@ -9600,7 +9636,7 @@
       "members":{
         "AssociationFilterList":{
           "shape":"AssociationFilterList",
-          "documentation":"<p>One or more filters. Use a filter to return a more specific list of results.</p> <note> <p>Filtering associations using the <code>InstanceID</code> attribute only returns legacy associations created using the <code>InstanceID</code> attribute. Associations targeting the instance that are part of the Target Attributes <code>ResourceGroup</code> or <code>Tags</code> aren't returned.</p> </note>"
+          "documentation":"<p>One or more filters. Use a filter to return a more specific list of results.</p> <note> <p>Filtering associations using the <code>InstanceID</code> attribute only returns legacy associations created using the <code>InstanceID</code> attribute. Associations targeting the managed node that are part of the Target Attributes <code>ResourceGroup</code> or <code>Tags</code> aren't returned.</p> </note>"
         },
         "MaxResults":{
           "shape":"MaxResults",
@@ -9635,7 +9671,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>(Optional) The command execution details for a specific instance ID.</p>"
+          "documentation":"<p>(Optional) The command execution details for a specific managed node ID.</p>"
         },
         "MaxResults":{
           "shape":"CommandMaxResults",
@@ -9678,7 +9714,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>(Optional) Lists commands issued against this instance ID.</p> <note> <p>You can't specify an instance ID in the same command that you specify <code>Status</code> = <code>Pending</code>. This is because the command hasn't reached the instance yet.</p> </note>"
+          "documentation":"<p>(Optional) Lists commands issued against this managed node ID.</p> <note> <p>You can't specify a managed node ID in the same command that you specify <code>Status</code> = <code>Pending</code>. This is because the command hasn't reached the managed node yet.</p> </note>"
         },
         "MaxResults":{
           "shape":"CommandMaxResults",
@@ -9909,7 +9945,7 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID for which you want inventory information.</p>"
+          "documentation":"<p>The managed node ID for which you want inventory information.</p>"
         },
         "TypeName":{
           "shape":"InventoryItemTypeName",
@@ -9939,19 +9975,19 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID targeted by the request to query inventory information.</p>"
+          "documentation":"<p>The managed node ID targeted by the request to query inventory information.</p>"
         },
         "SchemaVersion":{
           "shape":"InventoryItemSchemaVersion",
-          "documentation":"<p>The inventory schema version used by the instance(s).</p>"
+          "documentation":"<p>The inventory schema version used by the managed node(s).</p>"
         },
         "CaptureTime":{
           "shape":"InventoryItemCaptureTime",
-          "documentation":"<p>The time that inventory information was collected for the instance(s).</p>"
+          "documentation":"<p>The time that inventory information was collected for the managed node(s).</p>"
         },
         "Entries":{
           "shape":"InventoryItemEntryList",
-          "documentation":"<p>A list of inventory items on the instance(s).</p>"
+          "documentation":"<p>A list of inventory items on the managed node(s).</p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -10082,7 +10118,7 @@
       "members":{
         "ResourceComplianceSummaryItems":{
           "shape":"ResourceComplianceSummaryItemList",
-          "documentation":"<p>A summary count for specified or targeted managed instances. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify. </p>"
+          "documentation":"<p>A summary count for specified or targeted managed nodes. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify. </p>"
         },
         "NextToken":{
           "shape":"NextToken",
@@ -10167,7 +10203,7 @@
           "documentation":"<p>The Amazon Web Services Region where the S3 bucket is located.</p>"
         }
       },
-      "documentation":"<p>Information about an Amazon Simple Storage Service (Amazon S3) bucket to write instance-level logs to.</p> <note> <p> <code>LoggingInfo</code> has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the <code>OutputS3BucketName</code> and <code>OutputS3KeyPrefix</code> options in the <code>TaskInvocationParameters</code> structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see <a>MaintenanceWindowTaskInvocationParameters</a>.</p> </note>"
+      "documentation":"<p>Information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.</p> <note> <p> <code>LoggingInfo</code> has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the <code>OutputS3BucketName</code> and <code>OutputS3KeyPrefix</code> options in the <code>TaskInvocationParameters</code> structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see <a>MaintenanceWindowTaskInvocationParameters</a>.</p> </note>"
     },
     "Long":{"type":"long"},
     "MaintenanceWindowAllowUnassociatedTargets":{"type":"boolean"},
@@ -10572,7 +10608,7 @@
         },
         "NotificationConfig":{
           "shape":"NotificationConfig",
-          "documentation":"<p>Configurations for sending notifications about command status changes on a per-instance basis.</p>"
+          "documentation":"<p>Configurations for sending notifications about command status changes on a per-managed node basis.</p>"
         },
         "OutputS3BucketName":{
           "shape":"S3BucketName",
@@ -10649,7 +10685,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets, either instances or tags.</p> <p>Specify instances using the following format:</p> <p> <code>Key=instanceids,Values=&lt;instanceid1&gt;,&lt;instanceid2&gt;</code> </p> <p>Tags are specified using the following format:</p> <p> <code>Key=&lt;tag name&gt;,Values=&lt;tag value&gt;</code>.</p>"
+          "documentation":"<p>The targets, either managed nodes or tags.</p> <p>Specify managed nodes using the following format:</p> <p> <code>Key=instanceids,Values=&lt;instanceid1&gt;,&lt;instanceid2&gt;</code> </p> <p>Tags are specified using the following format:</p> <p> <code>Key=&lt;tag name&gt;,Values=&lt;tag value&gt;</code>.</p>"
         },
         "OwnerInformation":{
           "shape":"OwnerInformation",
@@ -10697,7 +10733,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets (either instances or tags). Instances are specified using <code>Key=instanceids,Values=&lt;instanceid1&gt;,&lt;instanceid2&gt;</code>. Tags are specified using <code>Key=&lt;tag name&gt;,Values=&lt;tag value&gt;</code>.</p>"
+          "documentation":"<p>The targets (either managed nodes or tags). Managed nodes are specified using <code>Key=instanceids,Values=&lt;instanceid1&gt;,&lt;instanceid2&gt;</code>. Tags are specified using <code>Key=&lt;tag name&gt;,Values=&lt;tag value&gt;</code>.</p>"
         },
         "TaskParameters":{
           "shape":"MaintenanceWindowTaskParameters",
@@ -10845,7 +10881,9 @@
     },
     "ManagedInstanceId":{
       "type":"string",
-      "pattern":"^mi-[0-9a-f]{17}$"
+      "max":124,
+      "min":20,
+      "pattern":"(^mi-[0-9a-f]{17}$)|(^eks_c:[0-9A-Za-z][A-Za-z0-9\\-_]{0,99}_\\w{17}$)"
     },
     "MaxConcurrency":{
       "type":"string",
@@ -10877,6 +10915,12 @@
       "max":50,
       "min":5
     },
+    "MaxSessionDuration":{
+      "type":"string",
+      "max":4,
+      "min":1,
+      "pattern":"^([1-9]|[1-9][0-9]|[1-9][0-9][0-9]|1[0-4][0-3][0-9]|1440)$"
+    },
     "MetadataKey":{
       "type":"string",
       "max":256,
@@ -10979,7 +11023,7 @@
         },
         "NotificationType":{
           "shape":"NotificationType",
-          "documentation":"<p>The type of notification.</p> <ul> <li> <p> <code>Command</code>: Receive notification when the status of a command changes.</p> </li> <li> <p> <code>Invocation</code>: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. </p> </li> </ul>"
+          "documentation":"<p>The type of notification.</p> <ul> <li> <p> <code>Command</code>: Receive notification when the status of a command changes.</p> </li> <li> <p> <code>Invocation</code>: For commands sent to multiple managed nodes, receive notification on a per-node basis when the status of a command changes. </p> </li> </ul>"
         }
       },
       "documentation":"<p>Configurations for sending notifications.</p>"
@@ -11018,7 +11062,8 @@
         "CENTOS",
         "ORACLE_LINUX",
         "DEBIAN",
-        "MACOS"
+        "MACOS",
+        "RASPBIAN"
       ]
     },
     "OpsAggregator":{
@@ -12278,7 +12323,7 @@
       "members":{
         "Key":{
           "shape":"ParameterStringFilterKey",
-          "documentation":"<p>The name of the filter.</p> <p>The <code>ParameterStringFilter</code> object is used by the <a>DescribeParameters</a> and <a>GetParametersByPath</a> API operations. However, not all of the pattern values listed for <code>Key</code> can be used with both operations.</p> <p>For <code>DescribeActions</code>, all of the listed patterns are valid except <code>Label</code>.</p> <p>For <code>GetParametersByPath</code>, the following patterns listed for <code>Key</code> aren't valid: <code>tag</code>, <code>DataType</code>, <code>Name</code>, <code>Path</code>, and <code>Tier</code>.</p> <p>For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-search.html\">Searching for Systems Manager parameters</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The name of the filter.</p> <p>The <code>ParameterStringFilter</code> object is used by the <a>DescribeParameters</a> and <a>GetParametersByPath</a> API operations. However, not all of the pattern values listed for <code>Key</code> can be used with both operations.</p> <p>For <code>DescribeParameters</code>, all of the listed patterns are valid except <code>Label</code>.</p> <p>For <code>GetParametersByPath</code>, the following patterns listed for <code>Key</code> aren't valid: <code>tag</code>, <code>DataType</code>, <code>Name</code>, <code>Path</code>, and <code>Tier</code>.</p> <p>For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-search.html\">Searching for Systems Manager parameters</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "Option":{
           "shape":"ParameterStringQueryOption",
@@ -12357,7 +12402,8 @@
     "Parameters":{
       "type":"map",
       "key":{"shape":"ParameterName"},
-      "value":{"shape":"ParameterValueList"}
+      "value":{"shape":"ParameterValueList"},
+      "sensitive":true
     },
     "ParametersFilter":{
       "type":"structure",
@@ -12457,35 +12503,35 @@
         },
         "AdvisoryIds":{
           "shape":"PatchAdvisoryIdList",
-          "documentation":"<p>The Advisory ID of the patch. For example, <code>RHSA-2020:3779</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The Advisory ID of the patch. For example, <code>RHSA-2020:3779</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "BugzillaIds":{
           "shape":"PatchBugzillaIdList",
-          "documentation":"<p>The Bugzilla ID of the patch. For example, <code>1600646</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The Bugzilla ID of the patch. For example, <code>1600646</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "CVEIds":{
           "shape":"PatchCVEIdList",
-          "documentation":"<p>The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, <code>CVE-2011-3192</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, <code>CVE-2011-3192</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "Name":{
           "shape":"PatchName",
-          "documentation":"<p>The name of the patch. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The name of the patch. Applies to Linux-based managed nodes only.</p>"
         },
         "Epoch":{
           "shape":"PatchEpoch",
-          "documentation":"<p>The epoch of the patch. For example in <code>pkg-example-EE-20180914-2.2.amzn1.noarch</code>, the epoch value is <code>20180914-2</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The epoch of the patch. For example in <code>pkg-example-EE-20180914-2.2.amzn1.noarch</code>, the epoch value is <code>20180914-2</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "Version":{
           "shape":"PatchVersion",
-          "documentation":"<p>The version number of the patch. For example, in <code>example-pkg-1.710.10-2.7.abcd.x86_64</code>, the version number is indicated by <code>-1</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The version number of the patch. For example, in <code>example-pkg-1.710.10-2.7.abcd.x86_64</code>, the version number is indicated by <code>-1</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "Release":{
           "shape":"PatchRelease",
-          "documentation":"<p>The particular release of a patch. For example, in <code>pkg-example-EE-20180914-2.2.amzn1.noarch</code>, the release is <code>2.amaz1</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The particular release of a patch. For example, in <code>pkg-example-EE-20180914-2.2.amzn1.noarch</code>, the release is <code>2.amaz1</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "Arch":{
           "shape":"PatchArch",
-          "documentation":"<p>The architecture of the patch. For example, in <code>example-pkg-0.710.10-2.7.abcd.x86_64</code>, the architecture is indicated by <code>x86_64</code>. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The architecture of the patch. For example, in <code>example-pkg-0.710.10-2.7.abcd.x86_64</code>, the architecture is indicated by <code>x86_64</code>. Applies to Linux-based managed nodes only.</p>"
         },
         "Severity":{
           "shape":"PatchSeverity",
@@ -12493,7 +12539,7 @@
         },
         "Repository":{
           "shape":"PatchRepository",
-          "documentation":"<p>The source patch repository for the operating system and version, such as <code>trusty-security</code> for Ubuntu Server 14.04 LTE and <code>focal-security</code> for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.</p>"
+          "documentation":"<p>The source patch repository for the operating system and version, such as <code>trusty-security</code> for Ubuntu Server 14.04 LTE and <code>focal-security</code> for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.</p>"
         }
       },
       "documentation":"<p>Represents metadata about a patch.</p>"
@@ -12587,18 +12633,18 @@
         },
         "State":{
           "shape":"PatchComplianceDataState",
-          "documentation":"<p>The state of the patch on the instance, such as INSTALLED or FAILED.</p> <p>For descriptions of each patch state, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html#sysman-compliance-monitor-patch\">About patch compliance</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The state of the patch on the managed node, such as INSTALLED or FAILED.</p> <p>For descriptions of each patch state, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-about.html#sysman-compliance-monitor-patch\">About patch compliance</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "InstalledTime":{
           "shape":"DateTime",
-          "documentation":"<p>The date/time the patch was installed on the instance. Not all operating systems provide this level of information.</p>"
+          "documentation":"<p>The date/time the patch was installed on the managed node. Not all operating systems provide this level of information.</p>"
         },
         "CVEIds":{
           "shape":"PatchCVEIds",
           "documentation":"<p>The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.</p>"
         }
       },
-      "documentation":"<p>Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.</p>"
+      "documentation":"<p>Information about the state of a patch on a particular managed node as it relates to the patch baseline used to patch the node.</p>"
     },
     "PatchComplianceDataList":{
       "type":"list",
@@ -12860,7 +12906,7 @@
         },
         "EnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is <code>false</code>. Applies to Linux instances only.</p>",
+          "documentation":"<p>For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>",
           "box":true
         }
       },
@@ -12913,7 +12959,7 @@
           "documentation":"<p>The value of the yum repo configuration. For example:</p> <p> <code>[main]</code> </p> <p> <code>name=MyCustomRepository</code> </p> <p> <code>baseurl=https://my-custom-repository</code> </p> <p> <code>enabled=1</code> </p> <note> <p>For information about other options available for your yum repository configuration, see <a href=\"https://man7.org/linux/man-pages/man5/dnf.conf.5.html\">dnf.conf(5)</a>.</p> </note>"
         }
       },
-      "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.</p>"
+      "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repository. Applies to Linux managed nodes only.</p>"
     },
     "PatchSourceConfiguration":{
       "type":"string",
@@ -12981,7 +13027,8 @@
       "type":"string",
       "enum":[
         "Windows",
-        "Linux"
+        "Linux",
+        "MacOS"
       ]
     },
     "PlatformTypeList":{
@@ -13035,7 +13082,7 @@
       "members":{
         "ResourceId":{
           "shape":"ComplianceResourceId",
-          "documentation":"<p>Specify an ID for this resource. For a managed instance, this is the instance ID.</p>"
+          "documentation":"<p>Specify an ID for this resource. For a managed node, this is the node ID.</p>"
         },
         "ResourceType":{
           "shape":"ComplianceResourceType",
@@ -13079,11 +13126,11 @@
       "members":{
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>An instance ID where you want to add or update inventory items.</p>"
+          "documentation":"<p>An managed node ID where you want to add or update inventory items.</p>"
         },
         "Items":{
           "shape":"InventoryItemList",
-          "documentation":"<p>The inventory items that you want to add or update on instances.</p>"
+          "documentation":"<p>The inventory items that you want to add or update on managed nodes.</p>"
         }
       }
     },
@@ -13142,7 +13189,7 @@
         },
         "Policies":{
           "shape":"ParameterPolicies",
-          "documentation":"<p>One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:</p> <p>Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the <i>parameter</i> doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.</p> <p>ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.</p> <p>NoChangeNotification: This policy triggers a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.</p> <p>All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html\">Assigning parameter policies</a>. </p>"
+          "documentation":"<p>One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:</p> <p>Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the <i>parameter</i> doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.</p> <p>ExpirationNotification: This policy initiates an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.</p> <p>NoChangeNotification: This policy initiates a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.</p> <p>All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html\">Assigning parameter policies</a>. </p>"
         },
         "DataType":{
           "shape":"ParameterDataType",
@@ -13244,7 +13291,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs.</p> <note> <p>If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.</p> </note> <p>You can specify targets using instance IDs, resource group names, or tags that have been applied to instances.</p> <p> <b>Example 1</b>: Specify instance IDs</p> <p> <code>Key=InstanceIds,Values=<i>instance-id-1</i>,<i>instance-id-2</i>,<i>instance-id-3</i> </code> </p> <p> <b>Example 2</b>: Use tag key-pairs applied to instances</p> <p> <code>Key=tag:<i>my-tag-key</i>,Values=<i>my-tag-value-1</i>,<i>my-tag-value-2</i> </code> </p> <p> <b>Example 3</b>: Use tag-keys applied to instances</p> <p> <code>Key=tag-key,Values=<i>my-tag-key-1</i>,<i>my-tag-key-2</i> </code> </p> <p> <b>Example 4</b>: Use resource group names</p> <p> <code>Key=resource-groups:Name,Values=<i>resource-group-name</i> </code> </p> <p> <b>Example 5</b>: Use filters for resource group types</p> <p> <code>Key=resource-groups:ResourceTypeFilters,Values=<i>resource-type-1</i>,<i>resource-type-2</i> </code> </p> <note> <p>For <code>Key=resource-groups:ResourceTypeFilters</code>, specify resource types in the following format</p> <p> <code>Key=resource-groups:ResourceTypeFilters,Values=<i>AWS::EC2::INSTANCE</i>,<i>AWS::EC2::VPC</i> </code> </p> </note> <p>For more information about these examples formats, including the best use case for each one, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html\">Examples: Register targets with a maintenance window</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The targets to register with the maintenance window. In other words, the managed nodes to run commands on when the maintenance window runs.</p> <note> <p>If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.</p> </note> <p>You can specify targets using managed node IDs, resource group names, or tags that have been applied to managed nodes.</p> <p> <b>Example 1</b>: Specify managed node IDs</p> <p> <code>Key=InstanceIds,Values=&lt;instance-id-1&gt;,&lt;instance-id-2&gt;,&lt;instance-id-3&gt;</code> </p> <p> <b>Example 2</b>: Use tag key-pairs applied to managed nodes</p> <p> <code>Key=tag:&lt;my-tag-key&gt;,Values=&lt;my-tag-value-1&gt;,&lt;my-tag-value-2&gt;</code> </p> <p> <b>Example 3</b>: Use tag-keys applied to managed nodes</p> <p> <code>Key=tag-key,Values=&lt;my-tag-key-1&gt;,&lt;my-tag-key-2&gt;</code> </p> <p> <b>Example 4</b>: Use resource group names</p> <p> <code>Key=resource-groups:Name,Values=&lt;resource-group-name&gt;</code> </p> <p> <b>Example 5</b>: Use filters for resource group types</p> <p> <code>Key=resource-groups:ResourceTypeFilters,Values=&lt;resource-type-1&gt;,&lt;resource-type-2&gt;</code> </p> <note> <p>For <code>Key=resource-groups:ResourceTypeFilters</code>, specify resource types in the following format</p> <p> <code>Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC</code> </p> </note> <p>For more information about these examples formats, including the best use case for each one, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html\">Examples: Register targets with a maintenance window</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "OwnerInformation":{
           "shape":"OwnerInformation",
@@ -13288,7 +13335,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets (either instances or maintenance window targets).</p> <note> <p>One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note> <p>Specify instances using the following format: </p> <p> <code>Key=InstanceIds,Values=&lt;instance-id-1&gt;,&lt;instance-id-2&gt;</code> </p> <p>Specify maintenance window targets using the following format:</p> <p> <code>Key=WindowTargetIds,Values=&lt;window-target-id-1&gt;,&lt;window-target-id-2&gt;</code> </p>",
+          "documentation":"<p>The targets (either managed nodes or maintenance window targets).</p> <note> <p>One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note> <p>Specify managed nodes using the following format: </p> <p> <code>Key=InstanceIds,Values=&lt;instance-id-1&gt;,&lt;instance-id-2&gt;</code> </p> <p>Specify maintenance window targets using the following format:</p> <p> <code>Key=WindowTargetIds,Values=&lt;window-target-id-1&gt;,&lt;window-target-id-2&gt;</code> </p>",
           "box":true
         },
         "TaskArn":{
@@ -13328,7 +13375,7 @@
         },
         "LoggingInfo":{
           "shape":"LoggingInfo",
-          "documentation":"<p>A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write instance-level logs to. </p> <note> <p> <code>LoggingInfo</code> has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the <code>OutputS3BucketName</code> and <code>OutputS3KeyPrefix</code> options in the <code>TaskInvocationParameters</code> structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see <a>MaintenanceWindowTaskInvocationParameters</a>.</p> </note>"
+          "documentation":"<p>A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to. </p> <note> <p> <code>LoggingInfo</code> has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the <code>OutputS3BucketName</code> and <code>OutputS3KeyPrefix</code> options in the <code>TaskInvocationParameters</code> structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see <a>MaintenanceWindowTaskInvocationParameters</a>.</p> </note>"
         },
         "Name":{
           "shape":"MaintenanceWindowName",
@@ -13364,6 +13411,40 @@
       "max":1000,
       "min":1
     },
+    "RegistrationMetadataItem":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"RegistrationMetadataKey",
+          "documentation":"<p>Reserved for internal use.</p>"
+        },
+        "Value":{
+          "shape":"RegistrationMetadataValue",
+          "documentation":"<p>Reserved for internal use.</p>"
+        }
+      },
+      "documentation":"<p>Reserved for internal use.</p>"
+    },
+    "RegistrationMetadataKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^(?!\\s*$).+"
+    },
+    "RegistrationMetadataList":{
+      "type":"list",
+      "member":{"shape":"RegistrationMetadataItem"}
+    },
+    "RegistrationMetadataValue":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^(?!\\s*$).+"
+    },
     "RegistrationsCount":{
       "type":"integer",
       "max":1000,
@@ -13395,11 +13476,11 @@
       "members":{
         "ResourceType":{
           "shape":"ResourceTypeForTagging",
-          "documentation":"<p>The type of resource from which you want to remove a tag.</p> <note> <p>The <code>ManagedInstance</code> type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
+          "documentation":"<p>The type of resource from which you want to remove a tag.</p> <note> <p>The <code>ManagedInstance</code> type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: <code>mi-<i>ID_number</i> </code>. For example, <code>mi-1a2b3c4d5e6f</code>.</p> </note>"
         },
         "ResourceId":{
           "shape":"ResourceId",
-          "documentation":"<p>The ID of the resource from which you want to remove tags. For example:</p> <p>ManagedInstance: mi-012345abcde</p> <p>MaintenanceWindow: mw-012345abcde</p> <p>PatchBaseline: pb-012345abcde</p> <p>OpsMetadata object: <code>ResourceID</code> for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, <code>ResourceID</code> is created from the strings that come after the word <code>opsmetadata</code> in the ARN. For example, an OpsMetadata object with an ARN of <code>arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager</code> has a <code>ResourceID</code> of either <code>aws/ssm/MyGroup/appmanager</code> or <code>/aws/ssm/MyGroup/appmanager</code>.</p> <p>For the Document and Parameter values, use the name of the resource.</p> <note> <p>The ManagedInstance type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.</p> </note>"
+          "documentation":"<p>The ID of the resource from which you want to remove tags. For example:</p> <p>ManagedInstance: mi-012345abcde</p> <p>MaintenanceWindow: mw-012345abcde</p> <p>PatchBaseline: pb-012345abcde</p> <p>OpsMetadata object: <code>ResourceID</code> for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, <code>ResourceID</code> is created from the strings that come after the word <code>opsmetadata</code> in the ARN. For example, an OpsMetadata object with an ARN of <code>arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager</code> has a <code>ResourceID</code> of either <code>aws/ssm/MyGroup/appmanager</code> or <code>/aws/ssm/MyGroup/appmanager</code>.</p> <p>For the Document and Parameter values, use the name of the resource.</p> <note> <p>The <code>ManagedInstance</code> type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.</p> </note>"
         },
         "TagKeys":{
           "shape":"KeyList",
@@ -13867,11 +13948,11 @@
         },
         "TokenValue":{
           "shape":"TokenValue",
-          "documentation":"<p>An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.</p>"
+          "documentation":"<p>An encrypted token value containing session and caller information. Used to authenticate the connection to the managed node.</p>"
         },
         "StreamUrl":{
           "shape":"StreamUrl",
-          "documentation":"<p>A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format: <code>wss://ssmmessages.<b>region</b>.amazonaws.com/v1/data-channel/<b>session-id</b>?stream=(input|output)</code>.</p> <p> <b>region</b> represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as <code>us-east-2</code> for the US East (Ohio) Region. For a list of supported <b>region</b> values, see the <b>Region</b> column in <a href=\"https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region\">Systems Manager service endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <b>session-id</b> represents the ID of a Session Manager session, such as <code>1a2b3c4dEXAMPLE</code>.</p>"
+          "documentation":"<p>A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the managed node. Format: <code>wss://ssmmessages.<b>region</b>.amazonaws.com/v1/data-channel/<b>session-id</b>?stream=(input|output)</code>.</p> <p> <b>region</b> represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as <code>us-east-2</code> for the US East (Ohio) Region. For a list of supported <b>region</b> values, see the <b>Region</b> column in <a href=\"https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region\">Systems Manager service endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <b>session-id</b> represents the ID of a Session Manager session, such as <code>1a2b3c4dEXAMPLE</code>.</p>"
         }
       }
     },
@@ -14060,11 +14141,11 @@
       "members":{
         "InstanceIds":{
           "shape":"InstanceIdList",
-          "documentation":"<p>The IDs of the instances where the command should run. Specifying instance IDs is most useful when you are targeting a limited number of instances, though you can specify up to 50 IDs.</p> <p>To target a larger number of instances, or if you prefer not to list individual instance IDs, we recommend using the <code>Targets</code> option instead. Using <code>Targets</code>, which accepts tag key-value pairs to identify the instances to send commands to, you can a send command to tens, hundreds, or thousands of instances at once.</p> <p>For more information about how to use targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html\">Using targets and rate controls to send commands to a fleet</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>The IDs of the managed nodes where the command should run. Specifying managed node IDs is most useful when you are targeting a limited number of managed nodes, though you can specify up to 50 IDs.</p> <p>To target a larger number of managed nodes, or if you prefer not to list individual node IDs, we recommend using the <code>Targets</code> option instead. Using <code>Targets</code>, which accepts tag key-value pairs to identify the managed nodes to send commands to, you can a send command to tens, hundreds, or thousands of nodes at once.</p> <p>For more information about how to use targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html\">Using targets and rate controls to send commands to a fleet</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>An array of search criteria that targets instances using a <code>Key,Value</code> combination that you specify. Specifying targets is most useful when you want to send a command to a large number of instances at once. Using <code>Targets</code>, which accepts tag key-value pairs to identify instances, you can send a command to tens, hundreds, or thousands of instances at once.</p> <p>To send a command to a smaller number of instances, you can use the <code>InstanceIds</code> option instead.</p> <p>For more information about how to use targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html\">Sending commands to a fleet</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>An array of search criteria that targets managed nodes using a <code>Key,Value</code> combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. Using <code>Targets</code>, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.</p> <p>To send a command to a smaller number of managed nodes, you can use the <code>InstanceIds</code> option instead.</p> <p>For more information about how to use targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html\">Sending commands to a fleet</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "DocumentName":{
           "shape":"DocumentARN",
@@ -14109,7 +14190,7 @@
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>(Optional) The maximum number of instances that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is <code>50</code>. For more information about how to use <code>MaxConcurrency</code>, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-velocity\">Using concurrency controls</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+          "documentation":"<p>(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is <code>50</code>. For more information about how to use <code>MaxConcurrency</code>, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-velocity\">Using concurrency controls</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
         },
         "MaxErrors":{
           "shape":"MaxErrors",
@@ -14196,7 +14277,7 @@
         },
         "Target":{
           "shape":"SessionTarget",
-          "documentation":"<p>The instance that the Session Manager session connected to.</p>"
+          "documentation":"<p>The managed node that the Session Manager session connected to.</p>"
         },
         "Status":{
           "shape":"SessionStatus",
@@ -14218,6 +14299,10 @@
           "shape":"SessionOwner",
           "documentation":"<p>The ID of the Amazon Web Services user account that started the session.</p>"
         },
+        "Reason":{
+          "shape":"SessionReason",
+          "documentation":"<p>The reason for connecting to the instance.</p>"
+        },
         "Details":{
           "shape":"SessionDetails",
           "documentation":"<p>Reserved for future use.</p>"
@@ -14225,9 +14310,13 @@
         "OutputUrl":{
           "shape":"SessionManagerOutputUrl",
           "documentation":"<p>Reserved for future use.</p>"
+        },
+        "MaxSessionDuration":{
+          "shape":"MaxSessionDuration",
+          "documentation":"<p>The maximum duration of a session before it terminates.</p>"
         }
       },
-      "documentation":"<p>Information about a Session Manager connection to an instance.</p>"
+      "documentation":"<p>Information about a Session Manager connection to a managed node.</p>"
     },
     "SessionDetails":{
       "type":"string",
@@ -14247,7 +14336,7 @@
         },
         "value":{
           "shape":"SessionFilterValue",
-          "documentation":"<p>The filter value. Valid values for each filter key are as follows:</p> <ul> <li> <p>InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.</p> </li> <li> <p>InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.</p> </li> <li> <p>Target: Specify an instance to which session connections have been made.</p> </li> <li> <p>Owner: Specify an Amazon Web Services user account to see a list of sessions started by that user.</p> </li> <li> <p>Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:</p> <ul> <li> <p>Connected</p> </li> <li> <p>Connecting</p> </li> <li> <p>Disconnected</p> </li> <li> <p>Terminated</p> </li> <li> <p>Terminating</p> </li> <li> <p>Failed</p> </li> </ul> </li> <li> <p>SessionId: Specify a session ID to return details about the session.</p> </li> </ul>"
+          "documentation":"<p>The filter value. Valid values for each filter key are as follows:</p> <ul> <li> <p>InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.</p> </li> <li> <p>InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.</p> </li> <li> <p>Target: Specify a managed node to which session connections have been made.</p> </li> <li> <p>Owner: Specify an Amazon Web Services user account to see a list of sessions started by that user.</p> </li> <li> <p>Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:</p> <ul> <li> <p>Connected</p> </li> <li> <p>Connecting</p> </li> <li> <p>Disconnected</p> </li> <li> <p>Terminated</p> </li> <li> <p>Terminating</p> </li> <li> <p>Failed</p> </li> </ul> </li> <li> <p>SessionId: Specify a session ID to return details about the session.</p> </li> </ul>"
         }
       },
       "documentation":"<p>Describes a filter for Session Manager information.</p>"
@@ -14336,6 +14425,12 @@
       "max":256,
       "min":1
     },
+    "SessionReason":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^.{1,256}$"
+    },
     "SessionState":{
       "type":"string",
       "enum":[
@@ -14387,7 +14482,7 @@
           "documentation":"<p>The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.</p>"
         }
       },
-      "documentation":"<p>The number of managed instances found for each patch severity level defined in the request filter.</p>"
+      "documentation":"<p>The number of managed nodes found for each patch severity level defined in the request filter.</p>"
     },
     "SharedDocumentVersion":{
       "type":"string",
@@ -14412,6 +14507,20 @@
       "min":36,
       "pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
     },
+    "SourceId":{
+      "type":"string",
+      "max":128,
+      "min":0,
+      "pattern":"^[a-zA-Z0-9:_-]*$"
+    },
+    "SourceType":{
+      "type":"string",
+      "enum":[
+        "AWS::EC2::Instance",
+        "AWS::IoT::Thing",
+        "AWS::SSM::ManagedInstance"
+      ]
+    },
     "StandardErrorContent":{
       "type":"string",
       "max":8000
@@ -14569,11 +14678,15 @@
       "members":{
         "Target":{
           "shape":"SessionTarget",
-          "documentation":"<p>The instance to connect to for the session.</p>"
+          "documentation":"<p>The managed node to connect to for the session.</p>"
         },
         "DocumentName":{
           "shape":"DocumentARN",
-          "documentation":"<p>The name of the SSM document to define the parameters and plugin settings for the session. For example, <code>SSM-SessionManagerRunShell</code>. You can call the <a>GetDocument</a> API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the instance is launched by default.</p>"
+          "documentation":"<p>The name of the SSM document to define the parameters and plugin settings for the session. For example, <code>SSM-SessionManagerRunShell</code>. You can call the <a>GetDocument</a> API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the managed node is launched by default.</p>"
+        },
+        "Reason":{
+          "shape":"SessionReason",
+          "documentation":"<p>The reason for connecting to the instance. This value is included in the details for the Amazon CloudWatch Events event created when you start the session.</p>"
         },
         "Parameters":{
           "shape":"SessionManagerParameters",
@@ -14590,11 +14703,11 @@
         },
         "TokenValue":{
           "shape":"TokenValue",
-          "documentation":"<p>An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.</p>"
+          "documentation":"<p>An encrypted token value containing session and caller information. Used to authenticate the connection to the managed node.</p>"
         },
         "StreamUrl":{
           "shape":"StreamUrl",
-          "documentation":"<p>A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format: <code>wss://ssmmessages.<b>region</b>.amazonaws.com/v1/data-channel/<b>session-id</b>?stream=(input|output)</code> </p> <p> <b>region</b> represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as <code>us-east-2</code> for the US East (Ohio) Region. For a list of supported <b>region</b> values, see the <b>Region</b> column in <a href=\"https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region\">Systems Manager service endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <b>session-id</b> represents the ID of a Session Manager session, such as <code>1a2b3c4dEXAMPLE</code>.</p>"
+          "documentation":"<p>A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node. Format: <code>wss://ssmmessages.<b>region</b>.amazonaws.com/v1/data-channel/<b>session-id</b>?stream=(input|output)</code> </p> <p> <b>region</b> represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as <code>us-east-2</code> for the US East (Ohio) Region. For a list of supported <b>region</b> values, see the <b>Region</b> column in <a href=\"https://docs.aws.amazon.com/general/latest/gr/ssm.html#ssm_region\">Systems Manager service endpoints</a> in the <i>Amazon Web Services General Reference</i>.</p> <p> <b>session-id</b> represents the ID of a Session Manager session, such as <code>1a2b3c4dEXAMPLE</code>.</p>"
         }
       }
     },
@@ -14831,7 +14944,7 @@
           "documentation":"<p>The value of the tag.</p>"
         }
       },
-      "documentation":"<p>Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.</p>"
+      "documentation":"<p>Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.</p>"
     },
     "TagKey":{
       "type":"string",
@@ -14855,14 +14968,14 @@
       "members":{
         "Key":{
           "shape":"TargetKey",
-          "documentation":"<p>User-defined criteria for sending commands that target instances that meet the criteria.</p>"
+          "documentation":"<p>User-defined criteria for sending commands that target managed nodes that meet the criteria.</p>"
         },
         "Values":{
           "shape":"TargetValues",
           "documentation":"<p>User-defined criteria that maps to <code>Key</code>. For example, if you specified <code>tag:ServerRole</code>, you could specify <code>value:WebServer</code> to run a command on instances that include EC2 tags of <code>ServerRole,WebServer</code>. </p> <p>Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.</p>"
         }
       },
-      "documentation":"<p>An array of search criteria that targets instances using a key-value pair that you specify.</p> <note> <p> One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note> <p>Supported formats include the following.</p> <ul> <li> <p> <code>Key=InstanceIds,Values=<i>instance-id-1</i>,<i>instance-id-2</i>,<i>instance-id-3</i> </code> </p> </li> <li> <p> <code>Key=tag:<i>my-tag-key</i>,Values=<i>my-tag-value-1</i>,<i>my-tag-value-2</i> </code> </p> </li> <li> <p> <code>Key=tag-key,Values=<i>my-tag-key-1</i>,<i>my-tag-key-2</i> </code> </p> </li> <li> <p> <b>Run Command and Maintenance window targets only</b>: <code>Key=resource-groups:Name,Values=<i>resource-group-name</i> </code> </p> </li> <li> <p> <b>Maintenance window targets only</b>: <code>Key=resource-groups:ResourceTypeFilters,Values=<i>resource-type-1</i>,<i>resource-type-2</i> </code> </p> </li> <li> <p> <b>Automation targets only</b>: <code>Key=ResourceGroup;Values=<i>resource-group-name</i> </code> </p> </li> </ul> <p>For example:</p> <ul> <li> <p> <code>Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE</code> </p> </li> <li> <p> <code>Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3</code> </p> </li> <li> <p> <code>Key=tag-key,Values=Name,Instance-Type,CostCenter</code> </p> </li> <li> <p> <b>Run Command and Maintenance window targets only</b>: <code>Key=resource-groups:Name,Values=ProductionResourceGroup</code> </p> <p>This example demonstrates how to target all resources in the resource group <b>ProductionResourceGroup</b> in your maintenance window.</p> </li> <li> <p> <b>Maintenance window targets only</b>: <code>Key=resource-groups:ResourceTypeFilters,Values=<i>AWS::EC2::INSTANCE</i>,<i>AWS::EC2::VPC</i> </code> </p> <p>This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.</p> </li> <li> <p> <b>Automation targets only</b>: <code>Key=ResourceGroup,Values=MyResourceGroup</code> </p> </li> <li> <p> <b>State Manager association targets only</b>: <code>Key=InstanceIds,Values=<i>*</i> </code> </p> <p>This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.</p> </li> </ul> <p>For more information about how to send commands that target instances using <code>Key,Value</code> parameters, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-targeting\">Targeting multiple instances</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
+      "documentation":"<p>An array of search criteria that targets managed nodes using a key-value pair that you specify.</p> <note> <p> One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note> <p>Supported formats include the following.</p> <ul> <li> <p> <code>Key=InstanceIds,Values=&lt;instance-id-1&gt;,&lt;instance-id-2&gt;,&lt;instance-id-3&gt;</code> </p> </li> <li> <p> <code>Key=tag:&lt;my-tag-key&gt;,Values=&lt;my-tag-value-1&gt;,&lt;my-tag-value-2&gt;</code> </p> </li> <li> <p> <code>Key=tag-key,Values=&lt;my-tag-key-1&gt;,&lt;my-tag-key-2&gt;</code> </p> </li> <li> <p> <b>Run Command and Maintenance window targets only</b>: <code>Key=resource-groups:Name,Values=&lt;resource-group-name&gt;</code> </p> </li> <li> <p> <b>Maintenance window targets only</b>: <code>Key=resource-groups:ResourceTypeFilters,Values=&lt;resource-type-1&gt;,&lt;resource-type-2&gt;</code> </p> </li> <li> <p> <b>Automation targets only</b>: <code>Key=ResourceGroup;Values=&lt;resource-group-name&gt;</code> </p> </li> </ul> <p>For example:</p> <ul> <li> <p> <code>Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE</code> </p> </li> <li> <p> <code>Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3</code> </p> </li> <li> <p> <code>Key=tag-key,Values=Name,Instance-Type,CostCenter</code> </p> </li> <li> <p> <b>Run Command and Maintenance window targets only</b>: <code>Key=resource-groups:Name,Values=ProductionResourceGroup</code> </p> <p>This example demonstrates how to target all resources in the resource group <b>ProductionResourceGroup</b> in your maintenance window.</p> </li> <li> <p> <b>Maintenance window targets only</b>: <code>Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC</code> </p> <p>This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.</p> </li> <li> <p> <b>Automation targets only</b>: <code>Key=ResourceGroup,Values=MyResourceGroup</code> </p> </li> <li> <p> <b>State Manager association targets only</b>: <code>Key=InstanceIds,Values=*</code> </p> <p>This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.</p> </li> </ul> <p>For more information about how to send commands that target managed nodes using <code>Key,Value</code> parameters, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/send-commands-multiple.html#send-commands-targeting\">Targeting multiple instances</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>"
     },
     "TargetCount":{"type":"integer"},
     "TargetInUseException":{
@@ -14948,7 +15061,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The specified target instance for the session isn't fully configured for use with Session Manager. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html\">Getting started with Session Manager</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. This error is also returned if you attempt to start a session on an instance that is located in a different account or Region</p>",
+      "documentation":"<p>The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started.html\">Getting started with Session Manager</a> in the <i>Amazon Web Services Systems Manager User Guide</i>. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region</p>",
       "exception":true
     },
     "TargetParameterList":{
@@ -15120,7 +15233,7 @@
       "members":{
         "Message":{"shape":"String"}
       },
-      "documentation":"<p>The document doesn't support the platform type of the given instance ID(s). For example, you sent an document for a Windows instance to a Linux instance.</p>",
+      "documentation":"<p>The document doesn't support the platform type of the given managed node ID(s). For example, you sent an document for a Windows managed node to a Linux node.</p>",
       "exception":true
     },
     "UpdateAssociationRequest":{
@@ -15137,7 +15250,7 @@
         },
         "DocumentVersion":{
           "shape":"DocumentVersion",
-          "documentation":"<p>The document version you want update for the association. </p>"
+          "documentation":"<p>The document version you want update for the association. </p> <important> <p>State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the <code>default</code> version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to <code>default</code>.</p> </important>"
         },
         "ScheduleExpression":{
           "shape":"ScheduleExpression",
@@ -15149,7 +15262,7 @@
         },
         "Name":{
           "shape":"DocumentARN",
-          "documentation":"<p>The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For Systems Manager document (SSM document) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:aws:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
+          "documentation":"<p>The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.</p> <p>You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.</p> <p>For Systems Manager document (SSM document) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:</p> <p> <code>arn:aws:ssm:<i>region</i>:<i>account-id</i>:document/<i>document-name</i> </code> </p> <p>For example:</p> <p> <code>arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document</code> </p> <p>For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, <code>AWS-ApplyPatchBaseline</code> or <code>My-Document</code>.</p>"
         },
         "Targets":{
           "shape":"Targets",
@@ -15165,15 +15278,15 @@
         },
         "AutomationTargetParameterName":{
           "shape":"AutomationTargetParameterName",
-          "documentation":"<p>Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
+          "documentation":"<p>Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.</p>"
         },
         "MaxErrors":{
           "shape":"MaxErrors",
-          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
+          "documentation":"<p>The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set <code>MaxError</code> to 10%, then the system stops sending the request when the sixth error is received.</p> <p>Executions that are already running an association when <code>MaxErrors</code> is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set <code>MaxConcurrency</code> to 1 so that executions proceed one at a time.</p>"
         },
         "MaxConcurrency":{
           "shape":"MaxConcurrency",
-          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new instance starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
+          "documentation":"<p>The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.</p> <p>If a new managed node starts and attempts to run an association while Systems Manager is running <code>MaxConcurrency</code> associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for <code>MaxConcurrency</code>.</p>"
         },
         "ComplianceSeverity":{
           "shape":"AssociationComplianceSeverity",
@@ -15220,7 +15333,7 @@
         },
         "InstanceId":{
           "shape":"InstanceId",
-          "documentation":"<p>The instance ID.</p>"
+          "documentation":"<p>The managed node ID.</p>"
         },
         "AssociationStatus":{
           "shape":"AssociationStatus",
@@ -15541,7 +15654,7 @@
         },
         "Targets":{
           "shape":"Targets",
-          "documentation":"<p>The targets (either instances or tags) to modify. Instances are specified using the format <code>Key=instanceids,Values=instanceID_1,instanceID_2</code>. Tags are specified using the format <code> Key=tag_name,Values=tag_value</code>. </p> <note> <p>One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note>"
+          "documentation":"<p>The targets (either managed nodes or tags) to modify. Managed nodes are specified using the format <code>Key=instanceids,Values=instanceID_1,instanceID_2</code>. Tags are specified using the format <code> Key=tag_name,Values=tag_value</code>. </p> <note> <p>One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html\">Registering maintenance window tasks without targets</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> </note>"
         },
         "TaskArn":{
           "shape":"MaintenanceWindowTaskArn",
@@ -15667,7 +15780,7 @@
       "members":{
         "InstanceId":{
           "shape":"ManagedInstanceId",
-          "documentation":"<p>The ID of the managed instance where you want to update the role.</p>"
+          "documentation":"<p>The ID of the managed node where you want to update the role.</p>"
         },
         "IamRole":{
           "shape":"IamRole",
@@ -15808,7 +15921,7 @@
         },
         "ApprovedPatchesEnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is <code>false</code>. Applies to Linux instances only.</p>",
+          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>",
           "box":true
         },
         "RejectedPatches":{
@@ -15825,7 +15938,7 @@
         },
         "Sources":{
           "shape":"PatchSourceList",
-          "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.</p>"
+          "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.</p>"
         },
         "Replace":{
           "shape":"Boolean",
@@ -15867,7 +15980,7 @@
         },
         "ApprovedPatchesEnableNonSecurity":{
           "shape":"Boolean",
-          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is <code>false</code>. Applies to Linux instances only.</p>",
+          "documentation":"<p>Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is <code>false</code>. Applies to Linux managed nodes only.</p>",
           "box":true
         },
         "RejectedPatches":{
@@ -15892,7 +16005,7 @@
         },
         "Sources":{
           "shape":"PatchSourceList",
-          "documentation":"<p>Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.</p>"
+          "documentation":"<p>Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.</p>"
         }
       }
     },
@@ -15962,5 +16075,5 @@
       "pattern":"^[0-9]{1,6}(\\.[0-9]{1,6}){2,3}$"
     }
   },
-  "documentation":"<p>Amazon Web Services Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A <i>managed instance</i> is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager.</p> <p>This reference is intended to be used with the <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/\">Amazon Web Services Systems Manager User Guide</a>.</p> <p>To get started, verify prerequisites and configure managed instances. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up.html\">Setting up Amazon Web Services Systems Manager</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> <p class=\"title\"> <b>Related resources</b> </p> <ul> <li> <p>For information about how to use a Query API, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/making-api-requests.html\">Making API requests</a>. </p> </li> <li> <p>For information about other API operations you can perform on EC2 instances, see the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/\">Amazon EC2 API Reference</a>.</p> </li> <li> <p>For information about AppConfig, a capability of Systems Manager, see the <a href=\"https://docs.aws.amazon.com/appconfig/latest/userguide/\">AppConfig User Guide</a> and the <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/\">AppConfig API Reference</a>.</p> </li> <li> <p>For information about Incident Manager, a capability of Systems Manager, see the <a href=\"https://docs.aws.amazon.com/incident-manager/latest/userguide/\">Incident Manager User Guide</a> and the <a href=\"https://docs.aws.amazon.com/incident-manager/latest/APIReference/\">Incident Manager API Reference</a>.</p> </li> </ul>"
+  "documentation":"<p>Amazon Web Services Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed nodes. A <i>managed node</i> is any Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, or on-premises server or virtual machine (VM) that has been configured for Systems Manager. </p> <note> <p>With support for IoT Greengrass core devices, the phrase <i>managed instance</i> has been changed to <i>managed node</i> in most of the Systems Manager documentation. The Systems Manager console, API calls, error messages, and SSM documents still use the term <i>instance</i>.</p> </note> <p>This reference is intended to be used with the <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/\">Amazon Web Services Systems Manager User Guide</a>.</p> <p>To get started, verify prerequisites and configure managed nodes. For more information, see <a href=\"https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up.html\">Setting up Amazon Web Services Systems Manager</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p> <p class=\"title\"> <b>Related resources</b> </p> <ul> <li> <p>For information about how to use a Query API, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/making-api-requests.html\">Making API requests</a>. </p> </li> <li> <p>For information about other API operations you can perform on EC2 instances, see the <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/\">Amazon EC2 API Reference</a>.</p> </li> <li> <p>For information about AppConfig, a capability of Systems Manager, see the <a href=\"https://docs.aws.amazon.com/appconfig/latest/userguide/\">AppConfig User Guide</a> and the <a href=\"https://docs.aws.amazon.com/appconfig/2019-10-09/APIReference/\">AppConfig API Reference</a>.</p> </li> <li> <p>For information about Incident Manager, a capability of Systems Manager, see the <a href=\"https://docs.aws.amazon.com/incident-manager/latest/userguide/\">Incident Manager User Guide</a> and the <a href=\"https://docs.aws.amazon.com/incident-manager/latest/APIReference/\">Incident Manager API Reference</a>.</p> </li> </ul>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/storagegateway/2013-06-30/service-2.json b/contrib/python/botocore/py3/botocore/data/storagegateway/2013-06-30/service-2.json
index 6eea46792d8..6d2db5fa7b2 100644
--- a/contrib/python/botocore/py3/botocore/data/storagegateway/2013-06-30/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/storagegateway/2013-06-30/service-2.json
@@ -306,7 +306,7 @@
         {"shape":"InvalidGatewayRequestException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Deletes the bandwidth rate limits of a gateway. You can delete either the upload and download bandwidth rate limit, or you can delete both. If you delete only one of the limits, the other limit remains unchanged. To specify which gateway to work with, use the Amazon Resource Name (ARN) of the gateway in your request. This operation is supported for the stored volume, cached volume and tape gateway types.</p>"
+      "documentation":"<p>Deletes the bandwidth rate limits of a gateway. You can delete either the upload and download bandwidth rate limit, or you can delete both. If you delete only one of the limits, the other limit remains unchanged. To specify which gateway to work with, use the Amazon Resource Name (ARN) of the gateway in your request. This operation is supported only for the stored volume, cached volume, and tape gateway types.</p>"
     },
     "DeleteChapCredentials":{
       "name":"DeleteChapCredentials",
@@ -446,7 +446,7 @@
         {"shape":"InvalidGatewayRequestException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the bandwidth rate limits of a gateway. By default, these limits are not set, which means no bandwidth rate limiting is in effect. This operation is supported for the stored volume, cached volume, and tape gateway types.</p> <p>This operation only returns a value for a bandwidth rate limit only if the limit is set. If no limits are set for the gateway, then this operation returns only the gateway ARN in the response body. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
+      "documentation":"<p>Returns the bandwidth rate limits of a gateway. By default, these limits are not set, which means no bandwidth rate limiting is in effect. This operation is supported only for the stored volume, cached volume, and tape gateway types. To describe bandwidth rate limits for S3 file gateways, use <a>DescribeBandwidthRateLimitSchedule</a>.</p> <p>This operation returns a value for a bandwidth rate limit only if the limit is set. If no limits are set for the gateway, then this operation returns only the gateway ARN in the response body. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
     },
     "DescribeBandwidthRateLimitSchedule":{
       "name":"DescribeBandwidthRateLimitSchedule",
@@ -460,7 +460,7 @@
         {"shape":"InvalidGatewayRequestException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> Returns information about the bandwidth rate limit schedule of a gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. This operation is supported only in the volume and tape gateway types. </p> <p>This operation returns information about a gateway's bandwidth rate limit schedule. A bandwidth rate limit schedule consists of one or more bandwidth rate limit intervals. A bandwidth rate limit interval defines a period of time on one or more days of the week, during which bandwidth rate limits are specified for uploading, downloading, or both. </p> <p> A bandwidth rate limit interval consists of one or more days of the week, a start hour and minute, an ending hour and minute, and bandwidth rate limits for uploading and downloading </p> <p> If no bandwidth rate limit schedule intervals are set for the gateway, this operation returns an empty response. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
+      "documentation":"<p> Returns information about the bandwidth rate limit schedule of a gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. This operation is supported only for volume, tape and S3 file gateways. FSx file gateways do not support bandwidth rate limits.</p> <p>This operation returns information about a gateway's bandwidth rate limit schedule. A bandwidth rate limit schedule consists of one or more bandwidth rate limit intervals. A bandwidth rate limit interval defines a period of time on one or more days of the week, during which bandwidth rate limits are specified for uploading, downloading, or both. </p> <p> A bandwidth rate limit interval consists of one or more days of the week, a start hour and minute, an ending hour and minute, and bandwidth rate limits for uploading and downloading </p> <p> If no bandwidth rate limit schedule intervals are set for the gateway, this operation returns an empty response. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
     },
     "DescribeCache":{
       "name":"DescribeCache",
@@ -1090,7 +1090,7 @@
         {"shape":"InvalidGatewayRequestException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Updates the bandwidth rate limits of a gateway. You can update both the upload and download bandwidth rate limit or specify only one of the two. If you don't set a bandwidth rate limit, the existing rate limit remains. This operation is supported for the stored volume, cached volume, and tape gateway types.</p> <p>By default, a gateway's bandwidth rate limits are not set. If you don't set any limit, the gateway does not have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.</p> <p>To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
+      "documentation":"<p>Updates the bandwidth rate limits of a gateway. You can update both the upload and download bandwidth rate limit or specify only one of the two. If you don't set a bandwidth rate limit, the existing rate limit remains. This operation is supported only for the stored volume, cached volume, and tape gateway types. To update bandwidth rate limits for S3 file gateways, use <a>UpdateBandwidthRateLimitSchedule</a>.</p> <p>By default, a gateway's bandwidth rate limits are not set. If you don't set any limit, the gateway does not have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.</p> <p>To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.</p>"
     },
     "UpdateBandwidthRateLimitSchedule":{
       "name":"UpdateBandwidthRateLimitSchedule",
@@ -1104,7 +1104,7 @@
         {"shape":"InvalidGatewayRequestException"},
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p> Updates the bandwidth rate limit schedule for a specified gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. Use this to initiate or update a gateway's bandwidth rate limit schedule. This operation is supported in the volume and tape gateway types. </p>"
+      "documentation":"<p> Updates the bandwidth rate limit schedule for a specified gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. Use this to initiate or update a gateway's bandwidth rate limit schedule. This operation is supported only for volume, tape and S3 file gateways. FSx file gateways do not support bandwidth rate limits.</p>"
     },
     "UpdateChapCredentials":{
       "name":"UpdateChapCredentials",
@@ -1303,7 +1303,7 @@
         },
         "GatewayType":{
           "shape":"GatewayType",
-          "documentation":"<p>A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is <code>CACHED</code>.</p> <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code> | <code>FILE_S3</code> | <code>FILE_FSX_SMB|</code> </p>"
+          "documentation":"<p>A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is <code>CACHED</code>.</p> <p>Valid Values: <code>STORED</code> | <code>CACHED</code> | <code>VTL</code> | <code>VTL_SNOW</code> | <code>FILE_S3</code> | <code>FILE_FSX_SMB</code> </p>"
         },
         "TapeDriveType":{
           "shape":"TapeDriveType",
@@ -2921,7 +2921,7 @@
         },
         "HostEnvironment":{
           "shape":"HostEnvironment",
-          "documentation":"<p>The type of hypervisor environment used by the host.</p>"
+          "documentation":"<p>The type of hardware or software platform on which the gateway is running.</p>"
         },
         "EndpointType":{
           "shape":"EndpointType",
@@ -2942,6 +2942,10 @@
         "SupportedGatewayCapacities":{
           "shape":"SupportedGatewayCapacities",
           "documentation":"<p>A list of the metadata cache sizes that the gateway can support based on its current hardware specifications.</p>"
+        },
+        "HostEnvironmentId":{
+          "shape":"HostEnvironmentId",
+          "documentation":"<p>A unique identifier for the specific instance of the host platform running the gateway. This value is only available for certain host environments, and its format depends on the host environment type.</p>"
         }
       },
       "documentation":"<p>A JSON object containing the following fields:</p>"
@@ -3792,6 +3796,14 @@
         "Ec2InstanceRegion":{
           "shape":"Ec2InstanceRegion",
           "documentation":"<p>The Amazon Web Services Region where the Amazon EC2 instance is located.</p>"
+        },
+        "HostEnvironment":{
+          "shape":"HostEnvironment",
+          "documentation":"<p>The type of hardware or software platform on which the gateway is running.</p>"
+        },
+        "HostEnvironmentId":{
+          "shape":"HostEnvironmentId",
+          "documentation":"<p>A unique identifier for the specific instance of the host platform running the gateway. This value is only available for certain host environments, and its format depends on the host environment type.</p>"
         }
       },
       "documentation":"<p>Describes a gateway object.</p>"
@@ -3844,9 +3856,15 @@
         "HYPER-V",
         "EC2",
         "KVM",
-        "OTHER"
+        "OTHER",
+        "SNOWBALL"
       ]
     },
+    "HostEnvironmentId":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
     "Hosts":{
       "type":"list",
       "member":{"shape":"Host"}
diff --git a/contrib/python/botocore/py3/botocore/data/sts/2011-06-15/service-2.json b/contrib/python/botocore/py3/botocore/data/sts/2011-06-15/service-2.json
index fda498c6e53..a7937812674 100644
--- a/contrib/python/botocore/py3/botocore/data/sts/2011-06-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/sts/2011-06-15/service-2.json
@@ -30,7 +30,7 @@
         {"shape":"RegionDisabledException"},
         {"shape":"ExpiredTokenException"}
       ],
-      "documentation":"<p>Returns a set of temporary security credentials that you can use to access Amazon Web Services resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use <code>AssumeRole</code> within your account or for cross-account access. For a comparison of <code>AssumeRole</code> with other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the STS API operations</a> in the <i>IAM User Guide</i>.</p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRole</code> can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p>To assume a role from a different account, your account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account. </p> <p>A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call <code>AssumeRole</code> for the ARN of the role in the other account. If the user is in the same account as the role, then you can do either of the following:</p> <ul> <li> <p>Attach a policy to the user (identical to the previous user in a different account).</p> </li> <li> <p>Add the user as a principal directly in the role's trust policy.</p> </li> </ul> <p>In this case, the trust policy acts as an IAM resource-based policy. Users in the same account as the role do not need explicit permission to assume the role. For more information about trust policies and resource-based policies, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a> in the <i>IAM User Guide</i>.</p> <p> <b>Tags</b> </p> <p>(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>Using MFA with AssumeRole</b> </p> <p>(Optional) You can include multi-factor authentication (MFA) information when you call <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.</p> <p> <code>\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}</code> </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html\">Configuring MFA-Protected API Access</a> in the <i>IAM User Guide</i> guide.</p> <p>To use MFA with <code>AssumeRole</code>, you pass values for the <code>SerialNumber</code> and <code>TokenCode</code> parameters. The <code>SerialNumber</code> value identifies the user's hardware or virtual MFA device. The <code>TokenCode</code> is the time-based one-time password (TOTP) that the MFA device produces. </p>"
+      "documentation":"<p>Returns a set of temporary security credentials that you can use to access Amazon Web Services resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use <code>AssumeRole</code> within your account or for cross-account access. For a comparison of <code>AssumeRole</code> with other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRole</code> can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p>When you create a role, you create two policies: A role trust policy that specifies <i>who</i> can assume the role and a permissions policy that specifies <i>what</i> can be done with the role. You specify the trusted principal who is allowed to assume the role in the role trust policy.</p> <p>To assume a role from a different account, your Amazon Web Services account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account. </p> <p>A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call <code>AssumeRole</code> for the ARN of the role in the other account.</p> <p>To allow a user to assume a role in the same account, you can do either of the following:</p> <ul> <li> <p>Attach a policy to the user that allows the user to call <code>AssumeRole</code> (as long as the role's trust policy trusts the account).</p> </li> <li> <p>Add the user as a principal directly in the role's trust policy.</p> </li> </ul> <p>You can do either because the role’s trust policy acts as an IAM resource-based policy. When a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information about trust policies and resource-based policies, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a> in the <i>IAM User Guide</i>.</p> <p> <b>Tags</b> </p> <p>(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>Using MFA with AssumeRole</b> </p> <p>(Optional) You can include multi-factor authentication (MFA) information when you call <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.</p> <p> <code>\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}</code> </p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html\">Configuring MFA-Protected API Access</a> in the <i>IAM User Guide</i> guide.</p> <p>To use MFA with <code>AssumeRole</code>, you pass values for the <code>SerialNumber</code> and <code>TokenCode</code> parameters. The <code>SerialNumber</code> value identifies the user's hardware or virtual MFA device. The <code>TokenCode</code> is the time-based one-time password (TOTP) that the MFA device produces. </p>"
     },
     "AssumeRoleWithSAML":{
       "name":"AssumeRoleWithSAML",
@@ -51,7 +51,7 @@
         {"shape":"ExpiredTokenException"},
         {"shape":"RegionDisabledException"}
       ],
-      "documentation":"<p>Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the STS API operations</a> in the <i>IAM User Guide</i>.</p> <p>The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.</p> <p> <b>Session Duration</b> </p> <p>By default, the temporary security credentials created by <code>AssumeRoleWithSAML</code> last for one hour. However, you can use the optional <code>DurationSeconds</code> parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's <code>SessionNotOnOrAfter</code> value, whichever is shorter. You can provide a <code>DurationSeconds</code> value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>. The maximum session duration limit applies when you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html\">Using IAM Roles</a> in the <i>IAM User Guide</i>.</p> <note> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining\">Role chaining</a> limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the <code>AssumeRole</code> API operation to assume a role, you can specify the duration of your role session with the <code>DurationSeconds</code> parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a <code>DurationSeconds</code> parameter value greater than one hour, the operation fails.</p> </note> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider. </p> <important> <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. The entry includes the value in the <code>NameID</code> element of the SAML assertion. We recommend that you use a <code>NameIDType</code> that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (<code>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</code>).</p> </important> <p> <b>Tags</b> </p> <p>(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>SAML Configuration</b> </p> <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy. </p> <p>For more information, see the following resources:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html\">About SAML 2.0-based Federation</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html\">Creating SAML Identity Providers</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html\">Configuring a Relying Party and Claims</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html\">Creating a Role for SAML 2.0 Federation</a> in the <i>IAM User Guide</i>. </p> </li> </ul>"
+      "documentation":"<p>Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p> <p>The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.</p> <p> <b>Session Duration</b> </p> <p>By default, the temporary security credentials created by <code>AssumeRoleWithSAML</code> last for one hour. However, you can use the optional <code>DurationSeconds</code> parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's <code>SessionNotOnOrAfter</code> value, whichever is shorter. You can provide a <code>DurationSeconds</code> value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>. The maximum session duration limit applies when you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html\">Using IAM Roles</a> in the <i>IAM User Guide</i>.</p> <note> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining\">Role chaining</a> limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the <code>AssumeRole</code> API operation to assume a role, you can specify the duration of your role session with the <code>DurationSeconds</code> parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a <code>DurationSeconds</code> parameter value greater than one hour, the operation fails.</p> </note> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider. </p> <important> <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. The entry includes the value in the <code>NameID</code> element of the SAML assertion. We recommend that you use a <code>NameIDType</code> that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (<code>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</code>).</p> </important> <p> <b>Tags</b> </p> <p>(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>SAML Configuration</b> </p> <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy. </p> <p>For more information, see the following resources:</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html\">About SAML 2.0-based Federation</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html\">Creating SAML Identity Providers</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html\">Configuring a Relying Party and Claims</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html\">Creating a Role for SAML 2.0 Federation</a> in the <i>IAM User Guide</i>. </p> </li> </ul>"
     },
     "AssumeRoleWithWebIdentity":{
       "name":"AssumeRoleWithWebIdentity",
@@ -73,7 +73,7 @@
         {"shape":"ExpiredTokenException"},
         {"shape":"RegionDisabledException"}
       ],
-      "documentation":"<p>Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.</p> <note> <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the <a href=\"http://aws.amazon.com/sdkforios/\">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href=\"http://aws.amazon.com/sdkforandroid/\">Amazon Web Services SDK for Android Developer Guide</a> to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.</p> <p>To learn more about Amazon Cognito, see <a href=\"https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840\">Amazon Cognito Overview</a> in <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href=\"https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664\">Amazon Cognito Overview</a> in the <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> </note> <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the STS API operations</a> in the <i>IAM User Guide</i>.</p> <p>The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.</p> <p> <b>Session Duration</b> </p> <p>By default, the temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> last for one hour. However, you can use the optional <code>DurationSeconds</code> parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>. The maximum session duration limit applies when you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html\">Using IAM Roles</a> in the <i>IAM User Guide</i>. </p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p> <b>Tags</b> </p> <p>(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>Identities</b> </p> <p>Before your application can call <code>AssumeRoleWithWebIdentity</code>, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy. </p> <important> <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your CloudTrail logs. The entry includes the <a href=\"http://openid.net/specs/openid-connect-core-1_0.html#Claims\">Subject</a> of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as <a href=\"http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes\">suggested in the OIDC specification</a>.</p> </important> <p>For more information about how to use web identity federation and the <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html\">Using Web Identity Federation API Operations for Mobile Apps</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a>. </p> </li> <li> <p> <a href=\"https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/\"> Web Identity Federation Playground</a>. Walk through the process of authenticating through Login with Amazon, Facebook, or Google, getting temporary security credentials, and then using those credentials to make a request to Amazon Web Services. </p> </li> <li> <p> <a href=\"http://aws.amazon.com/sdkforios/\">Amazon Web Services SDK for iOS Developer Guide</a> and <a href=\"http://aws.amazon.com/sdkforandroid/\">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits contain sample apps that show how to invoke the identity providers. The toolkits then show how to use the information from these providers to get and use temporary security credentials. </p> </li> <li> <p> <a href=\"http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications\">Web Identity Federation with Mobile Applications</a>. This article discusses web identity federation and shows an example of how to use web identity federation to get access to content in Amazon S3. </p> </li> </ul>"
+      "documentation":"<p>Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.</p> <note> <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the <a href=\"http://aws.amazon.com/sdkforios/\">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href=\"http://aws.amazon.com/sdkforandroid/\">Amazon Web Services SDK for Android Developer Guide</a> to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.</p> <p>To learn more about Amazon Cognito, see <a href=\"https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840\">Amazon Cognito Overview</a> in <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href=\"https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664\">Amazon Cognito Overview</a> in the <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> </note> <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p> <p>The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.</p> <p> <b>Session Duration</b> </p> <p>By default, the temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> last for one hour. However, you can use the optional <code>DurationSeconds</code> parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>. The maximum session duration limit applies when you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html\">Using IAM Roles</a> in the <i>IAM User Guide</i>. </p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API operations.</p> <p>(Optional) You can pass inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policies</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>.</p> <p> <b>Tags</b> </p> <p>(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining\">Chaining Roles with Session Tags</a> in the <i>IAM User Guide</i>.</p> <p> <b>Identities</b> </p> <p>Before your application can call <code>AssumeRoleWithWebIdentity</code>, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy. </p> <important> <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your CloudTrail logs. The entry includes the <a href=\"http://openid.net/specs/openid-connect-core-1_0.html#Claims\">Subject</a> of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as <a href=\"http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes\">suggested in the OIDC specification</a>.</p> </important> <p>For more information about how to use web identity federation and the <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html\">Using Web Identity Federation API Operations for Mobile Apps</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a>. </p> </li> <li> <p> <a href=\"https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/\"> Web Identity Federation Playground</a>. Walk through the process of authenticating through Login with Amazon, Facebook, or Google, getting temporary security credentials, and then using those credentials to make a request to Amazon Web Services. </p> </li> <li> <p> <a href=\"http://aws.amazon.com/sdkforios/\">Amazon Web Services SDK for iOS Developer Guide</a> and <a href=\"http://aws.amazon.com/sdkforandroid/\">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits contain sample apps that show how to invoke the identity providers. The toolkits then show how to use the information from these providers to get and use temporary security credentials. </p> </li> <li> <p> <a href=\"http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications\">Web Identity Federation with Mobile Applications</a>. This article discusses web identity federation and shows an example of how to use web identity federation to get access to content in Amazon S3. </p> </li> </ul>"
     },
     "DecodeAuthorizationMessage":{
       "name":"DecodeAuthorizationMessage",
@@ -89,7 +89,7 @@
       "errors":[
         {"shape":"InvalidAuthorizationMessageException"}
       ],
-      "documentation":"<p>Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.</p> <p>For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can provide details about this authorization failure. </p> <note> <p>Only certain Amazon Web Services operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.</p> </note> <p>The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the <code>DecodeAuthorizationMessage</code> (<code>sts:DecodeAuthorizationMessage</code>) action. </p> <p>The decoded message includes the following type of information:</p> <ul> <li> <p>Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow\">Determining Whether a Request is Allowed or Denied</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p>The principal who made the request.</p> </li> <li> <p>The requested action.</p> </li> <li> <p>The requested resource.</p> </li> <li> <p>The values of condition keys in the context of the user's request.</p> </li> </ul>"
+      "documentation":"<p>Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.</p> <p>For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can provide details about this authorization failure. </p> <note> <p>Only certain Amazon Web Services operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.</p> </note> <p>The message is encoded because the details of the authorization status can contain privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions through an IAM <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">policy</a> to request the <code>DecodeAuthorizationMessage</code> (<code>sts:DecodeAuthorizationMessage</code>) action. </p> <p>The decoded message includes the following type of information:</p> <ul> <li> <p>Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow\">Determining Whether a Request is Allowed or Denied</a> in the <i>IAM User Guide</i>. </p> </li> <li> <p>The principal who made the request.</p> </li> <li> <p>The requested action.</p> </li> <li> <p>The requested resource.</p> </li> <li> <p>The values of condition keys in the context of the user's request.</p> </li> </ul>"
     },
     "GetAccessKeyInfo":{
       "name":"GetAccessKeyInfo",
@@ -133,7 +133,7 @@
         {"shape":"PackedPolicyTooLargeException"},
         {"shape":"RegionDisabledException"}
       ],
-      "documentation":"<p>Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the <code>GetFederationToken</code> operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of <code>GetFederationToken</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the STS API operations</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use <a href=\"http://aws.amazon.com/cognito/\">Amazon Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a> in the <i>IAM User Guide</i>.</p> </note> <p>You can also call <code>GetFederationToken</code> using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\">IAM Best Practices</a> in the <i>IAM User Guide</i>. </p> <p> <b>Session duration</b> </p> <p>The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> <p> <b>Permissions</b> </p> <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any Amazon Web Services service except the following:</p> <ul> <li> <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> </li> <li> <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p> </li> </ul> <p>You must pass an inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policy</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.</p> <p>Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>. For information about using <code>GetFederationToken</code> to create temporary security credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken\">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p> <p>You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the <code>Principal</code> element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.</p> <p> <b>Tags</b> </p> <p>(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use <a href=\"http://aws.amazon.com/cognito/\">Amazon Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a> in the <i>IAM User Guide</i>.</p> </note> <p>You can also call <code>GetFederationToken</code> using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\">IAM Best Practices</a> in the <i>IAM User Guide</i>. </p> <p> <b>Session duration</b> </p> <p>The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> <p> <b>Permissions</b> </p> <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any Amazon Web Services service except the following:</p> <ul> <li> <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> </li> <li> <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p> </li> </ul> <p>You must pass an inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policy</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.</p> <p>Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>. For information about using <code>GetFederationToken</code> to create temporary security credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken\">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p> <p>You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the <code>Principal</code> element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.</p> <p> <b>Tags</b> </p> <p>(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume that the user that you are federating has the <code>Department</code>=<code>Marketing</code> tag and you pass the <code>department</code>=<code>engineering</code> session tag. <code>Department</code> and <code>department</code> are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.</p>"
+      "documentation":"<p>Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the <code>GetFederationToken</code> operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of <code>GetFederationToken</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use <a href=\"http://aws.amazon.com/cognito/\">Amazon Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a> in the <i>IAM User Guide</i>.</p> </note> <p>You can also call <code>GetFederationToken</code> using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html\">IAM Best Practices</a> in the <i>IAM User Guide</i>. </p> <p> <b>Session duration</b> </p> <p>The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> <p> <b>Permissions</b> </p> <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any Amazon Web Services service except the following:</p> <ul> <li> <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> </li> <li> <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p> </li> </ul> <p>You must pass an inline or managed <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">session policy</a> to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.</p> <p>Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session\">Session Policies</a> in the <i>IAM User Guide</i>. For information about using <code>GetFederationToken</code> to create temporary security credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken\">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p> <p>You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the <code>Principal</code> element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.</p> <p> <b>Tags</b> </p> <p>(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <note> <p>You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use <a href=\"http://aws.amazon.com/cognito/\">Amazon Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity\">Federation Through a Web-based Identity Provider</a> in the <i>IAM User Guide</i>.</p> </note> <p>An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html\">Tutorial: Using Tags for Attribute-Based Access Control</a> in the <i>IAM User Guide</i>.</p> <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume that the user that you are federating has the <code>Department</code>=<code>Marketing</code> tag and you pass the <code>department</code>=<code>engineering</code> session tag. <code>Department</code> and <code>department</code> are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.</p>"
     },
     "GetSessionToken":{
       "name":"GetSessionToken",
@@ -149,7 +149,7 @@
       "errors":[
         {"shape":"RegionDisabledException"}
       ],
-      "documentation":"<p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of <code>GetSessionToken</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the STS API operations</a> in the <i>IAM User Guide</i>.</p> <p> <b>Session Duration</b> </p> <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>GetSessionToken</code> can be used to make API calls to any Amazon Web Services service with the following exceptions:</p> <ul> <li> <p>You cannot call any IAM API operations unless MFA authentication information is included in the request.</p> </li> <li> <p>You cannot call any STS API <i>except</i> <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p> </li> </ul> <note> <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account root user credentials. Instead, follow our <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users\">best practices</a> by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with Amazon Web Services. </p> </note> <p>The credentials that are returned by <code>GetSessionToken</code> are based on permissions associated with the user whose credentials were used to call the operation. If <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the temporary credentials have root user permissions. Similarly, if <code>GetSessionToken</code> is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user. </p> <p>For more information about using <code>GetSessionToken</code> to create temporary credentials, go to <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken\">Temporary Credentials for Users in Untrusted Environments</a> in the <i>IAM User Guide</i>. </p>"
+      "documentation":"<p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of <code>GetSessionToken</code> with the other API operations that produce temporary credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html\">Requesting Temporary Security Credentials</a> and <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison\">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p> <p> <b>Session Duration</b> </p> <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p> <p> <b>Permissions</b> </p> <p>The temporary security credentials created by <code>GetSessionToken</code> can be used to make API calls to any Amazon Web Services service with the following exceptions:</p> <ul> <li> <p>You cannot call any IAM API operations unless MFA authentication information is included in the request.</p> </li> <li> <p>You cannot call any STS API <i>except</i> <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p> </li> </ul> <note> <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account root user credentials. Instead, follow our <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users\">best practices</a> by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with Amazon Web Services. </p> </note> <p>The credentials that are returned by <code>GetSessionToken</code> are based on permissions associated with the user whose credentials were used to call the operation. If <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the temporary credentials have root user permissions. Similarly, if <code>GetSessionToken</code> is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user. </p> <p>For more information about using <code>GetSessionToken</code> to create temporary credentials, go to <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken\">Temporary Credentials for Users in Untrusted Environments</a> in the <i>IAM User Guide</i>. </p>"
     }
   },
   "shapes":{
@@ -178,11 +178,11 @@
         },
         "DurationSeconds":{
           "shape":"roleDurationSecondsType",
-          "documentation":"<p>The duration, in seconds, of the role session. The value specified can can range from 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
+          "documentation":"<p>The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. </p> <p>Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one hour. When you use the <code>AssumeRole</code> API operation to assume a role, you can specify the duration of your role session with the <code>DurationSeconds</code> parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a <code>DurationSeconds</code> parameter value greater than one hour, the operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
         },
         "Tags":{
           "shape":"tagListType",
-          "documentation":"<p>A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Tagging STS Sessions</a> in the <i>IAM User Guide</i>.</p> <p>This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key. </p> <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume that the role has the <code>Department</code>=<code>Marketing</code> tag and you pass the <code>department</code>=<code>engineering</code> session tag. <code>Department</code> and <code>department</code> are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.</p> <p>Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs\">Viewing Session Tags in CloudTrail</a> in the <i>IAM User Guide</i>.</p>"
+          "documentation":"<p>A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Tagging Amazon Web Services STS Sessions</a> in the <i>IAM User Guide</i>.</p> <p>This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p> <note> <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> response element indicates by percentage how close the policies and tags for your request are to the upper size limit. </p> </note> <p>You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key. </p> <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume that the role has the <code>Department</code>=<code>Marketing</code> tag and you pass the <code>department</code>=<code>engineering</code> session tag. <code>Department</code> and <code>department</code> are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.</p> <p>Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs\">Viewing Session Tags in CloudTrail</a> in the <i>IAM User Guide</i>.</p>"
         },
         "TransitiveTagKeys":{
           "shape":"tagKeyListType",
@@ -258,7 +258,7 @@
         },
         "DurationSeconds":{
           "shape":"roleDurationSecondsType",
-          "documentation":"<p>The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the <code>DurationSeconds</code> parameter, or until the time specified in the SAML authentication response's <code>SessionNotOnOrAfter</code> value, whichever is shorter. You can provide a <code>DurationSeconds</code> value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
+          "documentation":"<p>The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the <code>DurationSeconds</code> parameter, or until the time specified in the SAML authentication response's <code>SessionNotOnOrAfter</code> value, whichever is shorter. You can provide a <code>DurationSeconds</code> value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
         }
       }
     },
@@ -338,7 +338,7 @@
         },
         "DurationSeconds":{
           "shape":"roleDurationSecondsType",
-          "documentation":"<p>The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
+          "documentation":"<p>The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session\">View the Maximum Session Duration Setting for a Role</a> in the <i>IAM User Guide</i>.</p> <p>By default, the value is set to <code>3600</code> seconds. </p> <note> <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a <code>SessionDuration</code> parameter that specifies the maximum length of the console session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\">Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the <i>IAM User Guide</i>.</p> </note>"
         }
       }
     },
@@ -438,7 +438,7 @@
       "members":{
         "DecodedMessage":{
           "shape":"decodedMessageType",
-          "documentation":"<p>An XML document that contains the decoded message.</p>"
+          "documentation":"<p>The API returns a response with the decoded message.</p>"
         }
       },
       "documentation":"<p>A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an Amazon Web Services request.</p>"
@@ -569,7 +569,7 @@
         },
         "SerialNumber":{
           "shape":"serialNumberType",
-          "documentation":"<p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Management Console and viewing the user's security credentials. </p> <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-</p>"
+          "documentation":"<p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security credentials. </p> <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-</p>"
         },
         "TokenCode":{
           "shape":"tokenCodeType",
@@ -659,7 +659,7 @@
       "members":{
         "message":{"shape":"packedPolicyTooLargeMessage"}
       },
-      "documentation":"<p>The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You could receive this error even though you meet other defined session policy and session tag limits. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html\">IAM and STS Entity Character Limits</a> in the <i>IAM User Guide</i>.</p>",
+      "documentation":"<p>The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Passing Session Tags in STS</a> in the <i>IAM User Guide</i>.</p> <p>You could receive this error even though you meet other defined session policy and session tag limits. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length\">IAM and STS Entity Character Limits</a> in the <i>IAM User Guide</i>.</p>",
       "error":{
         "code":"PackedPolicyTooLarge",
         "httpStatusCode":400,
@@ -713,7 +713,7 @@
           "documentation":"<p>The value for a session tag.</p> <p>You can pass up to 50 session tags. The plain text session tag values can’t exceed 256 characters. For these and additional limits, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length\">IAM and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>"
         }
       },
-      "documentation":"<p>You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Tagging STS Sessions</a> in the <i>IAM User Guide</i>.</p>"
+      "documentation":"<p>You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html\">Tagging Amazon Web Services STS Sessions</a> in the <i>IAM User Guide</i>.</p>"
     },
     "accessKeyIdType":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/support/2013-04-15/service-2.json b/contrib/python/botocore/py3/botocore/data/support/2013-04-15/service-2.json
index 082e9718e1b..f9b09df669e 100644
--- a/contrib/python/botocore/py3/botocore/data/support/2013-04-15/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/support/2013-04-15/service-2.json
@@ -27,7 +27,7 @@
         {"shape":"AttachmentSetSizeLimitExceeded"},
         {"shape":"AttachmentLimitExceeded"}
       ],
-      "documentation":"<p>Adds one or more attachments to an attachment set. </p> <p>An attachment set is a temporary container for attachments that you add to a case or case communication. The set is available for 1 hour after it's created. The <code>expiryTime</code> returned in the response is when the set expires. </p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Adds one or more attachments to an attachment set. </p> <p>An attachment set is a temporary container for attachments that you add to a case or case communication. The set is available for 1 hour after it's created. The <code>expiryTime</code> returned in the response is when the set expires. </p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "AddCommunicationToCase":{
       "name":"AddCommunicationToCase",
@@ -43,7 +43,7 @@
         {"shape":"AttachmentSetIdNotFound"},
         {"shape":"AttachmentSetExpired"}
       ],
-      "documentation":"<p>Adds additional customer communication to an AWS Support case. Use the <code>caseId</code> parameter to identify the case to which to add communication. You can list a set of email addresses to copy on the communication by using the <code>ccEmailAddresses</code> parameter. The <code>communicationBody</code> value contains the text of the communication.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Adds additional customer communication to an Amazon Web Services Support case. Use the <code>caseId</code> parameter to identify the case to which to add communication. You can list a set of email addresses to copy on the communication by using the <code>ccEmailAddresses</code> parameter. The <code>communicationBody</code> value contains the text of the communication.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "CreateCase":{
       "name":"CreateCase",
@@ -59,7 +59,7 @@
         {"shape":"AttachmentSetIdNotFound"},
         {"shape":"AttachmentSetExpired"}
       ],
-      "documentation":"<p>Creates a case in the AWS Support Center. This operation is similar to how you create a case in the AWS Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p> <p>The AWS Support API doesn't support requesting service limit increases. You can submit a service limit increase in the following ways: </p> <ul> <li> <p>Submit a request from the AWS Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p> </li> <li> <p>Use the Service Quotas <a href=\"https://docs.aws.amazon.com/servicequotas/2019-06-24/apireference/API_RequestServiceQuotaIncrease.html\">RequestServiceQuotaIncrease</a> operation.</p> </li> </ul> <p>A successful <code>CreateCase</code> request returns an AWS Support case number. You can use the <a>DescribeCases</a> operation and specify the case number to get existing AWS Support cases. After you create a case, use the <a>AddCommunicationToCase</a> operation to add additional communication or attachments to an existing case.</p> <p>The <code>caseId</code> is separate from the <code>displayId</code> that appears in the <a href=\"https://console.aws.amazon.com/support\">AWS Support Center</a>. Use the <a>DescribeCases</a> operation to get the <code>displayId</code>.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Creates a case in the Amazon Web Services Support Center. This operation is similar to how you create a case in the Amazon Web Services Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p> <p>The Amazon Web Services Support API doesn't support requesting service limit increases. You can submit a service limit increase in the following ways: </p> <ul> <li> <p>Submit a request from the Amazon Web Services Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p> </li> <li> <p>Use the Service Quotas <a href=\"https://docs.aws.amazon.com/servicequotas/2019-06-24/apireference/API_RequestServiceQuotaIncrease.html\">RequestServiceQuotaIncrease</a> operation.</p> </li> </ul> <p>A successful <code>CreateCase</code> request returns an Amazon Web Services Support case number. You can use the <a>DescribeCases</a> operation and specify the case number to get existing Amazon Web Services Support cases. After you create a case, use the <a>AddCommunicationToCase</a> operation to add additional communication or attachments to an existing case.</p> <p>The <code>caseId</code> is separate from the <code>displayId</code> that appears in the <a href=\"https://console.aws.amazon.com/support\">Amazon Web Services Support Center</a>. Use the <a>DescribeCases</a> operation to get the <code>displayId</code>.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeAttachment":{
       "name":"DescribeAttachment",
@@ -74,7 +74,7 @@
         {"shape":"DescribeAttachmentLimitExceeded"},
         {"shape":"AttachmentIdNotFound"}
       ],
-      "documentation":"<p>Returns the attachment that has the specified ID. Attachments can include screenshots, error logs, or other files that describe your issue. Attachment IDs are generated by the case management system when you add an attachment to a case or case communication. Attachment IDs are returned in the <a>AttachmentDetails</a> objects that are returned by the <a>DescribeCommunications</a> operation.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the attachment that has the specified ID. Attachments can include screenshots, error logs, or other files that describe your issue. Attachment IDs are generated by the case management system when you add an attachment to a case or case communication. Attachment IDs are returned in the <a>AttachmentDetails</a> objects that are returned by the <a>DescribeCommunications</a> operation.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeCases":{
       "name":"DescribeCases",
@@ -88,7 +88,7 @@
         {"shape":"InternalServerError"},
         {"shape":"CaseIdNotFound"}
       ],
-      "documentation":"<p>Returns a list of cases that you specify by passing one or more case IDs. You can use the <code>afterTime</code> and <code>beforeTime</code> parameters to filter the cases by date. You can set values for the <code>includeResolvedCases</code> and <code>includeCommunications</code> parameters to specify how much information to return.</p> <p>The response returns the following in JSON format:</p> <ul> <li> <p>One or more <a href=\"https://docs.aws.amazon.com/awssupport/latest/APIReference/API_CaseDetails.html\">CaseDetails</a> data types.</p> </li> <li> <p>One or more <code>nextToken</code> values, which specify where to paginate the returned records represented by the <code>CaseDetails</code> objects.</p> </li> </ul> <p>Case data is available for 12 months after creation. If a case was created more than 12 months ago, a request might return an error.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns a list of cases that you specify by passing one or more case IDs. You can use the <code>afterTime</code> and <code>beforeTime</code> parameters to filter the cases by date. You can set values for the <code>includeResolvedCases</code> and <code>includeCommunications</code> parameters to specify how much information to return.</p> <p>The response returns the following in JSON format:</p> <ul> <li> <p>One or more <a href=\"https://docs.aws.amazon.com/awssupport/latest/APIReference/API_CaseDetails.html\">CaseDetails</a> data types.</p> </li> <li> <p>One or more <code>nextToken</code> values, which specify where to paginate the returned records represented by the <code>CaseDetails</code> objects.</p> </li> </ul> <p>Case data is available for 12 months after creation. If a case was created more than 12 months ago, a request might return an error.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeCommunications":{
       "name":"DescribeCommunications",
@@ -102,7 +102,7 @@
         {"shape":"InternalServerError"},
         {"shape":"CaseIdNotFound"}
       ],
-      "documentation":"<p>Returns communications and attachments for one or more support cases. Use the <code>afterTime</code> and <code>beforeTime</code> parameters to filter by date. You can use the <code>caseId</code> parameter to restrict the results to a specific case.</p> <p>Case data is available for 12 months after creation. If a case was created more than 12 months ago, a request for data might cause an error.</p> <p>You can use the <code>maxResults</code> and <code>nextToken</code> parameters to control the pagination of the results. Set <code>maxResults</code> to the number of cases that you want to display on each page, and use <code>nextToken</code> to specify the resumption of pagination.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns communications and attachments for one or more support cases. Use the <code>afterTime</code> and <code>beforeTime</code> parameters to filter by date. You can use the <code>caseId</code> parameter to restrict the results to a specific case.</p> <p>Case data is available for 12 months after creation. If a case was created more than 12 months ago, a request for data might cause an error.</p> <p>You can use the <code>maxResults</code> and <code>nextToken</code> parameters to control the pagination of the results. Set <code>maxResults</code> to the number of cases that you want to display on each page, and use <code>nextToken</code> to specify the resumption of pagination.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeServices":{
       "name":"DescribeServices",
@@ -115,7 +115,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the current list of AWS services and a list of service categories for each service. You then use service names and categories in your <a>CreateCase</a> requests. Each AWS service has its own set of categories.</p> <p>The service codes and category codes correspond to the values that appear in the <b>Service</b> and <b>Category</b> lists on the AWS Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page. The values in those fields don't necessarily match the service codes and categories returned by the <code>DescribeServices</code> operation. Always use the service codes and categories that the <code>DescribeServices</code> operation returns, so that you have the most recent set of service and category codes.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the current list of Amazon Web Services services and a list of service categories for each service. You then use service names and categories in your <a>CreateCase</a> requests. Each Amazon Web Services service has its own set of categories.</p> <p>The service codes and category codes correspond to the values that appear in the <b>Service</b> and <b>Category</b> lists on the Amazon Web Services Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page. The values in those fields don't necessarily match the service codes and categories returned by the <code>DescribeServices</code> operation. Always use the service codes and categories that the <code>DescribeServices</code> operation returns, so that you have the most recent set of service and category codes.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeSeverityLevels":{
       "name":"DescribeSeverityLevels",
@@ -128,7 +128,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the list of severity levels that you can assign to a support case. The severity level for a case is also a field in the <a>CaseDetails</a> data type that you include for a <a>CreateCase</a> request.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the list of severity levels that you can assign to a support case. The severity level for a case is also a field in the <a>CaseDetails</a> data type that you include for a <a>CreateCase</a> request.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeTrustedAdvisorCheckRefreshStatuses":{
       "name":"DescribeTrustedAdvisorCheckRefreshStatuses",
@@ -141,7 +141,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the refresh status of the AWS Trusted Advisor checks that have the specified check IDs. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>Some checks are refreshed automatically, and you can't return their refresh statuses by using the <code>DescribeTrustedAdvisorCheckRefreshStatuses</code> operation. If you call this operation for these checks, you might see an <code>InvalidParameterValue</code> error.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the refresh status of the Trusted Advisor checks that have the specified check IDs. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>Some checks are refreshed automatically, and you can't return their refresh statuses by using the <code>DescribeTrustedAdvisorCheckRefreshStatuses</code> operation. If you call this operation for these checks, you might see an <code>InvalidParameterValue</code> error.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeTrustedAdvisorCheckResult":{
       "name":"DescribeTrustedAdvisorCheckResult",
@@ -154,7 +154,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the results of the AWS Trusted Advisor check that has the specified check ID. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>The response contains a <a>TrustedAdvisorCheckResult</a> object, which contains these three objects:</p> <ul> <li> <p> <a>TrustedAdvisorCategorySpecificSummary</a> </p> </li> <li> <p> <a>TrustedAdvisorResourceDetail</a> </p> </li> <li> <p> <a>TrustedAdvisorResourcesSummary</a> </p> </li> </ul> <p>In addition, the response contains these fields:</p> <ul> <li> <p> <b>status</b> - The alert status of the check can be <code>ok</code> (green), <code>warning</code> (yellow), <code>error</code> (red), or <code>not_available</code>.</p> </li> <li> <p> <b>timestamp</b> - The time of the last refresh of the check.</p> </li> <li> <p> <b>checkId</b> - The unique identifier for the check.</p> </li> </ul> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the results of the Trusted Advisor check that has the specified check ID. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>The response contains a <a>TrustedAdvisorCheckResult</a> object, which contains these three objects:</p> <ul> <li> <p> <a>TrustedAdvisorCategorySpecificSummary</a> </p> </li> <li> <p> <a>TrustedAdvisorResourceDetail</a> </p> </li> <li> <p> <a>TrustedAdvisorResourcesSummary</a> </p> </li> </ul> <p>In addition, the response contains these fields:</p> <ul> <li> <p> <b>status</b> - The alert status of the check can be <code>ok</code> (green), <code>warning</code> (yellow), <code>error</code> (red), or <code>not_available</code>.</p> </li> <li> <p> <b>timestamp</b> - The time of the last refresh of the check.</p> </li> <li> <p> <b>checkId</b> - The unique identifier for the check.</p> </li> </ul> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeTrustedAdvisorCheckSummaries":{
       "name":"DescribeTrustedAdvisorCheckSummaries",
@@ -167,7 +167,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns the results for the AWS Trusted Advisor check summaries for the check IDs that you specified. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>The response contains an array of <a>TrustedAdvisorCheckSummary</a> objects.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns the results for the Trusted Advisor check summaries for the check IDs that you specified. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <p>The response contains an array of <a>TrustedAdvisorCheckSummary</a> objects.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "DescribeTrustedAdvisorChecks":{
       "name":"DescribeTrustedAdvisorChecks",
@@ -180,7 +180,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Returns information about all available AWS Trusted Advisor checks, including the name, ID, category, description, and metadata. You must specify a language code. The AWS Support API currently supports English (\"en\") and Japanese (\"ja\"). The response contains a <a>TrustedAdvisorCheckDescription</a> object for each check. You must set the AWS Region to us-east-1.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> <li> <p>The names and descriptions for Trusted Advisor checks are subject to change. We recommend that you specify the check ID in your code to uniquely identify a check.</p> </li> </ul> </note>"
+      "documentation":"<p>Returns information about all available Trusted Advisor checks, including the name, ID, category, description, and metadata. You must specify a language code. The Amazon Web Services Support API currently supports English (\"en\") and Japanese (\"ja\"). The response contains a <a>TrustedAdvisorCheckDescription</a> object for each check. You must set the Amazon Web Services Region to us-east-1.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> <li> <p>The names and descriptions for Trusted Advisor checks are subject to change. We recommend that you specify the check ID in your code to uniquely identify a check.</p> </li> </ul> </note>"
     },
     "RefreshTrustedAdvisorCheck":{
       "name":"RefreshTrustedAdvisorCheck",
@@ -193,7 +193,7 @@
       "errors":[
         {"shape":"InternalServerError"}
       ],
-      "documentation":"<p>Refreshes the AWS Trusted Advisor check that you specify using the check ID. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <note> <p>Some checks are refreshed automatically. If you call the <code>RefreshTrustedAdvisorCheck</code> operation to refresh them, you might see the <code>InvalidParameterValue</code> error.</p> </note> <p>The response contains a <a>TrustedAdvisorCheckRefreshStatus</a> object.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Refreshes the Trusted Advisor check that you specify using the check ID. You can get the check IDs by calling the <a>DescribeTrustedAdvisorChecks</a> operation.</p> <note> <p>Some checks are refreshed automatically. If you call the <code>RefreshTrustedAdvisorCheck</code> operation to refresh them, you might see the <code>InvalidParameterValue</code> error.</p> </note> <p>The response contains a <a>TrustedAdvisorCheckRefreshStatus</a> object.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     },
     "ResolveCase":{
       "name":"ResolveCase",
@@ -207,7 +207,7 @@
         {"shape":"InternalServerError"},
         {"shape":"CaseIdNotFound"}
       ],
-      "documentation":"<p>Resolves a support case. This operation takes a <code>caseId</code> and returns the initial and final state of the case.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note>"
+      "documentation":"<p>Resolves a support case. This operation takes a <code>caseId</code> and returns the initial and final state of the case.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note>"
     }
   },
   "shapes":{
@@ -387,11 +387,11 @@
         },
         "displayId":{
           "shape":"DisplayId",
-          "documentation":"<p>The ID displayed for the case in the AWS Support Center. This is a numeric string.</p>"
+          "documentation":"<p>The ID displayed for the case in the Amazon Web Services Support Center. This is a numeric string.</p>"
         },
         "subject":{
           "shape":"Subject",
-          "documentation":"<p>The subject line for the case in the AWS Support Center.</p>"
+          "documentation":"<p>The subject line for the case in the Amazon Web Services Support Center.</p>"
         },
         "status":{
           "shape":"Status",
@@ -399,7 +399,7 @@
         },
         "serviceCode":{
           "shape":"ServiceCode",
-          "documentation":"<p>The code for the AWS service. You can get a list of codes and the corresponding service names by calling <a>DescribeServices</a>.</p>"
+          "documentation":"<p>The code for the Amazon Web Services service. You can get a list of codes and the corresponding service names by calling <a>DescribeServices</a>.</p>"
         },
         "categoryCode":{
           "shape":"CategoryCode",
@@ -415,11 +415,11 @@
         },
         "timeCreated":{
           "shape":"TimeCreated",
-          "documentation":"<p>The time that the case was created in the AWS Support Center.</p>"
+          "documentation":"<p>The time that the case was created in the Amazon Web Services Support Center.</p>"
         },
         "recentCommunications":{
           "shape":"RecentCaseCommunications",
-          "documentation":"<p>The five most recent communications between you and AWS Support Center, including the IDs of any attachments to the communications. Also includes a <code>nextToken</code> that you can use to retrieve earlier communications.</p>"
+          "documentation":"<p>The five most recent communications between you and Amazon Web Services Support Center, including the IDs of any attachments to the communications. Also includes a <code>nextToken</code> that you can use to retrieve earlier communications.</p>"
         },
         "ccEmailAddresses":{
           "shape":"CcEmailAddressList",
@@ -427,10 +427,10 @@
         },
         "language":{
           "shape":"Language",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         }
       },
-      "documentation":"<p>A JSON-formatted object that contains the metadata for a support case. It is contained in the response from a <a>DescribeCases</a> request. <b>CaseDetails</b> contains the following fields:</p> <ul> <li> <p> <b>caseId</b> - The support case ID requested or returned in the call. The case ID is an alphanumeric string formatted as shown in this example: case-<i>12345678910-2013-c4c1d2bf33c5cf47</i>.</p> </li> <li> <p> <b>categoryCode</b> - The category of problem for the support case. Corresponds to the <code>CategoryCode</code> values returned by a call to <a>DescribeServices</a>.</p> </li> <li> <p> <b>displayId</b> - The identifier for the case on pages in the AWS Support Center.</p> </li> <li> <p> <b>language</b> - The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p> </li> <li> <p> <b>nextToken</b> - A resumption point for pagination.</p> </li> <li> <p> <b>recentCommunications</b> - One or more <a>Communication</a> objects. Fields of these objects are <code>attachments</code>, <code>body</code>, <code>caseId</code>, <code>submittedBy</code>, and <code>timeCreated</code>.</p> </li> <li> <p> <b>serviceCode</b> - The identifier for the AWS service that corresponds to the service code defined in the call to <a>DescribeServices</a>.</p> </li> <li> <p> <b>severityCode</b> - The severity code assigned to the case. Contains one of the values returned by the call to <a>DescribeSeverityLevels</a>. The possible values are: <code>low</code>, <code>normal</code>, <code>high</code>, <code>urgent</code>, and <code>critical</code>.</p> </li> <li> <p> <b>status</b> - The status of the case in the AWS Support Center. Valid values:</p> <ul> <li> <p> <code>opened</code> </p> </li> <li> <p> <code>pending-customer-action</code> </p> </li> <li> <p> <code>reopened</code> </p> </li> <li> <p> <code>resolved</code> </p> </li> <li> <p> <code>unassigned</code> </p> </li> <li> <p> <code>work-in-progress</code> </p> </li> </ul> </li> <li> <p> <b>subject</b> - The subject line of the case.</p> </li> <li> <p> <b>submittedBy</b> - The email address of the account that submitted the case.</p> </li> <li> <p> <b>timeCreated</b> - The time the case was created, in ISO-8601 format.</p> </li> </ul>"
+      "documentation":"<p>A JSON-formatted object that contains the metadata for a support case. It is contained in the response from a <a>DescribeCases</a> request. <b>CaseDetails</b> contains the following fields:</p> <ul> <li> <p> <b>caseId</b> - The support case ID requested or returned in the call. The case ID is an alphanumeric string formatted as shown in this example: case-<i>12345678910-2013-c4c1d2bf33c5cf47</i>.</p> </li> <li> <p> <b>categoryCode</b> - The category of problem for the support case. Corresponds to the <code>CategoryCode</code> values returned by a call to <a>DescribeServices</a>.</p> </li> <li> <p> <b>displayId</b> - The identifier for the case on pages in the Amazon Web Services Support Center.</p> </li> <li> <p> <b>language</b> - The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p> </li> <li> <p> <b>nextToken</b> - A resumption point for pagination.</p> </li> <li> <p> <b>recentCommunications</b> - One or more <a>Communication</a> objects. Fields of these objects are <code>attachments</code>, <code>body</code>, <code>caseId</code>, <code>submittedBy</code>, and <code>timeCreated</code>.</p> </li> <li> <p> <b>serviceCode</b> - The identifier for the Amazon Web Services service that corresponds to the service code defined in the call to <a>DescribeServices</a>.</p> </li> <li> <p> <b>severityCode</b> - The severity code assigned to the case. Contains one of the values returned by the call to <a>DescribeSeverityLevels</a>. The possible values are: <code>low</code>, <code>normal</code>, <code>high</code>, <code>urgent</code>, and <code>critical</code>.</p> </li> <li> <p> <b>status</b> - The status of the case in the Amazon Web Services Support Center. Valid values:</p> <ul> <li> <p> <code>opened</code> </p> </li> <li> <p> <code>pending-customer-action</code> </p> </li> <li> <p> <code>reopened</code> </p> </li> <li> <p> <code>resolved</code> </p> </li> <li> <p> <code>unassigned</code> </p> </li> <li> <p> <code>work-in-progress</code> </p> </li> </ul> </li> <li> <p> <b>subject</b> - The subject line of the case.</p> </li> <li> <p> <b>submittedBy</b> - The email address of the account that submitted the case.</p> </li> <li> <p> <b>timeCreated</b> - The time the case was created, in ISO-8601 format.</p> </li> </ul>"
     },
     "CaseId":{"type":"string"},
     "CaseIdList":{
@@ -467,7 +467,7 @@
           "documentation":"<p>The category name for the support case.</p>"
         }
       },
-      "documentation":"<p>A JSON-formatted name/value pair that represents the category name and category code of the problem, selected from the <a>DescribeServices</a> response for each AWS service.</p>"
+      "documentation":"<p>A JSON-formatted name/value pair that represents the category name and category code of the problem, selected from the <a>DescribeServices</a> response for each Amazon Web Services service.</p>"
     },
     "CategoryCode":{"type":"string"},
     "CategoryList":{
@@ -491,11 +491,11 @@
         },
         "body":{
           "shape":"CommunicationBody",
-          "documentation":"<p>The text of the communication between the customer and AWS Support.</p>"
+          "documentation":"<p>The text of the communication between the customer and Amazon Web Services Support.</p>"
         },
         "submittedBy":{
           "shape":"SubmittedBy",
-          "documentation":"<p>The identity of the account that submitted, or responded to, the support case. Customer entries include the role or IAM user as well as the email address. For example, \"AdminRole (Role) &lt;janedoe@example.com&gt;. Entries from the AWS Support team display \"Amazon Web Services,\" and don't show an email address. </p>"
+          "documentation":"<p>The identity of the account that submitted, or responded to, the support case. Customer entries include the role or IAM user as well as the email address. For example, \"AdminRole (Role) &lt;janedoe@example.com&gt;. Entries from the Amazon Web Services Support team display \"Amazon Web Services,\" and don't show an email address. </p>"
         },
         "timeCreated":{
           "shape":"TimeCreated",
@@ -526,31 +526,31 @@
       "members":{
         "subject":{
           "shape":"Subject",
-          "documentation":"<p>The title of the support case. The title appears in the <b>Subject</b> field on the AWS Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p>"
+          "documentation":"<p>The title of the support case. The title appears in the <b>Subject</b> field on the Amazon Web Services Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p>"
         },
         "serviceCode":{
           "shape":"ServiceCode",
-          "documentation":"<p>The code for the AWS service. You can use the <a>DescribeServices</a> operation to get the possible <code>serviceCode</code> values.</p>"
+          "documentation":"<p>The code for the Amazon Web Services service. You can use the <a>DescribeServices</a> operation to get the possible <code>serviceCode</code> values.</p>"
         },
         "severityCode":{
           "shape":"SeverityCode",
-          "documentation":"<p>A value that indicates the urgency of the case. This value determines the response time according to your service level agreement with AWS Support. You can use the <a>DescribeSeverityLevels</a> operation to get the possible values for <code>severityCode</code>. </p> <p>For more information, see <a>SeverityLevel</a> and <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html#choosing-severity\">Choosing a Severity</a> in the <i>AWS Support User Guide</i>.</p> <note> <p>The availability of severity levels depends on the support plan for the AWS account.</p> </note>"
+          "documentation":"<p>A value that indicates the urgency of the case. This value determines the response time according to your service level agreement with Amazon Web Services Support. You can use the <a>DescribeSeverityLevels</a> operation to get the possible values for <code>severityCode</code>. </p> <p>For more information, see <a>SeverityLevel</a> and <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html#choosing-severity\">Choosing a Severity</a> in the <i>Amazon Web Services Support User Guide</i>.</p> <note> <p>The availability of severity levels depends on the support plan for the Amazon Web Services account.</p> </note>"
         },
         "categoryCode":{
           "shape":"CategoryCode",
-          "documentation":"<p>The category of problem for the support case. You also use the <a>DescribeServices</a> operation to get the category code for a service. Each AWS service defines its own set of category codes.</p>"
+          "documentation":"<p>The category of problem for the support case. You also use the <a>DescribeServices</a> operation to get the category code for a service. Each Amazon Web Services service defines its own set of category codes.</p>"
         },
         "communicationBody":{
           "shape":"CommunicationBody",
-          "documentation":"<p>The communication body text that describes the issue. This text appears in the <b>Description</b> field on the AWS Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p>"
+          "documentation":"<p>The communication body text that describes the issue. This text appears in the <b>Description</b> field on the Amazon Web Services Support Center <a href=\"https://console.aws.amazon.com/support/home#/case/create\">Create Case</a> page.</p>"
         },
         "ccEmailAddresses":{
           "shape":"CcEmailAddressList",
-          "documentation":"<p>A list of email addresses that AWS Support copies on case correspondence. AWS Support identifies the account that creates the case when you specify your AWS credentials in an HTTP POST method or use the <a href=\"http://aws.amazon.com/tools/\">AWS SDKs</a>. </p>"
+          "documentation":"<p>A list of email addresses that Amazon Web Services Support copies on case correspondence. Amazon Web Services Support identifies the account that creates the case when you specify your Amazon Web Services credentials in an HTTP POST method or use the <a href=\"http://aws.amazon.com/tools/\">Amazon Web Services SDKs</a>. </p>"
         },
         "language":{
           "shape":"Language",
-          "documentation":"<p>The language in which AWS Support handles the case. You must specify the ISO 639-1 code for the <code>language</code> parameter if you want support in that language. Currently, English (\"en\") and Japanese (\"ja\") are supported.</p>"
+          "documentation":"<p>The language in which Amazon Web Services Support handles the case. You must specify the ISO 639-1 code for the <code>language</code> parameter if you want support in that language. Currently, English (\"en\") and Japanese (\"ja\") are supported.</p>"
         },
         "issueType":{
           "shape":"IssueType",
@@ -613,7 +613,7 @@
         },
         "displayId":{
           "shape":"DisplayId",
-          "documentation":"<p>The ID displayed for a case in the AWS Support Center user interface.</p>"
+          "documentation":"<p>The ID displayed for a case in the Amazon Web Services Support Center user interface.</p>"
         },
         "afterTime":{
           "shape":"AfterTime",
@@ -637,7 +637,7 @@
         },
         "language":{
           "shape":"Language",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         },
         "includeCommunications":{
           "shape":"IncludeCommunications",
@@ -704,11 +704,11 @@
       "members":{
         "serviceCodeList":{
           "shape":"ServiceCodeList",
-          "documentation":"<p>A JSON-formatted list of service codes available for AWS services.</p>"
+          "documentation":"<p>A JSON-formatted list of service codes available for Amazon Web Services services.</p>"
         },
         "language":{
           "shape":"Language",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         }
       }
     },
@@ -717,17 +717,17 @@
       "members":{
         "services":{
           "shape":"ServiceList",
-          "documentation":"<p>A JSON-formatted list of AWS services.</p>"
+          "documentation":"<p>A JSON-formatted list of Amazon Web Services services.</p>"
         }
       },
-      "documentation":"<p>The list of AWS services returned by the <a>DescribeServices</a> operation.</p>"
+      "documentation":"<p>The list of Amazon Web Services services returned by the <a>DescribeServices</a> operation.</p>"
     },
     "DescribeSeverityLevelsRequest":{
       "type":"structure",
       "members":{
         "language":{
           "shape":"Language",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         }
       }
     },
@@ -736,7 +736,7 @@
       "members":{
         "severityLevels":{
           "shape":"SeverityLevelsList",
-          "documentation":"<p>The available severity levels for the support case. Available severity levels are defined by your service level agreement with AWS.</p>"
+          "documentation":"<p>The available severity levels for the support case. Available severity levels are defined by your service level agreement with Amazon Web Services.</p>"
         }
       },
       "documentation":"<p>The list of severity levels returned by the <a>DescribeSeverityLevels</a> operation.</p>"
@@ -772,7 +772,7 @@
         },
         "language":{
           "shape":"String",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         }
       },
       "documentation":"<p/>"
@@ -814,7 +814,7 @@
       "members":{
         "language":{
           "shape":"String",
-          "documentation":"<p>The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
+          "documentation":"<p>The ISO 639-1 code for the language in which Amazon Web Services provides support. Amazon Web Services Support currently supports English (\"en\") and Japanese (\"ja\"). Language parameters must be passed explicitly for operations that take them.</p>"
         }
       }
     },
@@ -922,18 +922,18 @@
       "members":{
         "code":{
           "shape":"ServiceCode",
-          "documentation":"<p>The code for an AWS service returned by the <a>DescribeServices</a> response. The <code>name</code> element contains the corresponding friendly name.</p>"
+          "documentation":"<p>The code for an Amazon Web Services service returned by the <a>DescribeServices</a> response. The <code>name</code> element contains the corresponding friendly name.</p>"
         },
         "name":{
           "shape":"ServiceName",
-          "documentation":"<p>The friendly name for an AWS service. The <code>code</code> element contains the corresponding code.</p>"
+          "documentation":"<p>The friendly name for an Amazon Web Services service. The <code>code</code> element contains the corresponding code.</p>"
         },
         "categories":{
           "shape":"CategoryList",
-          "documentation":"<p>A list of categories that describe the type of support issue a case describes. Categories consist of a category name and a category code. Category names and codes are passed to AWS Support when you call <a>CreateCase</a>.</p>"
+          "documentation":"<p>A list of categories that describe the type of support issue a case describes. Categories consist of a category name and a category code. Category names and codes are passed to Amazon Web Services Support when you call <a>CreateCase</a>.</p>"
         }
       },
-      "documentation":"<p>Information about an AWS service returned by the <a>DescribeServices</a> operation.</p>"
+      "documentation":"<p>Information about an Amazon Web Services service returned by the <a>DescribeServices</a> operation.</p>"
     },
     "ServiceCode":{"type":"string"},
     "ServiceCodeList":{
@@ -957,10 +957,10 @@
         },
         "name":{
           "shape":"SeverityLevelName",
-          "documentation":"<p>The name of the severity level that corresponds to the severity level code.</p> <note> <p>The values returned by the API are different from the values that appear in the AWS Support Center. For example, the API uses the code <code>low</code>, but the name appears as General guidance in Support Center. </p> <p>The following are the API code names and how they appear in the console:</p> <ul> <li> <p> <code>low</code> - General guidance</p> </li> <li> <p> <code>normal</code> - System impaired</p> </li> <li> <p> <code>high</code> - Production system impaired</p> </li> <li> <p> <code>urgent</code> - Production system down</p> </li> <li> <p> <code>critical</code> - Business-critical system down</p> </li> </ul> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/case-management.html#choosing-severity\">Choosing a severity</a> in the <i>AWS Support User Guide</i>.</p>"
+          "documentation":"<p>The name of the severity level that corresponds to the severity level code.</p> <note> <p>The values returned by the API are different from the values that appear in the Amazon Web Services Support Center. For example, the API uses the code <code>low</code>, but the name appears as General guidance in Support Center. </p> <p>The following are the API code names and how they appear in the console:</p> <ul> <li> <p> <code>low</code> - General guidance</p> </li> <li> <p> <code>normal</code> - System impaired</p> </li> <li> <p> <code>high</code> - Production system impaired</p> </li> <li> <p> <code>urgent</code> - Production system down</p> </li> <li> <p> <code>critical</code> - Business-critical system down</p> </li> </ul> </note> <p>For more information, see <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/case-management.html#choosing-severity\">Choosing a severity</a> in the <i>Amazon Web Services Support User Guide</i>.</p>"
         }
       },
-      "documentation":"<p>A code and name pair that represents the severity level of a support case. The available values depend on the support plan for the account. For more information, see <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/case-management.html#choosing-severity\">Choosing a severity</a> in the <i>AWS Support User Guide</i>.</p>"
+      "documentation":"<p>A code and name pair that represents the severity level of a support case. The available values depend on the support plan for the account. For more information, see <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/case-management.html#choosing-severity\">Choosing a severity</a> in the <i>Amazon Web Services Support User Guide</i>.</p>"
     },
     "SeverityLevelCode":{"type":"string"},
     "SeverityLevelName":{"type":"string"},
@@ -1156,7 +1156,7 @@
         },
         "region":{
           "shape":"String",
-          "documentation":"<p>The AWS Region in which the identified resource is located.</p>"
+          "documentation":"<p>The Amazon Web Services Region in which the identified resource is located.</p>"
         },
         "resourceId":{
           "shape":"String",
@@ -1164,7 +1164,7 @@
         },
         "isSuppressed":{
           "shape":"Boolean",
-          "documentation":"<p>Specifies whether the AWS resource was ignored by Trusted Advisor because it was marked as suppressed by the user.</p>"
+          "documentation":"<p>Specifies whether the Amazon Web Services resource was ignored by Trusted Advisor because it was marked as suppressed by the user.</p>"
         },
         "metadata":{
           "shape":"StringList",
@@ -1188,23 +1188,23 @@
       "members":{
         "resourcesProcessed":{
           "shape":"Long",
-          "documentation":"<p>The number of AWS resources that were analyzed by the Trusted Advisor check.</p>"
+          "documentation":"<p>The number of Amazon Web Services resources that were analyzed by the Trusted Advisor check.</p>"
         },
         "resourcesFlagged":{
           "shape":"Long",
-          "documentation":"<p>The number of AWS resources that were flagged (listed) by the Trusted Advisor check.</p>"
+          "documentation":"<p>The number of Amazon Web Services resources that were flagged (listed) by the Trusted Advisor check.</p>"
         },
         "resourcesIgnored":{
           "shape":"Long",
-          "documentation":"<p>The number of AWS resources ignored by Trusted Advisor because information was unavailable.</p>"
+          "documentation":"<p>The number of Amazon Web Services resources ignored by Trusted Advisor because information was unavailable.</p>"
         },
         "resourcesSuppressed":{
           "shape":"Long",
-          "documentation":"<p>The number of AWS resources ignored by Trusted Advisor because they were marked as suppressed by the user.</p>"
+          "documentation":"<p>The number of Amazon Web Services resources ignored by Trusted Advisor because they were marked as suppressed by the user.</p>"
         }
       },
-      "documentation":"<p>Details about AWS resources that were analyzed in a call to Trusted Advisor <a>DescribeTrustedAdvisorCheckSummaries</a>.</p>"
+      "documentation":"<p>Details about Amazon Web Services resources that were analyzed in a call to Trusted Advisor <a>DescribeTrustedAdvisorCheckSummaries</a>.</p>"
     }
   },
-  "documentation":"<fullname>AWS Support</fullname> <p>The <i>AWS Support API Reference</i> is intended for programmers who need detailed information about the AWS Support operations and data types. You can use the API to manage your support cases programmatically. The AWS Support API uses HTTP methods that return results in JSON format.</p> <note> <ul> <li> <p>You must have a Business or Enterprise Support plan to use the AWS Support API. </p> </li> <li> <p>If you call the AWS Support API from an account that does not have a Business or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">AWS Support</a>.</p> </li> </ul> </note> <p>The AWS Support service also exposes a set of <a href=\"http://aws.amazon.com/premiumsupport/trustedadvisor/\">AWS Trusted Advisor</a> features. You can retrieve a list of checks and their descriptions, get check results, specify checks to refresh, and get the refresh status of checks.</p> <p>The following list describes the AWS Support case management operations:</p> <ul> <li> <p> Service names, issue categories, and available severity levels - The <a>DescribeServices</a> and <a>DescribeSeverityLevels</a> operations return AWS service names, service codes, service categories, and problem severity levels. You use these values when you call the <a>CreateCase</a> operation.</p> </li> <li> <p> Case creation, case details, and case resolution - The <a>CreateCase</a>, <a>DescribeCases</a>, <a>DescribeAttachment</a>, and <a>ResolveCase</a> operations create AWS Support cases, retrieve information about cases, and resolve cases.</p> </li> <li> <p> Case communication - The <a>DescribeCommunications</a>, <a>AddCommunicationToCase</a>, and <a>AddAttachmentsToSet</a> operations retrieve and add communications and attachments to AWS Support cases.</p> </li> </ul> <p>The following list describes the operations available from the AWS Support service for Trusted Advisor:</p> <ul> <li> <p> <a>DescribeTrustedAdvisorChecks</a> returns the list of checks that run against your AWS resources.</p> </li> <li> <p>Using the <code>checkId</code> for a specific check returned by <a>DescribeTrustedAdvisorChecks</a>, you can call <a>DescribeTrustedAdvisorCheckResult</a> to obtain the results for the check that you specified.</p> </li> <li> <p> <a>DescribeTrustedAdvisorCheckSummaries</a> returns summarized results for one or more Trusted Advisor checks.</p> </li> <li> <p> <a>RefreshTrustedAdvisorCheck</a> requests that Trusted Advisor rerun a specified check.</p> </li> <li> <p> <a>DescribeTrustedAdvisorCheckRefreshStatuses</a> reports the refresh status of one or more checks.</p> </li> </ul> <p>For authentication of requests, AWS Support uses <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>.</p> <p>See <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/Welcome.html\">About the AWS Support API</a> in the <i>AWS Support User Guide</i> for information about how to use this service to create and manage your support cases, and how to call Trusted Advisor for results of checks on your resources.</p>"
+  "documentation":"<fullname>Amazon Web Services Support</fullname> <p>The <i>Amazon Web Services Support API Reference</i> is intended for programmers who need detailed information about the Amazon Web Services Support operations and data types. You can use the API to manage your support cases programmatically. The Amazon Web Services Support API uses HTTP methods that return results in JSON format.</p> <note> <ul> <li> <p>You must have a Business, Enterprise On-Ramp, or Enterprise Support plan to use the Amazon Web Services Support API. </p> </li> <li> <p>If you call the Amazon Web Services Support API from an account that does not have a Business, Enterprise On-Ramp, or Enterprise Support plan, the <code>SubscriptionRequiredException</code> error message appears. For information about changing your support plan, see <a href=\"http://aws.amazon.com/premiumsupport/\">Amazon Web Services Support</a>.</p> </li> </ul> </note> <p>The Amazon Web Services Support service also exposes a set of <a href=\"http://aws.amazon.com/premiumsupport/trustedadvisor/\">Trusted Advisor</a> features. You can retrieve a list of checks and their descriptions, get check results, specify checks to refresh, and get the refresh status of checks.</p> <p>The following list describes the Amazon Web Services Support case management operations:</p> <ul> <li> <p> Service names, issue categories, and available severity levels - The <a>DescribeServices</a> and <a>DescribeSeverityLevels</a> operations return Amazon Web Services service names, service codes, service categories, and problem severity levels. You use these values when you call the <a>CreateCase</a> operation.</p> </li> <li> <p> Case creation, case details, and case resolution - The <a>CreateCase</a>, <a>DescribeCases</a>, <a>DescribeAttachment</a>, and <a>ResolveCase</a> operations create Amazon Web Services Support cases, retrieve information about cases, and resolve cases.</p> </li> <li> <p> Case communication - The <a>DescribeCommunications</a>, <a>AddCommunicationToCase</a>, and <a>AddAttachmentsToSet</a> operations retrieve and add communications and attachments to Amazon Web Services Support cases.</p> </li> </ul> <p>The following list describes the operations available from the Amazon Web Services Support service for Trusted Advisor:</p> <ul> <li> <p> <a>DescribeTrustedAdvisorChecks</a> returns the list of checks that run against your Amazon Web Services resources.</p> </li> <li> <p>Using the <code>checkId</code> for a specific check returned by <a>DescribeTrustedAdvisorChecks</a>, you can call <a>DescribeTrustedAdvisorCheckResult</a> to obtain the results for the check that you specified.</p> </li> <li> <p> <a>DescribeTrustedAdvisorCheckSummaries</a> returns summarized results for one or more Trusted Advisor checks.</p> </li> <li> <p> <a>RefreshTrustedAdvisorCheck</a> requests that Trusted Advisor rerun a specified check.</p> </li> <li> <p> <a>DescribeTrustedAdvisorCheckRefreshStatuses</a> reports the refresh status of one or more checks.</p> </li> </ul> <p>For authentication of requests, Amazon Web Services Support uses <a href=\"https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\">Signature Version 4 Signing Process</a>.</p> <p>See <a href=\"https://docs.aws.amazon.com/awssupport/latest/user/Welcome.html\">About the Amazon Web Services Support API</a> in the <i>Amazon Web Services Support User Guide</i> for information about how to use this service to create and manage your support cases, and how to call Trusted Advisor for results of checks on your resources.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/synthetics/2017-10-11/service-2.json b/contrib/python/botocore/py3/botocore/data/synthetics/2017-10-11/service-2.json
index fcf0b35e2e0..b9e0cebf3a4 100644
--- a/contrib/python/botocore/py3/botocore/data/synthetics/2017-10-11/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/synthetics/2017-10-11/service-2.json
@@ -23,7 +23,8 @@
       "output":{"shape":"CreateCanaryResponse"},
       "errors":[
         {"shape":"InternalServerException"},
-        {"shape":"ValidationException"}
+        {"shape":"ValidationException"},
+        {"shape":"RequestEntityTooLargeException"}
       ],
       "documentation":"<p>Creates a canary. Canaries are scripts that monitor your endpoints and APIs from the outside-in. Canaries help you check the availability and latency of your web services and troubleshoot anomalies by investigating load time data, screenshots of the UI, logs, and metrics. You can set up a canary to run continuously or just once. </p> <p>Do not use <code>CreateCanary</code> to modify an existing canary. Use <a href=\"https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_UpdateCanary.html\">UpdateCanary</a> instead.</p> <p>To create canaries, you must have the <code>CloudWatchSyntheticsFullAccess</code> policy. If you are creating a new IAM role for the canary, you also need the the <code>iam:CreateRole</code>, <code>iam:CreatePolicy</code> and <code>iam:AttachRolePolicy</code> permissions. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Roles\">Necessary Roles and Permissions</a>.</p> <p>Do not include secrets or proprietary information in your canary names. The canary name makes up part of the Amazon Resource Name (ARN) for the canary, and the ARN is included in outbound calls over the internet. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/servicelens_canaries_security.html\">Security Considerations for Synthetics Canaries</a>.</p>"
     },
@@ -55,7 +56,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>This operation returns a list of the canaries in your account, along with full details about each canary.</p> <p>This operation does not have resource-level authorization, so if a user is able to use <code>DescribeCanaries</code>, the user can see all of the canaries in the account. A deny policy can only be used to restrict access to all canaries. It cannot be used on specific resources. </p>"
+      "documentation":"<p>This operation returns a list of the canaries in your account, along with full details about each canary.</p> <p>This operation supports resource-level authorization using an IAM policy and the <code>Names</code> parameter. If you specify the <code>Names</code> parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.</p> <p>You are required to use the <code>Names</code> parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Restricted.html\"> Limiting a user to viewing specific canaries</a>.</p>"
     },
     "DescribeCanariesLastRun":{
       "name":"DescribeCanariesLastRun",
@@ -69,7 +70,7 @@
         {"shape":"InternalServerException"},
         {"shape":"ValidationException"}
       ],
-      "documentation":"<p>Use this operation to see information from the most recent run of each canary that you have created.</p>"
+      "documentation":"<p>Use this operation to see information from the most recent run of each canary that you have created.</p> <p>This operation supports resource-level authorization using an IAM policy and the <code>Names</code> parameter. If you specify the <code>Names</code> parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.</p> <p>You are required to use the <code>Names</code> parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Restricted.html\"> Limiting a user to viewing specific canaries</a>.</p>"
     },
     "DescribeRuntimeVersions":{
       "name":"DescribeRuntimeVersions",
@@ -203,7 +204,8 @@
         {"shape":"InternalServerException"},
         {"shape":"ValidationException"},
         {"shape":"ResourceNotFoundException"},
-        {"shape":"ConflictException"}
+        {"shape":"ConflictException"},
+        {"shape":"RequestEntityTooLargeException"}
       ],
       "documentation":"<p>Use this operation to change the settings of a canary that has already been created.</p> <p>You can't use this operation to update the tags of an existing canary. To change the tags of an existing canary, use <a href=\"https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_TagResource.html\">TagResource</a>.</p>"
     }
@@ -360,7 +362,7 @@
         },
         "ZipFile":{
           "shape":"Blob",
-          "documentation":"<p>If you input your canary script directly into the canary instead of referring to an S3 location, the value of this parameter is the base64-encoded contents of the .zip file that contains the script. It must be smaller than 256 Kb.</p>"
+          "documentation":"<p>If you input your canary script directly into the canary instead of referring to an S3 location, the value of this parameter is the base64-encoded contents of the .zip file that contains the script. It must be smaller than 225 Kb.</p> <p>For large canary scripts, we recommend that you use an S3 location instead of inputting it directly with this parameter.</p>"
         },
         "Handler":{
           "shape":"String",
@@ -703,6 +705,12 @@
       "members":{
       }
     },
+    "DescribeCanariesLastRunNameFilter":{
+      "type":"list",
+      "member":{"shape":"CanaryName"},
+      "max":5,
+      "min":1
+    },
     "DescribeCanariesLastRunRequest":{
       "type":"structure",
       "members":{
@@ -713,6 +721,10 @@
         "MaxResults":{
           "shape":"MaxSize100",
           "documentation":"<p>Specify this parameter to limit how many runs are returned each time you use the <code>DescribeLastRun</code> operation. If you omit this parameter, the default of 100 is used.</p>"
+        },
+        "Names":{
+          "shape":"DescribeCanariesLastRunNameFilter",
+          "documentation":"<p>Use this parameter to return only canaries that match the names that you specify here. You can specify as many as five canary names.</p> <p>If you specify this parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.</p> <p>You are required to use the <code>Names</code> parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Restricted.html\"> Limiting a user to viewing specific canaries</a>.</p>"
         }
       }
     },
@@ -729,6 +741,12 @@
         }
       }
     },
+    "DescribeCanariesNameFilter":{
+      "type":"list",
+      "member":{"shape":"CanaryName"},
+      "max":5,
+      "min":1
+    },
     "DescribeCanariesRequest":{
       "type":"structure",
       "members":{
@@ -739,6 +757,10 @@
         "MaxResults":{
           "shape":"MaxCanaryResults",
           "documentation":"<p>Specify this parameter to limit how many canaries are returned each time you use the <code>DescribeCanaries</code> operation. If you omit this parameter, the default of 100 is used.</p>"
+        },
+        "Names":{
+          "shape":"DescribeCanariesNameFilter",
+          "documentation":"<p>Use this parameter to return only canaries that match the names that you specify here. You can specify as many as five canary names.</p> <p>If you specify this parameter, the operation is successful only if you have authorization to view all the canaries that you specify in your request. If you do not have permission to view any of the canaries, the request fails with a 403 response.</p> <p>You are required to use this parameter if you are logged on to a user or role that has an IAM policy that restricts which canaries that you are allowed to view. For more information, see <a href=\"https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Restricted.html\"> Limiting a user to viewing specific canaries</a>.</p>"
         }
       }
     },
@@ -926,6 +948,15 @@
       "min":960
     },
     "NullableBoolean":{"type":"boolean"},
+    "RequestEntityTooLargeException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>One of the input resources is larger than is allowed.</p>",
+      "error":{"httpStatusCode":413},
+      "exception":true
+    },
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/textract/2018-06-27/service-2.json b/contrib/python/botocore/py3/botocore/data/textract/2018-06-27/service-2.json
index 127c12e04d8..74d1724eb09 100644
--- a/contrib/python/botocore/py3/botocore/data/textract/2018-06-27/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/textract/2018-06-27/service-2.json
@@ -53,7 +53,28 @@
         {"shape":"InternalServerError"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Analyzes an input document for financially related relationships between text.</p> <p>Information is returned as <code>ExpenseDocuments</code> and seperated as follows.</p> <ul> <li> <p> <code>LineItemGroups</code>- A data set containing <code>LineItems</code> which store information about the lines of text, such as an item purchased and its price on a receipt.</p> </li> <li> <p> <code>SummaryFields</code>- Contains all other information a receipt, such as header information or the vendors name.</p> </li> </ul>"
+      "documentation":"<p> <code>AnalyzeExpense</code> synchronously analyzes an input document for financially related relationships between text.</p> <p>Information is returned as <code>ExpenseDocuments</code> and seperated as follows.</p> <ul> <li> <p> <code>LineItemGroups</code>- A data set containing <code>LineItems</code> which store information about the lines of text, such as an item purchased and its price on a receipt.</p> </li> <li> <p> <code>SummaryFields</code>- Contains all other information a receipt, such as header information or the vendors name.</p> </li> </ul>"
+    },
+    "AnalyzeID":{
+      "name":"AnalyzeID",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"AnalyzeIDRequest"},
+      "output":{"shape":"AnalyzeIDResponse"},
+      "errors":[
+        {"shape":"InvalidParameterException"},
+        {"shape":"InvalidS3ObjectException"},
+        {"shape":"UnsupportedDocumentException"},
+        {"shape":"DocumentTooLargeException"},
+        {"shape":"BadDocumentException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ProvisionedThroughputExceededException"},
+        {"shape":"InternalServerError"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Analyzes identity documents for relevant information. This information is extracted and returned as <code>IdentityDocumentFields</code>, which records both the normalized field and value of the extracted text.</p>"
     },
     "DetectDocumentText":{
       "name":"DetectDocumentText",
@@ -276,6 +297,49 @@
         }
       }
     },
+    "AnalyzeIDDetections":{
+      "type":"structure",
+      "required":["Text"],
+      "members":{
+        "Text":{
+          "shape":"String",
+          "documentation":"<p>Text of either the normalized field or value associated with it.</p>"
+        },
+        "NormalizedValue":{
+          "shape":"NormalizedValue",
+          "documentation":"<p>Only returned for dates, returns the type of value detected and the date written in a more machine readable way.</p>"
+        },
+        "Confidence":{
+          "shape":"Percent",
+          "documentation":"<p>The confidence score of the detected text.</p>"
+        }
+      },
+      "documentation":"<p>Used to contain the information detected by an AnalyzeID operation.</p>"
+    },
+    "AnalyzeIDRequest":{
+      "type":"structure",
+      "required":["DocumentPages"],
+      "members":{
+        "DocumentPages":{
+          "shape":"DocumentPages",
+          "documentation":"<p>The document being passed to AnalyzeID.</p>"
+        }
+      }
+    },
+    "AnalyzeIDResponse":{
+      "type":"structure",
+      "members":{
+        "IdentityDocuments":{
+          "shape":"IdentityDocumentList",
+          "documentation":"<p>The list of documents processed by AnalyzeID. Includes a number denoting their place in the list and the response structure for the document.</p>"
+        },
+        "DocumentMetadata":{"shape":"DocumentMetadata"},
+        "AnalyzeIDModelVersion":{
+          "shape":"String",
+          "documentation":"<p>The version of the AnalyzeIdentity API being used to process documents.</p>"
+        }
+      }
+    },
     "BadDocumentException":{
       "type":"structure",
       "members":{
@@ -462,6 +526,12 @@
       },
       "documentation":"<p>Information about the input document.</p>"
     },
+    "DocumentPages":{
+      "type":"list",
+      "member":{"shape":"Document"},
+      "max":2,
+      "min":1
+    },
     "DocumentTooLargeException":{
       "type":"structure",
       "members":{
@@ -538,7 +608,7 @@
           "documentation":"<p>The page number the value was detected on.</p>"
         }
       },
-      "documentation":"<p>Breakdown of detected information, seperated into the catagories Type, LableDetection, and ValueDetection</p>"
+      "documentation":"<p>Breakdown of detected information, seperated into the catagories Type, LabelDetection, and ValueDetection</p>"
     },
     "ExpenseFieldList":{
       "type":"list",
@@ -842,6 +912,36 @@
       "documentation":"<p>A <code>ClientRequestToken</code> input parameter was reused with an operation, but at least one of the other input parameters is different from the previous call to the operation. </p>",
       "exception":true
     },
+    "IdentityDocument":{
+      "type":"structure",
+      "members":{
+        "DocumentIndex":{
+          "shape":"UInteger",
+          "documentation":"<p>Denotes the placement of a document in the IdentityDocument list. The first document is marked 1, the second 2 and so on.</p>"
+        },
+        "IdentityDocumentFields":{
+          "shape":"IdentityDocumentFieldList",
+          "documentation":"<p>The structure used to record information extracted from identity documents. Contains both normalized field and value of the extracted text.</p>"
+        }
+      },
+      "documentation":"<p>The structure that lists each document processed in an AnalyzeID operation.</p>"
+    },
+    "IdentityDocumentField":{
+      "type":"structure",
+      "members":{
+        "Type":{"shape":"AnalyzeIDDetections"},
+        "ValueDetection":{"shape":"AnalyzeIDDetections"}
+      },
+      "documentation":"<p>Structure containing both the normalized type of the extracted information and the text associated with it. These are extracted as Type and Value respectively.</p>"
+    },
+    "IdentityDocumentFieldList":{
+      "type":"list",
+      "member":{"shape":"IdentityDocumentField"}
+    },
+    "IdentityDocumentList":{
+      "type":"list",
+      "member":{"shape":"IdentityDocument"}
+    },
     "ImageBlob":{
       "type":"blob",
       "max":10485760,
@@ -957,6 +1057,20 @@
       "type":"string",
       "pattern":".*\\S.*"
     },
+    "NormalizedValue":{
+      "type":"structure",
+      "members":{
+        "Value":{
+          "shape":"String",
+          "documentation":"<p>The value of the date, written as Year-Month-DayTHour:Minute:Second.</p>"
+        },
+        "ValueType":{
+          "shape":"ValueType",
+          "documentation":"<p>The normalized type of the value detected. In this case, DATE.</p>"
+        }
+      },
+      "documentation":"<p>Contains information relating to dates in a document, including the type of value, and the value.</p>"
+    },
     "NotificationChannel":{
       "type":"structure",
       "required":[
@@ -1260,9 +1374,13 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>The format of the input document isn't supported. Documents for synchronous operations can be in PNG or JPEG format. Documents for asynchronous operations can also be in PDF format.</p>",
+      "documentation":"<p>The format of the input document isn't supported. Documents for synchronous operations can be in PNG or JPEG format only. Documents for asynchronous operations can be in PDF format.</p>",
       "exception":true
     },
+    "ValueType":{
+      "type":"string",
+      "enum":["DATE"]
+    },
     "Warning":{
       "type":"structure",
       "members":{
diff --git a/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/paginators-1.json b/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/paginators-1.json
index cff408061f7..c497694235f 100644
--- a/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/paginators-1.json
+++ b/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/paginators-1.json
@@ -10,6 +10,18 @@
       ],
       "output_token": "NextToken",
       "result_key": "Rows"
+    },
+    "ListScheduledQueries": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "ScheduledQueries"
+    },
+    "ListTagsForResource": {
+      "input_token": "NextToken",
+      "limit_key": "MaxResults",
+      "output_token": "NextToken",
+      "result_key": "Tags"
     }
   }
 }
diff --git a/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/service-2.json
index fd388619dca..1fb30ad5054 100644
--- a/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/timestream-query/2018-11-01/service-2.json
@@ -29,7 +29,47 @@
         {"shape":"ValidationException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p> Cancels a query that has been issued. Cancellation is guaranteed only if the query has not completed execution before the cancellation request was issued. Because cancellation is an idempotent operation, subsequent cancellation requests will return a <code>CancellationMessage</code>, indicating that the query has already been canceled. </p>",
+      "documentation":"<p> Cancels a query that has been issued. Cancellation is provided only if the query has not completed running before the cancellation request was issued. Because cancellation is an idempotent operation, subsequent cancellation requests will return a <code>CancellationMessage</code>, indicating that the query has already been canceled. See <a href=\"https://docs.aws.amazon.com/Timestream/latest/developerguide/code-samples.cancel-query.html\">code sample</a> for details. </p>",
+      "endpointdiscovery":{"required":true},
+      "idempotent":true
+    },
+    "CreateScheduledQuery":{
+      "name":"CreateScheduledQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateScheduledQueryRequest"},
+      "output":{"shape":"CreateScheduledQueryResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p> Create a scheduled query that will be run on your behalf at the configured schedule. Timestream assumes the execution role provided as part of the <code>ScheduledQueryExecutionRoleArn</code> parameter to run the query. You can use the <code>NotificationConfiguration</code> parameter to configure notification for your scheduled query operations.</p>",
+      "endpointdiscovery":{"required":true},
+      "idempotent":true
+    },
+    "DeleteScheduledQuery":{
+      "name":"DeleteScheduledQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteScheduledQueryRequest"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Deletes a given scheduled query. This is an irreversible operation. </p>",
       "endpointdiscovery":{"required":true},
       "idempotent":true
     },
@@ -46,9 +86,101 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>DescribeEndpoints returns a list of available endpoints to make Timestream API calls against. This API is available through both Write and Query.</p> <p>Because Timestream’s SDKs are designed to transparently work with the service’s architecture, including the management and mapping of the service endpoints, <i>it is not recommended that you use this API unless</i>:</p> <ul> <li> <p>Your application uses a programming language that does not yet have SDK support</p> </li> <li> <p>You require better control over the client-side implementation</p> </li> </ul> <p>For detailed information on how to use DescribeEndpoints, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/Using-API.endpoint-discovery.html\">The Endpoint Discovery Pattern and REST APIs</a>.</p>",
+      "documentation":"<p>DescribeEndpoints returns a list of available endpoints to make Timestream API calls against. This API is available through both Write and Query.</p> <p>Because the Timestream SDKs are designed to transparently work with the service’s architecture, including the management and mapping of the service endpoints, <i>it is not recommended that you use this API unless</i>:</p> <ul> <li> <p>You are using <a href=\"https://docs.aws.amazon.com/Timestream/latest/developerguide/VPCEndpoints\">VPC endpoints (Amazon Web Services PrivateLink) with Timestream </a> </p> </li> <li> <p>Your application uses a programming language that does not yet have SDK support</p> </li> <li> <p>You require better control over the client-side implementation</p> </li> </ul> <p>For detailed information on how and when to use and implement DescribeEndpoints, see <a href=\"https://docs.aws.amazon.com/Timestream/latest/developerguide/Using.API.html#Using-API.endpoint-discovery\">The Endpoint Discovery Pattern</a>.</p>",
       "endpointoperation":true
     },
+    "DescribeScheduledQuery":{
+      "name":"DescribeScheduledQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeScheduledQueryRequest"},
+      "output":{"shape":"DescribeScheduledQueryResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Provides detailed information about a scheduled query.</p>",
+      "endpointdiscovery":{"required":true}
+    },
+    "ExecuteScheduledQuery":{
+      "name":"ExecuteScheduledQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ExecuteScheduledQueryRequest"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p> You can use this API to run a scheduled query manually. </p>",
+      "endpointdiscovery":{"required":true},
+      "idempotent":true
+    },
+    "ListScheduledQueries":{
+      "name":"ListScheduledQueries",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListScheduledQueriesRequest"},
+      "output":{"shape":"ListScheduledQueriesResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Gets a list of all scheduled queries in the caller's Amazon account and Region. <code>ListScheduledQueries</code> is eventually consistent. </p>",
+      "endpointdiscovery":{"required":true}
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>List all tags on a Timestream query resource.</p>",
+      "endpointdiscovery":{"required":true}
+    },
+    "PrepareQuery":{
+      "name":"PrepareQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PrepareQueryRequest"},
+      "output":{"shape":"PrepareQueryResponse"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>A synchronous operation that allows you to submit a query with parameters to be stored by Timestream for later running. Timestream only supports using this operation with the <code>PrepareQueryRequest$ValidateOnly</code> set to <code>true</code>. </p>",
+      "endpointdiscovery":{"required":true},
+      "idempotent":true
+    },
     "Query":{
       "name":"Query",
       "http":{
@@ -66,9 +198,62 @@
         {"shape":"ValidationException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p> Query is a synchronous operation that enables you to execute a query. Query will timeout after 60 seconds. You must update the default timeout in the SDK to support a timeout of 60 seconds. The result set will be truncated to 1MB. Service quotas apply. For more information, see Quotas in the Timestream Developer Guide. </p>",
+      "documentation":"<p> <code>Query</code> is a synchronous operation that enables you to run a query against your Amazon Timestream data. <code>Query</code> will time out after 60 seconds. You must update the default timeout in the SDK to support a timeout of 60 seconds. See the <a href=\"https://docs.aws.amazon.com/Timestream/latest/developerguide/code-samples.run-query.html\">code sample</a> for details. </p> <p>Your query request will fail in the following cases:</p> <ul> <li> <p> If you submit a <code>Query</code> request with the same client token outside of the 5-minute idempotency window. </p> </li> <li> <p> If you submit a <code>Query</code> request with the same client token, but change other parameters, within the 5-minute idempotency window. </p> </li> <li> <p> If the size of the row (including the query metadata) exceeds 1 MB, then the query will fail with the following error message: </p> <p> <code>Query aborted as max page response size has been exceeded by the output result row</code> </p> </li> <li> <p> If the IAM principal of the query initiator and the result reader are not the same and/or the query initiator and the result reader do not have the same query string in the query requests, the query will fail with an <code>Invalid pagination token</code> error. </p> </li> </ul>",
       "endpointdiscovery":{"required":true},
       "idempotent":true
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Associate a set of tags with a Timestream resource. You can then activate these user-defined tags so that they appear on the Billing and Cost Management console for cost allocation tracking. </p>",
+      "endpointdiscovery":{"required":true}
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Removes the association of tags from a Timestream query resource.</p>",
+      "endpointdiscovery":{"required":true}
+    },
+    "UpdateScheduledQuery":{
+      "name":"UpdateScheduledQuery",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateScheduledQueryRequest"},
+      "errors":[
+        {"shape":"AccessDeniedException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"InvalidEndpointException"}
+      ],
+      "documentation":"<p>Update a scheduled query.</p>",
+      "endpointdiscovery":{"required":true}
     }
   },
   "shapes":{
@@ -81,13 +266,18 @@
       "exception":true,
       "synthetic":true
     },
+    "AmazonResourceName":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
     "CancelQueryRequest":{
       "type":"structure",
       "required":["QueryId"],
       "members":{
         "QueryId":{
           "shape":"QueryId",
-          "documentation":"<p> The id of the query that needs to be cancelled. <code>QueryID</code> is returned as part of QueryResult. </p>"
+          "documentation":"<p> The ID of the query that needs to be cancelled. <code>QueryID</code> is returned as part of the query result. </p>"
         }
       }
     },
@@ -106,6 +296,12 @@
       "min":32,
       "sensitive":true
     },
+    "ClientToken":{
+      "type":"string",
+      "max":128,
+      "min":32,
+      "sensitive":true
+    },
     "ColumnInfo":{
       "type":"structure",
       "required":["Type"],
@@ -116,10 +312,10 @@
         },
         "Type":{
           "shape":"Type",
-          "documentation":"<p> The data type of the result set column. The data type can be a scalar or complex. Scalar data types are integers, strings, doubles, booleans, and others. Complex data types are types such as arrays, rows, and others. </p>"
+          "documentation":"<p>The data type of the result set column. The data type can be a scalar or complex. Scalar data types are integers, strings, doubles, Booleans, and others. Complex data types are types such as arrays, rows, and others. </p>"
         }
       },
-      "documentation":"<p> Contains the meta data for query results such as the column names, data types, and other attributes. </p>"
+      "documentation":"<p> Contains the metadata for query results such as the column names, data types, and other attributes. </p>"
     },
     "ColumnInfoList":{
       "type":"list",
@@ -133,16 +329,80 @@
       "documentation":"<p> Unable to poll results for a cancelled query. </p>",
       "exception":true
     },
+    "CreateScheduledQueryRequest":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "QueryString",
+        "ScheduleConfiguration",
+        "NotificationConfiguration",
+        "ScheduledQueryExecutionRoleArn",
+        "ErrorReportConfiguration"
+      ],
+      "members":{
+        "Name":{
+          "shape":"ScheduledQueryName",
+          "documentation":"<p>Name of the scheduled query.</p>"
+        },
+        "QueryString":{
+          "shape":"QueryString",
+          "documentation":"<p>The query string to run. Parameter names can be specified in the query string <code>@</code> character followed by an identifier. The named Parameter <code>@scheduled_runtime</code> is reserved and can be used in the query to get the time at which the query is scheduled to run.</p> <p>The timestamp calculated according to the ScheduleConfiguration parameter, will be the value of <code>@scheduled_runtime</code> paramater for each query run. For example, consider an instance of a scheduled query executing on 2021-12-01 00:00:00. For this instance, the <code>@scheduled_runtime</code> parameter is initialized to the timestamp 2021-12-01 00:00:00 when invoking the query.</p>"
+        },
+        "ScheduleConfiguration":{
+          "shape":"ScheduleConfiguration",
+          "documentation":"<p>The schedule configuration for the query.</p>"
+        },
+        "NotificationConfiguration":{
+          "shape":"NotificationConfiguration",
+          "documentation":"<p>Notification configuration for the scheduled query. A notification is sent by Timestream when a query run finishes, when the state is updated or when you delete it. </p>"
+        },
+        "TargetConfiguration":{
+          "shape":"TargetConfiguration",
+          "documentation":"<p>Configuration used for writing the result of a query.</p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Using a ClientToken makes the call to CreateScheduledQuery idempotent, in other words, making the same request repeatedly will produce the same result. Making multiple identical CreateScheduledQuery requests has the same effect as making a single request. </p> <ul> <li> <p> If CreateScheduledQuery is called without a <code>ClientToken</code>, the Query SDK generates a <code>ClientToken</code> on your behalf.</p> </li> <li> <p> After 8 hours, any request with the same <code>ClientToken</code> is treated as a new request. </p> </li> </ul>",
+          "idempotencyToken":true
+        },
+        "ScheduledQueryExecutionRoleArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The ARN for the IAM role that Timestream will assume when running the scheduled query. </p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>A list of key-value pairs to label the scheduled query.</p>"
+        },
+        "KmsKeyId":{
+          "shape":"StringValue2048",
+          "documentation":"<p>The Amazon KMS key used to encrypt the scheduled query resource, at-rest. If the Amazon KMS key is not specified, the scheduled query resource will be encrypted with a Timestream owned Amazon KMS key. To specify a KMS key, use the key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix the name with <i>alias/</i> </p> <p>If ErrorReportConfiguration uses <code>SSE_KMS</code> as encryption type, the same KmsKeyId is used to encrypt the error report at rest.</p>"
+        },
+        "ErrorReportConfiguration":{
+          "shape":"ErrorReportConfiguration",
+          "documentation":"<p>Configuration for error reporting. Error reports will be generated when a problem is encountered when writing the query results. </p>"
+        }
+      }
+    },
+    "CreateScheduledQueryResponse":{
+      "type":"structure",
+      "required":["Arn"],
+      "members":{
+        "Arn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>ARN for the created scheduled query.</p>"
+        }
+      }
+    },
     "Datum":{
       "type":"structure",
       "members":{
         "ScalarValue":{
           "shape":"ScalarValue",
-          "documentation":"<p> Indicates if the data point is a scalar value such as integer, string, double, or boolean. </p>"
+          "documentation":"<p> Indicates if the data point is a scalar value such as integer, string, double, or Boolean. </p>"
         },
         "TimeSeriesValue":{
           "shape":"TimeSeriesDataPointList",
-          "documentation":"<p> Indicates if the data point is of timeseries data type. </p>"
+          "documentation":"<p> Indicates if the data point is a timeseries data type. </p>"
         },
         "ArrayValue":{
           "shape":"DatumList",
@@ -163,6 +423,16 @@
       "type":"list",
       "member":{"shape":"Datum"}
     },
+    "DeleteScheduledQueryRequest":{
+      "type":"structure",
+      "required":["ScheduledQueryArn"],
+      "members":{
+        "ScheduledQueryArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The ARN of the scheduled query. </p>"
+        }
+      }
+    },
     "DescribeEndpointsRequest":{
       "type":"structure",
       "members":{
@@ -178,6 +448,52 @@
         }
       }
     },
+    "DescribeScheduledQueryRequest":{
+      "type":"structure",
+      "required":["ScheduledQueryArn"],
+      "members":{
+        "ScheduledQueryArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The ARN of the scheduled query.</p>"
+        }
+      }
+    },
+    "DescribeScheduledQueryResponse":{
+      "type":"structure",
+      "required":["ScheduledQuery"],
+      "members":{
+        "ScheduledQuery":{
+          "shape":"ScheduledQueryDescription",
+          "documentation":"<p>The scheduled query.</p>"
+        }
+      }
+    },
+    "DimensionMapping":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "DimensionValueType"
+      ],
+      "members":{
+        "Name":{
+          "shape":"SchemaName",
+          "documentation":"<p>Column name from query result.</p>"
+        },
+        "DimensionValueType":{
+          "shape":"DimensionValueType",
+          "documentation":"<p>Type for the dimension. </p>"
+        }
+      },
+      "documentation":"<p>This type is used to map column(s) from the query result to a dimension in the destination table.</p>"
+    },
+    "DimensionMappingList":{
+      "type":"list",
+      "member":{"shape":"DimensionMapping"}
+    },
+    "DimensionValueType":{
+      "type":"string",
+      "enum":["VARCHAR"]
+    },
     "Double":{"type":"double"},
     "Endpoint":{
       "type":"structure",
@@ -195,13 +511,82 @@
           "documentation":"<p>The TTL for the endpoint, in minutes.</p>"
         }
       },
-      "documentation":"<p>Represents an available endpoint against which to make API calls agaisnt, as well as the TTL for that endpoint.</p>"
+      "documentation":"<p>Represents an available endpoint against which to make API calls against, as well as the TTL for that endpoint.</p>"
     },
     "Endpoints":{
       "type":"list",
       "member":{"shape":"Endpoint"}
     },
     "ErrorMessage":{"type":"string"},
+    "ErrorReportConfiguration":{
+      "type":"structure",
+      "required":["S3Configuration"],
+      "members":{
+        "S3Configuration":{
+          "shape":"S3Configuration",
+          "documentation":"<p>The S3 configuration for the error reports.</p>"
+        }
+      },
+      "documentation":"<p>Configuration required for error reporting.</p>"
+    },
+    "ErrorReportLocation":{
+      "type":"structure",
+      "members":{
+        "S3ReportLocation":{
+          "shape":"S3ReportLocation",
+          "documentation":"<p>The S3 location where error reports are written.</p>"
+        }
+      },
+      "documentation":"<p>This contains the location of the error report for a single scheduled query call. </p>"
+    },
+    "ExecuteScheduledQueryRequest":{
+      "type":"structure",
+      "required":[
+        "ScheduledQueryArn",
+        "InvocationTime"
+      ],
+      "members":{
+        "ScheduledQueryArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>ARN of the scheduled query.</p>"
+        },
+        "InvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>The timestamp in UTC. Query will be run as if it was invoked at this timestamp. </p>"
+        },
+        "ClientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>Not used. </p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "ExecutionStats":{
+      "type":"structure",
+      "members":{
+        "ExecutionTimeInMillis":{
+          "shape":"Long",
+          "documentation":"<p>Total time, measured in milliseconds, that was needed for the scheduled query run to complete.</p>"
+        },
+        "DataWrites":{
+          "shape":"Long",
+          "documentation":"<p>Data writes metered for records ingested in a single scheduled query run.</p>"
+        },
+        "BytesMetered":{
+          "shape":"Long",
+          "documentation":"<p>Bytes metered for a single scheduled query run.</p>"
+        },
+        "RecordsIngested":{
+          "shape":"Long",
+          "documentation":"<p>The number of records ingested for a single scheduled query run. </p>"
+        },
+        "QueryResultRows":{
+          "shape":"Long",
+          "documentation":"<p>Number of rows present in the output from running a query before ingestion to destination data source.</p>"
+        }
+      },
+      "documentation":"<p>Statistics for a single scheduled query run.</p>"
+    },
     "InternalServerException":{
       "type":"structure",
       "members":{
@@ -215,9 +600,68 @@
       "members":{
         "Message":{"shape":"ErrorMessage"}
       },
-      "documentation":"<p>The requested endpoint was invalid.</p>",
+      "documentation":"<p>The requested endpoint was not valid.</p>",
       "exception":true
     },
+    "ListScheduledQueriesRequest":{
+      "type":"structure",
+      "members":{
+        "MaxResults":{
+          "shape":"MaxScheduledQueriesResults",
+          "documentation":"<p>The maximum number of items to return in the output. If the total number of items available is more than the value specified, a <code>NextToken</code> is provided in the output. To resume pagination, provide the <code>NextToken</code> value as the argument to the subsequent call to <code>ListScheduledQueriesRequest</code>.</p>"
+        },
+        "NextToken":{
+          "shape":"NextScheduledQueriesResultsToken",
+          "documentation":"<p> A pagination token to resume pagination.</p>"
+        }
+      }
+    },
+    "ListScheduledQueriesResponse":{
+      "type":"structure",
+      "required":["ScheduledQueries"],
+      "members":{
+        "ScheduledQueries":{
+          "shape":"ScheduledQueryList",
+          "documentation":"<p>A list of scheduled queries.</p>"
+        },
+        "NextToken":{
+          "shape":"NextScheduledQueriesResultsToken",
+          "documentation":"<p>A token to specify where to start paginating. This is the NextToken from a previously truncated response.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["ResourceARN"],
+      "members":{
+        "ResourceARN":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The Timestream resource with tags to be listed. This value is an Amazon Resource Name (ARN).</p>"
+        },
+        "MaxResults":{
+          "shape":"MaxTagsForResourceResult",
+          "documentation":"<p>The maximum number of tags to return.</p>"
+        },
+        "NextToken":{
+          "shape":"NextTagsForResourceResultsToken",
+          "documentation":"<p>A pagination token to resume pagination.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "required":["Tags"],
+      "members":{
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags currently associated with the Timestream resource. </p>"
+        },
+        "NextToken":{
+          "shape":"NextTagsForResourceResultsToken",
+          "documentation":"<p>A pagination token to resume pagination with a subsequent call to <code>ListTagsForResourceResponse</code>.</p>"
+        }
+      }
+    },
     "Long":{"type":"long"},
     "MaxQueryResults":{
       "type":"integer",
@@ -225,10 +669,179 @@
       "max":1000,
       "min":1
     },
+    "MaxScheduledQueriesResults":{
+      "type":"integer",
+      "box":true,
+      "max":1000,
+      "min":1
+    },
+    "MaxTagsForResourceResult":{
+      "type":"integer",
+      "box":true,
+      "max":200,
+      "min":1
+    },
+    "MeasureValueType":{
+      "type":"string",
+      "enum":[
+        "BIGINT",
+        "BOOLEAN",
+        "DOUBLE",
+        "VARCHAR",
+        "MULTI"
+      ]
+    },
+    "MixedMeasureMapping":{
+      "type":"structure",
+      "required":["MeasureValueType"],
+      "members":{
+        "MeasureName":{
+          "shape":"SchemaName",
+          "documentation":"<p>Refers to the value of measure_name in a result row. This field is required if MeasureNameColumn is provided.</p>"
+        },
+        "SourceColumn":{
+          "shape":"SchemaName",
+          "documentation":"<p>This field refers to the source column from which measure-value is to be read for result materialization.</p>"
+        },
+        "TargetMeasureName":{
+          "shape":"SchemaName",
+          "documentation":"<p>Target measure name to be used. If not provided, the target measure name by default would be measure-name if provided, or sourceColumn otherwise. </p>"
+        },
+        "MeasureValueType":{
+          "shape":"MeasureValueType",
+          "documentation":"<p>Type of the value that is to be read from sourceColumn. If the mapping is for MULTI, use MeasureValueType.MULTI.</p>"
+        },
+        "MultiMeasureAttributeMappings":{
+          "shape":"MultiMeasureAttributeMappingList",
+          "documentation":"<p>Required when measureValueType is MULTI. Attribute mappings for MULTI value measures.</p>"
+        }
+      },
+      "documentation":"<p>MixedMeasureMappings are mappings that can be used to ingest data into a mixture of narrow and multi measures in the derived table.</p>"
+    },
+    "MixedMeasureMappingList":{
+      "type":"list",
+      "member":{"shape":"MixedMeasureMapping"},
+      "min":1
+    },
+    "MultiMeasureAttributeMapping":{
+      "type":"structure",
+      "required":[
+        "SourceColumn",
+        "MeasureValueType"
+      ],
+      "members":{
+        "SourceColumn":{
+          "shape":"SchemaName",
+          "documentation":"<p>Source column from where the attribute value is to be read.</p>"
+        },
+        "TargetMultiMeasureAttributeName":{
+          "shape":"SchemaName",
+          "documentation":"<p>Custom name to be used for attribute name in derived table. If not provided, source column name would be used.</p>"
+        },
+        "MeasureValueType":{
+          "shape":"ScalarMeasureValueType",
+          "documentation":"<p>Type of the attribute to be read from the source column.</p>"
+        }
+      },
+      "documentation":"<p>Attribute mapping for MULTI value measures.</p>"
+    },
+    "MultiMeasureAttributeMappingList":{
+      "type":"list",
+      "member":{"shape":"MultiMeasureAttributeMapping"},
+      "min":1
+    },
+    "MultiMeasureMappings":{
+      "type":"structure",
+      "required":["MultiMeasureAttributeMappings"],
+      "members":{
+        "TargetMultiMeasureName":{
+          "shape":"SchemaName",
+          "documentation":"<p>The name of the target multi-measure name in the derived table. This input is required when measureNameColumn is not provided. If MeasureNameColumn is provided, then value from that column will be used as multi-measure name.</p>"
+        },
+        "MultiMeasureAttributeMappings":{
+          "shape":"MultiMeasureAttributeMappingList",
+          "documentation":"<p>Required. Attribute mappings to be used for mapping query results to ingest data for multi-measure attributes.</p>"
+        }
+      },
+      "documentation":"<p>Only one of MixedMeasureMappings or MultiMeasureMappings is to be provided. MultiMeasureMappings can be used to ingest data as multi measures in the derived table.</p>"
+    },
+    "NextScheduledQueriesResultsToken":{"type":"string"},
+    "NextTagsForResourceResultsToken":{"type":"string"},
+    "NotificationConfiguration":{
+      "type":"structure",
+      "required":["SnsConfiguration"],
+      "members":{
+        "SnsConfiguration":{
+          "shape":"SnsConfiguration",
+          "documentation":"<p>Details on SNS configuration. </p>"
+        }
+      },
+      "documentation":"<p>Notification configuration for a scheduled query. A notification is sent by Timestream when a scheduled query is created, its state is updated or when it is deleted. </p>"
+    },
     "NullableBoolean":{
       "type":"boolean",
       "box":true
     },
+    "PaginationToken":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
+    "ParameterMapping":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Type"
+      ],
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Parameter name.</p>"
+        },
+        "Type":{"shape":"Type"}
+      },
+      "documentation":"<p>Mapping for named parameters.</p>"
+    },
+    "ParameterMappingList":{
+      "type":"list",
+      "member":{"shape":"ParameterMapping"}
+    },
+    "PrepareQueryRequest":{
+      "type":"structure",
+      "required":["QueryString"],
+      "members":{
+        "QueryString":{
+          "shape":"QueryString",
+          "documentation":"<p>The Timestream query string that you want to use as a prepared statement. Parameter names can be specified in the query string <code>@</code> character followed by an identifier. </p>"
+        },
+        "ValidateOnly":{
+          "shape":"NullableBoolean",
+          "documentation":"<p>By setting this value to <code>true</code>, Timestream will only validate that the query string is a valid Timestream query, and not store the prepared query for later use.</p>"
+        }
+      }
+    },
+    "PrepareQueryResponse":{
+      "type":"structure",
+      "required":[
+        "QueryString",
+        "Columns",
+        "Parameters"
+      ],
+      "members":{
+        "QueryString":{
+          "shape":"QueryString",
+          "documentation":"<p>The query string that you want prepare.</p>"
+        },
+        "Columns":{
+          "shape":"SelectColumnList",
+          "documentation":"<p>A list of SELECT clause columns of the submitted query string. </p>"
+        },
+        "Parameters":{
+          "shape":"ParameterMappingList",
+          "documentation":"<p>A list of parameters used in the submitted query string. </p>"
+        }
+      }
+    },
     "QueryExecutionException":{
       "type":"structure",
       "members":{
@@ -249,20 +862,20 @@
       "members":{
         "QueryString":{
           "shape":"QueryString",
-          "documentation":"<p> The query to be executed by Timestream. </p>"
+          "documentation":"<p> The query to be run by Timestream. </p>"
         },
         "ClientToken":{
           "shape":"ClientRequestToken",
-          "documentation":"<p> Unique, case-sensitive string of up to 64 ASCII characters that you specify when you make a Query request. Providing a <code>ClientToken</code> makes the call to <code>Query</code> idempotent, meaning that multiple identical calls have the same effect as one single call. </p> <p>Your query request will fail in the following cases:</p> <ul> <li> <p> If you submit a request with the same client token outside the 5-minute idepotency window. </p> </li> <li> <p> If you submit a request with the same client token but a change in other parameters within the 5-minute idempotency window. </p> </li> </ul> <p> After 4 hours, any request with the same client token is treated as a new request. </p>",
+          "documentation":"<p> Unique, case-sensitive string of up to 64 ASCII characters specified when a <code>Query</code> request is made. Providing a <code>ClientToken</code> makes the call to <code>Query</code> <i>idempotent</i>. This means that running the same query repeatedly will produce the same result. In other words, making multiple identical <code>Query</code> requests has the same effect as making a single request. When using <code>ClientToken</code> in a query, note the following: </p> <ul> <li> <p> If the Query API is instantiated without a <code>ClientToken</code>, the Query SDK generates a <code>ClientToken</code> on your behalf.</p> </li> <li> <p>If the <code>Query</code> invocation only contains the <code>ClientToken</code> but does not include a <code>NextToken</code>, that invocation of <code>Query</code> is assumed to be a new query run.</p> </li> <li> <p>If the invocation contains <code>NextToken</code>, that particular invocation is assumed to be a subsequent invocation of a prior call to the Query API, and a result set is returned.</p> </li> <li> <p> After 4 hours, any request with the same <code>ClientToken</code> is treated as a new request. </p> </li> </ul>",
           "idempotencyToken":true
         },
         "NextToken":{
-          "shape":"String",
-          "documentation":"<p> A pagination token passed to get a set of results. </p>"
+          "shape":"PaginationToken",
+          "documentation":"<p> A pagination token used to return a set of results. When the <code>Query</code> API is invoked using <code>NextToken</code>, that particular invocation is assumed to be a subsequent invocation of a prior call to <code>Query</code>, and a result set is returned. However, if the <code>Query</code> invocation only contains the <code>ClientToken</code>, that invocation of <code>Query</code> is assumed to be a new query run. </p> <p>Note the following when using NextToken in a query:</p> <ul> <li> <p>A pagination token can be used for up to five <code>Query</code> invocations, OR for a duration of up to 1 hour – whichever comes first.</p> </li> <li> <p>Using the same <code>NextToken</code> will return the same set of records. To keep paginating through the result set, you must to use the most recent <code>nextToken</code>.</p> </li> <li> <p>Suppose a <code>Query</code> invocation returns two <code>NextToken</code> values, <code>TokenA</code> and <code>TokenB</code>. If <code>TokenB</code> is used in a subsequent <code>Query</code> invocation, then <code>TokenA</code> is invalidated and cannot be reused.</p> </li> <li> <p>To request a previous result set from a query after pagination has begun, you must re-invoke the Query API.</p> </li> <li> <p>The latest <code>NextToken</code> should be used to paginate until <code>null</code> is returned, at which point a new <code>NextToken</code> should be used.</p> </li> <li> <p> If the IAM principal of the query initiator and the result reader are not the same and/or the query initiator and the result reader do not have the same query string in the query requests, the query will fail with an <code>Invalid pagination token</code> error. </p> </li> </ul>"
         },
         "MaxRows":{
           "shape":"MaxQueryResults",
-          "documentation":"<p> The total number of rows to return in the output. If the total number of rows available is more than the value specified, a NextToken is provided in the command's output. To resume pagination, provide the NextToken value in the starting-token argument of a subsequent command. </p>"
+          "documentation":"<p> The total number of rows to be returned in the <code>Query</code> output. The initial run of <code>Query</code> with a <code>MaxRows</code> value specified will return the result set of the query in two cases: </p> <ul> <li> <p>The size of the result is less than <code>1MB</code>.</p> </li> <li> <p>The number of rows in the result set is less than the value of <code>maxRows</code>.</p> </li> </ul> <p>Otherwise, the initial invocation of <code>Query</code> only returns a <code>NextToken</code>, which can then be used in subsequent calls to fetch the result set. To resume pagination, provide the <code>NextToken</code> value in the subsequent command.</p> <p>If the row size is large (e.g. a row has many columns), Timestream may return fewer rows to keep the response size from exceeding the 1 MB limit. If <code>MaxRows</code> is not provided, Timestream will send the necessary number of rows to meet the 1 MB limit.</p>"
         }
       }
     },
@@ -279,7 +892,7 @@
           "documentation":"<p> A unique ID for the given query. </p>"
         },
         "NextToken":{
-          "shape":"String",
+          "shape":"PaginationToken",
           "documentation":"<p> A pagination token that can be used again on a <code>Query</code> call to get the next set of results. </p>"
         },
         "Rows":{
@@ -292,7 +905,7 @@
         },
         "QueryStatus":{
           "shape":"QueryStatus",
-          "documentation":"<p>Information about the status of the query, including progress and bytes scannned.</p>"
+          "documentation":"<p>Information about the status of the query, including progress and bytes scanned.</p>"
         }
       }
     },
@@ -309,15 +922,30 @@
         },
         "CumulativeBytesMetered":{
           "shape":"Long",
-          "documentation":"<p>The amount of data scanned by the query in bytes that you will be charged for. This is a cumulative sum and represents the total amount of data that you will be charged for since the query was started. The charge is applied only once and is either applied when the query completes execution or when the query is cancelled. </p>"
+          "documentation":"<p>The amount of data scanned by the query in bytes that you will be charged for. This is a cumulative sum and represents the total amount of data that you will be charged for since the query was started. The charge is applied only once and is either applied when the query completes running or when the query is cancelled. </p>"
         }
       },
-      "documentation":"<p>Information about the status of the query, including progress and bytes scannned.</p>"
+      "documentation":"<p>Information about the status of the query, including progress and bytes scanned.</p>"
     },
     "QueryString":{
       "type":"string",
+      "max":262144,
+      "min":1,
       "sensitive":true
     },
+    "ResourceName":{"type":"string"},
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"},
+        "ScheduledQueryArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The ARN of the scheduled query.</p>"
+        }
+      },
+      "documentation":"<p>The requested resource could not be found.</p>",
+      "exception":true
+    },
     "Row":{
       "type":"structure",
       "required":["Data"],
@@ -333,6 +961,68 @@
       "type":"list",
       "member":{"shape":"Row"}
     },
+    "S3BucketName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]"
+    },
+    "S3Configuration":{
+      "type":"structure",
+      "required":["BucketName"],
+      "members":{
+        "BucketName":{
+          "shape":"S3BucketName",
+          "documentation":"<p> Name of the S3 bucket under which error reports will be created.</p>"
+        },
+        "ObjectKeyPrefix":{
+          "shape":"S3ObjectKeyPrefix",
+          "documentation":"<p> Prefix for the error report key. Timestream by default adds the following prefix to the error report path. </p>"
+        },
+        "EncryptionOption":{
+          "shape":"S3EncryptionOption",
+          "documentation":"<p> Encryption at rest options for the error reports. If no encryption option is specified, Timestream will choose SSE_S3 as default. </p>"
+        }
+      },
+      "documentation":"<p>Details on S3 location for error reports that result from running a query. </p>"
+    },
+    "S3EncryptionOption":{
+      "type":"string",
+      "enum":[
+        "SSE_S3",
+        "SSE_KMS"
+      ]
+    },
+    "S3ObjectKey":{"type":"string"},
+    "S3ObjectKeyPrefix":{
+      "type":"string",
+      "max":896,
+      "min":1,
+      "pattern":"[a-zA-Z0-9|!\\-_*'\\(\\)]([a-zA-Z0-9]|[!\\-_*'\\(\\)\\/.])+"
+    },
+    "S3ReportLocation":{
+      "type":"structure",
+      "members":{
+        "BucketName":{
+          "shape":"S3BucketName",
+          "documentation":"<p> S3 bucket name. </p>"
+        },
+        "ObjectKey":{
+          "shape":"S3ObjectKey",
+          "documentation":"<p>S3 key. </p>"
+        }
+      },
+      "documentation":"<p> S3 report location for the scheduled query run.</p>"
+    },
+    "ScalarMeasureValueType":{
+      "type":"string",
+      "enum":[
+        "BIGINT",
+        "BOOLEAN",
+        "DOUBLE",
+        "VARCHAR"
+      ]
+    },
     "ScalarType":{
       "type":"string",
       "enum":[
@@ -350,8 +1040,340 @@
       ]
     },
     "ScalarValue":{"type":"string"},
+    "ScheduleConfiguration":{
+      "type":"structure",
+      "required":["ScheduleExpression"],
+      "members":{
+        "ScheduleExpression":{
+          "shape":"ScheduleExpression",
+          "documentation":"<p>An expression that denotes when to trigger the scheduled query run. This can be a cron expression or a rate expression. </p>"
+        }
+      },
+      "documentation":"<p>Configuration of the schedule of the query.</p>"
+    },
+    "ScheduleExpression":{
+      "type":"string",
+      "max":256,
+      "min":1
+    },
+    "ScheduledQuery":{
+      "type":"structure",
+      "required":[
+        "Arn",
+        "Name",
+        "State"
+      ],
+      "members":{
+        "Arn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The Amazon Resource Name.</p>"
+        },
+        "Name":{
+          "shape":"ScheduledQueryName",
+          "documentation":"<p>The name of the scheduled query.</p>"
+        },
+        "CreationTime":{
+          "shape":"Time",
+          "documentation":"<p>The creation time of the scheduled query.</p>"
+        },
+        "State":{
+          "shape":"ScheduledQueryState",
+          "documentation":"<p>State of scheduled query. </p>"
+        },
+        "PreviousInvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>The last time the scheduled query was run.</p>"
+        },
+        "NextInvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>The next time the scheduled query is to be run.</p>"
+        },
+        "ErrorReportConfiguration":{
+          "shape":"ErrorReportConfiguration",
+          "documentation":"<p>Configuration for scheduled query error reporting.</p>"
+        },
+        "TargetDestination":{
+          "shape":"TargetDestination",
+          "documentation":"<p>Target data source where final scheduled query result will be written.</p>"
+        },
+        "LastRunStatus":{
+          "shape":"ScheduledQueryRunStatus",
+          "documentation":"<p>Status of the last scheduled query run.</p>"
+        }
+      },
+      "documentation":"<p>Scheduled Query</p>"
+    },
+    "ScheduledQueryDescription":{
+      "type":"structure",
+      "required":[
+        "Arn",
+        "Name",
+        "QueryString",
+        "State",
+        "ScheduleConfiguration",
+        "NotificationConfiguration"
+      ],
+      "members":{
+        "Arn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>Scheduled query ARN.</p>"
+        },
+        "Name":{
+          "shape":"ScheduledQueryName",
+          "documentation":"<p>Name of the scheduled query.</p>"
+        },
+        "QueryString":{
+          "shape":"QueryString",
+          "documentation":"<p>The query to be run.</p>"
+        },
+        "CreationTime":{
+          "shape":"Time",
+          "documentation":"<p>Creation time of the scheduled query.</p>"
+        },
+        "State":{
+          "shape":"ScheduledQueryState",
+          "documentation":"<p>State of the scheduled query. </p>"
+        },
+        "PreviousInvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>Last time the query was run.</p>"
+        },
+        "NextInvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>The next time the scheduled query is scheduled to run.</p>"
+        },
+        "ScheduleConfiguration":{
+          "shape":"ScheduleConfiguration",
+          "documentation":"<p>Schedule configuration.</p>"
+        },
+        "NotificationConfiguration":{
+          "shape":"NotificationConfiguration",
+          "documentation":"<p>Notification configuration.</p>"
+        },
+        "TargetConfiguration":{
+          "shape":"TargetConfiguration",
+          "documentation":"<p>Scheduled query target store configuration.</p>"
+        },
+        "ScheduledQueryExecutionRoleArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>IAM role that Timestream uses to run the schedule query.</p>"
+        },
+        "KmsKeyId":{
+          "shape":"StringValue2048",
+          "documentation":"<p>A customer provided KMS key used to encrypt the scheduled query resource.</p>"
+        },
+        "ErrorReportConfiguration":{
+          "shape":"ErrorReportConfiguration",
+          "documentation":"<p>Error-reporting configuration for the scheduled query.</p>"
+        },
+        "LastRunSummary":{
+          "shape":"ScheduledQueryRunSummary",
+          "documentation":"<p>Runtime summary for the last scheduled query run. </p>"
+        },
+        "RecentlyFailedRuns":{
+          "shape":"ScheduledQueryRunSummaryList",
+          "documentation":"<p>Runtime summary for the last five failed scheduled query runs.</p>"
+        }
+      },
+      "documentation":"<p>Structure that describes scheduled query.</p>"
+    },
+    "ScheduledQueryList":{
+      "type":"list",
+      "member":{"shape":"ScheduledQuery"}
+    },
+    "ScheduledQueryName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"[a-zA-Z0-9_.-]+"
+    },
+    "ScheduledQueryRunStatus":{
+      "type":"string",
+      "enum":[
+        "AUTO_TRIGGER_SUCCESS",
+        "AUTO_TRIGGER_FAILURE",
+        "MANUAL_TRIGGER_SUCCESS",
+        "MANUAL_TRIGGER_FAILURE"
+      ]
+    },
+    "ScheduledQueryRunSummary":{
+      "type":"structure",
+      "members":{
+        "InvocationTime":{
+          "shape":"Time",
+          "documentation":"<p>InvocationTime for this run. This is the time at which the query is scheduled to run. Parameter <code>@scheduled_runtime</code> can be used in the query to get the value. </p>"
+        },
+        "TriggerTime":{
+          "shape":"Time",
+          "documentation":"<p>The actual time when the query was run.</p>"
+        },
+        "RunStatus":{
+          "shape":"ScheduledQueryRunStatus",
+          "documentation":"<p>The status of a scheduled query run.</p>"
+        },
+        "ExecutionStats":{
+          "shape":"ExecutionStats",
+          "documentation":"<p>Runtime statistics for a scheduled run.</p>"
+        },
+        "ErrorReportLocation":{
+          "shape":"ErrorReportLocation",
+          "documentation":"<p>S3 location for error report.</p>"
+        },
+        "FailureReason":{
+          "shape":"ErrorMessage",
+          "documentation":"<p>Error message for the scheduled query in case of failure. You might have to look at the error report to get more detailed error reasons. </p>"
+        }
+      },
+      "documentation":"<p>Run summary for the scheduled query</p>"
+    },
+    "ScheduledQueryRunSummaryList":{
+      "type":"list",
+      "member":{"shape":"ScheduledQueryRunSummary"}
+    },
+    "ScheduledQueryState":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
+    "SchemaName":{"type":"string"},
+    "SelectColumn":{
+      "type":"structure",
+      "members":{
+        "Name":{
+          "shape":"String",
+          "documentation":"<p>Name of the column.</p>"
+        },
+        "Type":{"shape":"Type"},
+        "DatabaseName":{
+          "shape":"ResourceName",
+          "documentation":"<p> Database that has this column.</p>"
+        },
+        "TableName":{
+          "shape":"ResourceName",
+          "documentation":"<p>Table within the database that has this column. </p>"
+        },
+        "Aliased":{
+          "shape":"NullableBoolean",
+          "documentation":"<p>True, if the column name was aliased by the query. False otherwise.</p>"
+        }
+      },
+      "documentation":"<p>Details of the column that is returned by the query. </p>"
+    },
+    "SelectColumnList":{
+      "type":"list",
+      "member":{"shape":"SelectColumn"}
+    },
     "ServiceErrorMessage":{"type":"string"},
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>You have exceeded the service quota.</p>",
+      "exception":true
+    },
+    "SnsConfiguration":{
+      "type":"structure",
+      "required":["TopicArn"],
+      "members":{
+        "TopicArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>SNS topic ARN that the scheduled query status notifications will be sent to.</p>"
+        }
+      },
+      "documentation":"<p>Details on SNS that are required to send the notification.</p>"
+    },
     "String":{"type":"string"},
+    "StringValue2048":{
+      "type":"string",
+      "max":2048,
+      "min":1
+    },
+    "Tag":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"TagKey",
+          "documentation":"<p>The key of the tag. Tag keys are case sensitive. </p>"
+        },
+        "Value":{
+          "shape":"TagValue",
+          "documentation":"<p>The value of the tag. Tag values are case sensitive and can be null. </p>"
+        }
+      },
+      "documentation":"<p>A tag is a label that you assign to a Timestream database and/or table. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize databases and/or tables, for example, by purpose, owner, or environment. </p>"
+    },
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":200,
+      "min":0
+    },
+    "TagList":{
+      "type":"list",
+      "member":{"shape":"Tag"},
+      "max":200,
+      "min":0
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceARN",
+        "Tags"
+      ],
+      "members":{
+        "ResourceARN":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>Identifies the Timestream resource to which tags should be added. This value is an Amazon Resource Name (ARN).</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to be assigned to the Timestream resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0
+    },
+    "TargetConfiguration":{
+      "type":"structure",
+      "required":["TimestreamConfiguration"],
+      "members":{
+        "TimestreamConfiguration":{
+          "shape":"TimestreamConfiguration",
+          "documentation":"<p>Configuration needed to write data into the Timestream database and table.</p>"
+        }
+      },
+      "documentation":"<p>Configuration used for writing the output of a query.</p>"
+    },
+    "TargetDestination":{
+      "type":"structure",
+      "members":{
+        "TimestreamDestination":{
+          "shape":"TimestreamDestination",
+          "documentation":"<p>Query result destination details for Timestream data source.</p>"
+        }
+      },
+      "documentation":"<p>Destination details to write data for a target data source. Current supported data source is Timestream.</p>"
+    },
     "ThrottlingException":{
       "type":"structure",
       "members":{
@@ -360,6 +1382,7 @@
       "documentation":"<p>The request was denied due to request throttling.</p>",
       "exception":true
     },
+    "Time":{"type":"timestamp"},
     "TimeSeriesDataPoint":{
       "type":"structure",
       "required":[
@@ -376,19 +1399,73 @@
           "documentation":"<p>The measure value for the data point.</p>"
         }
       },
-      "documentation":"<p>The timeseries datatype represents the values of a measure over time. A time series is an array of rows of timestamps and measure values, with rows sorted in ascending order of time. A TimeSeriesDataPoint is a single data point in the timeseries. It represents a tuple of (time, measure value) in a timeseries. </p>"
+      "documentation":"<p>The timeseries data type represents the values of a measure over time. A time series is an array of rows of timestamps and measure values, with rows sorted in ascending order of time. A TimeSeriesDataPoint is a single data point in the time series. It represents a tuple of (time, measure value) in a time series. </p>"
     },
     "TimeSeriesDataPointList":{
       "type":"list",
       "member":{"shape":"TimeSeriesDataPoint"}
     },
     "Timestamp":{"type":"string"},
+    "TimestreamConfiguration":{
+      "type":"structure",
+      "required":[
+        "DatabaseName",
+        "TableName",
+        "TimeColumn",
+        "DimensionMappings"
+      ],
+      "members":{
+        "DatabaseName":{
+          "shape":"ResourceName",
+          "documentation":"<p>Name of Timestream database to which the query result will be written.</p>"
+        },
+        "TableName":{
+          "shape":"ResourceName",
+          "documentation":"<p>Name of Timestream table that the query result will be written to. The table should be within the same database that is provided in Timestream configuration.</p>"
+        },
+        "TimeColumn":{
+          "shape":"SchemaName",
+          "documentation":"<p>Column from query result that should be used as the time column in destination table. Column type for this should be TIMESTAMP.</p>"
+        },
+        "DimensionMappings":{
+          "shape":"DimensionMappingList",
+          "documentation":"<p> This is to allow mapping column(s) from the query result to the dimension in the destination table. </p>"
+        },
+        "MultiMeasureMappings":{
+          "shape":"MultiMeasureMappings",
+          "documentation":"<p>Multi-measure mappings.</p>"
+        },
+        "MixedMeasureMappings":{
+          "shape":"MixedMeasureMappingList",
+          "documentation":"<p>Specifies how to map measures to multi-measure records.</p>"
+        },
+        "MeasureNameColumn":{
+          "shape":"SchemaName",
+          "documentation":"<p>Name of the measure column.</p>"
+        }
+      },
+      "documentation":"<p> Configuration to write data into Timestream database and table. This configuration allows the user to map the query result select columns into the destination table columns. </p>"
+    },
+    "TimestreamDestination":{
+      "type":"structure",
+      "members":{
+        "DatabaseName":{
+          "shape":"ResourceName",
+          "documentation":"<p>Timestream database name. </p>"
+        },
+        "TableName":{
+          "shape":"ResourceName",
+          "documentation":"<p>Timestream table name. </p>"
+        }
+      },
+      "documentation":"<p>Destination for scheduled query.</p>"
+    },
     "Type":{
       "type":"structure",
       "members":{
         "ScalarType":{
           "shape":"ScalarType",
-          "documentation":"<p>Indicates if the column is of type string, integer, boolean, double, timestamp, date, time. </p>"
+          "documentation":"<p>Indicates if the column is of type string, integer, Boolean, double, timestamp, date, time. </p>"
         },
         "ArrayColumnInfo":{
           "shape":"ColumnInfo",
@@ -403,7 +1480,46 @@
           "documentation":"<p>Indicates if the column is a row.</p>"
         }
       },
-      "documentation":"<p>Contains the data type of a column in a query result set. The data type can be scalar or complex. The supported scalar data types are integers, boolean, string, double, timestamp, date, time, and intervals. The supported complex data types are arrays, rows, and timeseries.</p>"
+      "documentation":"<p>Contains the data type of a column in a query result set. The data type can be scalar or complex. The supported scalar data types are integers, Boolean, string, double, timestamp, date, time, and intervals. The supported complex data types are arrays, rows, and timeseries.</p>"
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceARN",
+        "TagKeys"
+      ],
+      "members":{
+        "ResourceARN":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>The Timestream resource that the tags will be removed from. This value is an Amazon Resource Name (ARN). </p>"
+        },
+        "TagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>A list of tags keys. Existing tags of the resource whose keys are members of this list will be removed from the Timestream resource. </p>"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateScheduledQueryRequest":{
+      "type":"structure",
+      "required":[
+        "ScheduledQueryArn",
+        "State"
+      ],
+      "members":{
+        "ScheduledQueryArn":{
+          "shape":"AmazonResourceName",
+          "documentation":"<p>ARN of the scheuled query.</p>"
+        },
+        "State":{
+          "shape":"ScheduledQueryState",
+          "documentation":"<p>State of the scheduled query. </p>"
+        }
+      }
     },
     "ValidationException":{
       "type":"structure",
@@ -414,5 +1530,5 @@
       "exception":true
     }
   },
-  "documentation":"<p> </p>"
+  "documentation":"<fullname>Amazon Timestream Query </fullname> <p/>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/timestream-write/2018-11-01/service-2.json b/contrib/python/botocore/py3/botocore/data/timestream-write/2018-11-01/service-2.json
index 9ced833c866..64a6866b423 100644
--- a/contrib/python/botocore/py3/botocore/data/timestream-write/2018-11-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/timestream-write/2018-11-01/service-2.json
@@ -29,9 +29,10 @@
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"ThrottlingException"},
         {"shape":"InvalidEndpointException"},
-        {"shape":"InternalServerException"}
+        {"shape":"InternalServerException"},
+        {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Creates a new Timestream database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed KMS keys</a> for more info. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p>Creates a new Timestream database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">Amazon Web Services managed KMS keys</a> for more info. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.create-db.html\">code sample</a> for details. </p>",
       "endpointdiscovery":{"required":true}
     },
     "CreateTable":{
@@ -49,10 +50,11 @@
         {"shape":"ResourceNotFoundException"},
         {"shape":"ServiceQuotaExceededException"},
         {"shape":"ThrottlingException"},
+        {"shape":"InvalidEndpointException"},
         {"shape":"InternalServerException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>The CreateTable operation adds a new table to an existing database in your account. In an AWS account, table names must be at least unique within each Region if they are in the same database. You may have identical table names in the same Region if the tables are in seperate databases. While creating the table, you must specify the table name, database name, and the retention properties. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p>The CreateTable operation adds a new table to an existing database in your account. In an Amazon Web Services account, table names must be at least unique within each Region if they are in the same database. You may have identical table names in the same Region if the tables are in separate databases. While creating the table, you must specify the table name, database name, and the retention properties. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.create-table.html\">code sample</a> for details. </p>",
       "endpointdiscovery":{"required":true}
     },
     "DeleteDatabase":{
@@ -70,7 +72,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Deletes a given Timestream database. <i>This is an irreversible operation. After a database is deleted, the time series data from its tables cannot be recovered.</i> </p> <p>All tables in the database must be deleted first, or a ValidationException error will be thrown. </p> <p>Due to the nature of distributed retries, the operation can return either success or a ResourceNotFoundException. Clients should consider them equivalent.</p>",
+      "documentation":"<p>Deletes a given Timestream database. <i>This is an irreversible operation. After a database is deleted, the time series data from its tables cannot be recovered.</i> </p> <note> <p>All tables in the database must be deleted first, or a ValidationException error will be thrown. </p> <p>Due to the nature of distributed retries, the operation can return either success or a ResourceNotFoundException. Clients should consider them equivalent.</p> </note> <p>See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.delete-db.html\">code sample</a> for details.</p>",
       "endpointdiscovery":{"required":true}
     },
     "DeleteTable":{
@@ -88,7 +90,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Deletes a given Timestream table. This is an irreversible operation. After a Timestream database table is deleted, the time series data stored in the table cannot be recovered. </p> <p>Due to the nature of distributed retries, the operation can return either success or a ResourceNotFoundException. Clients should consider them equivalent.</p>",
+      "documentation":"<p>Deletes a given Timestream table. This is an irreversible operation. After a Timestream database table is deleted, the time series data stored in the table cannot be recovered. </p> <note> <p>Due to the nature of distributed retries, the operation can return either success or a ResourceNotFoundException. Clients should consider them equivalent.</p> </note> <p>See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.delete-table.html\">code sample</a> for details.</p>",
       "endpointdiscovery":{"required":true}
     },
     "DescribeDatabase":{
@@ -107,7 +109,7 @@
         {"shape":"InternalServerException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Returns information about the database, including the database name, time that the database was created, and the total number of tables found within the database. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide.</p>",
+      "documentation":"<p>Returns information about the database, including the database name, time that the database was created, and the total number of tables found within the database. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.describe-db.html\">code sample</a> for details.</p>",
       "endpointdiscovery":{"required":true}
     },
     "DescribeEndpoints":{
@@ -123,7 +125,7 @@
         {"shape":"ValidationException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>DescribeEndpoints returns a list of available endpoints to make Timestream API calls against. This API is available through both Write and Query.</p> <p>Because Timestream’s SDKs are designed to transparently work with the service’s architecture, including the management and mapping of the service endpoints, <i>it is not recommended that you use this API unless</i>:</p> <ul> <li> <p>Your application uses a programming language that does not yet have SDK support</p> </li> <li> <p>You require better control over the client-side implementation</p> </li> </ul> <p>For detailed information on how to use DescribeEndpoints, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/Using-API.endpoint-discovery.html\">The Endpoint Discovery Pattern and REST APIs</a>.</p>",
+      "documentation":"<p>DescribeEndpoints returns a list of available endpoints to make Timestream API calls against. This API is available through both Write and Query.</p> <p>Because the Timestream SDKs are designed to transparently work with the service’s architecture, including the management and mapping of the service endpoints, <i>it is not recommended that you use this API unless</i>:</p> <ul> <li> <p>You are using <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/VPCEndpoints\">VPC endpoints (Amazon Web Services PrivateLink) with Timestream</a> </p> </li> <li> <p>Your application uses a programming language that does not yet have SDK support</p> </li> <li> <p>You require better control over the client-side implementation</p> </li> </ul> <p>For detailed information on how and when to use and implement DescribeEndpoints, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/Using.API.html#Using-API.endpoint-discovery\">The Endpoint Discovery Pattern</a>.</p>",
       "endpointoperation":true
     },
     "DescribeTable":{
@@ -142,7 +144,7 @@
         {"shape":"InternalServerException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Returns information about the table, including the table name, database name, retention duration of the memory store and the magnetic store. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p>Returns information about the table, including the table name, database name, retention duration of the memory store and the magnetic store. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.describe-table.html\">code sample</a> for details. </p>",
       "endpointdiscovery":{"required":true}
     },
     "ListDatabases":{
@@ -160,7 +162,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Returns a list of your Timestream databases. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p>Returns a list of your Timestream databases. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.list-db.html\">code sample</a> for details. </p>",
       "endpointdiscovery":{"required":true}
     },
     "ListTables":{
@@ -179,7 +181,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>A list of tables, along with the name, status and retention properties of each table. </p>",
+      "documentation":"<p>A list of tables, along with the name, status and retention properties of each table. See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.list-table.html\">code sample</a> for details. </p>",
       "endpointdiscovery":{"required":true}
     },
     "ListTagsForResource":{
@@ -252,7 +254,7 @@
         {"shape":"InternalServerException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p> Modifies the KMS key for an existing database. While updating the database, you must specify the database name and the identifier of the new KMS key to be used (<code>KmsKeyId</code>). If there are any concurrent <code>UpdateDatabase</code> requests, first writer wins. </p>",
+      "documentation":"<p> Modifies the KMS key for an existing database. While updating the database, you must specify the database name and the identifier of the new KMS key to be used (<code>KmsKeyId</code>). If there are any concurrent <code>UpdateDatabase</code> requests, first writer wins. </p> <p>See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.update-db.html\">code sample</a> for details.</p>",
       "endpointdiscovery":{"required":true}
     },
     "UpdateTable":{
@@ -271,7 +273,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>Modifies the retention duration of the memory store and magnetic store for your Timestream table. Note that the change in retention duration takes effect immediately. For example, if the retention period of the memory store was initially set to 2 hours and then changed to 24 hours, the memory store will be capable of holding 24 hours of data, but will be populated with 24 hours of data 22 hours after this change was made. Timestream does not retrieve data from the magnetic store to populate the memory store. </p> <p>Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide.</p>",
+      "documentation":"<p>Modifies the retention duration of the memory store and magnetic store for your Timestream table. Note that the change in retention duration takes effect immediately. For example, if the retention period of the memory store was initially set to 2 hours and then changed to 24 hours, the memory store will be capable of holding 24 hours of data, but will be populated with 24 hours of data 22 hours after this change was made. Timestream does not retrieve data from the magnetic store to populate the memory store. </p> <p>See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.update-table.html\">code sample</a> for details.</p>",
       "endpointdiscovery":{"required":true}
     },
     "WriteRecords":{
@@ -281,6 +283,7 @@
         "requestUri":"/"
       },
       "input":{"shape":"WriteRecordsRequest"},
+      "output":{"shape":"WriteRecordsResponse"},
       "errors":[
         {"shape":"InternalServerException"},
         {"shape":"ThrottlingException"},
@@ -290,7 +293,7 @@
         {"shape":"RejectedRecordsException"},
         {"shape":"InvalidEndpointException"}
       ],
-      "documentation":"<p>The WriteRecords operation enables you to write your time series data into Timestream. You can specify a single data point or a batch of data points to be inserted into the system. Timestream offers you with a flexible schema that auto detects the column names and data types for your Timestream tables based on the dimension names and data types of the data points you specify when invoking writes into the database. Timestream support eventual consistency read semantics. This means that when you query data immediately after writing a batch of data into Timestream, the query results might not reflect the results of a recently completed write operation. The results may also include some stale data. If you repeat the query request after a short time, the results should return the latest data. Service quotas apply. For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p>The WriteRecords operation enables you to write your time series data into Timestream. You can specify a single data point or a batch of data points to be inserted into the system. Timestream offers you with a flexible schema that auto detects the column names and data types for your Timestream tables based on the dimension names and data types of the data points you specify when invoking writes into the database. Timestream support eventual consistency read semantics. This means that when you query data immediately after writing a batch of data into Timestream, the query results might not reflect the results of a recently completed write operation. The results may also include some stale data. If you repeat the query request after a short time, the results should return the latest data. <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Service quotas apply</a>. </p> <p>See <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/code-samples.write.html\">code sample</a> for details.</p> <p> <b>Upserts</b> </p> <p>You can use the <code>Version</code> parameter in a <code>WriteRecords</code> request to update data points. Timestream tracks a version number with each record. <code>Version</code> defaults to <code>1</code> when not specified for the record in the request. Timestream will update an existing record’s measure value along with its <code>Version</code> upon receiving a write request with a higher <code>Version</code> number for that record. Upon receiving an update request where the measure value is the same as that of the existing record, Timestream still updates <code>Version</code>, if it is greater than the existing value of <code>Version</code>. You can update a data point as many times as desired, as long as the value of <code>Version</code> continuously increases. </p> <p> For example, suppose you write a new record without indicating <code>Version</code> in the request. Timestream will store this record, and set <code>Version</code> to <code>1</code>. Now, suppose you try to update this record with a <code>WriteRecords</code> request of the same record with a different measure value but, like before, do not provide <code>Version</code>. In this case, Timestream will reject this update with a <code>RejectedRecordsException</code> since the updated record’s version is not greater than the existing value of Version. However, if you were to resend the update request with <code>Version</code> set to <code>2</code>, Timestream would then succeed in updating the record’s value, and the <code>Version</code> would be set to <code>2</code>. Next, suppose you sent a <code>WriteRecords</code> request with this same record and an identical measure value, but with <code>Version</code> set to <code>3</code>. In this case, Timestream would only update <code>Version</code> to <code>3</code>. Any further updates would need to send a version number greater than <code>3</code>, or the update requests would receive a <code>RejectedRecordsException</code>. </p>",
       "endpointdiscovery":{"required":true}
     }
   },
@@ -309,6 +312,7 @@
       "max":1011,
       "min":1
     },
+    "Boolean":{"type":"boolean"},
     "ConflictException":{
       "type":"structure",
       "required":["Message"],
@@ -323,12 +327,12 @@
       "required":["DatabaseName"],
       "members":{
         "DatabaseName":{
-          "shape":"ResourceName",
+          "shape":"ResourceCreateAPIName",
           "documentation":"<p>The name of the Timestream database.</p>"
         },
         "KmsKeyId":{
           "shape":"StringValue2048",
-          "documentation":"<p>The KMS key for the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">AWS managed KMS keys</a> for more info.</p>"
+          "documentation":"<p>The KMS key for the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk\">Amazon Web Services managed KMS keys</a> for more info.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -353,11 +357,11 @@
       ],
       "members":{
         "DatabaseName":{
-          "shape":"ResourceName",
+          "shape":"ResourceCreateAPIName",
           "documentation":"<p>The name of the Timestream database.</p>"
         },
         "TableName":{
-          "shape":"ResourceName",
+          "shape":"ResourceCreateAPIName",
           "documentation":"<p>The name of the Timestream table.</p>"
         },
         "RetentionProperties":{
@@ -367,6 +371,10 @@
         "Tags":{
           "shape":"TagList",
           "documentation":"<p> A list of key-value pairs to label the table. </p>"
+        },
+        "MagneticStoreWriteProperties":{
+          "shape":"MagneticStoreWriteProperties",
+          "documentation":"<p>Contains properties to set on the table when enabling magnetic store writes.</p>"
         }
       }
     },
@@ -509,11 +517,11 @@
       ],
       "members":{
         "Name":{
-          "shape":"StringValue256",
+          "shape":"SchemaName",
           "documentation":"<p> Dimension represents the meta data attributes of the time series. For example, the name and availability zone of an EC2 instance or the name of the manufacturer of a wind turbine are dimensions. </p> <p>For constraints on Dimension names, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html#limits.naming\">Naming Constraints</a>.</p>"
         },
         "Value":{
-          "shape":"StringValue2048",
+          "shape":"SchemaValue",
           "documentation":"<p>The value of the dimension.</p>"
         },
         "DimensionValueType":{
@@ -555,6 +563,7 @@
       "member":{"shape":"Endpoint"}
     },
     "ErrorMessage":{"type":"string"},
+    "Integer":{"type":"integer"},
     "InternalServerException":{
       "type":"structure",
       "required":["Message"],
@@ -649,20 +658,74 @@
       }
     },
     "Long":{"type":"long"},
+    "MagneticStoreRejectedDataLocation":{
+      "type":"structure",
+      "members":{
+        "S3Configuration":{
+          "shape":"S3Configuration",
+          "documentation":"<p>Configuration of an S3 location to write error reports for records rejected, asynchronously, during magnetic store writes.</p>"
+        }
+      },
+      "documentation":"<p>The location to write error reports for records rejected, asynchronously, during magnetic store writes.</p>"
+    },
     "MagneticStoreRetentionPeriodInDays":{
       "type":"long",
       "max":73000,
       "min":1
     },
+    "MagneticStoreWriteProperties":{
+      "type":"structure",
+      "required":["EnableMagneticStoreWrites"],
+      "members":{
+        "EnableMagneticStoreWrites":{
+          "shape":"Boolean",
+          "documentation":"<p>A flag to enable magnetic store writes.</p>"
+        },
+        "MagneticStoreRejectedDataLocation":{
+          "shape":"MagneticStoreRejectedDataLocation",
+          "documentation":"<p>The location to write error reports for records rejected asynchronously during magnetic store writes.</p>"
+        }
+      },
+      "documentation":"<p>The set of properties on a table for configuring magnetic store writes.</p>"
+    },
+    "MeasureValue":{
+      "type":"structure",
+      "required":[
+        "Name",
+        "Value",
+        "Type"
+      ],
+      "members":{
+        "Name":{
+          "shape":"SchemaName",
+          "documentation":"<p> Name of the MeasureValue. </p> <p> For constraints on MeasureValue names, refer to <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html#limits.naming\"> Naming Constraints</a> in the Timestream developer guide.</p>"
+        },
+        "Value":{
+          "shape":"StringValue2048",
+          "documentation":"<p> Value for the MeasureValue. </p>"
+        },
+        "Type":{
+          "shape":"MeasureValueType",
+          "documentation":"<p>Contains the data type of the MeasureValue for the time series data point.</p>"
+        }
+      },
+      "documentation":"<p> MeasureValue represents the data attribute of the time series. For example, the CPU utilization of an EC2 instance or the RPM of a wind turbine are measures. MeasureValue has both name and value. </p> <p> MeasureValue is only allowed for type <code>MULTI</code>. Using <code>MULTI</code> type, you can pass multiple data attributes associated with the same time series in a single record </p>"
+    },
     "MeasureValueType":{
       "type":"string",
       "enum":[
         "DOUBLE",
         "BIGINT",
         "VARCHAR",
-        "BOOLEAN"
+        "BOOLEAN",
+        "TIMESTAMP",
+        "MULTI"
       ]
     },
+    "MeasureValues":{
+      "type":"list",
+      "member":{"shape":"MeasureValue"}
+    },
     "MemoryStoreRetentionPeriodInHours":{
       "type":"long",
       "max":8766,
@@ -682,7 +745,7 @@
           "documentation":"<p>Contains the list of dimensions for time series data points.</p>"
         },
         "MeasureName":{
-          "shape":"StringValue256",
+          "shape":"SchemaName",
           "documentation":"<p>Measure represents the data attribute of the time series. For example, the CPU utilization of an EC2 instance or the RPM of a wind turbine are measures. </p>"
         },
         "MeasureValue":{
@@ -691,7 +754,7 @@
         },
         "MeasureValueType":{
           "shape":"MeasureValueType",
-          "documentation":"<p> Contains the data type of the measure value for the time series data point. </p>"
+          "documentation":"<p> Contains the data type of the measure value for the time series data point. Default type is <code>DOUBLE</code>. </p>"
         },
         "Time":{
           "shape":"StringValue256",
@@ -699,15 +762,19 @@
         },
         "TimeUnit":{
           "shape":"TimeUnit",
-          "documentation":"<p> The granularity of the timestamp unit. It indicates if the time value is in seconds, milliseconds, nanoseconds or other supported values. </p>"
+          "documentation":"<p> The granularity of the timestamp unit. It indicates if the time value is in seconds, milliseconds, nanoseconds or other supported values. Default is <code>MILLISECONDS</code>. </p>"
         },
         "Version":{
           "shape":"RecordVersion",
-          "documentation":"<p>64-bit attribute used for record updates. Write requests for duplicate data with a higher version number will update the existing measure value and version. In cases where the measure value is the same, <code>Version</code> will still be updated . Default value is to 1.</p>",
+          "documentation":"<p>64-bit attribute used for record updates. Write requests for duplicate data with a higher version number will update the existing measure value and version. In cases where the measure value is the same, <code>Version</code> will still be updated . Default value is <code>1</code>.</p> <note> <p> <code>Version</code> must be <code>1</code> or greater, or you will receive a <code>ValidationException</code> error.</p> </note>",
           "box":true
+        },
+        "MeasureValues":{
+          "shape":"MeasureValues",
+          "documentation":"<p> Contains the list of MeasureValue for time series data points. </p> <p> This is only allowed for type <code>MULTI</code>. For scalar values, use <code>MeasureValue</code> attribute of the Record directly. </p>"
         }
       },
-      "documentation":"<p>Record represents a time series data point being written into Timestream. Each record contains an array of dimensions. Dimensions represent the meta data attributes of a time series data point such as the instance name or availability zone of an EC2 instance. A record also contains the measure name which is the name of the measure being collected for example the CPU utilization of an EC2 instance. A record also contains the measure value and the value type which is the data type of the measure value. In addition, the record contains the timestamp when the measure was collected that the timestamp unit which represents the granularity of the timestamp. </p>"
+      "documentation":"<p>Record represents a time series data point being written into Timestream. Each record contains an array of dimensions. Dimensions represent the meta data attributes of a time series data point such as the instance name or availability zone of an EC2 instance. A record also contains the measure name which is the name of the measure being collected for example the CPU utilization of an EC2 instance. A record also contains the measure value and the value type which is the data type of the measure value. In addition, the record contains the timestamp when the measure was collected that the timestamp unit which represents the granularity of the timestamp. </p> <p> Records have a <code>Version</code> field, which is a 64-bit <code>long</code> that you can use for updating data points. Writes of a duplicate record with the same dimension, timestamp, and measure name but different measure value will only succeed if the <code>Version</code> attribute of the record in the write request is higher than that of the existing record. Timestream defaults to a <code>Version</code> of <code>1</code> for records without the <code>Version</code> field. </p>"
     },
     "RecordIndex":{"type":"integer"},
     "RecordVersion":{"type":"long"},
@@ -717,6 +784,24 @@
       "max":100,
       "min":1
     },
+    "RecordsIngested":{
+      "type":"structure",
+      "members":{
+        "Total":{
+          "shape":"Integer",
+          "documentation":"<p>Total count of successfully ingested records.</p>"
+        },
+        "MemoryStore":{
+          "shape":"Integer",
+          "documentation":"<p>Count of records ingested into the memory store.</p>"
+        },
+        "MagneticStore":{
+          "shape":"Integer",
+          "documentation":"<p>Count of records ingested into the magnetic store.</p>"
+        }
+      },
+      "documentation":"<p>Information on the records ingested by this request.</p>"
+    },
     "RejectedRecord":{
       "type":"structure",
       "members":{
@@ -726,7 +811,7 @@
         },
         "Reason":{
           "shape":"ErrorMessage",
-          "documentation":"<p> The reason why a record was not successfully inserted into Timestream. Possible causes of failure include: </p> <ul> <li> <p> Records with duplicate data where there are multiple records with the same dimensions, timestamps, and measure names but different measure values. </p> </li> <li> <p> Records with timestamps that lie outside the retention duration of the memory store </p> <note> <p>When the retention window is updated, you will receive a <code>RejectedRecords</code> exception if you immediately try to ingest data within the new window. To avoid a <code>RejectedRecords</code> exception, wait until the duration of the new window to ingest new data. For further information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/best-practices.html#configuration\"> Best Practices for Configuring Timestream</a> and <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/storage.html\">the explanation of how storage works in Timestream</a>.</p> </note> </li> <li> <p> Records with dimensions or measures that exceed the Timestream defined limits. </p> </li> </ul> <p> For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>"
+          "documentation":"<p> The reason why a record was not successfully inserted into Timestream. Possible causes of failure include: </p> <ul> <li> <p>Records with duplicate data where there are multiple records with the same dimensions, timestamps, and measure names but: </p> <ul> <li> <p>Measure values are different</p> </li> <li> <p>Version is not present in the request <i>or</i> the value of version in the new record is equal to or lower than the existing value</p> </li> </ul> <p> If Timestream rejects data for this case, the <code>ExistingVersion</code> field in the <code>RejectedRecords</code> response will indicate the current record’s version. To force an update, you can resend the request with a version for the record set to a value greater than the <code>ExistingVersion</code>.</p> </li> <li> <p> Records with timestamps that lie outside the retention duration of the memory store </p> <note> <p>When the retention window is updated, you will receive a <code>RejectedRecords</code> exception if you immediately try to ingest data within the new window. To avoid a <code>RejectedRecords</code> exception, wait until the duration of the new window to ingest new data. For further information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/best-practices.html#configuration\"> Best Practices for Configuring Timestream</a> and <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/storage.html\">the explanation of how storage works in Timestream</a>.</p> </note> </li> <li> <p> Records with dimensions or measures that exceed the Timestream defined limits. </p> </li> </ul> <p> For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>"
         },
         "ExistingVersion":{
           "shape":"RecordVersion",
@@ -746,15 +831,14 @@
         "Message":{"shape":"ErrorMessage"},
         "RejectedRecords":{"shape":"RejectedRecords"}
       },
-      "documentation":"<p> WriteRecords would throw this exception in the following cases: </p> <ul> <li> <p> Records with duplicate data where there are multiple records with the same dimensions, timestamps, and measure names but different measure values. </p> </li> <li> <p> Records with timestamps that lie outside the retention duration of the memory store </p> </li> <li> <p> Records with dimensions or measures that exceed the Timestream defined limits. </p> </li> </ul> <p> For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Access Management</a> in the Timestream Developer Guide. </p>",
+      "documentation":"<p> WriteRecords would throw this exception in the following cases: </p> <ul> <li> <p>Records with duplicate data where there are multiple records with the same dimensions, timestamps, and measure names but: </p> <ul> <li> <p>Measure values are different</p> </li> <li> <p>Version is not present in the request <i>or</i> the value of version in the new record is equal to or lower than the existing value</p> </li> </ul> <p> In this case, if Timestream rejects data, the <code>ExistingVersion</code> field in the <code>RejectedRecords</code> response will indicate the current record’s version. To force an update, you can resend the request with a version for the record set to a value greater than the <code>ExistingVersion</code>.</p> </li> <li> <p> Records with timestamps that lie outside the retention duration of the memory store </p> </li> <li> <p> Records with dimensions or measures that exceed the Timestream defined limits. </p> </li> </ul> <p> For more information, see <a href=\"https://docs.aws.amazon.com/timestream/latest/developerguide/ts-limits.html\">Quotas</a> in the Timestream Developer Guide. </p>",
       "exception":true
     },
-    "ResourceName":{
+    "ResourceCreateAPIName":{
       "type":"string",
-      "max":64,
-      "min":3,
       "pattern":"[a-zA-Z0-9_.-]+"
     },
+    "ResourceName":{"type":"string"},
     "ResourceNotFoundException":{
       "type":"structure",
       "members":{
@@ -781,6 +865,52 @@
       },
       "documentation":"<p>Retention properties contain the duration for which your time series data must be stored in the magnetic store and the memory store. </p>"
     },
+    "S3BucketName":{
+      "type":"string",
+      "max":63,
+      "min":3,
+      "pattern":"[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9]"
+    },
+    "S3Configuration":{
+      "type":"structure",
+      "members":{
+        "BucketName":{
+          "shape":"S3BucketName",
+          "documentation":"<p>&gt;Bucket name of the customer S3 bucket.</p>"
+        },
+        "ObjectKeyPrefix":{
+          "shape":"S3ObjectKeyPrefix",
+          "documentation":"<p>Object key preview for the customer S3 location.</p>"
+        },
+        "EncryptionOption":{
+          "shape":"S3EncryptionOption",
+          "documentation":"<p>Encryption option for the customer s3 location. Options are S3 server side encryption with an S3-managed key or KMS managed key.</p>"
+        },
+        "KmsKeyId":{
+          "shape":"StringValue2048",
+          "documentation":"<p>KMS key id for the customer s3 location when encrypting with a KMS managed key.</p>"
+        }
+      },
+      "documentation":"<p>Configuration specifing an S3 location.</p>"
+    },
+    "S3EncryptionOption":{
+      "type":"string",
+      "enum":[
+        "SSE_S3",
+        "SSE_KMS"
+      ]
+    },
+    "S3ObjectKeyPrefix":{
+      "type":"string",
+      "max":928,
+      "min":1,
+      "pattern":"[a-zA-Z0-9|!\\-_*'\\(\\)]([a-zA-Z0-9]|[!\\-_*'\\(\\)\\/.])+"
+    },
+    "SchemaName":{
+      "type":"string",
+      "min":1
+    },
+    "SchemaValue":{"type":"string"},
     "ServiceQuotaExceededException":{
       "type":"structure",
       "members":{
@@ -830,6 +960,10 @@
         "LastUpdatedTime":{
           "shape":"Date",
           "documentation":"<p>The time when the Timestream table was last updated.</p>"
+        },
+        "MagneticStoreWriteProperties":{
+          "shape":"MagneticStoreWriteProperties",
+          "documentation":"<p>Contains properties to set on the table when enabling magnetic store writes.</p>"
         }
       },
       "documentation":"<p>Table represents a database table in Timestream. Tables contain one or more related time series. You can modify the retention duration of the memory store and the magnetic store for a table. </p>"
@@ -974,8 +1108,7 @@
       "type":"structure",
       "required":[
         "DatabaseName",
-        "TableName",
-        "RetentionProperties"
+        "TableName"
       ],
       "members":{
         "DatabaseName":{
@@ -984,11 +1117,15 @@
         },
         "TableName":{
           "shape":"ResourceName",
-          "documentation":"<p>The name of the Timesream table.</p>"
+          "documentation":"<p>The name of the Timestream table.</p>"
         },
         "RetentionProperties":{
           "shape":"RetentionProperties",
           "documentation":"<p>The retention duration of the memory store and the magnetic store.</p>"
+        },
+        "MagneticStoreWriteProperties":{
+          "shape":"MagneticStoreWriteProperties",
+          "documentation":"<p>Contains properties to set on the table when enabling magnetic store writes.</p>"
         }
       }
     },
@@ -1024,18 +1161,27 @@
         },
         "TableName":{
           "shape":"ResourceName",
-          "documentation":"<p>The name of the Timesream table.</p>"
+          "documentation":"<p>The name of the Timestream table.</p>"
         },
         "CommonAttributes":{
           "shape":"Record",
-          "documentation":"<p>A record containing the common measure and dimension attributes shared across all the records in the request. The measure and dimension attributes specified in here will be merged with the measure and dimension attributes in the records object when the data is written into Timestream. </p>"
+          "documentation":"<p>A record containing the common measure, dimension, time, and version attributes shared across all the records in the request. The measure and dimension attributes specified will be merged with the measure and dimension attributes in the records object when the data is written into Timestream. Dimensions may not overlap, or a <code>ValidationException</code> will be thrown. In other words, a record must contain dimensions with unique names. </p>"
         },
         "Records":{
           "shape":"Records",
-          "documentation":"<p>An array of records containing the unique dimension and measure attributes for each time series data point. </p>"
+          "documentation":"<p>An array of records containing the unique measure, dimension, time, and version attributes for each time series data point. </p>"
+        }
+      }
+    },
+    "WriteRecordsResponse":{
+      "type":"structure",
+      "members":{
+        "RecordsIngested":{
+          "shape":"RecordsIngested",
+          "documentation":"<p>Information on the records ingested by this request.</p>"
         }
       }
     }
   },
-  "documentation":"<p>Amazon Timestream is a fast, scalable, fully managed time series database service that makes it easy to store and analyze trillions of time series data points per day. With Timestream, you can easily store and analyze IoT sensor data to derive insights from your IoT applications. You can analyze industrial telemetry to streamline equipment management and maintenance. You can also store and analyze log data and metrics to improve the performance and availability of your applications. Timestream is built from the ground up to effectively ingest, process, and store time series data. It organizes data to optimize query processing. It automatically scales based on the volume of data ingested and on the query volume to ensure you receive optimal performance while inserting and querying data. As your data grows over time, Timestream’s adaptive query processing engine spans across storage tiers to provide fast analysis while reducing costs.</p>"
+  "documentation":"<fullname>Amazon Timestream Write</fullname> <p>Amazon Timestream is a fast, scalable, fully managed time series database service that makes it easy to store and analyze trillions of time series data points per day. With Timestream, you can easily store and analyze IoT sensor data to derive insights from your IoT applications. You can analyze industrial telemetry to streamline equipment management and maintenance. You can also store and analyze log data and metrics to improve the performance and availability of your applications. Timestream is built from the ground up to effectively ingest, process, and store time series data. It organizes data to optimize query processing. It automatically scales based on the volume of data ingested and on the query volume to ensure you receive optimal performance while inserting and querying data. As your data grows over time, Timestream’s adaptive query processing engine spans across storage tiers to provide fast analysis while reducing costs.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/transcribe/2017-10-26/service-2.json b/contrib/python/botocore/py3/botocore/data/transcribe/2017-10-26/service-2.json
index 60c5e4eba9a..bfa10fdc96f 100644
--- a/contrib/python/botocore/py3/botocore/data/transcribe/2017-10-26/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/transcribe/2017-10-26/service-2.json
@@ -572,7 +572,7 @@
         {"shape":"NotFoundException"},
         {"shape":"ConflictException"}
       ],
-      "documentation":"<p>Updates the call analytics category with new values. The <code>UpdateCallAnalyticsCategory</code> operation overwrites all of the existing information with the values that you provide in the request. </p>"
+      "documentation":"<p>Updates the call analytics category with new values. The <code>UpdateCallAnalyticsCategory</code> operation overwrites all of the existing information with the values that you provide in the request.</p>"
     },
     "UpdateMedicalVocabulary":{
       "name":"UpdateMedicalVocabulary",
@@ -635,15 +635,15 @@
         },
         "EndTime":{
           "shape":"TimestampMilliseconds",
-          "documentation":"<p>A value that indicates the end of the time range in milliseconds. To set absolute time range, you must specify a start time and an end time. For example, if you specify the following values:</p> <ul> <li> <p>StartTime - 10000</p> </li> <li> <p>Endtime - 50000</p> </li> </ul> <p>The time range is set between 10,000 milliseconds and 50,000 milliseconds into the call. </p>"
+          "documentation":"<p>A value that indicates the end of the time range in milliseconds. To set absolute time range, you must specify a start time and an end time. For example, if you specify the following values:</p> <ul> <li> <p>StartTime - 10000</p> </li> <li> <p>Endtime - 50000</p> </li> </ul> <p>The time range is set between 10,000 milliseconds and 50,000 milliseconds into the call.</p>"
         },
         "First":{
           "shape":"TimestampMilliseconds",
-          "documentation":"<p>A time range from the beginning of the call to the value that you've specified. For example, if you specify 100000, the time range is set to the first 100,000 milliseconds of the call.</p>"
+          "documentation":"<p>A time range from the beginning of the call to the value that you've specified. For example, if you specify <code>100000</code>, the time range is set to the first 100,000 milliseconds of the call.</p>"
         },
         "Last":{
           "shape":"TimestampMilliseconds",
-          "documentation":"<p>A time range from the value that you've specified to the end of the call. For example, if you specify 100000, the time range is set to the last 100,000 milliseconds of the call.</p>"
+          "documentation":"<p>A time range from the value that you've specified to the end of the call. For example, if you specify <code>100000</code>, the time range is set to the last 100,000 milliseconds of the call.</p>"
         }
       },
       "documentation":"<p>A time range, set in seconds, between two points in the call.</p>"
@@ -687,7 +687,7 @@
         },
         "LanguageCode":{
           "shape":"LanguageCode",
-          "documentation":"<p>If you know the language spoken between the customer and the agent, specify a language code for this field.</p> <p>If you don't know the language, you can leave this field blank, and Amazon Transcribe will use machine learning to automatically identify the language. To improve the accuracy of language identification, you can provide an array containing the possible language codes for the language spoken in your audio. Refer to <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-it-works.html\">Supported languages and language-specific features</a> for additional information.</p>"
+          "documentation":"<p>If you know the language spoken between the customer and the agent, specify a language code for this field.</p> <p>If you don't know the language, you can leave this field blank, and Amazon Transcribe will use machine learning to automatically identify the language. To improve the accuracy of language identification, you can provide an array containing the possible language codes for the language spoken in your audio. Refer to <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/supported-languages.html\">Supported languages</a> for additional information.</p>"
         },
         "MediaSampleRateHertz":{
           "shape":"MediaSampleRateHertz",
@@ -695,7 +695,7 @@
         },
         "MediaFormat":{
           "shape":"MediaFormat",
-          "documentation":"<p>The format of the input audio file. Note: for call analytics jobs, only the following media formats are supported: MP3, MP4, WAV, FLAC, OGG, and WebM. </p>"
+          "documentation":"<p>The format of the input audio file. Note: for call analytics jobs, only the following media formats are supported: MP3, MP4, WAV, FLAC, OGG, and WebM.</p>"
         },
         "Media":{"shape":"Media"},
         "Transcript":{"shape":"Transcript"},
@@ -721,7 +721,7 @@
         },
         "IdentifiedLanguageScore":{
           "shape":"IdentifiedLanguageScore",
-          "documentation":"<p>A value between zero and one that Amazon Transcribe assigned to the language that it identified in the source audio. This value appears only when you don't provide a single language code. Larger values indicate that Amazon Transcribe has higher confidence in the language that it identified</p>"
+          "documentation":"<p>A value between zero and one that Amazon Transcribe assigned to the language that it identified in the source audio. This value appears only when you don't provide a single language code. Larger values indicate that Amazon Transcribe has higher confidence in the language that it identified.</p>"
         },
         "Settings":{
           "shape":"CallAnalyticsJobSettings",
@@ -762,7 +762,7 @@
         "ContentRedaction":{"shape":"ContentRedaction"},
         "LanguageOptions":{
           "shape":"LanguageOptions",
-          "documentation":"<p>When you run a call analytics job, you can specify the language spoken in the audio, or you can have Amazon Transcribe identify the language for you.</p> <p>To specify a language, specify an array with one language code. If you don't know the language, you can leave this field blank and Amazon Transcribe will use machine learning to identify the language for you. To improve the ability of Amazon Transcribe to correctly identify the language, you can provide an array of the languages that can be present in the audio. Refer to <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-it-works.html\">Supported languages and language-specific features</a> for additional information.</p>"
+          "documentation":"<p>When you run a call analytics job, you can specify the language spoken in the audio, or you can have Amazon Transcribe identify the language for you.</p> <p>To specify a language, specify an array with one language code. If you don't know the language, you can leave this field blank and Amazon Transcribe will use machine learning to identify the language for you. To improve the ability of Amazon Transcribe to correctly identify the language, you can provide an array of the languages that can be present in the audio. Refer to <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/supported-languages.html\">Supported languages</a> for additional information.</p>"
         },
         "LanguageIdSettings":{
           "shape":"LanguageIdSettingsMap",
@@ -897,6 +897,10 @@
         "RedactionOutput":{
           "shape":"RedactionOutput",
           "documentation":"<p>The output transcript file stored in either the default S3 bucket or in a bucket you specify.</p> <p>When you choose <code>redacted</code> Amazon Transcribe outputs only the redacted transcript.</p> <p>When you choose <code>redacted_and_unredacted</code> Amazon Transcribe outputs both the redacted and unredacted transcripts.</p>"
+        },
+        "PiiEntityTypes":{
+          "shape":"PiiEntityTypes",
+          "documentation":"<p>The types of personally identifiable information (PII) you want to redact in your transcript.</p>"
         }
       },
       "documentation":"<p>Settings for content redaction within a transcription job.</p>"
@@ -914,7 +918,7 @@
         },
         "Rules":{
           "shape":"RuleList",
-          "documentation":"<p>To create a category, you must specify between 1 and 20 rules. For each rule, you specify a filter to be applied to the attributes of the call. For example, you can specify a sentiment filter to detect if the customer's sentiment was negative or neutral. </p>"
+          "documentation":"<p>To create a category, you must specify between 1 and 20 rules. For each rule, you specify a filter to be applied to the attributes of the call. For example, you can specify a sentiment filter to detect if the customer's sentiment was negative or neutral.</p>"
         }
       }
     },
@@ -1001,7 +1005,7 @@
         },
         "VocabularyFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The location in Amazon S3 of the text file you use to define your custom vocabulary. The URI must be in the same Amazon Web Services Region as the resource that you're calling. Enter information about your <code>VocabularyFileUri</code> in the following format:</p> <p> <code> https://s3.&lt;aws-region&gt;.amazonaws.com/&lt;bucket-name&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt; </code> </p> <p>The following is an example URI for a vocabulary file that is stored in Amazon S3:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about Amazon S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-it-works.html#how-vocabulary-med\">Medical Custom Vocabularies</a>.</p>"
+          "documentation":"<p>The location in Amazon S3 of the text file you use to define your custom vocabulary. The URI must be in the same Amazon Web Services Region as the resource that you're calling. Enter information about your <code>VocabularyFileUri</code> in the following format:</p> <p> <code>https://s3.&lt;aws-region&gt;.amazonaws.com/&lt;bucket-name&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt;</code> </p> <p>The following is an example URI for a vocabulary file that is stored in Amazon S3:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about Amazon S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/vocabulary-med.html\">Medical Custom Vocabularies</a>.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -1051,11 +1055,11 @@
         },
         "Words":{
           "shape":"Words",
-          "documentation":"<p>The words to use in the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-vocabulary.html#charsets\">Character Sets for Custom Vocabularies</a>.</p> <p>If you provide a list of words in the <code>Words</code> parameter, you can't use the <code>VocabularyFilterFileUri</code> parameter.</p>"
+          "documentation":"<p>The words to use in the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/charsets.html\">Character Sets for Custom Vocabularies</a>.</p> <p>If you provide a list of words in the <code>Words</code> parameter, you can't use the <code>VocabularyFilterFileUri</code> parameter.</p>"
         },
         "VocabularyFilterFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The Amazon S3 location of a text file used as input to create the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-vocabulary.html#charsets\">Character Sets for Custom Vocabularies</a>.</p> <p>The specified file must be less than 50 KB of UTF-8 characters.</p> <p>If you provide the location of a list of words in the <code>VocabularyFilterFileUri</code> parameter, you can't use the <code>Words</code> parameter.</p>"
+          "documentation":"<p>The Amazon S3 location of a text file used as input to create the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/charsets.html\">Character Sets for Custom Vocabularies</a>.</p> <p>The specified file must be less than 50 KB of UTF-8 characters.</p> <p>If you provide the location of a list of words in the <code>VocabularyFilterFileUri</code> parameter, you can't use the <code>Words</code> parameter.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -1093,7 +1097,7 @@
         },
         "LanguageCode":{
           "shape":"LanguageCode",
-          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a>transcribe-whatis</a>.</p>"
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a>table-language-matrix</a>.</p>"
         },
         "Phrases":{
           "shape":"Phrases",
@@ -1101,7 +1105,7 @@
         },
         "VocabularyFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The S3 location of the text file that contains the definition of the custom vocabulary. The URI must be in the same region as the API endpoint that you are calling. The general form is:</p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-vocabulary\">Custom vocabularies</a>.</p>"
+          "documentation":"<p>The S3 location of the text file that contains the definition of the custom vocabulary. The URI must be in the same region as the API endpoint that you are calling. The general form is:</p> <p> <code>https://s3.&lt;Amazon Web Services-region&gt;.amazonaws.com/&lt;AWSDOC-EXAMPLE-BUCKET&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt; </code> </p> <p>For example:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/custom-vocabulary.html\">Custom vocabularies</a>.</p>"
         },
         "Tags":{
           "shape":"TagList",
@@ -1481,7 +1485,7 @@
         },
         "AbsoluteTimeRange":{
           "shape":"AbsoluteTimeRange",
-          "documentation":"<p>An object you can use to specify a time range (in milliseconds) for when you'd want to find the interruption. For example, you could search for an interruption between the 30,000 millisecond mark and the 45,000 millisecond mark. You could also specify the time period as the first 15,000 milliseconds or the last 15,000 milliseconds. </p>"
+          "documentation":"<p>An object you can use to specify a time range (in milliseconds) for when you'd want to find the interruption. For example, you could search for an interruption between the 30,000 millisecond mark and the 45,000 millisecond mark. You could also specify the time period as the first 15,000 milliseconds or the last 15,000 milliseconds.</p>"
         },
         "RelativeTimeRange":{
           "shape":"RelativeTimeRange",
@@ -1571,15 +1575,15 @@
       "members":{
         "VocabularyName":{
           "shape":"VocabularyName",
-          "documentation":"<p>The name of the vocabulary you want to use when processing your transcription job. The vocabulary you specify must have the same language code as the transcription job; if the languages don't match, the vocabulary won't be applied.</p>"
+          "documentation":"<p>The name of the vocabulary you want to use when processing your transcription job. The vocabulary you specify must have the same language codes as the transcription job; if the languages don't match, the vocabulary isn't applied.</p>"
         },
         "VocabularyFilterName":{
           "shape":"VocabularyFilterName",
-          "documentation":"<p>The name of the vocabulary filter you want to use when transcribing your audio. The filter you specify must have the same language code as the transcription job; if the languages don't match, the vocabulary filter won't be applied.</p>"
+          "documentation":"<p>The name of the vocabulary filter you want to use when transcribing your audio. The filter you specify must have the same language codes as the transcription job; if the languages don't match, the vocabulary filter isn't be applied.</p>"
         },
         "LanguageModelName":{
           "shape":"ModelName",
-          "documentation":"<p>The name of the language model you want to use when transcribing your audio. The model you specify must have the same language code as the transcription job; if the languages don't match, the language model won't be applied.</p>"
+          "documentation":"<p>The name of the language model you want to use when transcribing your audio. The model you specify must have the same language codes as the transcription job; if the languages don't match, the language model isn't be applied.</p>"
         }
       },
       "documentation":"<p>Language-specific settings that can be specified when language identification is enabled.</p>"
@@ -1969,11 +1973,11 @@
       "members":{
         "MediaFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The S3 object location of the input media file. The URI must be in the same region as the API endpoint that you are calling. The general form is:</p> <p>For example:</p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p>"
+          "documentation":"<p>The S3 object location of the input media file. The URI must be in the same region as the API endpoint that you are calling. The general form is:</p> <p> <code> s3://&lt;AWSDOC-EXAMPLE-BUCKET&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt;</code> </p> <p>For example:</p> <p> <code>s3://AWSDOC-EXAMPLE-BUCKET/example.mp4</code> </p> <p> <code>s3://AWSDOC-EXAMPLE-BUCKET/mediadocs/example.mp4</code> </p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p>"
         },
         "RedactedMediaFileUri":{
           "shape":"Uri",
-          "documentation":"<p> The S3 object location for your redacted output media file. This is only supported for call analytics jobs.</p>"
+          "documentation":"<p>The S3 object location for your redacted output media file. This is only supported for call analytics jobs.</p>"
         }
       },
       "documentation":"<p>Describes the input media file in a transcription request.</p>"
@@ -2026,7 +2030,7 @@
         },
         "MediaSampleRateHertz":{
           "shape":"MediaSampleRateHertz",
-          "documentation":"<p>The sample rate, in Hertz, of the source audio containing medical information.</p> <p>If you don't specify the sample rate, Amazon Transcribe Medical determines it for you. If you choose to specify the sample rate, it must match the rate detected by Amazon Transcribe Medical. In most cases, you should leave the <code>MedicalMediaSampleHertz</code> blank and let Amazon Transcribe Medical determine the sample rate.</p>"
+          "documentation":"<p>The sample rate, in Hertz, of the source audio containing medical information.</p> <p>If you don't specify the sample rate, Amazon Transcribe Medical determines it for you. If you choose to specify the sample rate, it must match the rate detected by Amazon Transcribe Medical.</p>"
         },
         "MediaFormat":{
           "shape":"MediaFormat",
@@ -2051,7 +2055,7 @@
         },
         "FailureReason":{
           "shape":"FailureReason",
-          "documentation":"<p>If the <code>TranscriptionJobStatus</code> field is <code>FAILED</code>, this field contains information about why the job failed.</p> <p>The <code>FailureReason</code> field contains one of the following values:</p> <ul> <li> <p> <code>Unsupported media format</code>- The media format specified in the <code>MediaFormat</code> field of the request isn't valid. See the description of the <code>MediaFormat</code> field for a list of valid values.</p> </li> <li> <p> <code>The media format provided does not match the detected media format</code>- The media format of the audio file doesn't match the format specified in the <code>MediaFormat</code> field in the request. Check the media format of your media file and make sure the two values match.</p> </li> <li> <p> <code>Invalid sample rate for audio file</code>- The sample rate specified in the <code>MediaSampleRateHertz</code> of the request isn't valid. The sample rate must be between 8,000 and 48,000 Hertz.</p> </li> <li> <p> <code>The sample rate provided does not match the detected sample rate</code>- The sample rate in the audio file doesn't match the sample rate specified in the <code>MediaSampleRateHertz</code> field in the request. Check the sample rate of your media file and make sure that the two values match.</p> </li> <li> <p> <code>Invalid file size: file size too large</code>- The size of your audio file is larger than what Amazon Transcribe Medical can process. For more information, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/limits-guidelines.html#limits\">Guidelines and Quotas</a> in the <i>Amazon Transcribe Medical Guide</i> </p> </li> <li> <p> <code>Invalid number of channels: number of channels too large</code>- Your audio contains more channels than Amazon Transcribe Medical is configured to process. To request additional channels, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/transcribe-medical.html\">Amazon Transcribe Medical Endpoints and Quotas</a> in the <i>Amazon Web Services General Reference</i> </p> </li> </ul>"
+          "documentation":"<p>If the <code>TranscriptionJobStatus</code> field is <code>FAILED</code>, this field contains information about why the job failed.</p> <p>The <code>FailureReason</code> field contains one of the following values:</p> <ul> <li> <p> <code>Unsupported media format</code>- The media format specified in the <code>MediaFormat</code> field of the request isn't valid. See the description of the <code>MediaFormat</code> field for a list of valid values.</p> </li> <li> <p> <code>The media format provided does not match the detected media format</code>- The media format of the audio file doesn't match the format specified in the <code>MediaFormat</code> field in the request. Check the media format of your media file and make sure the two values match.</p> </li> <li> <p> <code>Invalid sample rate for audio file</code>- The sample rate specified in the <code>MediaSampleRateHertz</code> of the request isn't valid. The sample rate must be between 8,000 and 48,000 Hertz.</p> </li> <li> <p> <code>The sample rate provided does not match the detected sample rate</code>- The sample rate in the audio file doesn't match the sample rate specified in the <code>MediaSampleRateHertz</code> field in the request. Check the sample rate of your media file and make sure that the two values match.</p> </li> <li> <p> <code>Invalid file size: file size too large</code>- The size of your audio file is larger than what Amazon Transcribe Medical can process. For more information, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/limits-guidelines.html#limits\">Guidelines and Quotas</a> in the <i>Amazon Transcribe Medical Guide</i>.</p> </li> <li> <p> <code>Invalid number of channels: number of channels too large</code>- Your audio contains more channels than Amazon Transcribe Medical is configured to process. To request additional channels, see <a href=\"https://docs.aws.amazon.com/general/latest/gr/transcribe-medical.html\">Amazon Transcribe Medical Endpoints and Quotas</a> in the <i>Amazon Web Services General Reference</i>.</p> </li> </ul>"
         },
         "Settings":{
           "shape":"MedicalTranscriptionSetting",
@@ -2143,7 +2147,7 @@
         },
         "ChannelIdentification":{
           "shape":"Boolean",
-          "documentation":"<p>Instructs Amazon Transcribe Medical to process each audio channel separately and then merge the transcription output of each channel into a single transcription.</p> <p>Amazon Transcribe Medical also produces a transcription of each item detected on an audio channel, including the start time and end time of the item and alternative transcriptions of item. The alternative transcriptions also come with confidence scores provided by Amazon Transcribe Medical.</p> <p>You can't set both <code>ShowSpeakerLabels</code> and <code>ChannelIdentification</code> in the same request. If you set both, your request returns a <code>BadRequestException</code> </p>"
+          "documentation":"<p>Instructs Amazon Transcribe Medical to process each audio channel separately and then merge the transcription output of each channel into a single transcription.</p> <p>Amazon Transcribe Medical also produces a transcription of each item detected on an audio channel, including the start time and end time of the item and alternative transcriptions of item. The alternative transcriptions also come with confidence scores provided by Amazon Transcribe Medical.</p> <p>You can't set both <code>ShowSpeakerLabels</code> and <code>ChannelIdentification</code> in the same request. If you set both, your request returns a <code>BadRequestException</code>.</p>"
         },
         "ShowAlternatives":{
           "shape":"Boolean",
@@ -2269,6 +2273,29 @@
       "type":"list",
       "member":{"shape":"Phrase"}
     },
+    "PiiEntityType":{
+      "type":"string",
+      "enum":[
+        "BANK_ACCOUNT_NUMBER",
+        "BANK_ROUTING",
+        "CREDIT_DEBIT_NUMBER",
+        "CREDIT_DEBIT_CVV",
+        "CREDIT_DEBIT_EXPIRY",
+        "PIN",
+        "EMAIL",
+        "ADDRESS",
+        "NAME",
+        "PHONE",
+        "SSN",
+        "ALL"
+      ]
+    },
+    "PiiEntityTypes":{
+      "type":"list",
+      "member":{"shape":"PiiEntityType"},
+      "max":11,
+      "min":0
+    },
     "RedactionOutput":{
       "type":"string",
       "enum":[
@@ -2353,7 +2380,7 @@
         },
         "Negate":{
           "shape":"Boolean",
-          "documentation":"<p>Set to <code>TRUE</code> to look for sentiments that weren't specified in the request. </p>"
+          "documentation":"<p>Set to <code>TRUE</code> to look for sentiments that weren't specified in the request.</p>"
         }
       },
       "documentation":"<p>An object that enables you to specify a particular customer or agent sentiment. If at least 50 percent of the conversation turns (the back-and-forth between two speakers) in a specified time period match the specified sentiment, Amazon Transcribe will consider the sentiment a match.</p>"
@@ -2389,7 +2416,7 @@
         },
         "ChannelIdentification":{
           "shape":"Boolean",
-          "documentation":"<p>Instructs Amazon Transcribe to process each audio channel separately and then merge the transcription output of each channel into a single transcription. </p> <p>Amazon Transcribe also produces a transcription of each item detected on an audio channel, including the start time and end time of the item and alternative transcriptions of the item including the confidence that Amazon Transcribe has in the transcription.</p> <p>You can't set both <code>ShowSpeakerLabels</code> and <code>ChannelIdentification</code> in the same request. If you set both, your request returns a <code>BadRequestException</code>.</p>"
+          "documentation":"<p>Instructs Amazon Transcribe to process each audio channel separately and then merge the transcription output of each channel into a single transcription.</p> <p>Amazon Transcribe also produces a transcription of each item detected on an audio channel, including the start time and end time of the item and alternative transcriptions of the item including the confidence that Amazon Transcribe has in the transcription.</p> <p>You can't set both <code>ShowSpeakerLabels</code> and <code>ChannelIdentification</code> in the same request. If you set both, your request returns a <code>BadRequestException</code>.</p>"
         },
         "ShowAlternatives":{
           "shape":"Boolean",
@@ -2429,11 +2456,11 @@
         "Media":{"shape":"Media"},
         "OutputLocation":{
           "shape":"Uri",
-          "documentation":"<p>The Amazon S3 location where the output of the call analytics job is stored. You can provide the following location types to store the output of call analytics job:</p> <ul> <li> <p>s3://DOC-EXAMPLE-BUCKET1</p> <p> If you specify a bucket, Amazon Transcribe saves the output of the analytics job as a JSON file at the root level of the bucket.</p> </li> <li> <p>s3://DOC-EXAMPLE-BUCKET1/folder/</p> <p>f you specify a path, Amazon Transcribe saves the output of the analytics job as s3://DOC-EXAMPLE-BUCKET1/folder/your-transcription-job-name.json</p> <p>If you specify a folder, you must provide a trailing slash.</p> </li> <li> <p>s3://DOC-EXAMPLE-BUCKET1/folder/filename.json</p> <p> If you provide a path that has the filename specified, Amazon Transcribe saves the output of the analytics job as s3://DOC-EXAMPLEBUCKET1/folder/filename.json</p> </li> </ul> <p>You can specify an Amazon Web Services Key Management Service (KMS) key to encrypt the output of our analytics job using the <code>OutputEncryptionKMSKeyId</code> parameter. If you don't specify a KMS key, Amazon Transcribe uses the default Amazon S3 key for server-side encryption of the analytics job output that is placed in your S3 bucket.</p>"
+          "documentation":"<p>The Amazon S3 location where the output of the call analytics job is stored. You can provide the following location types to store the output of call analytics job:</p> <ul> <li> <p>s3://DOC-EXAMPLE-BUCKET1</p> <p> If you specify a bucket, Amazon Transcribe saves the output of the analytics job as a JSON file at the root level of the bucket.</p> </li> <li> <p>s3://DOC-EXAMPLE-BUCKET1/folder/</p> <p>f you specify a path, Amazon Transcribe saves the output of the analytics job as s3://DOC-EXAMPLE-BUCKET1/folder/your-transcription-job-name.json.</p> <p>If you specify a folder, you must provide a trailing slash.</p> </li> <li> <p>s3://DOC-EXAMPLE-BUCKET1/folder/filename.json.</p> <p> If you provide a path that has the filename specified, Amazon Transcribe saves the output of the analytics job as s3://DOC-EXAMPLEBUCKET1/folder/filename.json.</p> </li> </ul> <p>You can specify an Amazon Web Services Key Management Service (KMS) key to encrypt the output of our analytics job using the <code>OutputEncryptionKMSKeyId</code> parameter. If you don't specify a KMS key, Amazon Transcribe uses the default Amazon S3 key for server-side encryption of the analytics job output that is placed in your S3 bucket.</p>"
         },
         "OutputEncryptionKMSKeyId":{
           "shape":"KMSKeyId",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Web Services Key Management Service key used to encrypt the output of the call analytics job. The user calling the operation must have permission to use the specified KMS key.</p> <p>You use either of the following to identify an Amazon Web Services KMS key in the current account:</p> <ul> <li> <p>KMS Key ID: \"1234abcd-12ab-34cd-56ef-1234567890ab\"</p> </li> <li> <p>KMS Key Alias: \"alias/ExampleAlias\"</p> </li> </ul> <p> You can use either of the following to identify a KMS key in the current account or another account:</p> <ul> <li> <p>Amazon Resource Name (ARN) of a KMS key in the current account or another account: \"arn:aws:kms:region:account ID:key/1234abcd-12ab-34cd-56ef1234567890ab\"</p> </li> <li> <p>ARN of a KMS Key Alias: \"arn:aws:kms:region:account ID:alias/ExampleAlias\"</p> </li> </ul> <p>If you don't specify an encryption key, the output of the call analytics job is encrypted with the default Amazon S3 key (SSE-S3).</p> <p>If you specify a KMS key to encrypt your output, you must also specify an output location in the <code>OutputLocation</code> parameter. </p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the Amazon Web Services Key Management Service key used to encrypt the output of the call analytics job. The user calling the operation must have permission to use the specified KMS key.</p> <p>You use either of the following to identify an Amazon Web Services KMS key in the current account:</p> <ul> <li> <p>KMS Key ID: \"1234abcd-12ab-34cd-56ef-1234567890ab\"</p> </li> <li> <p>KMS Key Alias: \"alias/ExampleAlias\"</p> </li> </ul> <p> You can use either of the following to identify a KMS key in the current account or another account:</p> <ul> <li> <p>Amazon Resource Name (ARN) of a KMS key in the current account or another account: \"arn:aws:kms:region:account ID:key/1234abcd-12ab-34cd-56ef1234567890ab\"</p> </li> <li> <p>ARN of a KMS Key Alias: \"arn:aws:kms:region:accountID:alias/ExampleAlias\"</p> </li> </ul> <p>If you don't specify an encryption key, the output of the call analytics job is encrypted with the default Amazon S3 key (SSE-S3).</p> <p>If you specify a KMS key to encrypt your output, you must also specify an output location in the <code>OutputLocation</code> parameter. </p>"
         },
         "DataAccessRoleArn":{
           "shape":"DataAccessRoleArn",
@@ -2441,7 +2468,7 @@
         },
         "Settings":{
           "shape":"CallAnalyticsJobSettings",
-          "documentation":"<p>A <code>Settings</code> object that provides optional settings for a call analytics job. </p>"
+          "documentation":"<p>A <code>Settings</code> object that provides optional settings for a call analytics job.</p>"
         },
         "ChannelDefinitions":{
           "shape":"ChannelDefinitions",
@@ -2659,7 +2686,7 @@
       "members":{
         "Formats":{
           "shape":"SubtitleFormats",
-          "documentation":"<p>Specify the output format for your subtitle file; if you select both SRT and VTT formats, two output files are genereated.</p>"
+          "documentation":"<p>Specify the output format for your subtitle file; if you select both SRT and VTT formats, two output files are generated.</p>"
         },
         "SubtitleFileUris":{
           "shape":"SubtitleFileUris",
@@ -2810,7 +2837,7 @@
         },
         "MediaSampleRateHertz":{
           "shape":"MediaSampleRateHertz",
-          "documentation":"<p>The sample rate, in Hertz, of the audio track in the input media file. </p>"
+          "documentation":"<p>The sample rate, in Hertz (Hz), of the audio track in the input media file.</p>"
         },
         "MediaFormat":{
           "shape":"MediaFormat",
@@ -2878,7 +2905,7 @@
         },
         "LanguageIdSettings":{
           "shape":"LanguageIdSettingsMap",
-          "documentation":"<p>Language-specific settings that can be specified when language identification is enabled for your transcription job. These settings include <code>VocabularyName</code>, <code>VocabularyFilterName</code>, and <code>LanguageModelName</code>LanguageModelName.</p>"
+          "documentation":"<p>Language-specific settings that can be specified when language identification is enabled for your transcription job. These settings include <code>VocabularyName</code>, <code>VocabularyFilterName</code>, and <code>LanguageModelName</code>.</p>"
         }
       },
       "documentation":"<p>Describes an asynchronous transcription job that was created with the <code>StartTranscriptionJob</code> operation. </p>"
@@ -2995,7 +3022,7 @@
         },
         "Rules":{
           "shape":"RuleList",
-          "documentation":"<p>The rules used for the updated analytics category. The rules that you provide in this field replace the ones that are currently being used. </p>"
+          "documentation":"<p>The rules used for the updated analytics category. The rules that you provide in this field replace the ones that are currently being used.</p>"
         }
       }
     },
@@ -3004,7 +3031,7 @@
       "members":{
         "CategoryProperties":{
           "shape":"CategoryProperties",
-          "documentation":"<p>The attributes describing the analytics category. You can see information such as the rules that you've used to update the category and when the category was originally created. </p>"
+          "documentation":"<p>The attributes describing the analytics category. You can see information such as the rules that you've used to update the category and when the category was originally created.</p>"
         }
       }
     },
@@ -3021,11 +3048,11 @@
         },
         "LanguageCode":{
           "shape":"LanguageCode",
-          "documentation":"<p>The language code of the language used for the entries in the updated vocabulary. US English (en-US) is the only valid language code in Amazon Transcribe Medical.</p>"
+          "documentation":"<p>The language code of the language used for the entries in the updated vocabulary. U.S. English (en-US) is the only valid language code in Amazon Transcribe Medical.</p>"
         },
         "VocabularyFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The location in Amazon S3 of the text file that contains your custom vocabulary. The URI must be in the same Amazon Web Services Region as the resource that you are calling. The following is the format for a URI:</p> <p> <code> https://s3.&lt;aws-region&gt;.amazonaws.com/&lt;bucket-name&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt; </code> </p> <p>For example:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about Amazon S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies in Amazon Transcribe Medical, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-it-works.html#how-vocabulary\">Medical Custom Vocabularies</a>.</p>"
+          "documentation":"<p>The location in Amazon S3 of the text file that contains your custom vocabulary. The URI must be in the same Amazon Web Services Region as the resource that you are calling. The following is the format for a URI:</p> <p> <code> https://s3.&lt;aws-region&gt;.amazonaws.com/&lt;bucket-name&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt; </code> </p> <p>For example:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about Amazon S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies in Amazon Transcribe Medical, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/vocabulary-med.html\">Medical Custom Vocabularies</a>.</p>"
         }
       }
     },
@@ -3060,11 +3087,11 @@
         },
         "Words":{
           "shape":"Words",
-          "documentation":"<p>The words to use in the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-vocabulary.html#charsets\">Character Sets for Custom Vocabularies</a>.</p> <p>If you provide a list of words in the <code>Words</code> parameter, you can't use the <code>VocabularyFilterFileUri</code> parameter.</p>"
+          "documentation":"<p>The words to use in the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/charsets.html\">Character Sets for Custom Vocabularies</a>.</p> <p>If you provide a list of words in the <code>Words</code> parameter, you can't use the <code>VocabularyFilterFileUri</code> parameter.</p>"
         },
         "VocabularyFilterFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The Amazon S3 location of a text file used as input to create the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-vocabulary.html#charsets\">Character Sets for Custom Vocabularies</a>.</p> <p>The specified file must be less than 50 KB of UTF-8 characters.</p> <p>If you provide the location of a list of words in the <code>VocabularyFilterFileUri</code> parameter, you can't use the <code>Words</code> parameter.</p>"
+          "documentation":"<p>The Amazon S3 location of a text file used as input to create the vocabulary filter. Only use characters from the character set defined for custom vocabularies. For a list of character sets, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/charsets.html\">Character Sets for Custom Vocabularies</a>.</p> <p>The specified file must be less than 50 KB of UTF-8 characters.</p> <p>If you provide the location of a list of words in the <code>VocabularyFilterFileUri</code> parameter, you can't use the <code>Words</code> parameter.</p>"
         }
       }
     },
@@ -3098,7 +3125,7 @@
         },
         "LanguageCode":{
           "shape":"LanguageCode",
-          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a>transcribe-whatis</a>.</p>"
+          "documentation":"<p>The language code of the vocabulary entries. For a list of languages and their corresponding language codes, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/supported-languages.html\">Supported languages</a>.</p>"
         },
         "Phrases":{
           "shape":"Phrases",
@@ -3106,7 +3133,7 @@
         },
         "VocabularyFileUri":{
           "shape":"Uri",
-          "documentation":"<p>The S3 location of the text file that contains the definition of the custom vocabulary. The URI must be in the same region as the API endpoint that you are calling. The general form is </p> <p>For example:</p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/how-it-works.html#how-vocabulary\">Custom Vocabularies</a>.</p>"
+          "documentation":"<p>The S3 location of the text file that contains the definition of the custom vocabulary. The URI must be in the same region as the API endpoint that you are calling. The general form is:</p> <p> <code>https://s3.&lt;aws-region&gt;.amazonaws.com/&lt;AWSDOC-EXAMPLE-BUCKET&gt;/&lt;keyprefix&gt;/&lt;objectkey&gt;</code> </p> <p>For example:</p> <p> <code>https://s3.us-east-1.amazonaws.com/AWSDOC-EXAMPLE-BUCKET/vocab.txt</code> </p> <p>For more information about S3 object names, see <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-keys\">Object Keys</a> in the <i>Amazon S3 Developer Guide</i>.</p> <p>For more information about custom vocabularies, see <a href=\"https://docs.aws.amazon.com/transcribe/latest/dg/custom-vocabulary.html\">Custom Vocabularies</a>.</p>"
         }
       }
     },
@@ -3197,7 +3224,7 @@
           "documentation":"<p>The processing state of the vocabulary. If the state is <code>READY</code> you can use the vocabulary in a <code>StartTranscriptionJob</code> request.</p>"
         }
       },
-      "documentation":"<p>Provides information about a custom vocabulary. </p>"
+      "documentation":"<p>Provides information about a custom vocabulary.</p>"
     },
     "VocabularyName":{
       "type":"string",
diff --git a/contrib/python/botocore/py3/botocore/data/transfer/2018-11-05/service-2.json b/contrib/python/botocore/py3/botocore/data/transfer/2018-11-05/service-2.json
index bd19807fb54..de90c254b03 100644
--- a/contrib/python/botocore/py3/botocore/data/transfer/2018-11-05/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/transfer/2018-11-05/service-2.json
@@ -683,7 +683,7 @@
         },
         "IdentityProviderType":{
           "shape":"IdentityProviderType",
-          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p>"
+          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>AWS_LAMBDA</code> value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the <code>Function</code> parameter for the <code>IdentityProviderDetails</code> data type.</p>"
         },
         "LoggingRole":{
           "shape":"Role",
@@ -693,6 +693,10 @@
           "shape":"Protocols",
           "documentation":"<p>Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:</p> <ul> <li> <p> <code>SFTP</code> (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH</p> </li> <li> <p> <code>FTPS</code> (File Transfer Protocol Secure): File transfer with TLS encryption</p> </li> <li> <p> <code>FTP</code> (File Transfer Protocol): Unencrypted file transfer</p> </li> </ul> <note> <p>If you select <code>FTPS</code>, you must choose a certificate stored in Amazon Web Services Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.</p> <p>If <code>Protocol</code> includes either <code>FTP</code> or <code>FTPS</code>, then the <code>EndpointType</code> must be <code>VPC</code> and the <code>IdentityProviderType</code> must be <code>AWS_DIRECTORY_SERVICE</code> or <code>API_GATEWAY</code>.</p> <p>If <code>Protocol</code> includes <code>FTP</code>, then <code>AddressAllocationIds</code> cannot be associated.</p> <p>If <code>Protocol</code> is set only to <code>SFTP</code>, the <code>EndpointType</code> can be set to <code>PUBLIC</code> and the <code>IdentityProviderType</code> can be set to <code>SERVICE_MANAGED</code>.</p> </note>"
         },
+        "ProtocolDetails":{
+          "shape":"ProtocolDetails",
+          "documentation":"<p>The protocol settings that are configured for your server.</p> <p> Use the <code>PassiveIp</code> parameter to indicate passive mode (for FTP and FTPS protocols). Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. </p> <p>Use the <code>TlsSessionResumptionMode</code> parameter to determine whether or not your Transfer server resumes recent, negotiated sessions through a unique session ID.</p>"
+        },
         "SecurityPolicyName":{
           "shape":"SecurityPolicyName",
           "documentation":"<p>Specifies the name of the security policy that is attached to the server.</p>"
@@ -755,7 +759,7 @@
         },
         "SshPublicKeyBody":{
           "shape":"SshPublicKeyBody",
-          "documentation":"<p>The public portion of the Secure Shell (SSH) key used to authenticate the user to the server.</p>"
+          "documentation":"<p>The public portion of the Secure Shell (SSH) key used to authenticate the user to the server.</p> <note> <p> Currently, Transfer Family does not accept elliptical curve keys (keys beginning with <code>ecdsa</code>). </p> </note>"
         },
         "Tags":{
           "shape":"Tags",
@@ -1235,7 +1239,7 @@
         },
         "IdentityProviderType":{
           "shape":"IdentityProviderType",
-          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p>"
+          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>AWS_LAMBDA</code> value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the <code>Function</code> parameter for the <code>IdentityProviderDetails</code> data type.</p>"
         },
         "LoggingRole":{
           "shape":"Role",
@@ -1519,6 +1523,12 @@
       "documentation":"<p>Specifies the Amazon S3 or EFS file details to be used in the step.</p>"
     },
     "Fips":{"type":"boolean"},
+    "Function":{
+      "type":"string",
+      "max":170,
+      "min":1,
+      "pattern":"^arn:[a-z-]+:lambda:.*$"
+    },
     "HomeDirectory":{
       "type":"string",
       "max":1024,
@@ -1574,7 +1584,11 @@
         },
         "DirectoryId":{
           "shape":"DirectoryId",
-          "documentation":"<p>The identifier of the Amazon Web ServicesDirectory Service directory that you want to stop sharing.</p>"
+          "documentation":"<p>The identifier of the Amazon Web Services Directory Service directory that you want to stop sharing.</p>"
+        },
+        "Function":{
+          "shape":"Function",
+          "documentation":"<p>The ARN for a lambda function to use for the Identity provider.</p>"
         }
       },
       "documentation":"<p>Returns information related to the type of user authentication that is in use for a file transfer protocol-enabled server's users. A server can have only one method of authentication.</p>"
@@ -1585,7 +1599,8 @@
       "enum":[
         "SERVICE_MANAGED",
         "API_GATEWAY",
-        "AWS_DIRECTORY_SERVICE"
+        "AWS_DIRECTORY_SERVICE",
+        "AWS_LAMBDA"
       ]
     },
     "ImportSshPublicKeyRequest":{
@@ -1974,7 +1989,7 @@
         },
         "IdentityProviderType":{
           "shape":"IdentityProviderType",
-          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p>"
+          "documentation":"<p>Specifies the mode of authentication for a server. The default value is <code>SERVICE_MANAGED</code>, which allows you to store and access user credentials within the Amazon Web Services Transfer Family service.</p> <p>Use <code>AWS_DIRECTORY_SERVICE</code> to provide access to Active Directory groups in Amazon Web Services Managed Active Directory or Microsoft Active Directory in your on-premises environment or in Amazon Web Services using AD Connectors. This option also requires you to provide a Directory ID using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>API_GATEWAY</code> value to integrate with an identity provider of your choosing. The <code>API_GATEWAY</code> setting requires you to provide an API Gateway endpoint URL to call for authentication using the <code>IdentityProviderDetails</code> parameter.</p> <p>Use the <code>AWS_LAMBDA</code> value to directly use a Lambda function as your identity provider. If you choose this value, you must specify the ARN for the lambda function in the <code>Function</code> parameter for the <code>IdentityProviderDetails</code> data type.</p>"
         },
         "EndpointType":{
           "shape":"EndpointType",
@@ -2167,9 +2182,13 @@
         "PassiveIp":{
           "shape":"PassiveIp",
           "documentation":"<p> Indicates passive mode, for FTP and FTPS protocols. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. For example: </p> <p> <code> aws transfer update-server --protocol-details PassiveIp=<i>0.0.0.0</i> </code> </p> <p>Replace <code> <i>0.0.0.0</i> </code> in the example above with the actual IP address you want to use.</p> <note> <p> If you change the <code>PassiveIp</code> value, you must stop and then restart your Transfer server for the change to take effect. For details on using Passive IP (PASV) in a NAT environment, see <a href=\"http://aws.amazon.com/blogs/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/\">Configuring your FTPS server behind a firewall or NAT with Amazon Web Services Transfer Family</a>. </p> </note>"
+        },
+        "TlsSessionResumptionMode":{
+          "shape":"TlsSessionResumptionMode",
+          "documentation":"<p>A property used with Transfer servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. <code>TlsSessionResumptionMode</code> determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during <code>CreateServer</code> and <code>UpdateServer</code> calls. If a <code>TlsSessionResumptionMode</code> value is not specified during CreateServer, it is set to <code>ENFORCED</code> by default.</p> <ul> <li> <p> <code>DISABLED</code>: the server does not process TLS session resumption client requests and creates a new TLS session for each request. </p> </li> <li> <p> <code>ENABLED</code>: the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.</p> </li> <li> <p> <code>ENFORCED</code>: the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to <code>ENFORCED</code>, test your clients.</p> <note> <p>Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the <code>ENFORCED</code> value, you need to test your clients.</p> </note> </li> </ul>"
         }
       },
-      "documentation":"<p> The protocol settings that are configured for your server. </p> <note> <p> This type is only valid in the <code>UpdateServer</code> API. </p> </note>"
+      "documentation":"<p> The protocol settings that are configured for your server. </p>"
     },
     "Protocols":{
       "type":"list",
@@ -2628,6 +2647,14 @@
       "documentation":"<p>The request was denied due to request throttling.</p> <p> HTTP Status Code: 400</p>",
       "exception":true
     },
+    "TlsSessionResumptionMode":{
+      "type":"string",
+      "enum":[
+        "DISABLED",
+        "ENABLED",
+        "ENFORCED"
+      ]
+    },
     "UntagResourceRequest":{
       "type":"structure",
       "required":[
@@ -2710,7 +2737,7 @@
         },
         "ProtocolDetails":{
           "shape":"ProtocolDetails",
-          "documentation":"<p> The protocol settings that are configured for your server. </p> <p> Use the <code>PassiveIp</code> parameter to indicate passive mode (for FTP and FTPS protocols). Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. </p>"
+          "documentation":"<p> The protocol settings that are configured for your server. </p> <p> Use the <code>PassiveIp</code> parameter to indicate passive mode (for FTP and FTPS protocols). Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer. </p> <p>Use the <code>TlsSessionResumptionMode</code> parameter to determine whether or not your Transfer server resumes recent, negotiated sessions through a unique session ID.</p>"
         },
         "EndpointDetails":{
           "shape":"EndpointDetails",
diff --git a/contrib/python/botocore/py3/botocore/data/translate/2017-07-01/service-2.json b/contrib/python/botocore/py3/botocore/data/translate/2017-07-01/service-2.json
index a65f8a90c2b..f4ed2144dfa 100644
--- a/contrib/python/botocore/py3/botocore/data/translate/2017-07-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/translate/2017-07-01/service-2.json
@@ -407,6 +407,13 @@
       "documentation":"<p>The confidence that Amazon Comprehend accurately detected the source language is low. If a low confidence level is acceptable for your application, you can use the language in the exception to call Amazon Translate again. For more information, see the <a href=\"https://docs.aws.amazon.com/comprehend/latest/dg/API_DetectDominantLanguage.html\">DetectDominantLanguage</a> operation in the <i>Amazon Comprehend Developer Guide</i>. </p>",
       "exception":true
     },
+    "Directionality":{
+      "type":"string",
+      "enum":[
+        "UNI",
+        "MULTI"
+      ]
+    },
     "EncryptionKey":{
       "type":"structure",
       "required":[
@@ -416,11 +423,11 @@
       "members":{
         "Type":{
           "shape":"EncryptionKeyType",
-          "documentation":"<p>The type of encryption key used by Amazon Translate to encrypt custom terminologies.</p>"
+          "documentation":"<p>The type of encryption key used by Amazon Translate to encrypt this object.</p>"
         },
         "Id":{
           "shape":"EncryptionKeyID",
-          "documentation":"<p>The Amazon Resource Name (ARN) of the encryption key being used to encrypt the custom terminology.</p>"
+          "documentation":"<p>The Amazon Resource Name (ARN) of the encryption key being used to encrypt this object.</p>"
         }
       },
       "documentation":"<p>The encryption key used to encrypt this object.</p>"
@@ -454,7 +461,7 @@
         },
         "DataLocation":{
           "shape":"ParallelDataDataLocation",
-          "documentation":"<p>The Amazon S3 location of the most recent parallel data input file that was successfully imported into Amazon Translate. The location is returned as a presigned URL that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan parallel data input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download a parallel data input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
+          "documentation":"<p>The Amazon S3 location of the most recent parallel data input file that was successfully imported into Amazon Translate. The location is returned as a presigned URL that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan all input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download an input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
         },
         "AuxiliaryDataLocation":{
           "shape":"ParallelDataDataLocation",
@@ -468,10 +475,7 @@
     },
     "GetTerminologyRequest":{
       "type":"structure",
-      "required":[
-        "Name",
-        "TerminologyDataFormat"
-      ],
+      "required":["Name"],
       "members":{
         "Name":{
           "shape":"ResourceName",
@@ -479,7 +483,7 @@
         },
         "TerminologyDataFormat":{
           "shape":"TerminologyDataFormat",
-          "documentation":"<p>The data format of the custom terminology being retrieved, either CSV or TMX.</p>"
+          "documentation":"<p>The data format of the custom terminology being retrieved.</p> <p>If you don't specify this parameter, Amazon Translate returns a file that has the same format as the file that was imported to create the terminology. </p> <p>If you specify this parameter when you retrieve a multi-directional terminology resource, you must specify the same format as that of the input file that was imported to create it. Otherwise, Amazon Translate throws an error.</p>"
         }
       }
     },
@@ -492,7 +496,11 @@
         },
         "TerminologyDataLocation":{
           "shape":"TerminologyDataLocation",
-          "documentation":"<p>The data location of the custom terminology being retrieved. The custom terminology file is returned in a presigned url that has a 30 minute expiration.</p>"
+          "documentation":"<p>The Amazon S3 location of the most recent custom terminology input file that was successfully imported into Amazon Translate. The location is returned as a presigned URL that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan all input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download an input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
+        },
+        "AuxiliaryDataLocation":{
+          "shape":"TerminologyDataLocation",
+          "documentation":"<p>The Amazon S3 location of a file that provides any errors or warnings that were produced by your input file. This file was created when Amazon Translate attempted to create a terminology resource. The location is returned as a presigned URL to that has a 30 minute expiration.</p>"
         }
       }
     },
@@ -538,6 +546,10 @@
         "TerminologyProperties":{
           "shape":"TerminologyProperties",
           "documentation":"<p>The properties of the custom terminology being imported.</p>"
+        },
+        "AuxiliaryDataLocation":{
+          "shape":"TerminologyDataLocation",
+          "documentation":"<p>The Amazon S3 location of a file that provides any errors or warnings that were produced by your input file. This file was created when Amazon Translate attempted to create a terminology resource. The location is returned as a presigned URL to that has a 30 minute expiration.</p>"
         }
       }
     },
@@ -797,7 +809,7 @@
         },
         "Location":{
           "shape":"String",
-          "documentation":"<p>The Amazon S3 location of the parallel data input file. The location is returned as a presigned URL to that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan parallel data input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download a parallel data input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
+          "documentation":"<p>The Amazon S3 location of the parallel data input file. The location is returned as a presigned URL to that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan all input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download an input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
         }
       },
       "documentation":"<p>The location of the most recent parallel data input file that was successfully imported into Amazon Translate.</p>"
@@ -895,6 +907,10 @@
         "FAILED"
       ]
     },
+    "Profanity":{
+      "type":"string",
+      "enum":["MASK"]
+    },
     "ResourceName":{
       "type":"string",
       "max":256,
@@ -974,6 +990,10 @@
           "shape":"ClientTokenString",
           "documentation":"<p>A unique identifier for the request. This token is auto-generated when using the Amazon Translate SDK.</p>",
           "idempotencyToken":true
+        },
+        "Settings":{
+          "shape":"TranslationSettings",
+          "documentation":"<p>Settings to configure your translation output, including the option to mask profane words and phrases.</p>"
         }
       }
     },
@@ -1060,7 +1080,11 @@
         },
         "Format":{
           "shape":"TerminologyDataFormat",
-          "documentation":"<p>The data format of the custom terminology. Either CSV or TMX.</p>"
+          "documentation":"<p>The data format of the custom terminology.</p>"
+        },
+        "Directionality":{
+          "shape":"Directionality",
+          "documentation":"<p>The directionality of your terminology resource indicates whether it has one source language (uni-directional) or multiple (multi-directional).</p> <dl> <dt>UNI</dt> <dd> <p>The terminology resource has one source language (for example, the first column in a CSV file), and all of its other languages are target languages. </p> </dd> <dt>MULTI</dt> <dd> <p>Any language in the terminology resource can be the source language or a target language. A single multi-directional terminology resource can be used for jobs that translate different language pairs. For example, if the terminology contains terms in English and Spanish, then it can be used for jobs that translate English to Spanish and jobs that translate Spanish to English.</p> </dd> </dl> <p>When you create a custom terminology resource without specifying the directionality, it behaves as uni-directional terminology, although this parameter will have a null value.</p>"
         }
       },
       "documentation":"<p>The data associated with the custom terminology.</p>"
@@ -1069,7 +1093,8 @@
       "type":"string",
       "enum":[
         "CSV",
-        "TMX"
+        "TMX",
+        "TSV"
       ]
     },
     "TerminologyDataLocation":{
@@ -1085,7 +1110,7 @@
         },
         "Location":{
           "shape":"String",
-          "documentation":"<p>The location of the custom terminology data.</p>"
+          "documentation":"<p>The Amazon S3 location of the most recent custom terminology input file that was successfully imported into Amazon Translate. The location is returned as a presigned URL that has a 30 minute expiration.</p> <important> <p>Amazon Translate doesn't scan all input files for the risk of CSV injection attacks. </p> <p>CSV injection occurs when a .csv or .tsv file is altered so that a record contains malicious code. The record begins with a special character, such as =, +, -, or @. When the file is opened in a spreadsheet program, the program might interpret the record as a formula and run the code within it.</p> <p>Before you download an input file from Amazon S3, ensure that you recognize the file and trust its creator.</p> </important>"
         }
       },
       "documentation":"<p>The location of the custom terminology data.</p>"
@@ -1116,7 +1141,7 @@
         },
         "TargetLanguageCodes":{
           "shape":"LanguageCodeStringList",
-          "documentation":"<p>The language codes for the target languages available with the custom terminology file. All possible target languages are returned in array.</p>"
+          "documentation":"<p>The language codes for the target languages available with the custom terminology resource. All possible target languages are returned in array.</p>"
         },
         "EncryptionKey":{
           "shape":"EncryptionKey",
@@ -1137,6 +1162,22 @@
         "LastUpdatedAt":{
           "shape":"Timestamp",
           "documentation":"<p>The time at which the custom terminology was last update, based on the timestamp.</p>"
+        },
+        "Directionality":{
+          "shape":"Directionality",
+          "documentation":"<p>The directionality of your terminology resource indicates whether it has one source language (uni-directional) or multiple (multi-directional). </p> <dl> <dt>UNI</dt> <dd> <p>The terminology resource has one source language (the first column in a CSV file), and all of its other languages are target languages.</p> </dd> <dt>MULTI</dt> <dd> <p>Any language in the terminology resource can be the source language.</p> </dd> </dl>"
+        },
+        "Message":{
+          "shape":"UnboundedLengthString",
+          "documentation":"<p>Additional information from Amazon Translate about the terminology resource.</p>"
+        },
+        "SkippedTermCount":{
+          "shape":"Integer",
+          "documentation":"<p>The number of terms in the input file that Amazon Translate skipped when you created or updated the terminology resource.</p>"
+        },
+        "Format":{
+          "shape":"TerminologyDataFormat",
+          "documentation":"<p>The format of the custom terminology input file.</p>"
         }
       },
       "documentation":"<p>The properties of the custom terminology.</p>"
@@ -1233,6 +1274,10 @@
         "DataAccessRoleArn":{
           "shape":"IamRoleArn",
           "documentation":"<p>The Amazon Resource Name (ARN) of an AWS Identity Access and Management (IAM) role that granted Amazon Translate read access to the job's input data.</p>"
+        },
+        "Settings":{
+          "shape":"TranslationSettings",
+          "documentation":"<p>Settings that configure the translation output.</p>"
         }
       },
       "documentation":"<p>Provides information about a translation job.</p>"
@@ -1273,6 +1318,10 @@
         "TargetLanguageCode":{
           "shape":"LanguageCodeString",
           "documentation":"<p>The language code requested for the language of the target text. The language must be a language supported by Amazon Translate.</p>"
+        },
+        "Settings":{
+          "shape":"TranslationSettings",
+          "documentation":"<p>Settings to configure your translation output, including the option to mask profane words and phrases.</p>"
         }
       }
     },
@@ -1299,9 +1348,23 @@
         "AppliedTerminologies":{
           "shape":"AppliedTerminologyList",
           "documentation":"<p>The names of the custom terminologies applied to the input text by Amazon Translate for the translated text response.</p>"
+        },
+        "AppliedSettings":{
+          "shape":"TranslationSettings",
+          "documentation":"<p>Settings that configure the translation output.</p>"
         }
       }
     },
+    "TranslationSettings":{
+      "type":"structure",
+      "members":{
+        "Profanity":{
+          "shape":"Profanity",
+          "documentation":"<p>Enable the profanity setting if you want Amazon Translate to mask profane words and phrases in your translation output.</p> <p>To mask profane words and phrases, Amazon Translate replaces them with the grawlix string “?$#@$“. This 5-character sequence is used for each profane word or phrase, regardless of the length or number of words.</p> <p>Amazon Translate does not detect profanity in all of its supported languages. For languages that support profanity detection, see <a href=\"https://docs.aws.amazon.com/translate/latest/dg/what-is.html#what-is-languages\">Supported Languages and Language Codes in the Amazon Translate Developer Guide</a>.</p>"
+        }
+      },
+      "documentation":"<p>Settings that configure the translation output.</p>"
+    },
     "UnboundedLengthString":{"type":"string"},
     "UnsupportedLanguagePairException":{
       "type":"structure",
diff --git a/contrib/python/botocore/py3/botocore/data/wafv2/2019-07-29/service-2.json b/contrib/python/botocore/py3/botocore/data/wafv2/2019-07-29/service-2.json
index 3db5d2d6cf0..8e8841140a7 100644
--- a/contrib/python/botocore/py3/botocore/data/wafv2/2019-07-29/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/wafv2/2019-07-29/service-2.json
@@ -300,6 +300,22 @@
       ],
       "documentation":"<p>Disassociates a web ACL from a regional application resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API. </p> <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call <code>UpdateDistribution</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a>.</p>"
     },
+    "GenerateMobileSdkReleaseUrl":{
+      "name":"GenerateMobileSdkReleaseUrl",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GenerateMobileSdkReleaseUrlRequest"},
+      "output":{"shape":"GenerateMobileSdkReleaseUrlResponse"},
+      "errors":[
+        {"shape":"WAFInternalErrorException"},
+        {"shape":"WAFNonexistentItemException"},
+        {"shape":"WAFInvalidParameterException"},
+        {"shape":"WAFInvalidOperationException"}
+      ],
+      "documentation":"<p>Generates a presigned download URL for the specified release of the mobile SDK.</p> <p>The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. </p>"
+    },
     "GetIPSet":{
       "name":"GetIPSet",
       "http":{
@@ -348,6 +364,22 @@
       ],
       "documentation":"<p>Retrieves the specified managed rule set. </p> <note> <p>This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers. </p> <p>Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are <code>ListManagedRuleSets</code>, <code>GetManagedRuleSet</code>, <code>PutManagedRuleSetVersions</code>, and <code>UpdateManagedRuleSetVersionExpiryDate</code>.</p> </note>"
     },
+    "GetMobileSdkRelease":{
+      "name":"GetMobileSdkRelease",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetMobileSdkReleaseRequest"},
+      "output":{"shape":"GetMobileSdkReleaseResponse"},
+      "errors":[
+        {"shape":"WAFInternalErrorException"},
+        {"shape":"WAFNonexistentItemException"},
+        {"shape":"WAFInvalidParameterException"},
+        {"shape":"WAFInvalidOperationException"}
+      ],
+      "documentation":"<p>Retrieves information for the specified mobile SDK release, including release notes and tags.</p> <p>The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. </p>"
+    },
     "GetPermissionPolicy":{
       "name":"GetPermissionPolicy",
       "http":{
@@ -534,6 +566,21 @@
       ],
       "documentation":"<p>Retrieves the managed rule sets that you own. </p> <note> <p>This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers. </p> <p>Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are <code>ListManagedRuleSets</code>, <code>GetManagedRuleSet</code>, <code>PutManagedRuleSetVersions</code>, and <code>UpdateManagedRuleSetVersionExpiryDate</code>.</p> </note>"
     },
+    "ListMobileSdkReleases":{
+      "name":"ListMobileSdkReleases",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ListMobileSdkReleasesRequest"},
+      "output":{"shape":"ListMobileSdkReleasesResponse"},
+      "errors":[
+        {"shape":"WAFInternalErrorException"},
+        {"shape":"WAFInvalidParameterException"},
+        {"shape":"WAFInvalidOperationException"}
+      ],
+      "documentation":"<p>Retrieves a list of the available releases for the mobile SDK and the specified device platform. </p> <p>The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. </p>"
+    },
     "ListRegexPatternSets":{
       "name":"ListRegexPatternSets",
       "http":{
@@ -628,9 +675,10 @@
         {"shape":"WAFServiceLinkedRoleErrorException"},
         {"shape":"WAFInvalidParameterException"},
         {"shape":"WAFInvalidOperationException"},
-        {"shape":"WAFLimitsExceededException"}
+        {"shape":"WAFLimitsExceededException"},
+        {"shape":"WAFLogDestinationPermissionIssueException"}
       ],
-      "documentation":"<p>Enables the specified <a>LoggingConfiguration</a>, to start logging from a web ACL, according to the configuration provided.</p> <p>You can access information about all traffic that WAF inspects using the following steps:</p> <ol> <li> <p>Create an Amazon Kinesis Data Firehose. </p> <p>Create the data firehose with a PUT source and in the Region that you are operating. If you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia). </p> <p>Give the data firehose a name that starts with the prefix <code>aws-waf-logs-</code>. For example, <code>aws-waf-logs-us-east-2-analytics</code>.</p> <note> <p>Do not create the data firehose using a <code>Kinesis stream</code> as your source.</p> </note> </li> <li> <p>Associate that firehose to your web ACL using a <code>PutLoggingConfiguration</code> request.</p> </li> </ol> <p>When you successfully enable logging using a <code>PutLoggingConfiguration</code> request, WAF will create a service linked role with the necessary permissions to write logs to the Amazon Kinesis Data Firehose. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/logging.html\">Logging Web ACL Traffic Information</a> in the <i>WAF Developer Guide</i>.</p> <note> <p>This operation completely replaces the mutable specifications that you already have for the logging configuration with the ones that you provide to this call. To modify the logging configuration, retrieve it by calling <a>GetLoggingConfiguration</a>, update the settings as needed, and then provide the complete logging configuration specification to this call.</p> </note>"
+      "documentation":"<p>Enables the specified <a>LoggingConfiguration</a>, to start logging from a web ACL, according to the configuration provided.</p> <p>You can access information about all traffic that WAF inspects using the following steps:</p> <ol> <li> <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. For information about configuring logging destinations and the permissions that are required for each, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/logging.html\">Logging web ACL traffic information</a> in the <i>WAF Developer Guide</i>.</p> </li> <li> <p>Associate your logging destination to your web ACL using a <code>PutLoggingConfiguration</code> request.</p> </li> </ol> <p>When you successfully enable logging using a <code>PutLoggingConfiguration</code> request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.</p> <note> <p>This operation completely replaces the mutable specifications that you already have for the logging configuration with the ones that you provide to this call. To modify the logging configuration, retrieve it by calling <a>GetLoggingConfiguration</a>, update the settings as needed, and then provide the complete logging configuration specification to this call.</p> </note>"
     },
     "PutManagedRuleSetVersions":{
       "name":"PutManagedRuleSetVersions",
@@ -820,7 +868,9 @@
       "enum":[
         "ALLOW",
         "BLOCK",
-        "COUNT"
+        "COUNT",
+        "CAPTCHA",
+        "EXCLUDED_AS_COUNT"
       ]
     },
     "All":{
@@ -935,6 +985,44 @@
       "type":"long",
       "min":1
     },
+    "CaptchaAction":{
+      "type":"structure",
+      "members":{
+        "CustomRequestHandling":{
+          "shape":"CustomRequestHandling",
+          "documentation":"<p>Defines custom handling for the web request.</p> <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        }
+      },
+      "documentation":"<p>Specifies that WAF should run a <code>CAPTCHA</code> check against the request: </p> <ul> <li> <p>If the request includes a valid, unexpired <code>CAPTCHA</code> token, WAF allows the web request inspection to proceed to the next rule, similar to a <code>CountAction</code>. </p> </li> <li> <p>If the request doesn't include a valid, unexpired <code>CAPTCHA</code> token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.</p> <p>WAF generates a response that it sends back to the client, which includes the following: </p> <ul> <li> <p>The header <code>x-amzn-waf-action</code> with a value of <code>captcha</code>. </p> </li> <li> <p>The HTTP status code <code>405 Method Not Allowed</code>. </p> </li> <li> <p>If the request contains an <code>Accept</code> header with a value of <code>text/html</code>, the response includes a <code>CAPTCHA</code> challenge. </p> </li> </ul> </li> </ul> <p>You can configure the expiration time in the <code>CaptchaConfig</code> <code>ImmunityTimeProperty</code> setting at the rule and web ACL level. The rule setting overrides the web ACL setting. </p> <p>This action option is available for rules. It isn't available for web ACL default actions. </p> <p>This is used in the context of other settings, for example to specify values for <a>RuleAction</a> and web ACL <a>DefaultAction</a>. </p>"
+    },
+    "CaptchaConfig":{
+      "type":"structure",
+      "members":{
+        "ImmunityTimeProperty":{
+          "shape":"ImmunityTimeProperty",
+          "documentation":"<p>Determines how long a <code>CAPTCHA</code> token remains valid after the client successfully solves a <code>CAPTCHA</code> puzzle. </p>"
+        }
+      },
+      "documentation":"<p>Specifies how WAF should handle <code>CAPTCHA</code> evaluations. This is available at the web ACL level and in each rule. </p>"
+    },
+    "CaptchaResponse":{
+      "type":"structure",
+      "members":{
+        "ResponseCode":{
+          "shape":"ResponseCode",
+          "documentation":"<p>The HTTP response code indicating the status of the <code>CAPTCHA</code> token in the web request. If the token is missing, invalid, or expired, this code is <code>405 Method Not Allowed</code>.</p>"
+        },
+        "SolveTimestamp":{
+          "shape":"SolveTimestamp",
+          "documentation":"<p>The time that the <code>CAPTCHA</code> puzzle was solved for the supplied token. </p>"
+        },
+        "FailureReason":{
+          "shape":"FailureReason",
+          "documentation":"<p>The reason for failure, populated when the evaluation of the token fails.</p>"
+        }
+      },
+      "documentation":"<p>The result from the inspection of the web request for a valid <code>CAPTCHA</code> token. </p>"
+    },
     "CheckCapacityRequest":{
       "type":"structure",
       "required":[
@@ -1440,6 +1528,10 @@
         "CustomResponseBodies":{
           "shape":"CustomResponseBodies",
           "documentation":"<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p> <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p> <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        },
+        "CaptchaConfig":{
+          "shape":"CaptchaConfig",
+          "documentation":"<p>Specifies how WAF should handle <code>CAPTCHA</code> evaluations for rules that don't have their own <code>CaptchaConfig</code> settings. If you don't specify this, WAF uses its default settings for <code>CaptchaConfig</code>. </p>"
         }
       }
     },
@@ -1813,6 +1905,7 @@
       "members":{
       }
     },
+    "DownloadUrl":{"type":"string"},
     "EntityDescription":{
       "type":"string",
       "max":256,
@@ -1839,15 +1932,22 @@
       "members":{
         "Name":{
           "shape":"EntityName",
-          "documentation":"<p>The name of the rule to exclude.</p>"
+          "documentation":"<p>The name of the rule whose action you want to override to <code>Count</code>.</p>"
         }
       },
-      "documentation":"<p>Specifies a single rule to exclude from the rule group. Excluding a rule overrides its action setting for the rule group in the web ACL, setting it to <code>COUNT</code>. This effectively excludes the rule from acting on web requests. </p>"
+      "documentation":"<p>Specifies a single rule in a rule group whose action you want to override to <code>Count</code>. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were <code>Count</code>. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic. </p>"
     },
     "ExcludedRules":{
       "type":"list",
       "member":{"shape":"ExcludedRule"}
     },
+    "FailureReason":{
+      "type":"string",
+      "enum":[
+        "TOKEN_MISSING",
+        "TOKEN_EXPIRED"
+      ]
+    },
     "FallbackBehavior":{
       "type":"string",
       "enum":[
@@ -1855,6 +1955,12 @@
         "NO_MATCH"
       ]
     },
+    "FieldIdentifier":{
+      "type":"string",
+      "max":512,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
     "FieldToMatch":{
       "type":"structure",
       "members":{
@@ -1965,7 +2071,7 @@
         },
         "OverrideAction":{
           "shape":"OverrideAction",
-          "documentation":"<p>The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <p>Set the override action to none to leave the rule actions in effect. Set it to count to only count matches, regardless of the rule action settings. </p> <p>In a <a>Rule</a>, you must specify either this <code>OverrideAction</code> setting or the rule <code>Action</code> setting, but not both:</p> <ul> <li> <p>If the rule statement references a rule group, use this override action setting and not the action setting. </p> </li> <li> <p>If the rule statement does not reference a rule group, use the rule action setting and not this rule override action setting. </p> </li> </ul>"
+          "documentation":"<p>The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only. </p> <p>You can only use this for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <note> <p>This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings. </p> </note>"
         },
         "VisibilityConfig":{
           "shape":"VisibilityConfig",
@@ -2024,6 +2130,32 @@
         "ANY"
       ]
     },
+    "GenerateMobileSdkReleaseUrlRequest":{
+      "type":"structure",
+      "required":[
+        "Platform",
+        "ReleaseVersion"
+      ],
+      "members":{
+        "Platform":{
+          "shape":"Platform",
+          "documentation":"<p>The device platform.</p>"
+        },
+        "ReleaseVersion":{
+          "shape":"VersionKeyString",
+          "documentation":"<p>The release version. For the latest available version, specify <code>LATEST</code>.</p>"
+        }
+      }
+    },
+    "GenerateMobileSdkReleaseUrlResponse":{
+      "type":"structure",
+      "members":{
+        "Url":{
+          "shape":"DownloadUrl",
+          "documentation":"<p>The presigned download URL for the specified SDK release.</p>"
+        }
+      }
+    },
     "GeoMatchStatement":{
       "type":"structure",
       "members":{
@@ -2127,6 +2259,32 @@
         }
       }
     },
+    "GetMobileSdkReleaseRequest":{
+      "type":"structure",
+      "required":[
+        "Platform",
+        "ReleaseVersion"
+      ],
+      "members":{
+        "Platform":{
+          "shape":"Platform",
+          "documentation":"<p>The device platform.</p>"
+        },
+        "ReleaseVersion":{
+          "shape":"VersionKeyString",
+          "documentation":"<p>The release version. For the latest available version, specify <code>LATEST</code>.</p>"
+        }
+      }
+    },
+    "GetMobileSdkReleaseResponse":{
+      "type":"structure",
+      "members":{
+        "MobileSdkRelease":{
+          "shape":"MobileSdkRelease",
+          "documentation":"<p>Information for a specified SDK release, including release notes and tags.</p>"
+        }
+      }
+    },
     "GetPermissionPolicyRequest":{
       "type":"structure",
       "required":["ResourceArn"],
@@ -2359,6 +2517,10 @@
         "LockToken":{
           "shape":"LockToken",
           "documentation":"<p>A token used for optimistic locking. WAF returns a token to your <code>get</code> and <code>list</code> requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like <code>update</code> and <code>delete</code>. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a <code>WAFOptimisticLockException</code>. If this happens, perform another <code>get</code>, and use the new token returned by that operation. </p>"
+        },
+        "ApplicationIntegrationURL":{
+          "shape":"OutputUrl",
+          "documentation":"<p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html\">WAF application integration</a> in the <i>WAF Developer Guide</i>.</p>"
         }
       }
     },
@@ -2537,6 +2699,17 @@
       "documentation":"<p>High-level information about an <a>IPSet</a>, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an <code>IPSet</code>, and the ARN, that you provide to the <a>IPSetReferenceStatement</a> to use the address set in a <a>Rule</a>.</p>"
     },
     "IPString":{"type":"string"},
+    "ImmunityTimeProperty":{
+      "type":"structure",
+      "required":["ImmunityTime"],
+      "members":{
+        "ImmunityTime":{
+          "shape":"TimeWindowSecond",
+          "documentation":"<p>The amount of time, in seconds, that a <code>CAPTCHA</code> token is valid. The default setting is 300.</p>"
+        }
+      },
+      "documentation":"<p>Determines how long a <code>CAPTCHA</code> token remains valid after the client successfully solves a <code>CAPTCHA</code> puzzle. </p>"
+    },
     "JsonBody":{
       "type":"structure",
       "required":[
@@ -2776,6 +2949,7 @@
     },
     "ListLoggingConfigurationsRequest":{
       "type":"structure",
+      "required":["Scope"],
       "members":{
         "Scope":{
           "shape":"Scope",
@@ -2840,6 +3014,37 @@
       "max":500,
       "min":1
     },
+    "ListMobileSdkReleasesRequest":{
+      "type":"structure",
+      "required":["Platform"],
+      "members":{
+        "Platform":{
+          "shape":"Platform",
+          "documentation":"<p>The device platform to retrieve the list for.</p>"
+        },
+        "NextMarker":{
+          "shape":"NextMarker",
+          "documentation":"<p>When you request a list of objects with a <code>Limit</code> setting, if the number of objects that are still available for retrieval exceeds the limit, WAF returns a <code>NextMarker</code> value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.</p>"
+        },
+        "Limit":{
+          "shape":"PaginationLimit",
+          "documentation":"<p>The maximum number of objects that you want WAF to return for this request. If more objects are available, in the response, WAF provides a <code>NextMarker</code> value that you can use in a subsequent call to get the next batch of objects.</p>"
+        }
+      }
+    },
+    "ListMobileSdkReleasesResponse":{
+      "type":"structure",
+      "members":{
+        "ReleaseSummaries":{
+          "shape":"ReleaseSummaries",
+          "documentation":"<p>High level information for the available SDK releases. </p>"
+        },
+        "NextMarker":{
+          "shape":"NextMarker",
+          "documentation":"<p>When you request a list of objects with a <code>Limit</code> setting, if the number of objects that are still available for retrieval exceeds the limit, WAF returns a <code>NextMarker</code> value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.</p>"
+        }
+      }
+    },
     "ListRegexPatternSetsRequest":{
       "type":"structure",
       "required":["Scope"],
@@ -3012,11 +3217,11 @@
         },
         "LogDestinationConfigs":{
           "shape":"LogDestinationConfigs",
-          "documentation":"<p>The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL.</p>"
+          "documentation":"<p>The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.</p>"
         },
         "RedactedFields":{
           "shape":"RedactedFields",
-          "documentation":"<p>The parts of the request that you want to keep out of the logs. For example, if you redact the <code>SingleHeader</code> field, the <code>HEADER</code> field in the firehose will be <code>xxx</code>. </p> <note> <p>You can specify only the following fields for redaction: <code>UriPath</code>, <code>QueryString</code>, <code>SingleHeader</code>, <code>Method</code>, and <code>JsonBody</code>.</p> </note>"
+          "documentation":"<p>The parts of the request that you want to keep out of the logs. For example, if you redact the <code>SingleHeader</code> field, the <code>HEADER</code> field in the logs will be <code>xxx</code>. </p> <note> <p>You can specify only the following fields for redaction: <code>UriPath</code>, <code>QueryString</code>, <code>SingleHeader</code>, <code>Method</code>, and <code>JsonBody</code>.</p> </note>"
         },
         "ManagedByFirewallManager":{
           "shape":"Boolean",
@@ -3027,7 +3232,7 @@
           "documentation":"<p>Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. </p>"
         }
       },
-      "documentation":"<p>Defines an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records. </p>"
+      "documentation":"<p>Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records. </p> <p>For information about configuring web ACL logging destinations, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/logging.html\">Logging web ACL traffic information</a> in the <i>WAF Developer Guide</i>.</p>"
     },
     "LoggingConfigurations":{
       "type":"list",
@@ -3051,6 +3256,39 @@
       },
       "documentation":"<p>Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's <a>LoggingConfiguration</a>. </p> <p>You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. </p>"
     },
+    "LoginPathString":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":".*\\S.*"
+    },
+    "ManagedRuleGroupConfig":{
+      "type":"structure",
+      "members":{
+        "LoginPath":{
+          "shape":"LoginPathString",
+          "documentation":"<p>The login endpoint for your application. For example <code>https://example.com/web/login</code>.</p>"
+        },
+        "PayloadType":{
+          "shape":"PayloadType",
+          "documentation":"<p>The payload type for your login endpoint, either JSON or form encoded.</p>"
+        },
+        "UsernameField":{
+          "shape":"UsernameField",
+          "documentation":"<p>Details about your login page username field. </p>"
+        },
+        "PasswordField":{
+          "shape":"PasswordField",
+          "documentation":"<p>Details about your login page password field. </p>"
+        }
+      },
+      "documentation":"<p>Additional information that's used by a managed rule group. Most managed rule groups don't require this.</p> <p>Use this for the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>, to provide information about the sign-in page of your application. </p>"
+    },
+    "ManagedRuleGroupConfigs":{
+      "type":"list",
+      "member":{"shape":"ManagedRuleGroupConfig"},
+      "min":1
+    },
     "ManagedRuleGroupStatement":{
       "type":"structure",
       "required":[
@@ -3072,11 +3310,15 @@
         },
         "ExcludedRules":{
           "shape":"ExcludedRules",
-          "documentation":"<p>The rules whose actions are set to <code>COUNT</code> by the web ACL, regardless of the action that is set on the rule. This effectively excludes the rule from acting on web requests. </p>"
+          "documentation":"<p>The rules in the referenced rule group whose actions are set to <code>Count</code>. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were <code>Count</code>. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.</p>"
         },
         "ScopeDownStatement":{
           "shape":"Statement",
           "documentation":"<p>An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable <a>Statement</a> in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement. </p>"
+        },
+        "ManagedRuleGroupConfigs":{
+          "shape":"ManagedRuleGroupConfigs",
+          "documentation":"<p>Additional information that's used by a managed rule group. Most managed rule groups don't require this.</p> <p>Use this for the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>, to provide information about the sign-in page of your application. </p>"
         }
       },
       "documentation":"<p>A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling <a>ListAvailableManagedRuleGroups</a>.</p> <p>You cannot nest a <code>ManagedRuleGroupStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. It can only be referenced as a top-level statement within a rule.</p>"
@@ -3236,6 +3478,28 @@
       "min":1,
       "pattern":"^[\\w#:\\.\\-/]+$"
     },
+    "MobileSdkRelease":{
+      "type":"structure",
+      "members":{
+        "ReleaseVersion":{
+          "shape":"VersionKeyString",
+          "documentation":"<p>The release version. </p>"
+        },
+        "Timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of the release. </p>"
+        },
+        "ReleaseNotes":{
+          "shape":"ReleaseNotes",
+          "documentation":"<p>Notes describing the release.</p>"
+        },
+        "Tags":{
+          "shape":"TagList",
+          "documentation":"<p>Tags that are associated with the release. </p>"
+        }
+      },
+      "documentation":"<p>Information for a release of the mobile SDK, including release notes and tags.</p> <p>The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. </p>"
+    },
     "NextMarker":{
       "type":"string",
       "max":256,
@@ -3246,7 +3510,7 @@
       "type":"structure",
       "members":{
       },
-      "documentation":"<p>Specifies that WAF should do nothing. This is generally used to try out a rule without performing any actions. You set the <code>OverrideAction</code> on the <a>Rule</a>. </p> <p>This is used in the context of other settings, for example to specify values for <a>RuleAction</a> and web ACL <a>DefaultAction</a>. </p> <p>JSON specification: <code>\"None\": {}</code> </p>"
+      "documentation":"<p>Specifies that WAF should do nothing. This is used for the <code>OverrideAction</code> setting on a <a>Rule</a> when the rule uses a rule group reference statement. </p> <p>This is used in the context of other settings, for example to specify values for <a>RuleAction</a> and web ACL <a>DefaultAction</a>. </p> <p>JSON specification: <code>\"None\": {}</code> </p>"
     },
     "NotStatement":{
       "type":"structure",
@@ -3270,19 +3534,20 @@
       },
       "documentation":"<p>A logical rule statement used to combine other rule statements with OR logic. You provide more than one <a>Statement</a> within the <code>OrStatement</code>. </p>"
     },
+    "OutputUrl":{"type":"string"},
     "OverrideAction":{
       "type":"structure",
       "members":{
         "Count":{
           "shape":"CountAction",
-          "documentation":"<p>Override the rule action setting to count.</p>"
+          "documentation":"<p>Override the rule group evaluation result to count only. </p> <note> <p>This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings. </p> </note>"
         },
         "None":{
           "shape":"NoneAction",
-          "documentation":"<p>Don't override the rule action setting.</p>"
+          "documentation":"<p>Don't override the rule group evaluation result. This is the most common setting.</p>"
         }
       },
-      "documentation":"<p>The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <p>Set the override action to none to leave the rule actions in effect. Set it to count to only count matches, regardless of the rule action settings. </p> <p>In a <a>Rule</a>, you must specify either this <code>OverrideAction</code> setting or the rule <code>Action</code> setting, but not both:</p> <ul> <li> <p>If the rule statement references a rule group, use this override action setting and not the action setting. </p> </li> <li> <p>If the rule statement does not reference a rule group, use the rule action setting and not this rule override action setting. </p> </li> </ul>"
+      "documentation":"<p>The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only. </p> <p>You can only use this for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <note> <p>This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings. </p> </note>"
     },
     "PaginationLimit":{
       "type":"integer",
@@ -3347,13 +3612,41 @@
         "FILTER_CONDITION",
         "EXPIRE_TIMESTAMP",
         "CHANGE_PROPAGATION_STATUS",
-        "ASSOCIABLE_RESOURCE"
+        "ASSOCIABLE_RESOURCE",
+        "LOG_DESTINATION",
+        "MANAGED_RULE_GROUP_CONFIG",
+        "PAYLOAD_TYPE"
       ]
     },
     "ParameterExceptionParameter":{
       "type":"string",
       "min":1
     },
+    "PasswordField":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"FieldIdentifier",
+          "documentation":"<p>The name of the password field. For example <code>/form/password</code>.</p>"
+        }
+      },
+      "documentation":"<p>Details about your login page password field, used in a <code>ManagedRuleGroupConfig</code>. </p>"
+    },
+    "PayloadType":{
+      "type":"string",
+      "enum":[
+        "JSON",
+        "FORM_ENCODED"
+      ]
+    },
+    "Platform":{
+      "type":"string",
+      "enum":[
+        "IOS",
+        "ANDROID"
+      ]
+    },
     "PolicyString":{
       "type":"string",
       "max":395000,
@@ -3646,6 +3939,25 @@
       "type":"list",
       "member":{"shape":"Regex"}
     },
+    "ReleaseNotes":{"type":"string"},
+    "ReleaseSummaries":{
+      "type":"list",
+      "member":{"shape":"ReleaseSummary"}
+    },
+    "ReleaseSummary":{
+      "type":"structure",
+      "members":{
+        "ReleaseVersion":{
+          "shape":"VersionKeyString",
+          "documentation":"<p>The release version. </p>"
+        },
+        "Timestamp":{
+          "shape":"Timestamp",
+          "documentation":"<p>The timestamp of the release. </p>"
+        }
+      },
+      "documentation":"<p>High level information for an SDK release. </p>"
+    },
     "ResourceArn":{
       "type":"string",
       "max":2048,
@@ -3664,6 +3976,7 @@
         "APPSYNC"
       ]
     },
+    "ResponseCode":{"type":"integer"},
     "ResponseContent":{
       "type":"string",
       "max":10240,
@@ -3680,7 +3993,7 @@
     },
     "ResponseStatusCode":{
       "type":"integer",
-      "max":600,
+      "max":599,
       "min":200
     },
     "Rule":{
@@ -3710,7 +4023,7 @@
         },
         "OverrideAction":{
           "shape":"OverrideAction",
-          "documentation":"<p>The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <p>Set the override action to none to leave the rule actions in effect. Set it to count to only count matches, regardless of the rule action settings. </p> <p>In a <a>Rule</a>, you must specify either this <code>OverrideAction</code> setting or the rule <code>Action</code> setting, but not both:</p> <ul> <li> <p>If the rule statement references a rule group, use this override action setting and not the action setting. </p> </li> <li> <p>If the rule statement does not reference a rule group, use the rule action setting and not this rule override action setting. </p> </li> </ul>"
+          "documentation":"<p>The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only. </p> <p>You can only use this for rule statements that reference a rule group, like <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p> <note> <p>This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings. </p> </note>"
         },
         "RuleLabels":{
           "shape":"Labels",
@@ -3719,6 +4032,10 @@
         "VisibilityConfig":{
           "shape":"VisibilityConfig",
           "documentation":"<p>Defines and enables Amazon CloudWatch metrics and web request sample collection. </p>"
+        },
+        "CaptchaConfig":{
+          "shape":"CaptchaConfig",
+          "documentation":"<p>Specifies how WAF should handle <code>CAPTCHA</code> evaluations. If you don't specify this, WAF uses the <code>CAPTCHA</code> configuration that's defined for the web ACL. </p>"
         }
       },
       "documentation":"<p>A single rule, which you can use in a <a>WebACL</a> or <a>RuleGroup</a> to identify web requests that you want to allow, block, or count. Each rule includes one top-level <a>Statement</a> that WAF uses to identify matching web requests, and parameters that govern how WAF handles them. </p>"
@@ -3737,6 +4054,10 @@
         "Count":{
           "shape":"CountAction",
           "documentation":"<p>Instructs WAF to count the web request and allow it.</p>"
+        },
+        "Captcha":{
+          "shape":"CaptchaAction",
+          "documentation":"<p>Instructs WAF to run a <code>CAPTCHA</code> check against the web request.</p>"
         }
       },
       "documentation":"<p>The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting. </p>"
@@ -3808,7 +4129,7 @@
         },
         "ExcludedRules":{
           "shape":"ExcludedRules",
-          "documentation":"<p>The names of rules that are in the referenced rule group, but that you want WAF to exclude from processing for this rule statement. </p>"
+          "documentation":"<p>The rules in the referenced rule group whose actions are set to <code>Count</code>. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were <code>Count</code>. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.</p>"
         }
       },
       "documentation":"<p>A rule statement used to run the rules that are defined in a <a>RuleGroup</a>. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.</p> <p>You cannot nest a <code>RuleGroupReferenceStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. You can only use a rule group reference statement at the top level inside a web ACL. </p>"
@@ -3894,7 +4215,7 @@
         },
         "Action":{
           "shape":"Action",
-          "documentation":"<p>The action for the <code>Rule</code> that the request matched: <code>ALLOW</code>, <code>BLOCK</code>, or <code>COUNT</code>.</p>"
+          "documentation":"<p>The action for the <code>Rule</code> that the request matched: <code>Allow</code>, <code>Block</code>, or <code>Count</code>.</p>"
         },
         "RuleNameWithinRuleGroup":{
           "shape":"EntityName",
@@ -3911,6 +4232,10 @@
         "Labels":{
           "shape":"Labels",
           "documentation":"<p>Labels applied to the web request by matching rules. WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace. </p> <p>For example, <code>awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA</code> or <code>awswaf:managed:aws:managed-rule-set:header:encoding:utf8</code>. </p>"
+        },
+        "CaptchaResponse":{
+          "shape":"CaptchaResponse",
+          "documentation":"<p>The <code>CAPTCHA</code> response for the request.</p>"
         }
       },
       "documentation":"<p>Represents a single sampled web request. The response from <a>GetSampledRequests</a> includes a <code>SampledHTTPRequests</code> complex type that appears as <code>SampledRequests</code> in the response syntax. <code>SampledHTTPRequests</code> contains an array of <code>SampledHTTPRequest</code> objects.</p>"
@@ -3982,6 +4307,7 @@
       },
       "documentation":"<p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (&gt;) or less than (&lt;). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p> <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.</p> <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>"
     },
+    "SolveTimestamp":{"type":"long"},
     "SqliMatchStatement":{
       "type":"structure",
       "required":[
@@ -4221,6 +4547,11 @@
       "type":"integer",
       "min":1
     },
+    "TimeWindowSecond":{
+      "type":"long",
+      "max":259200,
+      "min":60
+    },
     "Timestamp":{"type":"timestamp"},
     "URIString":{"type":"string"},
     "UntagResourceRequest":{
@@ -4488,6 +4819,10 @@
         "CustomResponseBodies":{
           "shape":"CustomResponseBodies",
           "documentation":"<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p> <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p> <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        },
+        "CaptchaConfig":{
+          "shape":"CaptchaConfig",
+          "documentation":"<p>Specifies how WAF should handle <code>CAPTCHA</code> evaluations for rules that don't have their own <code>CaptchaConfig</code> settings. If you don't specify this, WAF uses its default settings for <code>CaptchaConfig</code>. </p>"
         }
       }
     },
@@ -4506,6 +4841,17 @@
       },
       "documentation":"<p>The path component of the URI of a web request. This is the part of a web request that identifies a resource. For example, <code>/images/daily-ad.jpg</code>.</p> <p>This is used only to indicate the web request component for WAF to inspect, in the <a>FieldToMatch</a> specification. </p> <p>JSON specification: <code>\"UriPath\": {}</code> </p>"
     },
+    "UsernameField":{
+      "type":"structure",
+      "required":["Identifier"],
+      "members":{
+        "Identifier":{
+          "shape":"FieldIdentifier",
+          "documentation":"<p>The name of the username field. For example <code>/form/username</code>.</p>"
+        }
+      },
+      "documentation":"<p>Details about your login page username field, used in a <code>ManagedRuleGroupConfig</code>. </p>"
+    },
     "VendorName":{
       "type":"string",
       "max":128,
@@ -4645,6 +4991,14 @@
       "documentation":"<p>WAF couldn’t perform the operation because you exceeded your resource limit. For example, the maximum number of <code>WebACL</code> objects that you can create for an Amazon Web Services account. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the <i>WAF Developer Guide</i>.</p>",
       "exception":true
     },
+    "WAFLogDestinationPermissionIssueException":{
+      "type":"structure",
+      "members":{
+        "Message":{"shape":"ErrorMessage"}
+      },
+      "documentation":"<p>The operation failed because you don't have the permissions that your logging configuration requires. For information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/logging.html\">Logging web ACL traffic information</a> in the <i>WAF Developer Guide</i>.</p>",
+      "exception":true
+    },
     "WAFNonexistentItemException":{
       "type":"structure",
       "members":{
@@ -4763,6 +5117,10 @@
         "CustomResponseBodies":{
           "shape":"CustomResponseBodies",
           "documentation":"<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p> <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p> <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        },
+        "CaptchaConfig":{
+          "shape":"CaptchaConfig",
+          "documentation":"<p>Specifies how WAF should handle <code>CAPTCHA</code> evaluations for rules that don't have their own <code>CaptchaConfig</code> settings. If you don't specify this, WAF uses its default settings for <code>CaptchaConfig</code>. </p>"
         }
       },
       "documentation":"<p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API. </p>"
diff --git a/contrib/python/botocore/py3/botocore/data/wellarchitected/2020-03-31/service-2.json b/contrib/python/botocore/py3/botocore/data/wellarchitected/2020-03-31/service-2.json
index 30b24e1ad15..d64946d597a 100644
--- a/contrib/python/botocore/py3/botocore/data/wellarchitected/2020-03-31/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/wellarchitected/2020-03-31/service-2.json
@@ -28,7 +28,45 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Associate a lens to a workload.</p>"
+      "documentation":"<p>Associate a lens to a workload.</p> <p>Up to 10 lenses can be associated with a workload in a single API operation. A maximum of 20 lenses can be associated with a workload.</p> <note> <p> <b>Disclaimer</b> </p> <p>By accessing and/or applying custom lenses created by another Amazon Web Services user or account, you acknowledge that custom lenses created by other users and shared with you are Third Party Content as defined in the Amazon Web Services Customer Agreement. </p> </note>"
+    },
+    "CreateLensShare":{
+      "name":"CreateLensShare",
+      "http":{
+        "method":"POST",
+        "requestUri":"/lenses/{LensAlias}/shares"
+      },
+      "input":{"shape":"CreateLensShareInput"},
+      "output":{"shape":"CreateLensShareOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Create a lens share.</p> <p>The owner of a lens can share it with other Amazon Web Services accounts and IAM users in the same Amazon Web Services Region. Shared access to a lens is not removed until the lens invitation is deleted.</p> <note> <p> <b>Disclaimer</b> </p> <p>By sharing your custom lenses with other Amazon Web Services accounts, you acknowledge that Amazon Web Services will make your custom lenses available to those other accounts. Those other accounts may continue to access and use your shared custom lenses even if you delete the custom lenses from your own Amazon Web Services account or terminate your Amazon Web Services account.</p> </note>"
+    },
+    "CreateLensVersion":{
+      "name":"CreateLensVersion",
+      "http":{
+        "method":"POST",
+        "requestUri":"/lenses/{LensAlias}/versions"
+      },
+      "input":{"shape":"CreateLensVersionInput"},
+      "output":{"shape":"CreateLensVersionOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Create a new lens version.</p> <p>A lens can have up to 100 versions.</p> <p>After a lens has been imported, create a new lens version to publish it. The owner of a lens can share the lens with other Amazon Web Services accounts and IAM users in the same Amazon Web Services Region. Only the owner of a lens can delete it. </p>"
     },
     "CreateMilestone":{
       "name":"CreateMilestone",
@@ -65,7 +103,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Create a new workload.</p> <p>The owner of a workload can share the workload with other AWS accounts and IAM users in the same AWS Region. Only the owner of a workload can delete it.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/define-workload.html\">Defining a Workload</a> in the <i>AWS Well-Architected Tool User Guide</i>.</p>"
+      "documentation":"<p>Create a new workload.</p> <p>The owner of a workload can share the workload with other Amazon Web Services accounts and IAM users in the same Amazon Web Services Region. Only the owner of a workload can delete it.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/define-workload.html\">Defining a Workload</a> in the <i>Well-Architected Tool User Guide</i>.</p>"
     },
     "CreateWorkloadShare":{
       "name":"CreateWorkloadShare",
@@ -84,7 +122,41 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Create a workload share.</p> <p>The owner of a workload can share it with other AWS accounts and IAM users in the same AWS Region. Shared access to a workload is not removed until the workload invitation is deleted.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/workloads-sharing.html\">Sharing a Workload</a> in the <i>AWS Well-Architected Tool User Guide</i>.</p>"
+      "documentation":"<p>Create a workload share.</p> <p>The owner of a workload can share it with other Amazon Web Services accounts and IAM users in the same Amazon Web Services Region. Shared access to a workload is not removed until the workload invitation is deleted.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/workloads-sharing.html\">Sharing a Workload</a> in the <i>Well-Architected Tool User Guide</i>.</p>"
+    },
+    "DeleteLens":{
+      "name":"DeleteLens",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/lenses/{LensAlias}"
+      },
+      "input":{"shape":"DeleteLensInput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Delete an existing lens.</p> <p>Only the owner of a lens can delete it. After the lens is deleted, Amazon Web Services accounts and IAM users that you shared the lens with can continue to use it, but they will no longer be able to apply it to new workloads. </p> <note> <p> <b>Disclaimer</b> </p> <p>By sharing your custom lenses with other Amazon Web Services accounts, you acknowledge that Amazon Web Services will make your custom lenses available to those other accounts. Those other accounts may continue to access and use your shared custom lenses even if you delete the custom lenses from your own Amazon Web Services account or terminate your Amazon Web Services account.</p> </note>"
+    },
+    "DeleteLensShare":{
+      "name":"DeleteLensShare",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/lenses/{LensAlias}/shares/{ShareId}"
+      },
+      "input":{"shape":"DeleteLensShareInput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ConflictException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Delete a lens share.</p> <p>After the lens share is deleted, Amazon Web Services accounts and IAM users that you shared the lens with can continue to use it, but they will no longer be able to apply it to new workloads.</p> <note> <p> <b>Disclaimer</b> </p> <p>By sharing your custom lenses with other Amazon Web Services accounts, you acknowledge that Amazon Web Services will make your custom lenses available to those other accounts. Those other accounts may continue to access and use your shared custom lenses even if you delete the custom lenses from your own Amazon Web Services account or terminate your Amazon Web Services account.</p> </note>"
     },
     "DeleteWorkload":{
       "name":"DeleteWorkload",
@@ -135,7 +207,24 @@
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Disassociate a lens from a workload.</p> <note> <p>The AWS Well-Architected Framework lens (<code>wellarchitected</code>) cannot be removed from a workload.</p> </note>"
+      "documentation":"<p>Disassociate a lens from a workload.</p> <p>Up to 10 lenses can be disassociated from a workload in a single API operation.</p> <note> <p>The Amazon Web Services Well-Architected Framework lens (<code>wellarchitected</code>) cannot be removed from a workload.</p> </note>"
+    },
+    "ExportLens":{
+      "name":"ExportLens",
+      "http":{
+        "method":"GET",
+        "requestUri":"/lenses/{LensAlias}/export"
+      },
+      "input":{"shape":"ExportLensInput"},
+      "output":{"shape":"ExportLensOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Export an existing lens.</p> <p>Lenses are defined in JSON. For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/lenses-format-specification.html\">JSON format specification</a> in the <i>Well-Architected Tool User Guide</i>. Only the owner of a lens can export it. </p> <note> <p> <b>Disclaimer</b> </p> <p>Do not include or gather personal identifiable information (PII) of end users or other identifiable individuals in or via your custom lenses. If your custom lens or those shared with you and used in your account do include or collect PII you are responsible for: ensuring that the included PII is processed in accordance with applicable law, providing adequate privacy notices, and obtaining necessary consents for processing such data.</p> </note>"
     },
     "GetAnswer":{
       "name":"GetAnswer",
@@ -154,6 +243,23 @@
       ],
       "documentation":"<p>Get the answer to a specific question in a workload review.</p>"
     },
+    "GetLens":{
+      "name":"GetLens",
+      "http":{
+        "method":"GET",
+        "requestUri":"/lenses/{LensAlias}"
+      },
+      "input":{"shape":"GetLensInput"},
+      "output":{"shape":"GetLensOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Get an existing lens.</p>"
+    },
     "GetLensReview":{
       "name":"GetLensReview",
       "http":{
@@ -239,6 +345,25 @@
       ],
       "documentation":"<p>Get an existing workload.</p>"
     },
+    "ImportLens":{
+      "name":"ImportLens",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/importLens"
+      },
+      "input":{"shape":"ImportLensInput"},
+      "output":{"shape":"ImportLensOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>Import a new lens.</p> <p>The lens cannot be applied to workloads or shared with other Amazon Web Services accounts until it's published with <a>CreateLensVersion</a> </p> <p>Lenses are defined in JSON. For more information, see <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/lenses-format-specification.html\">JSON format specification</a> in the <i>Well-Architected Tool User Guide</i>.</p> <p>A custom lens cannot exceed 500 KB in size.</p> <note> <p> <b>Disclaimer</b> </p> <p>Do not include or gather personal identifiable information (PII) of end users or other identifiable individuals in or via your custom lenses. If your custom lens or those shared with you and used in your account do include or collect PII you are responsible for: ensuring that the included PII is processed in accordance with applicable law, providing adequate privacy notices, and obtaining necessary consents for processing such data.</p> </note>"
+    },
     "ListAnswers":{
       "name":"ListAnswers",
       "http":{
@@ -290,6 +415,23 @@
       ],
       "documentation":"<p>List lens reviews.</p>"
     },
+    "ListLensShares":{
+      "name":"ListLensShares",
+      "http":{
+        "method":"GET",
+        "requestUri":"/lenses/{LensAlias}/shares"
+      },
+      "input":{"shape":"ListLensSharesInput"},
+      "output":{"shape":"ListLensSharesOutput"},
+      "errors":[
+        {"shape":"ValidationException"},
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"}
+      ],
+      "documentation":"<p>List the lens shares associated with the lens.</p>"
+    },
     "ListLenses":{
       "name":"ListLenses",
       "http":{
@@ -558,6 +700,10 @@
         "QuestionDescription":{"shape":"QuestionDescription"},
         "ImprovementPlanUrl":{"shape":"ImprovementPlanUrl"},
         "HelpfulResourceUrl":{"shape":"HelpfulResourceUrl"},
+        "HelpfulResourceDisplayText":{
+          "shape":"DisplayText",
+          "documentation":"<p>The helpful resource text to be displayed.</p>"
+        },
         "Choices":{"shape":"Choices"},
         "SelectedChoices":{"shape":"SelectedChoices"},
         "ChoiceAnswers":{
@@ -628,12 +774,12 @@
     },
     "AwsAccountId":{
       "type":"string",
-      "documentation":"<p>An AWS account ID.</p>",
+      "documentation":"<p>An Amazon Web Services account ID.</p>",
       "pattern":"[0-9]{12}"
     },
     "AwsRegion":{
       "type":"string",
-      "documentation":"<p>An AWS Region, for example, <code>us-west-2</code> or <code>ap-northeast-1</code>.</p>",
+      "documentation":"<p>An Amazon Web Services Region, for example, <code>us-west-2</code> or <code>ap-northeast-1</code>.</p>",
       "max":100
     },
     "Base64String":{
@@ -645,7 +791,15 @@
       "members":{
         "ChoiceId":{"shape":"ChoiceId"},
         "Title":{"shape":"ChoiceTitle"},
-        "Description":{"shape":"ChoiceDescription"}
+        "Description":{"shape":"ChoiceDescription"},
+        "HelpfulResource":{
+          "shape":"ChoiceContent",
+          "documentation":"<p>The choice level helpful resource.</p>"
+        },
+        "ImprovementPlan":{
+          "shape":"ChoiceContent",
+          "documentation":"<p>The choice level improvement plan.</p>"
+        }
       },
       "documentation":"<p>A choice available to answer question.</p>"
     },
@@ -691,6 +845,30 @@
       "type":"list",
       "member":{"shape":"ChoiceAnswer"}
     },
+    "ChoiceContent":{
+      "type":"structure",
+      "members":{
+        "DisplayText":{
+          "shape":"ChoiceContentDisplayText",
+          "documentation":"<p>The display text for the choice content.</p>"
+        },
+        "Url":{
+          "shape":"ChoiceContentUrl",
+          "documentation":"<p>The URL for the choice content.</p>"
+        }
+      },
+      "documentation":"<p>The choice content.</p>"
+    },
+    "ChoiceContentDisplayText":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
+    "ChoiceContentUrl":{
+      "type":"string",
+      "max":1024,
+      "min":1
+    },
     "ChoiceDescription":{
       "type":"string",
       "documentation":"<p>The description of a choice.</p>",
@@ -703,6 +881,22 @@
       "max":64,
       "min":1
     },
+    "ChoiceImprovementPlan":{
+      "type":"structure",
+      "members":{
+        "ChoiceId":{"shape":"ChoiceId"},
+        "DisplayText":{
+          "shape":"DisplayText",
+          "documentation":"<p>The display text for the improvement plan.</p>"
+        },
+        "ImprovementPlanUrl":{"shape":"ImprovementPlanUrl"}
+      },
+      "documentation":"<p>The choice level improvement plan.</p>"
+    },
+    "ChoiceImprovementPlans":{
+      "type":"list",
+      "member":{"shape":"ChoiceImprovementPlan"}
+    },
     "ChoiceNotes":{
       "type":"string",
       "max":250
@@ -762,7 +956,7 @@
     },
     "ClientRequestToken":{
       "type":"string",
-      "documentation":"<p>A unique case-sensitive string used to ensure that this request is idempotent (executes only once).</p> <p>You should not reuse the same token for other requests. If you retry a request with the same client request token and the same parameters after it has completed successfully, the result of the original request is returned. </p> <important> <p>This token is listed as required, however, if you do not specify it, the AWS SDKs automatically generate one for you. If you are not using the AWS SDK or the AWS CLI, you must provide this token or the request will fail.</p> </important>"
+      "documentation":"<p>A unique case-sensitive string used to ensure that this request is idempotent (executes only once).</p> <p>You should not reuse the same token for other requests. If you retry a request with the same client request token and the same parameters after it has completed successfully, the result of the original request is returned. </p> <important> <p>This token is listed as required, however, if you do not specify it, the Amazon Web Services SDKs automatically generate one for you. If you are not using the Amazon Web Services SDK or the CLI, you must provide this token or the request will fail.</p> </important>"
     },
     "ConflictException":{
       "type":"structure",
@@ -785,6 +979,72 @@
       "documentation":"<p>A non-negative integer that denotes how many.</p>",
       "min":0
     },
+    "CreateLensShareInput":{
+      "type":"structure",
+      "required":[
+        "LensAlias",
+        "SharedWith",
+        "ClientRequestToken"
+      ],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "SharedWith":{"shape":"SharedWith"},
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateLensShareOutput":{
+      "type":"structure",
+      "members":{
+        "ShareId":{"shape":"ShareId"}
+      }
+    },
+    "CreateLensVersionInput":{
+      "type":"structure",
+      "required":[
+        "LensAlias",
+        "LensVersion",
+        "ClientRequestToken"
+      ],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "LensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The version of the lens being created.</p>"
+        },
+        "IsMajorVersion":{
+          "shape":"IsMajorVersion",
+          "documentation":"<p>Set to true if this new major lens version.</p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "CreateLensVersionOutput":{
+      "type":"structure",
+      "members":{
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
+        "LensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The version of the lens.</p>"
+        }
+      }
+    },
     "CreateMilestoneInput":{
       "type":"structure",
       "required":[
@@ -888,6 +1148,59 @@
       },
       "documentation":"<p>Input for Create Workload Share</p>"
     },
+    "DeleteLensInput":{
+      "type":"structure",
+      "required":[
+        "LensAlias",
+        "ClientRequestToken",
+        "LensStatus"
+      ],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"ClientRequestToken"
+        },
+        "LensStatus":{
+          "shape":"LensStatusType",
+          "documentation":"<p>The status of the lens to be deleted.</p>",
+          "location":"querystring",
+          "locationName":"LensStatus"
+        }
+      }
+    },
+    "DeleteLensShareInput":{
+      "type":"structure",
+      "required":[
+        "ShareId",
+        "LensAlias",
+        "ClientRequestToken"
+      ],
+      "members":{
+        "ShareId":{
+          "shape":"ShareId",
+          "location":"uri",
+          "locationName":"ShareId"
+        },
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true,
+          "location":"querystring",
+          "locationName":"ClientRequestToken"
+        }
+      }
+    },
     "DeleteWorkloadInput":{
       "type":"structure",
       "required":[
@@ -960,6 +1273,11 @@
       },
       "documentation":"<p>Input to disassociate lens reviews.</p>"
     },
+    "DisplayText":{
+      "type":"string",
+      "max":64,
+      "min":1
+    },
     "ExceptionMessage":{
       "type":"string",
       "documentation":"<p>Description of the error.</p>"
@@ -972,6 +1290,32 @@
       "type":"string",
       "documentation":"<p>Type of the resource affected.</p>"
     },
+    "ExportLensInput":{
+      "type":"structure",
+      "required":["LensAlias"],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "LensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The lens version to be exported.</p>",
+          "location":"querystring",
+          "locationName":"LensVersion"
+        }
+      }
+    },
+    "ExportLensOutput":{
+      "type":"structure",
+      "members":{
+        "LensJSON":{
+          "shape":"LensJSON",
+          "documentation":"<p>The JSON for the lens.</p>"
+        }
+      }
+    },
     "GetAnswerInput":{
       "type":"structure",
       "required":[
@@ -1009,10 +1353,40 @@
         "WorkloadId":{"shape":"WorkloadId"},
         "MilestoneNumber":{"shape":"MilestoneNumber"},
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "Answer":{"shape":"Answer"}
       },
       "documentation":"<p>Output of a get answer call.</p>"
     },
+    "GetLensInput":{
+      "type":"structure",
+      "required":["LensAlias"],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "LensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The lens version to be retrieved.</p>",
+          "location":"querystring",
+          "locationName":"LensVersion"
+        }
+      }
+    },
+    "GetLensOutput":{
+      "type":"structure",
+      "members":{
+        "Lens":{
+          "shape":"Lens",
+          "documentation":"<p>A lens return object.</p>"
+        }
+      }
+    },
     "GetLensReviewInput":{
       "type":"structure",
       "required":[
@@ -1083,10 +1457,7 @@
     },
     "GetLensVersionDifferenceInput":{
       "type":"structure",
-      "required":[
-        "LensAlias",
-        "BaseLensVersion"
-      ],
+      "required":["LensAlias"],
       "members":{
         "LensAlias":{
           "shape":"LensAlias",
@@ -1098,6 +1469,12 @@
           "documentation":"<p>The base version of the lens.</p>",
           "location":"querystring",
           "locationName":"BaseLensVersion"
+        },
+        "TargetLensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The lens version to target a difference for.</p>",
+          "location":"querystring",
+          "locationName":"TargetLensVersion"
         }
       }
     },
@@ -1105,10 +1482,18 @@
       "type":"structure",
       "members":{
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "BaseLensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The base version of the lens.</p>"
         },
+        "TargetLensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The target lens version for the lens.</p>"
+        },
         "LatestLensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The latest version of the lens.</p>"
@@ -1169,6 +1554,49 @@
       "max":2048,
       "min":1
     },
+    "ImportLensInput":{
+      "type":"structure",
+      "required":[
+        "JSONString",
+        "ClientRequestToken"
+      ],
+      "members":{
+        "LensAlias":{"shape":"LensAlias"},
+        "JSONString":{
+          "shape":"LensJSON",
+          "documentation":"<p>The JSON representation of a lens.</p>"
+        },
+        "ClientRequestToken":{
+          "shape":"ClientRequestToken",
+          "idempotencyToken":true
+        },
+        "Tags":{
+          "shape":"TagMap",
+          "documentation":"<p>Tags to associate to a lens.</p>"
+        }
+      }
+    },
+    "ImportLensOutput":{
+      "type":"structure",
+      "members":{
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
+        "Status":{
+          "shape":"ImportLensStatus",
+          "documentation":"<p>The status of the imported lens.</p>"
+        }
+      }
+    },
+    "ImportLensStatus":{
+      "type":"string",
+      "enum":[
+        "IN_PROGRESS",
+        "COMPLETE",
+        "ERROR"
+      ]
+    },
     "ImprovementPlanUrl":{
       "type":"string",
       "documentation":"<p>The improvement plan URL for a question.</p> <p>This value is only available if the question has been answered.</p>",
@@ -1187,7 +1615,11 @@
         "PillarId":{"shape":"PillarId"},
         "QuestionTitle":{"shape":"QuestionTitle"},
         "Risk":{"shape":"Risk"},
-        "ImprovementPlanUrl":{"shape":"ImprovementPlanUrl"}
+        "ImprovementPlanUrl":{"shape":"ImprovementPlanUrl"},
+        "ImprovementPlans":{
+          "shape":"ChoiceImprovementPlans",
+          "documentation":"<p>The improvement plan details.</p>"
+        }
       },
       "documentation":"<p>An improvement summary of a lens review in a workload.</p>"
     },
@@ -1197,7 +1629,7 @@
       "members":{
         "Message":{"shape":"ExceptionMessage"}
       },
-      "documentation":"<p>There is a problem with the AWS Well-Architected Tool API service.</p>",
+      "documentation":"<p>There is a problem with the Well-Architected Tool API service.</p>",
       "error":{"httpStatusCode":500},
       "exception":true,
       "fault":true
@@ -1206,35 +1638,75 @@
       "type":"boolean",
       "documentation":"<p>Defines whether this question is applicable to a lens review.</p>"
     },
+    "IsMajorVersion":{"type":"boolean"},
     "IsReviewOwnerUpdateAcknowledged":{"type":"boolean"},
+    "Lens":{
+      "type":"structure",
+      "members":{
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN of a lens.</p>"
+        },
+        "LensVersion":{
+          "shape":"LensVersion",
+          "documentation":"<p>The version of a lens.</p>"
+        },
+        "Name":{"shape":"LensName"},
+        "Description":{"shape":"LensDescription"},
+        "Owner":{
+          "shape":"LensOwner",
+          "documentation":"<p>The Amazon Web Services account ID that owns the lens.</p>"
+        },
+        "ShareInvitationId":{
+          "shape":"ShareInvitationId",
+          "documentation":"<p>The ID assigned to the share invitation.</p>"
+        }
+      },
+      "documentation":"<p>A lens return object.</p>"
+    },
     "LensAlias":{
       "type":"string",
       "documentation":"<p>The alias of the lens, for example, <code>serverless</code>.</p> <p>Each lens is identified by its <a>LensSummary$LensAlias</a>.</p>",
-      "max":64,
+      "max":128,
       "min":1
     },
     "LensAliases":{
       "type":"list",
       "member":{"shape":"LensAlias"},
-      "documentation":"<p>List of lens aliases to associate or disassociate with a workload.</p> <p>Identify a lens using its <a>LensSummary$LensAlias</a>.</p>",
+      "documentation":"<p>List of lens aliases to associate or disassociate with a workload. Up to 10 lenses can be specified.</p> <p>Identify a lens using its <a>LensSummary$LensAlias</a>.</p>",
       "min":1
     },
+    "LensArn":{"type":"string"},
     "LensDescription":{
       "type":"string",
       "documentation":"<p>The description of the lens.</p>",
       "max":1024,
       "min":1
     },
+    "LensJSON":{
+      "type":"string",
+      "max":500000,
+      "min":2
+    },
     "LensName":{
       "type":"string",
       "documentation":"<p>The full name of the lens.</p>",
       "max":128,
       "min":1
     },
+    "LensNamePrefix":{
+      "type":"string",
+      "max":100
+    },
+    "LensOwner":{"type":"string"},
     "LensReview":{
       "type":"structure",
       "members":{
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "LensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The version of the lens.</p>"
@@ -1256,6 +1728,10 @@
       "type":"structure",
       "members":{
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "Base64String":{"shape":"Base64String"}
       },
       "documentation":"<p>A report of a lens review.</p>"
@@ -1269,6 +1745,10 @@
       "type":"structure",
       "members":{
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "LensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The version of the lens.</p>"
@@ -1283,12 +1763,35 @@
       },
       "documentation":"<p>A lens review summary of a workload.</p>"
     },
+    "LensShareSummaries":{
+      "type":"list",
+      "member":{"shape":"LensShareSummary"}
+    },
+    "LensShareSummary":{
+      "type":"structure",
+      "members":{
+        "ShareId":{"shape":"ShareId"},
+        "SharedWith":{"shape":"SharedWith"},
+        "Status":{"shape":"ShareStatus"}
+      },
+      "documentation":"<p>A lens share summary return object.</p>"
+    },
     "LensStatus":{
       "type":"string",
       "enum":[
         "CURRENT",
         "NOT_CURRENT",
-        "DEPRECATED"
+        "DEPRECATED",
+        "DELETED",
+        "UNSHARED"
+      ]
+    },
+    "LensStatusType":{
+      "type":"string",
+      "enum":[
+        "ALL",
+        "DRAFT",
+        "PUBLISHED"
       ]
     },
     "LensSummaries":{
@@ -1299,22 +1802,49 @@
     "LensSummary":{
       "type":"structure",
       "members":{
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN of the lens.</p>"
+        },
         "LensAlias":{"shape":"LensAlias"},
+        "LensName":{"shape":"LensName"},
+        "LensType":{
+          "shape":"LensType",
+          "documentation":"<p>The type of the lens.</p>"
+        },
+        "Description":{"shape":"LensDescription"},
+        "CreatedAt":{"shape":"Timestamp"},
+        "UpdatedAt":{"shape":"Timestamp"},
         "LensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The version of the lens.</p>"
         },
-        "LensName":{"shape":"LensName"},
-        "Description":{"shape":"LensDescription"}
+        "Owner":{"shape":"AwsAccountId"},
+        "LensStatus":{
+          "shape":"LensStatus",
+          "documentation":"<p>The status of the lens.</p>"
+        }
       },
       "documentation":"<p>A lens summary of a lens.</p>"
     },
+    "LensType":{
+      "type":"string",
+      "enum":[
+        "AWS_OFFICIAL",
+        "CUSTOM_SHARED",
+        "CUSTOM_SELF"
+      ]
+    },
     "LensUpgradeSummary":{
       "type":"structure",
       "members":{
         "WorkloadId":{"shape":"WorkloadId"},
         "WorkloadName":{"shape":"WorkloadName"},
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "CurrentLensVersion":{
           "shape":"LensVersion",
           "documentation":"<p>The current version of the lens.</p>"
@@ -1328,7 +1858,7 @@
     },
     "LensVersion":{
       "type":"string",
-      "max":128,
+      "max":32,
       "min":1
     },
     "ListAnswersInput":{
@@ -1383,6 +1913,10 @@
         "WorkloadId":{"shape":"WorkloadId"},
         "MilestoneNumber":{"shape":"MilestoneNumber"},
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "AnswerSummaries":{"shape":"AnswerSummaries"},
         "NextToken":{"shape":"NextToken"}
       },
@@ -1440,6 +1974,10 @@
         "WorkloadId":{"shape":"WorkloadId"},
         "MilestoneNumber":{"shape":"MilestoneNumber"},
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "ImprovementSummaries":{"shape":"ImprovementSummaries"},
         "NextToken":{"shape":"NextToken"}
       },
@@ -1482,6 +2020,44 @@
       },
       "documentation":"<p>Output of a list lens reviews call.</p>"
     },
+    "ListLensSharesInput":{
+      "type":"structure",
+      "required":["LensAlias"],
+      "members":{
+        "LensAlias":{
+          "shape":"LensAlias",
+          "location":"uri",
+          "locationName":"LensAlias"
+        },
+        "SharedWithPrefix":{
+          "shape":"SharedWithPrefix",
+          "documentation":"<p>The Amazon Web Services account ID or IAM role with which the lens is shared.</p>",
+          "location":"querystring",
+          "locationName":"SharedWithPrefix"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "location":"querystring",
+          "locationName":"NextToken"
+        },
+        "MaxResults":{
+          "shape":"ListWorkloadSharesMaxResults",
+          "documentation":"<p>The maximum number of results to return for this request.</p>",
+          "location":"querystring",
+          "locationName":"MaxResults"
+        }
+      }
+    },
+    "ListLensSharesOutput":{
+      "type":"structure",
+      "members":{
+        "LensShareSummaries":{
+          "shape":"LensShareSummaries",
+          "documentation":"<p>A list of lens share summaries.</p>"
+        },
+        "NextToken":{"shape":"NextToken"}
+      }
+    },
     "ListLensesInput":{
       "type":"structure",
       "members":{
@@ -1494,6 +2070,23 @@
           "shape":"MaxResults",
           "location":"querystring",
           "locationName":"MaxResults"
+        },
+        "LensType":{
+          "shape":"LensType",
+          "documentation":"<p>The type of lenses to be returned.</p>",
+          "location":"querystring",
+          "locationName":"LensType"
+        },
+        "LensStatus":{
+          "shape":"LensStatusType",
+          "documentation":"<p>The status of lenses to be returned.</p>",
+          "location":"querystring",
+          "locationName":"LensStatus"
+        },
+        "LensName":{
+          "shape":"LensName",
+          "location":"querystring",
+          "locationName":"LensName"
         }
       },
       "documentation":"<p>Input to list lenses.</p>"
@@ -1563,6 +2156,18 @@
           "location":"querystring",
           "locationName":"WorkloadNamePrefix"
         },
+        "LensNamePrefix":{
+          "shape":"LensNamePrefix",
+          "documentation":"<p>An optional string added to the beginning of each lens name returned in the results.</p>",
+          "location":"querystring",
+          "locationName":"LensNamePrefix"
+        },
+        "ShareResourceType":{
+          "shape":"ShareResourceType",
+          "documentation":"<p>The type of share invitations to be returned.</p>",
+          "location":"querystring",
+          "locationName":"ShareResourceType"
+        },
         "NextToken":{
           "shape":"NextToken",
           "location":"querystring",
@@ -1624,7 +2229,7 @@
         },
         "SharedWithPrefix":{
           "shape":"SharedWithPrefix",
-          "documentation":"<p>The AWS account ID or IAM role with which the workload is shared.</p>",
+          "documentation":"<p>The Amazon Web Services account ID or IAM role with which the workload is shared.</p>",
           "location":"querystring",
           "locationName":"SharedWithPrefix"
         },
@@ -1770,6 +2375,7 @@
       "type":"structure",
       "members":{
         "PillarId":{"shape":"PillarId"},
+        "PillarName":{"shape":"PillarName"},
         "DifferenceStatus":{
           "shape":"DifferenceStatus",
           "documentation":"<p>Indicates the type of change to the pillar.</p>"
@@ -1928,7 +2534,16 @@
           "shape":"ShareInvitationId",
           "documentation":"<p>The ID assigned to the share invitation.</p>"
         },
-        "WorkloadId":{"shape":"WorkloadId"}
+        "ShareResourceType":{
+          "shape":"ShareResourceType",
+          "documentation":"<p>The resource type of the share invitation.</p>"
+        },
+        "WorkloadId":{"shape":"WorkloadId"},
+        "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        }
       },
       "documentation":"<p>The share invitation.</p>"
     },
@@ -1958,11 +2573,27 @@
         "SharedBy":{"shape":"AwsAccountId"},
         "SharedWith":{"shape":"SharedWith"},
         "PermissionType":{"shape":"PermissionType"},
+        "ShareResourceType":{
+          "shape":"ShareResourceType",
+          "documentation":"<p>The resource type of the share invitation.</p>"
+        },
         "WorkloadName":{"shape":"WorkloadName"},
-        "WorkloadId":{"shape":"WorkloadId"}
+        "WorkloadId":{"shape":"WorkloadId"},
+        "LensName":{"shape":"LensName"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        }
       },
       "documentation":"<p>A share invitation summary return object.</p>"
     },
+    "ShareResourceType":{
+      "type":"string",
+      "enum":[
+        "WORKLOAD",
+        "LENS"
+      ]
+    },
     "ShareStatus":{
       "type":"string",
       "documentation":"<p>The status of a workload share.</p>",
@@ -1976,7 +2607,7 @@
     },
     "SharedWith":{
       "type":"string",
-      "documentation":"<p>The AWS account ID or IAM role with which the workload is shared.</p>",
+      "documentation":"<p>The Amazon Web Services account ID or IAM role with which the workload is shared.</p>",
       "max":2048,
       "min":12
     },
@@ -2113,6 +2744,10 @@
       "members":{
         "WorkloadId":{"shape":"WorkloadId"},
         "LensAlias":{"shape":"LensAlias"},
+        "LensArn":{
+          "shape":"LensArn",
+          "documentation":"<p>The ARN for the lens.</p>"
+        },
         "Answer":{"shape":"Answer"}
       },
       "documentation":"<p>Output of a update answer call.</p>"
@@ -2355,7 +2990,7 @@
     "WorkloadAccountIds":{
       "type":"list",
       "member":{"shape":"AwsAccountId"},
-      "documentation":"<p>The list of AWS account IDs associated with the workload.</p>",
+      "documentation":"<p>The list of Amazon Web Services account IDs associated with the workload.</p>",
       "max":100
     },
     "WorkloadArchitecturalDesign":{
@@ -2370,7 +3005,7 @@
     "WorkloadAwsRegions":{
       "type":"list",
       "member":{"shape":"AwsRegion"},
-      "documentation":"<p>The list of AWS Regions associated with the workload, for example, <code>us-east-2</code>, or <code>ca-central-1</code>.</p>",
+      "documentation":"<p>The list of Amazon Web Services Regions associated with the workload, for example, <code>us-east-2</code>, or <code>ca-central-1</code>.</p>",
       "max":50
     },
     "WorkloadDescription":{
@@ -2389,7 +3024,7 @@
     },
     "WorkloadId":{
       "type":"string",
-      "documentation":"<p>The ID assigned to the workload. This ID is unique within an AWS Region.</p>",
+      "documentation":"<p>The ID assigned to the workload. This ID is unique within an Amazon Web Services Region.</p>",
       "pattern":"[0-9a-f]{32}"
     },
     "WorkloadImprovementStatus":{
@@ -2420,7 +3055,7 @@
     },
     "WorkloadName":{
       "type":"string",
-      "documentation":"<p>The name of the workload.</p> <p>The name must be unique within an account within a Region. Spaces and capitalization are ignored when checking for uniqueness.</p>",
+      "documentation":"<p>The name of the workload.</p> <p>The name must be unique within an account within an Amazon Web Services Region. Spaces and capitalization are ignored when checking for uniqueness.</p>",
       "max":100,
       "min":3
     },
@@ -2437,7 +3072,7 @@
     "WorkloadNonAwsRegions":{
       "type":"list",
       "member":{"shape":"WorkloadNonAwsRegion"},
-      "documentation":"<p> The list of non-AWS Regions associated with the workload.</p>",
+      "documentation":"<p> The list of non-Amazon Web Services Regions associated with the workload.</p>",
       "max":5
     },
     "WorkloadPillarPriorities":{
@@ -2499,5 +3134,5 @@
       "documentation":"<p>A workload summary return object.</p>"
     }
   },
-  "documentation":"<fullname>AWS Well-Architected Tool</fullname> <p>This is the <i>AWS Well-Architected Tool API Reference</i>. The AWS Well-Architected Tool API provides programmatic access to the <a href=\"http://aws.amazon.com/well-architected-tool\">AWS Well-Architected Tool</a> in the <a href=\"https://console.aws.amazon.com/wellarchitected\">AWS Management Console</a>. For information about the AWS Well-Architected Tool, see the <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/intro.html\">AWS Well-Architected Tool User Guide</a>.</p>"
+  "documentation":"<fullname>Well-Architected Tool</fullname> <p>This is the <i>Well-Architected Tool API Reference</i>. The WA Tool API provides programmatic access to the <a href=\"http://aws.amazon.com/well-architected-tool\">Well-Architected Tool</a> in the <a href=\"https://console.aws.amazon.com/wellarchitected\">Amazon Web Services Management Console</a>. For information about the Well-Architected Tool, see the <a href=\"https://docs.aws.amazon.com/wellarchitected/latest/userguide/intro.html\">Well-Architected Tool User Guide</a>.</p>"
 }
diff --git a/contrib/python/botocore/py3/botocore/data/workmail/2017-10-01/service-2.json b/contrib/python/botocore/py3/botocore/data/workmail/2017-10-01/service-2.json
index cb9a39aa40c..6c3928f3c4d 100644
--- a/contrib/python/botocore/py3/botocore/data/workmail/2017-10-01/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/workmail/2017-10-01/service-2.json
@@ -219,6 +219,22 @@
       "documentation":"<p>Remove one or more specified aliases from a set of aliases for a given user.</p>",
       "idempotent":true
     },
+    "DeleteEmailMonitoringConfiguration":{
+      "name":"DeleteEmailMonitoringConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteEmailMonitoringConfigurationRequest"},
+      "output":{"shape":"DeleteEmailMonitoringConfigurationResponse"},
+      "errors":[
+        {"shape":"InvalidParameterException"},
+        {"shape":"OrganizationNotFoundException"},
+        {"shape":"OrganizationStateException"}
+      ],
+      "documentation":"<p>Deletes the email monitoring configuration for a specified organization.</p>",
+      "idempotent":true
+    },
     "DeleteGroup":{
       "name":"DeleteGroup",
       "http":{
@@ -393,6 +409,23 @@
       "documentation":"<p>Removes a domain from Amazon WorkMail, stops email routing to WorkMail, and removes the authorization allowing WorkMail use. SES keeps the domain because other applications may use it. You must first remove any email address used by WorkMail entities before you remove the domain.</p>",
       "idempotent":true
     },
+    "DescribeEmailMonitoringConfiguration":{
+      "name":"DescribeEmailMonitoringConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeEmailMonitoringConfigurationRequest"},
+      "output":{"shape":"DescribeEmailMonitoringConfigurationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OrganizationNotFoundException"},
+        {"shape":"OrganizationStateException"}
+      ],
+      "documentation":"<p>Describes the current email monitoring configuration for a specified organization.</p>",
+      "idempotent":true
+    },
     "DescribeGroup":{
       "name":"DescribeGroup",
       "http":{
@@ -869,6 +902,23 @@
       ],
       "documentation":"<p>Adds a new access control rule for the specified organization. The rule allows or denies access to the organization for the specified IPv4 addresses, access protocol actions, and user IDs. Adding a new rule with the same name as an existing rule replaces the older rule.</p>"
     },
+    "PutEmailMonitoringConfiguration":{
+      "name":"PutEmailMonitoringConfiguration",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"PutEmailMonitoringConfigurationRequest"},
+      "output":{"shape":"PutEmailMonitoringConfigurationResponse"},
+      "errors":[
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"InvalidParameterException"},
+        {"shape":"OrganizationNotFoundException"},
+        {"shape":"OrganizationStateException"}
+      ],
+      "documentation":"<p>Creates or updates the email monitoring configuration for a specified organization.</p>",
+      "idempotent":true
+    },
     "PutInboundDmarcSettings":{
       "name":"PutInboundDmarcSettings",
       "http":{
@@ -1651,6 +1701,21 @@
       "members":{
       }
     },
+    "DeleteEmailMonitoringConfigurationRequest":{
+      "type":"structure",
+      "required":["OrganizationId"],
+      "members":{
+        "OrganizationId":{
+          "shape":"OrganizationId",
+          "documentation":"<p>The ID of the organization from which the email monitoring configuration is deleted.</p>"
+        }
+      }
+    },
+    "DeleteEmailMonitoringConfigurationResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteGroupRequest":{
       "type":"structure",
       "required":[
@@ -1894,6 +1959,29 @@
       "members":{
       }
     },
+    "DescribeEmailMonitoringConfigurationRequest":{
+      "type":"structure",
+      "required":["OrganizationId"],
+      "members":{
+        "OrganizationId":{
+          "shape":"OrganizationId",
+          "documentation":"<p>The ID of the organization for which the email monitoring configuration is described.</p>"
+        }
+      }
+    },
+    "DescribeEmailMonitoringConfigurationResponse":{
+      "type":"structure",
+      "members":{
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.</p>"
+        },
+        "LogGroupArn":{
+          "shape":"LogGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.</p>"
+        }
+      }
+    },
     "DescribeGroupRequest":{
       "type":"structure",
       "required":[
@@ -3258,6 +3346,12 @@
         }
       }
     },
+    "LogGroupArn":{
+      "type":"string",
+      "max":562,
+      "min":47,
+      "pattern":"arn:aws:logs:[a-z\\-0-9]*:[0-9]{12}:log-group:([\\.\\-_/#A-Za-z0-9]+):\\*$"
+    },
     "MailDomainInUseException":{
       "type":"structure",
       "members":{
@@ -3750,6 +3844,33 @@
       "members":{
       }
     },
+    "PutEmailMonitoringConfigurationRequest":{
+      "type":"structure",
+      "required":[
+        "OrganizationId",
+        "RoleArn",
+        "LogGroupArn"
+      ],
+      "members":{
+        "OrganizationId":{
+          "shape":"OrganizationId",
+          "documentation":"<p>The ID of the organization for which the email monitoring configuration is set.</p>"
+        },
+        "RoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the IAM Role associated with the email monitoring configuration.</p>"
+        },
+        "LogGroupArn":{
+          "shape":"LogGroupArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the CloudWatch Log group associated with the email monitoring configuration.</p>"
+        }
+      }
+    },
+    "PutEmailMonitoringConfigurationResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "PutInboundDmarcSettingsRequest":{
       "type":"structure",
       "required":[
diff --git a/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/paginators-1.json b/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/paginators-1.json
new file mode 100644
index 00000000000..ea142457a6a
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/paginators-1.json
@@ -0,0 +1,3 @@
+{
+  "pagination": {}
+}
diff --git a/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/service-2.json b/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/service-2.json
new file mode 100644
index 00000000000..caf6978c527
--- /dev/null
+++ b/contrib/python/botocore/py3/botocore/data/workspaces-web/2020-07-08/service-2.json
@@ -0,0 +1,2902 @@
+{
+  "version":"2.0",
+  "metadata":{
+    "apiVersion":"2020-07-08",
+    "endpointPrefix":"workspaces-web",
+    "jsonVersion":"1.1",
+    "protocol":"rest-json",
+    "serviceFullName":"Amazon WorkSpaces Web",
+    "serviceId":"WorkSpaces Web",
+    "signatureVersion":"v4",
+    "signingName":"workspaces-web",
+    "uid":"workspaces-web-2020-07-08"
+  },
+  "operations":{
+    "AssociateBrowserSettings":{
+      "name":"AssociateBrowserSettings",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/portals/{portalArn+}/browserSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateBrowserSettingsRequest"},
+      "output":{"shape":"AssociateBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Associates a browser settings resource with a web portal.</p>",
+      "idempotent":true
+    },
+    "AssociateNetworkSettings":{
+      "name":"AssociateNetworkSettings",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/portals/{portalArn+}/networkSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateNetworkSettingsRequest"},
+      "output":{"shape":"AssociateNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Associates a network settings resource with a web portal.</p>",
+      "idempotent":true
+    },
+    "AssociateTrustStore":{
+      "name":"AssociateTrustStore",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/portals/{portalArn+}/trustStores",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateTrustStoreRequest"},
+      "output":{"shape":"AssociateTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Associates a trust store with a web portal.</p>",
+      "idempotent":true
+    },
+    "AssociateUserSettings":{
+      "name":"AssociateUserSettings",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/portals/{portalArn+}/userSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"AssociateUserSettingsRequest"},
+      "output":{"shape":"AssociateUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Associates a user settings resource with a web portal.</p>",
+      "idempotent":true
+    },
+    "CreateBrowserSettings":{
+      "name":"CreateBrowserSettings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/browserSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateBrowserSettingsRequest"},
+      "output":{"shape":"CreateBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal. </p>"
+    },
+    "CreateIdentityProvider":{
+      "name":"CreateIdentityProvider",
+      "http":{
+        "method":"POST",
+        "requestUri":"/identityProviders",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateIdentityProviderRequest"},
+      "output":{"shape":"CreateIdentityProviderResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates an identity provider resource that is then associated with a web portal.</p>"
+    },
+    "CreateNetworkSettings":{
+      "name":"CreateNetworkSettings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/networkSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateNetworkSettingsRequest"},
+      "output":{"shape":"CreateNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a network settings resource that can be associated with a web portal. Once associated with a web portal, network settings define how streaming instances will connect with your specified VPC. </p>"
+    },
+    "CreatePortal":{
+      "name":"CreatePortal",
+      "http":{
+        "method":"POST",
+        "requestUri":"/portals",
+        "responseCode":200
+      },
+      "input":{"shape":"CreatePortalRequest"},
+      "output":{"shape":"CreatePortalResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a web portal.</p>"
+    },
+    "CreateTrustStore":{
+      "name":"CreateTrustStore",
+      "http":{
+        "method":"POST",
+        "requestUri":"/trustStores",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateTrustStoreRequest"},
+      "output":{"shape":"CreateTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a trust store that can be associated with a web portal. A trust store contains certificate authority (CA) certificates. Once associated with a web portal, the browser in a streaming session will recognize certificates that have been issued using any of the CAs in the trust store. If your organization has internal websites that use certificates issued by private CAs, you should add the private CA certificate to the trust store. </p>"
+    },
+    "CreateUserSettings":{
+      "name":"CreateUserSettings",
+      "http":{
+        "method":"POST",
+        "requestUri":"/userSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"CreateUserSettingsRequest"},
+      "output":{"shape":"CreateUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Creates a user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices. </p>"
+    },
+    "DeleteBrowserSettings":{
+      "name":"DeleteBrowserSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/browserSettings/{browserSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteBrowserSettingsRequest"},
+      "output":{"shape":"DeleteBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes browser settings.</p>",
+      "idempotent":true
+    },
+    "DeleteIdentityProvider":{
+      "name":"DeleteIdentityProvider",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/identityProviders/{identityProviderArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteIdentityProviderRequest"},
+      "output":{"shape":"DeleteIdentityProviderResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes the identity provider.</p>",
+      "idempotent":true
+    },
+    "DeleteNetworkSettings":{
+      "name":"DeleteNetworkSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/networkSettings/{networkSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteNetworkSettingsRequest"},
+      "output":{"shape":"DeleteNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes network settings.</p>",
+      "idempotent":true
+    },
+    "DeletePortal":{
+      "name":"DeletePortal",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/portals/{portalArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeletePortalRequest"},
+      "output":{"shape":"DeletePortalResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes a web portal.</p>",
+      "idempotent":true
+    },
+    "DeleteTrustStore":{
+      "name":"DeleteTrustStore",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/trustStores/{trustStoreArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteTrustStoreRequest"},
+      "output":{"shape":"DeleteTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes the trust store.</p>",
+      "idempotent":true
+    },
+    "DeleteUserSettings":{
+      "name":"DeleteUserSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/userSettings/{userSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"DeleteUserSettingsRequest"},
+      "output":{"shape":"DeleteUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"ConflictException"}
+      ],
+      "documentation":"<p>Deletes user settings.</p>",
+      "idempotent":true
+    },
+    "DisassociateBrowserSettings":{
+      "name":"DisassociateBrowserSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/portals/{portalArn+}/browserSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateBrowserSettingsRequest"},
+      "output":{"shape":"DisassociateBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Disassociates browser settings from a web portal.</p>",
+      "idempotent":true
+    },
+    "DisassociateNetworkSettings":{
+      "name":"DisassociateNetworkSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/portals/{portalArn+}/networkSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateNetworkSettingsRequest"},
+      "output":{"shape":"DisassociateNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Disassociates network settings from a web portal.</p>",
+      "idempotent":true
+    },
+    "DisassociateTrustStore":{
+      "name":"DisassociateTrustStore",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/portals/{portalArn+}/trustStores",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateTrustStoreRequest"},
+      "output":{"shape":"DisassociateTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Disassociates a trust store from a web portal.</p>",
+      "idempotent":true
+    },
+    "DisassociateUserSettings":{
+      "name":"DisassociateUserSettings",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/portals/{portalArn+}/userSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"DisassociateUserSettingsRequest"},
+      "output":{"shape":"DisassociateUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Disassociates user settings from a web portal.</p>",
+      "idempotent":true
+    },
+    "GetBrowserSettings":{
+      "name":"GetBrowserSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/browserSettings/{browserSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetBrowserSettingsRequest"},
+      "output":{"shape":"GetBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets browser settings.</p>"
+    },
+    "GetIdentityProvider":{
+      "name":"GetIdentityProvider",
+      "http":{
+        "method":"GET",
+        "requestUri":"/identityProviders/{identityProviderArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetIdentityProviderRequest"},
+      "output":{"shape":"GetIdentityProviderResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the identity provider.</p>"
+    },
+    "GetNetworkSettings":{
+      "name":"GetNetworkSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/networkSettings/{networkSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetNetworkSettingsRequest"},
+      "output":{"shape":"GetNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the network settings.</p>"
+    },
+    "GetPortal":{
+      "name":"GetPortal",
+      "http":{
+        "method":"GET",
+        "requestUri":"/portals/{portalArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPortalRequest"},
+      "output":{"shape":"GetPortalResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the web portal.</p>"
+    },
+    "GetPortalServiceProviderMetadata":{
+      "name":"GetPortalServiceProviderMetadata",
+      "http":{
+        "method":"GET",
+        "requestUri":"/portalIdp/{portalArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetPortalServiceProviderMetadataRequest"},
+      "output":{"shape":"GetPortalServiceProviderMetadataResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the service provider metadata.</p>"
+    },
+    "GetTrustStore":{
+      "name":"GetTrustStore",
+      "http":{
+        "method":"GET",
+        "requestUri":"/trustStores/{trustStoreArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetTrustStoreRequest"},
+      "output":{"shape":"GetTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the trust store.</p>"
+    },
+    "GetTrustStoreCertificate":{
+      "name":"GetTrustStoreCertificate",
+      "http":{
+        "method":"GET",
+        "requestUri":"/trustStores/{trustStoreArn+}/certificate",
+        "responseCode":200
+      },
+      "input":{"shape":"GetTrustStoreCertificateRequest"},
+      "output":{"shape":"GetTrustStoreCertificateResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets the trust store certificate.</p>"
+    },
+    "GetUserSettings":{
+      "name":"GetUserSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/userSettings/{userSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"GetUserSettingsRequest"},
+      "output":{"shape":"GetUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Gets user settings.</p>"
+    },
+    "ListBrowserSettings":{
+      "name":"ListBrowserSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/browserSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"ListBrowserSettingsRequest"},
+      "output":{"shape":"ListBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of browser settings.</p>"
+    },
+    "ListIdentityProviders":{
+      "name":"ListIdentityProviders",
+      "http":{
+        "method":"GET",
+        "requestUri":"/portals/{portalArn+}/identityProviders",
+        "responseCode":200
+      },
+      "input":{"shape":"ListIdentityProvidersRequest"},
+      "output":{"shape":"ListIdentityProvidersResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of identity providers for a specific web portal.</p>"
+    },
+    "ListNetworkSettings":{
+      "name":"ListNetworkSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/networkSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"ListNetworkSettingsRequest"},
+      "output":{"shape":"ListNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of network settings.</p>"
+    },
+    "ListPortals":{
+      "name":"ListPortals",
+      "http":{
+        "method":"GET",
+        "requestUri":"/portals",
+        "responseCode":200
+      },
+      "input":{"shape":"ListPortalsRequest"},
+      "output":{"shape":"ListPortalsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list or web portals.</p>"
+    },
+    "ListTagsForResource":{
+      "name":"ListTagsForResource",
+      "http":{
+        "method":"GET",
+        "requestUri":"/tags/{resourceArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTagsForResourceRequest"},
+      "output":{"shape":"ListTagsForResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of tags for a resource.</p>"
+    },
+    "ListTrustStoreCertificates":{
+      "name":"ListTrustStoreCertificates",
+      "http":{
+        "method":"GET",
+        "requestUri":"/trustStores/{trustStoreArn+}/certificates",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTrustStoreCertificatesRequest"},
+      "output":{"shape":"ListTrustStoreCertificatesResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of trust store certificates.</p>"
+    },
+    "ListTrustStores":{
+      "name":"ListTrustStores",
+      "http":{
+        "method":"GET",
+        "requestUri":"/trustStores",
+        "responseCode":200
+      },
+      "input":{"shape":"ListTrustStoresRequest"},
+      "output":{"shape":"ListTrustStoresResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of trust stores.</p>"
+    },
+    "ListUserSettings":{
+      "name":"ListUserSettings",
+      "http":{
+        "method":"GET",
+        "requestUri":"/userSettings",
+        "responseCode":200
+      },
+      "input":{"shape":"ListUserSettingsRequest"},
+      "output":{"shape":"ListUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Retrieves a list of user settings.</p>"
+    },
+    "TagResource":{
+      "name":"TagResource",
+      "http":{
+        "method":"POST",
+        "requestUri":"/tags/{resourceArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"TagResourceRequest"},
+      "output":{"shape":"TagResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"},
+        {"shape":"TooManyTagsException"}
+      ],
+      "documentation":"<p>Adds or overwrites one or more tags for the specified resource.</p>"
+    },
+    "UntagResource":{
+      "name":"UntagResource",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/tags/{resourceArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UntagResourceRequest"},
+      "output":{"shape":"UntagResourceResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Removes one or more tags from the specified resource.</p>",
+      "idempotent":true
+    },
+    "UpdateBrowserSettings":{
+      "name":"UpdateBrowserSettings",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/browserSettings/{browserSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateBrowserSettingsRequest"},
+      "output":{"shape":"UpdateBrowserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates browser settings.</p>"
+    },
+    "UpdateIdentityProvider":{
+      "name":"UpdateIdentityProvider",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/identityProviders/{identityProviderArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateIdentityProviderRequest"},
+      "output":{"shape":"UpdateIdentityProviderResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates the identity provider.</p>"
+    },
+    "UpdateNetworkSettings":{
+      "name":"UpdateNetworkSettings",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/networkSettings/{networkSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateNetworkSettingsRequest"},
+      "output":{"shape":"UpdateNetworkSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates network settings.</p>"
+    },
+    "UpdatePortal":{
+      "name":"UpdatePortal",
+      "http":{
+        "method":"PUT",
+        "requestUri":"/portals/{portalArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdatePortalRequest"},
+      "output":{"shape":"UpdatePortalResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates a web portal.</p>",
+      "idempotent":true
+    },
+    "UpdateTrustStore":{
+      "name":"UpdateTrustStore",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/trustStores/{trustStoreArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateTrustStoreRequest"},
+      "output":{"shape":"UpdateTrustStoreResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ServiceQuotaExceededException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates the trust store.</p>"
+    },
+    "UpdateUserSettings":{
+      "name":"UpdateUserSettings",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/userSettings/{userSettingsArn+}",
+        "responseCode":200
+      },
+      "input":{"shape":"UpdateUserSettingsRequest"},
+      "output":{"shape":"UpdateUserSettingsResponse"},
+      "errors":[
+        {"shape":"InternalServerException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"ThrottlingException"},
+        {"shape":"ValidationException"}
+      ],
+      "documentation":"<p>Updates the user settings.</p>"
+    }
+  },
+  "shapes":{
+    "ARN":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:[\\w+=\\/,.@-]+:[a-zA-Z0-9\\-]+:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\\/[a-fA-F0-9\\-]{36})+$"
+    },
+    "AccessDeniedException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"}
+      },
+      "documentation":"<p>Access is denied.</p>",
+      "error":{
+        "httpStatusCode":403,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ArnList":{
+      "type":"list",
+      "member":{"shape":"ARN"}
+    },
+    "AssociateBrowserSettingsRequest":{
+      "type":"structure",
+      "required":[
+        "browserSettingsArn",
+        "portalArn"
+      ],
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>",
+          "location":"querystring",
+          "locationName":"browserSettingsArn"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "AssociateBrowserSettingsResponse":{
+      "type":"structure",
+      "required":[
+        "browserSettingsArn",
+        "portalArn"
+      ],
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        }
+      }
+    },
+    "AssociateNetworkSettingsRequest":{
+      "type":"structure",
+      "required":[
+        "networkSettingsArn",
+        "portalArn"
+      ],
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>",
+          "location":"querystring",
+          "locationName":"networkSettingsArn"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "AssociateNetworkSettingsResponse":{
+      "type":"structure",
+      "required":[
+        "networkSettingsArn",
+        "portalArn"
+      ],
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        }
+      }
+    },
+    "AssociateTrustStoreRequest":{
+      "type":"structure",
+      "required":[
+        "portalArn",
+        "trustStoreArn"
+      ],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>",
+          "location":"querystring",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "AssociateTrustStoreResponse":{
+      "type":"structure",
+      "required":[
+        "portalArn",
+        "trustStoreArn"
+      ],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      }
+    },
+    "AssociateUserSettingsRequest":{
+      "type":"structure",
+      "required":[
+        "portalArn",
+        "userSettingsArn"
+      ],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>",
+          "location":"querystring",
+          "locationName":"userSettingsArn"
+        }
+      }
+    },
+    "AssociateUserSettingsResponse":{
+      "type":"structure",
+      "required":[
+        "portalArn",
+        "userSettingsArn"
+      ],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>"
+        }
+      }
+    },
+    "BrowserPolicy":{
+      "type":"string",
+      "max":131072,
+      "min":2,
+      "pattern":"\\{[\\S\\s]*\\}\\s*"
+    },
+    "BrowserSettings":{
+      "type":"structure",
+      "required":["browserSettingsArn"],
+      "members":{
+        "associatedPortalArns":{
+          "shape":"ArnList",
+          "documentation":"<p>A list of web portal ARNs that this browser settings is associated with.</p>"
+        },
+        "browserPolicy":{
+          "shape":"BrowserPolicy",
+          "documentation":"<p>A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions.</p>"
+        },
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>"
+        }
+      },
+      "documentation":"<p>The browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal. </p>"
+    },
+    "BrowserSettingsList":{
+      "type":"list",
+      "member":{"shape":"BrowserSettingsSummary"}
+    },
+    "BrowserSettingsSummary":{
+      "type":"structure",
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>"
+        }
+      },
+      "documentation":"<p>The summary for browser settings.</p>"
+    },
+    "BrowserType":{
+      "type":"string",
+      "enum":["Chrome"]
+    },
+    "Certificate":{
+      "type":"structure",
+      "members":{
+        "body":{
+          "shape":"CertificateAuthorityBody",
+          "documentation":"<p>The body of the certificate.</p>"
+        },
+        "issuer":{
+          "shape":"CertificatePrincipal",
+          "documentation":"<p>The entity that issued the certificate.</p>"
+        },
+        "notValidAfter":{
+          "shape":"Timestamp",
+          "documentation":"<p>The certificate is not valid after this date.</p>"
+        },
+        "notValidBefore":{
+          "shape":"Timestamp",
+          "documentation":"<p>The certificate is not valid before this date.</p>"
+        },
+        "subject":{
+          "shape":"CertificatePrincipal",
+          "documentation":"<p>The entity the certificate belongs to.</p>"
+        },
+        "thumbprint":{
+          "shape":"CertificateThumbprint",
+          "documentation":"<p>A hexadecimal identifier for the certificate.</p>"
+        }
+      },
+      "documentation":"<p>The certificate.</p>"
+    },
+    "CertificateAuthorityBody":{"type":"blob"},
+    "CertificateList":{
+      "type":"list",
+      "member":{"shape":"CertificateAuthorityBody"}
+    },
+    "CertificatePrincipal":{
+      "type":"string",
+      "max":256,
+      "min":1,
+      "pattern":"^\\S+$"
+    },
+    "CertificateSummary":{
+      "type":"structure",
+      "members":{
+        "issuer":{
+          "shape":"CertificatePrincipal",
+          "documentation":"<p>The entity that issued the certificate.</p>"
+        },
+        "notValidAfter":{
+          "shape":"Timestamp",
+          "documentation":"<p>The certificate is not valid after this date.</p>"
+        },
+        "notValidBefore":{
+          "shape":"Timestamp",
+          "documentation":"<p>The certificate is not valid before this date.</p>"
+        },
+        "subject":{
+          "shape":"CertificatePrincipal",
+          "documentation":"<p>The entity the certificate belongs to.</p>"
+        },
+        "thumbprint":{
+          "shape":"CertificateThumbprint",
+          "documentation":"<p>A hexadecimal identifier for the certificate.</p>"
+        }
+      },
+      "documentation":"<p>The summary of the certificate.</p>"
+    },
+    "CertificateSummaryList":{
+      "type":"list",
+      "member":{"shape":"CertificateSummary"}
+    },
+    "CertificateThumbprint":{
+      "type":"string",
+      "max":64,
+      "min":64,
+      "pattern":"^[A-Fa-f0-9]{64}$"
+    },
+    "CertificateThumbprintList":{
+      "type":"list",
+      "member":{"shape":"CertificateThumbprint"}
+    },
+    "ClientToken":{
+      "type":"string",
+      "max":512,
+      "min":1
+    },
+    "ConflictException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"},
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>Identifier of the resource affected.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>Type of the resource affected.</p>"
+        }
+      },
+      "documentation":"<p>There is a conflict.</p>",
+      "error":{
+        "httpStatusCode":409,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "CreateBrowserSettingsRequest":{
+      "type":"structure",
+      "required":["browserPolicy"],
+      "members":{
+        "additionalEncryptionContext":{
+          "shape":"EncryptionContextMap",
+          "documentation":"<p>Additional encryption context of the browser settings.</p>"
+        },
+        "browserPolicy":{
+          "shape":"BrowserPolicy",
+          "documentation":"<p>A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.</p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK. </p>",
+          "idempotencyToken":true
+        },
+        "customerManagedKey":{
+          "shape":"keyArn",
+          "documentation":"<p>The custom managed key of the browser settings.</p>"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to add to the browser settings resource. A tag is a key-value pair.</p>"
+        }
+      }
+    },
+    "CreateBrowserSettingsResponse":{
+      "type":"structure",
+      "required":["browserSettingsArn"],
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>"
+        }
+      }
+    },
+    "CreateIdentityProviderRequest":{
+      "type":"structure",
+      "required":[
+        "identityProviderDetails",
+        "identityProviderName",
+        "identityProviderType",
+        "portalArn"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.</p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "identityProviderDetails":{
+          "shape":"IdentityProviderDetails",
+          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type. </p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> <li> <p> <code>api_version</code> </p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>team_id</code> </p> </li> <li> <p> <code>key_id</code> </p> </li> <li> <p> <code>private_key</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> </ul> </li> <li> <p>For OIDC providers:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>attributes_request_method</code> </p> </li> <li> <p> <code>oidc_issuer</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> <li> <p> <code>authorize_url</code> <i>if not available from discovery URL specified by <code>oidc_issuer</code> key</i> </p> </li> <li> <p> <code>token_url</code> <i>if not available from discovery URL specified by <code>oidc_issuer</code> key</i> </p> </li> <li> <p> <code>attributes_url</code> <i>if not available from discovery URL specified by <code>oidc_issuer</code> key</i> </p> </li> <li> <p> <code>jwks_uri</code> <i>if not available from discovery URL specified by <code>oidc_issuer</code> key</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p> <code>MetadataFile</code> OR <code>MetadataURL</code> </p> </li> <li> <p> <code>IDPSignout</code> <i>optional</i> </p> </li> </ul> </li> </ul>"
+        },
+        "identityProviderName":{
+          "shape":"IdentityProviderName",
+          "documentation":"<p>The identity provider name.</p>"
+        },
+        "identityProviderType":{
+          "shape":"IdentityProviderType",
+          "documentation":"<p>The identity provider type.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        }
+      }
+    },
+    "CreateIdentityProviderResponse":{
+      "type":"structure",
+      "required":["identityProviderArn"],
+      "members":{
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>"
+        }
+      }
+    },
+    "CreateNetworkSettingsRequest":{
+      "type":"structure",
+      "required":[
+        "securityGroupIds",
+        "subnetIds",
+        "vpcId"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "securityGroupIds":{
+          "shape":"SecurityGroupIdList",
+          "documentation":"<p>One or more security groups used to control access from streaming instances to your VPC.</p>"
+        },
+        "subnetIds":{
+          "shape":"SubnetIdList",
+          "documentation":"<p>The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.</p>"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to add to the network settings resource. A tag is a key-value pair.</p>"
+        },
+        "vpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The VPC that streaming instances will connect to.</p>"
+        }
+      }
+    },
+    "CreateNetworkSettingsResponse":{
+      "type":"structure",
+      "required":["networkSettingsArn"],
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>"
+        }
+      }
+    },
+    "CreatePortalRequest":{
+      "type":"structure",
+      "members":{
+        "additionalEncryptionContext":{
+          "shape":"EncryptionContextMap",
+          "documentation":"<p>The additional encryption context of the portal.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "customerManagedKey":{
+          "shape":"keyArn",
+          "documentation":"<p>The customer managed key of the web portal.</p>"
+        },
+        "displayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The name of the web portal. This is not visible to users who log into the web portal.</p>"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to add to the web portal. A tag is a key-value pair.</p>"
+        }
+      }
+    },
+    "CreatePortalResponse":{
+      "type":"structure",
+      "required":[
+        "portalArn",
+        "portalEndpoint"
+      ],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "portalEndpoint":{
+          "shape":"PortalEndpoint",
+          "documentation":"<p>The endpoint URL of the web portal that users access in order to start streaming sessions.</p>"
+        }
+      }
+    },
+    "CreateTrustStoreRequest":{
+      "type":"structure",
+      "required":["certificateList"],
+      "members":{
+        "certificateList":{
+          "shape":"CertificateList",
+          "documentation":"<p>A list of CA certificates to be added to the trust store.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to add to the trust store. A tag is a key-value pair.</p>"
+        }
+      }
+    },
+    "CreateTrustStoreResponse":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      }
+    },
+    "CreateUserSettingsRequest":{
+      "type":"structure",
+      "required":[
+        "copyAllowed",
+        "downloadAllowed",
+        "pasteAllowed",
+        "printAllowed",
+        "uploadAllowed"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "copyAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can copy text from the streaming session to the local device.</p>"
+        },
+        "downloadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can download files from the streaming session to the local device.</p>"
+        },
+        "pasteAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can paste text from the local device to the streaming session.</p>"
+        },
+        "printAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can print to the local device.</p>"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags to add to the user settings resource. A tag is a key-value pair.</p>"
+        },
+        "uploadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can upload files from the local device to the streaming session.</p>"
+        }
+      }
+    },
+    "CreateUserSettingsResponse":{
+      "type":"structure",
+      "required":["userSettingsArn"],
+      "members":{
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>"
+        }
+      }
+    },
+    "DeleteBrowserSettingsRequest":{
+      "type":"structure",
+      "required":["browserSettingsArn"],
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>",
+          "location":"uri",
+          "locationName":"browserSettingsArn"
+        }
+      }
+    },
+    "DeleteBrowserSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteIdentityProviderRequest":{
+      "type":"structure",
+      "required":["identityProviderArn"],
+      "members":{
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>",
+          "location":"uri",
+          "locationName":"identityProviderArn"
+        }
+      }
+    },
+    "DeleteIdentityProviderResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteNetworkSettingsRequest":{
+      "type":"structure",
+      "required":["networkSettingsArn"],
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>",
+          "location":"uri",
+          "locationName":"networkSettingsArn"
+        }
+      }
+    },
+    "DeleteNetworkSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeletePortalRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "DeletePortalResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteTrustStoreRequest":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>",
+          "location":"uri",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "DeleteTrustStoreResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DeleteUserSettingsRequest":{
+      "type":"structure",
+      "required":["userSettingsArn"],
+      "members":{
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>",
+          "location":"uri",
+          "locationName":"userSettingsArn"
+        }
+      }
+    },
+    "DeleteUserSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateBrowserSettingsRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "DisassociateBrowserSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateNetworkSettingsRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "DisassociateNetworkSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateTrustStoreRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "DisassociateTrustStoreResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisassociateUserSettingsRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "DisassociateUserSettingsResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "DisplayName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^.+$"
+    },
+    "EnabledType":{
+      "type":"string",
+      "enum":[
+        "Disabled",
+        "Enabled"
+      ]
+    },
+    "EncryptionContextMap":{
+      "type":"map",
+      "key":{"shape":"StringType"},
+      "value":{"shape":"StringType"}
+    },
+    "ExceptionMessage":{"type":"string"},
+    "FieldName":{"type":"string"},
+    "GetBrowserSettingsRequest":{
+      "type":"structure",
+      "required":["browserSettingsArn"],
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>",
+          "location":"uri",
+          "locationName":"browserSettingsArn"
+        }
+      }
+    },
+    "GetBrowserSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "browserSettings":{
+          "shape":"BrowserSettings",
+          "documentation":"<p>The browser settings.</p>"
+        }
+      }
+    },
+    "GetIdentityProviderRequest":{
+      "type":"structure",
+      "required":["identityProviderArn"],
+      "members":{
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>",
+          "location":"uri",
+          "locationName":"identityProviderArn"
+        }
+      }
+    },
+    "GetIdentityProviderResponse":{
+      "type":"structure",
+      "members":{
+        "identityProvider":{
+          "shape":"IdentityProvider",
+          "documentation":"<p>The identity provider.</p>"
+        }
+      }
+    },
+    "GetNetworkSettingsRequest":{
+      "type":"structure",
+      "required":["networkSettingsArn"],
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>",
+          "location":"uri",
+          "locationName":"networkSettingsArn"
+        }
+      }
+    },
+    "GetNetworkSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "networkSettings":{
+          "shape":"NetworkSettings",
+          "documentation":"<p>The network settings.</p>"
+        }
+      }
+    },
+    "GetPortalRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "GetPortalResponse":{
+      "type":"structure",
+      "members":{
+        "portal":{
+          "shape":"Portal",
+          "documentation":"<p>The web portal.</p>"
+        }
+      }
+    },
+    "GetPortalServiceProviderMetadataRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "GetPortalServiceProviderMetadataResponse":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "serviceProviderSamlMetadata":{
+          "shape":"SamlMetadata",
+          "documentation":"<p>The service provider SAML metadata.</p>"
+        }
+      }
+    },
+    "GetTrustStoreCertificateRequest":{
+      "type":"structure",
+      "required":[
+        "thumbprint",
+        "trustStoreArn"
+      ],
+      "members":{
+        "thumbprint":{
+          "shape":"CertificateThumbprint",
+          "documentation":"<p>The thumbprint of the trust store certificate.</p>",
+          "location":"querystring",
+          "locationName":"thumbprint"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store certificate.</p>",
+          "location":"uri",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "GetTrustStoreCertificateResponse":{
+      "type":"structure",
+      "members":{
+        "certificate":{
+          "shape":"Certificate",
+          "documentation":"<p>The certificate of the trust store certificate.</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store certificate.</p>"
+        }
+      }
+    },
+    "GetTrustStoreRequest":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>",
+          "location":"uri",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "GetTrustStoreResponse":{
+      "type":"structure",
+      "members":{
+        "trustStore":{
+          "shape":"TrustStore",
+          "documentation":"<p>The trust store.</p>"
+        }
+      }
+    },
+    "GetUserSettingsRequest":{
+      "type":"structure",
+      "required":["userSettingsArn"],
+      "members":{
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>",
+          "location":"uri",
+          "locationName":"userSettingsArn"
+        }
+      }
+    },
+    "GetUserSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "userSettings":{
+          "shape":"UserSettings",
+          "documentation":"<p>The user settings.</p>"
+        }
+      }
+    },
+    "IdentityProvider":{
+      "type":"structure",
+      "required":["identityProviderArn"],
+      "members":{
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>"
+        },
+        "identityProviderDetails":{
+          "shape":"IdentityProviderDetails",
+          "documentation":"<p>The identity provider details. The following list describes the provider detail keys for each identity provider type. </p> <ul> <li> <p>For Google and Login with Amazon:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> </ul> </li> <li> <p>For Facebook:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> <li> <p> <code>api_version</code> </p> </li> </ul> </li> <li> <p>For Sign in with Apple:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>team_id</code> </p> </li> <li> <p> <code>key_id</code> </p> </li> <li> <p> <code>private_key</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> </ul> </li> <li> <p>For OIDC providers:</p> <ul> <li> <p> <code>client_id</code> </p> </li> <li> <p> <code>client_secret</code> </p> </li> <li> <p> <code>attributes_request_method</code> </p> </li> <li> <p> <code>oidc_issuer</code> </p> </li> <li> <p> <code>authorize_scopes</code> </p> </li> <li> <p> <code>authorize_url</code> <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p> <code>token_url</code> <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p> <code>attributes_url</code> <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> <li> <p> <code>jwks_uri</code> <i>if not available from discovery URL specified by oidc_issuer key</i> </p> </li> </ul> </li> <li> <p>For SAML providers:</p> <ul> <li> <p> <code>MetadataFile</code> OR <code>MetadataURL</code> </p> </li> <li> <p> <code>IDPSignout</code> <i>optional</i> </p> </li> </ul> </li> </ul>"
+        },
+        "identityProviderName":{
+          "shape":"IdentityProviderName",
+          "documentation":"<p>The identity provider name.</p>"
+        },
+        "identityProviderType":{
+          "shape":"IdentityProviderType",
+          "documentation":"<p>The identity provider type.</p>"
+        }
+      },
+      "documentation":"<p>The identity provider.</p>"
+    },
+    "IdentityProviderDetails":{
+      "type":"map",
+      "key":{"shape":"StringType"},
+      "value":{"shape":"StringType"}
+    },
+    "IdentityProviderList":{
+      "type":"list",
+      "member":{"shape":"IdentityProviderSummary"}
+    },
+    "IdentityProviderName":{
+      "type":"string",
+      "max":32,
+      "min":1,
+      "pattern":"^[^_][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_]+$"
+    },
+    "IdentityProviderSummary":{
+      "type":"structure",
+      "members":{
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>"
+        },
+        "identityProviderName":{
+          "shape":"IdentityProviderName",
+          "documentation":"<p>The identity provider name.</p>"
+        },
+        "identityProviderType":{
+          "shape":"IdentityProviderType",
+          "documentation":"<p>The identity provider type.</p>"
+        }
+      },
+      "documentation":"<p>The summary of the identity provider.</p>"
+    },
+    "IdentityProviderType":{
+      "type":"string",
+      "enum":[
+        "SAML",
+        "Facebook",
+        "Google",
+        "LoginWithAmazon",
+        "SignInWithApple",
+        "OIDC"
+      ]
+    },
+    "InternalServerException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"},
+        "retryAfterSeconds":{
+          "shape":"RetryAfterSeconds",
+          "documentation":"<p>Advice to clients on when the call can be safely retried.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        }
+      },
+      "documentation":"<p>There is an internal server error.</p>",
+      "error":{"httpStatusCode":500},
+      "exception":true,
+      "fault":true
+    },
+    "ListBrowserSettingsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListBrowserSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "browserSettings":{
+          "shape":"BrowserSettingsList",
+          "documentation":"<p>The browser settings.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "ListIdentityProvidersRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "ListIdentityProvidersResponse":{
+      "type":"structure",
+      "members":{
+        "identityProviders":{
+          "shape":"IdentityProviderList",
+          "documentation":"<p>The identity providers.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "ListNetworkSettingsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListNetworkSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "networkSettings":{
+          "shape":"NetworkSettingsList",
+          "documentation":"<p>The network settings.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        }
+      }
+    },
+    "ListPortalsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListPortalsResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation. </p>"
+        },
+        "portals":{
+          "shape":"PortalList",
+          "documentation":"<p>The portals in the list.</p>"
+        }
+      }
+    },
+    "ListTagsForResourceRequest":{
+      "type":"structure",
+      "required":["resourceArn"],
+      "members":{
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the resource.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        }
+      }
+    },
+    "ListTagsForResourceResponse":{
+      "type":"structure",
+      "members":{
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags of the resource.</p>"
+        }
+      }
+    },
+    "ListTrustStoreCertificatesRequest":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store</p>",
+          "location":"uri",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "ListTrustStoreCertificatesResponse":{
+      "type":"structure",
+      "members":{
+        "certificateList":{
+          "shape":"CertificateSummaryList",
+          "documentation":"<p>The certificate list.</p>"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.&gt;</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      }
+    },
+    "ListTrustStoresRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListTrustStoresResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation.</p>"
+        },
+        "trustStores":{
+          "shape":"TrustStoreSummaryList",
+          "documentation":"<p>The trust stores.</p>"
+        }
+      }
+    },
+    "ListUserSettingsRequest":{
+      "type":"structure",
+      "members":{
+        "maxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to be included in the next page.</p>",
+          "location":"querystring",
+          "locationName":"maxResults"
+        },
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation. </p>",
+          "location":"querystring",
+          "locationName":"nextToken"
+        }
+      }
+    },
+    "ListUserSettingsResponse":{
+      "type":"structure",
+      "members":{
+        "nextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The pagination token used to retrieve the next page of results for this operation. </p>"
+        },
+        "userSettings":{
+          "shape":"UserSettingsList",
+          "documentation":"<p>The user settings.</p>"
+        }
+      }
+    },
+    "MaxResults":{
+      "type":"integer",
+      "box":true,
+      "min":1
+    },
+    "NetworkSettings":{
+      "type":"structure",
+      "required":["networkSettingsArn"],
+      "members":{
+        "associatedPortalArns":{
+          "shape":"ArnList",
+          "documentation":"<p>A list of web portal ARNs that this network settings is associated with.</p>"
+        },
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>"
+        },
+        "securityGroupIds":{
+          "shape":"SecurityGroupIdList",
+          "documentation":"<p>One or more security groups used to control access from streaming instances to your VPC. </p>"
+        },
+        "subnetIds":{
+          "shape":"SubnetIdList",
+          "documentation":"<p>The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.</p>"
+        },
+        "vpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The VPC that streaming instances will connect to.</p>"
+        }
+      },
+      "documentation":"<p>A network settings resource that can be associated with a web portal. Once associated with a web portal, network settings define how streaming instances will connect with your specified VPC. </p>"
+    },
+    "NetworkSettingsList":{
+      "type":"list",
+      "member":{"shape":"NetworkSettingsSummary"}
+    },
+    "NetworkSettingsSummary":{
+      "type":"structure",
+      "members":{
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>"
+        },
+        "vpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The VPC ID of the network settings.</p>"
+        }
+      },
+      "documentation":"<p>The summary of network settings.</p>"
+    },
+    "PaginationToken":{
+      "type":"string",
+      "max":2048,
+      "min":1,
+      "pattern":"^\\S+$"
+    },
+    "Portal":{
+      "type":"structure",
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings that is associated with this web portal.</p>"
+        },
+        "browserType":{
+          "shape":"BrowserType",
+          "documentation":"<p>The browser that users see when using a streaming session.</p>"
+        },
+        "creationDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The creation date of the web portal.</p>"
+        },
+        "displayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The name of the web portal.</p>"
+        },
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings that is associated with the web portal.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "portalEndpoint":{
+          "shape":"PortalEndpoint",
+          "documentation":"<p>The endpoint URL of the web portal that users access in order to start streaming sessions.</p>"
+        },
+        "portalStatus":{
+          "shape":"PortalStatus",
+          "documentation":"<p>The status of the web portal.</p>"
+        },
+        "rendererType":{
+          "shape":"RendererType",
+          "documentation":"<p>The renderer that is used in streaming sessions.</p>"
+        },
+        "statusReason":{
+          "shape":"StatusReason",
+          "documentation":"<p>A message that explains why the web portal is in its current status.</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store that is associated with the web portal.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store that is associated with the web portal.</p>"
+        }
+      },
+      "documentation":"<p>The web portal.</p>"
+    },
+    "PortalEndpoint":{
+      "type":"string",
+      "max":253,
+      "min":1,
+      "pattern":"^[a-zA-Z0-9]?((?!-)([A-Za-z0-9-]*[A-Za-z0-9])\\.)+[a-zA-Z0-9]+$"
+    },
+    "PortalList":{
+      "type":"list",
+      "member":{"shape":"PortalSummary"}
+    },
+    "PortalStatus":{
+      "type":"string",
+      "enum":[
+        "Incomplete",
+        "Pending",
+        "Active"
+      ]
+    },
+    "PortalSummary":{
+      "type":"structure",
+      "members":{
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings that is associated with the web portal.</p>"
+        },
+        "browserType":{
+          "shape":"BrowserType",
+          "documentation":"<p>The browser type of the web portal.</p>"
+        },
+        "creationDate":{
+          "shape":"Timestamp",
+          "documentation":"<p>The creation date of the web portal.</p>"
+        },
+        "displayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The name of the web portal.</p>"
+        },
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings that is associated with the web portal.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>"
+        },
+        "portalEndpoint":{
+          "shape":"PortalEndpoint",
+          "documentation":"<p>The endpoint URL of the web portal that users access in order to start streaming sessions.</p>"
+        },
+        "portalStatus":{
+          "shape":"PortalStatus",
+          "documentation":"<p>The status of the web portal.</p>"
+        },
+        "rendererType":{
+          "shape":"RendererType",
+          "documentation":"<p>The renderer that is used in streaming sessions.</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust that is associated with this web portal.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings that is associated with the web portal.</p>"
+        }
+      },
+      "documentation":"<p>The summary of the portal.</p>"
+    },
+    "QuotaCode":{"type":"string"},
+    "RendererType":{
+      "type":"string",
+      "enum":["AppStream"]
+    },
+    "ResourceId":{"type":"string"},
+    "ResourceNotFoundException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"},
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>Hypothetical identifier of the resource affected.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p>Hypothetical type of the resource affected.</p>"
+        }
+      },
+      "documentation":"<p>The resource cannot be found.</p>",
+      "error":{
+        "httpStatusCode":404,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ResourceType":{"type":"string"},
+    "RetryAfterSeconds":{"type":"integer"},
+    "SamlMetadata":{
+      "type":"string",
+      "max":204800,
+      "min":1,
+      "pattern":"^.+$"
+    },
+    "SecurityGroupId":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^[\\w+\\-]+$"
+    },
+    "SecurityGroupIdList":{
+      "type":"list",
+      "member":{"shape":"SecurityGroupId"},
+      "max":5,
+      "min":1
+    },
+    "ServiceCode":{"type":"string"},
+    "ServiceQuotaExceededException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"},
+        "quotaCode":{
+          "shape":"QuotaCode",
+          "documentation":"<p>The originating quota.</p>"
+        },
+        "resourceId":{
+          "shape":"ResourceId",
+          "documentation":"<p>Identifier of the resource affected.</p>"
+        },
+        "resourceType":{
+          "shape":"ResourceType",
+          "documentation":"<p> Type of the resource affected.</p>"
+        },
+        "serviceCode":{
+          "shape":"ServiceCode",
+          "documentation":"<p>The originating service.</p>"
+        }
+      },
+      "documentation":"<p>The service quota has been exceeded.</p>",
+      "error":{
+        "httpStatusCode":402,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "StatusReason":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":".*"
+    },
+    "StringType":{
+      "type":"string",
+      "max":131072,
+      "min":0,
+      "pattern":"^[\\s\\S]*$"
+    },
+    "SubnetId":{
+      "type":"string",
+      "max":32,
+      "min":1,
+      "pattern":"^subnet-([0-9a-f]{8}|[0-9a-f]{17})$"
+    },
+    "SubnetIdList":{
+      "type":"list",
+      "member":{"shape":"SubnetId"},
+      "max":3,
+      "min":2
+    },
+    "Tag":{
+      "type":"structure",
+      "required":[
+        "Key",
+        "Value"
+      ],
+      "members":{
+        "Key":{
+          "shape":"TagKey",
+          "documentation":"<p>The key of the tag.</p>"
+        },
+        "Value":{
+          "shape":"TagValue",
+          "documentation":"<p>The value of the tag</p>"
+        }
+      },
+      "documentation":"<p>The tag.</p>"
+    },
+    "TagExceptionMessage":{"type":"string"},
+    "TagKey":{
+      "type":"string",
+      "max":128,
+      "min":1,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "TagKeyList":{
+      "type":"list",
+      "member":{"shape":"TagKey"},
+      "max":200,
+      "min":0
+    },
+    "TagList":{
+      "type":"list",
+      "member":{"shape":"Tag"},
+      "max":200,
+      "min":0
+    },
+    "TagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tags"
+      ],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the resource.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tags":{
+          "shape":"TagList",
+          "documentation":"<p>The tags of the resource.</p>"
+        }
+      }
+    },
+    "TagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "TagValue":{
+      "type":"string",
+      "max":256,
+      "min":0,
+      "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$"
+    },
+    "ThrottlingException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"ExceptionMessage"},
+        "quotaCode":{
+          "shape":"QuotaCode",
+          "documentation":"<p>The originating quota.</p>"
+        },
+        "retryAfterSeconds":{
+          "shape":"RetryAfterSeconds",
+          "documentation":"<p>Advice to clients on when the call can be safely retried.</p>",
+          "location":"header",
+          "locationName":"Retry-After"
+        },
+        "serviceCode":{
+          "shape":"ServiceCode",
+          "documentation":"<p>The originating service.</p>"
+        }
+      },
+      "documentation":"<p>There is a throttling error.</p>",
+      "error":{
+        "httpStatusCode":429,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "Timestamp":{"type":"timestamp"},
+    "TooManyTagsException":{
+      "type":"structure",
+      "members":{
+        "message":{"shape":"TagExceptionMessage"},
+        "resourceName":{
+          "shape":"ARN",
+          "documentation":"<p>Name of the resource affected.</p>"
+        }
+      },
+      "documentation":"<p>There are too many tags.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "TrustStore":{
+      "type":"structure",
+      "members":{
+        "associatedPortalArns":{
+          "shape":"ArnList",
+          "documentation":"<p>A list of web portal ARNs that this trust store is associated with.</p>"
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      },
+      "documentation":"<p>A trust store that can be associated with a web portal. A trust store contains certificate authority (CA) certificates. Once associated with a web portal, the browser in a streaming session will recognize certificates that have been issued using any of the CAs in the trust store. If your organization has internal websites that use certificates issued by private CAs, you should add the private CA certificate to the trust store. </p>"
+    },
+    "TrustStoreSummary":{
+      "type":"structure",
+      "members":{
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      },
+      "documentation":"<p>The summary of the trust store.</p>"
+    },
+    "TrustStoreSummaryList":{
+      "type":"list",
+      "member":{"shape":"TrustStoreSummary"}
+    },
+    "UntagResourceRequest":{
+      "type":"structure",
+      "required":[
+        "resourceArn",
+        "tagKeys"
+      ],
+      "members":{
+        "resourceArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the resource.</p>",
+          "location":"uri",
+          "locationName":"resourceArn"
+        },
+        "tagKeys":{
+          "shape":"TagKeyList",
+          "documentation":"<p>The list of tag keys to remove from the resource.</p>",
+          "location":"querystring",
+          "locationName":"tagKeys"
+        }
+      }
+    },
+    "UntagResourceResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
+    "UpdateBrowserSettingsRequest":{
+      "type":"structure",
+      "required":["browserSettingsArn"],
+      "members":{
+        "browserPolicy":{
+          "shape":"BrowserPolicy",
+          "documentation":"<p>A JSON string containing Chrome Enterprise policies that will be applied to all streaming sessions. </p>"
+        },
+        "browserSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the browser settings.</p>",
+          "location":"uri",
+          "locationName":"browserSettingsArn"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        }
+      }
+    },
+    "UpdateBrowserSettingsResponse":{
+      "type":"structure",
+      "required":["browserSettings"],
+      "members":{
+        "browserSettings":{
+          "shape":"BrowserSettings",
+          "documentation":"<p>The browser settings.</p>"
+        }
+      }
+    },
+    "UpdateIdentityProviderRequest":{
+      "type":"structure",
+      "required":["identityProviderArn"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "identityProviderArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the identity provider.</p>",
+          "location":"uri",
+          "locationName":"identityProviderArn"
+        },
+        "identityProviderDetails":{
+          "shape":"IdentityProviderDetails",
+          "documentation":"<p>The details of the identity provider.</p>"
+        },
+        "identityProviderName":{
+          "shape":"IdentityProviderName",
+          "documentation":"<p>The name of the identity provider.</p>"
+        },
+        "identityProviderType":{
+          "shape":"IdentityProviderType",
+          "documentation":"<p>The type of the identity provider.</p>"
+        }
+      }
+    },
+    "UpdateIdentityProviderResponse":{
+      "type":"structure",
+      "required":["identityProvider"],
+      "members":{
+        "identityProvider":{
+          "shape":"IdentityProvider",
+          "documentation":"<p>The identity provider.</p>"
+        }
+      }
+    },
+    "UpdateNetworkSettingsRequest":{
+      "type":"structure",
+      "required":["networkSettingsArn"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "networkSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the network settings.</p>",
+          "location":"uri",
+          "locationName":"networkSettingsArn"
+        },
+        "securityGroupIds":{
+          "shape":"SecurityGroupIdList",
+          "documentation":"<p>One or more security groups used to control access from streaming instances to your VPC.</p>"
+        },
+        "subnetIds":{
+          "shape":"SubnetIdList",
+          "documentation":"<p>The subnets in which network interfaces are created to connect streaming instances to your VPC. At least two of these subnets must be in different availability zones.</p>"
+        },
+        "vpcId":{
+          "shape":"VpcId",
+          "documentation":"<p>The VPC that streaming instances will connect to.</p>"
+        }
+      }
+    },
+    "UpdateNetworkSettingsResponse":{
+      "type":"structure",
+      "required":["networkSettings"],
+      "members":{
+        "networkSettings":{
+          "shape":"NetworkSettings",
+          "documentation":"<p>The network settings.</p>"
+        }
+      }
+    },
+    "UpdatePortalRequest":{
+      "type":"structure",
+      "required":["portalArn"],
+      "members":{
+        "displayName":{
+          "shape":"DisplayName",
+          "documentation":"<p>The name of the web portal. This is not visible to users who log into the web portal.</p>"
+        },
+        "portalArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the web portal.</p>",
+          "location":"uri",
+          "locationName":"portalArn"
+        }
+      }
+    },
+    "UpdatePortalResponse":{
+      "type":"structure",
+      "members":{
+        "portal":{
+          "shape":"Portal",
+          "documentation":"<p>The web portal.</p>"
+        }
+      }
+    },
+    "UpdateTrustStoreRequest":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "certificatesToAdd":{
+          "shape":"CertificateList",
+          "documentation":"<p>A list of CA certificates to add to the trust store.</p>"
+        },
+        "certificatesToDelete":{
+          "shape":"CertificateThumbprintList",
+          "documentation":"<p>A list of CA certificates to delete from a trust store.</p>"
+        },
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>",
+          "location":"uri",
+          "locationName":"trustStoreArn"
+        }
+      }
+    },
+    "UpdateTrustStoreResponse":{
+      "type":"structure",
+      "required":["trustStoreArn"],
+      "members":{
+        "trustStoreArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the trust store.</p>"
+        }
+      }
+    },
+    "UpdateUserSettingsRequest":{
+      "type":"structure",
+      "required":["userSettingsArn"],
+      "members":{
+        "clientToken":{
+          "shape":"ClientToken",
+          "documentation":"<p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. </p> <p>If you do not specify a client token, one is automatically generated by the AWS SDK.</p>",
+          "idempotencyToken":true
+        },
+        "copyAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can copy text from the streaming session to the local device.</p>"
+        },
+        "downloadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can download files from the streaming session to the local device.</p>"
+        },
+        "pasteAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can paste text from the local device to the streaming session.</p>"
+        },
+        "printAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can print to the local device.</p>"
+        },
+        "uploadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can upload files from the local device to the streaming session.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>",
+          "location":"uri",
+          "locationName":"userSettingsArn"
+        }
+      }
+    },
+    "UpdateUserSettingsResponse":{
+      "type":"structure",
+      "required":["userSettings"],
+      "members":{
+        "userSettings":{
+          "shape":"UserSettings",
+          "documentation":"<p>The user settings.</p>"
+        }
+      }
+    },
+    "UserSettings":{
+      "type":"structure",
+      "required":["userSettingsArn"],
+      "members":{
+        "associatedPortalArns":{
+          "shape":"ArnList",
+          "documentation":"<p>A list of web portal ARNs that this user settings is associated with.</p>"
+        },
+        "copyAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can copy text from the streaming session to the local device.</p>"
+        },
+        "downloadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can download files from the streaming session to the local device.</p>"
+        },
+        "pasteAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can paste text from the local device to the streaming session.</p>"
+        },
+        "printAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can print to the local device.</p>"
+        },
+        "uploadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can upload files from the local device to the streaming session.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>"
+        }
+      },
+      "documentation":"<p>A user settings resource that can be associated with a web portal. Once associated with a web portal, user settings control how users can transfer data between a streaming session and the their local devices. </p>"
+    },
+    "UserSettingsList":{
+      "type":"list",
+      "member":{"shape":"UserSettingsSummary"}
+    },
+    "UserSettingsSummary":{
+      "type":"structure",
+      "members":{
+        "copyAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can copy text from the streaming session to the local device.</p>"
+        },
+        "downloadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can download files from the streaming session to the local device.</p>"
+        },
+        "pasteAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can paste text from the local device to the streaming session.</p>"
+        },
+        "printAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can print to the local device.</p>"
+        },
+        "uploadAllowed":{
+          "shape":"EnabledType",
+          "documentation":"<p>Specifies whether the user can upload files from the local device to the streaming session.</p>"
+        },
+        "userSettingsArn":{
+          "shape":"ARN",
+          "documentation":"<p>The ARN of the user settings.</p>"
+        }
+      },
+      "documentation":"<p>The summary of user settings.</p>"
+    },
+    "ValidationException":{
+      "type":"structure",
+      "members":{
+        "fieldList":{
+          "shape":"ValidationExceptionFieldList",
+          "documentation":"<p>The field that caused the error.</p>"
+        },
+        "message":{"shape":"ExceptionMessage"},
+        "reason":{
+          "shape":"ValidationExceptionReason",
+          "documentation":"<p>Reason the request failed validation</p>"
+        }
+      },
+      "documentation":"<p>There is a validation error.</p>",
+      "error":{
+        "httpStatusCode":400,
+        "senderFault":true
+      },
+      "exception":true
+    },
+    "ValidationExceptionField":{
+      "type":"structure",
+      "required":[
+        "message",
+        "name"
+      ],
+      "members":{
+        "message":{
+          "shape":"ExceptionMessage",
+          "documentation":"<p>The message describing why the field failed validation.</p>"
+        },
+        "name":{
+          "shape":"FieldName",
+          "documentation":"<p>The name of the field that failed validation.</p>"
+        }
+      },
+      "documentation":"<p>Information about a field passed inside a request that resulted in an exception.</p>"
+    },
+    "ValidationExceptionFieldList":{
+      "type":"list",
+      "member":{"shape":"ValidationExceptionField"}
+    },
+    "ValidationExceptionReason":{
+      "type":"string",
+      "enum":[
+        "unknownOperation",
+        "cannotParse",
+        "fieldValidationFailed",
+        "other"
+      ]
+    },
+    "VpcId":{
+      "type":"string",
+      "max":255,
+      "min":1,
+      "pattern":"^vpc-[0-9a-z]*$"
+    },
+    "keyArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:[\\w+=\\/,.@-]+:kms:[a-zA-Z0-9\\-]*:[a-zA-Z0-9]{1,12}:key\\/[a-zA-Z0-9-]+$"
+    }
+  },
+  "documentation":"<p>WorkSpaces Web is a low cost, fully managed WorkSpace built specifically to facilitate secure, web-based workloads. WorkSpaces Web makes it easy for customers to safely provide their employees with access to internal websites and SaaS web applications without the administrative burden of appliances or specialized client software. WorkSpaces Web provides simple policy tools tailored for user interactions, while offloading common tasks like capacity management, scaling, and maintaining browser images.</p>"
+}
diff --git a/contrib/python/botocore/py3/botocore/data/workspaces/2015-04-08/service-2.json b/contrib/python/botocore/py3/botocore/data/workspaces/2015-04-08/service-2.json
index 9df67935220..f782c3e9443 100644
--- a/contrib/python/botocore/py3/botocore/data/workspaces/2015-04-08/service-2.json
+++ b/contrib/python/botocore/py3/botocore/data/workspaces/2015-04-08/service-2.json
@@ -84,6 +84,23 @@
       ],
       "documentation":"<p>Copies the specified image from the specified Region to the current Region. For more information about copying images, see <a href=\"https://docs.aws.amazon.com/workspaces/latest/adminguide/copy-custom-image.html\"> Copy a Custom WorkSpaces Image</a>.</p> <p>In the China (Ningxia) Region, you can copy images only within the same Region.</p> <p>In Amazon Web Services GovCloud (US), to copy images to and from other Regions, contact Amazon Web Services Support.</p> <important> <p>Before copying a shared image, be sure to verify that it has been shared from the correct Amazon Web Services account. To determine if an image has been shared and to see the ID of the Amazon Web Services account that owns an image, use the <a href=\"https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImages.html\">DescribeWorkSpaceImages</a> and <a href=\"https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImagePermissions.html\">DescribeWorkspaceImagePermissions</a> API operations. </p> </important>"
     },
+    "CreateConnectClientAddIn":{
+      "name":"CreateConnectClientAddIn",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"CreateConnectClientAddInRequest"},
+      "output":{"shape":"CreateConnectClientAddInResult"},
+      "errors":[
+        {"shape":"InvalidParameterValuesException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"ResourceCreationFailedException"},
+        {"shape":"ResourceAlreadyExistsException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Creates a client-add-in for Amazon Connect within a directory. You can create only one Amazon Connect client add-in within a directory.</p> <p>This client add-in allows WorkSpaces users to seamlessly connect to Amazon Connect.</p>"
+    },
     "CreateConnectionAlias":{
       "name":"CreateConnectionAlias",
       "http":{
@@ -151,7 +168,7 @@
         {"shape":"AccessDeniedException"},
         {"shape":"InvalidParameterValuesException"}
       ],
-      "documentation":"<p>Creates a new updated WorkSpace image based on the specified source image. The new updated WorkSpace image has the latest drivers and other updates required by the Amazon WorkSpaces components.</p> <p>To determine which WorkSpace images need to be updated with the latest Amazon WorkSpaces requirements, use <a href=\"https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImages.html\"> DescribeWorkspaceImages</a>.</p> <note> <ul> <li> <p>Only Windows 10 WorkSpace images can be programmatically updated at this time.</p> </li> <li> <p>Microsoft Windows updates and other application updates are not included in the update process.</p> </li> <li> <p>The source WorkSpace image is not deleted. You can delete the source image after you've verified your new updated image and created a new bundle. </p> </li> </ul> </note>"
+      "documentation":"<p>Creates a new updated WorkSpace image based on the specified source image. The new updated WorkSpace image has the latest drivers and other updates required by the Amazon WorkSpaces components.</p> <p>To determine which WorkSpace images need to be updated with the latest Amazon WorkSpaces requirements, use <a href=\"https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaceImages.html\"> DescribeWorkspaceImages</a>.</p> <note> <ul> <li> <p>Only Windows 10, Windows Sever 2016, and Windows Server 2019 WorkSpace images can be programmatically updated at this time.</p> </li> <li> <p>Microsoft Windows updates and other application updates are not included in the update process.</p> </li> <li> <p>The source WorkSpace image is not deleted. You can delete the source image after you've verified your new updated image and created a new bundle. </p> </li> </ul> </note>"
     },
     "CreateWorkspaceBundle":{
       "name":"CreateWorkspaceBundle",
@@ -185,6 +202,21 @@
       ],
       "documentation":"<p>Creates one or more WorkSpaces.</p> <p>This operation is asynchronous and returns before the WorkSpaces are created.</p>"
     },
+    "DeleteConnectClientAddIn":{
+      "name":"DeleteConnectClientAddIn",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DeleteConnectClientAddInRequest"},
+      "output":{"shape":"DeleteConnectClientAddInResult"},
+      "errors":[
+        {"shape":"InvalidParameterValuesException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Deletes a client-add-in for Amazon Connect that is configured within a directory.</p>"
+    },
     "DeleteConnectionAlias":{
       "name":"DeleteConnectionAlias",
       "http":{
@@ -322,6 +354,21 @@
       ],
       "documentation":"<p>Retrieves a list that describes one or more specified Amazon WorkSpaces clients.</p>"
     },
+    "DescribeConnectClientAddIns":{
+      "name":"DescribeConnectClientAddIns",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"DescribeConnectClientAddInsRequest"},
+      "output":{"shape":"DescribeConnectClientAddInsResult"},
+      "errors":[
+        {"shape":"InvalidParameterValuesException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Retrieves a list of Amazon Connect client add-ins that have been created.</p>"
+    },
     "DescribeConnectionAliasPermissions":{
       "name":"DescribeConnectionAliasPermissions",
       "http":{
@@ -771,6 +818,21 @@
       "output":{"shape":"TerminateWorkspacesResult"},
       "documentation":"<p>Terminates the specified WorkSpaces.</p> <important> <p>Terminating a WorkSpace is a permanent action and cannot be undone. The user's data is destroyed. If you need to archive any user data, contact Amazon Web Services Support before terminating the WorkSpace.</p> </important> <p>You can terminate a WorkSpace that is in any state except <code>SUSPENDED</code>.</p> <p>This operation is asynchronous and returns before the WorkSpaces have been completely terminated. After a WorkSpace is terminated, the <code>TERMINATED</code> state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using <a href=\"https://docs.aws.amazon.com/workspaces/latest/api/API_DescribeWorkspaces.html\"> DescribeWorkSpaces</a>. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.</p> <note> <p>Simple AD and AD Connector are made available to you free of charge to use with WorkSpaces. If there are no WorkSpaces being used with your Simple AD or AD Connector directory for 30 consecutive days, this directory will be automatically deregistered for use with Amazon WorkSpaces, and you will be charged for this directory as per the <a href=\"http://aws.amazon.com/directoryservice/pricing/\">Directory Service pricing terms</a>.</p> <p>To delete empty directories, see <a href=\"https://docs.aws.amazon.com/workspaces/latest/adminguide/delete-workspaces-directory.html\"> Delete the Directory for Your WorkSpaces</a>. If you delete your Simple AD or AD Connector directory, you can always create a new one when you want to start using WorkSpaces again.</p> </note>"
     },
+    "UpdateConnectClientAddIn":{
+      "name":"UpdateConnectClientAddIn",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"UpdateConnectClientAddInRequest"},
+      "output":{"shape":"UpdateConnectClientAddInResult"},
+      "errors":[
+        {"shape":"InvalidParameterValuesException"},
+        {"shape":"ResourceNotFoundException"},
+        {"shape":"AccessDeniedException"}
+      ],
+      "documentation":"<p>Updates a Amazon Connect client add-in. Use this action to update the name and endpoint URL of a Amazon Connect client add-in.</p>"
+    },
     "UpdateConnectionAliasPermission":{
       "name":"UpdateConnectionAliasPermission",
       "http":{
@@ -895,7 +957,25 @@
       "type":"list",
       "member":{"shape":"AccountModification"}
     },
+    "AddInName":{
+      "type":"string",
+      "max":64,
+      "min":1,
+      "pattern":"^.*$"
+    },
+    "AddInUrl":{
+      "type":"string",
+      "max":1024,
+      "min":1,
+      "pattern":"^(http|https)\\://\\S+"
+    },
     "Alias":{"type":"string"},
+    "AmazonUuid":{
+      "type":"string",
+      "max":36,
+      "min":36,
+      "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+    },
     "Application":{
       "type":"string",
       "enum":[
@@ -1060,6 +1140,32 @@
       "documentation":"<p>Describes the compute type of the bundle.</p>"
     },
     "ComputerName":{"type":"string"},
+    "ConnectClientAddIn":{
+      "type":"structure",
+      "members":{
+        "AddInId":{
+          "shape":"AmazonUuid",
+          "documentation":"<p>The client add-in identifier.</p>"
+        },
+        "ResourceId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>The directory identifier for which the client add-in is configured.</p>"
+        },
+        "Name":{
+          "shape":"AddInName",
+          "documentation":"<p>The name of the client add in.</p>"
+        },
+        "URL":{
+          "shape":"AddInUrl",
+          "documentation":"<p>The endpoint URL of the client add-in.</p>"
+        }
+      },
+      "documentation":"<p>Describes an Amazon Connect client add-in.</p>"
+    },
+    "ConnectClientAddInList":{
+      "type":"list",
+      "member":{"shape":"ConnectClientAddIn"}
+    },
     "ConnectionAlias":{
       "type":"structure",
       "members":{
@@ -1223,6 +1329,37 @@
         }
       }
     },
+    "CreateConnectClientAddInRequest":{
+      "type":"structure",
+      "required":[
+        "ResourceId",
+        "Name",
+        "URL"
+      ],
+      "members":{
+        "ResourceId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>The directory identifier for which to configure the client add-in.</p>"
+        },
+        "Name":{
+          "shape":"AddInName",
+          "documentation":"<p>The name of the client add-in.</p>"
+        },
+        "URL":{
+          "shape":"AddInUrl",
+          "documentation":"<p>The endpoint URL of the Amazon Connect client add-in.</p>"
+        }
+      }
+    },
+    "CreateConnectClientAddInResult":{
+      "type":"structure",
+      "members":{
+        "AddInId":{
+          "shape":"AmazonUuid",
+          "documentation":"<p>The client add-in identifier.</p>"
+        }
+      }
+    },
     "CreateConnectionAliasRequest":{
       "type":"structure",
       "required":["ConnectionString"],
@@ -1452,6 +1589,28 @@
       },
       "documentation":"<p>Describes the default values that are used to create WorkSpaces. For more information, see <a href=\"https://docs.aws.amazon.com/workspaces/latest/adminguide/update-directory-details.html\">Update Directory Details for Your WorkSpaces</a>.</p>"
     },
+    "DeleteConnectClientAddInRequest":{
+      "type":"structure",
+      "required":[
+        "AddInId",
+        "ResourceId"
+      ],
+      "members":{
+        "AddInId":{
+          "shape":"AmazonUuid",
+          "documentation":"<p>The identifier of the client add-in to delete.</p>"
+        },
+        "ResourceId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>The directory identifier for which the client add-in is configured.</p>"
+        }
+      }
+    },
+    "DeleteConnectClientAddInResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteConnectionAliasRequest":{
       "type":"structure",
       "required":["AliasId"],
@@ -1607,6 +1766,37 @@
         }
       }
     },
+    "DescribeConnectClientAddInsRequest":{
+      "type":"structure",
+      "required":["ResourceId"],
+      "members":{
+        "ResourceId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>The directory identifier for which the client add-in is configured.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>If you received a <code>NextToken</code> from a previous call that was paginated, provide this token to receive the next set of results.</p>"
+        },
+        "MaxResults":{
+          "shape":"Limit",
+          "documentation":"<p>The maximum number of items to return.</p>"
+        }
+      }
+    },
+    "DescribeConnectClientAddInsResult":{
+      "type":"structure",
+      "members":{
+        "AddIns":{
+          "shape":"ConnectClientAddInList",
+          "documentation":"<p>Information about client add-ins.</p>"
+        },
+        "NextToken":{
+          "shape":"PaginationToken",
+          "documentation":"<p>The token to use to retrieve the next page of results. This value is null when there are no more results to return. </p>"
+        }
+      }
+    },
     "DescribeConnectionAliasPermissionsRequest":{
       "type":"structure",
       "required":["AliasId"],
@@ -2970,6 +3160,36 @@
       "documentation":"<p>The configuration of this WorkSpace is not supported for this operation. For more information, see <a href=\"https://docs.aws.amazon.com/workspaces/latest/adminguide/required-service-components.html\">Required Configuration and Service Components for WorkSpaces </a>.</p>",
       "exception":true
     },
+    "UpdateConnectClientAddInRequest":{
+      "type":"structure",
+      "required":[
+        "AddInId",
+        "ResourceId"
+      ],
+      "members":{
+        "AddInId":{
+          "shape":"AmazonUuid",
+          "documentation":"<p>The identifier of the client add-in to update.</p>"
+        },
+        "ResourceId":{
+          "shape":"DirectoryId",
+          "documentation":"<p>The directory identifier for which the client add-in is configured.</p>"
+        },
+        "Name":{
+          "shape":"AddInName",
+          "documentation":"<p>The name of the client add-in.</p>"
+        },
+        "URL":{
+          "shape":"AddInUrl",
+          "documentation":"<p>The endpoint URL of the Amazon Connect client add-in.</p>"
+        }
+      }
+    },
+    "UpdateConnectClientAddInResult":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "UpdateConnectionAliasPermissionRequest":{
       "type":"structure",
       "required":[
diff --git a/contrib/python/botocore/py3/botocore/endpoint.py b/contrib/python/botocore/py3/botocore/endpoint.py
index 5444d2255a3..feaeb14ac67 100644
--- a/contrib/python/botocore/py3/botocore/endpoint.py
+++ b/contrib/python/botocore/py3/botocore/endpoint.py
@@ -12,17 +12,21 @@
 # ANY KIND, either express or implied. See the License for the specific
 # language governing permissions and limitations under the License.
 
+import datetime
 import os
 import logging
 import time
 import threading
+import uuid
 
 from botocore.compat import six
 
 from botocore.awsrequest import create_request_object
 from botocore.exceptions import HTTPClientError
 from botocore.httpsession import URLLib3Session
-from botocore.utils import is_valid_endpoint_url, get_environ_proxies
+from botocore.utils import (
+    is_valid_endpoint_url, is_valid_ipv6_endpoint_url, get_environ_proxies
+)
 from botocore.hooks import first_non_none_response
 from botocore.history import get_global_history_recorder
 from botocore.response import StreamingBody
@@ -127,15 +131,60 @@ class Endpoint(object):
         self._encode_headers(request.headers)
         return request.prepare()
 
+    def _calculate_ttl(self, response_received_timestamp, date_header,
+                       read_timeout):
+        local_timestamp = datetime.datetime.utcnow()
+        date_conversion = datetime.datetime.strptime(
+            date_header,
+            "%a, %d %b %Y %H:%M:%S %Z"
+        )
+        estimated_skew = date_conversion - response_received_timestamp
+        ttl = local_timestamp + datetime.timedelta(
+            seconds=read_timeout) + estimated_skew
+        return ttl.strftime('%Y%m%dT%H%M%SZ')
+
+    def _set_ttl(self, retries_context, read_timeout, success_response):
+        response_date_header = success_response[0].headers.get('Date')
+        has_streaming_input = retries_context.get('has_streaming_input')
+        if response_date_header and not has_streaming_input:
+            try:
+                response_received_timestamp = datetime.datetime.utcnow()
+                retries_context['ttl'] = self._calculate_ttl(
+                    response_received_timestamp,
+                    response_date_header,
+                    read_timeout
+                )
+            except Exception:
+                logger.debug(
+                    "Exception received when updating retries context with TTL",
+                    exc_info=True
+                )
+
+    def _update_retries_context(
+            self, context, attempt, success_response=None
+    ):
+        retries_context = context.setdefault('retries', {})
+        retries_context['attempt'] = attempt
+        if 'invocation-id' not in retries_context:
+            retries_context['invocation-id'] = str(uuid.uuid4())
+
+        if success_response:
+            read_timeout = context['client_config'].read_timeout
+            self._set_ttl(retries_context, read_timeout, success_response)
+
     def _send_request(self, request_dict, operation_model):
         attempts = 1
-        request = self.create_request(request_dict, operation_model)
         context = request_dict['context']
+        self._update_retries_context(context, attempts)
+        request = self.create_request(request_dict, operation_model)
         success_response, exception = self._get_response(
             request, operation_model, context)
         while self._needs_retry(attempts, operation_model, request_dict,
                                 success_response, exception):
             attempts += 1
+            self._update_retries_context(
+                context, attempts, success_response
+            )
             # If there is a stream associated with the request, we need
             # to reset it before attempting to send the request again.
             # This will ensure that we resend the entire contents of the
@@ -272,18 +321,19 @@ class EndpointCreator(object):
     def __init__(self, event_emitter):
         self._event_emitter = event_emitter
 
-    def create_endpoint(self, service_model, region_name, endpoint_url,
-                        verify=None, response_parser_factory=None,
-                        timeout=DEFAULT_TIMEOUT,
-                        max_pool_connections=MAX_POOL_CONNECTIONS,
-                        http_session_cls=URLLib3Session,
-                        proxies=None,
-                        socket_options=None,
-                        client_cert=None,
-                        proxies_config=None):
-        if not is_valid_endpoint_url(endpoint_url):
-
+    def create_endpoint(
+        self, service_model, region_name, endpoint_url,
+        verify=None, response_parser_factory=None,
+        timeout=DEFAULT_TIMEOUT, max_pool_connections=MAX_POOL_CONNECTIONS,
+        http_session_cls=URLLib3Session, proxies=None, socket_options=None,
+        client_cert=None, proxies_config=None
+    ):
+        if (
+            not is_valid_endpoint_url(endpoint_url)
+            and not is_valid_ipv6_endpoint_url(endpoint_url)
+        ):
             raise ValueError("Invalid endpoint: %s" % endpoint_url)
+
         if proxies is None:
             proxies = self._get_proxies(endpoint_url)
         endpoint_prefix = service_model.endpoint_prefix
diff --git a/contrib/python/botocore/py3/botocore/exceptions.py b/contrib/python/botocore/py3/botocore/exceptions.py
index c39b08471c6..32f568fabf8 100644
--- a/contrib/python/botocore/py3/botocore/exceptions.py
+++ b/contrib/python/botocore/py3/botocore/exceptions.py
@@ -142,6 +142,10 @@ class ProxyConnectionError(ConnectionError, requests.exceptions.ProxyError):
     fmt = 'Failed to connect to proxy URL: "{proxy_url}"'
 
 
+class ResponseStreamingError(HTTPClientError):
+    fmt = 'An error occurred while reading from response stream: {error}'
+
+
 class NoCredentialsError(BotoCoreError):
     """
     No credentials could be found.
@@ -205,6 +209,19 @@ class NoRegionError(BaseEndpointResolverError):
     fmt = 'You must specify a region.'
 
 
+class EndpointVariantError(BaseEndpointResolverError):
+    """
+    Could not construct modeled endpoint variant.
+
+    :ivar error_msg: The message explaining why the modeled endpoint variant
+        is unable to be constructed.
+
+    """
+
+    fmt = ('Unable to construct a modeled endpoint with the following '
+           'variant(s) {tags}: ')
+
+
 class UnknownEndpointError(BaseEndpointResolverError, ValueError):
     """
     Could not construct an endpoint.
@@ -685,3 +702,10 @@ class InvalidProxiesConfigError(BotoCoreError):
     fmt = (
         'Invalid configuration value(s) provided for proxies_config.'
     )
+
+
+class InvalidDefaultsMode(BotoCoreError):
+    fmt = (
+        'Client configured with invalid defaults mode: {mode}. '
+        'Valid defaults modes include: {valid_modes}.'
+    )
diff --git a/contrib/python/botocore/py3/botocore/handlers.py b/contrib/python/botocore/py3/botocore/handlers.py
index a50320fd9dc..7fb83f1dbe9 100644
--- a/contrib/python/botocore/py3/botocore/handlers.py
+++ b/contrib/python/botocore/py3/botocore/handlers.py
@@ -16,6 +16,7 @@
 This module contains builtin handlers for events emitted by botocore.
 """
 
+import os
 import base64
 import logging
 import copy
@@ -26,7 +27,7 @@ import uuid
 from botocore.compat import (
     unquote, json, six, unquote_str, ensure_bytes, get_md5,
     OrderedDict, urlsplit, urlunsplit, XMLParseError,
-    ETree,
+    ETree, quote,
 )
 from botocore.docs.utils import AutoPopulatedParam
 from botocore.docs.utils import HideParamFromOperations
@@ -84,6 +85,15 @@ def handle_service_name_alias(service_name, **kwargs):
     return SERVICE_NAME_ALIASES.get(service_name, service_name)
 
 
+def add_recursion_detection_header(params, **kwargs):
+    has_lambda_name = 'AWS_LAMBDA_FUNCTION_NAME' in os.environ
+    trace_id = os.environ.get('_X_AMZ_TRACE_ID')
+    if has_lambda_name and trace_id:
+        headers = params['headers']
+        if 'X-Amzn-Trace-Id' not in headers:
+            headers['X-Amzn-Trace-Id'] = quote(trace_id)
+
+
 def escape_xml_payload(params, **kwargs):
     # Replace \r and \n with the escaped sequence over the whole XML document
     # to avoid linebreak normalization modifying customer input when the
@@ -964,6 +974,21 @@ def remove_lex_v2_start_conversation(class_attributes, **kwargs):
         del class_attributes['start_conversation']
 
 
+def add_retry_headers(request, **kwargs):
+    retries_context = request.context.get('retries')
+    if not retries_context:
+        return
+    headers = request.headers
+    headers['amz-sdk-invocation-id'] = retries_context['invocation-id']
+    sdk_retry_keys = ('ttl', 'attempt', 'max')
+    sdk_request_headers = [
+        f'{key}={retries_context[key]}'
+        for key in sdk_retry_keys
+        if key in retries_context
+    ]
+    headers['amz-sdk-request'] = '; '.join(sdk_request_headers)
+
+
 # This is a list of (event_name, handler).
 # When a Session is created, everything in this list will be
 # automatically registered with that Session.
@@ -1007,6 +1032,7 @@ BUILTIN_HANDLERS = [
     ('docs.*.s3.CopyObject.complete-section', document_copy_source_form),
     ('docs.*.s3.UploadPartCopy.complete-section', document_copy_source_form),
 
+    ('before-call', add_recursion_detection_header),
     ('before-call.s3', add_expect_header),
     ('before-call.glacier', add_glacier_version),
     ('before-call.apigateway', add_accept_header),
@@ -1017,6 +1043,7 @@ BUILTIN_HANDLERS = [
     ('before-call.glacier.UploadArchive', add_glacier_checksums),
     ('before-call.glacier.UploadMultipartPart', add_glacier_checksums),
     ('before-call.ec2.CopySnapshot', inject_presigned_url_ec2),
+    ('request-created', add_retry_headers),
     ('request-created.machinelearning.Predict', switch_host_machinelearning),
     ('needs-retry.s3.UploadPartCopy', check_for_200_error, REGISTER_FIRST),
     ('needs-retry.s3.CopyObject', check_for_200_error, REGISTER_FIRST),
diff --git a/contrib/python/botocore/py3/botocore/httpsession.py b/contrib/python/botocore/py3/botocore/httpsession.py
index dd1c4be382a..278adc15d9f 100644
--- a/contrib/python/botocore/py3/botocore/httpsession.py
+++ b/contrib/python/botocore/py3/botocore/httpsession.py
@@ -8,12 +8,21 @@ import sys
 from urllib3 import PoolManager, proxy_from_url, Timeout
 from urllib3.util.retry import Retry
 from urllib3.util.ssl_ import (
-    ssl, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION, DEFAULT_CIPHERS,
+    ssl, OP_NO_SSLv2, OP_NO_SSLv3, OP_NO_COMPRESSION,
+    PROTOCOL_TLS, DEFAULT_CIPHERS,
 )
 from urllib3.exceptions import SSLError as URLLib3SSLError
 from urllib3.exceptions import ReadTimeoutError as URLLib3ReadTimeoutError
 from urllib3.exceptions import ConnectTimeoutError as URLLib3ConnectTimeoutError
 from urllib3.exceptions import NewConnectionError, ProtocolError, ProxyError
+
+try:
+    from urllib3.util.ssl_ import PROTOCOL_TLS_CLIENT, OP_NO_TICKET
+except ImportError:
+    # Fallback directly to ssl for version of urllib3 before 1.26.
+    # They are available in the standard library starting in Python 3.6.
+    from ssl import PROTOCOL_TLS_CLIENT, OP_NO_TICKET
+
 try:
     # Always import the original SSLContext, even if it has been patched
     from urllib3.contrib.pyopenssl import orig_util_SSLContext as SSLContext
@@ -59,7 +68,13 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None,
         We vendor this function to ensure that the SSL contexts we construct
         always use the std lib SSLContext instead of pyopenssl.
     """
-    context = SSLContext(ssl_version or ssl.PROTOCOL_SSLv23)
+    # PROTOCOL_TLS is deprecated in Python 3.10
+    if not ssl_version or ssl_version == PROTOCOL_TLS:
+        ssl_version = PROTOCOL_TLS_CLIENT
+
+    context = SSLContext(ssl_version)
+
+    context.set_ciphers(ciphers or DEFAULT_CIPHERS)
 
     # Setting the default here, as we may have no ssl module on import
     cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
@@ -73,26 +88,51 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None,
         # Disable compression to prevent CRIME attacks for OpenSSL 1.0+
         # (issue urllib3#309)
         options |= OP_NO_COMPRESSION
+        # TLSv1.2 only. Unless set explicitly, do not request tickets.
+        # This may save some bandwidth on wire, and although the ticket is encrypted,
+        # there is a risk associated with it being on wire,
+        # if the server is not rotating its ticketing keys properly.
+        options |= OP_NO_TICKET
 
     context.options |= options
 
-    if getattr(context, 'supports_set_ciphers', True):
-        # Platform-specific: Python 2.6
-        context.set_ciphers(ciphers or DEFAULT_CIPHERS)
-
-    context.verify_mode = cert_reqs
-    if getattr(context, 'check_hostname', None) is not None:
-        # Platform-specific: Python 3.2
-        # We do our own verification, including fingerprints and alternative
-        # hostnames. So disable it here
-        context.check_hostname = False
+    # Enable post-handshake authentication for TLS 1.3, see GH #1634. PHA is
+    # necessary for conditional client cert authentication with TLS 1.3.
+    # The attribute is None for OpenSSL <= 1.1.0 or does not exist in older
+    # versions of Python.  We only enable on Python 3.7.4+ or if certificate
+    # verification is enabled to work around Python issue #37428
+    # See: https://bugs.python.org/issue37428
+    if (cert_reqs == ssl.CERT_REQUIRED or sys.version_info >= (3, 7, 4)) and getattr(
+        context, "post_handshake_auth", None
+    ) is not None:
+        context.post_handshake_auth = True
+
+    def disable_check_hostname():
+        if (
+            getattr(context, "check_hostname", None) is not None
+        ):  # Platform-specific: Python 3.2
+            # We do our own verification, including fingerprints and alternative
+            # hostnames. So disable it here
+            context.check_hostname = False
+
+    # The order of the below lines setting verify_mode and check_hostname
+    # matter due to safe-guards SSLContext has to prevent an SSLContext with
+    # check_hostname=True, verify_mode=NONE/OPTIONAL. This is made even more
+    # complex because we don't know whether PROTOCOL_TLS_CLIENT will be used
+    # or not so we don't know the initial state of the freshly created SSLContext.
+    if cert_reqs == ssl.CERT_REQUIRED:
+        context.verify_mode = cert_reqs
+        disable_check_hostname()
+    else:
+        disable_check_hostname()
+        context.verify_mode = cert_reqs
 
     # Enable logging of TLS session keys via defacto standard environment variable
     # 'SSLKEYLOGFILE', if the feature is available (Python 3.8+). Skip empty values.
-    if hasattr(context, 'keylog_filename'):
-        keylogfile = os.environ.get('SSLKEYLOGFILE')
-        if keylogfile and not sys.flags.ignore_environment:
-            context.keylog_filename = keylogfile
+    if hasattr(context, "keylog_filename"):
+        sslkeylogfile = os.environ.get("SSLKEYLOGFILE")
+        if sslkeylogfile and not sys.flags.ignore_environment:
+            context.keylog_filename = sslkeylogfile
 
     return context
 
@@ -108,6 +148,24 @@ def ensure_boolean(val):
         return val.lower() == 'true'
 
 
+def mask_proxy_url(proxy_url):
+    """
+    Mask proxy url credentials.
+
+    :type proxy_url: str
+    :param proxy_url: The proxy url, i.e. https://username:password@proxy.com
+
+    :return: Masked proxy url, i.e. https://***:***@proxy.com
+    """
+    mask = '*' * 3
+    parsed_url = urlparse(proxy_url)
+    if parsed_url.username:
+        proxy_url = proxy_url.replace(parsed_url.username, mask, 1)
+    if parsed_url.password:
+        proxy_url = proxy_url.replace(parsed_url.password, mask, 1)
+    return proxy_url
+
+
 class ProxyConfiguration(object):
     """Represents a proxy configuration dictionary and additional settings.
 
@@ -373,7 +431,7 @@ class URLLib3Session(object):
         except (NewConnectionError, socket.gaierror) as e:
             raise EndpointConnectionError(endpoint_url=request.url, error=e)
         except ProxyError as e:
-            raise ProxyConnectionError(proxy_url=proxy_url, error=e)
+            raise ProxyConnectionError(proxy_url=mask_proxy_url(proxy_url), error=e)
         except URLLib3ConnectTimeoutError as e:
             raise ConnectTimeoutError(endpoint_url=request.url, error=e)
         except URLLib3ReadTimeoutError as e:
diff --git a/contrib/python/botocore/py3/botocore/parsers.py b/contrib/python/botocore/py3/botocore/parsers.py
index 66af9893e12..c030be63d8a 100644
--- a/contrib/python/botocore/py3/botocore/parsers.py
+++ b/contrib/python/botocore/py3/botocore/parsers.py
@@ -941,6 +941,13 @@ class BaseRestParser(ResponseParser):
             parsed = json.loads(decoded)
         return parsed
 
+    def _handle_list(self, shape, node):
+        location = shape.serialization.get('location')
+        if location == 'header' and not isinstance(node, list):
+            # List in headers may be a comma separated string as per RFC7230
+            node = [e.strip() for e in node.split(',')]
+        return super(BaseRestParser, self)._handle_list(shape, node)
+
 
 class RestJSONParser(BaseRestParser, BaseJSONParser):
 
diff --git a/contrib/python/botocore/py3/botocore/regions.py b/contrib/python/botocore/py3/botocore/regions.py
index 712a71155a5..59daa54504d 100644
--- a/contrib/python/botocore/py3/botocore/regions.py
+++ b/contrib/python/botocore/py3/botocore/regions.py
@@ -20,11 +20,11 @@ import logging
 import re
 
 from botocore.exceptions import (
-    NoRegionError, UnknownRegionError
+    NoRegionError, UnknownRegionError, EndpointVariantError
 )
 
 LOG = logging.getLogger(__name__)
-DEFAULT_URI_TEMPLATE = '{service}.{region}.{dnsSuffix}'
+DEFAULT_URI_TEMPLATE = '{service}.{region}.{dnsSuffix}' # noqa
 DEFAULT_SERVICE_DATA = {'endpoints': {}}
 
 
@@ -89,6 +89,9 @@ class BaseEndpointResolver(object):
 
 class EndpointResolver(BaseEndpointResolver):
     """Resolves endpoints based on partition endpoint metadata"""
+
+    _UNSUPPORTED_DUALSTACK_PARTITIONS = ['aws-iso', 'aws-iso-b']
+
     def __init__(self, endpoint_data):
         """
         :param endpoint_data: A dict of partition data.
@@ -97,6 +100,15 @@ class EndpointResolver(BaseEndpointResolver):
             raise ValueError('Missing "partitions" in endpoint data')
         self._endpoint_data = endpoint_data
 
+    def get_service_endpoints_data(self, service_name, partition_name='aws'):
+        for partition in self._endpoint_data['partitions']:
+            if partition['partition'] != partition_name:
+                continue
+            services = partition['services']
+            if service_name not in services:
+                continue
+            return services[service_name]['endpoints']
+
     def get_available_partitions(self):
         result = []
         for partition in self._endpoint_data['partitions']:
@@ -104,7 +116,8 @@ class EndpointResolver(BaseEndpointResolver):
         return result
 
     def get_available_endpoints(self, service_name, partition_name='aws',
-                                allow_non_regional=False):
+                                allow_non_regional=False,
+                                endpoint_variant_tags=None):
         result = []
         for partition in self._endpoint_data['partitions']:
             if partition['partition'] != partition_name:
@@ -112,18 +125,38 @@ class EndpointResolver(BaseEndpointResolver):
             services = partition['services']
             if service_name not in services:
                 continue
-            for endpoint_name in services[service_name]['endpoints']:
-                if allow_non_regional or endpoint_name in partition['regions']:
+            service_endpoints = services[service_name]['endpoints']
+            for endpoint_name in service_endpoints:
+                is_regional_endpoint = endpoint_name in partition['regions']
+                # Only regional endpoints can be modeled with variants
+                if endpoint_variant_tags and is_regional_endpoint:
+                    variant_data = self._retrieve_variant_data(
+                        service_endpoints[endpoint_name],
+                        endpoint_variant_tags)
+                    if variant_data:
+                        result.append(endpoint_name)
+                elif allow_non_regional or is_regional_endpoint:
                     result.append(endpoint_name)
         return result
 
-    def get_partition_dns_suffix(self, partition_name):
+    def get_partition_dns_suffix(self, partition_name,
+                                 endpoint_variant_tags=None):
         for partition in self._endpoint_data['partitions']:
             if partition['partition'] == partition_name:
-                return partition['dnsSuffix']
+                if endpoint_variant_tags:
+                    variant = self._retrieve_variant_data(
+                        partition.get('defaults'), endpoint_variant_tags)
+                    if variant and 'dnsSuffix' in variant:
+                        return variant['dnsSuffix']
+                else:
+                    return partition['dnsSuffix']
         return None
 
-    def construct_endpoint(self, service_name, region_name=None, partition_name=None):
+    def construct_endpoint(self, service_name, region_name=None,
+                           partition_name=None, use_dualstack_endpoint=False,
+                           use_fips_endpoint=False):
+        if service_name == 's3' and use_dualstack_endpoint and region_name is None:
+            region_name = 'us-east-1'
         if partition_name is not None:
             valid_partition = None
             for partition in self._endpoint_data['partitions']:
@@ -132,15 +165,23 @@ class EndpointResolver(BaseEndpointResolver):
 
             if valid_partition is not None:
                 result = self._endpoint_for_partition(
-                    valid_partition, service_name, region_name, True
+                    valid_partition, service_name,
+                    region_name, use_dualstack_endpoint, use_fips_endpoint,
+                    True
                 )
                 return result
             return None
 
         # Iterate over each partition until a match is found.
         for partition in self._endpoint_data['partitions']:
+            if use_dualstack_endpoint and (
+                    partition['partition'] in
+                    self._UNSUPPORTED_DUALSTACK_PARTITIONS):
+                continue
             result = self._endpoint_for_partition(
-                partition, service_name, region_name)
+                partition, service_name, region_name, use_dualstack_endpoint,
+                use_fips_endpoint
+            )
             if result:
                 return result
 
@@ -153,9 +194,16 @@ class EndpointResolver(BaseEndpointResolver):
             error_msg='No partition found for provided region_name.'
         )
 
-    def _endpoint_for_partition(
-        self, partition, service_name, region_name, force_partition=False
-    ):
+    def _endpoint_for_partition(self, partition, service_name, region_name,
+                                use_dualstack_endpoint, use_fips_endpoint,
+                                force_partition=False):
+        partition_name = partition["partition"]
+        if (use_dualstack_endpoint and
+                partition_name in self._UNSUPPORTED_DUALSTACK_PARTITIONS):
+            error_msg = ("Dualstack endpoints are currently not supported"
+                         " for %s partition" % partition_name)
+            raise EndpointVariantError(tags=['dualstack'], error_msg=error_msg)
+
         # Get the service from the partition, or an empty template.
         service_data = partition['services'].get(
             service_name, DEFAULT_SERVICE_DATA)
@@ -165,10 +213,20 @@ class EndpointResolver(BaseEndpointResolver):
                 region_name = service_data['partitionEndpoint']
             else:
                 raise NoRegionError()
+
+        resolve_kwargs = {
+            'partition': partition,
+            'service_name': service_name,
+            'service_data': service_data,
+            'endpoint_name': region_name,
+            'use_dualstack_endpoint': use_dualstack_endpoint,
+            'use_fips_endpoint': use_fips_endpoint,
+        }
+
         # Attempt to resolve the exact region for this partition.
         if region_name in service_data['endpoints']:
-            return self._resolve(
-                partition, service_name, service_data, region_name)
+            return self._resolve(**resolve_kwargs)
+
         # Check to see if the endpoint provided is valid for the partition.
         if self._region_match(partition, region_name) or force_partition:
             # Use the partition endpoint if set and not regionalized.
@@ -177,12 +235,11 @@ class EndpointResolver(BaseEndpointResolver):
             if partition_endpoint and not is_regionalized:
                 LOG.debug('Using partition endpoint for %s, %s: %s',
                           service_name, region_name, partition_endpoint)
-                return self._resolve(
-                    partition, service_name, service_data, partition_endpoint)
+                resolve_kwargs['endpoint_name'] = partition_endpoint
+                return self._resolve(**resolve_kwargs)
             LOG.debug('Creating a regex based endpoint for %s, %s',
                       service_name, region_name)
-            return self._resolve(
-                partition, service_name, service_data, region_name)
+            return self._resolve(**resolve_kwargs)
 
     def _region_match(self, partition, region_name):
         if region_name in partition['regions']:
@@ -191,21 +248,79 @@ class EndpointResolver(BaseEndpointResolver):
             return re.compile(partition['regionRegex']).match(region_name)
         return False
 
-    def _resolve(self, partition, service_name, service_data, endpoint_name):
-        result = service_data['endpoints'].get(endpoint_name, {})
+    def _retrieve_variant_data(self, endpoint_data, tags):
+        variants = endpoint_data.get('variants', [])
+        for variant in variants:
+            if set(variant['tags']) == set(tags):
+                result = variant.copy()
+                return result
+
+    def _create_tag_list(self, use_dualstack_endpoint, use_fips_endpoint):
+        tags = []
+        if use_dualstack_endpoint:
+            tags.append('dualstack')
+        if use_fips_endpoint:
+            tags.append('fips')
+        return tags
+
+    def _resolve_variant(self, tags, endpoint_data, service_defaults,
+                         partition_defaults):
+        result = {}
+        for variants in [endpoint_data, service_defaults,
+                         partition_defaults]:
+            variant = self._retrieve_variant_data(variants, tags)
+            if variant:
+                self._merge_keys(variant, result)
+        return result
+
+    def _resolve(self, partition, service_name, service_data, endpoint_name,
+                 use_dualstack_endpoint, use_fips_endpoint):
+        endpoint_data = service_data.get('endpoints', {}).get(endpoint_name, {})
+
+        if endpoint_data.get('deprecated'):
+            LOG.warning(
+                'Client is configured with the deprecated endpoint: %s' % (
+                    endpoint_name
+                )
+            )
+
+        service_defaults = service_data.get('defaults', {})
+        partition_defaults = partition.get('defaults', {})
+        tags = self._create_tag_list(use_dualstack_endpoint,
+                                     use_fips_endpoint)
+
+        if tags:
+            result = self._resolve_variant(tags, endpoint_data,
+                                           service_defaults,
+                                           partition_defaults)
+            if result == {}:
+                error_msg = ("Endpoint does not exist for %s in region %s" % (
+                    service_name, endpoint_name
+                ))
+                raise EndpointVariantError(tags=tags, error_msg=error_msg)
+        else:
+            result = endpoint_data
+
+        # If dnsSuffix has not already been consumed from a variant definition
+        if 'dnsSuffix' not in result:
+            result['dnsSuffix'] = partition['dnsSuffix']
+
         result['partition'] = partition['partition']
         result['endpointName'] = endpoint_name
+
         # Merge in the service defaults then the partition defaults.
-        self._merge_keys(service_data.get('defaults', {}), result)
-        self._merge_keys(partition.get('defaults', {}), result)
-        hostname = result.get('hostname', DEFAULT_URI_TEMPLATE)
+        self._merge_keys(service_defaults, result)
+        self._merge_keys(partition_defaults, result)
+
         result['hostname'] = self._expand_template(
-            partition, hostname, service_name, endpoint_name)
+            partition, result['hostname'], service_name, endpoint_name,
+            result['dnsSuffix']
+        )
         if 'sslCommonName' in result:
             result['sslCommonName'] = self._expand_template(
                 partition, result['sslCommonName'], service_name,
-                endpoint_name)
-        result['dnsSuffix'] = partition['dnsSuffix']
+                endpoint_name, result['dnsSuffix'])
+
         return result
 
     def _merge_keys(self, from_data, result):
@@ -214,7 +329,7 @@ class EndpointResolver(BaseEndpointResolver):
                 result[key] = from_data[key]
 
     def _expand_template(self, partition, template, service_name,
-                         endpoint_name):
+                         endpoint_name, dnsSuffix):
         return template.format(
             service=service_name, region=endpoint_name,
-            dnsSuffix=partition['dnsSuffix'])
+            dnsSuffix=dnsSuffix)
diff --git a/contrib/python/botocore/py3/botocore/response.py b/contrib/python/botocore/py3/botocore/response.py
index be32345c419..b7abaaec751 100644
--- a/contrib/python/botocore/py3/botocore/response.py
+++ b/contrib/python/botocore/py3/botocore/response.py
@@ -13,10 +13,14 @@
 # language governing permissions and limitations under the License.
 
 import logging
+from io import IOBase
 
 from botocore.compat import set_socket_timeout
-from botocore.exceptions import IncompleteReadError, ReadTimeoutError
+from botocore.exceptions import (
+    IncompleteReadError, ReadTimeoutError, ResponseStreamingError
+)
 from urllib3.exceptions import ReadTimeoutError as URLLib3ReadTimeoutError
+from urllib3.exceptions import ProtocolError as URLLib3ProtocolError
 from botocore import parsers
 
 # Keep these imported.  There's pre-existing code that uses them.
@@ -28,7 +32,7 @@ from botocore.hooks import first_non_none_response # noqa
 logger = logging.getLogger(__name__)
 
 
-class StreamingBody(object):
+class StreamingBody(IOBase):
     """Wrapper class for an http response body.
 
     This provides a few additional conveniences that do not exist
@@ -47,6 +51,12 @@ class StreamingBody(object):
         self._content_length = content_length
         self._amount_read = 0
 
+    def __del__(self):
+        # Extending destructor in order to preserve the underlying raw_stream.
+        # The ability to add custom cleanup logic introduced in Python3.4+.
+        # https://www.python.org/dev/peps/pep-0442/
+        pass
+
     def set_socket_timeout(self, timeout):
         """Set the timeout seconds on the socket."""
         # The problem we're trying to solve is to prevent .read() calls from
@@ -70,6 +80,12 @@ class StreamingBody(object):
                          "the interface has changed.", exc_info=True)
             raise
 
+    def readable(self):
+        try:
+            return self._raw_stream.readable()
+        except AttributeError:
+            return False
+
     def read(self, amt=None):
         """Read at most amt bytes from the stream.
 
@@ -80,6 +96,8 @@ class StreamingBody(object):
         except URLLib3ReadTimeoutError as e:
             # TODO: the url will be None as urllib3 isn't setting it yet
             raise ReadTimeoutError(endpoint_url=e.url, error=e)
+        except URLLib3ProtocolError as e:
+            raise ResponseStreamingError(error=e)
         self._amount_read += len(chunk)
         if amt is None or (not chunk and amt > 0):
             # If the server sends empty contents or
@@ -88,6 +106,9 @@ class StreamingBody(object):
             self._verify_content_length()
         return chunk
 
+    def readlines(self):
+        return self._raw_stream.readlines()
+
     def __iter__(self):
         """Return an iterator to yield 1k chunks from the raw stream.
         """
@@ -103,7 +124,7 @@ class StreamingBody(object):
 
     next = __next__
 
-    def iter_lines(self, chunk_size=1024, keepends=False):
+    def iter_lines(self, chunk_size=_DEFAULT_CHUNK_SIZE, keepends=False):
         """Return an iterator to yield lines from the raw stream.
 
         This is achieved by reading chunk of bytes (of size chunk_size) at a
@@ -138,6 +159,9 @@ class StreamingBody(object):
                 actual_bytes=self._amount_read,
                 expected_bytes=int(self._content_length))
 
+    def tell(self):
+        return self._raw_stream.tell()
+
     def close(self):
         """Close the underlying http response stream."""
         self._raw_stream.close()
diff --git a/contrib/python/botocore/py3/botocore/retries/standard.py b/contrib/python/botocore/py3/botocore/retries/standard.py
index c522d06bc05..96c70e7a957 100644
--- a/contrib/python/botocore/py3/botocore/retries/standard.py
+++ b/contrib/python/botocore/py3/botocore/retries/standard.py
@@ -266,6 +266,11 @@ class MaxAttemptsChecker(BaseRetryableChecker):
 
     def is_retryable(self, context):
         under_max_attempts = context.attempt_number < self._max_attempts
+        retries_context = context.request_context.get('retries')
+        if retries_context:
+            retries_context['max'] = max(
+                retries_context.get('max', 0), self._max_attempts
+            )
         if not under_max_attempts:
             logger.debug("Max attempts of %s reached.", self._max_attempts)
             context.add_retry_metadata(MaxAttemptsReached=True)
diff --git a/contrib/python/botocore/py3/botocore/retryhandler.py b/contrib/python/botocore/py3/botocore/retryhandler.py
index cef29a79993..1b1066297e7 100644
--- a/contrib/python/botocore/py3/botocore/retryhandler.py
+++ b/contrib/python/botocore/py3/botocore/retryhandler.py
@@ -180,7 +180,16 @@ class RetryHandler(object):
         this will process retries appropriately.
 
         """
-        if self._checker(attempts, response, caught_exception):
+        checker_kwargs = {
+            'attempt_number': attempts,
+            'response': response,
+            'caught_exception': caught_exception
+        }
+        if isinstance(self._checker, MaxAttemptsDecorator):
+            retries_context = kwargs['request_dict']['context'].get('retries')
+            checker_kwargs.update({'retries_context': retries_context})
+
+        if self._checker(**checker_kwargs):
             result = self._action(attempts=attempts)
             logger.debug("Retry needed, action of: %s", result)
             return result
@@ -246,7 +255,13 @@ class MaxAttemptsDecorator(BaseChecker):
         self._max_attempts = max_attempts
         self._retryable_exceptions = retryable_exceptions
 
-    def __call__(self, attempt_number, response, caught_exception):
+    def __call__(self, attempt_number, response, caught_exception,
+                 retries_context):
+        if retries_context:
+            retries_context['max'] = max(
+                retries_context.get('max', 0), self._max_attempts
+            )
+
         should_retry = self._should_retry(attempt_number, response,
                                           caught_exception)
         if should_retry:
diff --git a/contrib/python/botocore/py3/botocore/serialize.py b/contrib/python/botocore/py3/botocore/serialize.py
index b267636c9c5..ffad473915f 100644
--- a/contrib/python/botocore/py3/botocore/serialize.py
+++ b/contrib/python/botocore/py3/botocore/serialize.py
@@ -588,6 +588,9 @@ class BaseRestSerializer(Serializer):
                 partitioned['query_string_kwargs'][key_name] = param_value
         elif location == 'header':
             shape = shape_members[param_name]
+            if not param_value and shape.type_name == 'list':
+                # Empty lists should not be set on the headers
+                return
             value = self._convert_header_value(shape, param_value)
             partitioned['headers'][key_name] = str(value)
         elif location == 'headers':
@@ -619,6 +622,12 @@ class BaseRestSerializer(Serializer):
             timestamp_format = shape.serialization.get(
                 'timestampFormat', self.HEADER_TIMESTAMP_FORMAT)
             return self._convert_timestamp_to_str(timestamp, timestamp_format)
+        elif shape.type_name == 'list':
+            converted_value = [
+                self._convert_header_value(shape.member, v)
+                for v in value if v is not None
+            ]
+            return ",".join(converted_value)
         elif is_json_value_header(shape):
             # Serialize with no spaces after separators to save space in
             # the header.
diff --git a/contrib/python/botocore/py3/botocore/session.py b/contrib/python/botocore/py3/botocore/session.py
index 8b803c57c88..0a233449160 100644
--- a/contrib/python/botocore/py3/botocore/session.py
+++ b/contrib/python/botocore/py3/botocore/session.py
@@ -32,8 +32,10 @@ from botocore.configprovider import ConfigValueStore
 from botocore.configprovider import ConfigChainFactory
 from botocore.configprovider import create_botocore_default_config_mapping
 from botocore.configprovider import BOTOCORE_DEFAUT_SESSION_VARIABLES
+from botocore.configprovider import DefaultConfigResolver
+from botocore.configprovider import SmartDefaultsConfigStoreFactory
 from botocore.exceptions import (
-    ConfigNotFound, ProfileNotFound, UnknownServiceError,
+    ConfigNotFound, ProfileNotFound, UnknownServiceError, InvalidDefaultsMode,
     PartialCredentialsError,
 )
 from botocore.errorfactory import ClientExceptionsFactory
@@ -48,7 +50,7 @@ from botocore import monitoring
 from botocore import paginate
 from botocore import waiter
 from botocore import retryhandler, translate
-from botocore.utils import EVENT_ALIASES, validate_region_name
+from botocore.utils import EVENT_ALIASES, validate_region_name, IMDSRegionProvider
 from botocore.compat import MutableMapping, HAS_CRT
 
 
@@ -137,6 +139,8 @@ class Session(object):
         self._register_exceptions_factory()
         self._register_config_store()
         self._register_monitor()
+        self._register_default_config_resolver()
+        self._register_smart_defaults_factory()
 
     def _register_event_emitter(self):
         self._components.register_component('event_emitter', self._events)
@@ -163,6 +167,24 @@ class Session(object):
         self._internal_components.lazy_register_component(
             'endpoint_resolver', create_default_resolver)
 
+    def _register_default_config_resolver(self):
+        def create_default_config_resolver():
+            loader = self.get_component('data_loader')
+            defaults = loader.load_data('sdk-default-configuration')
+            return DefaultConfigResolver(defaults)
+        self._internal_components.lazy_register_component(
+            'default_config_resolver', create_default_config_resolver)
+
+    def _register_smart_defaults_factory(self):
+        def create_smart_defaults_factory():
+            default_config_resolver = self._get_internal_component(
+                'default_config_resolver')
+            imds_region_provider = IMDSRegionProvider(session=self)
+            return SmartDefaultsConfigStoreFactory(
+                default_config_resolver, imds_region_provider)
+        self._internal_components.lazy_register_component(
+            'smart_defaults_factory', create_smart_defaults_factory)
+
     def _register_response_parser_factory(self):
         self._components.register_component('response_parser_factory',
                                             ResponseParserFactory())
@@ -834,6 +856,13 @@ class Session(object):
         endpoint_resolver = self._get_internal_component('endpoint_resolver')
         exceptions_factory = self._get_internal_component('exceptions_factory')
         config_store = self.get_component('config_store')
+        defaults_mode = self._resolve_defaults_mode(config, config_store)
+        if defaults_mode != 'legacy':
+            smart_defaults_factory = self._get_internal_component(
+                'smart_defaults_factory')
+            config_store = copy.deepcopy(config_store)
+            smart_defaults_factory.merge_smart_defaults(
+                config_store, defaults_mode, region_name)
         client_creator = botocore.client.ClientCreator(
             loader, endpoint_resolver, self.user_agent(), event_emitter,
             retryhandler, translate, response_parser_factory,
@@ -870,6 +899,24 @@ class Session(object):
         self._last_client_region_used = region_name
         return region_name
 
+    def _resolve_defaults_mode(self, client_config, config_store):
+        mode = config_store.get_config_variable('defaults_mode')
+
+        if client_config and client_config.defaults_mode:
+            mode = client_config.defaults_mode
+
+        default_config_resolver = self._get_internal_component(
+            'default_config_resolver')
+        default_modes = default_config_resolver.get_default_modes()
+        lmode = mode.lower()
+        if lmode not in default_modes:
+            raise InvalidDefaultsMode(
+                mode=mode,
+                valid_modes=', '.join(default_modes)
+            )
+
+        return lmode
+
     def _missing_cred_vars(self, access_key, secret_key):
         if access_key is not None and secret_key is None:
             return 'aws_secret_access_key'
diff --git a/contrib/python/botocore/py3/botocore/utils.py b/contrib/python/botocore/py3/botocore/utils.py
index 6ad848f7450..1c82020209f 100644
--- a/contrib/python/botocore/py3/botocore/utils.py
+++ b/contrib/python/botocore/py3/botocore/utils.py
@@ -186,8 +186,10 @@ def ensure_boolean(val):
     """
     if isinstance(val, bool):
         return val
-    else:
+    elif isinstance(val, str):
         return val.lower() == 'true'
+    else:
+        return False
 
 
 def resolve_imds_endpoint_mode(session):
@@ -414,9 +416,15 @@ class IMDSFetcher(object):
 
         return chosen_base_url
 
+    def _construct_url(self, path):
+        sep = ''
+        if self._base_url and not self._base_url.endswith('/'):
+            sep = '/'
+        return f'{self._base_url}{sep}{path}'
+
     def _fetch_metadata_token(self):
         self._assert_enabled()
-        url = self._base_url + self._TOKEN_PATH
+        url = self._construct_url(self._TOKEN_PATH)
         headers = {
             'x-aws-ec2-metadata-token-ttl-seconds': self._TOKEN_TTL,
         }
@@ -464,7 +472,7 @@ class IMDSFetcher(object):
         self._assert_enabled()
         if retry_func is None:
             retry_func = self._default_retry
-        url = self._base_url + url_path
+        url = self._construct_url(url_path)
         headers = {}
         if token is not None:
             headers['x-aws-ec2-metadata-token'] = token
@@ -609,6 +617,102 @@ class InstanceMetadataFetcher(IMDSFetcher):
         return True
 
 
+class IMDSRegionProvider(object):
+    def __init__(self, session, environ=None, fetcher=None):
+        """Initialize IMDSRegionProvider.
+        :type session: :class:`botocore.session.Session`
+        :param session: The session is needed to look up configuration for
+            how to contact the instance metadata service. Specifically the
+            whether or not it should use the IMDS region at all, and if so how
+            to configure the timeout and number of attempts to reach the
+            service.
+        :type environ: None or dict
+        :param environ: A dictionary of environment variables to use. If
+            ``None`` is the argument then ``os.environ`` will be used by
+            default.
+        :type fecther: :class:`botocore.utils.InstanceMetadataRegionFetcher`
+        :param fetcher: The class to actually handle the fetching of the region
+            from the IMDS. If not provided a default one will be created.
+        """
+        self._session = session
+        if environ is None:
+            environ = os.environ
+        self._environ = environ
+        self._fetcher = fetcher
+
+    def provide(self):
+        """Provide the region value from IMDS."""
+        instance_region = self._get_instance_metadata_region()
+        return instance_region
+
+    def _get_instance_metadata_region(self):
+        fetcher = self._get_fetcher()
+        region = fetcher.retrieve_region()
+        return region
+
+    def _get_fetcher(self):
+        if self._fetcher is None:
+            self._fetcher = self._create_fetcher()
+        return self._fetcher
+
+    def _create_fetcher(self):
+        metadata_timeout = self._session.get_config_variable(
+            'metadata_service_timeout')
+        metadata_num_attempts = self._session.get_config_variable(
+            'metadata_service_num_attempts')
+        imds_config = {
+            'ec2_metadata_service_endpoint': self._session.get_config_variable(
+                'ec2_metadata_service_endpoint'),
+            'ec2_metadata_service_endpoint_mode': resolve_imds_endpoint_mode(
+                self._session
+            )
+        }
+        fetcher = InstanceMetadataRegionFetcher(
+            timeout=metadata_timeout,
+            num_attempts=metadata_num_attempts,
+            env=self._environ,
+            user_agent=self._session.user_agent(),
+            config=imds_config,
+        )
+        return fetcher
+
+
+class InstanceMetadataRegionFetcher(IMDSFetcher):
+    _URL_PATH = 'latest/meta-data/placement/availability-zone/'
+
+    def retrieve_region(self):
+        """Get the current region from the instance metadata service.
+        :rvalue: str
+        :returns: The region the current instance is running in or None
+            if the instance metadata service cannot be contacted or does not
+            give a valid response.
+        :rtype: None or str
+        :returns: Returns the region as a string if it is configured to use
+            IMDS as a region source. Otherwise returns ``None``. It will also
+            return ``None`` if it fails to get the region from IMDS due to
+            exhausting its retries or not being able to connect.
+        """
+        try:
+            region = self._get_region()
+            return region
+        except self._RETRIES_EXCEEDED_ERROR_CLS:
+            logger.debug("Max number of attempts exceeded (%s) when "
+                         "attempting to retrieve data from metadata service.",
+                         self._num_attempts)
+        return None
+
+    def _get_region(self):
+        token = self._fetch_metadata_token()
+        response = self._get_request(
+            url_path=self._URL_PATH,
+            retry_func=self._default_retry,
+            token=token
+        )
+        availability_zone = response.text
+        region = availability_zone[:-1]
+        return region
+
+
 def merge_dicts(dict1, dict2, append_lists=False):
     """Given two dict, merge the second dict into the first.
 
@@ -1030,8 +1134,8 @@ class ArgumentGenerator(object):
 def is_valid_ipv6_endpoint_url(endpoint_url):
     if UNSAFE_URL_CHARS.intersection(endpoint_url):
         return False
-    netloc = urlparse(endpoint_url).netloc
-    return IPV6_ADDRZ_RE.match(netloc) is not None
+    hostname = '[{}]'.format(urlparse(endpoint_url).hostname)
+    return IPV6_ADDRZ_RE.match(hostname) is not None
 
 
 def is_valid_endpoint_url(endpoint_url):
@@ -1571,10 +1675,13 @@ class S3EndpointSetter(object):
     _DEFAULT_DNS_SUFFIX = 'amazonaws.com'
 
     def __init__(self, endpoint_resolver, region=None,
-                 s3_config=None, endpoint_url=None, partition=None):
+                 s3_config=None, endpoint_url=None, partition=None,
+                 use_fips_endpoint=False):
+        # This is calling the endpoint_resolver in regions.py
         self._endpoint_resolver = endpoint_resolver
         self._region = region
         self._s3_config = s3_config
+        self._use_fips_endpoint = use_fips_endpoint
         if s3_config is None:
             self._s3_config = {}
         self._endpoint_url = endpoint_url
@@ -1602,10 +1709,12 @@ class S3EndpointSetter(object):
             return
 
         resolver = self._endpoint_resolver
+        # Constructing endpoints as s3-object-lambda as region
         resolved = resolver.construct_endpoint('s3-object-lambda', self._region)
 
         # Ideally we would be able to replace the endpoint before
         # serialization but there's no event to do that currently
+        # host_prefix is all the arn/bucket specs
         new_endpoint = 'https://{host_prefix}{hostname}'.format(
             host_prefix=params['host_prefix'],
             hostname=resolved['hostname'],
@@ -1625,6 +1734,14 @@ class S3EndpointSetter(object):
             self._switch_to_accesspoint_endpoint(request, region_name)
             return
         if self._use_accelerate_endpoint:
+            if self._use_fips_endpoint:
+                raise UnsupportedS3ConfigurationError(
+                    msg=(
+                        'Client is configured to use the FIPS psuedo region '
+                        'for "%s", but S3 Accelerate does not have any FIPS '
+                        'compatible endpoints.' % (self._region)
+                    )
+                )
             switch_host_s3_accelerate(request=request, **kwargs)
         if self._s3_addressing_handler:
             self._s3_addressing_handler(request=request, **kwargs)
@@ -1633,8 +1750,14 @@ class S3EndpointSetter(object):
         return 's3_accesspoint' in request.context
 
     def _validate_fips_supported(self, request):
-        if 'fips' not in self._region:
+        if not self._use_fips_endpoint:
             return
+        if 'fips' in request.context['s3_accesspoint']['region']:
+            raise UnsupportedS3AccesspointConfigurationError(
+                msg={
+                    'Invalid ARN, FIPS region not allowed in ARN.'
+                }
+            )
         if 'outpost_name' in request.context['s3_accesspoint']:
             raise UnsupportedS3AccesspointConfigurationError(
                 msg=(
@@ -1643,28 +1766,20 @@ class S3EndpointSetter(object):
                         self._region)
                 )
             )
-        client_region = self._region.replace('fips-', '').replace('-fips', '')
+        # Transforming psuedo region to actual region
         accesspoint_region = request.context['s3_accesspoint']['region']
-        if accesspoint_region != client_region:
-            if self._s3_config.get('use_arn_region', True):
+        if accesspoint_region != self._region:
+            if not self._s3_config.get('use_arn_region', True):
+                # TODO: Update message to reflect use_arn_region
+                # is not set
                 raise UnsupportedS3AccesspointConfigurationError(
                     msg=(
                         'Client is configured to use the FIPS psuedo-region '
-                        '"%s", but the access-point ARN provided is for the '
-                        '"%s" region. The use_arn_region configuration does '
-                        'not allow for cross-region calls when a FIPS '
-                        'pseudo-region is configured.' % (
-                            self._region, accesspoint_region)
-                    )
-                )
-            else:
-                raise UnsupportedS3AccesspointConfigurationError(
-                    msg=(
-                        'Client is configured to use the FIPS psuedo-region '
-                        '"%s", but the access-point ARN provided is for the '
-                        '"%s" region. For clients using a FIPS psuedo-region '
-                        'calls to access-point ARNs in another region are not '
-                        'allowed.' % (self._region, accesspoint_region)
+                        'for "%s", but the access-point ARN provided is for '
+                        'the "%s" region. For clients using a FIPS '
+                        'psuedo-region calls to access-point ARNs in another '
+                        'region are not allowed.' % (self._region,
+                                                     accesspoint_region)
                     )
                 )
 
@@ -1836,7 +1951,7 @@ class S3EndpointSetter(object):
         return '.'.join(accesspoint_netloc_components)
 
     def _inject_fips_if_needed(self, component, request_context):
-        if 'fips' in request_context.get('client_region', ''):
+        if self._use_fips_endpoint:
             return '%s-fips' % component
         return component
 
@@ -1959,10 +2074,12 @@ class S3ControlEndpointSetter(object):
     _HOST_LABEL_REGEX = re.compile(r'^[a-zA-Z0-9\-]{1,63}$')
 
     def __init__(self, endpoint_resolver, region=None,
-                 s3_config=None, endpoint_url=None, partition=None):
+                 s3_config=None, endpoint_url=None, partition=None,
+                 use_fips_endpoint=False):
         self._endpoint_resolver = endpoint_resolver
         self._region = region
         self._s3_config = s3_config
+        self._use_fips_endpoint = use_fips_endpoint
         if s3_config is None:
             self._s3_config = {}
         self._endpoint_url = endpoint_url
@@ -1993,6 +2110,13 @@ class S3ControlEndpointSetter(object):
         return 'outpost_id' in request.context
 
     def _validate_endpoint_from_arn_details_supported(self, request):
+        if 'fips' in request.context['arn_details']['region']:
+            raise UnsupportedS3ControlArnError(
+                arn=request.context['arn_details']['original'],
+                msg={
+                    'Invalid ARN, FIPS region not allowed in ARN.'
+                }
+            )
         if not self._s3_config.get('use_arn_region', False):
             arn_region = request.context['arn_details']['region']
             if arn_region != self._region:
@@ -2100,11 +2224,16 @@ class S3ControlEndpointSetter(object):
                 region_name,
                 self._get_dns_suffix(region_name),
             ]
+            self._add_fips(netloc)
         return self._construct_netloc(netloc)
 
     def _construct_netloc(self, netloc):
         return '.'.join(netloc)
 
+    def _add_fips(self, netloc):
+        if self._use_fips_endpoint:
+            netloc[0] = netloc[0] + '-fips'
+
     def _add_dualstack(self, netloc):
         if self._s3_config.get('use_dualstack_endpoint'):
             netloc.append('dualstack')
diff --git a/contrib/python/botocore/py3/patches/01-unvendor-six.patch b/contrib/python/botocore/py3/patches/01-unvendor-six.patch
index 2e5587ddb13..ee061c61848 100644
--- a/contrib/python/botocore/py3/patches/01-unvendor-six.patch
+++ b/contrib/python/botocore/py3/patches/01-unvendor-six.patch
@@ -20,9 +20,9 @@
          pass
 --- contrib/python/botocore/py3/botocore/endpoint.py	(index)
 +++ contrib/python/botocore/py3/botocore/endpoint.py	(working tree)
-@@ -17,7 +17,7 @@ import logging
- import time
+@@ -19,7 +19,7 @@ import logging
  import threading
+ import uuid
  
 -from botocore.vendored import six
 +from botocore.compat import six
@@ -31,7 +31,7 @@
  from botocore.exceptions import HTTPClientError
 --- contrib/python/botocore/py3/botocore/httpsession.py	(index)
 +++ contrib/python/botocore/py3/botocore/httpsession.py	(working tree)
-@@ -21,7 +21,7 @@ except ImportError:
+@@ -30,7 +30,7 @@ except ImportError:
      from urllib3.util.ssl_ import SSLContext
  
  import botocore.awsrequest
diff --git a/contrib/python/botocore/py3/patches/02-fix-for-arcadia.patch b/contrib/python/botocore/py3/patches/02-fix-for-arcadia.patch
index 9e18d558566..aeb1912f760 100644
--- a/contrib/python/botocore/py3/patches/02-fix-for-arcadia.patch
+++ b/contrib/python/botocore/py3/patches/02-fix-for-arcadia.patch
@@ -1,6 +1,6 @@
 --- contrib/python/botocore/py3/botocore/data/endpoints.json	(index)
 +++ contrib/python/botocore/py3/botocore/data/endpoints.json	(working tree)
-@@ -17216,6 +17216,46 @@
+@@ -18009,6 +18009,46 @@
          }
        }
      }
@@ -61,7 +61,7 @@
  # Used to specify anonymous (unsigned) request signature
 --- contrib/python/botocore/py3/botocore/configprovider.py	(index)
 +++ contrib/python/botocore/py3/botocore/configprovider.py	(working tree)
-@@ -49,7 +49,7 @@ logger = logging.getLogger(__name__)
+@@ -50,7 +50,7 @@ logger = logging.getLogger(__name__)
  BOTOCORE_DEFAUT_SESSION_VARIABLES = {
      # logical:  config_file, env_var,        default_value, conversion_func
      'profile': (None, ['AWS_DEFAULT_PROFILE', 'AWS_PROFILE'], None, None),
diff --git a/contrib/python/botocore/py3/patches/03-extended-listings.patch b/contrib/python/botocore/py3/patches/03-extended-listings.patch
index 460c56cdd4d..be84207f225 100644
--- a/contrib/python/botocore/py3/patches/03-extended-listings.patch
+++ b/contrib/python/botocore/py3/patches/03-extended-listings.patch
@@ -26,7 +26,7 @@ date: 2021-10-27T00:34:16+03:00
      "ListParts":{
        "name":"ListParts",
        "http":{
-@@ -5991,6 +6004,59 @@
+@@ -6028,6 +6041,59 @@
          }
        }
      },
@@ -86,7 +86,7 @@ date: 2021-10-27T00:34:16+03:00
      "ListPartsOutput":{
        "type":"structure",
        "members":{
-@@ -6159,6 +6225,12 @@
+@@ -6196,6 +6262,12 @@
        "key":{"shape":"MetadataKey"},
        "value":{"shape":"MetadataValue"}
      },
@@ -99,7 +99,7 @@ date: 2021-10-27T00:34:16+03:00
      "MetadataDirective":{
        "type":"string",
        "enum":[
-@@ -6443,6 +6515,40 @@
+@@ -6492,6 +6564,40 @@
        },
        "documentation":"<p>An object consists of data and its descriptive metadata.</p>"
      },
@@ -140,7 +140,7 @@ date: 2021-10-27T00:34:16+03:00
      "ObjectAlreadyInActiveTierError":{
        "type":"structure",
        "members":{
-@@ -6491,6 +6597,11 @@
+@@ -6540,6 +6646,11 @@
        "member":{"shape":"Object"},
        "flattened":true
      },
@@ -154,7 +154,7 @@ date: 2021-10-27T00:34:16+03:00
        "members":{
 --- contrib/python/botocore/py3/botocore/handlers.py	(73e85ed9c4be248886f10db6b7d83f27d446916c)
 +++ contrib/python/botocore/py3/botocore/handlers.py	(cc02b99f18408f40978b56abfd8e5e9b2c2492d7)
-@@ -746,6 +746,27 @@ def decode_list_object_v2(parsed, context, **kwargs):
+@@ -756,6 +756,27 @@ def decode_list_object_v2(parsed, context, **kwargs):
      )
  
  
@@ -182,7 +182,7 @@ date: 2021-10-27T00:34:16+03:00
  def decode_list_object_versions(parsed, context, **kwargs):
      # From the documentation: If you specify encoding-type request parameter,
      # Amazon S3 includes this element in the response, and returns encoded key
-@@ -1025,6 +1046,7 @@ BUILTIN_HANDLERS = [
+@@ -1052,6 +1073,7 @@ BUILTIN_HANDLERS = [
      ('before-parameter-build.glacier', inject_account_id),
      ('after-call.s3.ListObjects', decode_list_object),
      ('after-call.s3.ListObjectsV2', decode_list_object_v2),
diff --git a/contrib/python/botocore/py3/patches/04-fix-yamake.patch b/contrib/python/botocore/py3/patches/04-fix-ya.make.patch
index c1d3603e40f..f521b97e294 100644
--- a/contrib/python/botocore/py3/patches/04-fix-yamake.patch
+++ b/contrib/python/botocore/py3/patches/04-fix-ya.make.patch
@@ -1,6 +1,12 @@
 --- contrib/python/botocore/py3/ya.make	(index)
 +++ contrib/python/botocore/py3/ya.make	(working tree)
-@@ -99,295 +97,295 @@ RESOURCE_FILES(
+@@ -1,5 +1,3 @@
+-# Generated by devtools/yamaker (pypi).
+-
+ PY3_LIBRARY()
+ 
+ OWNER(g:python-contrib)
+@@ -99,303 +97,303 @@ RESOURCE_FILES(
      .dist-info/top_level.txt
      botocore/cacert.pem
      botocore/data/_retry.json
@@ -26,6 +32,8 @@
 -    botocore/data/amplify/2017-07-25/service-2.json
 -    botocore/data/amplifybackend/2020-08-11/paginators-1.json
 -    botocore/data/amplifybackend/2020-08-11/service-2.json
+-    botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json
+-    botocore/data/amplifyuibuilder/2021-08-11/service-2.json
 -    botocore/data/apigateway/2015-07-09/examples-1.json
 -    botocore/data/apigateway/2015-07-09/paginators-1.json
 -    botocore/data/apigateway/2015-07-09/service-2.json
@@ -35,6 +43,8 @@
 -    botocore/data/apigatewayv2/2018-11-29/service-2.json
 -    botocore/data/appconfig/2019-10-09/paginators-1.json
 -    botocore/data/appconfig/2019-10-09/service-2.json
+-    botocore/data/appconfigdata/2021-11-11/paginators-1.json
+-    botocore/data/appconfigdata/2021-11-11/service-2.json
 -    botocore/data/appflow/2020-08-23/paginators-1.json
 -    botocore/data/appflow/2020-08-23/service-2.json
 -    botocore/data/appintegrations/2020-07-29/paginators-1.json
@@ -70,6 +80,8 @@
 -    botocore/data/autoscaling/2011-01-01/examples-1.json
 -    botocore/data/autoscaling/2011-01-01/paginators-1.json
 -    botocore/data/autoscaling/2011-01-01/service-2.json
+-    botocore/data/backup-gateway/2021-01-01/paginators-1.json
+-    botocore/data/backup-gateway/2021-01-01/service-2.json
 -    botocore/data/backup/2018-11-15/paginators-1.json
 -    botocore/data/backup/2018-11-15/service-2.json
 -    botocore/data/batch/2016-08-10/examples-1.json
@@ -281,6 +293,8 @@
 -    botocore/data/docdb/2014-10-31/service-2.json
 -    botocore/data/docdb/2014-10-31/service-2.sdk-extras.json
 -    botocore/data/docdb/2014-10-31/waiters-2.json
+-    botocore/data/drs/2020-02-26/paginators-1.json
+-    botocore/data/drs/2020-02-26/service-2.json
 -    botocore/data/ds/2015-04-16/examples-1.json
 -    botocore/data/ds/2015-04-16/paginators-1.json
 -    botocore/data/ds/2015-04-16/service-2.json
@@ -315,6 +329,8 @@
 +    #botocore/data/amplify/2017-07-25/service-2.json
 +    #botocore/data/amplifybackend/2020-08-11/paginators-1.json
 +    #botocore/data/amplifybackend/2020-08-11/service-2.json
++    #botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json
++    #botocore/data/amplifyuibuilder/2021-08-11/service-2.json
 +    #botocore/data/apigateway/2015-07-09/examples-1.json
 +    #botocore/data/apigateway/2015-07-09/paginators-1.json
 +    #botocore/data/apigateway/2015-07-09/service-2.json
@@ -324,6 +340,8 @@
 +    #botocore/data/apigatewayv2/2018-11-29/service-2.json
 +    #botocore/data/appconfig/2019-10-09/paginators-1.json
 +    #botocore/data/appconfig/2019-10-09/service-2.json
++    #botocore/data/appconfigdata/2021-11-11/paginators-1.json
++    #botocore/data/appconfigdata/2021-11-11/service-2.json
 +    #botocore/data/appflow/2020-08-23/paginators-1.json
 +    #botocore/data/appflow/2020-08-23/service-2.json
 +    #botocore/data/appintegrations/2020-07-29/paginators-1.json
@@ -359,6 +377,8 @@
 +    #botocore/data/autoscaling/2011-01-01/examples-1.json
 +    #botocore/data/autoscaling/2011-01-01/paginators-1.json
 +    #botocore/data/autoscaling/2011-01-01/service-2.json
++    #botocore/data/backup-gateway/2021-01-01/paginators-1.json
++    #botocore/data/backup-gateway/2021-01-01/service-2.json
 +    #botocore/data/backup/2018-11-15/paginators-1.json
 +    #botocore/data/backup/2018-11-15/service-2.json
 +    #botocore/data/batch/2016-08-10/examples-1.json
@@ -570,6 +590,8 @@
 +    #botocore/data/docdb/2014-10-31/service-2.json
 +    #botocore/data/docdb/2014-10-31/service-2.sdk-extras.json
 +    #botocore/data/docdb/2014-10-31/waiters-2.json
++    #botocore/data/drs/2020-02-26/paginators-1.json
++    #botocore/data/drs/2020-02-26/service-2.json
 +    #botocore/data/ds/2015-04-16/examples-1.json
 +    #botocore/data/ds/2015-04-16/paginators-1.json
 +    #botocore/data/ds/2015-04-16/service-2.json
@@ -585,7 +607,7 @@
      botocore/data/ec2-instance-connect/2018-04-02/paginators-1.json
      botocore/data/ec2-instance-connect/2018-04-02/service-2.json
      botocore/data/ec2/2014-09-01/paginators-1.json
-@@ -416,383 +414,383 @@ RESOURCE_FILES(
+@@ -424,401 +422,401 @@ RESOURCE_FILES(
      botocore/data/ec2/2016-11-15/paginators-1.json
      botocore/data/ec2/2016-11-15/service-2.json
      botocore/data/ec2/2016-11-15/waiters-2.json
@@ -695,6 +717,8 @@
 -    botocore/data/events/2015-10-07/examples-1.json
 -    botocore/data/events/2015-10-07/paginators-1.json
 -    botocore/data/events/2015-10-07/service-2.json
+-    botocore/data/evidently/2021-02-01/paginators-1.json
+-    botocore/data/evidently/2021-02-01/service-2.json
 -    botocore/data/finspace-data/2020-07-13/paginators-1.json
 -    botocore/data/finspace-data/2020-07-13/service-2.json
 -    botocore/data/finspace/2021-03-12/paginators-1.json
@@ -759,6 +783,9 @@
 -    botocore/data/inspector/2016-02-16/examples-1.json
 -    botocore/data/inspector/2016-02-16/paginators-1.json
 -    botocore/data/inspector/2016-02-16/service-2.json
+-    botocore/data/inspector2/2020-06-08/paginators-1.json
+-    botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json
+-    botocore/data/inspector2/2020-06-08/service-2.json
 -    botocore/data/iot-data/2015-05-28/paginators-1.json
 -    botocore/data/iot-data/2015-05-28/service-2.json
 -    botocore/data/iot-jobs-data/2017-09-29/examples-1.json
@@ -790,6 +817,9 @@
 -    botocore/data/iotsitewise/2019-12-02/waiters-2.json
 -    botocore/data/iotthingsgraph/2018-09-06/paginators-1.json
 -    botocore/data/iotthingsgraph/2018-09-06/service-2.json
+-    botocore/data/iottwinmaker/2021-11-29/paginators-1.json
+-    botocore/data/iottwinmaker/2021-11-29/service-2.json
+-    botocore/data/iottwinmaker/2021-11-29/waiters-2.json
 -    botocore/data/iotwireless/2020-11-22/paginators-1.json
 -    botocore/data/iotwireless/2020-11-22/service-2.json
 -    botocore/data/ivs/2020-07-14/paginators-1.json
@@ -815,6 +845,8 @@
 +    #botocore/data/events/2015-10-07/examples-1.json
 +    #botocore/data/events/2015-10-07/paginators-1.json
 +    #botocore/data/events/2015-10-07/service-2.json
++    #botocore/data/evidently/2021-02-01/paginators-1.json
++    #botocore/data/evidently/2021-02-01/service-2.json
 +    #botocore/data/finspace-data/2020-07-13/paginators-1.json
 +    #botocore/data/finspace-data/2020-07-13/service-2.json
 +    #botocore/data/finspace/2021-03-12/paginators-1.json
@@ -879,6 +911,9 @@
 +    #botocore/data/inspector/2016-02-16/examples-1.json
 +    #botocore/data/inspector/2016-02-16/paginators-1.json
 +    #botocore/data/inspector/2016-02-16/service-2.json
++    #botocore/data/inspector2/2020-06-08/paginators-1.json
++    #botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json
++    #botocore/data/inspector2/2020-06-08/service-2.json
 +    #botocore/data/iot-data/2015-05-28/paginators-1.json
 +    #botocore/data/iot-data/2015-05-28/service-2.json
 +    #botocore/data/iot-jobs-data/2017-09-29/examples-1.json
@@ -910,6 +945,9 @@
 +    #botocore/data/iotsitewise/2019-12-02/waiters-2.json
 +    #botocore/data/iotthingsgraph/2018-09-06/paginators-1.json
 +    #botocore/data/iotthingsgraph/2018-09-06/service-2.json
++    #botocore/data/iottwinmaker/2021-11-29/paginators-1.json
++    #botocore/data/iottwinmaker/2021-11-29/service-2.json
++    #botocore/data/iottwinmaker/2021-11-29/waiters-2.json
 +    #botocore/data/iotwireless/2020-11-22/paginators-1.json
 +    #botocore/data/iotwireless/2020-11-22/service-2.json
 +    #botocore/data/ivs/2020-07-14/paginators-1.json
@@ -944,6 +982,7 @@
 -    botocore/data/kms/2014-11-01/paginators-1.json
 -    botocore/data/kms/2014-11-01/service-2.json
 -    botocore/data/lakeformation/2017-03-31/paginators-1.json
+-    botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json
 -    botocore/data/lakeformation/2017-03-31/service-2.json
 -    botocore/data/lambda/2014-11-11/service-2.json
 -    botocore/data/lambda/2015-03-31/examples-1.json
@@ -1026,8 +1065,13 @@
 -    botocore/data/mgh/2017-05-31/service-2.json
 -    botocore/data/mgn/2020-02-26/paginators-1.json
 -    botocore/data/mgn/2020-02-26/service-2.json
+-    botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json
+-    botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json
 -    botocore/data/migrationhub-config/2019-06-30/paginators-1.json
 -    botocore/data/migrationhub-config/2019-06-30/service-2.json
+-    botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json
+-    botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json
+-    botocore/data/migrationhubstrategy/2020-02-19/service-2.json
 -    botocore/data/mobile/2017-07-01/examples-1.json
 -    botocore/data/mobile/2017-07-01/paginators-1.json
 -    botocore/data/mobile/2017-07-01/service-2.json
@@ -1093,6 +1137,7 @@
 +    #botocore/data/kms/2014-11-01/paginators-1.json
 +    #botocore/data/kms/2014-11-01/service-2.json
 +    #botocore/data/lakeformation/2017-03-31/paginators-1.json
++    #botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json
 +    #botocore/data/lakeformation/2017-03-31/service-2.json
 +    #botocore/data/lambda/2014-11-11/service-2.json
 +    #botocore/data/lambda/2015-03-31/examples-1.json
@@ -1175,8 +1220,13 @@
 +    #botocore/data/mgh/2017-05-31/service-2.json
 +    #botocore/data/mgn/2020-02-26/paginators-1.json
 +    #botocore/data/mgn/2020-02-26/service-2.json
++    #botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json
++    #botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json
 +    #botocore/data/migrationhub-config/2019-06-30/paginators-1.json
 +    #botocore/data/migrationhub-config/2019-06-30/service-2.json
++    #botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json
++    #botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json
++    #botocore/data/migrationhubstrategy/2020-02-19/service-2.json
 +    #botocore/data/mobile/2017-07-01/examples-1.json
 +    #botocore/data/mobile/2017-07-01/paginators-1.json
 +    #botocore/data/mobile/2017-07-01/service-2.json
@@ -1248,6 +1298,8 @@
 -    botocore/data/quicksight/2018-04-01/service-2.json
 -    botocore/data/ram/2018-01-04/paginators-1.json
 -    botocore/data/ram/2018-01-04/service-2.json
+-    botocore/data/rbin/2021-06-15/paginators-1.json
+-    botocore/data/rbin/2021-06-15/service-2.json
 -    botocore/data/rds-data/2018-08-01/paginators-1.json
 -    botocore/data/rds-data/2018-08-01/service-2.json
 -    botocore/data/rds/2014-09-01/paginators-1.json
@@ -1269,6 +1321,8 @@
 -    botocore/data/rekognition/2016-06-27/paginators-1.json
 -    botocore/data/rekognition/2016-06-27/service-2.json
 -    botocore/data/rekognition/2016-06-27/waiters-2.json
+-    botocore/data/resiliencehub/2020-04-30/paginators-1.json
+-    botocore/data/resiliencehub/2020-04-30/service-2.json
 -    botocore/data/resource-groups/2017-11-27/examples-1.json
 -    botocore/data/resource-groups/2017-11-27/paginators-1.json
 -    botocore/data/resource-groups/2017-11-27/service-2.json
@@ -1299,6 +1353,8 @@
 +    #botocore/data/quicksight/2018-04-01/service-2.json
 +    #botocore/data/ram/2018-01-04/paginators-1.json
 +    #botocore/data/ram/2018-01-04/service-2.json
++    #botocore/data/rbin/2021-06-15/paginators-1.json
++    #botocore/data/rbin/2021-06-15/service-2.json
 +    #botocore/data/rds-data/2018-08-01/paginators-1.json
 +    #botocore/data/rds-data/2018-08-01/service-2.json
 +    #botocore/data/rds/2014-09-01/paginators-1.json
@@ -1320,6 +1376,8 @@
 +    #botocore/data/rekognition/2016-06-27/paginators-1.json
 +    #botocore/data/rekognition/2016-06-27/service-2.json
 +    #botocore/data/rekognition/2016-06-27/waiters-2.json
++    #botocore/data/resiliencehub/2020-04-30/paginators-1.json
++    #botocore/data/resiliencehub/2020-04-30/service-2.json
 +    #botocore/data/resource-groups/2017-11-27/examples-1.json
 +    #botocore/data/resource-groups/2017-11-27/paginators-1.json
 +    #botocore/data/resource-groups/2017-11-27/service-2.json
@@ -1338,7 +1396,15 @@
      botocore/data/route53/2013-04-01/examples-1.json
      botocore/data/route53/2013-04-01/paginators-1.json
      botocore/data/route53/2013-04-01/service-2.json
-@@ -807,152 +805,152 @@ RESOURCE_FILES(
+@@ -829,161 +827,161 @@ RESOURCE_FILES(
+     botocore/data/route53resolver/2018-04-01/paginators-1.json
+     botocore/data/route53resolver/2018-04-01/paginators-1.sdk-extras.json
+     botocore/data/route53resolver/2018-04-01/service-2.json
+-    botocore/data/rum/2018-05-10/paginators-1.json
+-    botocore/data/rum/2018-05-10/service-2.json
++    #botocore/data/rum/2018-05-10/paginators-1.json
++    #botocore/data/rum/2018-05-10/service-2.json
+     botocore/data/s3/2006-03-01/examples-1.json
      botocore/data/s3/2006-03-01/paginators-1.json
      botocore/data/s3/2006-03-01/service-2.json
      botocore/data/s3/2006-03-01/waiters-2.json
@@ -1366,6 +1432,7 @@
 -    botocore/data/schemas/2019-12-02/waiters-2.json
 -    botocore/data/sdb/2009-04-15/paginators-1.json
 -    botocore/data/sdb/2009-04-15/service-2.json
+-    botocore/data/sdk-default-configuration.json
 +    #botocore/data/s3control/2018-08-20/paginators-1.json
 +    #botocore/data/s3control/2018-08-20/service-2.json
 +    #botocore/data/s3outposts/2017-07-25/paginators-1.json
@@ -1390,6 +1457,7 @@
 +    #botocore/data/schemas/2019-12-02/waiters-2.json
 +    #botocore/data/sdb/2009-04-15/paginators-1.json
 +    #botocore/data/sdb/2009-04-15/service-2.json
++    #botocore/data/sdk-default-configuration.json
      botocore/data/secretsmanager/2017-10-17/examples-1.json
      botocore/data/secretsmanager/2017-10-17/paginators-1.json
      botocore/data/secretsmanager/2017-10-17/service-2.json
@@ -1585,6 +1653,8 @@
 -    botocore/data/workmail/2017-10-01/service-2.json
 -    botocore/data/workmailmessageflow/2019-05-01/paginators-1.json
 -    botocore/data/workmailmessageflow/2019-05-01/service-2.json
+-    botocore/data/workspaces-web/2020-07-08/paginators-1.json
+-    botocore/data/workspaces-web/2020-07-08/service-2.json
 -    botocore/data/workspaces/2015-04-08/examples-1.json
 -    botocore/data/workspaces/2015-04-08/paginators-1.json
 -    botocore/data/workspaces/2015-04-08/service-2.json
@@ -1615,6 +1685,8 @@
 +    #botocore/data/workmail/2017-10-01/service-2.json
 +    #botocore/data/workmailmessageflow/2019-05-01/paginators-1.json
 +    #botocore/data/workmailmessageflow/2019-05-01/service-2.json
++    #botocore/data/workspaces-web/2020-07-08/paginators-1.json
++    #botocore/data/workspaces-web/2020-07-08/service-2.json
 +    #botocore/data/workspaces/2015-04-08/examples-1.json
 +    #botocore/data/workspaces/2015-04-08/paginators-1.json
 +    #botocore/data/workspaces/2015-04-08/service-2.json
diff --git a/contrib/python/botocore/py3/ya.make b/contrib/python/botocore/py3/ya.make
index e0a23451fa6..6bd15119ca8 100644
--- a/contrib/python/botocore/py3/ya.make
+++ b/contrib/python/botocore/py3/ya.make
@@ -2,7 +2,7 @@ PY3_LIBRARY()
 
 OWNER(g:python-contrib)
 
-VERSION(1.22.12)
+VERSION(1.23.54)
 
 LICENSE(Apache-2.0)
 
@@ -119,6 +119,8 @@ RESOURCE_FILES(
     #botocore/data/amplify/2017-07-25/service-2.json
     #botocore/data/amplifybackend/2020-08-11/paginators-1.json
     #botocore/data/amplifybackend/2020-08-11/service-2.json
+    #botocore/data/amplifyuibuilder/2021-08-11/paginators-1.json
+    #botocore/data/amplifyuibuilder/2021-08-11/service-2.json
     #botocore/data/apigateway/2015-07-09/examples-1.json
     #botocore/data/apigateway/2015-07-09/paginators-1.json
     #botocore/data/apigateway/2015-07-09/service-2.json
@@ -128,6 +130,8 @@ RESOURCE_FILES(
     #botocore/data/apigatewayv2/2018-11-29/service-2.json
     #botocore/data/appconfig/2019-10-09/paginators-1.json
     #botocore/data/appconfig/2019-10-09/service-2.json
+    #botocore/data/appconfigdata/2021-11-11/paginators-1.json
+    #botocore/data/appconfigdata/2021-11-11/service-2.json
     #botocore/data/appflow/2020-08-23/paginators-1.json
     #botocore/data/appflow/2020-08-23/service-2.json
     #botocore/data/appintegrations/2020-07-29/paginators-1.json
@@ -163,6 +167,8 @@ RESOURCE_FILES(
     #botocore/data/autoscaling/2011-01-01/examples-1.json
     #botocore/data/autoscaling/2011-01-01/paginators-1.json
     #botocore/data/autoscaling/2011-01-01/service-2.json
+    #botocore/data/backup-gateway/2021-01-01/paginators-1.json
+    #botocore/data/backup-gateway/2021-01-01/service-2.json
     #botocore/data/backup/2018-11-15/paginators-1.json
     #botocore/data/backup/2018-11-15/service-2.json
     #botocore/data/batch/2016-08-10/examples-1.json
@@ -374,6 +380,8 @@ RESOURCE_FILES(
     #botocore/data/docdb/2014-10-31/service-2.json
     #botocore/data/docdb/2014-10-31/service-2.sdk-extras.json
     #botocore/data/docdb/2014-10-31/waiters-2.json
+    #botocore/data/drs/2020-02-26/paginators-1.json
+    #botocore/data/drs/2020-02-26/service-2.json
     #botocore/data/ds/2015-04-16/examples-1.json
     #botocore/data/ds/2015-04-16/paginators-1.json
     #botocore/data/ds/2015-04-16/service-2.json
@@ -471,6 +479,8 @@ RESOURCE_FILES(
     #botocore/data/events/2015-10-07/examples-1.json
     #botocore/data/events/2015-10-07/paginators-1.json
     #botocore/data/events/2015-10-07/service-2.json
+    #botocore/data/evidently/2021-02-01/paginators-1.json
+    #botocore/data/evidently/2021-02-01/service-2.json
     #botocore/data/finspace-data/2020-07-13/paginators-1.json
     #botocore/data/finspace-data/2020-07-13/service-2.json
     #botocore/data/finspace/2021-03-12/paginators-1.json
@@ -535,6 +545,9 @@ RESOURCE_FILES(
     #botocore/data/inspector/2016-02-16/examples-1.json
     #botocore/data/inspector/2016-02-16/paginators-1.json
     #botocore/data/inspector/2016-02-16/service-2.json
+    #botocore/data/inspector2/2020-06-08/paginators-1.json
+    #botocore/data/inspector2/2020-06-08/paginators-1.sdk-extras.json
+    #botocore/data/inspector2/2020-06-08/service-2.json
     #botocore/data/iot-data/2015-05-28/paginators-1.json
     #botocore/data/iot-data/2015-05-28/service-2.json
     #botocore/data/iot-jobs-data/2017-09-29/examples-1.json
@@ -566,6 +579,9 @@ RESOURCE_FILES(
     #botocore/data/iotsitewise/2019-12-02/waiters-2.json
     #botocore/data/iotthingsgraph/2018-09-06/paginators-1.json
     #botocore/data/iotthingsgraph/2018-09-06/service-2.json
+    #botocore/data/iottwinmaker/2021-11-29/paginators-1.json
+    #botocore/data/iottwinmaker/2021-11-29/service-2.json
+    #botocore/data/iottwinmaker/2021-11-29/waiters-2.json
     #botocore/data/iotwireless/2020-11-22/paginators-1.json
     #botocore/data/iotwireless/2020-11-22/service-2.json
     #botocore/data/ivs/2020-07-14/paginators-1.json
@@ -600,6 +616,7 @@ RESOURCE_FILES(
     #botocore/data/kms/2014-11-01/paginators-1.json
     #botocore/data/kms/2014-11-01/service-2.json
     #botocore/data/lakeformation/2017-03-31/paginators-1.json
+    #botocore/data/lakeformation/2017-03-31/paginators-1.sdk-extras.json
     #botocore/data/lakeformation/2017-03-31/service-2.json
     #botocore/data/lambda/2014-11-11/service-2.json
     #botocore/data/lambda/2015-03-31/examples-1.json
@@ -682,8 +699,13 @@ RESOURCE_FILES(
     #botocore/data/mgh/2017-05-31/service-2.json
     #botocore/data/mgn/2020-02-26/paginators-1.json
     #botocore/data/mgn/2020-02-26/service-2.json
+    #botocore/data/migration-hub-refactor-spaces/2021-10-26/paginators-1.json
+    #botocore/data/migration-hub-refactor-spaces/2021-10-26/service-2.json
     #botocore/data/migrationhub-config/2019-06-30/paginators-1.json
     #botocore/data/migrationhub-config/2019-06-30/service-2.json
+    #botocore/data/migrationhubstrategy/2020-02-19/paginators-1.json
+    #botocore/data/migrationhubstrategy/2020-02-19/paginators-1.sdk-extras.json
+    #botocore/data/migrationhubstrategy/2020-02-19/service-2.json
     #botocore/data/mobile/2017-07-01/examples-1.json
     #botocore/data/mobile/2017-07-01/paginators-1.json
     #botocore/data/mobile/2017-07-01/service-2.json
@@ -755,6 +777,8 @@ RESOURCE_FILES(
     #botocore/data/quicksight/2018-04-01/service-2.json
     #botocore/data/ram/2018-01-04/paginators-1.json
     #botocore/data/ram/2018-01-04/service-2.json
+    #botocore/data/rbin/2021-06-15/paginators-1.json
+    #botocore/data/rbin/2021-06-15/service-2.json
     #botocore/data/rds-data/2018-08-01/paginators-1.json
     #botocore/data/rds-data/2018-08-01/service-2.json
     #botocore/data/rds/2014-09-01/paginators-1.json
@@ -776,6 +800,8 @@ RESOURCE_FILES(
     #botocore/data/rekognition/2016-06-27/paginators-1.json
     #botocore/data/rekognition/2016-06-27/service-2.json
     #botocore/data/rekognition/2016-06-27/waiters-2.json
+    #botocore/data/resiliencehub/2020-04-30/paginators-1.json
+    #botocore/data/resiliencehub/2020-04-30/service-2.json
     #botocore/data/resource-groups/2017-11-27/examples-1.json
     #botocore/data/resource-groups/2017-11-27/paginators-1.json
     #botocore/data/resource-groups/2017-11-27/service-2.json
@@ -801,6 +827,8 @@ RESOURCE_FILES(
     botocore/data/route53resolver/2018-04-01/paginators-1.json
     botocore/data/route53resolver/2018-04-01/paginators-1.sdk-extras.json
     botocore/data/route53resolver/2018-04-01/service-2.json
+    #botocore/data/rum/2018-05-10/paginators-1.json
+    #botocore/data/rum/2018-05-10/service-2.json
     botocore/data/s3/2006-03-01/examples-1.json
     botocore/data/s3/2006-03-01/paginators-1.json
     botocore/data/s3/2006-03-01/service-2.json
@@ -829,6 +857,7 @@ RESOURCE_FILES(
     #botocore/data/schemas/2019-12-02/waiters-2.json
     #botocore/data/sdb/2009-04-15/paginators-1.json
     #botocore/data/sdb/2009-04-15/service-2.json
+    botocore/data/sdk-default-configuration.json
     botocore/data/secretsmanager/2017-10-17/examples-1.json
     botocore/data/secretsmanager/2017-10-17/paginators-1.json
     botocore/data/secretsmanager/2017-10-17/service-2.json
@@ -945,6 +974,8 @@ RESOURCE_FILES(
     #botocore/data/workmail/2017-10-01/service-2.json
     #botocore/data/workmailmessageflow/2019-05-01/paginators-1.json
     #botocore/data/workmailmessageflow/2019-05-01/service-2.json
+    #botocore/data/workspaces-web/2020-07-08/paginators-1.json
+    #botocore/data/workspaces-web/2020-07-08/service-2.json
     #botocore/data/workspaces/2015-04-08/examples-1.json
     #botocore/data/workspaces/2015-04-08/paginators-1.json
     #botocore/data/workspaces/2015-04-08/service-2.json